@semalt-ai/code 1.8.5 → 1.19.0

package/test/background.test.js

@@ -0,0 +1,414 @@
+'use strict';
+
+// Tests for background tasks (Task 5.3) — detached agent processes + the task
+// registry. Coverage:
+//   * task store CRUD: create / patch / events / result / list ordering;
+//   * validation BEFORE detach surfaces config/policy/sandbox errors, and a
+//     validation failure spawns NO process (no orphan);
+//   * launchBackground writes the spec + registry record and detaches via an
+//     injected spawn; sandbox defaults ON in the spec, opt-out is explicit;
+//   * runBackgroundChild (REAL createAgent ↔ mock-LLM) runs to completion and
+//     writes the result envelope;
+//   * SAFE POSTURE: no policy → a mutating write is refused (paired with: an
+//     allow rule lets it proceed);
+//   * deny-list stays active in the background process;
+//   * lifecycle reconciliation: a dead "running" task is detected as stale and
+//     prunable; killTask tree-kills + marks terminated;
+//   * a REAL detached process is tree-killable by PID;
+//   * TOOL-EXPOSURE DECISION: background-launch is NOT an agent tool.
+
+const { test, before, after } = require('node:test');
+const assert = require('node:assert');
+const fs = require('fs');
+const os = require('os');
+const path = require('path');
+
+const bg = require('../lib/background');
+const proc = require('../lib/proc');
+const { startMockLLM } = require('./harness/mock-llm');
+
+let prevKey;
+let prevCwd;
+let tmpCwd;
+let roots = [];
+
+function freshRoot() {
+  const d = fs.mkdtempSync(path.join(os.tmpdir(), 'bg-tasks-'));
+  roots.push(d);
+  return d;
+}
+
+const sleep = (ms) => new Promise((r) => setTimeout(r, ms));
+
+before(() => {
+  prevKey = process.env.SEMALT_API_KEY;
+  process.env.SEMALT_API_KEY = 'test-key';
+  prevCwd = process.cwd();
+  tmpCwd = fs.mkdtempSync(path.join(os.tmpdir(), 'bg-cwd-'));
+  process.chdir(tmpCwd);
+});
+
+after(() => {
+  if (prevKey === undefined) delete process.env.SEMALT_API_KEY;
+  else process.env.SEMALT_API_KEY = prevKey;
+  process.chdir(prevCwd);
+  for (const d of roots.concat([tmpCwd])) {
+    try { fs.rmSync(d, { recursive: true, force: true }); } catch {}
+  }
+});
+
+// --------------------------------------------------------------------------
+// Task store
+// --------------------------------------------------------------------------
+test('task store: create writes spec + meta, patch/events/result round-trip, list newest-first', () => {
+  let clock = 1000;
+  const store = bg.createTaskStore({ rootDir: freshRoot(), now: () => clock });
+
+  const a = store.genId();
+  store.create({ id: a, spec: { prompt: 'first', model: 'm' }, prompt: 'first task', model: 'm' });
+  assert.deepStrictEqual(store.readSpec(a), { prompt: 'first', model: 'm' });
+  let meta = store.readMeta(a);
+  assert.strictEqual(meta.status, 'starting');
+  assert.strictEqual(meta.model, 'm');
+  assert.strictEqual(meta.prompt_summary, 'first task');
+
+  store.patchMeta(a, { pid: 4242, status: 'running' });
+  meta = store.readMeta(a);
+  assert.strictEqual(meta.pid, 4242);
+  assert.strictEqual(meta.status, 'running');
+
+  store.appendEvent(a, { type: 'status', status: 'running' });
+  store.appendEvent(a, { type: 'tool', tag: 'read', ms: 3 });
+  const events = store.readEvents(a);
+  assert.strictEqual(events.length, 2);
+  assert.strictEqual(events[1].tag, 'read');
+  assert.ok(events[0].ts, 'events carry a timestamp');
+
+  const envelope = { result: 'ok', toolCalls: [], usage: {}, cost: null, stopReason: 'end_turn', verifyStatus: 'skipped' };
+  store.writeResult(a, envelope);
+  assert.deepStrictEqual(store.readResult(a), envelope);
+
+  clock = 2000;
+  const b = store.genId();
+  store.create({ id: b, spec: { prompt: 'second' }, prompt: 'second task' });
+  const list = store.list();
+  assert.strictEqual(list.length, 2);
+  assert.strictEqual(list[0].id, b, 'newest task first');
