@opena2a/oasb 0.2.0 → 0.3.0

package/src/harness/create-adapter.ts

@@ -0,0 +1,49 @@
+/**
+ * Adapter factory — selects which security product adapter to use.
+ *
+ * Set OASB_ADAPTER env var to choose:
+ *   - "arp" (default) — uses arp-guard (must be installed)
+ *   - "llm-guard" — uses theRizwan/llm-guard
+ *   - path to a JS/TS module that exports a class implementing SecurityProductAdapter
+ *
+ * All test files import from here instead of instantiating adapters directly.
+ */
+import type { SecurityProductAdapter, LabConfig } from './adapter';
+
+// Eagerly resolve the adapter class at import time.
+// This file is only imported by tests that need the adapter,
+// so the cost is acceptable. Each wrapper handles lazy loading internally.
+import { ArpWrapper } from './arp-wrapper';
+import { LLMGuardWrapper } from './llm-guard-wrapper';
+
+let AdapterClass: new (config?: LabConfig) => SecurityProductAdapter;
+
+const adapterName = process.env.OASB_ADAPTER || 'arp';
+
+switch (adapterName) {
+  case 'arp':
+    AdapterClass = ArpWrapper;
+    break;
+  case 'llm-guard':
+    AdapterClass = LLMGuardWrapper;
+    break;
+  default: {
+    // Custom adapter — loaded at module level
+    // eslint-disable-next-line @typescript-eslint/no-var-requires
+    const mod = require(adapterName);
+    const Cls = mod.default || mod.Adapter || mod[Object.keys(mod)[0]];
+    if (!Cls || typeof Cls !== 'function') {
+      throw new Error(`Module "${adapterName}" does not export an adapter class`);
+    }
+    AdapterClass = Cls;
+    break;
+  }
+}
+
+/**
+ * Create a configured adapter instance.
+ * Uses OASB_ADAPTER env var to select the product under test.
+ */
+export function createAdapter(config?: LabConfig): SecurityProductAdapter {
+  return new AdapterClass(config);
+}

package/src/harness/event-collector.ts

@@ -1,4 +1,4 @@
-import type { ARPEvent, EnforcementResult } from '@opena2a/arp';
+import type { SecurityEvent as ARPEvent, EnforcementResult } from './adapter';
 
 /**
  * Collects ARP events and enforcement results for test assertions.

