@saiteja1123/mcp-server 1.1.4 → 1.1.6

package/src/selftest.js

@@ -0,0 +1,2473 @@
+import assert from 'node:assert/strict';
+import { execFile } from 'node:child_process';
+import fs from 'fs/promises';
+import http from 'http';
+import os from 'os';
+import path from 'path';
+import { promisify } from 'node:util';
+import { pathToFileURL } from 'url';
+
+import {
+  createLock,
+  diagnosticLock,
+  validateScanPath,
+  isRuntimeCompatibleLock,
+  buildLockedRootHash as buildLockHashFromLockModule,
+} from './lock.mjs';
+import {
+  buildLockedRootHash as buildLockHashFromApiModule,
+  normalizeApiBase,
+  requestServerBind,
+  verifyInstallBinding,
+} from './api-scan.mjs';
+import { createBindingGuard } from './security/pathGuard.js';
+
+const execFileAsync = promisify(execFile);
+
+async function withMockMcpBackend(fn) {
+  const installs = new Map();
+  const activeTokenByAuth = new Map();
+  const scanLogCalls = [];
+  let tokenCounter = 0;
+  const nextInstallToken = () => {
+    tokenCounter += 1;
+    return tokenCounter.toString(16).padStart(64, 'c');
+  };
+  const server = http.createServer(async (req, res) => {
+    const chunks = [];
+    req.on('data', (chunk) => chunks.push(chunk));
+    req.on('end', () => {
+      const body = chunks.length ? JSON.parse(Buffer.concat(chunks).toString('utf8')) : {};
+      res.setHeader('Content-Type', 'application/json');
+
+      if (req.method === 'POST' && req.url === '/api/v1/mcp/bind') {
+        const auth = req.headers.authorization || '';
+        if (!auth.startsWith('Bearer ')) {
+          res.writeHead(401);
+          res.end(JSON.stringify({ success: false, error: 'auth required' }));
+          return;
+        }
+        const lockedRootPath = body.lockedRootPath;
+        const lockedRootHash = buildLockHashFromApiModule(lockedRootPath);
+        const previousToken = activeTokenByAuth.get(auth);
+        if (previousToken && installs.has(previousToken)) {
+          installs.get(previousToken).revoked = true;
+        }
+        const installToken = nextInstallToken();
+        installs.set(installToken, { lockedRootHash, revoked: false });
+        activeTokenByAuth.set(auth, installToken);
+        res.writeHead(201);
+        res.end(JSON.stringify({
+          success: true,
+          data: { installToken, lockedRootHash, lockedRootPath },
+        }));
+        return;
+      }
+
+      if (req.method === 'POST' && req.url === '/api/v1/mcp/verify-install') {
+        const install = installs.get(body.installToken);
+        if (
+          !install
+          || install.revoked
+          || install.lockedRootHash !== String(body.lockedRootHash || '').toLowerCase()
+        ) {
+          res.writeHead(403);
+          res.end(JSON.stringify({
+            success: false,
+            error: 'MCP install verification failed',
+            code: 'MCP_INSTALL_INVALID',
+          }));
+          return;
+        }
+        res.writeHead(200);
+        res.end(JSON.stringify({ success: true, data: { verifiedAt: new Date().toISOString() } }));
+        return;
+      }
+
+      if (req.method === 'POST' && req.url === '/api/v1/scan/local') {
+        const install = installs.get(body.installToken);
+        if (
+          !install
+          || install.revoked
+          || install.lockedRootHash !== String(body.lockedRootHash || '').toLowerCase()
+        ) {
+          res.writeHead(403);
+          res.end(JSON.stringify({
+            success: false,
+            error: 'MCP install verification failed',
+            code: 'MCP_INSTALL_INVALID',
+          }));
+          return;
+        }
+        if (body.code === 'quota-exhausted') {
+          res.writeHead(402);
+          res.end(JSON.stringify({
+            success: false,
+            error: 'Project quota exhausted',
+            code: 'QUOTA_EXCEEDED',
+          }));
+          return;
+        }
+        if (String(body.code || '').includes('remote-ok-without-data')) {
+          res.writeHead(200);
+          res.end(JSON.stringify({ success: true }));
+          return;
+        }
+        res.writeHead(200);
+        res.end(JSON.stringify({
+          success: true,
+          data: {
+            findings: [],
+            checklist: [],
+            score: 100,
+            grade: 'A',
+            verdict: 'No benchmark issues found',
+            codeHash: 'a'.repeat(64),
+            receiptId: 'scan-receipt-1',
+          },
+          quota: { limit: 10, remaining: 9 },
+        }));
+        return;
+      }
+
+      if (req.method === 'POST' && req.url === '/api/v1/scan/log') {
+        const install = installs.get(body.installToken);
+        if (
+          !install
+          || install.revoked
+          || install.lockedRootHash !== String(body.lockedRootHash || '').toLowerCase()
+        ) {
+          res.writeHead(403);
+          res.end(JSON.stringify({
+            success: false,
+            error: 'MCP install verification failed',
+            code: 'MCP_INSTALL_INVALID',
+          }));
+          return;
+        }
+        scanLogCalls.push(body);
+        res.writeHead(201);
+        res.end(JSON.stringify({ success: true, data: { scanId: 'scan-log-1' } }));
+        return;
+      }
+
+      res.writeHead(404);
+      res.end(JSON.stringify({ success: false, error: 'not found' }));
+    });
+  });
+
+  await new Promise((resolve) => server.listen(0, '127.0.0.1', resolve));
+  const { port } = server.address();
+  try {
+    return await fn(`http://127.0.0.1:${port}`, { scanLogCalls });
+  } finally {
+    await new Promise((resolve) => server.close(resolve));
+  }
+}
+
+async function run() {
+  const tmpBase = await fs.mkdtemp(path.join(os.tmpdir(), 'vibesecur-mcp-selftest-'));
+  try {
+    const projectRoot = path.join(tmpBase, 'project');
+    await fs.mkdir(projectRoot, { recursive: true });
+
+    const lock = await createLock({
+      rootPath: projectRoot,
+      account: 'selftest',
+      installToken: 'a'.repeat(64),
+      source: 'selftest',
+    });
+
+    const valid = await validateScanPath(projectRoot, lock.installToken);
+    assert.equal(valid.ok, true, 'validateScanPath should accept matching token in bound root');
+
+    const invalid = await validateScanPath(projectRoot, 'b'.repeat(64));
+    assert.equal(invalid.ok, false, 'validateScanPath should reject mismatched token');
+    assert.equal(invalid.code, 'TOKEN_MISMATCH', 'expected TOKEN_MISMATCH for wrong install token');
+
+    const hashFromLock = buildLockHashFromLockModule(projectRoot);
+    const hashFromApi = buildLockHashFromApiModule(projectRoot);
+    assert.equal(hashFromLock, hashFromApi, 'locked root hash must match across modules');
+
+    assert.equal(
+      normalizeApiBase('https://example.com'),
+      'https://example.com/api/v1',
+      'normalizeApiBase should append /api/v1',
+    );
+
+    assert.equal(
+      isRuntimeCompatibleLock(lock),
+      false,
+      'local/selftest locks must not be runtime-compatible server bindings',
+    );
+
+    const serverLock = await createLock({
+      rootPath: projectRoot,
+      account: 'selftest',
+      installToken: 'd'.repeat(64),
+      lockedRootHash: buildLockHashFromLockModule(projectRoot),
+      source: 'server',
+    });
+    assert.equal(
+      isRuntimeCompatibleLock(serverLock),
+      true,
+      'server-issued locks must be runtime-compatible',
+    );
+
+    const serverDiag = await validateScanPath(projectRoot, serverLock.installToken);
+    assert.equal(serverDiag.ok, true, 'server lock must pass local path/token diagnostics');
+    assert.equal(
+      isRuntimeCompatibleLock(serverDiag.lock),
+      true,
+      'validated server lock must preserve runtime-compatible source',
+    );
+
+    {
+      const {
+        DeepScanRuntime,
+        LocalDeepScanStore,
+        StepperRegistry,
+        DETERMINISTIC_SCAN_STEPPER_ID,
+        SECURITY_TEST_PLAN_SCHEMA_VERSION,
+        SECURITY_TEST_PLAN_STATUS_SEMANTICS,
+        SECURITY_TEST_PLAN_STEPPER_ID,
+        AGENT_FIX_TASK_SCHEMA_VERSION,
+        AGENT_FIX_TASK_STEPPER_ID,
+        buildAgentFixTaskArtifact,
+        buildRalphComparisonArtifact,
+        buildRalphFailureStateArtifact,
+        buildDeterministicScanArtifact,
+        buildProjectMapArtifact,
+        buildSecurityTestPlanArtifact,
+        buildDeepScanStatus,
+        createArtifactRef,
+        hashAgentFixTaskArtifact,
+        hashRalphComparisonArtifact,
+        hashRalphFailureStateArtifact,
+        hashProjectMapArtifact,
+        hashSecurityTestPlanArtifact,
+        RALPH_COMPARISON_SCHEMA_VERSION,
+        RALPH_COMPARISON_STEPPER_ID,
+        RALPH_FAILURE_STATE_SCHEMA_VERSION,
+        RALPH_FAILURE_STATE_STEPPER_ID,
+        DEFAULT_RALPH_LOOP_RETRY,
+        ACCEPTED_RISK_REGISTER_SCHEMA_VERSION,
+        ACCEPTED_RISK_STATE_SCHEMA_VERSION,
+        ACCEPTED_RISK_STEPPER_ID,
+        appendAcceptedRiskRecord,
+        buildAcceptedRiskStateArtifact,
+        hashAcceptedRiskStateArtifact,
+        readAcceptedRiskRegister,
+        validateAcceptedRiskRecord,
+        validateAcceptedRiskRegister,
+        validateAcceptedRiskStateArtifact,
+        ralphAcceptStepper,
+        ralphTaskStepper,
+        ralphComparisonStepper,
+        ralphFailureTrackStepper,
+        createSampleStepperRegistry,
+        deterministicScanStepper,
+        projectMapStepper,
+        sampleArtifactStepper,
+        sampleNeedsHumanStepper,
+        sampleNoopStepper,
+        securityTestPlanStepper,
+        validateAgentFixTaskArtifact,
+        validateRalphComparisonArtifact,
+        validateRalphFailureStateArtifact,
+        validateStepResult,
+        validateSecurityTestPlanArtifact,
+        writeAgentFixTaskArtifact,
+        writeRalphComparisonArtifact,
+        writeRalphFailureStateArtifact,
+        writeDeterministicScanArtifact,
+        writeProjectMapArtifact,
+        writeSecurityTestPlanArtifact,
+      } = await import(pathToFileURL(path.resolve('./src/deep-scan/index.js')).href);
+
+      const artifact = createArtifactRef({
+        id: 'artifact-project-map',
+        type: 'project_map',
+        storage: 'local',
+        uri: '.vibesecur/deep-scans/run-1/project-map.json',
+        hash: 'c'.repeat(64),
+        preview: 'frameworks and route file names only',
+        metadata: { sourceSafe: true },
+      });
+      const validResult = {
+        stepperId: 'sample.artifact',
+        version: '1.0.0',
+        status: 'passed',
+        startedAt: '2026-05-26T00:00:00.000Z',
+        finishedAt: '2026-05-26T00:00:01.000Z',
+        evidence: [{
+          type: 'hash',
+          label: 'Project map hash',
+          hash: artifact.hash,
+          preview: 'metadata-only artifact reference',
+        }],
+        findings: [],
+        artifacts: [artifact],
+        summary: 'Created metadata-only project map reference.',
+        nextActions: ['Inspect Deep Scan status.'],
+      };
+      assert.deepEqual(
+        validateStepResult(validResult, { stepperId: 'sample.artifact', version: '1.0.0' }).artifacts,
+        [artifact],
+        'Deep Scan step result should accept source-safe artifact refs',
+      );
+      assert.throws(
+        () => validateStepResult({
+          ...validResult,
+          artifacts: [{ ...artifact, content: 'const secret = "sk_live_should_not_be_logged";' }],
+        }, { stepperId: 'sample.artifact', version: '1.0.0' }),
+        /raw source|source-safe/i,
+        'Deep Scan artifact contracts must reject raw source-like fields',
+      );
+
+      const fixtureBase = path.join(tmpBase, 'project-map-fixtures');
+      const writeFixture = async (relativePath, value) => {
+        const target = path.join(fixtureBase, relativePath);
+        await fs.mkdir(path.dirname(target), { recursive: true });
+        await fs.writeFile(target, value, 'utf8');
+      };
+      await writeFixture('static-app/package.json', JSON.stringify({
+        scripts: { test: 'node --test', build: 'vite build' },
+        dependencies: { '@vitejs/plugin-react': '^5.0.0', vite: '^7.0.0', react: '^19.0.0' },
+        devDependencies: {},
+      }, null, 2));
+      await writeFixture('static-app/src/App.jsx', 'export function App(){ return <main>safe fixture</main>; }');
+      await writeFixture('static-app/.env.local', 'VITE_TOKEN=VS_FIXTURE_SECRET_DO_NOT_EXPORT');
+      await writeFixture('express-api/package.json', JSON.stringify({
+        scripts: { test: 'node --test tests/*.test.js', start: 'node src/server.js' },
+        dependencies: { express: '^5.0.0', pg: '^8.0.0' },
+      }, null, 2));
+      await writeFixture('express-api/src/routes/users.js', 'function secretRoute(){ return "VS_ROUTE_SOURCE_DO_NOT_EXPORT"; }');
+      await writeFixture('express-api/render.yaml', 'services: []');
+      await writeFixture('scan-app/package.json', JSON.stringify({
+        scripts: { test: 'node --test' },
+        dependencies: { express: '^5.0.0', jsonwebtoken: '^9.0.0' },
+      }, null, 2));
+      await writeFixture(
+        'scan-app/src/routes/auth.js',
+        'const jwt = require("jsonwebtoken");\nconst leaked = "sk_live_PHASE3_SELFTEST_SECRET";\napp.post("/login", (req, res) => jwt.sign({ user: req.body.user }, leaked));\n',
+      );
+      await writeFixture(
+        'scan-app/src/config.js',
+        'password = "CorrectHorseBatteryStaple"\njwt_secret: "phase3-jwt-secret"\nconst databaseUrl = "postgres://user:superpass@localhost:5432/app";\n',
+      );
+      await writeFixture(
+        'scan-app/app.py',
+        'password = "PythonSecretValue"\napi_key = "python_api_key_secret"\n',
+      );
+      await writeFixture('workspace/package.json', JSON.stringify({
+        workspaces: ['apps/*', 'packages/*'],
+        scripts: { test: 'npm run test -w app' },
+        devDependencies: { turbo: '^2.0.0' },
+      }, null, 2));
+      await writeFixture('workspace/apps/app/package.json', JSON.stringify({ scripts: { test: 'node --test' } }, null, 2));
+      await writeFixture('mcp-tool/package.json', JSON.stringify({
+        bin: { fixture: './src/cli.js' },
+        dependencies: { '@modelcontextprotocol/sdk': '^1.29.0', zod: '^4.0.0' },
+      }, null, 2));
+      await writeFixture('sensitive-scripts/package.json', JSON.stringify({
+        scripts: {
+          verify: 'node test.js --token plain-token-123 --api-key=plain-api-key-456 --password "plain-password-789"',
+          lint: 'curl -H "Authorization: Bearer plain-bearer-token-123" https://user:pass@example.com/check',
+        },
+        dependencies: {},
+      }, null, 2));
+      await writeFixture('unknown/README.md', '# Unknown fixture\n');
+
+      const projectMapSnapshot = (artifact) => ({
+        packageManagers: artifact.packageManagers,
+        frameworkNames: artifact.frameworks.map((item) => item.name),
+        runtimes: artifact.runtimes,
+        languageNames: artifact.languages.map((item) => item.language),
+        routeFiles: artifact.routeFiles,
+        testCommands: artifact.testCommands,
