@open-mercato/ai-assistant 0.6.4-develop.4382.1.6b4f656b77 → 0.6.4

package/src/modules/ai_assistant/__integration__/TC-AI-AGENT-OVERRIDES-005-prompt-mutation-loop.spec.ts

@@ -0,0 +1,176 @@
+import { test, expect, request as playwrightRequest } from '@playwright/test';
+import { apiRequest, getAuthToken } from '@open-mercato/core/helpers/integration/api';
+import { getTokenScope, readJsonSafe } from '@open-mercato/core/helpers/integration/generalFixtures';
+import { deleteAgentOverridesInDb } from './helpers/aiAssistantFixtures';
+
+/**
+ * TC-AI-AGENT-OVERRIDES-005 — Per-agent runtime overrides (prompt / mutation-policy / loop).
+ * Source: GitHub issue #2495.
+ *
+ * Surfaces under test:
+ *   - /api/ai_assistant/ai/agents/{agentId}/prompt-override     (GET, POST)
+ *   - /api/ai_assistant/ai/agents/{agentId}/mutation-policy      (GET, POST, DELETE)
+ *   - /api/ai_assistant/ai/agents/{agentId}/loop-override         (GET, PUT, DELETE)
+ *
+ * Contract notes verified against the route handlers (the issue's guesses were wrong):
+ *   - prompt-override + mutation-policy use POST (NOT PUT); loop-override uses PUT.
+ *   - prompt-override has no DELETE route (versioned) -> swept via SQL in teardown.
+ *   - mutation-policy escalation beyond the agent's declared ceiling -> 400
+ *     `escalation_not_allowed` (NOT `policy_escalation_not_allowed`); an invalid
+ *     policy value -> 400 `validation_error` (NOT `invalid_mutation_policy`).
+ *   - a malformed agentId -> 400 `validation_error`; an unknown one -> 404 `agent_unknown`.
+ *   - writes require `ai_assistant.settings.manage`.
+ *
+ * The agent id is discovered dynamically from GET /ai/agents — never hard-coded.
+ */
+
+const AGENTS = '/api/ai_assistant/ai/agents';
+
+interface AgentSummary {
+  id: string;
+  mutationPolicy: string;
+}
+
+const POLICY_RANK: Record<string, number> = {
+  'read-only': 0,
+  'destructive-confirm-required': 1,
+  'confirm-required': 2,
+};
+
+test.describe('TC-AI-AGENT-OVERRIDES-005: Per-agent runtime overrides', () => {
+  test('prompt + mutation-policy + loop override CRUD, validation, escalation, RBAC', async ({
+    request,
+    baseURL,
+  }) => {
+    test.slow();
+    const adminToken = await getAuthToken(request, 'admin');
+    const { tenantId } = getTokenScope(adminToken);
+
+    const agentsRes = await apiRequest(request, 'GET', AGENTS, { token: adminToken });
+    expect(agentsRes.status()).toBe(200);
+    const agentsBody = await readJsonSafe<{ agents: AgentSummary[] }>(agentsRes);
+    expect(Array.isArray(agentsBody?.agents) && (agentsBody?.agents.length ?? 0) > 0, 'at least one agent is registered').toBe(
+      true,
+    );
+    // Intentionally targets the first registered agent (whichever modules are
+    // enabled). Policy assertions are computed relative to that agent's declared
+    // ceiling (`codeDeclared`) so the test is correct for any agent.
