@openparachute/agent 0.2.0 → 0.2.3-rc.10

package/src/hub-jwt.test.ts

@@ -1,161 +0,0 @@
-/**
- * Tests for the agent-side hub-JWT adapter. These exercise the parts that
- * DON'T need a live hub / JWKS endpoint: hub-origin resolution (env precedence →
- * expose-state self-heal → loopback fallback), the audience constants, and the
- * re-exported pure helpers (`looksLikeJwt`). Real signature/issuer/audience
- * validation is scope-guard's own tested surface — we don't re-test it here and
- * we never need a real JWKS.
- *
- * Audience constants (channel→agent rename, rule 1): the daemon now mints/
- * validates `aud: "agent"` (`AGENT_AUDIENCE`); the pre-rename `aud: "channel"`
- * (`CHANNEL_AUDIENCE`, deprecated) still validates during the dual-accept window
- * via `ACCEPTED_AUDIENCES`. We assert both constants here. The dual-ACCEPT itself
- * (a `channel`-aud token still validating) lives in `validateHubJwt`, which needs
- * a live JWKS to exercise — that's scope-guard's tested surface, not re-tested here.
- *
- * The self-heal reads `<PARACHUTE_HOME>/expose-state.json`. Every case here
- * points `PARACHUTE_HOME` at a fresh temp dir so the operator's real
- * `~/.parachute/expose-state.json` can't leak into the loopback assertions.
- */
-import { describe, test, expect, afterEach, beforeEach } from "bun:test";
-import { mkdtempSync, rmSync, writeFileSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
-import {
-  getHubOrigin,
-  AGENT_AUDIENCE,
-  CHANNEL_AUDIENCE,
-  ACCEPTED_AUDIENCES,
-  looksLikeJwt,
-  HubJwtError,
-} from "./hub-jwt.ts";
-
-const savedOrigin = process.env.PARACHUTE_HUB_ORIGIN;
-const savedHome = process.env.PARACHUTE_HOME;
-
-let home: string;
-
-beforeEach(() => {
-  // Isolated, empty ecosystem root — no expose-state.json unless a case writes one.
-  home = mkdtempSync(join(tmpdir(), "agent-hubjwt-"));
-  process.env.PARACHUTE_HOME = home;
-});
-
-afterEach(() => {
-  if (savedOrigin === undefined) delete process.env.PARACHUTE_HUB_ORIGIN;
-  else process.env.PARACHUTE_HUB_ORIGIN = savedOrigin;
-  if (savedHome === undefined) delete process.env.PARACHUTE_HOME;
-  else process.env.PARACHUTE_HOME = savedHome;
-  try {
-    rmSync(home, { recursive: true, force: true });
-  } catch {}
-});
-
-function writeExposeState(obj: Record<string, unknown>): void {
-  writeFileSync(join(home, "expose-state.json"), JSON.stringify(obj));
-}
-
-describe("getHubOrigin — env precedence", () => {
-  test("uses the env value when set", () => {
-    process.env.PARACHUTE_HUB_ORIGIN = "https://hub.example.com";
-    expect(getHubOrigin()).toBe("https://hub.example.com");
-  });
-
-  test("strips a single trailing slash for a canonical form", () => {
-    process.env.PARACHUTE_HUB_ORIGIN = "https://hub.example.com/";
-    expect(getHubOrigin()).toBe("https://hub.example.com");
-  });
-
-  test("env wins over expose-state (highest precedence)", () => {
-    process.env.PARACHUTE_HUB_ORIGIN = "https://env.example.com";
-    writeExposeState({ hubOrigin: "https://exposed.example.com" });
-    expect(getHubOrigin()).toBe("https://env.example.com");