+        deploymentFiles: artifact.deploymentFiles,
+        envFiles: artifact.envFiles,
+        manifestPaths: artifact.manifests.map((item) => item.path),
+        workspace: artifact.workspace,
+        privacy: {
+          envValuesCaptured: artifact.privacy.envValuesCaptured,
+          sourceBodiesCaptured: artifact.privacy.sourceBodiesCaptured,
+          rawSourceStored: artifact.privacy.rawSourceStored,
+        },
+      });
+
+      const staticMap = await buildProjectMapArtifact({
+        rootPath: path.join(fixtureBase, 'static-app'),
+        generatedAt: '2026-05-28T00:00:00.000Z',
+      });
+      assert.deepEqual(projectMapSnapshot(staticMap), {
+        packageManagers: ['npm'],
+        frameworkNames: ['react', 'vite'],
+        runtimes: ['browser', 'node'],
+        languageNames: ['JavaScript/TypeScript'],
+        routeFiles: [],
+        testCommands: [{ source: 'package.json', name: 'test', command: 'node --test' }],
+        deploymentFiles: [],
+        envFiles: [{ path: '.env.local', kind: 'env', valuesCaptured: false }],
+        manifestPaths: ['package.json'],
+        workspace: { detected: false, manifests: [], patterns: [] },
+        privacy: {
+          envValuesCaptured: false,
+          sourceBodiesCaptured: false,
+          rawSourceStored: false,
+        },
+      }, 'Static app Project Map snapshot should stay stable');
+      assert.deepEqual(staticMap.packageManagers, ['npm'], 'Project Map should detect npm package manager');
+      assert.ok(staticMap.frameworks.some((item) => item.name === 'vite'), 'Project Map should detect Vite');
+      assert.ok(staticMap.frameworks.some((item) => item.name === 'react'), 'Project Map should detect React');
+      assert.ok(staticMap.languages.some((item) => item.language === 'JavaScript/TypeScript'), 'Project Map should summarize JS/TS files');
+      assert.ok(staticMap.testCommands.some((item) => item.command === 'node --test'), 'Project Map should capture package test scripts');
+      assert.ok(staticMap.envFiles.some((item) => item.path === '.env.local'), 'Project Map should list env filenames');
+      assert.equal(staticMap.privacy.envValuesCaptured, false, 'Project Map must not capture env values');
+      assert.doesNotMatch(JSON.stringify(staticMap), /VS_FIXTURE_SECRET_DO_NOT_EXPORT|export function App/i);
+
+      const expressMap = await buildProjectMapArtifact({
+        rootPath: path.join(fixtureBase, 'express-api'),
+        generatedAt: '2026-05-28T00:00:00.000Z',
+      });
+      assert.deepEqual(projectMapSnapshot(expressMap), {
+        packageManagers: ['npm'],
+        frameworkNames: ['express'],
+        runtimes: ['node'],
+        languageNames: ['JavaScript/TypeScript', 'YAML'],
+        routeFiles: [{ path: 'src/routes/users.js', kind: 'route_file' }],
+        testCommands: [{ source: 'package.json', name: 'test', command: 'node --test tests/*.test.js' }],
+        deploymentFiles: [{ path: 'render.yaml', type: 'render' }],
+        envFiles: [],
+        manifestPaths: ['package.json'],
+        workspace: { detected: false, manifests: [], patterns: [] },
+        privacy: {
+          envValuesCaptured: false,
+          sourceBodiesCaptured: false,
+          rawSourceStored: false,
+        },
+      }, 'Express API Project Map snapshot should stay stable');
+      assert.ok(expressMap.frameworks.some((item) => item.name === 'express'), 'Project Map should detect Express');
+      assert.ok(expressMap.routeFiles.some((item) => item.path === 'src/routes/users.js'), 'Project Map should detect route-like files');
+      assert.ok(expressMap.deploymentFiles.some((item) => item.path === 'render.yaml'), 'Project Map should detect Render deployment files');
+      assert.doesNotMatch(JSON.stringify(expressMap), /VS_ROUTE_SOURCE_DO_NOT_EXPORT|function secretRoute/i);
+
+      const workspaceMap = await buildProjectMapArtifact({
+        rootPath: path.join(fixtureBase, 'workspace'),
+        generatedAt: '2026-05-28T00:00:00.000Z',
+      });
+      assert.deepEqual(projectMapSnapshot(workspaceMap), {
+        packageManagers: ['npm'],
+        frameworkNames: [],
+        runtimes: ['node'],
+        languageNames: [],
+        routeFiles: [],
+        testCommands: [
+          { source: 'apps/app/package.json', name: 'test', command: 'node --test' },
+          { source: 'package.json', name: 'test', command: 'npm run test -w app' },
+        ],
+        deploymentFiles: [],
+        envFiles: [],
+        manifestPaths: ['apps/app/package.json', 'package.json'],
+        workspace: { detected: true, manifests: ['package.json'], patterns: ['apps/*', 'packages/*'] },
+        privacy: {
+          envValuesCaptured: false,
+          sourceBodiesCaptured: false,
+          rawSourceStored: false,
+        },
+      }, 'Workspace Project Map snapshot should stay stable');
+      assert.equal(workspaceMap.workspace.detected, true, 'Project Map should detect package workspaces');
+      assert.ok(workspaceMap.manifests.some((item) => item.path === 'apps/app/package.json'), 'Project Map should include workspace manifests');
+
+      const mcpMap = await buildProjectMapArtifact({
+        rootPath: path.join(fixtureBase, 'mcp-tool'),
+        generatedAt: '2026-05-28T00:00:00.000Z',
+      });
+      assert.deepEqual(projectMapSnapshot(mcpMap), {
+        packageManagers: ['npm'],
+        frameworkNames: ['mcp'],
+        runtimes: ['node'],
+        languageNames: [],
+        routeFiles: [],
+        testCommands: [],
+        deploymentFiles: [],
+        envFiles: [],
+        manifestPaths: ['package.json'],
+        workspace: { detected: false, manifests: [], patterns: [] },
+        privacy: {
+          envValuesCaptured: false,
+          sourceBodiesCaptured: false,
+          rawSourceStored: false,
+        },
+      }, 'MCP tool Project Map snapshot should stay stable');
+      assert.ok(mcpMap.frameworks.some((item) => item.name === 'mcp'), 'Project Map should detect MCP packages');
+
+      const sensitiveScriptsMap = await buildProjectMapArtifact({
+        rootPath: path.join(fixtureBase, 'sensitive-scripts'),
+        generatedAt: '2026-05-28T00:00:00.000Z',
+      });
+      assert.deepEqual(sensitiveScriptsMap.testCommands, [
+        {
+          source: 'package.json',
+          name: 'lint',
+          command: 'curl -H "Authorization: Bearer [redacted]" https://[redacted]@example.com/check',
+        },
+        {
+          source: 'package.json',
+          name: 'verify',
+          command: 'node test.js --token [redacted] --api-key=[redacted] --password [redacted]',
+        },
+      ], 'Project Map should redact credentials embedded in test/check command strings');
+      assert.doesNotMatch(
+        JSON.stringify(sensitiveScriptsMap),
+        /plain-token-123|plain-api-key-456|plain-password-789|plain-bearer-token-123|user:pass/i,
+        'Project Map command metadata must not retain script-embedded credential values',
+      );
+
+      const unknownMap = await buildProjectMapArtifact({
+        rootPath: path.join(fixtureBase, 'unknown'),
+        generatedAt: '2026-05-28T00:00:00.000Z',
+      });
+      assert.deepEqual(projectMapSnapshot(unknownMap), {
+        packageManagers: [],
+        frameworkNames: [],
+        runtimes: [],
+        languageNames: ['Markdown'],
+        routeFiles: [],
+        testCommands: [],
+        deploymentFiles: [],
+        envFiles: [],
+        manifestPaths: [],
+        workspace: { detected: false, manifests: [], patterns: [] },
+        privacy: {
+          envValuesCaptured: false,
+          sourceBodiesCaptured: false,
+          rawSourceStored: false,
+        },
+      }, 'Unknown project Project Map snapshot should stay stable');
+      assert.equal(unknownMap.frameworks.length, 0, 'Unknown projects should produce a valid map without fake frameworks');
+
+      const firstHash = hashProjectMapArtifact(staticMap);
+      const changedHash = hashProjectMapArtifact({
+        ...staticMap,
+        testCommands: [...staticMap.testCommands, { source: 'package.json', name: 'lint', command: 'eslint .' }],
+      });
+      assert.match(firstHash, /^[a-f0-9]{64}$/i, 'Project Map hash should be SHA-256');
+      assert.notEqual(changedHash, firstHash, 'Project Map hash should change when safe artifact metadata changes');
+
+      const projectMapDefinition = projectMapStepper();
+      const projectMapResult = await projectMapDefinition.run({
+        runId: 'deep_scan_project_map_selftest',
+        projectId: 'fixture-static',
+        config: { rootPath: path.join(fixtureBase, 'static-app') },
+        state: {},
+      });
+      assert.equal(projectMapResult.stepperId, 'project.map', 'Project Map stepper id should be stable');
+      assert.equal(projectMapResult.artifacts[0].type, 'project_map', 'Project Map stepper should emit a project_map artifact ref');
+      assert.match(projectMapResult.artifacts[0].hash, /^[a-f0-9]{64}$/i, 'Project Map artifact ref should include a hash');
+      assert.doesNotMatch(JSON.stringify(projectMapResult), /VS_FIXTURE_SECRET_DO_NOT_EXPORT|export function App/i);
+
+      const deterministicDefinition = deterministicScanStepper();
+      const deterministicResult = await deterministicDefinition.run({
+        runId: 'deep_scan_deterministic_selftest',
+        projectId: 'fixture-scan',
+        config: {
+          rootPath: path.join(fixtureBase, 'scan-app'),
+          maxFiles: 25,
+          generatedAt: '2026-05-28T00:00:00.000Z',
+        },
+        state: {},
+      });
+      assert.equal(
+        deterministicResult.stepperId,
+        DETERMINISTIC_SCAN_STEPPER_ID,
+        'Deterministic scan stepper id should be stable',
+      );
+      assert.equal(deterministicResult.status, 'passed', 'Deterministic scan stepper should pass when the scan runs');
+      assert.ok(deterministicResult.findings.length > 0, 'Deterministic scan stepper should surface scanner findings');
+      assert.ok(
+        deterministicResult.findings.every((finding) =>
+          finding.id
+          && finding.ruleId
+          && finding.ruleName
+          && finding.status === 'open'
+          && finding.source?.filePath
+          && Number.isInteger(finding.source?.lineNumber)
+          && finding.fingerprint),
+        'Deterministic scan findings should be normalized for downstream report/passport/Ralph consumers',
+      );
+      assert.ok(
+        deterministicResult.artifacts.some((ref) => ref.type === 'deterministic_scan'),
+        'Deterministic scan stepper should emit a deterministic_scan artifact ref',
+      );
+      assert.ok(
+        deterministicResult.receipts.some((receipt) =>
+          receipt.type === 'deterministic_scan'
+          && receipt.engine?.counts?.deterministic > 0
+          && receipt.summary?.totalIssues === deterministicResult.findings.length),
+        'Deterministic scan stepper should attach receipt metadata with rule counts and issue summary',
+      );
+      const deterministicArtifactRef = deterministicResult.artifacts.find((ref) => ref.type === 'deterministic_scan');
+      const deterministicArtifactText = await fs.readFile(
+        path.join(fixtureBase, 'scan-app', deterministicArtifactRef.uri),
+        'utf8',
+      );
+      assert.ok(
+        ['S002', 'S003', 'S004', 'P004'].every((ruleId) =>
+          deterministicResult.findings.some((finding) => finding.ruleId === ruleId)),
+        'Deterministic scan should preserve finding metadata for JS and Python secret rules',
+      );
+      assert.doesNotMatch(
+        JSON.stringify(deterministicResult),
+        /CorrectHorseBatteryStaple|phase3-jwt-secret|postgres:\/\/user:superpass|PythonSecretValue|python_api_key_secret/i,
+        'Deterministic scan step result must not retain raw JS or Python secret values',
+      );
+      assert.doesNotMatch(
+        deterministicArtifactText,
+        /CorrectHorseBatteryStaple|phase3-jwt-secret|postgres:\/\/user:superpass|PythonSecretValue|python_api_key_secret/i,
+        'Written deterministic scan artifact must not retain raw JS or Python secret values',
+      );
+      assert.match(
+        deterministicArtifactText,
+        /Preview withheld/,
+        'Written deterministic scan artifact should use generic local-source previews instead of scanner snippets',
+      );
+      assert.doesNotMatch(
+        JSON.stringify(deterministicResult),
+        /sk_live_PHASE3_SELFTEST_SECRET|jwt\.sign|const leaked|require\("jsonwebtoken"\)/i,
+        'Deterministic scan step result must not retain raw source or secret values',
+      );
+      await assert.rejects(
+        () => writeProjectMapArtifact({ rootPath: projectRoot, runId: '..', artifact: staticMap }),
+        /runId/i,
+        'Project Map artifact writes should reject dot-only run ids',
+      );
+      const deterministicArtifact = await buildDeterministicScanArtifact({
+        rootPath: path.join(fixtureBase, 'scan-app'),
+        generatedAt: '2026-05-28T00:00:00.000Z',
+        maxFiles: 25,
+      });
+
+      const scanProjectMap = await buildProjectMapArtifact({
+        rootPath: path.join(fixtureBase, 'scan-app'),
+        generatedAt: '2026-05-28T00:00:00.000Z',
+      });
+      const testPlanArtifact = buildSecurityTestPlanArtifact({
+        projectMap: scanProjectMap,
+        deterministicScan: deterministicArtifact,
+        generatedAt: '2026-05-28T00:00:00.000Z',
+      });
+      assert.equal(
+        testPlanArtifact.schemaVersion,
+        SECURITY_TEST_PLAN_SCHEMA_VERSION,
+        'Security Test Plan artifact schema version should be stable',
+      );
+      assert.ok(testPlanArtifact.testCases.length > 0, 'Security Test Plan should emit evidence-tied tests');
+      assert.deepEqual(
+        testPlanArtifact.statusSemantics,
+        SECURITY_TEST_PLAN_STATUS_SEMANTICS,
+        'Security Test Plan should embed stable status semantics for downstream consumers',
+      );
+      assert.ok(
+        testPlanArtifact.downstreamContract?.stableCandidateFields.includes('suggestedCommand')
+        && testPlanArtifact.downstreamContract?.stableCandidateFields.includes('priority'),
+        'Security Test Plan should publish downstream-stable candidate fields',
+      );
+      assert.ok(
+        testPlanArtifact.testCases.every((testCase) =>
+          testCase.id
+          && ['planned', 'runnable', 'blocked', 'manual'].includes(testCase.status)
+          && testCase.priority
+          && Object.prototype.hasOwnProperty.call(testCase, 'suggestedCommand')
+          && Object.prototype.hasOwnProperty.call(testCase, 'blockedReason')
+          && Object.prototype.hasOwnProperty.call(testCase, 'manualReason')
+          && Array.isArray(testCase.evidence)
+          && testCase.evidence.length > 0
+          && Array.isArray(testCase.sourceArtifactRefs)
+          && testCase.sourceArtifactRefs.length > 0),
+        'Every Security Test Plan item should have explicit status and source evidence',
+      );
+      assert.ok(