package/src/harness/llm-guard-wrapper.ts

@@ -0,0 +1,333 @@
+/**
+ * llm-guard Adapter — Third-party benchmark comparison
+ *
+ * Wraps theRizwan/llm-guard (npm: llm-guard) for OASB evaluation.
+ * This is a prompt-level scanner only — it does NOT provide:
+ * - Process/network/filesystem monitoring
+ * - MCP tool call validation
+ * - A2A message scanning
+ * - Anomaly detection / intelligence layers
+ * - Enforcement actions (pause/kill/resume)
+ *
+ * Tests that require these capabilities will get no-op implementations
+ * that return empty/negative results, documenting the coverage gap.
+ */
+import * as fs from 'fs';
+import * as os from 'os';
+import * as path from 'path';
+import { EventCollector } from './event-collector';
+import type {
+  SecurityProductAdapter,
+  SecurityEvent,
+  EnforcementResult,
+  EnforcementAction,
+  LabConfig,
+  PromptScanner,
+  MCPScanner,
+  A2AScanner,
+  PatternScanner,
+  BudgetManager,
+  AnomalyScorer,
+  EventEngine,
+  EnforcementEngine,
+  ScanResult,
+  ThreatPattern,
+  AlertRule,
+} from './adapter';
+
+// Lazy-loaded llm-guard
+let _LLMGuard: any;
+function getLLMGuard(): any {
+  if (!_LLMGuard) {
+    _LLMGuard = require('llm-guard').LLMGuard;
+  }
+  return _LLMGuard;
+}
+
+/** Convert llm-guard result to OASB ScanResult */
+function toScanResult(guardResult: any): ScanResult {
+  const matches: ScanResult['matches'] = [];
+
+  if (guardResult.results) {
+    for (const r of guardResult.results) {
+      if (!r.valid && r.details) {
+        for (const d of r.details) {
+          matches.push({
+            pattern: {
+              id: d.rule || 'LLM-GUARD',
+              category: d.rule?.includes('jailbreak') ? 'jailbreak'
+                : d.rule?.includes('pii') ? 'data-exfiltration'
+                : d.rule?.includes('injection') ? 'prompt-injection'
+                : 'unknown',
+              description: d.message || '',
+              pattern: /./,
+              severity: guardResult.score <= 0.3 ? 'high' : 'medium',
+            },
+            matchedText: d.matched || '',
+          });
+        }
+      }
+    }
+  }
+
+  return {
+    detected: !guardResult.isValid,
+    matches,
+  };
+}
+
+/** Simple event engine that stores and emits events */
+class SimpleEventEngine implements EventEngine {
+  private handlers: Array<(event: SecurityEvent) => void | Promise<void>> = [];
+  private idCounter = 0;
+
+  emit(event: Omit<SecurityEvent, 'id' | 'timestamp' | 'classifiedBy'>): SecurityEvent {
+    const full: SecurityEvent = {
+      ...event,
+      id: `llmg-${++this.idCounter}`,
+      timestamp: new Date().toISOString(),
+      classifiedBy: 'llm-guard',
+    };
+    for (const h of this.handlers) {
+      h(full);
+    }
+    return full;
+  }
+
+  onEvent(handler: (event: SecurityEvent) => void | Promise<void>): void {
+    this.handlers.push(handler);
+  }
+}
+
+/** Simple enforcement engine — llm-guard doesn't have enforcement */
+class SimpleEnforcementEngine implements EnforcementEngine {
+  private pausedPids = new Set<number>();
+  private alertCallback?: (event: SecurityEvent, rule: AlertRule) => void;
+
+  async execute(action: EnforcementAction, event: SecurityEvent): Promise<EnforcementResult> {
+    return { action, success: true, reason: 'llm-guard-enforcement', event };
+  }
+
+  pause(pid: number): boolean {
+    this.pausedPids.add(pid);
+    return true;
+  }
+
+  resume(pid: number): boolean {
+    return this.pausedPids.delete(pid);
+  }
+
+  kill(pid: number): boolean {
+    this.pausedPids.delete(pid);
+    return true;
+  }
+
+  getPausedPids(): number[] {
+    return [...this.pausedPids];
+  }
+
+  setAlertCallback(callback: (event: SecurityEvent, rule: AlertRule) => void): void {
+    this.alertCallback = callback;
+  }
+}
+
+export class LLMGuardWrapper implements SecurityProductAdapter {
+  private _dataDir: string;
+  private engine: SimpleEventEngine;
+  private enforcement: SimpleEnforcementEngine;
+  private rules: AlertRule[];
+  readonly collector: EventCollector;
+
+  constructor(labConfig?: LabConfig) {
+    this._dataDir = labConfig?.dataDir ?? fs.mkdtempSync(path.join(os.tmpdir(), 'llmg-lab-'));
+    this.engine = new SimpleEventEngine();
+    this.enforcement = new SimpleEnforcementEngine();
+    this.rules = labConfig?.rules ?? [];
+    this.collector = new EventCollector();
+
+    this.engine.onEvent(async (event) => {
+      this.collector.eventHandler(event);
+
+      // Check rules for enforcement
+      for (const rule of this.rules) {
+        const cond = rule.condition;
+        if (cond.category && cond.category !== event.category) continue;
+        if (cond.source && cond.source !== event.source) continue;
+        if (cond.minSeverity) {
+          const sevOrder = ['info', 'low', 'medium', 'high', 'critical'];
+          if (sevOrder.indexOf(event.severity) < sevOrder.indexOf(cond.minSeverity)) continue;
+        }
+        const result = await this.enforcement.execute(rule.action, event);
+        result.reason = rule.name;
+        this.collector.enforcementHandler(result);
+      }
+    });
+  }
+
+  async start(): Promise<void> {}
+
+  async stop(): Promise<void> {
+    this.collector.reset();
+    try {
+      fs.rmSync(this._dataDir, { recursive: true, force: true });
+    } catch {}
+  }
+
+  async injectEvent(event: Omit<SecurityEvent, 'id' | 'timestamp' | 'classifiedBy'>): Promise<SecurityEvent> {
+    return this.engine.emit(event);
+  }
+
+  waitForEvent(predicate: (event: SecurityEvent) => boolean, timeoutMs: number = 10000): Promise<SecurityEvent> {
+    return this.collector.waitForEvent(predicate, timeoutMs);
+  }
+
+  getEvents(): SecurityEvent[] { return this.collector.getEvents(); }
+  getEventsByCategory(category: string): SecurityEvent[] { return this.collector.eventsByCategory(category); }
+  getEnforcements(): EnforcementResult[] { return this.collector.getEnforcements() as EnforcementResult[]; }
