npm - @openparachute/agent - Versions diffs - 0.1.2 → 0.2.2 - Mend

@openparachute/agent 0.1.2 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (608) hide show

package/.parachute/module.json +124 -8
package/LICENSE +2 -16
package/README.md +118 -166
package/package.json +35 -42
package/scripts/spawn-agent.ts +371 -0
package/src/_parked/interactive-spawn.test.ts +324 -0
package/src/_parked/interactive-spawn.ts +701 -0
package/src/agent-defs.test.ts +1504 -0
package/src/agent-defs.ts +1702 -0
package/src/agent-mcp-config.test.ts +115 -0
package/src/agent-mcp-config.ts +115 -0
package/src/agents.test.ts +360 -0
package/src/agents.ts +379 -0
package/src/auth.test.ts +46 -0
package/src/auth.ts +140 -0
package/src/backends/attached-queue.test.ts +376 -0
package/src/backends/attached-queue.ts +372 -0
package/src/backends/programmatic.test.ts +1715 -0
package/src/backends/programmatic.ts +927 -0
package/src/backends/registry.test.ts +1494 -0
package/src/backends/registry.ts +1202 -0
package/src/backends/stream-json.test.ts +570 -0
package/src/backends/stream-json.ts +392 -0
package/src/backends/types.ts +223 -0
package/src/bridge.ts +417 -0
package/src/channel-backend-wiring.test.ts +237 -0
package/src/credentials.test.ts +274 -0
package/src/credentials.ts +380 -0
package/src/cron.test.ts +342 -0
package/src/cron.ts +380 -0
package/src/daemon-agent-def-api.test.ts +166 -0
package/src/daemon-agent-defs-api.test.ts +953 -0
package/src/daemon-agent-env-api.test.ts +338 -0
package/src/daemon-attached-queue-store.test.ts +65 -0
package/src/daemon-config-api.test.ts +962 -0
package/src/daemon-jobs-api.test.ts +271 -0
package/src/daemon-vault-chat.test.ts +250 -0
package/src/daemon.test.ts +746 -0
package/src/daemon.ts +3314 -0
package/src/def-vaults.test.ts +136 -0
package/src/def-vaults.ts +165 -0
package/src/delivery-state.test.ts +110 -0
package/src/delivery-state.ts +154 -0
package/src/effective-env.test.ts +114 -0
package/src/effective-env.ts +184 -0
package/src/env-compat.ts +39 -0
package/src/grants.test.ts +638 -0
package/src/grants.ts +675 -0
package/src/hub-jwt.test.ts +161 -0
package/src/hub-jwt.ts +182 -0
package/src/jobs.test.ts +245 -0
package/src/jobs.ts +266 -0
package/src/mcp-http.test.ts +265 -0
package/src/mcp-http.ts +771 -0
package/src/mint-token.test.ts +152 -0
package/src/mint-token.ts +139 -0
package/src/module-manifest.test.ts +158 -0
package/src/oauth-discovery.ts +134 -0
package/src/programmatic-wiring.test.ts +838 -0
package/src/registry.test.ts +227 -0
package/src/registry.ts +228 -0
package/src/resolve-port.test.ts +64 -0
package/src/routing.test.ts +184 -0
package/src/routing.ts +76 -0
package/src/runner.test.ts +506 -0
package/src/runner.ts +255 -0
package/src/sandbox/config.test.ts +150 -0
package/src/sandbox/config.ts +102 -0
package/src/sandbox/egress.test.ts +113 -0
package/src/sandbox/egress.ts +123 -0
package/src/sandbox/index.ts +180 -0
package/src/sandbox/live-seatbelt.test.ts +277 -0
package/src/sandbox/mounts.test.ts +154 -0
package/src/sandbox/mounts.ts +133 -0
package/src/sandbox/sandbox.test.ts +168 -0
package/src/sandbox/types.ts +382 -0
package/src/services-manifest.test.ts +106 -0
package/src/services-manifest.ts +95 -0
package/src/spa-serve.test.ts +116 -0
package/src/spa-serve.ts +116 -0
package/src/spawn-agent-cli.test.ts +172 -0
package/src/spawn-agent.test.ts +1218 -0
package/src/spawn-agent.ts +569 -0
package/src/spawn-deps.test.ts +54 -0
package/src/spawn-deps.ts +166 -0
package/src/telegram/api.ts +153 -0
package/src/terminal-assets.test.ts +50 -0
package/src/terminal-assets.ts +79 -0
package/src/terminal-ui.ts +305 -0
package/src/terminal.test.ts +530 -0
package/src/terminal.ts +458 -0
package/src/transport.ts +270 -0
package/src/transports/http-ui.test.ts +455 -0
package/src/transports/http-ui.ts +201 -0
package/src/transports/telegram.test.ts +174 -0
package/src/transports/telegram.ts +426 -0
package/src/transports/vault.test.ts +2011 -0
package/src/transports/vault.ts +1790 -0
package/src/ui-kit.test.ts +178 -0
package/src/ui-kit.ts +402 -0
package/tsconfig.json +8 -14
package/web/ui/dist/assets/index-C-iWdFFV.css +1 -0
package/web/ui/dist/assets/index-VFETBk0a.js +60 -0
package/web/ui/dist/index.html +15 -0
package/web/ui/tsconfig.json +2 -1
package/.claude/scheduled_tasks.lock +0 -1
package/.claude/settings.json +0 -5
package/.claude/skills/add-atomic-chat-tool/SKILL.md +0 -243
package/.claude/skills/add-atomic-chat-tool/atomic-chat-mcp-stdio.ts +0 -229
package/.claude/skills/add-codex/SKILL.md +0 -161
package/.claude/skills/add-dashboard/SKILL.md +0 -138
package/.claude/skills/add-dashboard/resources/dashboard-pusher.ts +0 -495
package/.claude/skills/add-emacs/SKILL.md +0 -296
package/.claude/skills/add-gcal-tool/SKILL.md +0 -210
package/.claude/skills/add-gchat/REMOVE.md +0 -6
package/.claude/skills/add-gchat/SKILL.md +0 -92
package/.claude/skills/add-gchat/VERIFY.md +0 -3
package/.claude/skills/add-github/REMOVE.md +0 -6
package/.claude/skills/add-github/SKILL.md +0 -148
package/.claude/skills/add-github/VERIFY.md +0 -3
package/.claude/skills/add-gmail-tool/SKILL.md +0 -229
package/.claude/skills/add-imessage/REMOVE.md +0 -6
package/.claude/skills/add-imessage/SKILL.md +0 -113
package/.claude/skills/add-imessage/VERIFY.md +0 -3
package/.claude/skills/add-karpathy-llm-wiki/SKILL.md +0 -110
package/.claude/skills/add-karpathy-llm-wiki/llm-wiki.md +0 -75
package/.claude/skills/add-linear/REMOVE.md +0 -6
package/.claude/skills/add-linear/SKILL.md +0 -168
package/.claude/skills/add-linear/VERIFY.md +0 -3
package/.claude/skills/add-macos-statusbar/SKILL.md +0 -133
package/.claude/skills/add-macos-statusbar/add/src/statusbar.swift +0 -147
package/.claude/skills/add-matrix/REMOVE.md +0 -6
package/.claude/skills/add-matrix/SKILL.md +0 -148
package/.claude/skills/add-matrix/VERIFY.md +0 -3
package/.claude/skills/add-ollama-provider/SKILL.md +0 -179
package/.claude/skills/add-ollama-tool/SKILL.md +0 -193
package/.claude/skills/add-opencode/SKILL.md +0 -229
package/.claude/skills/add-parallel/SKILL.md +0 -290
package/.claude/skills/add-resend/REMOVE.md +0 -6
package/.claude/skills/add-resend/SKILL.md +0 -93
package/.claude/skills/add-resend/VERIFY.md +0 -3
package/.claude/skills/add-signal/REMOVE.md +0 -13
package/.claude/skills/add-signal/SKILL.md +0 -318
package/.claude/skills/add-signal/VERIFY.md +0 -5
package/.claude/skills/add-slack/REMOVE.md +0 -6
package/.claude/skills/add-slack/SKILL.md +0 -112
package/.claude/skills/add-slack/VERIFY.md +0 -3
package/.claude/skills/add-teams/REMOVE.md +0 -6
package/.claude/skills/add-teams/SKILL.md +0 -207
package/.claude/skills/add-teams/VERIFY.md +0 -3
package/.claude/skills/add-vercel/SKILL.md +0 -147
package/.claude/skills/add-vercel/container-skills/vercel-cli/SKILL.md +0 -103
package/.claude/skills/add-webex/REMOVE.md +0 -6
package/.claude/skills/add-webex/SKILL.md +0 -88
package/.claude/skills/add-webex/VERIFY.md +0 -3
package/.claude/skills/add-wechat/REMOVE.md +0 -49
package/.claude/skills/add-wechat/SKILL.md +0 -170
package/.claude/skills/add-wechat/scripts/wire-dm.ts +0 -172
package/.claude/skills/add-whatsapp/SKILL.md +0 -264
package/.claude/skills/add-whatsapp-cloud/REMOVE.md +0 -6
package/.claude/skills/add-whatsapp-cloud/SKILL.md +0 -95
package/.claude/skills/add-whatsapp-cloud/VERIFY.md +0 -3
package/.claude/skills/claw/SKILL.md +0 -131
package/.claude/skills/claw/scripts/claw +0 -374
package/.claude/skills/convert-to-apple-container/SKILL.md +0 -212
package/.claude/skills/customize/SKILL.md +0 -110
package/.claude/skills/debug/SKILL.md +0 -349
package/.claude/skills/get-qodo-rules/SKILL.md +0 -122
package/.claude/skills/get-qodo-rules/references/output-format.md +0 -41
package/.claude/skills/get-qodo-rules/references/pagination.md +0 -33
package/.claude/skills/get-qodo-rules/references/repository-scope.md +0 -26
package/.claude/skills/init-first-agent/SKILL.md +0 -120
package/.claude/skills/init-onecli/SKILL.md +0 -270
package/.claude/skills/manage-channels/SKILL.md +0 -87
package/.claude/skills/manage-mounts/SKILL.md +0 -47
package/.claude/skills/migrate-from-openclaw/MIGRATE_CRONS.md +0 -100
package/.claude/skills/migrate-from-openclaw/SKILL.md +0 -447
package/.claude/skills/migrate-from-openclaw/scripts/discover-openclaw.ts +0 -734
package/.claude/skills/migrate-from-openclaw/scripts/extract-channel-credentials.ts +0 -476
package/.claude/skills/migrate-nanoclaw/SKILL.md +0 -484
package/.claude/skills/migrate-nanoclaw/diagnostics.md +0 -51
package/.claude/skills/qodo-pr-resolver/SKILL.md +0 -326
package/.claude/skills/qodo-pr-resolver/resources/providers.md +0 -329
package/.claude/skills/update-nanoclaw/SKILL.md +0 -243
package/.claude/skills/update-nanoclaw/diagnostics.md +0 -48
package/.claude/skills/update-skills/SKILL.md +0 -130
package/.claude/skills/use-native-credential-proxy/SKILL.md +0 -167
package/.claude/skills/x-integration/SKILL.md +0 -417
package/.claude/skills/x-integration/agent.ts +0 -243
package/.claude/skills/x-integration/host.ts +0 -155
package/.claude/skills/x-integration/lib/browser.ts +0 -148
package/.claude/skills/x-integration/lib/config.ts +0 -62
package/.claude/skills/x-integration/scripts/like.ts +0 -56
package/.claude/skills/x-integration/scripts/post.ts +0 -66
package/.claude/skills/x-integration/scripts/quote.ts +0 -80
package/.claude/skills/x-integration/scripts/reply.ts +0 -74
package/.claude/skills/x-integration/scripts/retweet.ts +0 -62
package/.claude/skills/x-integration/scripts/setup.ts +0 -87
package/.github/CODEOWNERS +0 -10
package/.github/PULL_REQUEST_TEMPLATE.md +0 -18
package/.github/workflows/bump-version.yml +0 -35
package/.github/workflows/ci.yml +0 -39
package/.github/workflows/label-pr.yml +0 -40
package/.github/workflows/update-tokens.yml +0 -43
package/.husky/pre-commit +0 -1
package/.mcp.json +0 -3
package/.nvmrc +0 -1
package/.prettierrc +0 -4
package/CHANGELOG.md +0 -263
package/CLAUDE.md +0 -307
package/CODE_OF_CONDUCT.md +0 -128
package/CONTRIBUTING.md +0 -159
package/CONTRIBUTORS.md +0 -26
package/LICENSE-NANOCLAW-MIT +0 -21
package/README_ja.md +0 -194
package/README_zh.md +0 -194
package/assets/nanoclaw-favicon.png +0 -0
package/assets/nanoclaw-icon.png +0 -0
package/assets/nanoclaw-logo-dark.png +0 -0
package/assets/nanoclaw-logo.png +0 -0
package/assets/nanoclaw-profile.jpeg +0 -0
package/assets/nanoclaw-sales.png +0 -0
package/assets/social-preview.jpg +0 -0
package/config-examples/mount-allowlist.json +0 -25
package/container/.dockerignore +0 -2
package/container/CLAUDE.md +0 -21
package/container/Dockerfile +0 -121
package/container/agent-runner/bun.lock +0 -243