+        testPlanArtifact.testCases.some((testCase) =>
+          testCase.sourceFindingIds.length > 0
+          && testCase.targetSurface.files.includes('src/routes/auth.js')
+          && testCase.status === 'runnable'
+          && testCase.commandHint === 'node --test'
+          && testCase.suggestedCommand === 'node --test'),
+        'Security Test Plan should map deterministic findings to runnable evidence-tied regression tests',
+      );
+      assert.ok(
+        testPlanArtifact.testCases.some((testCase) =>
+          testCase.category === 'auth_session'
+          && testCase.targetSurface.files.includes('src/routes/auth.js')
+          && testCase.status === 'manual'
+          && testCase.manualReason),
+        'Security Test Plan should create manual-only auth/session review checks without requiring credentials in artifacts',
+      );
+      assert.ok(
+        testPlanArtifact.testCases.some((testCase) =>
+          testCase.category === 'api_abuse'
+          && testCase.targetSurface.files.includes('src/routes/auth.js')
+          && testCase.status === 'runnable'),
+        'Security Test Plan should map Project Map route files to targeted API abuse tests',
+      );
+      assert.equal(
+        new Set(testPlanArtifact.testCases.map((testCase) => testCase.dedupeKey)).size,
+        testPlanArtifact.testCases.length,
+        'Security Test Plan should dedupe candidate tests by stable target/risk keys',
+      );
+      assert.deepEqual(
+        testPlanArtifact.testCases.map((testCase) => testCase.rank),
+        [...testPlanArtifact.testCases.keys()].map((index) => index + 1),
+        'Security Test Plan ranks should be sequential after risk sorting',
+      );
+      assert.equal(
+        testPlanArtifact.summary.byStatus.runnable > 0,
+        true,
+        'Security Test Plan summary should count runnable tests when local test commands exist',
+      );
+      const plannedFindingPlan = buildSecurityTestPlanArtifact({
+        projectMap: {
+          ...scanProjectMap,
+          testCommands: [],
+          routeFiles: [],
+          envFiles: [],
+          deploymentFiles: [],
+        },
+        deterministicScan: deterministicArtifact,
+        generatedAt: '2026-05-28T00:00:00.000Z',
+        sourceRefs: {
+          projectMap: 'artifact-project-map-planned',
+          deterministicScan: 'artifact-rules-scan-planned',
+        },
+      });
+      assert.ok(
+        plannedFindingPlan.testCases.every((testCase) =>
+          testCase.status === 'planned'
+          && testCase.runner === 'agent_written_test'
+          && testCase.suggestedCommand === null
+          && testCase.sourceArtifactRefs.includes('artifact-rules-scan-planned')),
+        'Security Test Plan should mark finding-backed candidates planned when no local harness signal exists',
+      );
+      const unknownCommandPlan = buildSecurityTestPlanArtifact({
+        projectMap: {
+          ...scanProjectMap,
+          testCommands: [{
+            source: 'package.json',
+            name: 'verify',
+            command: 'curl -H "Authorization: Bearer [redacted]" https://example.com/check',
+          }],
+          routeFiles: [{ path: 'src/routes/payments.js', kind: 'route_file' }],
+          envFiles: [],
+          deploymentFiles: [],
+        },
+        deterministicScan: {
+          ...deterministicArtifact,
+          findings: [],
+          summary: { ...deterministicArtifact.summary, totalIssues: 0, bySeverity: {} },
+        },
+        generatedAt: '2026-05-28T00:00:00.000Z',
+      });
+      assert.equal(
+        unknownCommandPlan.summary.runnableCount,
+        0,
+        'Unknown or redacted commands should not make Security Test Plan candidates runnable',
+      );
+      assert.ok(
+        unknownCommandPlan.testCases.some((testCase) =>
+          testCase.status === 'blocked'
+          && testCase.runner === 'blocked_no_harness'
+          && /No local test command/.test(testCase.blockedReason)),
+        'Security Test Plan should block route/dependency candidates when no recognized local test harness exists',
+      );
+      const noFindingsPlan = buildSecurityTestPlanArtifact({
+        projectMap: expressMap,
+        deterministicScan: {
+          ...deterministicArtifact,
+          findings: [],
+          summary: { ...deterministicArtifact.summary, totalIssues: 0, bySeverity: {} },
+        },
+        generatedAt: '2026-05-28T00:00:00.000Z',
+      });
+      assert.ok(
+        noFindingsPlan.testCases.length > 0
+        && noFindingsPlan.testCases.every((testCase) => testCase.sourceFindingIds.length === 0),
+        'Security Test Plan should still emit Project Map evidence candidates when deterministic findings are absent',
+      );
+      const deterministicSnapshot = (plan) => plan.testCases.map((testCase) => ({
+        id: testCase.id,
+        dedupeKey: testCase.dedupeKey,
+        rank: testCase.rank,
+        sourceArtifactRefs: testCase.sourceArtifactRefs,
+        sourceFindingIds: testCase.sourceFindingIds,
+        targetSurface: testCase.targetSurface,
+      }));
+      assert.deepEqual(
+        deterministicSnapshot(testPlanArtifact),
+        deterministicSnapshot(buildSecurityTestPlanArtifact({
+          projectMap: scanProjectMap,
+          deterministicScan: deterministicArtifact,
+          generatedAt: '2026-05-28T00:00:00.000Z',
+        })),
+        'Security Test Plan candidate ids, refs, finding links, dedupe keys, and ranks should be deterministic',
+      );
+      assert.match(
+        testPlanArtifact.sources.projectMap.rootPathHash,
+        /^[a-f0-9]{64}$/i,
+        'Security Test Plan should preserve Project Map source hash metadata for downstream evidence',
+      );
+      assert.doesNotMatch(
+        JSON.stringify(testPlanArtifact),
+        /CorrectHorseBatteryStaple|phase3-jwt-secret|postgres:\/\/user:superpass|PythonSecretValue|python_api_key_secret|sk_live_PHASE3_SELFTEST_SECRET|jwt\.sign|const leaked/i,
+        'Security Test Plan artifact must not retain raw source or secret values',
+      );
+      assert.deepEqual(
+        validateSecurityTestPlanArtifact(testPlanArtifact).testCases.map((testCase) => testCase.status),
+        testPlanArtifact.testCases.map((testCase) => testCase.status),
+        'Security Test Plan validator should preserve explicit statuses',
+      );
+      assert.throws(
+        () => validateSecurityTestPlanArtifact({
+          ...testPlanArtifact,
+          testCases: [{ ...testPlanArtifact.testCases[0], evidence: [] }],
+        }),
+        /evidence/i,
+        'Security Test Plan validator should reject generic tests without evidence',
+      );
+      assert.throws(
+        () => validateSecurityTestPlanArtifact({
+          ...testPlanArtifact,
+          testCases: [{
+            ...testPlanArtifact.testCases[0],
+            suggestedCommand: 'node --test',
+            metadata: { providerKey: 'sk_live_PHASE4_PROVIDER_SECRET' },
+          }],
+        }),
+        /source-safe|secret/i,
+        'Security Test Plan validator should reject provider keys, install tokens, JWT secrets, and generated test bodies',
+      );
+      const emptyTestPlan = buildSecurityTestPlanArtifact({
+        projectMap: unknownMap,
+        deterministicScan: {
+          ...deterministicArtifact,
+          findings: [],
+          summary: { ...deterministicArtifact.summary, totalIssues: 0, bySeverity: {} },
+        },
+        generatedAt: '2026-05-28T00:00:00.000Z',
+      });
+      assert.equal(emptyTestPlan.testCases.length, 0, 'Security Test Plan should not emit generic filler tests');
+      assert.equal(
+        hashSecurityTestPlanArtifact(testPlanArtifact),
+        hashSecurityTestPlanArtifact(validateSecurityTestPlanArtifact(testPlanArtifact)),
+        'Security Test Plan artifact hash should be stable across validation',
+      );
+      const testPlanDefinition = securityTestPlanStepper();
+      const testPlanProjectRoot = path.join(fixtureBase, 'scan-app');
+      const projectMapForPlanResult = await projectMapDefinition.run({
+        runId: 'deep_scan_test_plan_selftest',
+        projectId: 'fixture-scan',
+        config: { rootPath: testPlanProjectRoot },
+        state: {},
+      });
+      const deterministicForPlanResult = await deterministicDefinition.run({
+        runId: 'deep_scan_test_plan_selftest',
+        projectId: 'fixture-scan',
+        config: {
+          rootPath: testPlanProjectRoot,
+          maxFiles: 25,
+          generatedAt: '2026-05-28T00:00:00.000Z',
+        },
+        state: {},
+      });
+      const testPlanResult = await testPlanDefinition.run({
+        runId: 'deep_scan_test_plan_selftest',
+        projectId: 'fixture-scan',
+        config: { rootPath: testPlanProjectRoot, generatedAt: '2026-05-28T00:00:00.000Z' },
+        state: {
+          artifacts: {
+            'project.map': projectMapForPlanResult.artifacts[0],
+            'rules.scan': deterministicForPlanResult.artifacts[0],
+          },
+          findings: deterministicForPlanResult.findings,
+          receipts: deterministicForPlanResult.receipts,
+        },
+      });
+      assert.equal(
+        testPlanResult.stepperId,
+        SECURITY_TEST_PLAN_STEPPER_ID,
+        'Security Test Plan stepper id should be stable',
+      );
+      assert.equal(testPlanResult.status, 'passed', 'Security Test Plan stepper should pass with Project Map and scan inputs');
+      assert.ok(
+        testPlanResult.artifacts.some((ref) => ref.type === 'security_test_plan'),
+        'Security Test Plan stepper should emit a security_test_plan artifact ref',
+      );
+      await assert.rejects(
+        () => testPlanDefinition.run({
+          runId: 'deep_scan_test_plan_missing_project_map',
+          projectId: 'fixture-scan',
+          config: { rootPath: testPlanProjectRoot, generatedAt: '2026-05-28T00:00:00.000Z' },
+          state: {
+            artifacts: {
+              'rules.scan': deterministicForPlanResult.artifacts[0],
+            },
+          },
+        }),
+        /project_map|requires/i,
+        'Security Test Plan stepper should fail closed when the Project Map artifact ref is missing',
+      );
+      const testPlanArtifactRef = testPlanResult.artifacts.find((ref) => ref.type === 'security_test_plan');
+      const testPlanArtifactText = await fs.readFile(
+        path.join(testPlanProjectRoot, testPlanArtifactRef.uri),
+        'utf8',
+      );
+      assert.match(testPlanArtifactText, /security_test_plan\.v1/, 'Written Security Test Plan artifact should include schema version');
+      assert.doesNotMatch(
+        testPlanArtifactText,
+        /CorrectHorseBatteryStaple|phase3-jwt-secret|postgres:\/\/user:superpass|PythonSecretValue|python_api_key_secret|sk_live_PHASE3_SELFTEST_SECRET|jwt\.sign|const leaked/i,
+        'Written Security Test Plan artifact must remain source-safe',
+      );
+      await assert.rejects(
+        () => writeSecurityTestPlanArtifact({ rootPath: projectRoot, runId: '.', artifact: testPlanArtifact }),
+        /runId/i,
+        'Security Test Plan artifact writes should reject dot-only run ids',
+      );
+      await assert.rejects(
+        () => writeDeterministicScanArtifact({ rootPath: projectRoot, runId: '.', artifact: deterministicArtifact }),
+        /runId/i,
+        'Deterministic Scan artifact writes should reject dot-only run ids',
+      );
+
+      const ralphTaskArtifact = buildAgentFixTaskArtifact({
+        securityTestPlan: testPlanArtifact,
+        deterministicScan: deterministicArtifact,
+        generatedAt: '2026-05-28T00:00:00.000Z',
+        sourceRefs: {
+          securityTestPlan: 'artifact-test-plan-for-ralph',
+          deterministicScan: 'artifact-rules-scan-for-ralph',
+        },
+      });
+      assert.equal(
+        ralphTaskArtifact.schemaVersion,
+        AGENT_FIX_TASK_SCHEMA_VERSION,
+        'Agent Fix Task artifact schema version should be stable',
+      );
+      assert.ok(ralphTaskArtifact.tasks.length > 0, 'Agent Fix Task artifact should emit evidence-tied tasks');
+      assert.ok(
+        ralphTaskArtifact.tasks.every((task) =>
+          task.taskId
+          && task.version === AGENT_FIX_TASK_SCHEMA_VERSION
+          && (task.findingIds.length > 0 || task.testPlanCandidateIds.length > 0)
+          && task.artifactRefs.includes('artifact-test-plan-for-ralph')
+          && task.safeSummary
+          && task.targetFiles.length > 0
+          && task.instructions.problem
+          && task.instructions.requiredBehavior
+          && task.instructions.verification
+          && task.instructions.rerun
+          && task.verification.command
+          && task.verification.expectedOutcome
+          && task.risk.severity
+          && ['ready', 'manual', 'blocked'].includes(task.status)
+          && Object.prototype.hasOwnProperty.call(task, 'acceptedRiskRef')),
+        'Every Agent Fix Task should have required schema fields, evidence refs, and explicit verification',
+      );
+      assert.ok(
+        ralphTaskArtifact.tasks.some((task) =>
+          task.findingIds.length > 0
+          && task.status === 'ready'
+          && task.instructions.rerun.includes('Vibesecur')
+          && task.verification.command === 'node --test'),
+        'Finding-backed runnable candidates should become ready Ralph tasks with rerun instructions',
+      );
+      assert.ok(
+        ralphTaskArtifact.tasks.some((task) =>
+          task.status === 'manual'
+          && task.manualReason
+          && task.instructions.acceptedRiskPath.includes('human approval')),
+        'Manual Test Plan candidates should stay manual with a human accepted-risk path',
+      );
+      const blockedRalphArtifact = buildAgentFixTaskArtifact({
+        securityTestPlan: unknownCommandPlan,
+        deterministicScan: {
+          ...deterministicArtifact,
+          findings: [],
+          summary: { ...deterministicArtifact.summary, totalIssues: 0, bySeverity: {} },
+        },
+        generatedAt: '2026-05-28T00:00:00.000Z',
+        sourceRefs: {
+          securityTestPlan: 'artifact-blocked-test-plan',
+          deterministicScan: 'artifact-blocked-rules-scan',
+        },
+      });
+      assert.ok(
+        blockedRalphArtifact.tasks.some((task) =>
+          task.status === 'blocked'
+          && /No local test command/.test(task.blockedReason)
+          && task.verification.command === null),
+        'Blocked Test Plan candidates should become blocked Ralph tasks without fake verification commands',
+      );
+      const manualFallbackArtifact = buildAgentFixTaskArtifact({
+        securityTestPlan: {
+          ...testPlanArtifact,
+          testCases: [{
+            ...testPlanArtifact.testCases[0],
+            id: 'test-unknown-category',
+            category: 'unmapped_future_category',
+            status: 'planned',
+            sourceFindingIds: [],
+            suggestedCommand: null,
+            commandHint: null,
+            targetSurface: { type: 'finding', files: ['src/unknown.js'], routes: [] },