+    const agentId = agentsBody!.agents[0].id;
+
+    const promptOverride = `${AGENTS}/${encodeURIComponent(agentId)}/prompt-override`;
+    const mutationPolicy = `${AGENTS}/${encodeURIComponent(agentId)}/mutation-policy`;
+    const loopOverride = `${AGENTS}/${encodeURIComponent(agentId)}/loop-override`;
+
+    try {
+      // --- prompt-override (GET + POST; reserved-key validation) ---
+      const savePrompt = await apiRequest(request, 'POST', promptOverride, {
+        token: adminToken,
+        data: { sections: { tone: 'Be concise and helpful.' } },
+      });
+      expect(savePrompt.status(), 'POST prompt-override returns 200').toBe(200);
+      const savedPrompt = await readJsonSafe<{ ok: boolean; version: number }>(savePrompt);
+      expect(savedPrompt?.ok).toBe(true);
+      expect(typeof savedPrompt?.version).toBe('number');
+
+      const getPrompt = await apiRequest(request, 'GET', promptOverride, { token: adminToken });
+      expect(getPrompt.status()).toBe(200);
+      const promptBody = await readJsonSafe<{ override: { sections: Record<string, string> } | null }>(getPrompt);
+      expect(promptBody?.override?.sections?.tone).toBe('Be concise and helpful.');
+
+      const reserved = await apiRequest(request, 'POST', promptOverride, {
+        token: adminToken,
+        data: { sections: { mutationPolicy: 'confirm-required' } },
+      });
+      expect(reserved.status()).toBe(400);
+      expect((await readJsonSafe<{ code?: string }>(reserved))?.code).toBe('reserved_key');
+
+      // --- mutation-policy (GET + POST + DELETE; escalation + invalid value) ---
+      const getPolicy = await apiRequest(request, 'GET', mutationPolicy, { token: adminToken });
+      expect(getPolicy.status()).toBe(200);
+      const policyBody = await readJsonSafe<{ codeDeclared: string }>(getPolicy);
+      const codeDeclared = policyBody?.codeDeclared ?? 'read-only';
+
+      // 'read-only' is the most restrictive policy, so saving it is never an escalation.
+      const savePolicy = await apiRequest(request, 'POST', mutationPolicy, {
+        token: adminToken,
+        data: { mutationPolicy: 'read-only' },
+      });
+      expect(savePolicy.status(), 'saving a non-escalating policy returns 200').toBe(200);
+
+      const getPolicyAfter = await apiRequest(request, 'GET', mutationPolicy, { token: adminToken });
+      expect((await readJsonSafe<{ override: { mutationPolicy: string } | null }>(getPolicyAfter))?.override?.mutationPolicy).toBe(
+        'read-only',
+      );
+
+      const invalidPolicy = await apiRequest(request, 'POST', mutationPolicy, {
+        token: adminToken,
+        data: { mutationPolicy: 'not-a-valid-policy' },
+      });
+      expect(invalidPolicy.status()).toBe(400);
+      expect((await readJsonSafe<{ code?: string }>(invalidPolicy))?.code).toBe('validation_error');
+
+      // Escalation (widening the agent's declared ceiling) is rejected. Only
+      // assert when 'confirm-required' is strictly less restrictive than declared.
+      if ((POLICY_RANK[codeDeclared] ?? 0) < POLICY_RANK['confirm-required']) {
+        const escalation = await apiRequest(request, 'POST', mutationPolicy, {
+          token: adminToken,
+          data: { mutationPolicy: 'confirm-required' },
+        });
+        expect(escalation.status()).toBe(400);
+        expect((await readJsonSafe<{ code?: string }>(escalation))?.code).toBe('escalation_not_allowed');
+      }
+
+      const deletePolicy = await apiRequest(request, 'DELETE', mutationPolicy, { token: adminToken });
+      expect(deletePolicy.status()).toBe(200);
+      const getPolicyCleared = await apiRequest(request, 'GET', mutationPolicy, { token: adminToken });
+      expect((await readJsonSafe<{ override: unknown }>(getPolicyCleared))?.override, 'override cleared (null, not 404)').toBeNull();
+
+      // --- loop-override (GET + PUT + DELETE) ---
+      const putLoop = await apiRequest(request, 'PUT', loopOverride, {
