@skyramp/mcp 0.0.65 → 0.1.0-rc.2

package/build/playwright/traceRecordingPrompt.js

@@ -14,44 +14,38 @@ export function registerTraceRecordingPrompt(server) {
                 role: "user",
                 content: {
                     type: "text",
-                    text: `## Skyramp Trace Recording & UI Test Generation
-
-You have access to Playwright browser tools that let you interact with web applications.
-Use these tools to record a trace of browser interactions, then generate a Skyramp UI test from that trace.
-
-### Flow
-
-1. **Navigate**: ALWAYS call \`browser_navigate\` with the target URL as the very first step, even if the browser seems to already be on that page. This ensures a clean state.
-2. **Understand the page**: Call \`browser_snapshot\` to see the current page state (ARIA tree).
-3. **Interact**: Use \`browser_click\`, \`browser_type\`, \`browser_select_option\`, etc. to perform the user interactions described in the prompt.
-4. **Repeat steps 2-3** until all interactions are complete. Assertions are automatically added at strategic points during export.
-5. **Export the trace**: Call \`skyramp_export_zip\` with an output path (e.g. \`skyramp_export.zip\`). This produces a zip containing the JSONL trace and HAR network recording. Assertions are auto-injected based on API calls detected in the HAR.
-6. **Generate the test**: Call \`skyramp_ui_test_generation\` with \`playwrightInput\` set to the absolute path of the zip file from step 5.
-
-### Tips
-- **To type into a field**: Just use \`browser_type\` — it automatically clears the field and types the new value. Do NOT press Ctrl+A or any keyboard shortcuts before typing.
-- If a \`browser_click\` or \`browser_type\` fails because the element reference is stale (page updated), call \`browser_snapshot\` to refresh the page state and retry.
-- Use \`browser_snapshot\` liberally — it helps you understand what elements are available.
-- The trace automatically deduplicates retries: if you navigate back to the start URL and redo steps, only the last complete attempt is exported.
-- After generating the test, the tool will suggest running \`skyramp_modularization\` for code quality.
-- **Dropdown/Select components**: For custom dropdowns (Radix, MUI, etc.) that show as \`combobox\` in the snapshot, do NOT use \`browser_select_option\` — it only works on native \`<select>\` elements. Instead: (1) click the combobox to open the dropdown, (2) call \`browser_snapshot\` to see the options in a \`listbox\`, (3) click the desired \`option\`. This three-step pattern is required for all custom dropdown components.
-- **Always take a snapshot after each interaction** that changes the page (click, form submit, navigation) to see the updated state before proceeding.
-
-### Critical rules for clicking
-- **NEVER click container/wrapper divs** (e.g. elements with "container" in their test-id). Always click the actual interactive element inside: a \`button\`, \`link\`, or \`input\`.
-- When the snapshot shows a container with a button inside, click the **button**, not the container. For example, if you see \`div "add-order-products-container" > button "Add"\`, click the button "Add", not the container.
-- To submit forms, click the submit \`button\` (e.g. "Add Order", "Submit"), never the form container.
-- After selecting a product from a dropdown, click the "Add" button to confirm, not the surrounding container.
+                    text: `## Skyramp UI Test Recording
+
+You are a Skyramp Integration Architect. Your role is to record browser interactions with zero hallucination: every action must be grounded in what \`browser_snapshot\` returns. If an element is not visible in the snapshot, do not interact with it.
+
+### Required workflow
+
+Before starting, output a \`<thinking>\` block that maps each step of the user's intent to the specific browser interactions required. Do not call any tool until this mapping is complete.
+
+Then execute in strict order:
+
+1. **Navigate**: Call \`browser_navigate\` with the target URL. Always do this first, even if the browser appears to be on the correct page.
+2. **Snapshot**: Call \`browser_snapshot\` to get the current ARIA tree and element refs.
+3. **Interact**: Call the appropriate tool (\`browser_click\`, \`browser_type\`, \`browser_hover\`, etc.) using refs from the snapshot.
+4. **Repeat steps 2–3** for each user action until all steps are complete.
+5. **Export**: Call \`skyramp_export_zip\` with \`outputPath\` set to the absolute zip path (same directory and base name as the test file, replacing \`.spec.ts\` with \`.zip\`). Do NOT ask the user first — call it automatically.
+6. **Generate**: Call \`skyramp_ui_test_generation\` with \`playwrightInput\` set to the absolute zip path from step 5.
+
+### Cross-tool rules
+
+- **After every action that changes the page**, call \`browser_snapshot\` before the next interaction — refs become stale after navigation, clicks that trigger page updates, and form submissions.
+- **Iframe content** appears inline in the snapshot — interact with those elements using their refs normally.
+- **Trace deduplication**: if you retry from the start URL, only the last complete attempt is exported.
+- **After generating the test**, run \`skyramp_modularization\` for code quality.
 