+            dedupeKey: 'unknown-category-manual-fallback',
+          }],
+        },
+        deterministicScan: {
+          ...deterministicArtifact,
+          findings: [],
+          summary: { ...deterministicArtifact.summary, totalIssues: 0, bySeverity: {} },
+        },
+        generatedAt: '2026-05-28T00:00:00.000Z',
+      });
+      assert.equal(manualFallbackArtifact.tasks[0].status, 'manual', 'Unknown categories should fall back to manual review');
+      assert.match(
+        manualFallbackArtifact.tasks[0].instructions.problem,
+        /manual review/i,
+        'Unknown category fallback should use the manual review template',
+      );
+      assert.doesNotMatch(
+        JSON.stringify(ralphTaskArtifact),
+        /CorrectHorseBatteryStaple|phase3-jwt-secret|postgres:\/\/user:superpass|PythonSecretValue|python_api_key_secret|sk_live_PHASE3_SELFTEST_SECRET|jwt\.sign|const leaked|function\s+\w+\(/i,
+        'Agent Fix Task artifact must not retain raw source or secret values',
+      );
+      assert.throws(
+        () => validateAgentFixTaskArtifact({
+          ...ralphTaskArtifact,
+          tasks: [{ ...ralphTaskArtifact.tasks[0], artifactRefs: [] }],
+        }),
+        /artifactRefs/i,
+        'Agent Fix Task validator should reject tasks without artifact refs',
+      );
+      assert.throws(
+        () => validateAgentFixTaskArtifact({
+          ...ralphTaskArtifact,
+          tasks: [{
+            ...ralphTaskArtifact.tasks[0],
+            instructions: {
+              ...ralphTaskArtifact.tasks[0].instructions,
+              problem: 'const secret = "sk_live_PHASE5_PROVIDER_SECRET";',
+            },
+          }],
+        }),
+        /source-safe|secret/i,
+        'Agent Fix Task validator should reject raw source or secret-like instruction text',
+      );
+      assert.equal(
+        hashAgentFixTaskArtifact(ralphTaskArtifact),
+        hashAgentFixTaskArtifact(validateAgentFixTaskArtifact(ralphTaskArtifact)),
+        'Agent Fix Task artifact hash should be stable across validation',
+      );
+      const findingBackedCandidate = testPlanArtifact.testCases.find((testCase) =>
+        testCase.sourceFindingIds.length > 0);
+      assert.throws(
+        () => buildAgentFixTaskArtifact({
+          securityTestPlan: {
+            ...testPlanArtifact,
+            testCases: [{
+              ...findingBackedCandidate,
+              id: 'test-dangling-finding',
+              sourceFindingIds: ['finding-does-not-exist'],
+              dedupeKey: 'dangling-finding-reference',
+            }],
+          },
+          deterministicScan: deterministicArtifact,
+          generatedAt: '2026-05-28T00:00:00.000Z',
+        }),
+        /finding-does-not-exist|sourceFindingIds/i,
+        'Agent Fix Task generation should reject dangling deterministic finding refs',
+      );
+      const ralphDefinition = ralphTaskStepper();
+      const ralphResult = await ralphDefinition.run({
+        runId: 'deep_scan_ralph_selftest',
+        projectId: 'fixture-scan',
+        config: { rootPath: testPlanProjectRoot, generatedAt: '2026-05-28T00:00:00.000Z' },
+        state: {
+          artifacts: {
+            'tests.plan': testPlanResult.artifacts[0],
+            'rules.scan': deterministicForPlanResult.artifacts[0],
+          },
+        },
+      });
+      assert.equal(ralphResult.stepperId, AGENT_FIX_TASK_STEPPER_ID, 'Ralph task stepper id should be stable');
+      assert.equal(ralphResult.status, 'passed', 'Ralph task stepper should pass with Test Plan and scan inputs');
+      assert.ok(
+        ralphResult.artifacts.some((ref) => ref.type === 'agent_fix_tasks'),
+        'Ralph task stepper should emit an agent_fix_tasks artifact ref',
+      );
+      const ralphArtifactRef = ralphResult.artifacts.find((ref) => ref.type === 'agent_fix_tasks');
+      const ralphArtifactText = await fs.readFile(path.join(testPlanProjectRoot, ralphArtifactRef.uri), 'utf8');
+      assert.match(ralphArtifactText, /agent_fix_task\.v1/, 'Written Agent Fix Task artifact should include schema version');
+      assert.doesNotMatch(
+        ralphArtifactText,
+        /CorrectHorseBatteryStaple|phase3-jwt-secret|postgres:\/\/user:superpass|PythonSecretValue|python_api_key_secret|sk_live_PHASE3_SELFTEST_SECRET|jwt\.sign|const leaked/i,
+        'Written Agent Fix Task artifact must remain source-safe',
+      );
+      await assert.rejects(
+        () => writeAgentFixTaskArtifact({ rootPath: projectRoot, runId: '.', artifact: ralphTaskArtifact }),
+        /runId/i,
+        'Agent Fix Task artifact writes should reject dot-only run ids',
+      );
+      await assert.rejects(
+        () => ralphDefinition.run({
+          runId: 'deep_scan_ralph_bad_hash_selftest',
+          projectId: 'fixture-scan',
+          config: { rootPath: testPlanProjectRoot, generatedAt: '2026-05-28T00:00:00.000Z' },
+          state: {
+            artifacts: {
+              'tests.plan': { ...testPlanResult.artifacts[0], hash: '0'.repeat(64) },
+              'rules.scan': deterministicForPlanResult.artifacts[0],
+            },
+          },
+        }),
+        /hash/i,
+        'Ralph task stepper should reject Security Test Plan artifact hash mismatches',
+      );
+      await assert.rejects(
+        () => ralphDefinition.run({
+          runId: 'deep_scan_ralph_bad_scan_hash_selftest',
+          projectId: 'fixture-scan',
+          config: { rootPath: testPlanProjectRoot, generatedAt: '2026-05-28T00:00:00.000Z' },
+          state: {
+            artifacts: {
+              'tests.plan': testPlanResult.artifacts[0],
+              'rules.scan': { ...deterministicForPlanResult.artifacts[0], hash: '0'.repeat(64) },
+            },
+          },
+        }),
+        /hash/i,
+        'Ralph task stepper should reject deterministic scan artifact hash mismatches',
+      );
+
+      const baselineScan = {
+        ...deterministicArtifact,
+        findings: deterministicArtifact.findings
+          .map((finding) => (
+            finding.id === deterministicArtifact.findings[1].id
+              ? { ...finding, severity: 'medium' }
+              : finding
+          ))
+          .concat([{
+            ...deterministicArtifact.findings[0],
+            id: 'finding-selftest-baseline-only',
+            fingerprint: 'f'.repeat(64),
+            ruleId: 'S999',
+            title: 'Baseline-only simulated finding',
+          }, {
+            ...deterministicArtifact.findings[0],
+            id: null,
+            fingerprint: null,
+            ruleId: 'S998',
+            title: 'Low-confidence baseline-only simulated finding',
+          }]),
+      };
+      const acceptedRiskTaskArtifact = validateAgentFixTaskArtifact({
+        ...ralphTaskArtifact,
+        tasks: ralphTaskArtifact.tasks.map((task) => (
+          task.findingIds.includes(deterministicArtifact.findings[2].id)
+            ? { ...task, acceptedRiskRef: 'accepted-risk-selftest-1' }
+            : task
+        )),
+      });
+      const comparisonArtifact = buildRalphComparisonArtifact({
+        previousDeterministicScan: baselineScan,
+        currentDeterministicScan: deterministicArtifact,
+        agentFixTasks: acceptedRiskTaskArtifact,
+        generatedAt: '2026-05-28T00:00:00.000Z',
+        sourceRefs: {
+          previousDeterministicScan: 'artifact-rules-scan-baseline',
+          currentDeterministicScan: 'artifact-rules-scan-current',
+          agentFixTasks: 'artifact-test-plan-for-ralph',
+        },
+      });
+      assert.equal(
+        comparisonArtifact.schemaVersion,
+        RALPH_COMPARISON_SCHEMA_VERSION,
+        'Ralph comparison schema version should be stable',
+      );
+      assert.ok(
+        comparisonArtifact.comparisons.some((row) => row.status === 'resolved'),
+        'Ralph comparison should classify missing rerun findings as resolved',
+      );
+      assert.ok(
+        comparisonArtifact.comparisons.some((row) => row.status === 'worsened'),
+        'Ralph comparison should classify severity increases as worsened',
+      );
+      assert.ok(
+        comparisonArtifact.comparisons.some((row) => row.status === 'acceptedRisk' && row.acceptedRiskRef),
+        'Ralph comparison should preserve accepted-risk references for unresolved findings',
+      );
+      assert.ok(
+        comparisonArtifact.comparisons.some((row) => row.status === 'manualReview' && row.manualReviewReason),
+        'Ralph comparison should classify low-confidence identity matches as manual review',
+      );
+      assert.equal(
+        hashRalphComparisonArtifact(comparisonArtifact),
+        hashRalphComparisonArtifact(validateRalphComparisonArtifact(comparisonArtifact)),
+        'Ralph comparison artifact hash should be stable across validation',
+      );
+      const baselineWrite = await writeDeterministicScanArtifact({
+        rootPath: testPlanProjectRoot,
+        runId: 'deep_scan_ralph_baseline_selftest',
+        artifact: baselineScan,
+      });
+      const baselineRef = createArtifactRef({
+        id: 'artifact-rules-scan-baseline-selftest',
+        type: 'deterministic_scan',
+        storage: 'local',
+        uri: baselineWrite.uri,
+        hash: baselineWrite.hash,
+      });
+      const comparisonDefinition = ralphComparisonStepper();
+      const comparisonSkipped = await comparisonDefinition.run({
+        runId: 'deep_scan_ralph_compare_skipped_selftest',
+        projectId: 'fixture-scan',
+        config: { rootPath: testPlanProjectRoot, generatedAt: '2026-05-28T00:00:00.000Z' },
+        state: {
+          artifacts: {
+            'rules.scan': deterministicForPlanResult.artifacts[0],
+            'ralph.tasks': ralphResult.artifacts[0],
+          },
+        },
+      });
+      assert.equal(
+        comparisonSkipped.status,
+        'skipped',
+        'Ralph comparison stepper should skip when previous deterministic scan ref is not provided',
+      );
+      const comparisonResult = await comparisonDefinition.run({
+        runId: 'deep_scan_ralph_compare_selftest',
+        projectId: 'fixture-scan',
+        config: {
+          rootPath: testPlanProjectRoot,
+          generatedAt: '2026-05-28T00:00:00.000Z',
+          previousDeterministicScanRef: baselineRef,
+        },
+        state: {
+          artifacts: {
+            'rules.scan': deterministicForPlanResult.artifacts[0],
+            'ralph.tasks': ralphResult.artifacts[0],
+          },
+        },
+      });
+      assert.equal(
+        comparisonResult.stepperId,
+        RALPH_COMPARISON_STEPPER_ID,
+        'Ralph comparison stepper id should be stable',
+      );
+      assert.equal(
+        comparisonResult.status,
+        'passed',
+        'Ralph comparison should pass with baseline and current deterministic scan artifacts',
+      );
+      assert.ok(
+        comparisonResult.artifacts.some((ref) => ref.type === 'ralph_comparison'),
+        'Ralph comparison stepper should emit a ralph_comparison artifact ref',
+      );
+      const comparisonArtifactRef = comparisonResult.artifacts.find((ref) => ref.type === 'ralph_comparison');
+      const comparisonArtifactText = await fs.readFile(path.join(testPlanProjectRoot, comparisonArtifactRef.uri), 'utf8');
+      assert.match(
+        comparisonArtifactText,
+        /ralph_comparison\.v1/,
+        'Written Ralph comparison artifact should include schema version',
+      );
+      assert.match(
+        comparisonArtifactText,
+        /"acceptedRisk"/,
+        'Written Ralph comparison artifact should include accepted-risk classifications when present',
+      );
+      assert.match(
+        comparisonArtifactText,
+        /"manualReview"/,
+        'Written Ralph comparison artifact should include low-confidence manual-review classifications when present',
+      );
+      await assert.rejects(
+        () => writeRalphComparisonArtifact({ rootPath: projectRoot, runId: '.', artifact: comparisonArtifact }),
+        /runId/i,
+        'Ralph comparison artifact writes should reject dot-only run ids',
+      );
+
+      const repeatedComparisonRow = comparisonArtifact.comparisons.find(
+        (row) => (row.status === 'worsened' || row.status === 'unchanged')
+          && ['high', 'critical'].includes(String(row.current?.severity || row.previous?.severity).toLowerCase()),
+      );
+      const failureStateArtifact = buildRalphFailureStateArtifact({
+        comparisonArtifact,
+        previousFailureState: {
+          failures: repeatedComparisonRow ? [{
+            findingKey: repeatedComparisonRow.findingKey,
+            findingId: repeatedComparisonRow.current?.id || repeatedComparisonRow.previous?.id || 'finding-repeat-selftest',
+            taskId: 'task-repeat-selftest',
+            severity: repeatedComparisonRow.current?.severity || repeatedComparisonRow.previous?.severity || 'high',
+            attemptCount: 1,
+            lastFailureReason: `${repeatedComparisonRow.status}_high`,
+            lastSeenAt: '2026-05-27T00:00:00.000Z',
+            escalationStatus: 'normal',
+            comparisonStatus: repeatedComparisonRow.status,
+            nextAction: 'Apply a narrower local fix, rerun relevant tests, and compare again through MCP Deep Scan.',
+          }] : [],
+        },
+        agentFixTasks: acceptedRiskTaskArtifact,
+        generatedAt: '2026-05-28T00:00:00.000Z',
+      });
+      assert.equal(
+        failureStateArtifact.schemaVersion,
+        RALPH_FAILURE_STATE_SCHEMA_VERSION,
+        'Ralph failure state schema version should be stable',
+      );
+      const priorFailureStateForConfig = {
+        failures: repeatedComparisonRow ? [{
+          findingKey: repeatedComparisonRow.findingKey,
+          findingId: repeatedComparisonRow.current?.id || repeatedComparisonRow.previous?.id || 'finding-repeat-selftest',
+          taskId: 'task-repeat-selftest',
+          severity: repeatedComparisonRow.current?.severity || repeatedComparisonRow.previous?.severity || 'high',
+          attemptCount: 1,
+          lastFailureReason: `${repeatedComparisonRow.status}_high`,
+          lastSeenAt: '2026-05-27T00:00:00.000Z',
+          escalationStatus: 'normal',
+          comparisonStatus: repeatedComparisonRow.status,
+          nextAction: 'Apply a narrower local fix, rerun relevant tests, and compare again through MCP Deep Scan.',
+        }] : [],
+      };
+      if (repeatedComparisonRow) {
+        const repeated = failureStateArtifact.failures.find((row) => row.findingKey === repeatedComparisonRow.findingKey);
+        assert.ok(repeated, 'Ralph failure tracking should retain repeated high-risk findings');
+        assert.equal(repeated.attemptCount, 2, 'Repeated high-risk findings should increment attempt counts');
+        assert.equal(repeated.escalationStatus, 'escalated', 'Repeated high-risk findings should escalate at configured threshold');
+
+        // Config override: raising escalateAt should keep an attemptCount of 2 non-escalated.