+  getEnforcementsByAction(action: string): EnforcementResult[] { return this.collector.enforcementsByAction(action) as EnforcementResult[]; }
+  resetCollector(): void { this.collector.reset(); }
+
+  getEventEngine(): EventEngine { return this.engine; }
+  getEnforcementEngine(): EnforcementEngine { return this.enforcement; }
+
+  get dataDir(): string { return this._dataDir; }
+
+  // ─── Factory Methods ────────────────────────────────────────────
+
+  createPromptScanner(): PromptScanner {
+    const LLMGuard = getLLMGuard();
+    const guard = new LLMGuard({
+      promptInjection: { enabled: true },
+      jailbreak: { enabled: true },
+      pii: { enabled: true },
+    });
+
+    return {
+      start: async () => {},
+      stop: async () => {},
+      scanInput: (text: string) => {
+        // llm-guard is async, but OASB scanner interface is sync.
+        // We run synchronously by checking patterns manually.
+        // This is a limitation — real usage would be async.
+        const result = scanWithPatterns(text, 'input');
+        return result;
+      },
+      scanOutput: (text: string) => {
+        return scanWithPatterns(text, 'output');
+      },
+    };
+  }
+
+  createMCPScanner(_allowedTools?: string[]): MCPScanner {
+    // llm-guard has no MCP scanning capability
+    return {
+      start: async () => {},
+      stop: async () => {},
+      scanToolCall: () => ({ detected: false, matches: [] }),
+    };
+  }
+
+  createA2AScanner(_trustedAgents?: string[]): A2AScanner {
+    // llm-guard has no A2A scanning capability
+    return {
+      start: async () => {},
+      stop: async () => {},
+      scanMessage: () => ({ detected: false, matches: [] }),
+    };
+  }
+
+  createPatternScanner(): PatternScanner {
+    // llm-guard uses its own internal patterns, not the OASB ThreatPattern format.
+    // We expose what we can via regex approximation.
+    const patterns = getLLMGuardPatterns();
+    return {
+      scanText: (text: string, pats: readonly ThreatPattern[]) => scanWithPatterns(text, 'input'),
+      getAllPatterns: () => patterns,
+      getPatternSets: () => ({
+        inputPatterns: patterns.filter(p => p.category !== 'output-leak'),
+        outputPatterns: patterns.filter(p => p.category === 'output-leak'),
+        mcpPatterns: [],
+        a2aPatterns: [],
+      }),
+    };
+  }
+
+  createBudgetManager(dataDir: string, config?: { budgetUsd?: number; maxCallsPerHour?: number }): BudgetManager {
+    // llm-guard has no budget management — implement a simple one
+    let spent = 0;
+    let totalCalls = 0;
+    let callsThisHour = 0;
+    const budgetUsd = config?.budgetUsd ?? 5;
+    const maxCallsPerHour = config?.maxCallsPerHour ?? 20;
+
+    return {
+      canAfford: (cost: number) => spent + cost <= budgetUsd && callsThisHour < maxCallsPerHour,
+      record: (cost: number, _tokens: number) => { spent += cost; totalCalls++; callsThisHour++; },
+      getStatus: () => ({
+        spent,
+        budget: budgetUsd,
+        remaining: budgetUsd - spent,
+        percentUsed: Math.round((spent / budgetUsd) * 100),
+        callsThisHour,
+        maxCallsPerHour,
+        totalCalls,
+      }),
+      reset: () => { spent = 0; totalCalls = 0; callsThisHour = 0; },
+    };
+  }
+
+  createAnomalyScorer(): AnomalyScorer {
+    // llm-guard has no anomaly detection — implement a stub
+    const baselines = new Map<string, { mean: number; stddev: number; count: number }>();
+    const observations = new Map<string, number[]>();
+
+    return {
+      score: () => 0,
+      record: (event: SecurityEvent) => {
+        const key = event.source;
+        if (!observations.has(key)) observations.set(key, []);
+        observations.get(key)!.push(1);
+        const vals = observations.get(key)!;
+        const mean = vals.length;
+        baselines.set(key, { mean, stddev: 0, count: 1 });
+      },
+      getBaseline: (source: string) => baselines.get(source) ?? null,
+      reset: () => { baselines.clear(); observations.clear(); },
+    };
+  }
+}
+
+// ─── Internal pattern-based scanning (sync approximation of llm-guard) ───
+
+function getLLMGuardPatterns(): ThreatPattern[] {
+  return [
+    { id: 'LLMG-PI-001', category: 'prompt-injection', description: 'Instruction override', pattern: /(?:ignore|disregard|forget)\s+(?:all\s+)?(?:previous\s+)?(?:instructions?|prompts?|rules?)/i, severity: 'high' },
+    { id: 'LLMG-PI-002', category: 'prompt-injection', description: 'System prompt extraction', pattern: /(?:system\s+prompt|repeat\s+(?:your|the)\s+(?:instructions?|prompt))/i, severity: 'high' },
+    { id: 'LLMG-PI-003', category: 'prompt-injection', description: 'Persona override', pattern: /(?:you\s+are\s+now|pretend\s+you\s+are|act\s+as\s+if)/i, severity: 'medium' },
+    { id: 'LLMG-JB-001', category: 'jailbreak', description: 'DAN jailbreak', pattern: /(?:DAN|do\s+anything\s+now)/i, severity: 'high' },
+    { id: 'LLMG-JB-002', category: 'jailbreak', description: 'Roleplay bypass', pattern: /(?:pretend|imagine|roleplay)\s+(?:you\s+are|as)\s+(?:an?\s+)?(?:evil|unrestricted|unfiltered)/i, severity: 'high' },
+    { id: 'LLMG-PII-001', category: 'data-exfiltration', description: 'SSN detection', pattern: /\b\d{3}-\d{2}-\d{4}\b/, severity: 'high' },
+    { id: 'LLMG-PII-002', category: 'data-exfiltration', description: 'Credit card detection', pattern: /\b(?:\d{4}[- ]?){3}\d{4}\b/, severity: 'high' },
+    { id: 'LLMG-PII-003', category: 'data-exfiltration', description: 'API key detection', pattern: /(?:sk-[a-zA-Z0-9]{20,}|AKIA[A-Z0-9]{12,})/i, severity: 'critical' },
+  ];
+}
+
+function scanWithPatterns(text: string, _direction: 'input' | 'output'): ScanResult {
+  const patterns = getLLMGuardPatterns();
+  const matches: ScanResult['matches'] = [];
+
+  for (const pattern of patterns) {
+    const match = pattern.pattern.exec(text);
+    if (match) {
+      matches.push({
+        pattern,
+        matchedText: match[0].slice(0, 200),
+      });
+    }
+  }
+
+  return {
+    detected: matches.length > 0,
+    matches,
+  };
+}