 ### Assertions
-If the user requests assertions, you MUST call \`browser_assert\` at the appropriate points. Always provide the \`expected\` value.
-- \`type: "text"\` — verify element contains expected text (e.g., product name appears after creation)
-- \`type: "value"\` — verify input field has expected value (e.g., price field shows "29.99")
-
-### Important
-- Do NOT ask the user before calling \`skyramp_export_zip\` — call it automatically as the final step.
-- Do NOT write JSONL or HAR files manually — the export tool handles everything.
-- Do NOT reuse existing zip files from previous sessions — always record fresh.
+Call \`browser_assert\` when the user requests verification. Always provide the \`expected\` value.
+- \`type: "text"\` — verify an element contains expected text
+- \`type: "value"\` — verify an input field has an expected value
+
+### Constraints
+- Do NOT write JSONL or HAR files manually — \`skyramp_export_zip\` handles everything.
+- Do NOT reuse zip files from previous sessions — always record fresh.
 `,
                 },
             },

package/build/prompts/architectPersona.js

@@ -0,0 +1,19 @@
+/**
+ * Skyramp Integration Architect persona injected into generation tool descriptions.
+ *
+ * In TestBot environments (ENABLE_SKYRAMP_TESTBOT=true), the persona is injected
+ * once as a system prompt via `claude --system-prompt` rather than repeating it in
+ * every tool description. In that case this string is omitted from the tool description
+ * to avoid wasting context tokens.
+ *
+ * In IDE/MCP-direct environments, it is included in each tool description so the
+ * model has the role context available without a separate system prompt.
+ */
+export const SKYRAMP_ARCHITECT_PERSONA = `You are acting as a Skyramp Integration Architect. Your responsibility is to map the user's test intent to the Skyramp generation spec with precision. No guessing — derive all parameters from the codebase, workspace config, and provided context only.`;
+/**
+ * Returns the persona prefix for use in tool descriptions.
+ * Returns an empty string when running inside TestBot (persona is injected via system prompt instead).
+ */
+export function getPersonaPrefix() {
+    return process.env.ENABLE_SKYRAMP_TESTBOT ? '' : `${SKYRAMP_ARCHITECT_PERSONA}\n\n`;
+}

package/build/prompts/test-maintenance/drift-analysis-prompt.js

@@ -30,7 +30,16 @@ No existing Skyramp tests found in repository.
 `;
     const scannedSection = scannedEndpoints.length > 0
         ? `## Scanned Endpoints (${scannedEndpoints.length})
-${scannedEndpoints.map((ep) => `- ${Array.isArray(ep.methods) ? ep.methods.join("|") : ep.method} ${ep.path}`).join("\n")}
+${scannedEndpoints.map((ep) => {
+            let methods;
+            if (Array.isArray(ep.methods)) {
+                methods = ep.methods.map((m) => (typeof m === "string" ? m : m.method)).join("|");
+            }
+            else {
+                methods = ep.method;
+            }
+            return `- ${methods} ${ep.path}`;
+        }).join("\n")}
 `
         : "";
     // In inline mode (testbot), skip the context header — existing tests and diff
@@ -70,9 +79,5 @@ ${buildUpdateExecutionRules()}
 