+        const raisedThresholdArtifact = buildRalphFailureStateArtifact({
+          comparisonArtifact,
+          previousFailureState: priorFailureStateForConfig,
+          agentFixTasks: acceptedRiskTaskArtifact,
+          retryConfig: { maxAttempts: 5, escalateAt: 3, trackSeverities: ['critical', 'high'] },
+          generatedAt: '2026-05-28T00:00:00.000Z',
+        });
+        assert.equal(
+          raisedThresholdArtifact.retryConfig.escalateAt,
+          3,
+          'Ralph failure state should honor configurable escalateAt from GraphProfile',
+        );
+        const raisedRow = raisedThresholdArtifact.failures.find((row) => row.findingKey === repeatedComparisonRow.findingKey);
+        assert.ok(raisedRow, 'Repeated finding should still be tracked under a higher escalation threshold');
+        assert.equal(raisedRow.attemptCount, 2, 'Attempt count should still increment under a higher threshold');
+        assert.equal(
+          raisedRow.escalationStatus,
+          'normal',
+          'Repeated finding below configured escalateAt should remain normal instead of escalating',
+        );
+
+        // Config override: narrowing trackSeverities should stop tracking high-risk repeats.
+        const criticalOnlyArtifact = buildRalphFailureStateArtifact({
+          comparisonArtifact,
+          previousFailureState: priorFailureStateForConfig,
+          agentFixTasks: acceptedRiskTaskArtifact,
+          retryConfig: { maxAttempts: 3, escalateAt: 2, trackSeverities: ['critical'] },
+          generatedAt: '2026-05-28T00:00:00.000Z',
+        });
+        if (String(repeatedComparisonRow.current?.severity || repeatedComparisonRow.previous?.severity).toLowerCase() === 'high') {
+          assert.ok(
+            !criticalOnlyArtifact.failures.some((row) => row.findingKey === repeatedComparisonRow.findingKey),
+            'Narrowing trackSeverities to critical should stop incrementing high-severity repeats',
+          );
+        }
+      }
+
+      // Config defaults: omitting retryConfig should fall back to documented defaults.
+      const defaultConfigArtifact = buildRalphFailureStateArtifact({
+        comparisonArtifact,
+        previousFailureState: priorFailureStateForConfig,
+        agentFixTasks: acceptedRiskTaskArtifact,
+        generatedAt: '2026-05-28T00:00:00.000Z',
+      });
+      assert.deepEqual(
+        defaultConfigArtifact.retryConfig,
+        { maxAttempts: DEFAULT_RALPH_LOOP_RETRY.maxAttempts, escalateAt: DEFAULT_RALPH_LOOP_RETRY.escalateAt, trackSeverities: [...DEFAULT_RALPH_LOOP_RETRY.trackSeverities] },
+        'Ralph failure state should apply documented retry defaults when GraphProfile omits ralphLoop.retry',
+      );
+      assert.throws(
+        () => buildRalphFailureStateArtifact({
+          comparisonArtifact,
+          previousFailureState: priorFailureStateForConfig,
+          retryConfig: { maxAttempts: 2, escalateAt: 5, trackSeverities: ['high'] },
+          generatedAt: '2026-05-28T00:00:00.000Z',
+        }),
+        /escalateAt/i,
+        'Ralph failure state should reject escalateAt greater than maxAttempts',
+      );
+      assert.ok(
+        !failureStateArtifact.failures.some((row) => row.comparisonStatus === 'resolved'),
+        'Resolved findings should be removed from active repeated failure tracking',
+      );
+      assert.ok(
+        failureStateArtifact.failures.some((row) => row.escalationStatus === 'manualReview'),
+        'Manual review comparison rows should remain visible without silent auto-resolve',
+      );
+      assert.equal(
+        hashRalphFailureStateArtifact(failureStateArtifact),
+        hashRalphFailureStateArtifact(validateRalphFailureStateArtifact(failureStateArtifact)),
+        'Ralph failure state artifact hash should be stable across validation',
+      );
+      const trackDefinition = ralphFailureTrackStepper();
+      const trackSkipped = await trackDefinition.run({
+        runId: 'deep_scan_ralph_track_skipped_selftest',
+        projectId: 'fixture-scan',
+        config: { rootPath: testPlanProjectRoot, generatedAt: '2026-05-28T00:00:00.000Z' },
+        state: {
+          stepResults: { 'ralph.compare': comparisonSkipped },
+          artifacts: {
+            'rules.scan': deterministicForPlanResult.artifacts[0],
+            'ralph.tasks': ralphResult.artifacts[0],
+          },
+        },
+        tools: { rootPath: testPlanProjectRoot },
+      });
+      assert.equal(
+        trackSkipped.status,
+        'skipped',
+        'Ralph failure tracking should skip when comparison was skipped',
+      );
+      const trackResult = await trackDefinition.run({
+        runId: 'deep_scan_ralph_track_selftest',
+        projectId: 'fixture-scan',
+        config: { rootPath: testPlanProjectRoot, generatedAt: '2026-05-28T00:00:00.000Z' },
+        state: {
+          stepResults: { 'ralph.compare': comparisonResult },
+          artifacts: {
+            'rules.scan': deterministicForPlanResult.artifacts[0],
+            'ralph.tasks': ralphResult.artifacts[0],
+            'ralph.compare': comparisonResult.artifacts[0],
+          },
+        },
+        tools: { rootPath: testPlanProjectRoot },
+      });
+      assert.equal(
+        trackResult.stepperId,
+        RALPH_FAILURE_STATE_STEPPER_ID,
+        'Ralph failure tracking stepper id should be stable',
+      );
+      assert.equal(
+        trackResult.status,
+        'passed',
+        'Ralph failure tracking should pass when comparison artifact is available',
+      );
+      assert.ok(
+        trackResult.artifacts.some((ref) => ref.type === 'ralph_failure_state'),
+        'Ralph failure tracking stepper should emit a ralph_failure_state artifact ref',
+      );
+      const failureStateRef = trackResult.artifacts.find((ref) => ref.type === 'ralph_failure_state');
+      const failureStateText = await fs.readFile(path.join(testPlanProjectRoot, failureStateRef.uri), 'utf8');
+      assert.match(
+        failureStateText,
+        /ralph_failure_state\.v1/,
+        'Written Ralph failure state artifact should include schema version',
+      );
+      await assert.rejects(
+        () => writeRalphFailureStateArtifact({ rootPath: projectRoot, runId: '.', artifact: failureStateArtifact }),
+        /runId/i,
+        'Ralph failure state artifact writes should reject dot-only run ids',
+      );
+
+      // ── VIB-85: accepted-risk workflow ──────────────────────────────────
+      const acceptedFindingId = deterministicArtifact.findings[0].id;
+      const taskFindingId = deterministicArtifact.findings[2].id;
+      // High-risk acceptance requires explicit reason, reviewer, and expiry.
+      assert.throws(
+        () => validateAcceptedRiskRecord({ riskId: 'risk_hr_1', findingId: acceptedFindingId, severity: 'high' }),
+        /reason/i,
+        'High-risk accepted risk must require an explicit reason',
+      );
+      assert.throws(
+        () => validateAcceptedRiskRecord({ riskId: 'risk_hr_2', findingId: acceptedFindingId, severity: 'high', reason: 'mitigated' }),
+        /reviewer/i,
+        'High-risk accepted risk must require reviewer metadata',
+      );
+      assert.throws(
+        () => validateAcceptedRiskRecord({ riskId: 'risk_hr_3', findingId: acceptedFindingId, severity: 'critical', reason: 'mitigated', reviewer: 'sec@selftest' }),
+        /expiresAt/i,
+        'High-risk accepted risk must require an expiry/review date',
+      );
+      assert.throws(
+        () => validateAcceptedRiskRecord({ riskId: 'risk_no_target', severity: 'low' }),
+        /findingKey or findingId/i,
+        'Accepted risk must attach to a findingKey or findingId',
+      );
+      assert.throws(
+        () => validateAcceptedRiskRecord({
+          riskId: 'risk_bad_dates', findingId: acceptedFindingId, severity: 'high', reason: 'x', reviewer: 'y',
+          acceptedAt: '2026-05-10T00:00:00.000Z', expiresAt: '2026-05-01T00:00:00.000Z',
+        }),
+        /expiresAt must be after acceptedAt/i,
+        'Accepted risk expiry must be after acceptance time',
+      );
+      assert.throws(
+        () => validateAcceptedRiskRecord({ riskId: 'risk_hidden', findingId: acceptedFindingId, severity: 'low', reportVisibility: 'hidden' }),
+        /reportVisibility/i,
+        'Accepted risk can never be hidden from reports',
+      );
+      const lowRiskRecord = validateAcceptedRiskRecord({ riskId: 'risk_low_1', findingId: acceptedFindingId, severity: 'low' });
+      assert.equal(lowRiskRecord.reportVisibility, 'visible', 'Accepted risk defaults to visible report visibility');
+      assert.throws(
+        () => validateAcceptedRiskRegister({
+          schemaVersion: ACCEPTED_RISK_REGISTER_SCHEMA_VERSION,
+          records: [
+            { riskId: 'risk_dupe', findingId: acceptedFindingId, severity: 'low' },
+            { riskId: 'risk_dupe', findingId: taskFindingId, severity: 'low' },
+          ],
+        }),
+        /duplicate riskId/i,
+        'Accepted-risk register must reject duplicate riskIds',
+      );
+
+      // Active accepted risk marks a finding accepted with the register riskId.
+      const activeRegister = {
+        schemaVersion: ACCEPTED_RISK_REGISTER_SCHEMA_VERSION,
+        records: [{
+          riskId: 'risk_active_selftest',
+          findingId: acceptedFindingId,
+          severity: 'high',
+          reason: 'Endpoint disabled behind a feature flag before launch.',
+          reviewer: 'security@selftest',
+          acceptedAt: '2026-05-01T00:00:00.000Z',
+          expiresAt: '2026-12-31T00:00:00.000Z',
+        }],
+      };
+      const comparisonAcceptedActive = buildRalphComparisonArtifact({
+        previousDeterministicScan: baselineScan,
+        currentDeterministicScan: deterministicArtifact,
+        acceptedRiskRegister: activeRegister,
+        generatedAt: '2026-05-28T00:00:00.000Z',
+      });
+      const activeRow = comparisonAcceptedActive.comparisons.find((row) => row.acceptedRiskRef === 'risk_active_selftest');
+      assert.ok(activeRow && activeRow.status === 'acceptedRisk', 'Active accepted-risk register record should mark the finding acceptedRisk with the register riskId');
+
+      // Expired accepted risk reverts the finding to unresolved.
+      const expiredRegister = {
+        schemaVersion: ACCEPTED_RISK_REGISTER_SCHEMA_VERSION,
+        records: [{
+          riskId: 'risk_expired_selftest',
+          findingId: acceptedFindingId,
+          severity: 'high',
+          reason: 'Temporary acceptance during migration.',
+          reviewer: 'security@selftest',
+          acceptedAt: '2026-04-01T00:00:00.000Z',
+          expiresAt: '2026-05-01T00:00:00.000Z',
+        }],
+      };
+      const comparisonAcceptedExpired = buildRalphComparisonArtifact({
+        previousDeterministicScan: baselineScan,
+        currentDeterministicScan: deterministicArtifact,
+        acceptedRiskRegister: expiredRegister,
+        generatedAt: '2026-05-28T00:00:00.000Z',
+      });
+      const expiredRow = comparisonAcceptedExpired.comparisons.find((row) => row.current?.id === acceptedFindingId);
+      assert.ok(expiredRow, 'Comparison should still track a finding whose accepted risk expired');
+      assert.notEqual(expiredRow.status, 'acceptedRisk', 'Expired accepted risk should revert the finding to unresolved');
+      assert.equal(expiredRow.acceptedRiskRef, null, 'Expired accepted risk should not leave an accepted-risk reference');
+
+      // An expired register record suppresses the legacy AgentFixTask acceptedRiskRef.
+      const suppressRegister = {
+        schemaVersion: ACCEPTED_RISK_REGISTER_SCHEMA_VERSION,
+        records: [{
+          riskId: 'risk_suppress_selftest',
+          findingId: taskFindingId,
+          severity: 'high',
+          reason: 'Was accepted, now expired and must be re-reviewed.',
+          reviewer: 'security@selftest',
+          acceptedAt: '2026-04-01T00:00:00.000Z',
+          expiresAt: '2026-05-01T00:00:00.000Z',
+        }],
+      };
+      const comparisonSuppressed = buildRalphComparisonArtifact({
+        previousDeterministicScan: baselineScan,
+        currentDeterministicScan: deterministicArtifact,
+        agentFixTasks: acceptedRiskTaskArtifact,
+        acceptedRiskRegister: suppressRegister,
+        generatedAt: '2026-05-28T00:00:00.000Z',
+      });
+      const suppressedRow = comparisonSuppressed.comparisons.find((row) => row.current?.id === taskFindingId || row.previous?.id === taskFindingId);
+      assert.ok(suppressedRow, 'Comparison should track the finding referenced by the legacy task acceptedRiskRef');
+      assert.notEqual(suppressedRow.status, 'acceptedRisk', 'Expired register record should override and suppress the legacy task acceptedRiskRef');
+
+      // Accepted-risk state artifact shows active and expired separately, and flags reverted findings.
+      const mixedRegister = {
+        schemaVersion: ACCEPTED_RISK_REGISTER_SCHEMA_VERSION,
+        records: [activeRegister.records[0], expiredRegister.records[0]],
+      };
+      const acceptedRiskState = buildAcceptedRiskStateArtifact({
+        register: mixedRegister,
+        comparisonArtifact: comparisonAcceptedExpired,
+        generatedAt: '2026-05-28T00:00:00.000Z',
+      });
+      assert.equal(acceptedRiskState.schemaVersion, ACCEPTED_RISK_STATE_SCHEMA_VERSION, 'Accepted-risk state schema version should be stable');
+      assert.equal(acceptedRiskState.summary.activeCount, 1, 'Accepted-risk state should count one active record');
+      assert.equal(acceptedRiskState.summary.expiredCount, 1, 'Accepted-risk state should count one expired record');
+      assert.equal(acceptedRiskState.summary.expiredRevertedCount, 1, 'Accepted-risk state should flag the expired record whose finding reverted to unresolved');
+      assert.ok(acceptedRiskState.reportHandoff.activeAcceptedRisk.length === 1, 'Report handoff should list active accepted risk separately');
+      assert.ok(acceptedRiskState.reportHandoff.expiredAcceptedRisk.length === 1, 'Report handoff should list expired accepted risk separately');
+      assert.equal(
+        hashAcceptedRiskStateArtifact(acceptedRiskState),
+        hashAcceptedRiskStateArtifact(validateAcceptedRiskStateArtifact(acceptedRiskState)),
+        'Accepted-risk state artifact hash should be stable across validation',
+      );
+
+      // Register append entrypoint + read-back; high-risk validation enforced on append.