+        token: adminToken,
+        data: { loopMaxSteps: 5 },
+      });
+      expect(putLoop.status(), 'PUT loop-override returns 200').toBe(200);
+
+      const getLoop = await apiRequest(request, 'GET', loopOverride, { token: adminToken });
+      expect(getLoop.status()).toBe(200);
+      expect((await readJsonSafe<{ override: { loopMaxSteps: number } | null }>(getLoop))?.override?.loopMaxSteps).toBe(5);
+
+      const deleteLoop = await apiRequest(request, 'DELETE', loopOverride, { token: adminToken });
+      expect(deleteLoop.status()).toBe(200);
+      const getLoopCleared = await apiRequest(request, 'GET', loopOverride, { token: adminToken });
+      expect((await readJsonSafe<{ override: unknown }>(getLoopCleared))?.override).toBeNull();
+
+      // --- agent-id validation ---
+      const malformed = await apiRequest(request, 'GET', `${AGENTS}/BadAgentId/prompt-override`, { token: adminToken });
+      expect(malformed.status()).toBe(400);
+      expect((await readJsonSafe<{ code?: string }>(malformed))?.code).toBe('validation_error');
+
+      const unknown = await apiRequest(request, 'GET', `${AGENTS}/does.not_exist/prompt-override`, { token: adminToken });
+      expect(unknown.status()).toBe(404);
+      expect((await readJsonSafe<{ code?: string }>(unknown))?.code).toBe('agent_unknown');
+
+      // --- RBAC: employee lacks settings.manage; unauthenticated is rejected ---
+      const employeeToken = await getAuthToken(request, 'employee');
+      const denied = await apiRequest(request, 'POST', promptOverride, {
+        token: employeeToken,
+        data: { sections: { tone: 'nope' } },
+      });
+      expect(denied.status(), 'employee lacks settings.manage -> 403').toBe(403);
+
+      const anon = await playwrightRequest.newContext({ baseURL });
+      try {
+        const res = await anon.fetch(promptOverride, {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          data: JSON.stringify({ sections: { tone: 'nope' } }),
+        });
+        expect(res.status(), 'unauthenticated POST is 401').toBe(401);
+      } finally {
+        await anon.dispose();
+      }
+    } finally {
+      await deleteAgentOverridesInDb({ tenantId, agentId }).catch(() => undefined);
+    }
+  });
+});

package/src/modules/ai_assistant/__integration__/TC-AI-CONVERSATIONS-001-create-list-delete.spec.ts

@@ -0,0 +1,222 @@
+import { test, expect, request as playwrightRequest } from '@playwright/test';
+import { randomUUID } from 'node:crypto';
+import { apiRequest, getAuthToken } from '@open-mercato/core/helpers/integration/api';
+import {
+  createRoleFixture,
+  deleteRoleIfExists,
+  createUserFixture,
+  deleteUserIfExists,
+  setUserAclVisibility,
+} from '@open-mercato/core/helpers/integration/authFixtures';
+import {
+  createOrganizationInDb,
+  deleteOrganizationInDb,
+  deleteUserAclInDb,
+} from '@open-mercato/core/helpers/integration/dbFixtures';
+import { getTokenScope, readJsonSafe } from '@open-mercato/core/helpers/integration/generalFixtures';
+import { deleteConversationCascadeInDb } from './helpers/aiAssistantFixtures';
+
+/**
+ * TC-AI-CONVERSATIONS-001 — Conversation CRUD lifecycle (create, list, patch, delete).
+ * Source: GitHub issue #2495.
+ *
+ * Surfaces under test:
+ *   - /api/ai_assistant/ai/conversations            (POST, GET)
+ *   - /api/ai_assistant/ai/conversations/{id}        (PATCH, DELETE)
+ *
+ * Contract notes verified against the route handlers (not the issue's guesses):
+ *   - create body field is `agentId` (required); response is a single serialized
+ *     conversation with `conversationId/agentId/title/status/visibility/isOwner`.
+ *   - re-creating the same `conversationId` is idempotent -> 200 (vs 201 first time).
+ *   - DELETE is a SOFT delete returning 200 `{ ok: true }` (NOT 204).
+ *   - item routes are scoped by tenant+organization+ownership; a caller in a
+ *     different organization sees the row as absent -> 404 `conversation_not_found`
+ *     (NOT 403).