package/container/agent-runner/package.json +0 -22
package/container/agent-runner/scripts/sdk-signal-probe.ts +0 -169
package/container/agent-runner/src/config.ts +0 -55
package/container/agent-runner/src/db/connection.ts +0 -267
package/container/agent-runner/src/db/index.ts +0 -20
package/container/agent-runner/src/db/messages-in.ts +0 -138
package/container/agent-runner/src/db/messages-out.ts +0 -143
package/container/agent-runner/src/db/session-routing.ts +0 -30
package/container/agent-runner/src/db/session-state.test.ts +0 -100
package/container/agent-runner/src/db/session-state.ts +0 -79
package/container/agent-runner/src/destinations.ts +0 -135
package/container/agent-runner/src/formatter.test.ts +0 -167
package/container/agent-runner/src/formatter.ts +0 -260
package/container/agent-runner/src/index.ts +0 -110
package/container/agent-runner/src/integration.test.ts +0 -121
package/container/agent-runner/src/mcp-tools/agents.instructions.md +0 -26
package/container/agent-runner/src/mcp-tools/agents.ts +0 -66
package/container/agent-runner/src/mcp-tools/core.instructions.md +0 -27
package/container/agent-runner/src/mcp-tools/core.ts +0 -262
package/container/agent-runner/src/mcp-tools/index.ts +0 -22
package/container/agent-runner/src/mcp-tools/interactive.instructions.md +0 -22
package/container/agent-runner/src/mcp-tools/interactive.ts +0 -169
package/container/agent-runner/src/mcp-tools/scheduling.instructions.md +0 -40
package/container/agent-runner/src/mcp-tools/scheduling.ts +0 -299
package/container/agent-runner/src/mcp-tools/self-mod.instructions.md +0 -25
package/container/agent-runner/src/mcp-tools/self-mod.ts +0 -120
package/container/agent-runner/src/mcp-tools/server.ts +0 -54
package/container/agent-runner/src/mcp-tools/types.ts +0 -6
package/container/agent-runner/src/poll-loop.test.ts +0 -248
package/container/agent-runner/src/poll-loop.ts +0 -437
package/container/agent-runner/src/providers/claude.ts +0 -379
package/container/agent-runner/src/providers/factory.test.ts +0 -19
package/container/agent-runner/src/providers/factory.ts +0 -13
package/container/agent-runner/src/providers/index.ts +0 -6
package/container/agent-runner/src/providers/mock.ts +0 -77
package/container/agent-runner/src/providers/provider-registry.ts +0 -33
package/container/agent-runner/src/providers/types.ts +0 -82
package/container/agent-runner/src/scheduling/task-script.ts +0 -121
package/container/agent-runner/src/timezone.test.ts +0 -93
package/container/agent-runner/src/timezone.ts +0 -107
package/container/agent-runner/tsconfig.json +0 -14
package/container/build.sh +0 -48
package/container/entrypoint.sh +0 -16
package/container/skills/agent-browser/SKILL.md +0 -159
package/container/skills/frontend-engineer/SKILL.md +0 -157
package/container/skills/self-customize/SKILL.md +0 -87
package/container/skills/slack-formatting/SKILL.md +0 -94
package/container/skills/vercel-cli/SKILL.md +0 -111
package/container/skills/welcome/SKILL.md +0 -85
package/docs/APPLE-CONTAINER-NETWORKING.md +0 -90
package/docs/BRANCH-FORK-MAINTENANCE.md +0 -81
package/docs/README.md +0 -25
package/docs/SDK_DEEP_DIVE.md +0 -643
package/docs/SECURITY.md +0 -162
package/docs/agent-runner-details.md +0 -749
package/docs/api-details.md +0 -365
package/docs/architecture-diagram.html +0 -422
package/docs/architecture-diagram.md +0 -215
package/docs/architecture.md +0 -751
package/docs/audit/2026-04-30-channel-endpoint-audit.md +0 -36
package/docs/build-and-runtime.md +0 -80
package/docs/cross-mount-stress/README.md +0 -112
package/docs/cross-mount-stress/container-writer-retry.mjs +0 -55
package/docs/cross-mount-stress/container-writer-slow.mjs +0 -42
package/docs/cross-mount-stress/container-writer.mjs +0 -47
package/docs/cross-mount-stress/host-writer-retry.mjs +0 -55
package/docs/cross-mount-stress/host-writer-slow.mjs +0 -43
package/docs/cross-mount-stress/host-writer.mjs +0 -47
package/docs/db-central.md +0 -316
package/docs/db-session.md +0 -183
package/docs/db.md +0 -119
package/docs/design/2026-04-29-vault-management-ui.md +0 -231
package/docs/design/2026-04-30-channel-wiring-rework.md +0 -234
package/docs/design/2026-05-01-channel-wiring-approvals-deep-dive.md +0 -272
package/docs/design/2026-05-02-channel-policy-and-approval-routing.md +0 -250
package/docs/docker-sandboxes.md +0 -359
package/docs/isolation-model.md +0 -88
package/docs/ollama.md +0 -79
package/docs/parachute-integration.md +0 -109
package/docs/post-night-rebirth-reflections.md +0 -151
package/eslint.config.js +0 -32
package/pnpm-workspace.yaml +0 -8
package/repo-tokens/README.md +0 -113
package/repo-tokens/action.yml +0 -186
package/repo-tokens/badge.svg +0 -23
package/repo-tokens/examples/green.svg +0 -14
package/repo-tokens/examples/red.svg +0 -14
package/repo-tokens/examples/yellow-green.svg +0 -14
package/repo-tokens/examples/yellow.svg +0 -14
package/scripts/chat.ts +0 -101
package/scripts/cleanup-sessions.sh +0 -150
package/scripts/init-cli-agent.ts +0 -172
package/scripts/init-first-agent.ts +0 -378
package/scripts/parachute.ts +0 -158
package/scripts/run-migrations.ts +0 -105
package/scripts/sanity-live-poll.ts +0 -95
package/scripts/seed-discord.ts +0 -80
package/scripts/test-v2-agent.ts +0 -106
package/scripts/test-v2-channel-e2e.ts +0 -265
package/scripts/test-v2-host.ts +0 -184
package/src/channels/adapter.ts +0 -214
package/src/channels/api-translator.test.ts +0 -306
package/src/channels/api-translator.ts +0 -214
package/src/channels/ask-question.ts +0 -46
package/src/channels/channel-registry.test.ts +0 -421
package/src/channels/channel-registry.ts +0 -313
package/src/channels/chat-sdk-bridge.test.ts +0 -84
package/src/channels/chat-sdk-bridge.ts +0 -652
package/src/channels/cli.ts +0 -276
package/src/channels/discord.ts +0 -90
package/src/channels/index.ts +0 -17
package/src/channels/telegram-markdown-sanitize.test.ts +0 -78
package/src/channels/telegram-markdown-sanitize.ts +0 -55
package/src/channels/telegram-pairing.test.ts +0 -254
package/src/channels/telegram-pairing.ts +0 -339
package/src/channels/telegram.ts +0 -279
package/src/channels/trust-hint.test.ts +0 -48
package/src/channels/trust-hint.ts +0 -75
package/src/claude-md-compose.migrate.test.ts +0 -64
package/src/claude-md-compose.ts +0 -205
package/src/command-gate.ts +0 -63
package/src/config.test.ts +0 -93
package/src/config.ts +0 -128
package/src/container-config.ts +0 -167
package/src/container-runner.test.ts +0 -32
package/src/container-runner.ts +0 -576
package/src/container-runtime.test.ts +0 -269
package/src/container-runtime.ts +0 -167
package/src/db/_bun-sqlite-shim.ts +0 -88
package/src/db/agent-activity.test.ts +0 -155
package/src/db/agent-activity.ts +0 -121
package/src/db/agent-groups.ts +0 -77
package/src/db/connection.migrate.test.ts +0 -176
package/src/db/connection.ts +0 -259
package/src/db/db-v2.test.ts +0 -440
package/src/db/dropped-messages.ts +0 -44
package/src/db/index.ts +0 -40
package/src/db/messaging-groups.ts +0 -252
package/src/db/migrations/001-initial.ts +0 -112
package/src/db/migrations/002-chat-sdk-state.ts +0 -36
package/src/db/migrations/008-dropped-messages.ts +0 -27
package/src/db/migrations/009-drop-pending-credentials.ts +0 -13
package/src/db/migrations/010-engage-modes.ts +0 -103
package/src/db/migrations/011-pending-sender-approvals.ts +0 -40
package/src/db/migrations/012-channel-registration.ts +0 -48
package/src/db/migrations/013-approval-render-metadata.ts +0 -27
package/src/db/migrations/014-secrets.ts +0 -44
package/src/db/migrations/015-secrets-drop-host-pattern.ts +0 -18
package/src/db/migrations/016-secret-assignments.ts +0 -30
package/src/db/migrations/017-agent-activity.ts +0 -40
package/src/db/migrations/018-oauth-app-configs.ts +0 -34
package/src/db/migrations/019-oauth-app-connections.ts +0 -48
package/src/db/migrations/020-agent-app-connections.ts +0 -28
package/src/db/migrations/021-pending-oauth-states.ts +0 -35
package/src/db/migrations/022-app-connections-provider.ts +0 -25
package/src/db/migrations/023-agent-group-secret-mode.test.ts +0 -124
package/src/db/migrations/023-agent-group-secret-mode.ts +0 -65
package/src/db/migrations/024-collapse-approvals.test.ts +0 -249
package/src/db/migrations/024-collapse-approvals.ts +0 -182
package/src/db/migrations/025-secret-mode-check.test.ts +0 -155
package/src/db/migrations/025-secret-mode-check.ts +0 -49
package/src/db/migrations/026-user-dms-bot-id.test.ts +0 -116
package/src/db/migrations/026-user-dms-bot-id.ts +0 -54
package/src/db/migrations/027-provider-credentials.ts +0 -41
package/src/db/migrations/_test-helpers.ts +0 -41
package/src/db/migrations/index.ts +0 -127
package/src/db/migrations/module-agent-to-agent-destinations.ts +0 -84
package/src/db/migrations/module-approvals-pending-approvals.ts +0 -42
package/src/db/migrations/module-approvals-title-options.ts +0 -40
package/src/db/schema.ts +0 -258
package/src/db/session-db.test.ts +0 -93
package/src/db/session-db.ts +0 -325
package/src/db/sessions.ts +0 -241
package/src/delivery.test.ts +0 -148
package/src/delivery.ts +0 -445
package/src/env.ts +0 -74
package/src/group-folder.test.ts +0 -35
package/src/group-folder.ts +0 -44
package/src/group-init.ts +0 -92
package/src/host-core.test.ts +0 -456
package/src/host-sweep.test.ts +0 -146
package/src/host-sweep.ts +0 -287
package/src/index.ts +0 -232
package/src/install-slug.ts +0 -33
package/src/log.test.ts +0 -81
package/src/log.ts +0 -117
package/src/mcp/http.ts +0 -72
package/src/mcp/server.ts +0 -92
package/src/mcp/stdio.ts +0 -51
package/src/mcp/tools/activity.ts +0 -88
package/src/mcp/tools/agent-groups.ts +0 -183
package/src/mcp/tools/approvals.ts +0 -122
package/src/mcp/tools/channels.test.ts +0 -126
package/src/mcp/tools/channels.ts +0 -134
package/src/mcp/tools/index.ts +0 -27
package/src/mcp/tools/oauth.ts +0 -48
package/src/mcp/tools/secrets.ts +0 -169
package/src/mcp/tools/sessions.ts +0 -135
package/src/mcp/types.ts +0 -51
package/src/modules/agent-to-agent/agent-route.test.ts +0 -46
package/src/modules/agent-to-agent/agent-route.ts +0 -223
package/src/modules/agent-to-agent/create-agent.ts +0 -127
package/src/modules/agent-to-agent/db/agent-destinations.ts +0 -135
package/src/modules/agent-to-agent/index.ts +0 -22
package/src/modules/agent-to-agent/write-destinations.ts +0 -59
package/src/modules/approvals/agent.md +0 -45
package/src/modules/approvals/index.ts +0 -21
package/src/modules/approvals/picks.test.ts +0 -291
package/src/modules/approvals/primitive.ts +0 -279
package/src/modules/approvals/project.md +0 -27
package/src/modules/approvals/response-handler.ts +0 -87