+      const acceptDir = path.join(tmpBase, 'accept-risk-register');
+      await fs.mkdir(acceptDir, { recursive: true });
+      const appended = await appendAcceptedRiskRecord({
+        rootPath: acceptDir,
+        record: {
+          findingId: acceptedFindingId,
+          severity: 'high',
+          reason: 'Mitigated by WAF rule pending code fix.',
+          reviewer: 'security@selftest',
+          expiresAt: '2027-01-01T00:00:00.000Z',
+        },
+      });
+      assert.match(appended.record.riskId, /^risk_/, 'appendAcceptedRiskRecord should generate a riskId when omitted');
+      const readBack = await readAcceptedRiskRegister({ rootPath: acceptDir });
+      assert.equal(readBack.exists, true, 'Accepted-risk register should persist locally');
+      assert.equal(readBack.register.records.length, 1, 'Accepted-risk register should contain the appended record');
+      await assert.rejects(
+        () => appendAcceptedRiskRecord({ rootPath: acceptDir, record: { findingId: taskFindingId, severity: 'critical' } }),
+        /reason/i,
+        'appendAcceptedRiskRecord should reject high-risk acceptance without reason/reviewer/expiry',
+      );
+
+      // Stepper skips without a register and passes (writing a source-safe artifact) with one.
+      const acceptStepper = ralphAcceptStepper();
+      const acceptSkip = await acceptStepper.run({
+        runId: 'deep_scan_accept_skip_selftest',
+        config: { generatedAt: '2026-05-28T00:00:00.000Z' },
+        state: {},
+        tools: { rootPath: testPlanProjectRoot },
+      });
+      assert.equal(acceptSkip.status, 'skipped', 'ralph.accept should skip when no accepted-risk register exists');
+      const acceptPass = await acceptStepper.run({
+        runId: 'deep_scan_accept_pass_selftest',
+        config: { generatedAt: '2026-05-28T00:00:00.000Z' },
+        state: {},
+        tools: { rootPath: acceptDir },
+      });
+      assert.equal(acceptPass.stepperId, ACCEPTED_RISK_STEPPER_ID, 'ralph.accept stepper id should be stable');
+      assert.equal(acceptPass.status, 'passed', 'ralph.accept should pass when an accepted-risk register exists');
+      assert.ok(acceptPass.artifacts.some((ref) => ref.type === 'ralph_accepted_risk'), 'ralph.accept should emit a ralph_accepted_risk artifact');
+      const acceptStateRef = acceptPass.artifacts.find((ref) => ref.type === 'ralph_accepted_risk');
+      const acceptStateText = await fs.readFile(path.join(acceptDir, acceptStateRef.uri), 'utf8');
+      assert.match(acceptStateText, /ralph_accepted_risk\.v1/, 'Written accepted-risk state artifact should include schema version');
+      assert.doesNotMatch(acceptStateText, /sk_live|sourceCode|const secret|function\s+\w+\(/i, 'Accepted-risk state artifact must remain source-safe');
+
+      const registry = createSampleStepperRegistry(new StepperRegistry());
+      assert.ok(registry.get('project.map'), 'Default Deep Scan registry should include the Project Map stepper');
+      assert.ok(registry.get('rules.scan'), 'Default Deep Scan registry should include the deterministic scan stepper');
+      assert.ok(registry.get('tests.plan'), 'Default Deep Scan registry should include the Security Test Plan stepper');
+      assert.ok(registry.get('ralph.tasks'), 'Default Deep Scan registry should include the Agent Fix Task stepper');
+      assert.ok(registry.get('ralph.compare'), 'Default Deep Scan registry should include the Ralph comparison stepper');
+      assert.ok(registry.get('ralph.accept'), 'Default Deep Scan registry should include the Ralph accepted-risk stepper');
+      assert.ok(registry.get('ralph.track'), 'Default Deep Scan registry should include the Ralph failure tracking stepper');
+      assert.throws(
+        () => registry.register(sampleNoopStepper()),
+        /duplicate/i,
+        'StepperRegistry should reject duplicate stepper ids',
+      );
+      assert.equal(
+        registry.validateProfile({
+          id: 'deep-scan-test',
+          version: '1.0.0',
+          checkpoint: true,
+          steppers: [
+            { id: 'sample.noop', required: true },
+            { id: 'project.map', required: true },
+            { id: 'rules.scan', required: true },
+            { id: 'tests.plan', required: true },
+            { id: 'ralph.tasks', required: true },
+            { id: 'ralph.compare', required: true },
+            { id: 'ralph.accept', required: true },
+            { id: 'ralph.track', required: true },
+            { id: 'sample.disabledOptional', required: false, enabled: false },
+            { id: 'sample.needsHuman', required: true },
+          ],
+        }).valid,
+        true,
+        'GraphProfile validation should accept registered, reorderable, disabled optional steps',
+      );
+      const missingValidation = registry.validateProfile({
+        id: 'bad-profile',
+        version: '1.0.0',
+        steppers: [{ id: 'sample.missing', required: true }],
+      });
+      assert.equal(missingValidation.valid, false, 'GraphProfile validation should reject missing stepper ids');
+      assert.match(missingValidation.errors[0].message, /sample\.missing/, 'missing step errors should name the stepper id');
+
+      const unsafeRegistry = new StepperRegistry().register({
+        id: 'sample.external',
+        version: '1.0.0',
+        title: 'External Stepper',
+        category: 'runtime_proof',
+        unsafeExternal: true,
+        async run() {
+          throw new Error('unsafe external stepper should not run without definition-level approval requirements');
+        },
+      });
+      const unsafeValidation = unsafeRegistry.validateProfile({
+        id: 'unsafe-profile',
+        version: '1.0.0',
+        steppers: [{ id: 'sample.external', required: true, requiresApproval: true }],
+      });
+      assert.equal(
+        unsafeValidation.valid,
+        false,
+        'unsafe external steppers must define concrete approval requirements before profiles can enable them',
+      );
+      assert.match(
+        unsafeValidation.errors[0].message,
+        /approval requirements/i,
+        'unsafe external profile errors should explain the missing approval requirement',
+      );
+
+      const store = new LocalDeepScanStore({ rootPath: projectRoot });
+      assert.throws(
+        () => new LocalDeepScanStore({ rootPath: projectRoot, directory: '../outside' }),
+        /inside rootPath/i,
+        'Deep Scan store should reject directories that escape the bound root',
+      );
+      const outsideProjectMapOverride = path.join(tmpBase, 'outside-project-map-override');
+      await fs.mkdir(outsideProjectMapOverride, { recursive: true });
+      await fs.writeFile(
+        path.join(outsideProjectMapOverride, 'package.json'),
+        JSON.stringify({ scripts: { test: 'echo should-not-map' }, dependencies: { fastify: '^5.0.0' } }, null, 2),
+        'utf8',
+      );
+      const runtime = new DeepScanRuntime({ registry, store });
+      const run = await runtime.createRun({
+        projectId: 'project_123',
+        projectHash: 'f'.repeat(64),
+        graphProfile: {
+          id: 'deep-scan-test',
+          version: '1.0.0',
+          checkpoint: true,
+          steppers: [
+            { id: 'sample.noop', required: true },
+            { id: 'sample.needsHuman', required: true },
+            { id: 'project.map', required: true, config: { rootPath: outsideProjectMapOverride } },
+            { id: 'rules.scan', required: true, config: { rootPath: outsideProjectMapOverride } },
+            { id: 'tests.plan', required: true, config: { rootPath: outsideProjectMapOverride } },
+            { id: 'ralph.tasks', required: true, config: { rootPath: outsideProjectMapOverride } },
+            { id: 'ralph.compare', required: true, config: { rootPath: outsideProjectMapOverride } },
+            { id: 'ralph.accept', required: true, config: { rootPath: outsideProjectMapOverride } },
+            { id: 'ralph.track', required: true, config: { rootPath: outsideProjectMapOverride } },
+          ],
+        },
+        metadata: { runtimeBoundary: 'mcp-local', artifactStorage: 'refs-only' },
+      });
+
+      const paused = await runtime.startRun(run.runId);
+      assert.equal(paused.status, 'needs_human', 'runtime should pause at approval-gated step');
+      assert.equal(Object.keys(paused.stepResults).length, 2, 'runtime should checkpoint after every completed or paused step');
+      assert.equal(paused.stepResults['sample.noop'].status, 'passed', 'completed step should be checkpointed');
+      assert.equal(paused.stepResults['sample.needsHuman'].status, 'needs_human', 'approval step should be checkpointed');
+
+      const checkpoint = await store.getRun(run.runId);
+      assert.equal(checkpoint.status, 'needs_human', 'local store should persist checkpointed status');
+      assert.doesNotMatch(JSON.stringify(checkpoint), /sk_live|sourceCode|rawSource|const secret|function\s+\w+\(/i);
+
+      const status = buildDeepScanStatus(checkpoint);
+      assert.equal(status.runId, run.runId, 'status inspection should include the run id');
+      assert.match(status.nextAction, /approval/i, 'status inspection should explain the next safe approval action');
+
+      await runtime.recordApproval({
+        runId: run.runId,
+        requirementId: 'sample.needsHuman',
+        decision: 'approved',
+        approvedBy: 'selftest',
+        reason: 'Approve fixture-only stepper execution.',
+        metadata: { scope: 'fixture' },
+      });
+      const resumed = await runtime.resumeRun(run.runId);
+      assert.equal(resumed.status, 'passed', 'runtime should finish after approval is recorded');
+      assert.equal(Object.keys(resumed.stepResults).length, 9, 'resume should not duplicate completed steps');
+      assert.match(resumed.artifacts['project.map'].hash, /^[a-f0-9]{64}$/i, 'Project Map artifact references should be indexed by stepper id');
+      assert.match(resumed.artifacts['rules.scan'].hash, /^[a-f0-9]{64}$/i, 'Deterministic scan artifact references should be indexed by stepper id');
+      assert.match(resumed.artifacts['tests.plan'].hash, /^[a-f0-9]{64}$/i, 'Security Test Plan artifact references should be indexed by stepper id');
+      assert.match(resumed.artifacts['ralph.tasks'].hash, /^[a-f0-9]{64}$/i, 'Agent Fix Task artifact references should be indexed by stepper id');
+      assert.equal(resumed.receipts.length, 1, 'runtime should aggregate deterministic scan receipt refs');
+      assert.equal(resumed.receipts[0].engine.counts.deterministic > 0, true, 'runtime receipt refs should preserve rule counts');
+      await fs.access(path.join(projectRoot, resumed.artifacts['project.map'].uri));
+      await fs.access(path.join(projectRoot, resumed.artifacts['rules.scan'].uri));
+      await fs.access(path.join(projectRoot, resumed.artifacts['tests.plan'].uri));
+      await fs.access(path.join(projectRoot, resumed.artifacts['ralph.tasks'].uri));
+      await assert.rejects(
+        fs.access(path.join(outsideProjectMapOverride, resumed.artifacts['project.map'].uri)),
+        'Project Map runtime must ignore config.rootPath overrides when a bound root is provided',
+      );
+      await assert.rejects(
+        fs.access(path.join(outsideProjectMapOverride, resumed.artifacts['rules.scan'].uri)),
+        'Deterministic Scan runtime must ignore config.rootPath overrides when a bound root is provided',
+      );
+      await assert.rejects(
+        fs.access(path.join(outsideProjectMapOverride, resumed.artifacts['tests.plan'].uri)),
+        'Security Test Plan runtime must ignore config.rootPath overrides when a bound root is provided',
+      );
+      await assert.rejects(
+        fs.access(path.join(outsideProjectMapOverride, resumed.artifacts['ralph.tasks'].uri)),
+        'Agent Fix Task runtime must ignore config.rootPath overrides when a bound root is provided',
+      );
+      const completedStatus = buildDeepScanStatus(resumed);
+      assert.equal(
+        resumed.stepResults['ralph.compare'].status,
+        'skipped',
+        'Ralph comparison should skip in default profile when no baseline deterministic scan ref is configured',
+      );
+      assert.equal(
+        resumed.stepResults['ralph.accept'].status,
+        'skipped',
+        'Ralph accepted-risk should skip in default profile when no accepted-risk register exists',
+      );
+      assert.equal(
+        resumed.stepResults['ralph.track'].status,
+        'skipped',
+        'Ralph failure tracking should skip in default profile when comparison was skipped',
+      );
+      assert.deepEqual(
+        completedStatus.steps.map((step) => step.stepperId),
+        ['sample.noop', 'sample.needsHuman', 'project.map', 'rules.scan', 'tests.plan', 'ralph.tasks', 'ralph.compare', 'ralph.accept', 'ralph.track'],
+        'Deep Scan status should preserve graph profile order for progress monitoring',
+      );
+      const artifactIds = completedStatus.artifactRefs.map((ref) => ref.id);
+      assert.equal(
+        artifactIds.length,
+        new Set(artifactIds).size,
+        'Deep Scan status should expose each artifact ref once even when runtime indexes by stepper id and artifact id',
+      );
+      assert.doesNotMatch(JSON.stringify(resumed), /sk_live|sourceCode|rawSource|const secret|function\s+\w+\(/i);
+
+      const deniedRun = await runtime.createRun({
+        projectId: 'project_123',
+        projectHash: 'f'.repeat(64),
+        graphProfile: {
+          id: 'deep-scan-denial-test',
+          version: '1.0.0',
+          checkpoint: true,
+          steppers: [
+            { id: 'sample.noop', required: true },
+            { id: 'sample.needsHuman', required: true },
+            { id: 'project.map', required: true },
+            { id: 'rules.scan', required: true },
+          ],
+        },
+        metadata: { runtimeBoundary: 'mcp-local', artifactStorage: 'refs-only' },
+      });
+      await runtime.startRun(deniedRun.runId);
+      await runtime.recordApproval({
+        runId: deniedRun.runId,
+        requirementId: 'sample.needsHuman',
+        decision: 'denied',
+        approvedBy: 'selftest',
+        reason: 'Deny fixture-only approval to prove fail-closed behavior.',
+        metadata: { scope: 'fixture' },
+      });
+      const blocked = await runtime.resumeRun(deniedRun.runId);
+      assert.equal(blocked.status, 'blocked', 'runtime should block when required approval is denied');
+      assert.equal(blocked.stepResults['sample.needsHuman'].status, 'blocked', 'denied approval should become a blocked step');
+      assert.match(blocked.stepResults['sample.needsHuman'].blockedReason, /denied/i);
+    }
+
+    await withMockMcpBackend(async (apiBase) => {
+      const bind = await requestServerBind({
+        lockedRootPath: projectRoot,
+        authToken: 'test-token',
+        apiBase,
+      });
+      assert.equal(bind.ok, true, 'mock backend bind should succeed with auth token');
+      assert.match(bind.json?.data?.installToken, /^[a-f0-9]{64}$/, 'bind should return backend-issued token');
+
+      const verified = await verifyInstallBinding({
+        installToken: bind.json.data.installToken,
+        lockedRootHash: bind.json.data.lockedRootHash,
+        apiBase,
+      });
+      assert.equal(verified.ok, true, 'backend-issued bind should verify successfully');
+      assert.equal(verified.json?.success, true, 'verify-install should return success:true');
+
+      const rejected = await verifyInstallBinding({
+        installToken: 'e'.repeat(64),
+        lockedRootHash: bind.json.data.lockedRootHash,
+        apiBase,
+      });
+      assert.equal(rejected.ok, false, 'local-only token/hash pairs must be rejected by verify-install');
+      assert.equal(rejected.json?.code, 'MCP_INSTALL_INVALID', 'verify-install rejection code must be preserved');
+    });
+
+    await withMockMcpBackend(async (apiBase, ctx) => {
+      const bind = await requestServerBind({
+        lockedRootPath: projectRoot,
+        authToken: 'same-user-token',
+        apiBase,
+      });
+      assert.equal(bind.ok, true, 'E1: bind should succeed before in-folder scan');
+      await createLock({
+        rootPath: projectRoot,
+        account: 'selftest',
+        installToken: bind.json.data.installToken,
+        lockedRootHash: bind.json.data.lockedRootHash,
+        source: 'server',
+      });
+
+      const guardPath = createBindingGuard({
+        boundRoot: projectRoot,
+        installToken: bind.json.data.installToken,
+        apiBase,
+      });
+      const guard = await guardPath(projectRoot);
+      assert.equal(guard.ok, true, 'E1: guard should accept the bound project root');
+
+      const savedBase = process.env.VIBESECUR_API_BASE;
+      process.env.VIBESECUR_API_BASE = apiBase;
+      try {
+        const { runScan } = await import(
+          pathToFileURL(path.resolve('./src/orchestrator/runScan.js')).href
+        );
+        const remoteOutcome = await runScan({
+          code: 'const token = "sk_live_1234567890abcdef";',
+          lang: 'js',
+          projectRoot: guard.resolvedRoot,
+          installToken: bind.json.data.installToken,
+          lockedRootHash: bind.json.data.lockedRootHash,
+          engineVersion: '0.0.0-test',
+        });
+        assert.equal(remoteOutcome.ok, true, 'E1: valid bound scan should succeed');
+        assert.equal(remoteOutcome.mode, 'remote', 'E1: valid bound scan should use remote mode');
+        assert.equal(remoteOutcome.result.receiptId, 'scan-receipt-1', 'E1: receipt metadata should be preserved');
+        assert.deepEqual(remoteOutcome.quota, { limit: 10, remaining: 9 }, 'E1: quota metadata should be preserved');
+
+        // L1: a successful remote scan must persist metadata to /scan/log so the
+        // Projects dashboard reflects it. Best-effort logging is wired here.