package/src/harness/mock-llm-adapter.ts

@@ -1,4 +1,4 @@
-import type { LLMAdapter, LLMResponse } from '@opena2a/arp';
+import type { LLMAdapter, LLMResponse } from './adapter';
 
 interface MockCall {
   prompt: string;
@@ -21,8 +21,8 @@ export class MockLLMAdapter implements LLMAdapter {
     this.costPerCall = options?.costPerCall ?? 0.001;
   }
 
-  async assess(prompt: string, maxTokens: number): Promise<LLMResponse> {
-    this.calls.push({ prompt, maxTokens, timestamp: Date.now() });
+  async assess(prompt: string): Promise<LLMResponse> {
+    this.calls.push({ prompt, maxTokens: 300, timestamp: Date.now() });
 
     if (this.latencyMs > 0) {
       await new Promise((r) => setTimeout(r, this.latencyMs));
@@ -32,9 +32,10 @@ export class MockLLMAdapter implements LLMAdapter {
 
     return {
       content: response,
-      inputTokens: Math.ceil(prompt.length / 4),
-      outputTokens: Math.ceil(response.length / 4),
-      model: 'mock-llm',
+      usage: {
+        inputTokens: Math.ceil(prompt.length / 4),
+        outputTokens: Math.ceil(response.length / 4),
+      },
     };
   }
 

package/src/harness/types.ts

@@ -1,4 +1,31 @@
-import type { ARPEvent, EnforcementResult } from '@opena2a/arp';
+// Re-export OASB-native types from the adapter interface
+// Tests should import from here or from './adapter'
+export type {
+  SecurityEvent,
+  EnforcementResult,
+  AlertRule,
+  AlertCondition,
+  EventCategory,
+  EventSeverity,
+  MonitorSource,
+  EnforcementAction,
+  ScanResult,
+  ScanMatch,
+  ThreatPattern,
+  BudgetStatus,
+  LLMAdapter,
+  LLMResponse,
+  LabConfig,
+  SecurityProductAdapter,
+  PromptScanner,
+  MCPScanner,
+  A2AScanner,
+  PatternScanner,
+  BudgetManager,
+  AnomalyScorer,
+  EventEngine,
+  EnforcementEngine,
+} from './adapter';
 