 ${buildAddRecommendationGuidelines()}
 
-${buildDriftOutputChecklist(existingTests.length, newEndpointCount, inlineMode)}
-
-After completing the assessment above, call \`skyramp_actions\` with \`stateFile: "${stateFile}"\`
-
-**CRITICAL**: Do NOT create any .json or .md files. Only call skyramp_actions when done.`;
+${buildDriftOutputChecklist(existingTests.length, newEndpointCount, inlineMode, stateFile)}`;
 }

package/build/prompts/test-maintenance/drift-analysis-prompt.test.js

@@ -0,0 +1,49 @@
+import { buildDriftAnalysisPrompt } from "./drift-analysis-prompt.js";
+describe("buildDriftAnalysisPrompt - scanned endpoints rendering", () => {
+    // Reproduces the [object Object] bug: skeletonEndpoints from analyzeChangesTool
+    // stores methods as objects { method: string, ... }, not plain strings.
+    const skeletonMethodObjects = [
+        {
+            path: "/api/v1/",
+            methods: [{ method: "GET", description: "", queryParams: [], authRequired: true, sourceFile: "main.py", interactions: [] }],
+            resourceGroup: "v1",
+            pathParams: [],
+        },
+        {
+            path: "/api/v1/orders",
+            methods: [
+                { method: "GET", description: "", queryParams: [], authRequired: true, sourceFile: "orders.py", interactions: [] },
+                { method: "POST", description: "", queryParams: [], authRequired: true, sourceFile: "orders.py", interactions: [] },
+            ],
+            resourceGroup: "orders",
+            pathParams: [],
+        },
+    ];
+    it("renders HTTP methods as strings, not [object Object]", () => {
+        const prompt = buildDriftAnalysisPrompt({
+            existingTests: [],
+            scannedEndpoints: skeletonMethodObjects,
+            repositoryPath: "/repo",
+            stateFile: "/tmp/state.json",
+        });
+        expect(prompt).not.toContain("[object Object]");
+        expect(prompt).toContain("GET /api/v1/");
+        expect(prompt).toContain("GET|POST /api/v1/orders");
+        // CTA should appear exactly once (not duplicated)
+        const ctaCount = (prompt.match(/call `skyramp_actions`/g) || []).length;
+        expect(ctaCount).toBe(1);
+    });
+    it("also works with plain string methods (ScannedEndpoint format)", () => {
+        const stringMethods = [
+            { path: "/api/v1/products", methods: ["GET", "POST"], sourceFile: "products.py" },
+        ];
+        const prompt = buildDriftAnalysisPrompt({
+            existingTests: [],
+            scannedEndpoints: stringMethods,
+            repositoryPath: "/repo",
+            stateFile: "/tmp/state.json",
+        });
+        expect(prompt).not.toContain("[object Object]");
+        expect(prompt).toContain("GET|POST /api/v1/products");
+    });
+});

package/build/prompts/test-maintenance/driftAnalysisSections.js

@@ -163,12 +163,14 @@ Apply to **new test functions you are adding** and **existing functions that cov
 
 ${ENHANCE_ASSERTIONS_FOR_INTEGRATION_AND_CONTRACTPROVIDER}`;
 }
-export function buildDriftOutputChecklist(existingTestCount, newEndpointCount, inlineMode = false) {
+export function buildDriftOutputChecklist(existingTestCount, newEndpointCount, inlineMode = false, stateFile) {
     const finalStep = inlineMode
         ? `### Final step
 Apply all maintenance actions (UPDATE / REGENERATE / DELETE) directly by editing the test files. New test generation (ADD) is handled separately in the next step.`
         : `### Final step
-After completing all assessments above, call \`skyramp_actions\` with the stateFile to execute the recommended changes.`;
+After completing all assessments above, call \`skyramp_actions\` with \`stateFile: "${stateFile}"\` to execute the recommended changes.
+
+**CRITICAL**: Do NOT create any .json or .md files. Only call skyramp_actions when done.`;
     // In inline mode, existing test counts are unknown at prompt-build time —
     // they come from skyramp_analyze_changes at runtime. Skip the count headers.
     const existingTestSection = inlineMode