package/src/modules/index.ts +0 -24
package/src/modules/interactive/agent.md +0 -21
package/src/modules/interactive/index.ts +0 -69
package/src/modules/interactive/project.md +0 -12
package/src/modules/mount-security/expand-path.test.ts +0 -82
package/src/modules/mount-security/index.ts +0 -459
package/src/modules/mount-security/migrate.test.ts +0 -91
package/src/modules/permissions/access.ts +0 -28
package/src/modules/permissions/channel-approval.test.ts +0 -389
package/src/modules/permissions/channel-approval.ts +0 -188
package/src/modules/permissions/db/agent-group-members.ts +0 -44
package/src/modules/permissions/db/pending-channel-approvals.test.ts +0 -86
package/src/modules/permissions/db/pending-channel-approvals.ts +0 -66
package/src/modules/permissions/db/pending-sender-approvals.ts +0 -60
package/src/modules/permissions/db/user-dms.ts +0 -58
package/src/modules/permissions/db/user-roles.ts +0 -85
package/src/modules/permissions/db/users.ts +0 -38
package/src/modules/permissions/index.ts +0 -421
package/src/modules/permissions/permissions.test.ts +0 -358
package/src/modules/permissions/sender-approval.test.ts +0 -641
package/src/modules/permissions/sender-approval.ts +0 -165
package/src/modules/permissions/user-dm.ts +0 -200
package/src/modules/provider-credentials/db.ts +0 -121
package/src/modules/provider-credentials/index.ts +0 -12
package/src/modules/provider-credentials/spawn.test.ts +0 -206
package/src/modules/provider-credentials/spawn.ts +0 -114
package/src/modules/scheduling/actions.ts +0 -113
package/src/modules/scheduling/db.test.ts +0 -282
package/src/modules/scheduling/db.ts +0 -148
package/src/modules/scheduling/index.ts +0 -34
package/src/modules/scheduling/recurrence.test.ts +0 -98
package/src/modules/scheduling/recurrence.ts +0 -54
package/src/modules/self-mod/agent.md +0 -30
package/src/modules/self-mod/apply.ts +0 -85
package/src/modules/self-mod/index.ts +0 -30
package/src/modules/self-mod/project.md +0 -39
package/src/modules/self-mod/request.ts +0 -91
package/src/modules/typing/index.ts +0 -165
package/src/oauth/agent-app-connections.ts +0 -103
package/src/oauth/app-configs.test.ts +0 -64
package/src/oauth/app-configs.ts +0 -114
package/src/oauth/app-connections.test.ts +0 -109
package/src/oauth/app-connections.ts +0 -178
package/src/oauth/crypto.ts +0 -56
package/src/oauth/flow.ts +0 -104
package/src/oauth/providers/google.test.ts +0 -38
package/src/oauth/providers/google.ts +0 -46
package/src/oauth/providers/index.ts +0 -48
package/src/oauth/state-store.test.ts +0 -54
package/src/oauth/state-store.ts +0 -93
package/src/parachute/README.md +0 -27
package/src/parachute/create-agent.test.ts +0 -83
package/src/parachute/create-agent.ts +0 -122
package/src/parachute/group-status.test.ts +0 -165
package/src/parachute/group-status.ts +0 -136
package/src/parachute/types.ts +0 -41
package/src/parachute/vault-mcp.test.ts +0 -251
package/src/parachute/vault-mcp.ts +0 -232
package/src/platform-id.test.ts +0 -104
package/src/platform-id.ts +0 -109
package/src/providers/index.ts +0 -6
package/src/providers/provider-container-registry.ts +0 -58
package/src/response-registry.ts +0 -45
package/src/router.ts +0 -530
package/src/secrets/crypto.test.ts +0 -45
package/src/secrets/crypto.ts +0 -55
package/src/secrets/index.ts +0 -461
package/src/secrets/master-key.ts +0 -70
package/src/secrets/secrets.test.ts +0 -651
package/src/session-manager.attachments.test.ts +0 -171
package/src/session-manager.dup-skip.test.ts +0 -173
package/src/session-manager.migrate.test.ts +0 -59
package/src/session-manager.ts +0 -451
package/src/startup-bootstrap.test.ts +0 -226
package/src/startup-bootstrap.ts +0 -207
package/src/state-sqlite.ts +0 -182
package/src/timezone.test.ts +0 -64
package/src/timezone.ts +0 -37
package/src/types.ts +0 -233
package/src/web/auth.test.ts +0 -335
package/src/web/auth.ts +0 -214
package/src/web/discord-validate.test.ts +0 -77
package/src/web/discord-validate.ts +0 -88
package/src/web/hub-discovery.test.ts +0 -98
package/src/web/hub-discovery.ts +0 -69
package/src/web/routes/activity.ts +0 -106
package/src/web/routes/agent-provider.test.ts +0 -282
package/src/web/routes/agent-provider.ts +0 -309
package/src/web/routes/approvals.ts +0 -185
package/src/web/routes/apps.ts +0 -434
package/src/web/routes/channels-mg-detail.test.ts +0 -324
package/src/web/routes/channels-mga-detail.test.ts +0 -472
package/src/web/routes/channels.ts +0 -311
package/src/web/routes/oauth-providers.ts +0 -42
package/src/web/routes/secrets.test.ts +0 -220
package/src/web/routes/secrets.ts +0 -317
package/src/web/routes/sessions.ts +0 -123
package/src/web/routes/settings.test.ts +0 -106
package/src/web/routes/settings.ts +0 -247
package/src/web/routes/setup-status.ts +0 -205
package/src/web/routes/vaults.test.ts +0 -389
package/src/web/routes/vaults.ts +0 -225
package/src/web/server-version.test.ts +0 -16
package/src/web/server.ts +0 -1024
package/src/web/services-manifest.test.ts +0 -148
package/src/web/services-manifest.ts +0 -66
package/src/web/static-serve.test.ts +0 -255
package/src/web/static-serve.ts +0 -104
package/src/web/telegram-validate.test.ts +0 -116
package/src/web/telegram-validate.ts +0 -107
package/src/web/vault-proxy.test.ts +0 -214
package/src/web/vault-proxy.ts +0 -120
package/src/web/wire-channel.ts +0 -181
package/src/webhook-server.ts +0 -134
package/vitest.config.ts +0 -18
package/web/README.md +0 -63
package/web/ui/index.html +0 -13
package/web/ui/package.json +0 -35
package/web/ui/pnpm-lock.yaml +0 -2164
package/web/ui/scripts/verify-base.mjs +0 -31
package/web/ui/src/App.tsx +0 -88
package/web/ui/src/components/ActivityFeed.tsx +0 -444
package/web/ui/src/components/AgentGroupPicker.tsx +0 -263
package/web/ui/src/components/AgentProviderCards.tsx +0 -220
package/web/ui/src/components/CredentialForm.tsx +0 -214
package/web/ui/src/components/ScopeGrants.tsx +0 -74
package/web/ui/src/components/StatusDot.tsx +0 -43
package/web/ui/src/components/VaultPicker.tsx +0 -127
package/web/ui/src/components/setup/AdapterInstallStep.tsx +0 -178
package/web/ui/src/components/setup/AgentGroupStep.tsx +0 -43
package/web/ui/src/components/setup/ChannelPickStep.tsx +0 -74
package/web/ui/src/components/setup/DoneStep.tsx +0 -49
package/web/ui/src/components/setup/PrereqStep.tsx +0 -129
package/web/ui/src/components/setup/TestConnectionStep.tsx +0 -108
package/web/ui/src/components/setup/TestMessageStep.tsx +0 -104
package/web/ui/src/components/setup/WireChannelStep.tsx +0 -166
package/web/ui/src/components/setup/types.ts +0 -105
package/web/ui/src/lib/api.test.ts +0 -410
package/web/ui/src/lib/api.ts +0 -1248
package/web/ui/src/lib/auth.test.ts +0 -352
package/web/ui/src/lib/auth.ts +0 -405
package/web/ui/src/lib/channel-adapters.ts +0 -136
package/web/ui/src/main.tsx +0 -19
package/web/ui/src/routes/ApprovalsList.tsx +0 -294
package/web/ui/src/routes/Apps.tsx +0 -613
package/web/ui/src/routes/ChannelWireDetail.test.tsx +0 -233
package/web/ui/src/routes/ChannelWireDetail.tsx +0 -403
package/web/ui/src/routes/ChannelsList.tsx +0 -158
package/web/ui/src/routes/GroupDetail.test.tsx +0 -206
package/web/ui/src/routes/GroupDetail.tsx +0 -880
package/web/ui/src/routes/GroupList.tsx +0 -187
package/web/ui/src/routes/MessagingGroupDetail.test.tsx +0 -233
package/web/ui/src/routes/MessagingGroupDetail.tsx +0 -306
package/web/ui/src/routes/NewGroupWizard.tsx +0 -390
package/web/ui/src/routes/OAuthCallback.tsx +0 -56
package/web/ui/src/routes/SecretsList.tsx +0 -942
package/web/ui/src/routes/SessionsList.tsx +0 -220
package/web/ui/src/routes/SettingsAgentProvider.tsx +0 -109
package/web/ui/src/routes/SettingsApprovals.tsx +0 -234
package/web/ui/src/routes/SetupWizard.tsx +0 -219
package/web/ui/src/routes/VaultDetail.test.tsx +0 -363
package/web/ui/src/routes/VaultDetail.tsx +0 -960
package/web/ui/src/routes/VaultsList.tsx +0 -295
package/web/ui/src/routes/WireChannelPage.tsx +0 -413
package/web/ui/src/styles.css +0 -608
package/web/ui/src/test/setup.ts +0 -23
package/web/ui/src/vite-env.d.ts +0 -10
package/web/ui/vite.config.ts +0 -34
package/web/ui/vitest.config.ts +0 -25

package/src/agent-defs.test.ts ADDED Viewed

@@ -0,0 +1,1504 @@
+/**
+ * Unit tests for vault-native agent definitions (design
+ * 2026-06-17-vault-native-agents, Phase 4a).
+ *
+ * Three layers, all deterministic — `fetch` is stubbed (restored in afterEach, NO
+ * global mock.module leak) and the registry's side-effects are INJECTED so the
+ * lifecycle is exercised without a daemon, a vault, a sandbox, or tmux:
+ *   - parseAgentDef: note (body + metadata) → AgentSpec, defaults + validation;
+ *   - DefVaultClient: the def query encoding + the status PATCH;
+ *   - AgentDefRegistry: instantiate / reload (update + delete) / deregister, with a
+ *     recorder for ensureChannel / setupAndRegister / deregister / removeChannel.
+ */
+import { describe, test, expect, afterEach } from "bun:test";
+import {
+  parseAgentDef,
+  resolveDefStatus,
+  DefVaultClient,
+  AgentDefRegistry,
+  AgentDefParseError,
+  AgentDefWriteError,
+  type DefVaultBinding,
+  type InstantiateDeps,
+} from "./agent-defs.ts";
+import { GrantsClient, connectionKey, type ConnectionSpec } from "./grants.ts";
+import type { AgentSpec } from "./sandbox/types.ts";
+const realFetch = globalThis.fetch;
+afterEach(() => {
+  globalThis.fetch = realFetch;
+});
+// ---------------------------------------------------------------------------
+// parseAgentDef — note → AgentSpec
+// ---------------------------------------------------------------------------
+describe("parseAgentDef", () => {
+  test("maps body → systemPrompt, metadata → spec; defaults backend=programmatic, own-vault binding", () => {
+    const def = parseAgentDef(
+      {
+        id: "Agents/uni-dev",
+        content: "You are uni-dev, the development agent for the Parachute project.",
+        metadata: { name: "uni-dev" },
+      },
+      { vault: "default" },
+    );
+    expect(def.noteId).toBe("Agents/uni-dev");
+    expect(def.name).toBe("uni-dev");
+    const spec = def.spec;
+    expect(spec.name).toBe("uni-dev");
+    // Wake channel = the agent name (agent ≡ channel).
+    expect(spec.channels).toEqual(["uni-dev"]);
+    expect(spec.backend).toBe("programmatic");
+    // Own-vault binding (4a): the def-vault, write-scoped.
+    expect(spec.vault).toEqual({ name: "default", access: "write" });
+    // The note BODY is the system prompt.
+    expect(spec.systemPrompt).toBe(
+      "You are uni-dev, the development agent for the Parachute project.",
+    );
+    // No declared connections → resolves enabled.