+  assert.strictEqual(list[1].id, a);
+
+  assert.strictEqual(store.remove(a), true);
+  assert.strictEqual(store.readMeta(a), null);
+});
+
+// --------------------------------------------------------------------------
+// Validation (before detach)
+// --------------------------------------------------------------------------
+test('validateLaunch flags empty prompt, missing model, malformed policy, and unavailable strict sandbox', async () => {
+  const okConfig = { api_base: 'http://x', default_model: 'm' };
+
+  assert.deepStrictEqual(await bg.validateLaunch({ prompt: 'hi', config: okConfig, policy: {} }), [], 'valid launch → no errors');
+
+  const e1 = await bg.validateLaunch({ prompt: '   ', config: okConfig });
+  assert.ok(e1.some((m) => /prompt is empty/.test(m)));
+
+  const e2 = await bg.validateLaunch({ prompt: 'hi', config: { api_base: 'http://x' } });
+  assert.ok(e2.some((m) => /no model/.test(m)), 'missing model surfaced');
+
+  const e3 = await bg.validateLaunch({ prompt: 'hi', config: okConfig, policy: { rules: [{ tool: 'shell', action: 'banana' }] } });
+  assert.ok(e3.some((m) => /action must be one of/.test(m)), 'bad rule action surfaced');
+
+  const e3b = await bg.validateLaunch({ prompt: 'hi', config: okConfig, policy: { rules: [{ tool: 'shell', pattern: 'a', path: 'b', action: 'allow' }] } });
+  assert.ok(e3b.some((m) => /more than one matcher/.test(m)), 'multi-matcher rule surfaced');
+
+  const e4 = await bg.validateLaunch({
+    prompt: 'hi', config: okConfig,
+    sandboxConfig: { mode: 'auto', failIfUnavailable: true },
+    detection: { available: false, reason: 'no bwrap' },
+  });
+  assert.ok(e4.some((m) => /sandbox unavailable/.test(m)), 'strict sandbox unavailable surfaced');
+
+  // Same sandbox unavailable but NOT strict → not a launch error (fail-safe at runtime).
+  const e5 = await bg.validateLaunch({
+    prompt: 'hi', config: okConfig,
+    sandboxConfig: { mode: 'auto', failIfUnavailable: false },
+    detection: { available: false, reason: 'no bwrap' },
+  });
+  assert.deepStrictEqual(e5, [], 'non-strict unavailable sandbox is not a launch error');
+});
+
+test('launchBackground: validation failure throws BEFORE detach — no process spawned', async () => {
+  let spawned = 0;
+  const spawn = () => { spawned++; return { pid: 1, unref() {} }; };
+  const store = bg.createTaskStore({ rootDir: freshRoot() });
+  await assert.rejects(
+    () => bg.launchBackground({ prompt: '', config: { api_base: 'http://x', default_model: 'm' }, store, spawn }),
+    /Cannot launch background task/,
+  );
+  assert.strictEqual(spawned, 0, 'no child spawned on validation failure (no orphan)');
+  assert.strictEqual(store.list().length, 0, 'no registry record created on validation failure');
+});
+
+test('launchBackground: persists spec + record, detaches, records pid; sandbox defaults ON, opt-out explicit', async () => {
+  const calls = [];
+  const spawn = (cmd, args, opts) => { calls.push({ cmd, args, opts }); return { pid: 9999, unref() {} }; };
+
+  // Default sandbox (auto) — ON in the spec.
+  const store1 = bg.createTaskStore({ rootDir: freshRoot() });
+  const r1 = await bg.launchBackground({
+    prompt: 'do a thing', config: { api_base: 'http://x', default_model: 'm', sandbox: { mode: 'auto' } },
+    store: store1, spawn, resolveKey: () => 'secret-key',
+  });
+  assert.ok(r1.id && r1.pid === 9999);
+  const spec1 = store1.readSpec(r1.id);
+  assert.strictEqual(spec1.sandbox.mode, 'auto', 'sandbox ON by default in the spec');
+  assert.strictEqual(spec1.apiBase, 'http://x');
+  assert.ok(!('apiKey' in spec1) && !JSON.stringify(spec1).includes('secret-key'), 'API key never written to the spec');
+  const meta1 = store1.readMeta(r1.id);
+  assert.strictEqual(meta1.pid, 9999);
+  assert.strictEqual(meta1.status, 'running');
+  // Child argv targets the internal __bg-exec entry with the task dir.