+ */
+
+const CONVERSATIONS = '/api/ai_assistant/ai/conversations';
+
+interface SerializedConversation {
+  conversationId: string;
+  agentId: string;
+  title: string | null;
+  status: string;
+  visibility: string;
+  isOwner: boolean | null;
+  participantCount: number;
+}
+
+test.describe('TC-AI-CONVERSATIONS-001: Conversation CRUD lifecycle + org scoping', () => {
+  test('create (idempotent) -> list -> patch -> soft-delete hides from list', async ({ request }) => {
+    test.slow();
+    const adminToken = await getAuthToken(request, 'admin');
+    const { tenantId } = getTokenScope(adminToken);
+    const agentId = `it_conv.agent_${randomUUID().slice(0, 8)}`;
+    const conversationId = `it-conv-${randomUUID()}`;
+
+    try {
+      const createRes = await apiRequest(request, 'POST', CONVERSATIONS, {
+        token: adminToken,
+        data: { agentId, conversationId, title: 'Original title' },
+      });
+      expect(createRes.status(), 'create returns 201').toBe(201);
+      const created = await readJsonSafe<SerializedConversation>(createRes);
+      expect(created?.conversationId).toBe(conversationId);
+      expect(created?.agentId).toBe(agentId);
+      expect(created?.title).toBe('Original title');
+      expect(created?.status).toBe('open');
+      expect(created?.visibility).toBe('private');
+      // `isOwner` is only enriched on the item GET (which passes callerUserId);
+      // on the create/list responses it is intentionally null.
+      expect(created?.isOwner).toBeNull();
+
+      const recreate = await apiRequest(request, 'POST', CONVERSATIONS, {
+        token: adminToken,
+        data: { agentId, conversationId, title: 'Original title' },
+      });
+      expect(recreate.status(), 're-create with same id is idempotent (200)').toBe(200);
+
+      // Item GET enriches ownership: the creator is the owner.
+      const getItem = await apiRequest(
+        request,
+        'GET',
+        `${CONVERSATIONS}/${encodeURIComponent(conversationId)}`,
+        { token: adminToken },
+      );
+      expect(getItem.status()).toBe(200);
+      const item = await readJsonSafe<{ conversation: SerializedConversation }>(getItem);
+      expect(item?.conversation.conversationId).toBe(conversationId);
+      expect(item?.conversation.isOwner).toBe(true);
+
+      const listRes = await apiRequest(
+        request,
+        'GET',
+        `${CONVERSATIONS}?agent=${encodeURIComponent(agentId)}`,
+        { token: adminToken },
+      );
+      expect(listRes.status()).toBe(200);
+      const list = await readJsonSafe<{ items: SerializedConversation[]; nextCursor: string | null }>(listRes);
+      expect(Array.isArray(list?.items)).toBe(true);
+      expect(list?.items.some((c) => c.conversationId === conversationId)).toBe(true);
+
+      const patchRes = await apiRequest(
+        request,
+        'PATCH',
+        `${CONVERSATIONS}/${encodeURIComponent(conversationId)}`,
+        { token: adminToken, data: { title: 'Renamed title', status: 'closed' } },
+      );
+      expect(patchRes.status()).toBe(200);
+      const patched = await readJsonSafe<SerializedConversation>(patchRes);
+      expect(patched?.title).toBe('Renamed title');
+      expect(patched?.status).toBe('closed');
+
+      const delRes = await apiRequest(
+        request,
+        'DELETE',
+        `${CONVERSATIONS}/${encodeURIComponent(conversationId)}`,
+        { token: adminToken },
+      );
+      expect(delRes.status(), 'delete returns 200 (soft delete)').toBe(200);
+      expect((await readJsonSafe<{ ok: boolean }>(delRes))?.ok).toBe(true);
+
+      const listAfter = await apiRequest(
+        request,
+        'GET',
+        `${CONVERSATIONS}?agent=${encodeURIComponent(agentId)}`,
+        { token: adminToken },
+      );
+      expect(listAfter.status()).toBe(200);
+      const listAfterBody = await readJsonSafe<{ items: SerializedConversation[] }>(listAfter);
+      expect(listAfterBody?.items.some((c) => c.conversationId === conversationId)).toBe(false);
+    } finally {
+      await deleteConversationCascadeInDb({ tenantId, conversationId }).catch(() => undefined);
+    }
+  });
+
+  test('validation + auth gates: missing agentId -> 400, unauthenticated -> 401', async ({ request, baseURL }) => {
+    const adminToken = await getAuthToken(request, 'admin');
+