+    expect(def.declaredConnections).toEqual([]);
+    expect(resolveDefStatus(def)).toEqual({ status: "enabled" });
+  });
+  test("parses the full config knobs (backend, mode, workspace, filesystem, network, egress)", () => {
+    const def = parseAgentDef(
+      {
+        id: "n1",
+        content: "role prose",
+        metadata: {
+          name: "builder",
+          backend: "programmatic",
+          systemPromptMode: "replace",
+          workspace: "/Users/me/code/proj",
+          filesystem: "full",
+          network: "restricted",
+          egress: "api.github.com, registry.npmjs.org",
+        },
+      },
+      { vault: "default" },
+    );
+    const spec = def.spec;
+    expect(spec.systemPromptMode).toBe("replace");
+    expect(spec.workspace).toBe("/Users/me/code/proj");
+    expect(spec.filesystem).toBe("full");
+    expect(spec.network).toBe("restricted");
+    expect(spec.egress).toEqual(["api.github.com", "registry.npmjs.org"]);
+  });
+  test("metadata.model → spec.model (alias or full id); absent → undefined", () => {
+    const withModel = parseAgentDef(
+      { id: "n1", content: "x", metadata: { name: "a", model: "opus" } },
+      { vault: "default" },
+    );
+    expect(withModel.spec.model).toBe("opus");
+    const fullId = parseAgentDef(
+      { id: "n1", content: "x", metadata: { name: "a", model: "claude-opus-4-8" } },
+      { vault: "default" },
+    );
+    expect(fullId.spec.model).toBe("claude-opus-4-8");
+    const noModel = parseAgentDef(
+      { id: "n1", content: "x", metadata: { name: "a" } },
+      { vault: "default" },
+    );
+    expect(noModel.spec.model).toBeUndefined();
+  });
+  test("a malformed model (spaces/control chars) is a parse error, not a silent passthrough", () => {
+    expect(() =>
+      parseAgentDef(
+        { id: "n", content: "x", metadata: { name: "a", model: "opus 4.8" } },
+        { vault: "v" },
+      ),
+    ).toThrow(/not a valid model name/);
+  });
+  test("a blank body → no systemPrompt (CC default untouched), no mode flag", () => {
+    const def = parseAgentDef(
+      { id: "n1", content: "   \n  ", metadata: { name: "a", systemPromptMode: "replace" } },
+      { vault: "default" },
+    );
+    expect("systemPrompt" in def.spec).toBe(false);
+    expect("systemPromptMode" in def.spec).toBe(false);
+  });
+  test("parses `uses` connections (NOT granted in 4a) → status pending listing them", () => {
+    const def = parseAgentDef(
+      {
+        id: "n1",
+        content: "role",
+        metadata: { name: "researcher", uses: "github, vault:research:read" },
+      },
+      { vault: "default" },
+    );
+    expect(def.declaredConnections).toEqual(["github", "vault:research:read"]);
+    expect(resolveDefStatus(def)).toEqual({
+      status: "pending",
+      pending: ["github", "vault:research:read"],
+    });
+  });
+  test("parses an array-valued `uses` field too", () => {
+    const def = parseAgentDef(
+      { id: "n1", content: "role", metadata: { name: "x", uses: ["github", "cloudflare"] } },
+      { vault: "default" },
+    );
+    expect(def.declaredConnections).toEqual(["github", "cloudflare"]);
+  });
+  test("parses the structured `wants:` field into connection specs (4b)", () => {
+    const def = parseAgentDef(
+      {
+        id: "n1",
+        content: "role",
+        metadata: {
+          name: "researcher",
+          wants: "vault:research:read#published, env:github, mcp:github, mcp:https://remote/mcp",
+        },
+      },
+      { vault: "default" },
+    );
+    expect(def.wants).toEqual([
+      { kind: "vault", target: "research", access: "read", tags: ["#published"] },
+      { kind: "service", target: "github", inject: ["env", "mcp"] }, // merged
+      { kind: "mcp", target: "https://remote/mcp" },
+    ]);
+    // No grants client wired (pure resolveDefStatus) → pending listing the conn keys.
+    expect(resolveDefStatus(def)).toEqual({
+      status: "pending",
+      pending: def.wants.map((c) => connectionKey(c)),
+    });
+  });
+  test("a def with no `wants:` → wants is [] (own-vault only → enabled)", () => {
+    const def = parseAgentDef(
+      { id: "n1", content: "role", metadata: { name: "x" } },
+      { vault: "default" },
+    );
+    expect(def.wants).toEqual([]);
+    expect(resolveDefStatus(def)).toEqual({ status: "enabled" });
+  });
+  test("a MALFORMED `wants:` makes the WHOLE def a parse error (no half-instantiate)", () => {
+    expect(() =>
+      parseAgentDef(
+        { id: "n1", content: "role", metadata: { name: "x", wants: "vault:research" } },
+        { vault: "default" },
+      ),
+    ).toThrow(AgentDefParseError);
+    expect(() =>
+      parseAgentDef(
+        { id: "n1", content: "role", metadata: { name: "x", wants: "smtp:server" } },
+        { vault: "default" },
+      ),
+    ).toThrow(/unknown kind/);
+  });
+  test("parses JSON-array mounts; ignores malformed entries", () => {
+    const def = parseAgentDef(
+      {
+        id: "n1",
+        content: "role",
+        metadata: {
+          name: "x",
+          mounts: JSON.stringify([
+            { hostPath: "/data", mountPath: "/data", mode: "ro" },
+            { hostPath: "relative", mountPath: "/x", mode: "ro" }, // dropped (not absolute)
+            { hostPath: "/y", mountPath: "/y", mode: "bogus" }, // dropped (bad mode)
+          ]),
+        },
+      },
+      { vault: "default" },
+    );
+    expect(def.spec.mounts).toEqual([{ hostPath: "/data", mountPath: "/data", mode: "ro" }]);
+  });
+  test("rejects a note with no metadata.name", () => {
+    expect(() => parseAgentDef({ id: "n1", content: "x", metadata: {} }, { vault: "default" })).toThrow(
+      AgentDefParseError,
+    );
+  });
+  test("rejects a non-slug name", () => {
+    expect(() =>
+      parseAgentDef({ id: "n1", content: "x", metadata: { name: "has spaces" } }, { vault: "default" }),
+    ).toThrow(/slug/);
+  });
+  test("rejects a bad backend / filesystem / network value", () => {
+    expect(() =>
+      parseAgentDef({ id: "n", content: "x", metadata: { name: "a", backend: "weird" } }, { vault: "v" }),
+    ).toThrow(/backend/);
+    expect(() =>
+      parseAgentDef({ id: "n", content: "x", metadata: { name: "a", filesystem: "weird" } }, { vault: "v" }),
+    ).toThrow(/filesystem/);
+    expect(() =>
+      parseAgentDef({ id: "n", content: "x", metadata: { name: "a", network: "weird" } }, { vault: "v" }),
+    ).toThrow(/network/);
+  });
+  test("rejects backend:interactive (retired — design 2026-06-18)", () => {
+    expect(() =>
+      parseAgentDef({ id: "n", content: "x", metadata: { name: "a", backend: "interactive" } }, { vault: "v" }),
+    ).toThrow(/interactive/);
+  });
+  test("accepts backend:attached (design 2026-06-18-channel-backend), threads it onto the spec", () => {
+    const def = parseAgentDef(
+      { id: "Agents/laptop", content: "You are the laptop agent.", metadata: { name: "laptop", backend: "attached" } },
+      { vault: "default" },
+    );
+    expect(def.spec.backend).toBe("attached");
+    expect(def.name).toBe("laptop");
+    // The body is still the system prompt (the session adopts it on next-message).
+    expect(def.spec.systemPrompt).toBe("You are the laptop agent.");
+    // Wake channel = the agent name (agent ≡ channel) — same collapse as programmatic.
+    expect(def.spec.channels).toEqual(["laptop"]);
+  });
+  test("DUAL-READ: a persisted def with the legacy backend value \"channel\" normalizes to \"attached\"", () => {
+    // The backend VALUE was renamed `channel` → `attached`. An already-authored def note
+    // (or spec.json) carrying the legacy `metadata.backend: "channel"` must still LOAD —
+    // normalized to the canonical `attached` on read, no operator-facing break, no
+    // migration. (The routing key `channel` — metadata.channel / the `/mcp/<channel>`
+    // segment — is a SEPARATE concept and is deliberately unchanged.)
+    const def = parseAgentDef(
+      { id: "Agents/laptop", content: "You are the laptop agent.", metadata: { name: "laptop", backend: "channel" } },
+      { vault: "default" },
+    );
+    expect(def.spec.backend).toBe("attached"); // normalized, NOT the legacy "channel".
+    expect(def.name).toBe("laptop");
+    expect(def.spec.channels).toEqual(["laptop"]); // routing key unchanged.
+  });
+  // --- execution-lifecycle mode (the Phase-3 prerequisite) ---
+  test("mode defaults to single-threaded when omitted (= today's behavior)", () => {
+    const def = parseAgentDef(
+      { id: "Agents/uni-dev", content: "role", metadata: { name: "uni-dev" } },
+      { vault: "default" },
+    );
+    expect(def.spec.mode).toBe("single-threaded");
+    // The def note id is threaded onto the spec as provenance (for the `#agent/thread` note).
+    expect(def.spec.definition).toBe("Agents/uni-dev");
+  });
+  test("accepts mode:single-threaded explicitly", () => {
+    const def = parseAgentDef(
+      { id: "n1", content: "role", metadata: { name: "a", mode: "single-threaded" } },
+      { vault: "v" },
+    );
+    expect(def.spec.mode).toBe("single-threaded");
+  });
+  test("accepts mode:multi-threaded, threads it onto the spec", () => {
+    const def = parseAgentDef(
+      { id: "Agents/digest", content: "Run the daily digest.", metadata: { name: "digest", mode: "multi-threaded" } },
+      { vault: "default" },
+    );
+    expect(def.spec.mode).toBe("multi-threaded");
+    expect(def.spec.definition).toBe("Agents/digest");
+  });
+  test("rejects an UNKNOWN mode value with AgentDefParseError", () => {
+    expect(() =>
+      parseAgentDef({ id: "n", content: "x", metadata: { name: "a", mode: "weird" } }, { vault: "v" }),
+    ).toThrow(/mode must be "single-threaded" or "multi-threaded"/);
+  });
+  test("DUAL-ACCEPTs the legacy aliases (resident→single, one-shot/per-thread→multi)", () => {
+    const resident = parseAgentDef(
+      { id: "n1", content: "x", metadata: { name: "a", mode: "resident" } },
+      { vault: "v" },
+    );
+    expect(resident.spec.mode).toBe("single-threaded");
+    const oneShot = parseAgentDef(
+      { id: "n2", content: "x", metadata: { name: "b", mode: "one-shot" } },
+      { vault: "v" },
+    );
+    expect(oneShot.spec.mode).toBe("multi-threaded");
+    const perThread = parseAgentDef(
+      { id: "n3", content: "x", metadata: { name: "c", mode: "per-thread" } },
+      { vault: "v" },
+    );
+    expect(perThread.spec.mode).toBe("multi-threaded");
+  });
+  test("rejects a relative workspace path", () => {
+    expect(() =>
+      parseAgentDef({ id: "n", content: "x", metadata: { name: "a", workspace: "rel/path" } }, { vault: "v" }),
+    ).toThrow(/absolute/);
+  });
+  test("does NOT read any secret field off the note (only references)", () => {
+    // A note that tries to smuggle a token must NOT end up on the spec.
+    const def = parseAgentDef(
+      { id: "n", content: "x", metadata: { name: "a", token: "sekret", CLAUDE_CODE_OAUTH_TOKEN: "sekret2" } },
+      { vault: "v" },
+    );
+    expect(JSON.stringify(def.spec)).not.toContain("sekret");
+  });
+});
+// ---------------------------------------------------------------------------
+// DefVaultClient — the def query + the status PATCH
+// ---------------------------------------------------------------------------
+const binding: DefVaultBinding = {
+  vault: "default",
+  vaultUrl: "http://127.0.0.1:1940",
+  token: "write-token",
+};
+describe("DefVaultClient", () => {
+  test("listDefNotes queries by the EXACT #agent/definition tag (encoded) with Bearer", async () => {
+    const urls: string[] = [];
+    let auth = "";
+    globalThis.fetch = (async (url: string | URL | Request, init?: RequestInit) => {
+      urls.push(String(url));
+      auth = (init?.headers as Record<string, string> | undefined)?.authorization ?? "";
+      return new Response(
+        JSON.stringify([
+          { id: "Agents/uni-dev", content: "role A", metadata: { name: "uni-dev" } },
+          { id: "Agents/researcher", content: "role B", metadata: { name: "researcher" } },
+          { id: "", content: "no id", metadata: { name: "skip" } }, // dropped (no id)
+        ]),
+        { status: 200, headers: { "content-type": "application/json" } },
+      );
+    }) as typeof fetch;
+    const client = new DefVaultClient(binding);
+    const notes = await client.listDefNotes();
+    expect(urls).toHaveLength(1);
+    // `#agent/definition` → `%23agent%2Fdefinition` (both `#` and `/` encoded).
+    expect(urls[0]).toContain("tag=%23agent%2Fdefinition");
+    expect(urls[0]).toContain("include_content=true");
+    expect(auth).toBe("Bearer write-token");
+    expect(notes.map((n) => n.id)).toEqual(["Agents/uni-dev", "Agents/researcher"]);
+  });
+  test("listDefNotes throws on a non-ok vault response", async () => {
+    globalThis.fetch = (async () => new Response("nope", { status: 500 })) as unknown as typeof fetch;
+    const client = new DefVaultClient(binding);
+    await expect(client.listDefNotes()).rejects.toThrow(/list defs failed \(500\)/);
+  });
+  test("patchStatus PATCHes status + clears pending when enabled", async () => {
+    const calls: { url: string; init: RequestInit }[] = [];
+    globalThis.fetch = (async (url: string | URL | Request, init?: RequestInit) => {
+      calls.push({ url: String(url), init: init ?? {} });
+      return new Response(null, { status: 200 });
+    }) as typeof fetch;
+    const client = new DefVaultClient(binding);
+    await client.patchStatus("Agents/uni-dev", "enabled");
+    expect(calls).toHaveLength(1);
+    expect(calls[0]!.init.method).toBe("PATCH");
+    expect(calls[0]!.url).toContain("/api/notes/");
+    const body = JSON.parse(String(calls[0]!.init.body));
+    expect(body.metadata.status).toBe("enabled");
+    // Always sets pending (empty here) so a prior list doesn't go stale.
+    expect(body.metadata.pending).toBe("");
+    // MUST carry the vault mutation precondition or the PATCH 428s (the real-vault
+    // bug this guards): `force: true` since status is the module's own derived field.