 /** Annotation metadata for test cases */
 export interface TestAnnotation {
@@ -8,7 +35,7 @@ export interface TestAnnotation {
   atlasId?: string;
   /** OWASP Agentic Top 10 category */
   owaspId?: string;
-  /** Whether ARP should detect this */
+  /** Whether the product should detect this */
   expectedDetection: boolean;
   /** Expected minimum severity if detected */
   expectedSeverity?: 'info' | 'low' | 'medium' | 'high' | 'critical';
@@ -22,8 +49,8 @@ export interface TestResult {
   annotation: TestAnnotation;
   detected: boolean;
   detectionTimeMs?: number;
-  events: ARPEvent[];
-  enforcements: EnforcementResult[];
+  events: import('./adapter').SecurityEvent[];
+  enforcements: import('./adapter').EnforcementResult[];
 }
 
 /** Suite-level metrics */
@@ -40,38 +67,3 @@ export interface SuiteMetrics {
   meanDetectionTimeMs: number;
   p95DetectionTimeMs: number;
 }
-
-/** ARP wrapper configuration for tests */
-export interface LabConfig {
-  monitors?: {
-    process?: boolean;
-    network?: boolean;
-    filesystem?: boolean;
-  };
-  rules?: import('@opena2a/arp').AlertRule[];
-  intelligence?: {
-    enabled?: boolean;
-  };
-  /** Temp data dir (auto-created per test) */
-  dataDir?: string;
-  /** Filesystem paths to watch (for real FilesystemMonitor) */
-  filesystemWatchPaths?: string[];
-  /** Filesystem allowed paths (for real FilesystemMonitor) */
-  filesystemAllowedPaths?: string[];
-  /** Network allowed hosts (for real NetworkMonitor) */
-  networkAllowedHosts?: string[];
-  /** Process monitor poll interval in ms */
-  processIntervalMs?: number;
-  /** Network monitor poll interval in ms */
-  networkIntervalMs?: number;
-  /** Application-level interceptors (zero-latency hooks) */
-  interceptors?: {
-    process?: boolean;
-    network?: boolean;
-    filesystem?: boolean;
-  };
-  /** Interceptor network allowed hosts */
-  interceptorNetworkAllowedHosts?: string[];
-  /** Interceptor filesystem allowed paths */
-  interceptorFilesystemAllowedPaths?: string[];
-}

package/src/integration/INT-001.data-exfil-detection.test.ts

@@ -11,7 +11,7 @@
 import { describe, it, expect, beforeEach, afterEach } from 'vitest';
 import { ArpWrapper } from '../harness/arp-wrapper';
 import { DVAAClient } from '../harness/dvaa-client';
-import type { AlertRule } from '@opena2a/arp';
+import type { AlertRule } from '../harness/adapter';
 
 // DVAA ports
 const LEGACY_BOT_PORT = 3003;

package/src/integration/INT-002.mcp-tool-abuse.test.ts

@@ -11,7 +11,7 @@
 import { describe, it, expect, beforeEach, afterEach } from 'vitest';
 import { ArpWrapper } from '../harness/arp-wrapper';
 import { DVAAClient } from '../harness/dvaa-client';
-import type { AlertRule } from '@opena2a/arp';
+import type { AlertRule } from '../harness/adapter';
 
 // DVAA ToolBot port
 const TOOL_BOT_PORT = 3002;

package/src/integration/INT-003.prompt-injection-response.test.ts

@@ -11,7 +11,7 @@
 import { describe, it, expect, beforeEach, afterEach } from 'vitest';
 import { ArpWrapper } from '../harness/arp-wrapper';
 import { DVAAClient } from '../harness/dvaa-client';
-import type { AlertRule } from '@opena2a/arp';
+import type { AlertRule } from '../harness/adapter';
 