-  });
-});
-
-describe("getHubOrigin — expose-state self-heal (agent#34)", () => {
-  test("reads expose-state.hubOrigin when env is unset", () => {
-    delete process.env.PARACHUTE_HUB_ORIGIN;
-    writeExposeState({ hubOrigin: "https://exposed.example.com" });
-    expect(getHubOrigin()).toBe("https://exposed.example.com");
-  });
-
-  test("reads expose-state.hubOrigin when env is empty", () => {
-    process.env.PARACHUTE_HUB_ORIGIN = "";
-    writeExposeState({ hubOrigin: "https://exposed.example.com" });
-    expect(getHubOrigin()).toBe("https://exposed.example.com");
-  });
-
-  test("synthesizes https://<canonicalFqdn> for older state files lacking hubOrigin", () => {
-    delete process.env.PARACHUTE_HUB_ORIGIN;
-    writeExposeState({ canonicalFqdn: "box.taildf9ce2.ts.net" });
-    expect(getHubOrigin()).toBe("https://box.taildf9ce2.ts.net");
-  });
-
-  test("strips a trailing slash off the expose-state origin", () => {
-    delete process.env.PARACHUTE_HUB_ORIGIN;
-    writeExposeState({ hubOrigin: "https://exposed.example.com/" });
-    expect(getHubOrigin()).toBe("https://exposed.example.com");
-  });
-
-  test("never self-heals to a loopback expose-state origin", () => {
-    delete process.env.PARACHUTE_HUB_ORIGIN;
-    writeExposeState({ hubOrigin: "http://127.0.0.1:1939" });
-    expect(getHubOrigin()).toBe("http://127.0.0.1:1939"); // loopback default, not a self-heal
-  });
-});
-
-describe("getHubOrigin — loopback fallback", () => {
-  test("falls back to loopback when env unset AND no expose-state file", () => {
-    delete process.env.PARACHUTE_HUB_ORIGIN;
-    expect(getHubOrigin()).toBe("http://127.0.0.1:1939");
-  });
-
-  test("falls back to loopback when env empty AND no expose-state file", () => {
-    process.env.PARACHUTE_HUB_ORIGIN = "";
-    expect(getHubOrigin()).toBe("http://127.0.0.1:1939");
-  });
-
-  test("falls back to loopback when expose-state has no usable origin", () => {
-    delete process.env.PARACHUTE_HUB_ORIGIN;
-    writeExposeState({ layer: "tailnet" }); // neither hubOrigin nor canonicalFqdn
-    expect(getHubOrigin()).toBe("http://127.0.0.1:1939");
-  });
-
-  test("falls back to loopback when expose-state is malformed JSON", () => {
-    delete process.env.PARACHUTE_HUB_ORIGIN;
-    writeFileSync(join(home, "expose-state.json"), "{ not json");
-    expect(getHubOrigin()).toBe("http://127.0.0.1:1939");
-  });
-});
-
-describe("audience constants (channel→agent dual-accept, rule 1)", () => {
-  test("AGENT_AUDIENCE is the literal 'agent' (what the hub mints aud as now)", () => {
-    expect(AGENT_AUDIENCE).toBe("agent");
-  });
-
-  test("CHANNEL_AUDIENCE is the deprecated legacy literal 'channel' (pre-rename tokens)", () => {
-    expect(CHANNEL_AUDIENCE).toBe("channel");
-  });
-
-  test("ACCEPTED_AUDIENCES carries BOTH — new 'agent' + legacy 'channel' (the dual-accept set)", () => {
-    // The resource-server backstop: a token whose aud is neither (e.g. minted for
-    // a vault) is rejected; both transitional forms validate until live re-mint.