+    expect(body.force).toBe(true);
+  });
+  test("patchStatus writes the pending list joined when pending", async () => {
+    let captured: Record<string, string> = {};
+    globalThis.fetch = (async (_url: string | URL | Request, init?: RequestInit) => {
+      captured = JSON.parse(String(init?.body)).metadata;
+      return new Response(null, { status: 200 });
+    }) as typeof fetch;
+    const client = new DefVaultClient(binding);
+    await client.patchStatus("n", "pending", ["github", "vault:research:read"]);
+    expect(captured.status).toBe("pending");
+    expect(captured.pending).toBe("github, vault:research:read");
+  });
+  test("getNote returns null on 404", async () => {
+    globalThis.fetch = (async () => new Response("no", { status: 404 })) as unknown as typeof fetch;
+    const client = new DefVaultClient(binding);
+    expect(await client.getNote("gone")).toBeNull();
+  });
+  test("createNote POSTs body + the def tag + metadata, returns the created note", async () => {
+    let captured: { url: string; method: string; body: Record<string, unknown> } | null = null;
+    globalThis.fetch = (async (url: string | URL | Request, init?: RequestInit) => {
+      captured = { url: String(url), method: init?.method ?? "GET", body: JSON.parse(String(init?.body)) };
+      return new Response(JSON.stringify({ id: "Agents/newbot", content: "P", metadata: { name: "newbot" } }), {
+        status: 200,
+        headers: { "content-type": "application/json" },
+      });
+    }) as typeof fetch;
+    const client = new DefVaultClient(binding);
+    const created = await client.createNote({
+      content: "P",
+      metadata: { name: "newbot", backend: "programmatic" },
+      path: "Agents/newbot",
+    });
+    expect(created.id).toBe("Agents/newbot");
+    expect(captured!.method).toBe("POST");
+    expect(captured!.url).toContain("/vault/default/api/notes");
+    expect(captured!.body.tags).toEqual(["#agent/definition"]);
+    expect(captured!.body.content).toBe("P");
+    expect((captured!.body.metadata as Record<string, string>).name).toBe("newbot");
+    expect(captured!.body.path).toBe("Agents/newbot");
+  });
+  test("createNote throws on a non-ok vault response", async () => {
+    globalThis.fetch = (async () => new Response("nope", { status: 500 })) as unknown as typeof fetch;
+    const client = new DefVaultClient(binding);
+    await expect(
+      client.createNote({ content: "x", metadata: { name: "x" } }),
+    ).rejects.toThrow(/create def failed \(500\)/);
+  });
+  test("patchNote sends content/metadata with force:true (the 428 guard)", async () => {
+    let body: Record<string, unknown> = {};
+    let method = "";
+    globalThis.fetch = (async (_url: string | URL | Request, init?: RequestInit) => {
+      method = init?.method ?? "GET";
+      body = JSON.parse(String(init?.body));
+      return new Response(null, { status: 200 });
+    }) as typeof fetch;
+    const client = new DefVaultClient(binding);
+    await client.patchNote("Agents/newbot", { content: "new", metadata: { wants: "vault:r:read" } });
+    expect(method).toBe("PATCH");
+    expect(body.content).toBe("new");
+    expect((body.metadata as Record<string, string>).wants).toBe("vault:r:read");
+    expect(body.force).toBe(true); // satisfies the vault's mutation precondition.
+  });
+  test("deleteNote DELETEs the note; a 404 is OK (gone is gone)", async () => {
+    let method = "";
+    globalThis.fetch = (async (_url: string | URL | Request, init?: RequestInit) => {
+      method = init?.method ?? "GET";
+      return new Response("no", { status: 404 });
+    }) as typeof fetch;
+    const client = new DefVaultClient(binding);
+    await client.deleteNote("Agents/gone"); // must NOT throw on 404.
+    expect(method).toBe("DELETE");
+  });
+  test("deleteNote throws on a non-404 error", async () => {
+    globalThis.fetch = (async () => new Response("boom", { status: 500 })) as unknown as typeof fetch;
+    const client = new DefVaultClient(binding);
+    await expect(client.deleteNote("n")).rejects.toThrow(/delete def n failed \(500\)/);
+  });
+});
+// ---------------------------------------------------------------------------
+// AgentDefRegistry — reactive lifecycle (instantiate / reload / deregister)
+// ---------------------------------------------------------------------------
+/** A recorder for the injected instantiate side-effects. */
+function recorderDeps() {
+  const calls = {
+    ensured: [] as string[],
+    registered: [] as AgentSpec[],
+    deregistered: [] as string[],
+    removed: [] as string[],
+  };
+  const deps: InstantiateDeps = {
+    ensureChannel: async (name) => {
+      calls.ensured.push(name);
+    },
+    setupAndRegister: async (spec) => {
+      calls.registered.push(spec);
+    },
+    deregister: async (name) => {
+      calls.deregistered.push(name);
+      return true;
+    },
+    removeChannel: async (name) => {
+      calls.removed.push(name);
+      return true;
+    },
+  };
+  return { deps, calls };
+}
+/** A fetch that serves a def list + records PATCHes, keyed by query. */
+function vaultFetch(opts: {
+  defs?: Array<{ id: string; content?: string; metadata?: Record<string, unknown> }>;
+  byId?: Record<string, { id: string; content?: string; metadata?: Record<string, unknown> } | null>;
+  patches?: Array<{ id: string; status?: string; pending?: string }>;
+}): typeof fetch {
+  return (async (url: string | URL | Request, init?: RequestInit) => {
+    const u = String(url);
+    const method = init?.method ?? "GET";
+    if (method === "PATCH") {
+      const id = decodeURIComponent(u.split("/api/notes/")[1]!);
+      const meta = JSON.parse(String(init?.body)).metadata as Record<string, string>;
+      opts.patches?.push({ id, status: meta.status, pending: meta.pending });
+      return new Response(null, { status: 200 });
+    }
+    if (u.includes("/api/notes?") && u.includes("tag=%23agent%2Fdefinition")) {
+      return new Response(JSON.stringify(opts.defs ?? []), {
+        status: 200,
+        headers: { "content-type": "application/json" },
+      });
+    }
+    // GET one note by id (reload path).
+    const m = u.match(/\/api\/notes\/([^?]+)/);
+    if (m) {
+      const id = decodeURIComponent(m[1]!);
+      const note = opts.byId?.[id] ?? null;
+      if (!note) return new Response("no", { status: 404 });
+      return new Response(JSON.stringify(note), { status: 200 });
+    }
+    return new Response("[]", { status: 200 });
+  }) as typeof fetch;
+}
+describe("AgentDefRegistry — lifecycle", () => {
+  test("loadAll instantiates each def: ensureChannel + setupAndRegister + status stamp", async () => {
+    const { deps, calls } = recorderDeps();
+    const patches: Array<{ id: string; status?: string; pending?: string }> = [];
+    const fetchFn = vaultFetch({
+      defs: [
+        { id: "Agents/uni-dev", content: "role A", metadata: { name: "uni-dev" } },
+        { id: "Agents/researcher", content: "role B", metadata: { name: "researcher", uses: "github" } },
+      ],
+      patches,
+    });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn });
+    const n = await reg.loadAll();
+    expect(n).toBe(2);
+    expect(calls.ensured).toEqual(["uni-dev", "researcher"]);
+    expect(calls.registered.map((s) => s.name)).toEqual(["uni-dev", "researcher"]);
+    // Both agents bind their own vault, write-scoped (own-vault, 4a).
+    expect(calls.registered[0]!.vault).toEqual({ name: "default", access: "write" });
+    expect(calls.registered[0]!.backend).toBe("programmatic");
+    // Status stamped: uni-dev enabled (no connections), researcher pending (declares github).
+    const uni = patches.find((p) => p.id === "Agents/uni-dev")!;
+    const res = patches.find((p) => p.id === "Agents/researcher")!;
+    expect(uni.status).toBe("enabled");
+    expect(uni.pending).toBe("");
+    expect(res.status).toBe("pending");
+    expect(res.pending).toBe("github");
+    // The live set reflects both.
+    expect(reg.list().map((d) => d.name).sort()).toEqual(["researcher", "uni-dev"]);
+  });
+  test("a malformed def is skipped (status error) and does NOT abort the others", async () => {
+    const { deps, calls } = recorderDeps();
+    const patches: Array<{ id: string; status?: string; pending?: string }> = [];
+    const fetchFn = vaultFetch({
+      defs: [
+        { id: "bad", content: "x", metadata: {} }, // no name → parse error
+        { id: "Agents/ok", content: "role", metadata: { name: "ok" } },
+      ],
+      patches,
+    });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn });
+    const n = await reg.loadAll();
+    expect(n).toBe(1); // only the good one
+    expect(calls.registered.map((s) => s.name)).toEqual(["ok"]);
+    expect(patches.find((p) => p.id === "bad")!.status).toBe("error");
+  });
+  test("an instantiate failure stamps error and does not record a live def", async () => {
+    const { deps } = recorderDeps();
+    // Make registration fail (e.g. missing Claude credential at setup).
+    deps.setupAndRegister = async () => {
+      throw new Error("CredentialNotConfigured: set the Claude credential");
+    };
+    const patches: Array<{ id: string; status?: string }> = [];
+    const fetchFn = vaultFetch({
+      defs: [{ id: "Agents/x", content: "role", metadata: { name: "x" } }],
+      patches,
+    });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn });
+    const n = await reg.loadAll();
+    expect(n).toBe(0);
+    expect(reg.list()).toHaveLength(0);
+    expect(patches.find((p) => p.id === "Agents/x")!.status).toBe("error");
+  });
+  test("reload(updated) re-instantiates the changed def (idempotent replace)", async () => {
+    const { deps, calls } = recorderDeps();
+    const fetchFn = vaultFetch({
+      byId: { "Agents/uni-dev": { id: "Agents/uni-dev", content: "NEW role", metadata: { name: "uni-dev" } } },
+    });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn });
+    const result = await reg.reload("default", "Agents/uni-dev", "updated");
+    expect(result).toBe("instantiated");
+    expect(calls.registered).toHaveLength(1);
+    expect(calls.registered[0]!.systemPrompt).toBe("NEW role");
+    expect(reg.list().map((d) => d.name)).toEqual(["uni-dev"]);
+  });
+  test("reload(deleted) deregisters + removes the channel without a fetch", async () => {
+    const { deps, calls } = recorderDeps();
+    // Seed a live def first via loadAll, then delete it.
+    const fetchFn = vaultFetch({
+      defs: [{ id: "Agents/uni-dev", content: "role", metadata: { name: "uni-dev" } }],
+    });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn });
+    await reg.loadAll();
+    expect(reg.list()).toHaveLength(1);
+    const result = await reg.reload("default", "Agents/uni-dev", "deleted");
+    expect(result).toBe("deregistered");
+    expect(calls.deregistered).toEqual(["uni-dev"]);
+    expect(calls.removed).toEqual(["uni-dev"]);
+    expect(reg.list()).toHaveLength(0);
+  });
+  test("reload of a note that re-reads as gone (no event) deregisters", async () => {
+    const { deps, calls } = recorderDeps();
+    const fetchFn = vaultFetch({
+      defs: [{ id: "Agents/uni-dev", content: "role", metadata: { name: "uni-dev" } }],
+      byId: { "Agents/uni-dev": null }, // a later GET says it's gone
+    });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn });
+    await reg.loadAll();
+    const result = await reg.reload("default", "Agents/uni-dev"); // no event → fetch → 404
+    expect(result).toBe("deregistered");
+    expect(calls.deregistered).toEqual(["uni-dev"]);
+  });
+  test("loadAll TEARS DOWN a removed def — deregister + removeChannel (the no-delete-trigger path)", async () => {
+    // There is no vault `deleted` trigger (the hub maps only created/updated), so a def
+    // deleted out-of-band never fires the reactive teardown — the poll is the ONLY
+    // convergence path and must deregister, not just prune grants. Regression for the
+    // orphan-agent bug (a deleted agent kept answering until the daemon restarted).
+    const { deps, calls } = recorderDeps();
+    const present: Array<{ id: string; content?: string; metadata?: Record<string, unknown> }> = [
+      { id: "Agents/uni", content: "role", metadata: { name: "uni" } },
+      { id: "Agents/researcher", content: "role", metadata: { name: "researcher" } },
+    ];
+    const fetchFn = (async (url: string | URL | Request, init?: RequestInit) => {
+      const u = String(url);
+      const method = init?.method ?? "GET";
+      if (method === "PATCH") return new Response(null, { status: 200 });
+      if (u.includes("/api/notes?") && u.includes("tag=%23agent%2Fdefinition")) {
+        return new Response(JSON.stringify(present), { status: 200, headers: { "content-type": "application/json" } });
+      }
+      return new Response("[]", { status: 200 });
+    }) as typeof fetch;
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn });
+    await reg.loadAll(); // both live
+    expect(calls.deregistered).toEqual([]); // nothing torn down on a clean load
+    present.splice(1, 1); // delete researcher out-of-band (no delete trigger fires)
+    await reg.loadAll(); // confident read now sees only uni → researcher is a confirmed removal
+    expect(calls.deregistered).toEqual(["researcher"]);
+    expect(calls.removed).toEqual(["researcher"]);
+    expect(reg.list().map((d) => d.name)).toEqual(["uni"]); // gone from the live set
+  });
+  test("loadAll SKIPS removed-def teardown on a truncated (page-cap) read — no spurious deregister", async () => {
+    // A list at the page cap may be partial. Since the removed-def diff now does a
+    // DESTRUCTIVE teardown, a truncated read that omits the tail must NOT be mistaken for
+    // deletions — the guard defers the diff rather than tearing down live agents.