+  const launched = calls.find((c) => c.args.includes('__bg-exec'));
+  assert.ok(launched, '__bg-exec child launched');
+  assert.ok(launched.args.includes(store1.dir(r1.id)), 'task dir passed to child');
+  assert.strictEqual(launched.opts.detached, true, 'child detached');
+  assert.strictEqual(launched.opts.env.SEMALT_API_KEY, 'secret-key', 'key passed via env, not disk');
+  assert.ok(!launched.args.includes('--dangerously-skip-permissions'), 'no skip flag by default');
+
+  // Explicit opt-out: sandbox off + skip-permissions propagated.
+  const store2 = bg.createTaskStore({ rootDir: freshRoot() });
+  const r2 = await bg.launchBackground({
+    prompt: 'danger', config: { api_base: 'http://x', default_model: 'm', sandbox: { mode: 'off' } },
+    policy: bg.buildPolicy({ dangerouslySkipPermissions: true }),
+    store: store2, spawn,
+  });
+  assert.strictEqual(store2.readSpec(r2.id).sandbox.mode, 'off', 'explicit sandbox off honored');
+  const launched2 = calls.filter((c) => c.args.includes('__bg-exec')).pop();
+  assert.ok(launched2.args.includes('--dangerously-skip-permissions'), 'skip flag propagated to child argv');
+});
+
+// --------------------------------------------------------------------------
+// Child execution (real createAgent ↔ mock-LLM)
+// --------------------------------------------------------------------------
+function specFor(store, id, mock, extra = {}) {
+  store.create({
+    id,
+    prompt: extra.prompt || 'do it',
+    model: 'test-model',
+    spec: {
+      version: 1,
+      prompt: extra.prompt || 'do it',
+      apiBase: mock.base,
+      model: 'test-model',
+      contextLength: null,
+      maxIterations: 50,
+      cwd: tmpCwd,
+      policy: extra.policy || bg.buildPolicy({}),
+      sandbox: { mode: 'off', failIfUnavailable: false },
+    },
+  });
+}
+
+test('runBackgroundChild: completes and writes the result envelope', async () => {
+  const mock = await startMockLLM();
+  mock.replyWith('All done — 42.');
+  const store = bg.createTaskStore({ rootDir: freshRoot() });
+  const id = store.genId();
+  specFor(store, id, mock, { prompt: 'answer please' });
+  try {
+    const r = await bg.runBackgroundChild({ taskDir: store.dir(id), store });
+    assert.strictEqual(r.status, 'completed');
+    const result = store.readResult(id);
+    assert.ok(result, 'result.json written');
+    assert.match(result.result, /42/);
+    assert.strictEqual(result.stopReason, 'end_turn');
+    assert.strictEqual(result.verifyStatus, 'skipped');
+    assert.ok(Array.isArray(result.toolCalls));
+    const meta = store.readMeta(id);
+    assert.strictEqual(meta.status, 'completed');
+    assert.ok(meta.finished_at, 'finished_at recorded');
+    const events = store.readEvents(id);
+    assert.ok(events.some((e) => e.type === 'result'), 'result event appended');
+  } finally {
+    await mock.close();
+  }
+});
+
+test('SAFE POSTURE: no policy → a mutating write is REFUSED (paired with: an allow rule permits it)', async () => {
+  // Refuse case — empty policy.
+  const mock1 = await startMockLLM();
+  mock1.replyWith('<write_file path="bg-should-not-exist.txt">secret</write_file>');
+  const store1 = bg.createTaskStore({ rootDir: freshRoot() });
+  const id1 = store1.genId();
+  specFor(store1, id1, mock1, { policy: bg.buildPolicy({}) });
+  try {
+    await bg.runBackgroundChild({ taskDir: store1.dir(id1), store: store1 });
+    assert.strictEqual(fs.existsSync(path.join(tmpCwd, 'bg-should-not-exist.txt')), false, 'write refused with no policy');
+  } finally {
+    await mock1.close();
+  }
+
+  // Paired positive — an allow rule lets the same write proceed.