-    expect([...ACCEPTED_AUDIENCES]).toEqual(["agent", "channel"]);
-    expect(ACCEPTED_AUDIENCES).toContain(AGENT_AUDIENCE);
-    expect(ACCEPTED_AUDIENCES).toContain(CHANNEL_AUDIENCE);
-  });
-});
-
-describe("re-exported helpers", () => {
-  test("looksLikeJwt recognizes the eyJ prefix", () => {
-    expect(looksLikeJwt("eyJhbGciOiJSUzI1NiJ9.payload.sig")).toBe(true);
-    expect(looksLikeJwt("opaque-shared-secret")).toBe(false);
-  });
-
-  test("HubJwtError is the scope-guard error class", () => {
-    const err = new HubJwtError("issuer", "bad iss");
-    expect(err).toBeInstanceOf(Error);
-    expect(err.code).toBe("issuer");
-  });
-});

package/src/jobs.test.ts

@@ -1,245 +0,0 @@
-import { describe, test, expect, afterEach } from "bun:test";
-import { validateJob, VaultJobStore, vaultTransportFor, type Job } from "./jobs.ts";
-import { VaultTransport } from "./transports/vault.ts";
-import type { Channel } from "./registry.ts";
-import { TelegramTransport } from "./transports/telegram.ts";
-
-const realFetch = globalThis.fetch;
-afterEach(() => {
-  globalThis.fetch = realFetch;
-});
-
-function makeJob(over: Partial<Job> = {}): Job {
-  return {
-    id: "morning",
-    channel: "uni-dev",
-    message: "Run the morning weave",
-    schedule: { cron: "53 7 * * *", tz: "America/Los_Angeles" },
-    enabled: true,
-    createdAt: "2026-06-17T00:00:00.000Z",
-    ...over,
-  };
-}
-
-describe("validateJob (pure)", () => {
-  const isVault = (name: string): boolean | null => {
-    if (name === "uni-dev") return true;
-    if (name === "tele") return false;
-    return null;
-  };
-
-  test("a well-formed vault job validates", () => {
-    expect(validateJob(makeJob(), isVault)).toEqual({ ok: true });
-  });
-  test("bad id (not a slug) rejected", () => {
-    const r = validateJob(makeJob({ id: "has spaces" }), isVault);
-    expect(r).toMatchObject({ ok: false });
-    expect((r as { error: string }).error).toMatch(/slug/);
-  });
-  test("empty message rejected", () => {
-    const r = validateJob(makeJob({ message: "   " }), isVault);
-    expect((r as { error: string }).error).toMatch(/message/);
-  });
-  test("bad cron rejected with a field-naming message", () => {
-    const r = validateJob(makeJob({ schedule: { cron: "99 7 * * *" } }), isVault);
-    expect((r as { error: string }).error).toMatch(/invalid schedule.cron/);
-  });
-  test("missing schedule.cron rejected", () => {
-    const r = validateJob({ id: "x", channel: "uni-dev", message: "m" }, isVault);
-    expect((r as { error: string }).error).toMatch(/schedule.cron/);
-  });
-  test("bad tz rejected", () => {
-    const r = validateJob(makeJob({ schedule: { cron: "0 0 * * *", tz: "Mars/Olympus" } }), isVault);
-    expect((r as { error: string }).error).toMatch(/timezone/);
-  });
-  test("unknown channel rejected", () => {
-    const r = validateJob(makeJob({ channel: "ghost" }), isVault);
-    expect((r as { error: string }).error).toMatch(/unknown channel/);
-  });
-  test("non-vault channel rejected (the inject path needs a vault transport)", () => {
-    const r = validateJob(makeJob({ channel: "tele" }), isVault);
-    expect((r as { error: string }).error).toMatch(/not a vault channel/);
-  });
-});
-
-/** Build a live channels map with one vault channel + (optionally) a telegram one. */
-function channelsWithVault(): { channels: Map<string, Channel>; vault: VaultTransport } {
-  const vault = new VaultTransport({
-    vault: "default",
-    vaultUrl: "http://127.0.0.1:1940",
-    token: "write-token",
-  });
-  const channels = new Map<string, Channel>();
-  channels.set("uni-dev", {
-    name: "uni-dev",
-    transport: vault,
-    entry: { name: "uni-dev", transport: "vault", config: { vault: "default", token: "write-token" } },
-  });
-  const tele = new TelegramTransport({ token: "tg", name: "tele" });