+    const { deps, calls } = recorderDeps();
+    const initial: Array<{ id: string; content?: string; metadata?: Record<string, unknown> }> = [
+      { id: "Agents/uni", content: "role", metadata: { name: "uni" } },
+      { id: "Agents/researcher", content: "role", metadata: { name: "researcher" } },
+    ];
+    // A full page (>= the 500 cap) that omits both originals — a truncated page, NOT a
+    // signal that both were deleted.
+    const truncated = Array.from({ length: 500 }, (_, i) => ({
+      id: `Agents/filler-${i}`,
+      content: "role",
+      metadata: { name: `filler-${i}` },
+    }));
+    let current = initial;
+    const fetchFn = (async (url: string | URL | Request, init?: RequestInit) => {
+      const u = String(url);
+      const method = init?.method ?? "GET";
+      if (method === "PATCH") return new Response(null, { status: 200 });
+      if (u.includes("/api/notes?") && u.includes("tag=%23agent%2Fdefinition")) {
+        return new Response(JSON.stringify(current), { status: 200, headers: { "content-type": "application/json" } });
+      }
+      return new Response("[]", { status: 200 });
+    }) as typeof fetch;
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn });
+    await reg.loadAll(); // confident: uni + researcher live
+    expect(calls.deregistered).toEqual([]);
+    current = truncated; // the next poll returns a truncated page
+    await reg.loadAll();
+    // Guard tripped → NO teardown despite the originals being absent from the page.
+    expect(calls.deregistered).toEqual([]);
+    expect(calls.removed).toEqual([]);
+    // The guard DEFERS the decision, it doesn't LOSE it: the truncated pass left the
+    // seen-set intact (it skipped rebuildSeenDefs), so a later CONFIDENT pass that
+    // genuinely drops researcher still catches it as a removal and tears it down.
+    current = [{ id: "Agents/uni", content: "role", metadata: { name: "uni" } }];
+    calls.deregistered.length = 0;
+    calls.removed.length = 0;
+    await reg.loadAll();
+    expect(calls.deregistered).toContain("researcher");
+    expect(calls.removed).toContain("researcher");
+  });
+  test("reload for an unknown def-vault is a safe skip", async () => {
+    const { deps } = recorderDeps();
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn: vaultFetch({}) });
+    expect(await reg.reload("ghost-vault", "n")).toBe("skipped");
+  });
+  test("a def-vault list failure does not sink the others (best-effort per vault)", async () => {
+    const { deps, calls } = recorderDeps();
+    const b2: DefVaultBinding = { vault: "research", vaultUrl: "http://127.0.0.1:1940", token: "t2" };
+    // vault `default` 500s its list; `research` serves one def.
+    const fetchFn = (async (url: string | URL | Request) => {
+      const u = String(url);
+      if (u.includes("/vault/default/")) return new Response("boom", { status: 500 });
+      if (u.includes("/vault/research/") && u.includes("tag=%23agent%2Fdefinition")) {
+        return new Response(JSON.stringify([{ id: "r1", content: "role", metadata: { name: "r" } }]), {
+          status: 200,
+        });
+      }
+      return new Response(null, { status: 200 }); // PATCHes etc.
+    }) as typeof fetch;
+    const reg = new AgentDefRegistry(deps, { bindings: [binding, b2], fetchFn });
+    const n = await reg.loadAll();
+    expect(n).toBe(1);
+    expect(calls.registered.map((s) => s.name)).toEqual(["r"]);
+  });
+  test("findLiveByNote returns the single match (vault + detail)", async () => {
+    const { deps } = recorderDeps();
+    const fetchFn = vaultFetch({
+      defs: [{ id: "Agents/uni-dev", content: "role", metadata: { name: "uni-dev" } }],
+    });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn });
+    await reg.loadAll();
+    const found = reg.findLiveByNote("Agents/uni-dev");
+    expect(found).not.toBeNull();
+    expect(found!.vault).toBe("default");
+    expect(found!.detail.name).toBe("uni-dev");
+    expect(reg.findLiveByNote("Agents/ghost")).toBeNull();
+  });
+  test("findLiveByNote throws 409 when the SAME noteId is live in two def-vaults (#106 ambiguity)", async () => {
+    const { deps } = recorderDeps();
+    const b2: DefVaultBinding = { vault: "research", vaultUrl: "http://127.0.0.1:1940", token: "t2" };
+    // The vaultFetch helper serves the same def list for ANY vault → both `default` and
+    // `research` vend a def at the SAME note path, so two live entries share the noteId.
+    const fetchFn = vaultFetch({
+      defs: [{ id: "Agents/shared", content: "role", metadata: { name: "shared" } }],
+    });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding, b2], fetchFn });
+    await reg.loadAll();
+    // The note id is live in BOTH vaults — picking one is non-deterministic, so it throws
+    // a 409-class AgentDefWriteError rather than silently mutating an arbitrary one.
+    let caught: unknown;
+    try {
+      reg.findLiveByNote("Agents/shared");
+    } catch (err) {
+      caught = err;
+    }
+    expect(caught).toBeInstanceOf(AgentDefWriteError);
+    expect((caught as AgentDefWriteError).status).toBe(409);
+    expect((caught as AgentDefWriteError).message).toContain("ambiguous");
+    // The PATCH/DELETE write paths surface the same 409 (they resolve via findLiveByNote).
+    await expect(reg.editDef("Agents/shared", { systemPrompt: "x" })).rejects.toMatchObject({ status: 409 });
+    await expect(reg.deleteDef("Agents/shared")).rejects.toMatchObject({ status: 409 });
+  });
+  test("listDetailed carries the def mode (default single-threaded; multi-threaded when declared)", async () => {
+    const { deps } = recorderDeps();
+    const fetchFn = vaultFetch({
+      defs: [
+        { id: "Agents/uni-dev", content: "role", metadata: { name: "uni-dev" } }, // no mode → default
+        { id: "Agents/digest", content: "role", metadata: { name: "digest", mode: "multi-threaded" } },
+      ],
+    });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn });
+    await reg.loadAll();
+    const byName = new Map(reg.listDetailed().map((d) => [d.name, d]));
+    expect(byName.get("uni-dev")!.mode).toBe("single-threaded");
+    expect(byName.get("digest")!.mode).toBe("multi-threaded");
+  });
+  test("getFullDef returns the FULL system prompt + mode/backend/wants (not the preview)", async () => {
+    const { deps } = recorderDeps();
+    const longPrompt = "P".repeat(500); // longer than the 200-char preview cap.
+    const fetchFn = vaultFetch({
+      defs: [
+        {
+          id: "Agents/uni-dev",
+          content: longPrompt,
+          metadata: { name: "uni-dev", backend: "attached", mode: "multi-threaded", wants: "vault:research:read" },
+        },
+      ],
+      byId: {
+        "Agents/uni-dev": {
+          id: "Agents/uni-dev",
+          content: longPrompt,
+          metadata: { name: "uni-dev", backend: "attached", mode: "multi-threaded", wants: "vault:research:read" },
+        },
+      },
+    });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn });
+    await reg.loadAll();
+    const full = await reg.getFullDef("Agents/uni-dev");
+    expect(full).not.toBeNull();
+    expect(full!.noteId).toBe("Agents/uni-dev");
+    expect(full!.name).toBe("uni-dev");
+    expect(full!.backend).toBe("attached");
+    expect(full!.mode).toBe("multi-threaded");
+    expect(full!.vault).toBe("default");
+    expect(full!.wants).toEqual(["vault:research:read"]);
+    // The FULL body, NOT the truncated preview.
+    expect(full!.systemPrompt).toBe(longPrompt);
+    expect(full!.systemPrompt.length).toBe(500);
+  });
+  test("getFullDef returns null for a note that isn't a live def", async () => {
+    const { deps } = recorderDeps();
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn: vaultFetch({}) });
+    expect(await reg.getFullDef("Agents/ghost")).toBeNull();
+  });
+  test("listDetailed/getFullDef surface per-connection {key,status,grantId} from the hub grants", async () => {
+    const { deps } = recorderDeps();
+    // The hub grants client's fetch: PUT /admin/grants echoes a grant record with the
+    // hub-assigned id + current status (the id we surface — never derived client-side);
+    // POST .../reconcile is the grant-GC (no-op here). One mcp connection, one vault.
+    const grantFetch = (async (url: string | URL | Request, init?: RequestInit) => {
+      const u = String(url);
+      const method = init?.method ?? "GET";
+      if (method === "PUT" && u.endsWith("/admin/grants")) {
+        const { connection } = JSON.parse(String(init?.body)) as { connection: ConnectionSpec };
+        const key = connectionKey(connection);
+        // The mcp connection is awaiting consent; the vault one is approved.
+        const status = connection.kind === "mcp" ? "needs_consent" : "approved";
+        return new Response(
+          JSON.stringify({ id: `grant_${key}`, agent: "uni-dev", connection, status }),
+          { status: 200, headers: { "content-type": "application/json" } },
+        );
+      }
+      if (method === "POST" && u.endsWith("/admin/grants/reconcile")) {
+        return new Response(JSON.stringify({ pruned: 0 }), { status: 200 });
+      }
+      return new Response("{}", { status: 200 });
+    }) as typeof fetch;
+    const grants = new GrantsClient({
+      hubOrigin: "http://127.0.0.1:1939",
+      managerBearer: "host-admin",
+      fetchFn: grantFetch,
+    });
+    const note = {
+      id: "Agents/uni-dev",
+      content: "role",
+      metadata: { name: "uni-dev", wants: "mcp:https://remote/mcp, vault:research:read" },
+    };
+    const fetchFn = vaultFetch({ defs: [note], byId: { "Agents/uni-dev": note } });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn, grants });
+    await reg.loadAll();
+    const detail = reg.listDetailed().find((d) => d.name === "uni-dev")!;
+    const byKey = new Map(detail.connections.map((c) => [c.key, c]));
+    const mcp = byKey.get("mcp:https://remote/mcp")!;
+    expect(mcp).toMatchObject({
+      kind: "mcp",
+      target: "https://remote/mcp",
+      status: "needs_consent",
+      grantId: "grant_mcp:https://remote/mcp",
+    });
+    const vault = byKey.get("vault:research:read")!;
+    expect(vault).toMatchObject({ kind: "vault", status: "approved", grantId: "grant_vault:research:read" });
+    // The FULL def carries the same connections (so the edit view needs no second fetch).
+    const full = await reg.getFullDef("Agents/uni-dev");
+    expect(full!.connections.map((c) => c.key).sort()).toEqual(
+      ["mcp:https://remote/mcp", "vault:research:read"],
+    );
+  });
+  test("without a grants client, connections are surfaced display-only (status pending, no grant id)", async () => {
+    const { deps } = recorderDeps();
+    const note = {
+      id: "Agents/uni-dev",
+      content: "role",
+      metadata: { name: "uni-dev", wants: "mcp:https://remote/mcp" },
+    };
+    const fetchFn = vaultFetch({ defs: [note], byId: { "Agents/uni-dev": note } });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn }); // no grants
+    await reg.loadAll();
+    const detail = reg.listDetailed().find((d) => d.name === "uni-dev")!;
+    expect(detail.connections).toEqual([
+      { key: "mcp:https://remote/mcp", kind: "mcp", target: "https://remote/mcp", status: "pending" },
+    ]);
+    // No grant id → the panel can't offer Connect (shows the degraded hint instead).
+    expect(detail.connections[0]!.grantId).toBeUndefined();
+  });
+  test("soleVaultName resolves the single binding (the reload-webhook default)", () => {
+    const { deps } = recorderDeps();
+    const reg = new AgentDefRegistry(deps, { bindings: [binding] });
+    expect(reg.soleVaultName()).toBe("default");
+    expect(reg.vaultCount).toBe(1);
+    reg.addVault({ vault: "research", token: "t" });
+    expect(reg.soleVaultName()).toBeUndefined();
+    expect(reg.vaultCount).toBe(2);
+  });
+});
+// ---------------------------------------------------------------------------
+// AgentDefRegistry — 4b grant registration + status (design 2026-06-17-agent-connectors-4b)
+// ---------------------------------------------------------------------------
+/** A fake GrantsClient that records PUTs + reconcile POSTs and returns a configurable
+ *  per-connection status. The hub isn't deployed in the test env — this mocks its
+ *  grants API (register PUT + reconcile POST, #96 grant-GC). */
+function fakeGrantsClient(opts: {
+  /** connectionKey → the status the hub returns on register. Default "pending". */
+  statusByKey?: Record<string, string>;
+  /** Record each registered (agent, connection). */
+  registered?: Array<{ agent: string; connection: ConnectionSpec }>;
+  /** Record each reconcile (agent, liveConnections) — the #96 grant-GC call. */
+  reconciled?: Array<{ agent: string; liveConnections: ConnectionSpec[] }>;
+  /** How many grants the hub reports pruned per reconcile (default 0). */
+  prunedPerReconcile?: number;
+  /** Make reconcile POSTs 500 (to assert the failure is swallowed). */
+  reconcileFails?: boolean;
+}): GrantsClient {
+  const fetchFn = (async (url: string | URL | Request, init?: RequestInit) => {
+    const u = String(url);
+    if (u.endsWith("/admin/grants/reconcile") && (init?.method ?? "GET") === "POST") {
+      const body = JSON.parse(String(init?.body)) as { agent: string; liveConnections: ConnectionSpec[] };
+      opts.reconciled?.push({ agent: body.agent, liveConnections: body.liveConnections });
+      if (opts.reconcileFails) return new Response("boom", { status: 500 });
+      return new Response(JSON.stringify({ pruned: opts.prunedPerReconcile ?? 0, prunedIds: [] }), {
+        status: 200,
+        headers: { "content-type": "application/json" },
+      });
+    }
+    if (u.endsWith("/admin/grants") && (init?.method ?? "GET") === "PUT") {
+      const body = JSON.parse(String(init?.body)) as { agent: string; connection: ConnectionSpec };
+      opts.registered?.push({ agent: body.agent, connection: body.connection });
+      const key = connectionKey(body.connection);
+      const status = opts.statusByKey?.[key] ?? "pending";
+      return new Response(
+        JSON.stringify({ id: `g-${key}`, agent: body.agent, connection: body.connection, status }),
+        { status: 200, headers: { "content-type": "application/json" } },
+      );
+    }
+    return new Response("{}", { status: 200 });
+  }) as typeof fetch;
+  return new GrantsClient({ hubOrigin: "https://hub.example.com", managerBearer: "MGR", fetchFn });
+}
+describe("AgentDefRegistry — grant registration + status (4b)", () => {
+  test("registers each `wants:` connection as a pending grant on instantiate", async () => {
+    const { deps } = recorderDeps();
+    const registered: Array<{ agent: string; connection: ConnectionSpec }> = [];
+    const grants = fakeGrantsClient({ registered }); // all default "pending"
+    const patches: Array<{ id: string; status?: string; pending?: string }> = [];
+    const fetchFn = vaultFetch({
+      defs: [
+        {
+          id: "Agents/researcher",
+          content: "role",
+          metadata: { name: "researcher", wants: "vault:research:read, env:github" },
+        },
+      ],
+      patches,
+    });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn, grants });
+    await reg.loadAll();
+    // Both connections were registered for the agent.