 // DVAA SecureBot port
 const SECURE_BOT_PORT = 3001;

package/src/integration/INT-004.a2a-trust-exploitation.test.ts

@@ -11,7 +11,7 @@
 import { describe, it, expect, beforeEach, afterEach } from 'vitest';
 import { ArpWrapper } from '../harness/arp-wrapper';
 import { DVAAClient } from '../harness/dvaa-client';
-import type { AlertRule } from '@opena2a/arp';
+import type { AlertRule } from '../harness/adapter';
 
 // DVAA Orchestrator port
 const ORCHESTRATOR_PORT = 3004;

package/src/integration/INT-005.baseline-then-attack.test.ts

@@ -10,7 +10,7 @@
 
 import { describe, it, expect, beforeEach, afterEach } from 'vitest';
 import { ArpWrapper } from '../harness/arp-wrapper';
-import type { AlertRule } from '@opena2a/arp';
+import type { AlertRule } from '../harness/adapter';
 
 describe('INT-005: Baseline Learning Then Attack Burst', () => {
   let arp: ArpWrapper;

package/src/integration/INT-006.multi-monitor-correlation.test.ts

@@ -11,7 +11,7 @@
 
 import { describe, it, expect, beforeEach, afterEach } from 'vitest';
 import { ArpWrapper } from '../harness/arp-wrapper';
-import type { AlertRule } from '@opena2a/arp';
+import type { AlertRule } from '../harness/adapter';
 
 describe('INT-006: Multi-Monitor Event Correlation', () => {
   let arp: ArpWrapper;

package/src/integration/INT-007.budget-exhaustion-attack.test.ts

@@ -12,8 +12,8 @@ import * as fs from 'fs';
 import * as os from 'os';
 import * as path from 'path';
 import { ArpWrapper } from '../harness/arp-wrapper';
-import { BudgetController } from '@opena2a/arp';
-import type { AlertRule } from '@opena2a/arp';
+import { createAdapter } from '../harness/create-adapter';
+import type { AlertRule, BudgetManager } from '../harness/adapter';
 
 describe('INT-007: Budget Exhaustion Attack', () => {
   let arp: ArpWrapper;
@@ -51,7 +51,7 @@ describe('INT-007: Budget Exhaustion Attack', () => {
   });
 
   it('should create a budget controller with tiny budget', () => {
-    const budget = new BudgetController(budgetDir, {
+    const budget = createAdapter().createBudgetManager(budgetDir, {
       budgetUsd: 0.01,
       maxCallsPerHour: 5,
     });
@@ -64,7 +64,7 @@ describe('INT-007: Budget Exhaustion Attack', () => {
   });
 
   it('should exhaust budget after repeated spend calls', () => {
-    const budget = new BudgetController(budgetDir, {
+    const budget = createAdapter().createBudgetManager(budgetDir, {
       budgetUsd: 0.01,
       maxCallsPerHour: 100,
     });
@@ -84,7 +84,7 @@ describe('INT-007: Budget Exhaustion Attack', () => {
   });
 
   it('should exhaust hourly rate limit with rapid calls', () => {
-    const budget = new BudgetController(budgetDir, {
+    const budget = createAdapter().createBudgetManager(budgetDir, {
       budgetUsd: 100, // Large budget so dollar limit is not the issue
       maxCallsPerHour: 5,
     });
@@ -103,7 +103,7 @@ describe('INT-007: Budget Exhaustion Attack', () => {
   });
 
   it('should still capture threat events via L0 rules after budget exhaustion', async () => {
-    const budget = new BudgetController(budgetDir, {
+    const budget = createAdapter().createBudgetManager(budgetDir, {
       budgetUsd: 0.01,
       maxCallsPerHour: 100,
     });
@@ -145,7 +145,7 @@ describe('INT-007: Budget Exhaustion Attack', () => {
   });
 
   it('should simulate noise flood followed by real attack', async () => {
-    const budget = new BudgetController(budgetDir, {
+    const budget = createAdapter().createBudgetManager(budgetDir, {
       budgetUsd: 0.01,
       maxCallsPerHour: 100,
     });
@@ -218,7 +218,7 @@ describe('INT-007: Budget Exhaustion Attack', () => {
   });
 
   it('should track budget status accurately through exhaustion', () => {
-    const budget = new BudgetController(budgetDir, {
+    const budget = createAdapter().createBudgetManager(budgetDir, {
       budgetUsd: 0.05,
       maxCallsPerHour: 100,
     });