+        assert.equal(remoteOutcome.logged?.ok, true, 'L1: successful scan should report logged:true');
+        assert.equal(ctx.scanLogCalls.length, 1, 'L1: exactly one /scan/log call should be made');
+        const logCall = ctx.scanLogCalls[0];
+        assert.equal(logCall.source, 'mcp', 'L1: scan log should mark source as mcp');
+        assert.equal(logCall.installToken, bind.json.data.installToken, 'L1: scan log should carry the install token');
+        assert.equal(logCall.lockedRootHash, bind.json.data.lockedRootHash, 'L1: scan log should carry the locked root hash');
+        assert.equal(Object.prototype.hasOwnProperty.call(logCall, 'code'), false, 'L1: scan log must never include raw code');
+        assert.ok(Array.isArray(logCall.findings), 'L1: scan log should include a findings array');
+
+        const quotaOutcome = await runScan({
+          code: 'quota-exhausted',
+          lang: 'js',
+          projectRoot: guard.resolvedRoot,
+          installToken: bind.json.data.installToken,
+          lockedRootHash: bind.json.data.lockedRootHash,
+          engineVersion: '0.0.0-test',
+        });
+        assert.equal(quotaOutcome.ok, false, 'Q1: 402 should be returned as an error outcome');
+        assert.equal(quotaOutcome.errorCode, 'UPGRADE_REQUIRED', 'Q1: 402 should map to UPGRADE_REQUIRED');
+        assert.match(quotaOutcome.errorPayload.upgradeUrl, /#pricing$/, 'Q1: upgrade URL should be actionable');
+
+        const fallbackOutcome = await runScan({
+          code: 'remote-ok-without-data eval("1")',
+          lang: 'js',
+          projectRoot: guard.resolvedRoot,
+          installToken: bind.json.data.installToken,
+          lockedRootHash: bind.json.data.lockedRootHash,
+          engineVersion: '0.0.0-test',
+        });
+        assert.equal(fallbackOutcome.ok, true, 'F1: 2xx response without data should use local fallback');
+        assert.equal(fallbackOutcome.mode, 'offline', 'F1: degraded 2xx fallback should be explicit offline mode');
+      } finally {
+        if (savedBase === undefined) delete process.env.VIBESECUR_API_BASE;
+        else process.env.VIBESECUR_API_BASE = savedBase;
+      }
+
+      const outsideRoot = path.join(tmpBase, 'outside');
+      await fs.mkdir(outsideRoot, { recursive: true });
+      const outside = await guardPath(outsideRoot);
+      assert.equal(outside.ok, false, 'O1: outside root should be rejected');
+      assert.equal(outside.httpStatus, 403, 'O1: outside root should be a 403');
+      assert.equal(outside.code, 'OUT_OF_FOLDER', 'O1: outside root should use OUT_OF_FOLDER');
+      assert.match(outside.rebindHint, /vibesecur-mcp rebind/, 'O1: outside root should include rebind hint');
+
+      const mismatchGuard = createBindingGuard({
+        boundRoot: projectRoot,
+        installToken: 'f'.repeat(64),
+        apiBase,
+      });
+      const mismatch = await mismatchGuard(projectRoot);
+      assert.equal(mismatch.ok, false, 'T1: mismatched token should fail closed');
+      assert.equal(mismatch.httpStatus, 403, 'T1: mismatched token should be a 403');
+      assert.equal(mismatch.code, 'TOKEN_MISMATCH', 'T1: mismatched token should preserve local diagnostic code');
+
+      const reboundRoot = path.join(tmpBase, 'rebound-project');
+      await fs.mkdir(reboundRoot, { recursive: true });
+      const rebound = await requestServerBind({
+        lockedRootPath: reboundRoot,
+        authToken: 'same-user-token',
+        apiBase,
+      });
+      assert.equal(rebound.ok, true, 'R2: rebind should issue a new token');
+
+      const staleGuard = await guardPath(projectRoot);
+      assert.equal(staleGuard.ok, false, 'R2: warmed runtime guard should reject old token immediately after rebind');
+      assert.equal(staleGuard.code, 'MCP_INSTALL_INVALID', 'R2: warmed runtime guard should preserve backend invalidation code');
+
+      const oldVerify = await verifyInstallBinding({
+        installToken: bind.json.data.installToken,
+        lockedRootHash: bind.json.data.lockedRootHash,
+        apiBase,
+      });
+      assert.equal(oldVerify.ok, false, 'R2: old token should fail after rebind');
+      assert.equal(oldVerify.json?.code, 'MCP_INSTALL_INVALID', 'R2: old token failure should preserve code');
+
+      const cliPath = path.resolve('./src/cli.js');
+      const staleCli = await execFileAsync(
+        process.execPath,
+        [cliPath, 'deep-scan-start', projectRoot, `--api-base=${apiBase}`],
+        { cwd: path.resolve('.'), env: { ...process.env, VIBESECUR_API_BASE: apiBase } },
+      ).then(
+        () => ({ code: 0, stdout: '', stderr: '' }),
+        (err) => ({ code: err.code, stdout: err.stdout || '', stderr: err.stderr || '' }),
+      );
+      assert.notEqual(staleCli.code, 0, 'R3: Deep Scan CLI should reject revoked server locks');
+      assert.match(
+        `${staleCli.stdout}\n${staleCli.stderr}`,
+        /MCP_INSTALL_INVALID|server-issued MCP binding|verify/i,
+        'R3: Deep Scan CLI should surface backend binding verification failure',
+      );
+
+      const newVerify = await verifyInstallBinding({
+        installToken: rebound.json.data.installToken,
+        lockedRootHash: rebound.json.data.lockedRootHash,
+        apiBase,
+      });
+      assert.equal(newVerify.ok, true, 'R2: new token should verify after rebind');
+    });
+
+    {
+      const savedBase = process.env.VIBESECUR_API_BASE;
+      process.env.VIBESECUR_API_BASE = 'http://127.0.0.1:9';
+      try {
+        const { runScan } = await import(
+          pathToFileURL(path.resolve('./src/orchestrator/runScan.js')).href
+        );
+        const unavailable = await runScan({
+          code: 'const x = eval("1")',
+          lang: 'js',
+          projectRoot,
+          installToken: 'd'.repeat(64),
+          lockedRootHash: buildLockHashFromLockModule(projectRoot),
+          engineVersion: '0.0.0-test',
+        });
+        assert.equal(unavailable.ok, false, 'A1: unavailable API should fail closed');
+        assert.equal(
+          unavailable.errorCode,
+          'REMOTE_VERIFICATION_REQUIRED',
+          'A1: unavailable API should not silently fall back to local scan',
+        );
+      } finally {
+        if (savedBase === undefined) delete process.env.VIBESECUR_API_BASE;
+        else process.env.VIBESECUR_API_BASE = savedBase;
+      }
+    }
+
+    {
+      const cliProject = path.join(tmpBase, 'cli-local-fallback');
+      await fs.mkdir(cliProject, { recursive: true });
+      const cliPath = path.resolve('./src/cli.js');
+      const cliEnv = {
+        ...process.env,
+        VIBESECUR_API_BASE: 'http://127.0.0.1:9',
+        VIBESECUR_AUTH_TOKEN: '',
+      };
+      const noFallback = await execFileAsync(
+        process.execPath,
+        [cliPath, 'bind', cliProject, '--api-base=http://127.0.0.1:9'],
+        { cwd: path.resolve('.'), env: cliEnv },
+      ).then(
+        () => ({ code: 0, stdout: '', stderr: '' }),
+        (err) => ({ code: err.code, stdout: err.stdout || '', stderr: err.stderr || '' }),
+      );
+      assert.notEqual(noFallback.code, 0, 'C1: bind without fallback should fail when API is unavailable');
+
+      const fallback = await execFileAsync(
+        process.execPath,
+        [cliPath, 'bind', cliProject, '--api-base=http://127.0.0.1:9', '--allow-local-fallback=true'],
+        { cwd: path.resolve('.'), env: cliEnv },
+      );
+      assert.match(
+        `${fallback.stdout}\n${fallback.stderr}`,
+        /Local diagnostic lock created|local diagnostic lock/i,
+        'C1: explicit fallback should create a diagnostic local lock',
+      );
+      const fallbackDiag = await diagnosticLock(cliProject);
+      assert.equal(fallbackDiag.runtimeCompatible, false, 'C1: local fallback lock must not be runtime compatible');
+
+      const unboundStatus = await execFileAsync(
+        process.execPath,
+        [cliPath, 'deep-scan-status', 'deep_scan_unbound_status', cliProject],
+        { cwd: path.resolve('.'), env: cliEnv },
+      ).then(
+        () => ({ code: 0, stdout: '', stderr: '' }),
+        (err) => ({ code: err.code, stdout: err.stdout || '', stderr: err.stderr || '' }),
+      );
+      assert.notEqual(unboundStatus.code, 0, 'C3: Deep Scan status should fail for an unbound project');
+      assert.match(
+        `${unboundStatus.stdout}\n${unboundStatus.stderr}`,
+        /server-issued MCP binding/i,
+        'C3: Deep Scan status should fail on binding, not read arbitrary local run files',
+      );
+
+      await createLock({
+        rootPath: projectRoot,
+        account: 'selftest',
+        installToken: '8'.repeat(64),
+        lockedRootHash: buildLockHashFromLockModule(projectRoot),
+        source: 'server',
+      });
+      const copiedLockProject = path.join(tmpBase, 'cli-copied-lock');
+      await fs.mkdir(path.join(copiedLockProject, '.vibesecur'), { recursive: true });
+      await fs.copyFile(
+        path.join(projectRoot, '.vibesecur', 'lock.json'),
+        path.join(copiedLockProject, '.vibesecur', 'lock.json'),
+      );
+      const copiedLockStatus = await execFileAsync(
+        process.execPath,
+        [cliPath, 'deep-scan-status', 'deep_scan_copied_lock', copiedLockProject],
+        { cwd: path.resolve('.'), env: cliEnv },
+      ).then(
+        () => ({ code: 0, stdout: '', stderr: '' }),
+        (err) => ({ code: err.code, stdout: err.stdout || '', stderr: err.stderr || '' }),
+      );
+      assert.notEqual(copiedLockStatus.code, 0, 'C4: Deep Scan CLI should reject copied locks outside the bound root');
+      assert.match(
+        `${copiedLockStatus.stdout}\n${copiedLockStatus.stderr}`,
+        /outside the locked project folder|server-issued MCP binding/i,
+        'C4: copied lock failure should explain the bound-root mismatch',
+      );
+
+      const configProject = path.join(tmpBase, 'cli-config-server-lock');
+      await fs.mkdir(configProject, { recursive: true });
+      await createLock({
+        rootPath: configProject,
+        account: 'selftest',
+        installToken: '9'.repeat(64),
+        lockedRootHash: buildLockHashFromLockModule(configProject),
+        source: 'server',
+      });
+      const config = await execFileAsync(
+        process.execPath,
+        [cliPath, 'config', configProject, '--api-base=http://127.0.0.1:4000'],
+        { cwd: path.resolve('.'), env: cliEnv },
+      );
+      const configOutput = `${config.stdout}\n${config.stderr}`;
+      assert.match(configOutput, /Cursor/i, 'C2: config output should include Cursor snippet');
+      assert.match(configOutput, /VS Code/i, 'C2: config output should include VS Code snippet');
+      assert.match(configOutput, /Windsurf/i, 'C2: config output should include Windsurf snippet');
+      assert.match(configOutput, /VIBESECUR_INSTALL_TOKEN/i, 'C2: config output should include install token env');
+      assert.match(configOutput, /VIBESECUR_BOUND_ROOT/i, 'C2: config output should include bound root env');
+      assert.match(configOutput, /@saiteja1123\/mcp-server|server\.js/i, 'C2: config output should include runtime command');
+
+      const demoProject = path.join(tmpBase, 'cli-deep-scan-demo');
+      await fs.mkdir(demoProject, { recursive: true });
+      await fs.writeFile(
+        path.join(demoProject, 'package.json'),
+        JSON.stringify({ scripts: { test: 'node --test' }, dependencies: { express: '^5.0.0' } }, null, 2),
+        'utf8',
+      );
+      const demoStart = await execFileAsync(
+        process.execPath,
+        [cliPath, 'deep-scan-start', demoProject, '--demo=true'],
+        { cwd: path.resolve('.'), env: cliEnv },
+      );
+      const demoOutput = `${demoStart.stdout}\n${demoStart.stderr}`;
+      const demoJson = JSON.parse(demoOutput.slice(demoOutput.indexOf('{')));
+      assert.deepEqual(
+        demoJson.steps.map((step) => step.stepperId),
+        ['project.map', 'rules.scan', 'tests.plan', 'ralph.tasks', 'ralph.compare', 'ralph.accept', 'ralph.track'],
+        'C5: Deep Scan CLI default profile should run project.map, rules.scan, tests.plan, ralph.tasks, ralph.compare, ralph.accept, and ralph.track in dependency order without sample proof steppers',
+      );
+      assert.ok(
+        demoJson.artifactRefs.some((ref) => ref.type === 'project_map'),
+        'C5: Deep Scan CLI default profile should emit a Project Map artifact',
+      );
+      assert.ok(
+        demoJson.artifactRefs.some((ref) => ref.type === 'deterministic_scan'),
+        'C5: Deep Scan CLI default profile should emit a deterministic scan artifact',
+      );
+      assert.ok(
+        demoJson.artifactRefs.some((ref) => ref.type === 'security_test_plan'),
+        'C5: Deep Scan CLI default profile should emit a Security Test Plan artifact',
+      );
+      assert.ok(
+        demoJson.artifactRefs.some((ref) => ref.type === 'agent_fix_tasks'),
+        'C5: Deep Scan CLI default profile should emit a Ralph Agent Fix Task artifact',
+      );
+      assert.equal(
+        demoJson.steps.find((step) => step.stepperId === 'ralph.compare')?.status,
+        'skipped',
+        'C5: First Deep Scan run should skip ralph.compare when no baseline run/scan ref is provided',
+      );
+      assert.equal(