+    expect(registered.map((r) => r.connection.target).sort()).toEqual(["github", "research"]);
+    expect(registered.every((r) => r.agent === "researcher")).toBe(true);
+    // None approved → status pending listing the connection keys.
+    const p = patches.find((x) => x.id === "Agents/researcher")!;
+    expect(p.status).toBe("pending");
+    expect(p.pending).toContain("vault:research:read");
+    expect(p.pending).toContain("env:github");
+  });
+  test("status = enabled only once EVERY connection is approved", async () => {
+    const { deps } = recorderDeps();
+    const vaultConn: ConnectionSpec = { kind: "vault", target: "research", access: "read" };
+    const svcConn: ConnectionSpec = { kind: "service", target: "github", inject: ["env"] };
+    const grants = fakeGrantsClient({
+      statusByKey: {
+        [connectionKey(vaultConn)]: "approved",
+        [connectionKey(svcConn)]: "approved",
+      },
+    });
+    const patches: Array<{ id: string; status?: string; pending?: string }> = [];
+    const fetchFn = vaultFetch({
+      defs: [
+        { id: "Agents/r", content: "role", metadata: { name: "r", wants: "vault:research:read, env:github" } },
+      ],
+      patches,
+    });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn, grants });
+    await reg.loadAll();
+    const p = patches.find((x) => x.id === "Agents/r")!;
+    expect(p.status).toBe("enabled");
+    expect(p.pending).toBe("");
+    expect(reg.list().find((d) => d.name === "r")!.status).toBe("enabled");
+  });
+  test("partial approval → pending listing only the UNAPPROVED connection keys", async () => {
+    const { deps } = recorderDeps();
+    const vaultConn: ConnectionSpec = { kind: "vault", target: "research", access: "read" };
+    const grants = fakeGrantsClient({
+      statusByKey: { [connectionKey(vaultConn)]: "approved" }, // github stays pending
+    });
+    const patches: Array<{ id: string; status?: string; pending?: string }> = [];
+    const fetchFn = vaultFetch({
+      defs: [
+        { id: "Agents/r", content: "role", metadata: { name: "r", wants: "vault:research:read, env:github" } },
+      ],
+      patches,
+    });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn, grants });
+    await reg.loadAll();
+    const p = patches.find((x) => x.id === "Agents/r")!;
+    expect(p.status).toBe("pending");
+    expect(p.pending).toBe("env:github"); // only the unapproved one
+    // The agent STILL instantiated (own-vault runs regardless of grant approval).
+    expect(reg.list().find((d) => d.name === "r")).toBeDefined();
+  });
+  test("an mcp-kind want registers + stays pending (parsed, not granted in 4b-1)", async () => {
+    const { deps } = recorderDeps();
+    const registered: Array<{ agent: string; connection: ConnectionSpec }> = [];
+    const grants = fakeGrantsClient({ registered }); // mcp stays "pending"
+    const patches: Array<{ id: string; status?: string; pending?: string }> = [];
+    const fetchFn = vaultFetch({
+      defs: [
+        { id: "Agents/r", content: "role", metadata: { name: "r", wants: "mcp:https://remote/mcp" } },
+      ],
+      patches,
+    });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn, grants });
+    await reg.loadAll();
+    expect(registered).toHaveLength(1);
+    expect(registered[0]!.connection).toEqual({ kind: "mcp", target: "https://remote/mcp" });
+    const p = patches.find((x) => x.id === "Agents/r")!;
+    expect(p.status).toBe("pending");
+    expect(p.pending).toBe("mcp:https://remote/mcp");
+  });
+  test("a malformed `wants:` stamps status error (does not register or instantiate)", async () => {
+    const { deps, calls } = recorderDeps();
+    const registered: Array<{ agent: string; connection: ConnectionSpec }> = [];
+    const grants = fakeGrantsClient({ registered });
+    const patches: Array<{ id: string; status?: string }> = [];
+    const fetchFn = vaultFetch({
+      defs: [{ id: "Agents/bad", content: "role", metadata: { name: "bad", wants: "vault:research" } }],
+      patches,
+    });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn, grants });
+    const n = await reg.loadAll();
+    expect(n).toBe(0);
+    expect(calls.registered).toHaveLength(0); // never instantiated
+    expect(registered).toHaveLength(0); // never registered a grant
+    expect(patches.find((p) => p.id === "Agents/bad")!.status).toBe("error");
+  });
+  test("a grant-registration FAILURE is non-fatal → connection counts as pending", async () => {
+    const { deps, calls } = recorderDeps();
+    // A grants client whose PUT 500s.
+    const fetchFn500 = (async (url: string | URL | Request, init?: RequestInit) => {
+      if (String(url).endsWith("/admin/grants") && init?.method === "PUT") {
+        return new Response("boom", { status: 500 });
+      }
+      return new Response("{}", { status: 200 });
+    }) as typeof fetch;
+    const grants = new GrantsClient({ hubOrigin: "https://hub.example.com", managerBearer: "MGR", fetchFn: fetchFn500 });
+    const patches: Array<{ id: string; status?: string; pending?: string }> = [];
+    const fetchFn = vaultFetch({
+      defs: [{ id: "Agents/r", content: "role", metadata: { name: "r", wants: "vault:research:read" } }],
+      patches,
+    });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn, grants });
+    const count = await reg.loadAll();
+    // The agent STILL instantiated (own-vault) — a hub blip never blocks it.
+    expect(count).toBe(1);
+    expect(calls.registered.map((s) => s.name)).toEqual(["r"]);
+    const p = patches.find((x) => x.id === "Agents/r")!;
+    expect(p.status).toBe("pending");
+    expect(p.pending).toBe("vault:research:read");
+  });
+  test("setGrantsClient(null) → falls back to the pure status (no registration)", async () => {
+    const { deps } = recorderDeps();
+    const patches: Array<{ id: string; status?: string; pending?: string }> = [];
+    const fetchFn = vaultFetch({
+      defs: [{ id: "Agents/r", content: "role", metadata: { name: "r", wants: "vault:research:read" } }],
+      patches,
+    });
+    // No grants client at all → resolveDefStatus fallback (pending listing conn keys).
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn });
+    reg.setGrantsClient(null);
+    await reg.loadAll();
+    const p = patches.find((x) => x.id === "Agents/r")!;
+    expect(p.status).toBe("pending");
+    expect(p.pending).toBe("vault:research:read");
+  });
+});
+// ---------------------------------------------------------------------------
+// AgentDefRegistry — grant garbage-collection / reconcile (#96)
+// ---------------------------------------------------------------------------
+describe("AgentDefRegistry — grant-GC reconcile (#96)", () => {
+  test("a successful load reconciles with the def's CURRENT live connection specs", async () => {
+    const { deps } = recorderDeps();
+    const reconciled: Array<{ agent: string; liveConnections: ConnectionSpec[] }> = [];
+    const grants = fakeGrantsClient({ reconciled });
+    const fetchFn = vaultFetch({
+      defs: [
+        {
+          id: "Agents/researcher",
+          content: "role",
+          metadata: { name: "researcher", wants: "vault:research:read, env:github, mcp:github" },
+        },
+      ],
+    });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn, grants });
+    await reg.loadAll();
+    expect(reconciled).toHaveLength(1);
+    expect(reconciled[0]!.agent).toBe("researcher");
+    // The SPECS sent MUST equal the parsed wants (env:github + mcp:github MERGE to one
+    // service connection with inject ["env","mcp"]). The hub re-derives the keys.
+    const wants: ConnectionSpec[] = [
+      { kind: "vault", target: "research", access: "read" },
+      { kind: "service", target: "github", inject: ["env", "mcp"] },
+    ];
+    expect(reconciled[0]!.liveConnections).toEqual(wants);
+  });
+  test("a def with NO wants still reconciles with empty liveConnections (prunes any leftover)", async () => {
+    const { deps } = recorderDeps();
+    const reconciled: Array<{ agent: string; liveConnections: ConnectionSpec[] }> = [];
+    const grants = fakeGrantsClient({ reconciled });
+    const fetchFn = vaultFetch({
+      defs: [{ id: "Agents/uni", content: "role", metadata: { name: "uni" } }],
+    });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn, grants });
+    await reg.loadAll();
+    expect(reconciled).toEqual([{ agent: "uni", liveConnections: [] }]);
+  });
+  test("a REMOVED def (present in a prior load, gone now) → reconcile(agent, []) + teardown", async () => {
+    const { deps, calls } = recorderDeps();
+    const reconciled: Array<{ agent: string; liveConnections: ConnectionSpec[] }> = [];
+    const grants = fakeGrantsClient({ reconciled });
+    // Two notes present at first; the second load drops "researcher".
+    const present: Array<{ id: string; content?: string; metadata?: Record<string, unknown> }> = [
+      { id: "Agents/uni", content: "role", metadata: { name: "uni" } },
+      { id: "Agents/researcher", content: "role", metadata: { name: "researcher", wants: "vault:research:read" } },
+    ];
+    const fetchFn = (async (url: string | URL | Request, init?: RequestInit) => {
+      const u = String(url);
+      const method = init?.method ?? "GET";
+      if (method === "PATCH") return new Response(null, { status: 200 });
+      if (u.endsWith("/admin/grants/reconcile") || u.endsWith("/admin/grants")) {
+        // delegate to the fake grants client's fetch by re-issuing through it isn't
+        // possible here; instead record reconcile directly.
+        if (u.endsWith("/admin/grants/reconcile") && method === "POST") {
+          const body = JSON.parse(String(init?.body)) as { agent: string; liveConnections: ConnectionSpec[] };
+          reconciled.push({ agent: body.agent, liveConnections: body.liveConnections });
+          return new Response(JSON.stringify({ pruned: 0, prunedIds: [] }), { status: 200 });
+        }
+        if (method === "PUT") {
+          const body = JSON.parse(String(init?.body)) as { agent: string; connection: ConnectionSpec };
+          return new Response(
+            JSON.stringify({ id: "g", agent: body.agent, connection: body.connection, status: "pending" }),
+            { status: 200 },
+          );
+        }
+      }
+      if (u.includes("/api/notes?") && u.includes("tag=%23agent%2Fdefinition")) {
+        return new Response(JSON.stringify(present), { status: 200, headers: { "content-type": "application/json" } });
+      }
+      return new Response("[]", { status: 200 });
+    }) as typeof fetch;
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn, grants });
+    await reg.loadAll(); // first confident read — both present
+    // Drop researcher; second confident read sees only uni.
+    present.splice(1, 1);
+    reconciled.length = 0; // ignore the first-load reconciles; focus on the removal
+    await reg.loadAll();
+    // The removed agent gets a prune-ALL reconcile.
+    const removal = reconciled.find((r) => r.agent === "researcher");
+    expect(removal).toEqual({ agent: "researcher", liveConnections: [] });
+    // uni (still present, no wants) reconciles with [] too — that's its clean-load prune,
+    // NOT a removal; distinguished by the agent name.
+    expect(reconciled.find((r) => r.agent === "uni")).toEqual({ agent: "uni", liveConnections: [] });
+    // AND it's torn down (not just grant-pruned): the only auto path for a delete.