+  const mock2 = await startMockLLM();
+  mock2.replyWith('<write_file path="bg-allowed.txt">hello bg</write_file>');
+  mock2.replyWith('Wrote it.');
+  const store2 = bg.createTaskStore({ rootDir: freshRoot() });
+  const id2 = store2.genId();
+  specFor(store2, id2, mock2, { policy: bg.buildPolicy({ rules: [{ tool: 'write_file', path: '**', action: 'allow' }] }) });
+  try {
+    const r = await bg.runBackgroundChild({ taskDir: store2.dir(id2), store: store2 });
+    assert.strictEqual(r.status, 'completed');
+    const target = path.join(tmpCwd, 'bg-allowed.txt');
+    assert.strictEqual(fs.existsSync(target), true, 'allow rule permitted the write');
+    assert.strictEqual(fs.readFileSync(target, 'utf8'), 'hello bg');
+  } finally {
+    await mock2.close();
+  }
+});
+
+test('deny-list stays active in the background process', async () => {
+  const mock = await startMockLLM();
+  mock.replyWith('<exec>rm -rf /</exec>');
+  mock.replyWith('Stopped.');
+  const store = bg.createTaskStore({ rootDir: freshRoot() });
+  const id = store.genId();
+  // Allow the exec tier so the GATE passes — the deny-list (which a tier can't
+  // bypass) must still block the destructive command.
+  specFor(store, id, mock, { policy: bg.buildPolicy({ allowedTiers: ['exec'] }) });
+  try {
+    await bg.runBackgroundChild({ taskDir: store.dir(id), store });
+    const events = store.readEvents(id);
+    const blocked = events.some((e) => e.type === 'tool' && e.ok === false && /deny-list/i.test(e.detail || ''));
+    assert.ok(blocked, 'rm -rf / blocked by the deny-list inside the background process');
+  } finally {
+    await mock.close();
+  }
+});
+
+// --------------------------------------------------------------------------
+// Lifecycle reconciliation + kill
+// --------------------------------------------------------------------------
+test('stale detection + prune: a dead "running" task is stale and prunable; a live one is kept', () => {
+  const store = bg.createTaskStore({ rootDir: freshRoot() });
+  const dead = store.genId();
+  store.create({ id: dead, spec: {}, prompt: 'dead' });
+  store.patchMeta(dead, { pid: 424242, status: 'running' });
+  const live = store.genId();
+  store.create({ id: live, spec: {}, prompt: 'live' });
+  store.patchMeta(live, { pid: process.pid, status: 'running' }); // our own pid = alive
+  const done = store.genId();
+  store.create({ id: done, spec: {}, prompt: 'done' });
+  store.patchMeta(done, { status: 'completed' });
+
+  const alive = (pid) => pid === process.pid;
+  assert.strictEqual(bg.effectiveStatus(store.readMeta(dead), alive), 'stale');
+  assert.strictEqual(bg.effectiveStatus(store.readMeta(live), alive), 'running');
+  assert.strictEqual(bg.effectiveStatus(store.readMeta(done), alive), 'completed');
+
+  const prunable = bg.prunableIds(store.list(), alive).sort();
+  assert.deepStrictEqual(prunable.sort(), [dead, done].sort(), 'stale + completed are prunable; live is kept');
+
+  const list = bg.formatTaskList(store.list(), { alive });
+  assert.match(list, /stale task\(s\)/, 'list warns about stale tasks');
+});
+
+test('killTask: tree-kills the recorded pid then marks terminated', async () => {
+  const store = bg.createTaskStore({ rootDir: freshRoot() });
+  const id = store.genId();
+  store.create({ id, spec: {}, prompt: 'runaway' });
+  store.patchMeta(id, { pid: 555, status: 'running' });
+
+  const killed = [];
+  let aliveCalls = 0;
+  // Alive for the first check (so a SIGTERM is sent), dead after the grace wait.