+        demoJson.steps.find((step) => step.stepperId === 'ralph.track')?.status,
+        'skipped',
+        'C5: First Deep Scan run should skip ralph.track when comparison is skipped',
+      );
+      assert.ok(
+        demoJson.receiptRefs.some((ref) => ref.type === 'deterministic_scan' && ref.engine?.counts?.deterministic > 0),
+        'C5: Deep Scan CLI default profile should expose deterministic scan receipt metadata',
+      );
+      const projectMapRef = demoJson.artifactRefs.find((ref) => ref.type === 'project_map');
+      await fs.access(path.join(demoProject, projectMapRef.uri));
+      const deterministicScanRef = demoJson.artifactRefs.find((ref) => ref.type === 'deterministic_scan');
+      await fs.access(path.join(demoProject, deterministicScanRef.uri));
+      const securityTestPlanRef = demoJson.artifactRefs.find((ref) => ref.type === 'security_test_plan');
+      await fs.access(path.join(demoProject, securityTestPlanRef.uri));
+      const agentFixTaskRef = demoJson.artifactRefs.find((ref) => ref.type === 'agent_fix_tasks');
+      await fs.access(path.join(demoProject, agentFixTaskRef.uri));
+      assert.equal(
+        demoJson.steps.find((step) => step.stepperId === 'ralph.accept')?.status,
+        'skipped',
+        'C5: First Deep Scan run should skip ralph.accept when no accepted-risk register exists',
+      );
+
+      const demoRerun = await execFileAsync(
+        process.execPath,
+        [cliPath, 'deep-scan-start', demoProject, '--demo=true', `--previous-run-id=${demoJson.runId}`],
+        { cwd: path.resolve('.'), env: cliEnv },
+      );
+      const demoRerunOutput = `${demoRerun.stdout}\n${demoRerun.stderr}`;
+      const demoRerunJson = JSON.parse(demoRerunOutput.slice(demoRerunOutput.indexOf('{')));
+      assert.equal(
+        demoRerunJson.steps.find((step) => step.stepperId === 'ralph.compare')?.status,
+        'passed',
+        'C5: Deep Scan rerun with --previous-run-id should execute ralph.compare',
+      );
+      assert.ok(
+        demoRerunJson.artifactRefs.some((ref) => ref.type === 'ralph_comparison'),
+        'C5: Deep Scan rerun with baseline should emit a ralph_comparison artifact',
+      );
+      const comparisonRef = demoRerunJson.artifactRefs.find((ref) => ref.type === 'ralph_comparison');
+      await fs.access(path.join(demoProject, comparisonRef.uri));
+      assert.equal(
+        demoRerunJson.steps.find((step) => step.stepperId === 'ralph.track')?.status,
+        'passed',
+        'C5: Deep Scan rerun with baseline should execute ralph.track',
+      );
+      assert.ok(
+        demoRerunJson.artifactRefs.some((ref) => ref.type === 'ralph_failure_state'),
+        'C5: Deep Scan rerun with baseline should emit a ralph_failure_state artifact',
+      );
+      const failureStateRef = demoRerunJson.artifactRefs.find((ref) => ref.type === 'ralph_failure_state');
+      await fs.access(path.join(demoProject, failureStateRef.uri));
+
+      const demoRerun2 = await execFileAsync(
+        process.execPath,
+        [cliPath, 'deep-scan-start', demoProject, '--demo=true', `--previous-run-id=${demoRerunJson.runId}`],
+        { cwd: path.resolve('.'), env: cliEnv },
+      );
+      const demoRerun2Output = `${demoRerun2.stdout}\n${demoRerun2.stderr}`;
+      const demoRerun2Json = JSON.parse(demoRerun2Output.slice(demoRerun2Output.indexOf('{')));
+      assert.equal(
+        demoRerun2Json.steps.find((step) => step.stepperId === 'ralph.track')?.status,
+        'passed',
+        'C5: Third Deep Scan rerun should carry prior failure state forward through --previous-run-id',
+      );
+      const failureStateText = await fs.readFile(path.join(demoProject, demoRerun2Json.artifactRefs.find((ref) => ref.type === 'ralph_failure_state').uri), 'utf8');
+      const failureStateJson = JSON.parse(failureStateText);
+      assert.ok(
+        failureStateJson.summary.repeatedFailureCount >= 0,
+        'C5: Carried-forward failure state should expose repeated failure summary counts',
+      );
+
+      // VIB-85: record an accepted risk via CLI, then rerun so ralph.accept evaluates it.
+      const acceptCli = await execFileAsync(
+        process.execPath,
+        [cliPath, 'deep-scan-accept-risk', demoProject, '--demo=true', '--severity=low', '--finding-id=finding-cli-selftest', '--reason=demo acceptance', '--reviewer=selftest'],
+        { cwd: path.resolve('.'), env: cliEnv },
+      );
+      const acceptCliOutput = `${acceptCli.stdout}\n${acceptCli.stderr}`;
+      const acceptCliJson = JSON.parse(acceptCliOutput.slice(acceptCliOutput.indexOf('{')));
+      assert.match(acceptCliJson.record.riskId, /^risk_/, 'C5: deep-scan-accept-risk should persist an accepted-risk record with a generated riskId');
+      await fs.access(path.join(demoProject, '.vibesecur/accepted-risks.json'));
+
+      const demoRerun3 = await execFileAsync(
+        process.execPath,
+        [cliPath, 'deep-scan-start', demoProject, '--demo=true', `--previous-run-id=${demoRerun2Json.runId}`],
+        { cwd: path.resolve('.'), env: cliEnv },
+      );
+      const demoRerun3Output = `${demoRerun3.stdout}\n${demoRerun3.stderr}`;
+      const demoRerun3Json = JSON.parse(demoRerun3Output.slice(demoRerun3Output.indexOf('{')));
+      assert.equal(
+        demoRerun3Json.steps.find((step) => step.stepperId === 'ralph.accept')?.status,
+        'passed',
+        'C5: Deep Scan run with an accepted-risk register should execute ralph.accept',
+      );
+      assert.ok(
+        demoRerun3Json.artifactRefs.some((ref) => ref.type === 'ralph_accepted_risk'),
+        'C5: Deep Scan run with an accepted-risk register should emit a ralph_accepted_risk artifact',
+      );
+      const acceptedRiskRef = demoRerun3Json.artifactRefs.find((ref) => ref.type === 'ralph_accepted_risk');
+      await fs.access(path.join(demoProject, acceptedRiskRef.uri));
+    }
+
+    await import(pathToFileURL(path.resolve('./src/index.js')).href);
+
+    // ── runScan unit tests ──────────────────────────────────────────────────
+    // We test runScan() by controlling VIBESECUR_API_BASE. When it is unset,
+    // postRemoteLocalScan returns { skipped: true } which exercises case 1.
+    // For the remaining cases we build a minimal inline test harness that
+    // calls runScan with a code sample that triggers local engine rules,
+    // verifying the output contracts defined in orchestrator/runScan.js.
+
+    const savedApiBase = process.env.VIBESECUR_API_BASE;
+
+    // ── Test R1: REMOTE_VERIFICATION_REQUIRED when API base is not set ──────
+    delete process.env.VIBESECUR_API_BASE;
+    {
+      // Re-import with cache-busting is not needed here: runScan re-reads
+      // process.env.VIBESECUR_API_BASE at call time via postRemoteLocalScan
+      // → normalizeApiBase → which returns '' when env is unset.
+      const { runScan } = await import(
+        pathToFileURL(path.resolve('./src/orchestrator/runScan.js')).href
+      );
+      const outcome = await runScan({
+        code: 'const x = 1;',
+        lang: 'js',
+        projectRoot: projectRoot,
+        installToken: 'a'.repeat(64),
+        lockedRootHash: undefined,
+        engineVersion: '0.0.0-test',
+      });
+      assert.equal(outcome.ok, false, 'R1: outcome.ok must be false when API base unset');
+      assert.equal(
+        outcome.errorCode,
+        'REMOTE_VERIFICATION_REQUIRED',
+        'R1: errorCode must be REMOTE_VERIFICATION_REQUIRED',
+      );
+      assert.ok(
+        typeof outcome.errorPayload.message === 'string',
+        'R1: errorPayload.message must be a string',
+      );
+    }
+
+    // ── Test R4: offline fallback returns local engine findings ─────────────
+    // Still no API base — postRemoteLocalScan skips → runScan case 1 fires.
+    // To reach the local fallback (case 4) we need a 2xx-with-no-data scenario.
+    // We can verify the local engine branch by pointing to a URL that returns
+    // 2xx with an empty JSON body. However, that requires a live server.
+    // Instead we verify that local rule engine fires correctly when called
+    // directly, and that runScan in offline (skipped) mode surfaces a clear
+    // REMOTE_VERIFICATION_REQUIRED (not a silent empty result).
+    {
+      const { runScan } = await import(
+        pathToFileURL(path.resolve('./src/orchestrator/runScan.js')).href
+      );
+      const evalCode = 'const danger = eval("1+1");';
+      const outcome = await runScan({
+        code: evalCode,
+        lang: 'js',
+        projectRoot: projectRoot,
+        installToken: 'a'.repeat(64),
+        lockedRootHash: undefined,
+        engineVersion: '0.0.0-test',
+      });
+      // When API base is unset, we expect the hard error (not silent local).
+      assert.equal(outcome.ok, false, 'R4-pre: must surface error when API base unset, not silently fall back');
+    }
+
+    // Restore env for any subsequent tests
+    if (savedApiBase !== undefined) {
+      process.env.VIBESECUR_API_BASE = savedApiBase;
+    }
+
+    // ── Test R2 / R3 (structural): verify ScanOutcome shape contracts ───────
+    // We import localScan directly and verify the shape that runScan would
+    // return in mode='offline' matches what tool handlers expect.
+    {
+      const { localScan } = await import(
+        pathToFileURL(path.resolve('./src/rule-engine/index.js')).href
+      );
+      const result = localScan('const x = eval("bad")', 'js');
+      assert.ok(typeof result.score === 'number', 'R2: local result.score must be number');
+      assert.ok(typeof result.grade === 'string', 'R2: local result.grade must be string');
+      assert.ok(typeof result.verdict === 'string', 'R2: local result.verdict must be string');
+      assert.ok(Array.isArray(result.findings), 'R2: local result.findings must be array');
+      assert.ok(result.findings.length > 0, 'R2: eval() must trigger at least one finding');
+      // Verify the offline enrichment shape that the localScan tool handler builds
+      const engineVersion = '0.0.0-test';
+      const humanSummary = `${result.verdict} Score ${result.score} (${result.grade}) - ${result.findings.length} finding(s).`;
+      const enriched = { ...result, humanSummary, engineVersion, mode: 'offline' };
+      assert.equal(enriched.mode, 'offline', 'R2: enriched.mode must be offline');
+      assert.equal(enriched.engineVersion, engineVersion, 'R2: enriched.engineVersion must match');
+      assert.ok(enriched.humanSummary.includes('finding(s)'), 'R2: humanSummary format valid');
+    }
+
+    // ── Governance middleware unit tests ────────────────────────────────────
+
+    {
+      const { buildGovernanceContext, evaluateGovernance } = await import(
+        pathToFileURL(path.resolve('./src/middleware/governance.js')).href
+      );
+
+      // G1: buildGovernanceContext returns correct shape
+      const ctx = buildGovernanceContext({
+        toolName: 'localScan',
+        requestedPath: projectRoot,
+        installToken: 'a'.repeat(64),
+        lockedRootHash: 'b'.repeat(64),
+        lang: 'js',
+        codeSize: 42,
+        maxFiles: undefined,
+      });
+      assert.equal(ctx.toolName, 'localScan', 'G1: toolName must be set');
+      assert.equal(ctx.requestedPath, projectRoot, 'G1: requestedPath must match');
+      assert.equal(ctx.scanMetadata.lang, 'js', 'G1: lang must be in scanMetadata');
+      assert.equal(ctx.scanMetadata.codeSize, 42, 'G1: codeSize must be in scanMetadata');
+      assert.equal(ctx.scanMetadata.maxFiles, undefined, 'G1: maxFiles undefined for code-string tool');
+      assert.equal(ctx.executionMode, 'unknown', 'G1: executionMode starts as unknown');
+      assert.ok(typeof ctx.sessionId === 'string' && ctx.sessionId.length > 0, 'G1: sessionId must be non-empty string');
+
+      // G2: evaluateGovernance Phase 1 always returns allowed:true (pass-through)
+      const decision = await evaluateGovernance(ctx);
+      assert.equal(decision.allowed, true, 'G2: Phase 1 governance must allow all requests');
+      assert.equal(typeof decision.reason, 'string', 'G2: reason must be a string');
+      assert.ok(typeof decision.annotations === 'object', 'G2: annotations must be an object');
+      assert.ok(typeof decision.metadata === 'object', 'G2: metadata must be an object');
+
+      // G3: evaluateGovernance does not mutate the context
+      const ctxCopy = JSON.stringify(ctx);
+      await evaluateGovernance(ctx);
+      assert.equal(JSON.stringify(ctx), ctxCopy, 'G3: governance must not mutate GovernanceContext');
+
+      // G4: evaluateGovernance is callable with minimal context without throwing
+      const minCtx = buildGovernanceContext({
+        toolName: 'health',
+        requestedPath: '.',
+        installToken: '',
+        lockedRootHash: '',
+        lang: 'auto',
+        codeSize: 0,
+        maxFiles: undefined,
+      });
+      const minDecision = await evaluateGovernance(minCtx);
+      assert.equal(minDecision.allowed, true, 'G4: minimal context must still pass governance');
+    }
+
+    console.log('mcp selftest passed');
+  } finally {
+    await fs.rm(tmpBase, { recursive: true, force: true });
+  }
+}
+
+run().catch((err) => {
+  console.error(`mcp selftest failed: ${err.message}`);
+  process.exit(1);
+});