+    expect(calls.deregistered).toEqual(["researcher"]);
+    expect(calls.removed).toEqual(["researcher"]);
+  });
+  test("a delete reload → reconcile(agent, []) (confirmed removal)", async () => {
+    const { deps } = recorderDeps();
+    const reconciled: Array<{ agent: string; liveConnections: ConnectionSpec[] }> = [];
+    const grants = fakeGrantsClient({ reconciled });
+    const fetchFn = vaultFetch({
+      defs: [{ id: "Agents/uni", content: "role", metadata: { name: "uni" } }],
+    });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn, grants });
+    await reg.loadAll();
+    reconciled.length = 0; // drop the clean-load reconcile; focus on the delete
+    const result = await reg.reload("default", "Agents/uni", "deleted");
+    expect(result).toBe("deregistered");
+    expect(reconciled).toEqual([{ agent: "uni", liveConnections: [] }]);
+  });
+  test("a reload that re-reads as GONE (404) → reconcile(agent, []) (confirmed removal)", async () => {
+    const { deps } = recorderDeps();
+    const reconciled: Array<{ agent: string; liveConnections: ConnectionSpec[] }> = [];
+    const grants = fakeGrantsClient({ reconciled });
+    const fetchFn = vaultFetch({
+      defs: [{ id: "Agents/uni", content: "role", metadata: { name: "uni" } }],
+      byId: { "Agents/uni": null }, // a later GET says it's gone
+    });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn, grants });
+    await reg.loadAll();
+    reconciled.length = 0;
+    const result = await reg.reload("default", "Agents/uni"); // no event → GET → 404
+    expect(result).toBe("deregistered");
+    expect(reconciled).toEqual([{ agent: "uni", liveConnections: [] }]);
+  });
+  test("SAFETY: a PARSE-FAILING def NEVER reconciles (no prune from an error)", async () => {
+    const { deps } = recorderDeps();
+    const reconciled: Array<{ agent: string; liveConnections: ConnectionSpec[] }> = [];
+    const grants = fakeGrantsClient({ reconciled });
+    const fetchFn = vaultFetch({
+      defs: [
+        { id: "Agents/bad", content: "role", metadata: { name: "bad", wants: "vault:research" } }, // malformed wants
+        { id: "Agents/noname", content: "role", metadata: {} }, // no name → parse error
+      ],
+    });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn, grants });
+    const n = await reg.loadAll();
+    expect(n).toBe(0); // nothing instantiated
+    // NEITHER parse-failing def reconciled — a transient parse error must not nuke grants.
+    expect(reconciled).toEqual([]);
+  });
+  test("SAFETY: a parse-failing def is NOT later flagged removed (its grants survive)", async () => {
+    const { deps } = recorderDeps();
+    const reconciled: Array<{ agent: string; liveConnections: ConnectionSpec[] }> = [];
+    const grants = fakeGrantsClient({ reconciled });
+    // First load: a CLEAN def. Second load: the SAME note now parse-fails (a transient
+    // bad edit). It must NOT be treated as a removal (it's still present in the vault).
+    const note: { id: string; content?: string; metadata?: Record<string, unknown> } = {
+      id: "Agents/uni",
+      content: "role",
+      metadata: { name: "uni" },
+    };
+    const present = [note];
+    const fetchFn = (async (url: string | URL | Request, init?: RequestInit) => {
+      const u = String(url);
+      const method = init?.method ?? "GET";
+      if (method === "PATCH") return new Response(null, { status: 200 });
+      if (u.endsWith("/admin/grants/reconcile") && method === "POST") {
+        const body = JSON.parse(String(init?.body)) as { agent: string; liveConnections: ConnectionSpec[] };
+        reconciled.push({ agent: body.agent, liveConnections: body.liveConnections });
+        return new Response(JSON.stringify({ pruned: 0 }), { status: 200 });
+      }
+      if (u.includes("/api/notes?") && u.includes("tag=%23agent%2Fdefinition")) {
+        return new Response(JSON.stringify(present), { status: 200, headers: { "content-type": "application/json" } });
+      }
+      return new Response("[]", { status: 200 });
+    }) as typeof fetch;
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn, grants });
+    await reg.loadAll(); // clean → reconcile(uni, [])
+    // Now make the same note malformed (remove its name) and reload all.
+    note.metadata = { name: "uni", wants: "vault:research" }; // malformed wants → parse error
+    reconciled.length = 0;
+    await reg.loadAll();
+    // The note is STILL present (just unparseable) → NOT a removal → no reconcile at all.
+    expect(reconciled).toEqual([]);
+  });
+  test("SAFETY: a vault LIST failure does NOT prune (no confident read)", async () => {
+    const { deps } = recorderDeps();
+    const reconciled: Array<{ agent: string; liveConnections: ConnectionSpec[] }> = [];
+    const grants = fakeGrantsClient({ reconciled });
+    let listShouldFail = false;
+    const present = [{ id: "Agents/uni", content: "role", metadata: { name: "uni" } }];
+    const fetchFn = (async (url: string | URL | Request, init?: RequestInit) => {
+      const u = String(url);
+      const method = init?.method ?? "GET";
+      if (method === "PATCH") return new Response(null, { status: 200 });
+      if (u.endsWith("/admin/grants/reconcile") && method === "POST") {
+        const body = JSON.parse(String(init?.body)) as { agent: string; liveConnections: ConnectionSpec[] };
+        reconciled.push({ agent: body.agent, liveConnections: body.liveConnections });
+        return new Response(JSON.stringify({ pruned: 0 }), { status: 200 });
+      }
+      if (u.includes("/api/notes?") && u.includes("tag=%23agent%2Fdefinition")) {
+        if (listShouldFail) return new Response("boom", { status: 500 });
+        return new Response(JSON.stringify(present), { status: 200, headers: { "content-type": "application/json" } });
+      }
+      return new Response("[]", { status: 200 });
+    }) as typeof fetch;
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn, grants });
+    await reg.loadAll(); // confident → seen set = {uni}
+    reconciled.length = 0;
+    listShouldFail = true;
+    await reg.loadAll(); // list 500s → NOT a confident read → no removal diff, no prune
+    expect(reconciled).toEqual([]);
+  });
+  test("a reconcile HTTP failure is swallowed — the load does NOT throw / still instantiates", async () => {
+    const { deps, calls } = recorderDeps();
+    const reconciled: Array<{ agent: string; liveConnections: ConnectionSpec[] }> = [];
+    const grants = fakeGrantsClient({ reconciled, reconcileFails: true }); // reconcile POST 500s
+    const patches: Array<{ id: string; status?: string }> = [];
+    const fetchFn = vaultFetch({
+      defs: [{ id: "Agents/uni", content: "role", metadata: { name: "uni" } }],
+      patches,
+    });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn, grants });
+    // Must not throw out of loadAll despite the 500.
+    const n = await reg.loadAll();
+    expect(n).toBe(1);
+    expect(calls.registered.map((s) => s.name)).toEqual(["uni"]); // still instantiated
+    expect(reconciled).toEqual([{ agent: "uni", liveConnections: [] }]); // it was attempted
+  });
+  test("no grants client → reconcile is a no-op (the vault-native path still runs)", async () => {
+    const { deps, calls } = recorderDeps();
+    const fetchFn = vaultFetch({
+      defs: [{ id: "Agents/uni", content: "role", metadata: { name: "uni", wants: "vault:research:read" } }],
+    });
+    // No grants client → no reconcile attempted; the agent still instantiates own-vault.
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn });
+    const n = await reg.loadAll();
+    expect(n).toBe(1);
+    expect(calls.registered.map((s) => s.name)).toEqual(["uni"]);
+  });
+});
+// ---------------------------------------------------------------------------
+// FIX 4 (delete ordering: vault-delete first, then deregister) + FIX 5 (grant-GC
+// failure on delete is surfaced, not swallowed) — PR #3.
+// ---------------------------------------------------------------------------
+/**
+ * A fetch that serves the def list + by-id GET (so an agent instantiates) and routes
+ * a DELETE to a configurable outcome (`deleteStatus`). Records DELETEs so a test can
+ * assert the note-delete was attempted. Reconcile/PATCH succeed by default.
+ */
+function vaultFetchWithDelete(opts: {
+  defs: Array<{ id: string; content?: string; metadata?: Record<string, unknown> }>;
+  deleteStatus?: number; // the status the DELETE returns (default 204 = success)
+  deletes?: string[]; // record each DELETEd note id
+}): typeof fetch {
+  return (async (url: string | URL | Request, init?: RequestInit) => {
+    const u = String(url);
+    const method = init?.method ?? "GET";
+    if (method === "DELETE") {
+      const id = decodeURIComponent(u.split("/api/notes/")[1]!);
+      opts.deletes?.push(id);
+      const status = opts.deleteStatus ?? 204;
+      return new Response(status >= 400 ? "delete failed" : null, { status });
+    }
+    if (method === "PATCH") return new Response(null, { status: 200 });
+    if (u.includes("/api/notes?") && u.includes("tag=%23agent%2Fdefinition")) {
+      return new Response(JSON.stringify(opts.defs), {
+        status: 200,
+        headers: { "content-type": "application/json" },
+      });
+    }
+    return new Response("[]", { status: 200 });
+  }) as typeof fetch;
+}
+describe("AgentDefRegistry — deleteDef ordering + grant-GC surfacing (FIX 4/5, PR #3)", () => {
+  test("FIX 4: a vault-delete failure leaves the def REGISTERED (not orphaned)", async () => {
+    const { deps, calls } = recorderDeps();
+    const deletes: string[] = [];
+    const fetchFn = vaultFetchWithDelete({
+      defs: [{ id: "Agents/uni", content: "role", metadata: { name: "uni" } }],
+      deleteStatus: 502, // the vault note delete 502s
+      deletes,
+    });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn });
+    await reg.loadAll();
+    expect(reg.findLiveByNote("Agents/uni")).not.toBeNull(); // live before delete.
+    // The delete throws (the vault note delete failed) BEFORE any deregister.
+    await expect(reg.deleteDef("Agents/uni")).rejects.toThrow(/delete def Agents\/uni failed \(502\)/);
+    // FIX 4 invariant: the agent is STILL registered (the in-memory def was NOT torn down
+    // on a failed vault delete) — it re-converges on the next poll rather than orphaning.
+    expect(reg.findLiveByNote("Agents/uni")).not.toBeNull();
+    expect(calls.deregistered).toEqual([]); // nothing was deregistered.
+    expect(deletes).toEqual(["Agents/uni"]); // the delete WAS attempted (and failed).
+  });
+  test("FIX 4: a successful vault-delete deregisters cleanly", async () => {
+    const { deps, calls } = recorderDeps();
+    const deletes: string[] = [];
+    const fetchFn = vaultFetchWithDelete({
+      defs: [{ id: "Agents/uni", content: "role", metadata: { name: "uni" } }],
+      deleteStatus: 204,
+      deletes,
+    });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn });
+    await reg.loadAll();
+    const removed = await reg.deleteDef("Agents/uni");
+    expect(removed.name).toBe("uni");
+    expect(removed.grantsReconciled).toBe(true); // no grants client → nothing to reconcile = ok.
+    // Now deregistered + removed from the live set.
+    expect(reg.findLiveByNote("Agents/uni")).toBeNull();
+    expect(calls.deregistered).toEqual(["uni"]);
+    expect(deletes).toEqual(["Agents/uni"]);
+  });
+  test("FIX 5: a grant-reconcile failure on delete is SURFACED (grantsReconciled:false) — the note-delete still completes", async () => {
+    const { deps, calls } = recorderDeps();
+    const reconciled: Array<{ agent: string; liveConnections: ConnectionSpec[] }> = [];
+    const grants = fakeGrantsClient({ reconciled, reconcileFails: true }); // reconcile POST 500s
+    const deletes: string[] = [];
+    const fetchFn = vaultFetchWithDelete({
+      defs: [{ id: "Agents/uni", content: "role", metadata: { name: "uni" } }],
+      deleteStatus: 204,
+      deletes,
+    });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn, grants });
+    await reg.loadAll();
+    reconciled.length = 0;
+    // The delete must NOT throw (grant GC is best-effort) but MUST report the partial
+    // success so the caller doesn't claim a clean full success (orphaned grants).
+    const removed = await reg.deleteDef("Agents/uni");
+    expect(removed.name).toBe("uni");
+    expect(removed.grantsReconciled).toBe(false); // FIX 5: the failure is surfaced, not swallowed.
+    // The note-delete + deregister STILL completed (the def IS gone).
+    expect(reg.findLiveByNote("Agents/uni")).toBeNull();
+    expect(calls.deregistered).toEqual(["uni"]);
+    expect(deletes).toEqual(["Agents/uni"]);
+    // The reconcile WAS attempted (prune-all on the removed agent) — it just failed on the hub.
+    expect(reconciled).toEqual([{ agent: "uni", liveConnections: [] }]);
+  });
+  test("FIX 5: a SUCCESSFUL grant-reconcile on delete reports grantsReconciled:true", async () => {
+    const { deps } = recorderDeps();
+    const reconciled: Array<{ agent: string; liveConnections: ConnectionSpec[] }> = [];
+    const grants = fakeGrantsClient({ reconciled }); // reconcile succeeds
+    const fetchFn = vaultFetchWithDelete({
+      defs: [{ id: "Agents/uni", content: "role", metadata: { name: "uni" } }],
+      deleteStatus: 204,
+    });
+    const reg = new AgentDefRegistry(deps, { bindings: [binding], fetchFn, grants });
+    await reg.loadAll();
+    const removed = await reg.deleteDef("Agents/uni");
+    expect(removed.grantsReconciled).toBe(true);
+  });
+});