+  const alive = () => { aliveCalls++; return aliveCalls < 2; };
+  const r = await bg.killTask(store, id, {
+    alive,
+    kill: (pid, sig) => { killed.push([pid, sig]); return true; },
+    delay: () => Promise.resolve(),
+  });
+  assert.ok(r.ok);
+  assert.deepStrictEqual(killed[0], [555, 'SIGTERM'], 'SIGTERM sent to the pid');
+  assert.strictEqual(store.readMeta(id).status, 'terminated');
+  assert.ok(store.readMeta(id).finished_at, 'finished_at recorded on kill');
+});
+
+test('killTask: a task whose process already died is finalized, not re-killed', async () => {
+  const store = bg.createTaskStore({ rootDir: freshRoot() });
+  const id = store.genId();
+  store.create({ id, spec: {}, prompt: 'gone' });
+  store.patchMeta(id, { pid: 4242, status: 'running' });
+  let killCalls = 0;
+  const r = await bg.killTask(store, id, { alive: () => false, kill: () => { killCalls++; }, delay: () => Promise.resolve() });
+  assert.ok(r.ok);
+  assert.strictEqual(killCalls, 0, 'no signal sent to an already-dead process');
+  assert.strictEqual(store.readMeta(id).status, 'terminated');
+});
+
+test('a REAL detached process is alive then tree-killable by PID', async () => {
+  const { spawn } = require('child_process');
+  const child = proc.spawnDetached(spawn, process.execPath, ['-e', 'setInterval(() => {}, 1e9)'], { cwd: tmpCwd });
+  child.unref();
+  const pid = child.pid;
+  assert.ok(proc.isProcessAlive(pid), 'detached child is alive');
+  proc.killTreeByPid(pid, 'SIGKILL');
+  // Poll for death (tree-kill is async at the OS level).
+  let aliveAfter = true;
+  for (let i = 0; i < 50; i++) {
+    if (!proc.isProcessAlive(pid)) { aliveAfter = false; break; }
+    await sleep(20);
+  }
+  assert.strictEqual(aliveAfter, false, 'real detached process is dead after tree-kill');
+});
+
+// --------------------------------------------------------------------------
+// End-to-end: a REAL detached `__bg-exec` process writes the result envelope
+// --------------------------------------------------------------------------
+test('E2E: a real detached child runs the agent and writes the result envelope (survives parent return)', async () => {
+  const mock = await startMockLLM();
+  mock.replyWith('Background says hello.');
+  const root = freshRoot();
+  const store = bg.createTaskStore({ rootDir: root });
+  const { spawn } = require('child_process');
+  const { id } = await bg.launchBackground({
+    prompt: 'say hello',
+    config: { api_base: mock.base, default_model: 'test-model', sandbox: { mode: 'off' }, max_iterations: 50 },
+    sandboxConfig: { mode: 'off' },
+    model: 'test-model',
+    cwd: tmpCwd,
+    store,
+    spawn,
+    resolveKey: () => 'test-key',
+  });
+  try {
+    // The launcher has returned; the detached child runs independently.
+    let meta;
+    for (let i = 0; i < 200; i++) {
+      meta = store.readMeta(id);
+      if (meta && bg.TERMINAL_STATUSES.has(meta.status)) break;
+      await sleep(50);
+    }
+    assert.ok(meta && meta.status === 'completed', `child completed (status=${meta && meta.status})`);
+    const result = store.readResult(id);
+    assert.ok(result, 'result envelope written by the detached child');
+    assert.match(result.result, /hello/i);
+    assert.strictEqual(result.stopReason, 'end_turn');
+  } finally {
+    await mock.close();
+  }
+});
+
+// --------------------------------------------------------------------------
+// Tool-exposure decision (constraint 5)
+// --------------------------------------------------------------------------
+test('background-launch is NOT exposed as an agent tool', () => {
+  const { TOOL_SPECS } = require('../lib/tool_specs');
+  const { TAG_REGISTRY } = require('../lib/constants');
+  const reg = require('../lib/tool_registry');
+  const forbidden = ['run_background', 'spawn_background', 'background', 'launch_background', 'bg_run'];
+  for (const name of forbidden) {
+    assert.ok(!(name in TOOL_SPECS), `${name} must not be a tool spec`);
+    assert.ok(!(name in TAG_REGISTRY), `${name} must not be a registered tag`);
+  }
+  const dynamic = reg.dynamicToolEntries().map((e) => e.tool);
+  assert.ok(!dynamic.some((n) => /background/i.test(n)), 'no dynamic background-launch tool registered');
+});

package/test/chat.test.js

@@ -0,0 +1,114 @@
+'use strict';
+
+// Characterization tests for cmdChat (Task 1.5, tests-first). These lock in the
+// chat loop's observable behavior — slash dispatch, the agent path, session
+// reset, and teardown — BEFORE cmdChat is decomposed into lib/commands/ modules,
+// so the split can be proven behavior-preserving.