package/build/prompts/test-recommendation/analysisOutputPrompt.js

@@ -1,27 +1,32 @@
+import { AnalysisScope } from "../../types/RepositoryAnalysis.js";
 function buildEnrichmentInstructions(p) {
-    const isDiffScope = p.analysisScope === "current_branch_diff";
+    const isDiffScope = p.analysisScope === AnalysisScope.CurrentBranchDiff;
     const useHealthFlow = p.nextTool === "skyramp_analyze_test_health";
     if (!isDiffScope) {
         const nextStep = useHealthFlow
             ? `### Step 3: Identify tests at risk of drift
 Call \`skyramp_analyze_test_health\` with \`stateFile: "${p.stateFile ?? p.sessionId}"\``
-            : `### Step 3: Call recommend tests
-Call \`skyramp_recommend_tests\` with \`sessionId: "${p.sessionId}"\``;
-        return `## Your Task — Enrich & Recommend (full repo)
+            : `### Step 3: Present the catalog
+The ranked test recommendation catalog is pre-built and shown below (after the separator line).
+
+**Your only job is to present it.**
+
+1. Fill in every \`<…from source>\` placeholder using the field names, computed formulas, and auth details you found in Steps 1–2.
+2. Output the completed catalog **exactly as formatted — grouped by test type (### E2E / ### UI / ### Integration / ### Contract)**. Do NOT restructure, reorder, rename sections, or generate a new format.
+3. Do NOT call any Skyramp generation tools. The catalog shows ready-to-use tool calls that can be executed on demand.
+
+**If** Steps 1–2 revealed additional scenarios the catalog does not cover (e.g. a computed formula or FK relationship that was missed), you may optionally call \`skyramp_recommend_tests\` with \`stateFile: "${p.stateFile ?? p.sessionId}"\` and \`enrichedScenarios\` to regenerate a more complete catalog — but only after presenting the current one.`;
+        return `## Your Task — Fill in and Present the Catalog (full repo)
 
 ### Step 1: Read key files
-Read \`package.json\` / \`requirements.txt\`, \`docker-compose.yml\`, route/controller files,
-and model/schema files (Zod schemas, Pydantic models, TypeScript interfaces, DTOs)
-to understand the tech stack, endpoint shapes, auth mechanisms, and request/response schemas.
-
-### Step 2: Identify resource relationships and parameter locations
-Map how endpoints relate to each other — which POST creates resources consumed by other endpoints?
-**Resolve nested/sub-router paths** from the Router Mounting section above.
-**CRITICAL — Distinguish query params vs request body:** For each endpoint, determine whether
-parameters are sent as URL query params (typical for GET search/filter/list) or request body
-(typical for POST/PUT/PATCH). Look at FastAPI \`Query()\` annotations, Express \`req.query\` usage,
-Spring \`@RequestParam\`, Flask \`request.args\`, etc. Populate \`queryParams\` in interactions
-for GET endpoints that accept search/filter/pagination parameters.
+Read route/controller files and model/schema files (Pydantic models, Zod schemas, DTOs)
+to find: required request body fields, computed response fields and formulas, auth middleware type, storage backend, and how sub-routers are mounted (cross-check against Router Mounting section above).
+
+### Step 2: Map cross-resource relationships and resolve endpoint paths
+(Distinct from Step 1 — Step 1 reads individual schemas; Step 2 maps how endpoints relate to each other.)
+For each endpoint: which POST creates resources consumed by other endpoints?
+**Resolve nested paths** from the Router Mounting section — a router mounted at \`/products/{product_id}/reviews\` means \`GET /\` in that file is actually \`GET /api/v1/products/{product_id}/reviews\`.
+For GET list endpoints: identify query params (\`limit\`, \`offset\`, \`order\`, \`orderBy\`) from framework annotations (FastAPI \`Query()\`, Express \`req.query\`, etc.).
 
 ${nextStep}`;
     }
@@ -67,8 +72,20 @@ Draft multi-step scenarios simulating realistic user workflows:
 response data verification, actual field names for chaining.
 **Parameter placement:** GET search/filter endpoints MUST use \`queryParams\`, not \`requestBody\`.
 