+    const badCreate = await apiRequest(request, 'POST', CONVERSATIONS, {
+      token: adminToken,
+      data: { title: 'no agent id' },
+    });
+    expect(badCreate.status()).toBe(400);
+    expect((await readJsonSafe<{ code?: string }>(badCreate))?.code).toBe('validation_error');
+
+    const anon = await playwrightRequest.newContext({ baseURL });
+    try {
+      const res = await anon.fetch(CONVERSATIONS, { method: 'GET' });
+      expect(res.status(), 'unauthenticated list is 401').toBe(401);
+    } finally {
+      await anon.dispose();
+    }
+  });
+
+  test('cross-org caller cannot GET/PATCH/DELETE another org conversation (404)', async ({ request }) => {
+    test.slow();
+    const adminToken = await getAuthToken(request, 'admin');
+    const { tenantId } = getTokenScope(adminToken);
+    const stamp = randomUUID().slice(0, 8);
+    const password = 'Secret123!';
+    const agentId = `it_conv.xorg_${stamp}`;
+    const conversationId = `it-conv-xorg-${randomUUID()}`;
+
+    let orgBId: string | null = null;
+    let roleId: string | null = null;
+    let userId: string | null = null;
+    try {
+      orgBId = await createOrganizationInDb({ name: `IT Conv OrgB ${stamp}`, tenantId });
+      roleId = await createRoleFixture(request, adminToken, { name: `IT Conv Role ${stamp}` });
+      userId = await createUserFixture(request, adminToken, {
+        email: `it-conv-${stamp}@example.com`,
+        password,
+        organizationId: orgBId,
+        roles: [roleId],
+      });
+      await setUserAclVisibility(request, adminToken, {
+        userId,
+        features: ['ai_assistant.view', 'ai_assistant.conversations.share'],
+        organizations: [orgBId],
+      });
+      const otherToken = await getAuthToken(request, `it-conv-${stamp}@example.com`, password);
+      expect(getTokenScope(otherToken).organizationId, 'fixture user is homed in org B').toBe(orgBId);
+
+      const createRes = await apiRequest(request, 'POST', CONVERSATIONS, {
+        token: adminToken,
+        data: { agentId, conversationId, title: 'Org A private' },
+      });
+      expect(createRes.status()).toBe(201);
+
+      const getRes = await apiRequest(
+        request,
+        'GET',
+        `${CONVERSATIONS}/${encodeURIComponent(conversationId)}`,
+        { token: otherToken },
+      );
+      expect(getRes.status(), 'cross-org GET is 404 (not 403)').toBe(404);
+      expect((await readJsonSafe<{ code?: string }>(getRes))?.code).toBe('conversation_not_found');
+
+      const patchRes = await apiRequest(
+        request,
+        'PATCH',
+        `${CONVERSATIONS}/${encodeURIComponent(conversationId)}`,
+        { token: otherToken, data: { title: 'hijack' } },
+      );
+      expect(patchRes.status(), 'cross-org PATCH is 404').toBe(404);
+
+      const delRes = await apiRequest(
+        request,
+        'DELETE',
+        `${CONVERSATIONS}/${encodeURIComponent(conversationId)}`,
+        { token: otherToken },
+      );
+      expect(delRes.status(), 'cross-org DELETE is 404').toBe(404);
+    } finally {
+      await deleteConversationCascadeInDb({ tenantId, conversationId }).catch(() => undefined);
+      await deleteUserAclInDb(userId ?? '').catch(() => undefined);
+      await deleteUserIfExists(request, adminToken, userId);
+      await deleteRoleIfExists(request, adminToken, roleId);
+      await deleteOrganizationInDb(orgBId).catch(() => undefined);
+    }
+  });
+});

package/src/modules/ai_assistant/__integration__/TC-AI-PARTICIPANTS-002-add-remove-participants.spec.ts

@@ -0,0 +1,184 @@
+import { test, expect } from '@playwright/test';
+import { randomUUID } from 'node:crypto';
+import { apiRequest, getAuthToken } from '@open-mercato/core/helpers/integration/api';
+import {
+  createRoleFixture,
+  deleteRoleIfExists,
+  createUserFixture,
+  deleteUserIfExists,
+  setUserAclVisibility,
+} from '@open-mercato/core/helpers/integration/authFixtures';
+import {
+  createOrganizationInDb,
+  deleteOrganizationInDb,
+  deleteUserAclInDb,
+} from '@open-mercato/core/helpers/integration/dbFixtures';
+import { getTokenScope, readJsonSafe } from '@open-mercato/core/helpers/integration/generalFixtures';
+import { deleteConversationCascadeInDb } from './helpers/aiAssistantFixtures';
+
+/**
+ * TC-AI-PARTICIPANTS-002 — Conversation participants (add / list / remove).