-  channels.set("tele", {
-    name: "tele",
-    transport: tele,
-    entry: { name: "tele", transport: "telegram", config: { token: "tg" } },
-  });
-  return { channels, vault };
-}
-
-describe("vaultTransportFor", () => {
-  test("resolves a vault channel to its transport; null for non-vault / unknown", () => {
-    const { channels, vault } = channelsWithVault();
-    expect(vaultTransportFor(channels, "uni-dev")).toBe(vault);
-    expect(vaultTransportFor(channels, "tele")).toBeNull();
-    expect(vaultTransportFor(channels, "ghost")).toBeNull();
-  });
-});
-
-describe("VaultJobStore — vault-native CRUD", () => {
-  test("listAll queries each unique vault once + maps job notes to Jobs", async () => {
-    const { channels } = channelsWithVault();
-    const urls: string[] = [];
-    globalThis.fetch = (async (url: string | URL | Request) => {
-      urls.push(String(url));
-      return new Response(
-        JSON.stringify([
-          {
-            id: "note-1",
-            content: "Run the weave",
-            metadata: {
-              channel: "uni-dev",
-              cron: "53 7 * * *",
-              tz: "America/Los_Angeles",
-              enabled: "true",
-              createdAt: "2026-06-17T00:00:00Z",
-            },
-          },
-          {
-            id: "note-2",
-            content: "Hourly ping",
-            metadata: { channel: "uni-dev", cron: "0 * * * *", enabled: "false" },
-          },
-        ]),
-        { status: 200, headers: { "content-type": "application/json" } },
-      );
-    }) as typeof fetch;
-
-    const store = new VaultJobStore(channels);
-    const jobs = await store.listAll();
-    // Only ONE vault transport in the map → queried exactly once (telegram is skipped).
-    expect(urls.filter((u) => u.includes("/api/notes")).length).toBe(1);
-    expect(urls[0]).toContain("tag=%23agent%2Fjob");
-    expect(jobs).toHaveLength(2);
-    expect(jobs[0]).toMatchObject({
-      id: "note-1",
-      channel: "uni-dev",
-      message: "Run the weave",
-      schedule: { cron: "53 7 * * *", tz: "America/Los_Angeles" },
-      enabled: true,
-    });
-    expect(jobs[1]!.enabled).toBe(false); // "false" string → disabled
-  });
-
-  test("listAll dedups by vault IDENTITY across SEPARATE transport instances sharing one vault (regression)", async () => {
-    // Two vault channels, each with its OWN VaultTransport INSTANCE pointing at the
-    // SAME vault "default" — the real shape (each channel constructs its own
-    // transport). Instance-identity dedup misses this; vaultKey() dedup must catch it.
-    // Caught live 2026-06-18: one job listed 3x with three channels on the default vault.
-    const cfg = { vault: "default", vaultUrl: "http://127.0.0.1:1940", token: "write-token" };
-    const channels = new Map<string, Channel>();
-    for (const name of ["uni-a", "uni-b"]) {
-      channels.set(name, {
-        name,
-        transport: new VaultTransport(cfg), // a DISTINCT instance per channel
-        entry: { name, transport: "vault", config: { vault: "default", token: "write-token" } },
-      });
-    }
-    const urls: string[] = [];
-    globalThis.fetch = (async (url: string | URL | Request) => {
-      urls.push(String(url));
-      return new Response(
-        JSON.stringify([
-          { id: "Channels/uni-a/jobs/j1", content: "do it", metadata: { channel: "uni-a", cron: "0 9 * * *", enabled: "true" } },
-        ]),
-        { status: 200, headers: { "content-type": "application/json" } },
-      );
-    }) as typeof fetch;
-
-    const store = new VaultJobStore(channels);
-    const jobs = await store.listAll();
-    // Queried the shared vault EXACTLY once (not once per channel), and the job
-    // appears EXACTLY once (not duplicated per channel that shares the vault).