+**No duplicate scenarios.** Each scenario must cover a distinct code path (unique method + path + expected status). Do NOT draft two scenarios that differ only in request body values but hit the same code path (e.g. discount=10% vs discount=25% — both succeed with 200, same logic). A negative-case variant with a different expected status (e.g. discount=-10% → 422) IS a distinct scenario — use a single-step contract test for it (see below).
+
+**For each new or modified endpoint, ensure at least one error-path scenario is drafted** — a single-step contract test that triggers a specific error (404 for a missing resource ID, 422 for an invalid field value) that the source code explicitly handles. One auth-boundary scenario (missing auth → 401/403) is enough across all endpoints — do not repeat it per endpoint.
+
+**For every scenario you draft, fill \`bugCatchingTarget\`** with the specific formula, constraint, or failure mode the test is designed to expose. Examples:
+- \`"discount formula: total_amount = subtotal * (1 - discount_value / 100) — wrong if addition is used instead of subtraction"\`
+- \`"items not recalculated after PATCH — total_amount stays at old value if collection update is ignored"\`
+- \`"missing 404 guard on resource ID — returns 500 instead of 404 for unknown IDs"\`
+This field is used at test generation time to compute exact assertion values. Leave it empty only if no specific formula or constraint applies.
+
 ### Step 4: Call recommend tests
-Call \`skyramp_recommend_tests\` with \`sessionId: "${p.sessionId}"\``;
+Call \`skyramp_recommend_tests\` with:
+- \`stateFile: "${p.stateFile}"\`
+- \`enrichedScenarios\`: (optional) JSON array of your Step 3 scenarios — see the tool's inputSchema for the exact shape. Your enriched scenarios override server-side ones with the same \`scenarioName\` and are prioritized in ranking. Omit if you drafted nothing in Step 3.`;
     return `## Your Task — Enrich & Recommend (PR-scoped)
 
 ### Step 1: Read the changed files
@@ -81,39 +98,19 @@ ${criticalPatternStep}
 ${step3Content}`;
 }
 export function buildAnalysisOutputText(p) {
-    const isDiffScope = p.analysisScope === "current_branch_diff";
-    const diffSection = p.parsedDiff
+    const isDiffScope = p.analysisScope === AnalysisScope.CurrentBranchDiff;
+    // Router mounting context is unique to this prompt (not in recommendationPrompt).
+    // Branch diff, endpoint catalog, auth config, and OpenAPI spec are omitted here
+    // because they are already present in the recommendation prompt that is
+    // concatenated in the same tool response.
+    const routerSection = !p.wsSchemaPath && p.routerMountContext
         ? `
-## Branch Diff Context
-**Branch**: \`${p.parsedDiff.currentBranch}\` → base: \`${p.parsedDiff.baseBranch}\`
-**Changed Files** (${p.parsedDiff.changedFiles.length}): ${p.parsedDiff.changedFiles.join(", ")}
-**New Endpoints** (${p.parsedDiff.newEndpoints.length}): ${p.parsedDiff.newEndpoints.map((e) => `${e.method} ${e.path} (${e.sourceFile})`).join(", ") || "none"}
-**Modified Endpoints** (${p.parsedDiff.modifiedEndpoints.length}): ${p.parsedDiff.modifiedEndpoints.map((e) => `${e.method} ${e.path} (${e.sourceFile})`).join(", ") || "none"}
-**Affected Services**: ${p.parsedDiff.affectedServices.join(", ") || "none"}
-`
-        : "";
-    const endpointCatalog = p.scannedEndpoints.length > 0
-        ? `
-## Pre-Scanned Endpoint Catalog (${p.scannedEndpoints.length} routes)
-${p.scannedEndpoints.map((ep) => `  ${ep.methods.join("|")} ${ep.path} (${ep.sourceFile})`).join("\n")}
-`
-        : "";
-    const wsLine = p.wsBaseUrl
-        ? `**Base URL**: \`${p.wsBaseUrl}\`${p.wsAuthHeader ? ` | **Auth header**: \`${p.wsAuthHeader}\`` : ""}${p.wsAuthType ? ` | **Auth type**: \`${p.wsAuthType}\`` : ""}`
-        : "";
-    const specSection = p.wsSchemaPath
-        ? `
-## OpenAPI Spec Available
-Spec at \`${p.wsSchemaPath}\`. **Read it** for authoritative paths and schemas.
-Pass \`apiSchema: "${p.wsSchemaPath}"\` to ALL test generation tool calls.`
-        : p.routerMountContext
-            ? `
 ## Router Mounting / Nesting
 \`\`\`
 ${p.routerMountContext}
 \`\`\`
 Use this to resolve full URL paths for nested endpoints.`
-            : "";
+        : "";
     const enrichment = buildEnrichmentInstructions(p);
     return `# Repository Analysis
 