+ * Source: GitHub issue #2495.
+ *
+ * Surfaces under test:
+ *   - /api/ai_assistant/ai/conversations/{id}/participants            (POST, GET)
+ *   - /api/ai_assistant/ai/conversations/{id}/participants/{userId}    (DELETE)
+ *
+ * Contract notes verified against the route handlers:
+ *   - add requires `ai_assistant.conversations.share`; only the owner may add.
+ *   - the only wire role is `viewer` (the owner row is implicit).
+ *   - add returns 201 `{ participant: { userId, role, lastReadAt, addedAt } }`.
+ *   - removing a participant returns 204; removing the OWNER is 403; a missing
+ *     participant is 404 `participant_not_found`.
+ *   - self-add is 400 `self_share_not_allowed`; a duplicate is 409
+ *     `duplicate_participant`; a target in another org is 400 `user_not_found`.
+ */
+
+const CONVERSATIONS = '/api/ai_assistant/ai/conversations';
+
+interface ParticipantRow {
+  userId: string;
+  role: string;
+  lastReadAt: string | null;
+  addedAt: string;
+}
+
+test.describe('TC-AI-PARTICIPANTS-002: Conversation participants', () => {
+  test('add -> list -> remove lifecycle plus owner/duplicate/self/cross-org/RBAC guards', async ({ request }) => {
+    test.slow();
+    const adminToken = await getAuthToken(request, 'admin');
+    const { tenantId, organizationId: orgAId, userId: ownerId } = getTokenScope(adminToken);
+    const stamp = randomUUID().slice(0, 8);
+    const password = 'Secret123!';
+    const agentId = `it_part.agent_${stamp}`;
+    const conversationId = `it-part-${randomUUID()}`;
+
+    let roleId: string | null = null;
+    let memberId: string | null = null;
+    let foreignOrgId: string | null = null;
+    let foreignUserId: string | null = null;
+    try {
+      roleId = await createRoleFixture(request, adminToken, { name: `IT Part Role ${stamp}` });
+      // Member lives in the SAME org as the owner and carries only view -> valid
+      // share target AND a deterministic "lacks conversations.share" caller.
+      memberId = await createUserFixture(request, adminToken, {
+        email: `it-part-member-${stamp}@example.com`,
+        password,
+        organizationId: orgAId,
+        roles: [roleId],
+      });
+      await setUserAclVisibility(request, adminToken, {
+        userId: memberId,
+        features: ['ai_assistant.view'],
+        organizations: [orgAId],
+      });
+      // Foreign user lives in another org -> cannot be shared into this conversation.
+      foreignOrgId = await createOrganizationInDb({ name: `IT Part OrgB ${stamp}`, tenantId });
+      foreignUserId = await createUserFixture(request, adminToken, {
+        email: `it-part-foreign-${stamp}@example.com`,
+        password,
+        organizationId: foreignOrgId,
+        roles: [roleId],
+      });
+
+      const createRes = await apiRequest(request, 'POST', CONVERSATIONS, {
+        token: adminToken,
+        data: { agentId, conversationId, title: 'Shareable conversation' },
+      });
+      expect(createRes.status()).toBe(201);
+
+      const participantsPath = `${CONVERSATIONS}/${encodeURIComponent(conversationId)}/participants`;
+
+      // Add member -> 201 viewer
+      const addRes = await apiRequest(request, 'POST', participantsPath, {
+        token: adminToken,
+        data: { userId: memberId },
+      });
+      expect(addRes.status(), 'add participant returns 201').toBe(201);
+      const added = await readJsonSafe<{ participant: ParticipantRow }>(addRes);
+      expect(added?.participant.userId).toBe(memberId);
+      expect(added?.participant.role).toBe('viewer');
+
+      // List -> owner + member
+      const listRes = await apiRequest(request, 'GET', participantsPath, { token: adminToken });
+      expect(listRes.status()).toBe(200);
+      const list = await readJsonSafe<{ ownerUserId: string; participants: ParticipantRow[] }>(listRes);
+      expect(list?.ownerUserId).toBe(ownerId);
+      expect(list?.participants.some((p) => p.userId === ownerId && p.role === 'owner')).toBe(true);