+
+const { test } = require('node:test');
+const assert = require('node:assert');
+
+const { helpText } = require('../lib/commands/registry');
+const { startChat } = require('./harness/chat-harness');
+
+test('startup shows the welcome banner message', async () => {
+  const c = await startChat();
+  try {
+    assert.ok(c.chatHistory.find(/Semalt\.AI/), 'welcome message present');
+    assert.ok(c.chatHistory.find(/Type \/help for commands/), 'help hint present');
+  } finally {
+    await c.submit('exit'); await c.done; c.cleanup();
+  }
+});
+
+test('/help renders the registry help text', async () => {
+  const c = await startChat();
+  try {
+    await c.submit('/help');
+    assert.ok(c.chatHistory.texts().includes(helpText()), 'help text emitted verbatim');
+  } finally {
+    await c.submit('exit'); await c.done; c.cleanup();
+  }
+});
+
+test('a normal message is blocked when not logged in', async () => {
+  const c = await startChat({ config: { auth_token: '' } });
+  try {
+    await c.submit('hello there');
+    assert.ok(c.chatHistory.find(/Not logged in/), 'unauthenticated message refused');
+    assert.strictEqual(c.calls.runAgentLoop.length, 0, 'agent not invoked');
+  } finally {
+    await c.submit('exit'); await c.done; c.cleanup();
+  }
+});
+
+test('a normal message runs the agent loop when authenticated', async () => {
+  const c = await startChat({ config: { auth_token: 'tok' } });
+  try {
+    await c.submit('do the thing');
+    assert.strictEqual(c.calls.runAgentLoop.length, 1, 'agent invoked once');
+    const turn = c.calls.runAgentLoop[0];
+    assert.ok(turn.messages.some((m) => m.role === 'user' && m.content === 'do the thing'), 'user message threaded into the loop');
+    assert.ok(c.chatHistory.messages.some((m) => m.role === 'user' && m.content === 'do the thing'), 'user message shown in history');
+  } finally {
+    await c.submit('exit'); await c.done; c.cleanup();
+  }
+});
+
+test('/new resets the conversation so the next turn starts fresh', async () => {
+  const c = await startChat({ config: { auth_token: 'tok' } });
+  try {
+    await c.submit('first message');
+    await c.submit('/new');
+    assert.ok(c.chatHistory.find(/Started new conversation/));
+    await c.submit('second message');
+    const lastTurn = c.calls.runAgentLoop[c.calls.runAgentLoop.length - 1];
+    const userMsgs = lastTurn.messages.filter((m) => m.role === 'user').map((m) => m.content);
+    assert.deepStrictEqual(userMsgs, ['second message'], 'history reset — only the post-/new message remains');
+  } finally {
+    await c.submit('exit'); await c.done; c.cleanup();
+  }
+});
+
+test('/clear resets conversation and clears approvals', async () => {
+  const c = await startChat({ config: { auth_token: 'tok' } });
+  try {
+    await c.submit('a message');
+    const before = c.calls.permissionClear;
+    await c.submit('/clear');
+    assert.ok(c.chatHistory.find(/cleared/i));
+    assert.strictEqual(c.calls.permissionClear, before + 1, 'permission approvals cleared');
+  } finally {
+    await c.submit('exit'); await c.done; c.cleanup();
+  }
+});
+
+test('/model with no arg shows the current model; with an arg switches it', async () => {
+  const c = await startChat({ config: { auth_token: 'tok', default_model: 'm-one' } });
+  try {
+    await c.submit('/model');
+    assert.ok(c.chatHistory.find(/Current model: m-one/));
+    await c.submit('/model m-two');
+    assert.ok(c.chatHistory.find(/Model → m-two/));
+  } finally {
+    await c.submit('exit'); await c.done; c.cleanup();
+  }
+});
+
+test('an unknown slash-looking message falls through to the agent (authed)', async () => {
+  const c = await startChat({ config: { auth_token: 'tok' } });
+  try {
+    await c.submit('/notacommand please');
+    assert.strictEqual(c.calls.runAgentLoop.length, 1, 'non-command text reaches the agent');
+  } finally {
+    await c.submit('exit'); await c.done; c.cleanup();
+  }
+});
+
+test('exit ends the chat session (the cmdChat promise resolves)', async () => {
+  const c = await startChat();
+  await c.submit('exit');
+  await c.done; // resolves only if the exit handler ran resolveExit
+  c.cleanup();
+  assert.ok(true);
+});