-    expect(urls.filter((u) => u.includes("/api/notes")).length).toBe(1);
-    expect(jobs).toHaveLength(1);
-    expect(jobs[0]!.id).toBe("Channels/uni-a/jobs/j1");
-  });
-
-  test("upsert writes a #agent/job note via the target channel's vault", async () => {
-    const { channels } = channelsWithVault();
-    const calls: { url: string; init: RequestInit }[] = [];
-    globalThis.fetch = (async (url: string | URL | Request, init?: RequestInit) => {
-      calls.push({ url: String(url), init: init ?? {} });
-      return new Response(JSON.stringify({ id: "Channels/uni-dev/jobs/morning" }), {
-        status: 201,
-        headers: { "content-type": "application/json" },
-      });
-    }) as typeof fetch;
-
-    const store = new VaultJobStore(channels);
-    const saved = await store.upsert(makeJob());
-    // `id` stays the operator slug; `noteId` is the vault note id for addressing.
-    expect(saved.id).toBe("morning");
-    expect(saved.noteId).toBe("Channels/uni-dev/jobs/morning");
-    expect(calls).toHaveLength(1);
-    const body = JSON.parse(String(calls[0]!.init.body));
-    expect(body.tags).toEqual(["#agent/job"]);
-    expect(body.path).toBe("Channels/uni-dev/jobs/morning");
-    expect(body.metadata.jobId).toBe("morning"); // slug persisted for stable display
-    expect(body.content).toBe("Run the morning weave");
-    expect(body.metadata).toMatchObject({
-      // CONTRACT: routing key under `metadata.agent` ONLY — no `channel`.
-      agent: "uni-dev",
-      cron: "53 7 * * *",
-      tz: "America/Los_Angeles",
-      enabled: "true",
-      createdAt: "2026-06-17T00:00:00.000Z",
-    });
-    expect(body.metadata.channel).toBeUndefined();
-    // nextRunAt is NEVER persisted.
-    expect(body.metadata.nextRunAt).toBeUndefined();
-    const headers = calls[0]!.init.headers as Record<string, string>;
-    expect(headers.authorization).toBe("Bearer write-token");
-  });
-
-  test("upsert to a non-vault channel throws", async () => {
-    const { channels } = channelsWithVault();
-    const store = new VaultJobStore(channels);
-    await expect(store.upsert(makeJob({ channel: "tele" }))).rejects.toThrow(/not a live vault channel/);
-  });
-
-  test("remove DELETEs the note by id via the channel's vault", async () => {
-    const { channels } = channelsWithVault();
-    const calls: { url: string; method?: string }[] = [];
-    globalThis.fetch = (async (url: string | URL | Request, init?: RequestInit) => {
-      calls.push({ url: String(url), method: init?.method });
-      return new Response(null, { status: 204 });
-    }) as typeof fetch;
-    const store = new VaultJobStore(channels);
-    await store.remove("Channels/uni-dev/jobs/morning", "uni-dev");
-    expect(calls).toHaveLength(1);
-    expect(calls[0]!.method).toBe("DELETE");
-    expect(calls[0]!.url).toContain("/api/notes/");
-  });
-
-  test("patch PATCHes bookkeeping metadata onto the note", async () => {
-    const { channels } = channelsWithVault();
-    const calls: { url: string; init: RequestInit }[] = [];
-    globalThis.fetch = (async (url: string | URL | Request, init?: RequestInit) => {
-      calls.push({ url: String(url), init: init ?? {} });
-      return new Response(null, { status: 200 });
-    }) as typeof fetch;
-    const store = new VaultJobStore(channels);
-    await store.patch("note-1", "uni-dev", { lastRunAt: "2026-06-17T11:00:00Z", lastStatus: "ok" });
-    expect(calls[0]!.init.method).toBe("PATCH");
-    const body = JSON.parse(String(calls[0]!.init.body));
-    expect(body.metadata).toEqual({ lastRunAt: "2026-06-17T11:00:00Z", lastStatus: "ok" });
-  });
-});

package/src/mcp-http.test.ts

@@ -1,265 +0,0 @@
-/**
- * HTTP MCP tests — the per-channel session registry, the wake push, write-scope
- * enforcement on tool dispatch, and the daemon's /mcp/<channel> auth gate.
- *
- * Like daemon.test.ts these need NO live hub: the no-token path in requireScope
- * short-circuits before any JWKS fetch, and the registry/push/tool tests drive
- * the in-memory session set directly with fake servers + a fake transport.