+      expect(list?.participants.some((p) => p.userId === memberId && p.role === 'viewer')).toBe(true);
+
+      // Self-add -> 400 self_share_not_allowed
+      const selfAdd = await apiRequest(request, 'POST', participantsPath, {
+        token: adminToken,
+        data: { userId: ownerId },
+      });
+      expect(selfAdd.status()).toBe(400);
+      expect((await readJsonSafe<{ code?: string }>(selfAdd))?.code).toBe('self_share_not_allowed');
+
+      // Duplicate -> 409 duplicate_participant
+      const dup = await apiRequest(request, 'POST', participantsPath, {
+        token: adminToken,
+        data: { userId: memberId },
+      });
+      expect(dup.status()).toBe(409);
+      expect((await readJsonSafe<{ code?: string }>(dup))?.code).toBe('duplicate_participant');
+
+      // Foreign-org target -> 400 user_not_found
+      const foreign = await apiRequest(request, 'POST', participantsPath, {
+        token: adminToken,
+        data: { userId: foreignUserId },
+      });
+      expect(foreign.status()).toBe(400);
+      expect((await readJsonSafe<{ code?: string }>(foreign))?.code).toBe('user_not_found');
+
+      // Caller lacking conversations.share -> 403 (feature gate fires first)
+      const memberToken = await getAuthToken(request, `it-part-member-${stamp}@example.com`, password);
+      const denied = await apiRequest(request, 'POST', participantsPath, {
+        token: memberToken,
+        data: { userId: randomUUID() },
+      });
+      expect(denied.status(), 'caller without conversations.share is 403').toBe(403);
+
+      // Remove the OWNER -> 403
+      const removeOwner = await apiRequest(
+        request,
+        'DELETE',
+        `${participantsPath}/${encodeURIComponent(ownerId)}`,
+        { token: adminToken },
+      );
+      expect(removeOwner.status(), 'cannot revoke the owner').toBe(403);
+
+      // Remove the member -> 204
+      const removeMember = await apiRequest(
+        request,
+        'DELETE',
+        `${participantsPath}/${encodeURIComponent(memberId)}`,
+        { token: adminToken },
+      );
+      expect(removeMember.status(), 'revoke participant returns 204').toBe(204);
+
+      // List -> member gone
+      const listAfter = await apiRequest(request, 'GET', participantsPath, { token: adminToken });
+      expect(listAfter.status()).toBe(200);
+      const after = await readJsonSafe<{ participants: ParticipantRow[] }>(listAfter);
+      expect(after?.participants.some((p) => p.userId === memberId)).toBe(false);
+
+      // Remove again -> 404 participant_not_found
+      const removeAgain = await apiRequest(
+        request,
+        'DELETE',
+        `${participantsPath}/${encodeURIComponent(memberId)}`,
+        { token: adminToken },
+      );
+      expect(removeAgain.status()).toBe(404);
+      expect((await readJsonSafe<{ code?: string }>(removeAgain))?.code).toBe('participant_not_found');
+    } finally {
+      await deleteConversationCascadeInDb({ tenantId, conversationId }).catch(() => undefined);
+      await deleteUserAclInDb(memberId ?? '').catch(() => undefined);
+      await deleteUserIfExists(request, adminToken, memberId);
+      await deleteUserIfExists(request, adminToken, foreignUserId);
+      await deleteRoleIfExists(request, adminToken, roleId);
+      await deleteOrganizationInDb(foreignOrgId).catch(() => undefined);
+    }
+  });
+});

package/src/modules/ai_assistant/__integration__/TC-AI-RUNTIME-OVERRIDES-006-model-picker.spec.ts

@@ -178,6 +178,14 @@ test.describe('TC-AI-RUNTIME-OVERRIDES-006: runtime model overrides', () => {
         });
       });
 
+      await page.route('**/api/ai_assistant/ai/agents', async (route) => {
+        await route.fulfill({
+          status: 200,
+          contentType: 'application/json',
+          body: JSON.stringify(agentsPayload),
+        });
+      });
+
       await page.route('**/api/ai_assistant/health', async (route) => {
         await route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ status: 'ok', url: 'http://localhost', mcpUrl: 'http://localhost:3001' }) });
       });