@@ -121,12 +118,7 @@ Use this to resolve full URL paths for nested endpoints.`
 **Repository**: \`${p.repositoryPath}\`
 **Analysis Scope**: \`${p.analysisScope}\`
 ${isDiffScope ? `**Diff endpoints**: ${(p.parsedDiff?.newEndpoints.length ?? 0) + (p.parsedDiff?.modifiedEndpoints.length ?? 0)}` : `**Pre-scanned endpoints**: ${p.scannedEndpoints.length}`}
-${wsLine}
-${p.wsSchemaPath ? `**OpenAPI Spec**: \`${p.wsSchemaPath}\` (spec-based flow)` : "**Flow**: Code-scanning (may miss nesting)"}
-
-${diffSection}
-${endpointCatalog}
-${specSection}
+${routerSection}
 ${enrichment}
 
 **CRITICAL**: No .json/.md file creation. Prioritize cross-resource workflows.`;

package/build/prompts/test-recommendation/mergeEnrichedScenarios.test.js

@@ -0,0 +1,125 @@
+jest.mock("@skyramp/skyramp", () => ({ Skyramp: class {
+    } }));
+import { mergeEnrichedScenarios } from "./registerRecommendTestsPrompt.js";
+import { ScenarioSource } from "../../types/RepositoryAnalysis.js";
+import { TestType } from "../../types/TestTypes.js";
+function makeScenario(overrides = {}) {
+    return {
+        scenarioName: "base-scenario",
+        description: "base",
+        category: "crud",
+        priority: "medium",
+        steps: [{ order: 1, method: "GET", path: "/api/items", description: "list", interactionType: "success", expectedStatusCode: 200 }],
+        chainingKeys: [],
+        requiresAuth: true,
+        estimatedComplexity: "simple",
+        source: ScenarioSource.CodeInferred,
+        testType: TestType.CONTRACT,
+        ...overrides,
+    };
+}
+const VALID_STEP = { order: 1, method: "post", path: "/api/orders", expectedStatusCode: 201 };
+describe("mergeEnrichedScenarios — happy path", () => {
+    it("merges a valid agent scenario into server scenarios", () => {
+        const server = [makeScenario({ scenarioName: "existing" })];
+        const raw = JSON.stringify([{
+                scenarioName: "new-orders-flow",
+                category: "business_rule",
+                steps: [VALID_STEP],
+            }]);
+        const { scenarios, rejectionNotes } = mergeEnrichedScenarios(server, raw);
+        expect(rejectionNotes).toHaveLength(0);
+        expect(scenarios.find(s => s.scenarioName === "new-orders-flow")).toBeDefined();
+        expect(scenarios.find(s => s.scenarioName === "existing")).toBeDefined();
+        expect(scenarios).toHaveLength(2);
+    });
+    it("overrides a server scenario when agent provides same scenarioName", () => {
+        const server = [makeScenario({ scenarioName: "orders-flow", description: "server version" })];
+        const raw = JSON.stringify([{
+                scenarioName: "orders-flow",
+                category: "business_rule",
+                description: "agent version",
+                steps: [VALID_STEP],
+            }]);
+        const { scenarios } = mergeEnrichedScenarios(server, raw);
+        expect(scenarios).toHaveLength(1);
+        expect(scenarios[0].description).toBe("agent version");
+        expect(scenarios[0].source).toBe("agent-enriched");
+    });
+    it("normalizes method to uppercase", () => {
+        const raw = JSON.stringify([{
+                scenarioName: "uppercase-test",
+                category: "crud",
+                steps: [{ order: 1, method: "post", path: "/api/items", expectedStatusCode: 201 }],
+            }]);
+        const { scenarios } = mergeEnrichedScenarios([], raw);
+        expect(scenarios[0].steps[0].method).toBe("POST");
+    });
+    it("preserves bugCatchingTarget when provided", () => {
+        const raw = JSON.stringify([{