- */
-import { describe, test, expect, afterEach, beforeAll, afterAll } from "bun:test";
-import {
-  pushToChannel,
-  pushPermissionVerdict,
-  mcpSessionCount,
-  assertMcpSdkStreamContract,
-  _resetSessionsForTest,
-} from "./mcp-http.ts";
-import { createFetchHandler } from "./daemon.ts";
-import { ClientRegistry } from "./routing.ts";
-import { HttpUiTransport } from "./transports/http-ui.ts";
-import type { Channel } from "./registry.ts";
-import type { Transport, ReplyArgs } from "./transport.ts";
-
-// ---------------------------------------------------------------------------
-// Registry + wake — drive the session set directly via a registration shim.
-//
-// pushToChannel iterates the channel's session set and calls
-// server.notification. We register fake sessions by reaching the same internal
-// maps the way handleMcp's onsessioninitialized would. Since those maps are
-// module-private, we exercise them through the public surface: register via a
-// tiny test-only re-entry that mirrors registerSession. To keep this hermetic
-// without exporting internals, we register by spinning handleMcp is overkill;
-// instead we assert push reaches a registered session through a captured
-// server.notification. We use the exported _registerForTest below.
-// ---------------------------------------------------------------------------
-
-import { _registerSessionForTest, _unregisterSessionForTest } from "./mcp-http.ts";
-
-interface FakeServer {
-  notes: Array<{ method: string; params: unknown }>;
-}
-
-function fakeSession(): { server: { notification: (n: unknown) => void }; captured: FakeServer } {
-  const captured: FakeServer = { notes: [] };
-  const server = {
-    notification(n: unknown) {
-      captured.notes.push(n as { method: string; params: unknown });
-    },
-  };
-  return { server, captured };
-}
-
-afterEach(() => {
-  _resetSessionsForTest();
-});
-
-describe("per-channel MCP session registry + wake push", () => {
-  test("pushToChannel reaches a session on A and NOT one on B", () => {
-    const a = fakeSession();
-    const b = fakeSession();
-    _registerSessionForTest("A", "sid-a", a.server as never, ["agent:read", "agent:write"]);
-    _registerSessionForTest("B", "sid-b", b.server as never, ["agent:read"]);
-
-    const delivered = pushToChannel("A", "hello A", { foo: "bar" });
-    expect(delivered).toBe(1);
-    expect(a.captured.notes).toHaveLength(1);
-    expect(a.captured.notes[0]!.method).toBe("notifications/claude/agent");
-    expect((a.captured.notes[0]!.params as { content: string }).content).toBe("hello A");
-    // Source is stamped + caller meta merged.
-    expect((a.captured.notes[0]!.params as { meta: Record<string, string> }).meta).toMatchObject({
-      source: "parachute-agent",
-      foo: "bar",
-    });
-    // B got nothing.
-    expect(b.captured.notes).toHaveLength(0);
-  });
-
-  test("two sessions on the same channel both get the wake", () => {
-    const a1 = fakeSession();
-    const a2 = fakeSession();
-    _registerSessionForTest("A", "sid-a1", a1.server as never, ["agent:read"]);
-    _registerSessionForTest("A", "sid-a2", a2.server as never, ["agent:read"]);
-    expect(mcpSessionCount("A")).toBe(2);
-    const delivered = pushToChannel("A", "broadcast", {});
-    expect(delivered).toBe(2);
-    expect(a1.captured.notes).toHaveLength(1);
-    expect(a2.captured.notes).toHaveLength(1);
-  });
-
-  test("pushPermissionVerdict pushes the permission method", () => {
-    const a = fakeSession();
-    _registerSessionForTest("A", "sid-a", a.server as never, ["agent:read"]);
-    const delivered = pushPermissionVerdict("A", { request_id: "r1", behavior: "allow" });
-    expect(delivered).toBe(1);
-    expect(a.captured.notes[0]!.method).toBe("notifications/claude/agent/permission");
-    expect(a.captured.notes[0]!.params).toMatchObject({ request_id: "r1", behavior: "allow" });
-  });
-
-  test("push to an unknown channel delivers to nobody (0)", () => {
-    expect(pushToChannel("nope", "x", {})).toBe(0);
-    expect(pushPermissionVerdict("nope", { request_id: "r", behavior: "deny" })).toBe(0);
-  });
-
-  test("a streamless session (registered, no live GET stream) is NOT counted as delivered", () => {
-    // The bug this guards: a session that POSTed `initialize` but hasn't opened (or
-    // has dropped) its standalone GET stream is registered, but the SDK silently
-    // drops any notification to it. If pushToChannel counted it, the daemon would
-    // advance the channel's delivery mark and the message would be lost.
-    const a = fakeSession();
-    _registerSessionForTest("A", "sid-streamless", a.server as never, ["agent:read"], {
-      streamless: true,
-    });
-    expect(mcpSessionCount("A")).toBe(1); // it IS registered…
-    expect(pushToChannel("A", "into the void", {})).toBe(0); // …but NOT deliverable
-    expect(a.captured.notes).toHaveLength(0); // not even attempted
-    // Permission verdicts honor the same gate.
-    expect(pushPermissionVerdict("A", { request_id: "r", behavior: "allow" })).toBe(0);
-  });
-
-  test("pushToChannel counts only the live-stream sessions in a mixed set", () => {
-    const live = fakeSession();
-    const dead = fakeSession();
-    _registerSessionForTest("A", "sid-live", live.server as never, ["agent:read"]);
-    _registerSessionForTest("A", "sid-streamless", dead.server as never, ["agent:read"], {
-      streamless: true,
-    });
-    expect(mcpSessionCount("A")).toBe(2); // both registered
-    expect(pushToChannel("A", "hi", {})).toBe(1); // only the one with a live stream
-    expect(live.captured.notes).toHaveLength(1);
-    expect(dead.captured.notes).toHaveLength(0);
-  });
-
-  test("the installed MCP SDK still keys the standalone GET stream as we expect (contract guard)", () => {
-    // If this fails, the SDK renamed the internal sessionHasLivePushStream reads —
-    // HTTP-MCP delivery would silently break. Catch it here, not in production.
-    expect(assertMcpSdkStreamContract()).toBe(true);
-  });
-
-  test("mcpSessionCount tracks registration + reset", () => {
-    expect(mcpSessionCount("A")).toBe(0);
-    const a = fakeSession();
-    _registerSessionForTest("A", "sid-a", a.server as never, ["agent:read"]);
-    expect(mcpSessionCount("A")).toBe(1);
-    _resetSessionsForTest();
-    expect(mcpSessionCount("A")).toBe(0);
-  });
-
-  test("unregister cleans up the session and drops the empty channel set (no leak)", () => {
-    _registerSessionForTest("A", "sid-a1", fakeSession().server as never, ["agent:read"]);
-    _registerSessionForTest("A", "sid-a2", fakeSession().server as never, ["agent:read"]);
-    expect(mcpSessionCount("A")).toBe(2);
-    _unregisterSessionForTest("A", "sid-a1");
-    expect(mcpSessionCount("A")).toBe(1); // the other session survives
-    _unregisterSessionForTest("A", "sid-a2");
-    expect(mcpSessionCount("A")).toBe(0); // empty set removed — no orphaned channel entry
-    // a push to the now-cleaned channel reaches nobody
-    expect(pushToChannel("A", "hi", {})).toBe(0);
-  });
-});
-
-// ---------------------------------------------------------------------------
-// Tool dispatch — a reply tool call routes to the channel's transport.