+                scenarioName: "formula-test",
+                category: "business_rule",
+                bugCatchingTarget: "total = price * qty",
+                steps: [VALID_STEP],
+            }]);
+        const { scenarios } = mergeEnrichedScenarios([], raw);
+        expect(scenarios[0].bugCatchingTarget).toBe("total = price * qty");
+    });
+    it("falls back to server scenarios on empty agent array", () => {
+        const server = [makeScenario({ scenarioName: "server-only" })];
+        const { scenarios, rejectionNotes } = mergeEnrichedScenarios(server, "[]");
+        // Empty array → no agent scenarios, return server ones unchanged
+        expect(scenarios).toEqual(server);
+        expect(rejectionNotes).toHaveLength(0);
+    });
+});
+describe("mergeEnrichedScenarios — rejection cases", () => {
+    it("rejects scenario with missing scenarioName", () => {
+        const raw = JSON.stringify([{ category: "crud", steps: [VALID_STEP] }]);
+        const { scenarios, rejectionNotes } = mergeEnrichedScenarios([], raw);
+        expect(scenarios).toHaveLength(0);
+        expect(rejectionNotes[0]).toMatch(/missing scenarioName/);
+    });
+    it("rejects scenario with missing steps array", () => {
+        const raw = JSON.stringify([{ scenarioName: "no-steps", category: "crud" }]);
+        const { rejectionNotes } = mergeEnrichedScenarios([], raw);
+        expect(rejectionNotes[0]).toMatch(/missing or empty steps/);
+    });
+    it("rejects scenario with empty steps array", () => {
+        const raw = JSON.stringify([{ scenarioName: "empty-steps", category: "crud", steps: [] }]);
+        const { rejectionNotes } = mergeEnrichedScenarios([], raw);
+        expect(rejectionNotes[0]).toMatch(/missing or empty steps/);
+    });
+    it("rejects scenario with missing category", () => {
+        const raw = JSON.stringify([{ scenarioName: "no-cat", steps: [VALID_STEP] }]);
+        const { rejectionNotes } = mergeEnrichedScenarios([], raw);
+        expect(rejectionNotes[0]).toMatch(/missing category/);
+    });
+    it("rejects scenario with unknown category", () => {
+        const raw = JSON.stringify([{ scenarioName: "bad-cat", category: "not_a_real_category", steps: [VALID_STEP] }]);
+        const { rejectionNotes } = mergeEnrichedScenarios([], raw);
+        expect(rejectionNotes[0]).toMatch(/unknown category/);
+    });
+    it("falls back to server scenarios on invalid JSON", () => {
+        const server = [makeScenario()];
+        const { scenarios, rejectionNotes } = mergeEnrichedScenarios(server, "{ bad json");
+        expect(scenarios).toEqual(server);
+        expect(rejectionNotes[0]).toMatch(/invalid JSON/);
+    });
+    it("falls back to server scenarios when JSON is not an array", () => {
+        const server = [makeScenario()];
+        const { scenarios, rejectionNotes } = mergeEnrichedScenarios(server, JSON.stringify({ not: "array" }));
+        expect(scenarios).toEqual(server);
+        expect(rejectionNotes[0]).toMatch(/expected a JSON array/);
+    });
+    it("accepts valid scenarios and rejects invalid ones in the same batch", () => {
+        const raw = JSON.stringify([
+            { scenarioName: "valid-one", category: "crud", steps: [VALID_STEP] },
+            { category: "crud", steps: [VALID_STEP] }, // missing scenarioName
+        ]);
+        const { scenarios, rejectionNotes } = mergeEnrichedScenarios([], raw);
+        expect(scenarios).toHaveLength(1);
+        expect(scenarios[0].scenarioName).toBe("valid-one");
+        expect(rejectionNotes).toHaveLength(1);
+    });
+});