-// ---------------------------------------------------------------------------
-
-describe("tool dispatch routes to the channel's transport + enforces write scope", () => {
-  function fakeTransport(): { transport: Transport; replies: ReplyArgs[] } {
-    const replies: ReplyArgs[] = [];
-    const transport: Transport = {
-      kind: "fake",
-      async start() {},
-      async stop() {},
-      async reply(args: ReplyArgs) {
-        replies.push(args);
-        return { sent: ["msg-1"] };
-      },
-    };
-    return { transport, replies };
-  }
-
-  test("a write-scoped reply call reaches transport.reply with the channel + args", async () => {
-    const { transport, replies } = fakeTransport();
-    const { callReplyTool } = await import("./mcp-http.ts");
-    const result = await callReplyTool("A", transport, ["agent:read", "agent:write"], {
-      text: "hi there",
-      chat_id: "42",
-    });
-    expect(result.isError).toBeUndefined();
-    expect(replies).toHaveLength(1);
-    expect(replies[0]).toMatchObject({ channel: "A", text: "hi there", meta: { chat_id: "42" } });
-  });
-
-  test("a read-only token cannot call reply (write scope enforced)", async () => {
-    const { transport, replies } = fakeTransport();
-    const { callReplyTool } = await import("./mcp-http.ts");
-    const result = await callReplyTool("A", transport, ["agent:read"], { text: "blocked" });
-    expect(result.isError).toBe(true);
-    expect(replies).toHaveLength(0);
-    expect((result.content[0] as { text: string }).text).toContain("agent:write");
-  });
-
-  test("DUAL-ACCEPT: a pre-rename token with the LEGACY channel:write scope can still call reply", async () => {
-    // The write-tool gate must dual-accept (grantsScope), not raw-includes — else
-    // a pre-rename token connects + is woken but silently can't send (channel#…).
-    const { transport, replies } = fakeTransport();
-    const { callReplyTool } = await import("./mcp-http.ts");
-    const result = await callReplyTool("A", transport, ["channel:read", "channel:write"], {
-      text: "legacy-send",
-    });
-    expect(result.isError).toBeUndefined();
-    expect(replies).toHaveLength(1);
-    expect(replies[0]).toMatchObject({ channel: "A", text: "legacy-send" });
-  });
-});
-
-// ---------------------------------------------------------------------------
-// Daemon auth gate — POST /mcp/<channel> with no bearer → 401 (pre-JWKS).
-// ---------------------------------------------------------------------------
-
-describe("daemon /mcp/<channel> auth gate", () => {
-  let server: ReturnType<typeof Bun.serve>;
-  let base: string;
-
-  beforeAll(async () => {
-    const registry = new ClientRegistry();
-    const transport = new HttpUiTransport({ channel: "ui1" });
-    await transport.start({ channel: "ui1", emit: () => {}, emitPermissionVerdict: () => {} });
-    const channels = new Map<string, Channel>([
-      ["ui1", { name: "ui1", transport, entry: { name: "ui1", transport: "http-ui" } }],
-    ]);
-    server = Bun.serve({
-      port: 0,
-      hostname: "127.0.0.1",
-      idleTimeout: 0,
-      fetch: createFetchHandler(channels, registry),
-    });
-    base = `http://127.0.0.1:${server.port}`;
-  });
-
-  afterAll(() => {
-    server.stop(true);
-  });
-
-  test("POST /mcp/ui1 with an initialize body and no bearer → 401", async () => {
-    const res = await fetch(`${base}/mcp/ui1`, {
-      method: "POST",
-      headers: { "content-type": "application/json", accept: "application/json, text/event-stream" },
-      body: JSON.stringify({
-        jsonrpc: "2.0",
-        id: 1,
-        method: "initialize",
-        params: { protocolVersion: "2025-06-18", capabilities: {}, clientInfo: { name: "t", version: "0" } },
-      }),
-    });
-    expect(res.status).toBe(401);
-    expect(((await res.json()) as { error: string }).error).toBe("unauthorized");
-  });
-
-  test("POST /mcp/unknown-channel → 404 (channel miss, before auth body)", async () => {
-    const res = await fetch(`${base}/mcp/does-not-exist`, {
-      method: "POST",
-      headers: { "content-type": "application/json" },
-      body: JSON.stringify({ jsonrpc: "2.0", id: 1, method: "initialize", params: {} }),
-    });
-    expect(res.status).toBe(404);
-  });
-});