@slashfi/agents-sdk 0.80.0 → 0.82.0

package/src/config-store.test.ts

@@ -488,175 +488,6 @@ describe("ADK ref.call() full auto-refresh flow", () => {
   });
 });
 
-// ─── ADK Config Store: registry proxy routing ───────────────────
-
-describe("ADK registry proxy routing", () => {
-  let proxyServer: AgentServer;
-  let proxyServerAdk: ReturnType<typeof createAdk>;
-  const PROXY_PORT = 19930;
-
-  beforeAll(async () => {
-    // Real server-side adk that the proxy agent operates on. When the
-    // local adk forwards ref ops, they land on this backing store via
-    // the real @config `ref` tool produced by createAdkTools — no mocks.
-    const proxyServerFs = createMemoryFs();
-    proxyServerAdk = createAdk(proxyServerFs);
-    await proxyServerAdk.writeConfig({
-      refs: [
-        {
-          ref: "@gmail",
-          scheme: "mcp",
-          url: "https://gmail.example.com/mcp",
-        },
-      ],
-    });
-
-    // Expose that adk via the same tool surface production uses.
-    const adkTools = createAdkTools({ resolveScope: () => proxyServerAdk });
-    const configAgent = defineAgent({
-      path: "@config",
-      entrypoint: "@config agent for proxy routing tests",
-      tools: adkTools,
-      visibility: "public",
-    });
-
-    const proxyRegistry = createAgentRegistry();
-    proxyRegistry.register(configAgent);
-    proxyServer = createAgentServer(proxyRegistry, {
-      port: PROXY_PORT,
-      // Advertise proxy mode in the MCP initialize response so the
-      // "registry.add auto-detects proxy" test can verify discovery.
-      registry: { version: "1.0", proxy: { mode: "required" } },
-    });
-    await proxyServer.start();
-  });
-
-  afterAll(async () => {
-    await proxyServer.stop();
-  });
-
-  /**
-   * Seed the local consumer config with a ref sourced from the proxy
-   * registry. We bypass ref.add's reachability check because we're
-   * specifically testing how proxying routes around local state.
-   */
-  async function seedLocalRefFromProxy(fs: FsStore, refName: string) {
-    const raw = (await fs.readFile("consumer-config.json")) ?? "{}";
-    const config = JSON.parse(raw);
-    config.refs = [
-      {
-        ref: refName,
-        scheme: "registry",
-        sourceRegistry: {
-          url: `http://localhost:${PROXY_PORT}`,
-          agentPath: refName,
-        },
-      },
-    ];
-    await fs.writeFile("consumer-config.json", JSON.stringify(config));
-  }
-
-  test("ref.authStatus forwards to the real @config on the proxy registry", async () => {
-    const fs = createMemoryFs();
-    const adk = createAdk(fs);
-
-    await adk.registry.add({
-      url: `http://localhost:${PROXY_PORT}`,
-      name: "cloud",
-      proxy: { mode: "required" },
-    });
-    await seedLocalRefFromProxy(fs, "@gmail");
-
-    // The proxy-side adk owns the @gmail ref (no security declared in
-    // its config above) so authStatus should report { complete: true }
-    // with security: null.
-    const status = await adk.ref.authStatus("@gmail");
-    expect(status).toBeDefined();
-    // The remote @config returned something — local adk never saw the ref,
-    // so this would throw "Ref not found" if proxying wasn't wired.
-    expect((status as { name?: string }).name ?? "@gmail").toBe("@gmail");
-  });
-
-  test("ref.auth forwards and returns the remote auth start result", async () => {
-    const fs = createMemoryFs();
-    const adk = createAdk(fs);
-
-    await adk.registry.add({
-      url: `http://localhost:${PROXY_PORT}`,
-      name: "cloud",
-      proxy: { mode: "required" },
-    });
-    await seedLocalRefFromProxy(fs, "@gmail");
-
-    // @gmail on the proxy side has no security schema, so the real
-    // @config.ref tool returns { type: 'none', complete: true }. The
-    // assertion here is that we got *something* back from the remote,
-    // proving the call made a round trip instead of throwing locally.
-    const result = await adk.ref.auth("@gmail");
-    expect(result).toBeDefined();
-    expect((result as { type?: string }).type).toBeDefined();
-  });
-
-  test("registry.add auto-detects proxy from the server's handshake", async () => {
-    const fs = createMemoryFs();
-    const adk = createAdk(fs);
-
-    // Caller passes NO proxy config. The server advertises
-    // `capabilities.registry.proxy: { mode: 'required' }` in its MCP
-    // initialize response (see beforeAll), so registry.add should
-    // auto-populate the RegistryEntry at probe time.
-    await adk.registry.add({
-      url: `http://localhost:${PROXY_PORT}`,
-      name: "cloud-autodetect",
-    });
-
-    const list = await adk.registry.list();
-    const entry = list.find((r) => r.name === "cloud-autodetect");
-    expect(entry?.proxy?.mode).toBe("required");
-  });
-
-  test("explicit proxy on registry.add is not overwritten by auto-detection", async () => {
-    const fs = createMemoryFs();
-    const adk = createAdk(fs);
-
-    // Server advertises required; caller explicitly sets optional. The
-    // caller's choice wins — discovery only fills in blanks.
-    await adk.registry.add({
-      url: `http://localhost:${PROXY_PORT}`,
-      name: "cloud-explicit",
-      proxy: { mode: "optional", agent: "@custom" },
-    });
-
-    const entry = (await adk.registry.list()).find(
-      (r) => r.name === "cloud-explicit",
-    );
-    expect(entry?.proxy?.mode).toBe("optional");
-    expect(entry?.proxy?.agent).toBe("@custom");
-  });
-
-  test("optional proxy honors preferLocal and skips forwarding", async () => {
-    const fs = createMemoryFs();
-    const adk = createAdk(fs);
-
-    await adk.registry.add({
-      url: `http://localhost:${PROXY_PORT}`,
-      name: "cloud",
-      proxy: { mode: "optional" },
-    });
-    await seedLocalRefFromProxy(fs, "@gmail");
-
-    // With preferLocal:true we should fall through to the local path.
-    // The local adk has no usable config for @gmail, so this path
-    // throws or returns an empty status — either way, we prove we
-    // stayed local by catching and confirming no exception bubbled
-    // with "authorizeUrl" (which only the proxy path returns).
-    const result = await adk.ref
-      .auth("@gmail", { preferLocal: true })
-      .catch((err: Error) => ({ _error: err.message }));
-    expect((result as { authorizeUrl?: string }).authorizeUrl).toBeUndefined();
-  });
-});
-
 // ─── Registry auth lifecycle ─────────────────────────────────────
 
 describe("ADK registry auth lifecycle", () => {
@@ -1190,22 +1021,6 @@ describe("isRefAuthComplete + cached authFields", () => {
     expect(result).toBeNull();
   });
 
-  test("proxy mode short-circuits to true regardless of cache", async () => {
-    const { isRefAuthComplete } = await import("./config-store");
-    const result = isRefAuthComplete(
-      {
-        ref: "slash",
-        name: "slash",
-        scheme: "registry",
-        // proxy mode set by ref.add when registry inspection includes it.
-        // biome-ignore lint/suspicious/noExplicitAny: mode isn't on the public type
-        mode: "proxy",
-      } as any,
-      undefined,
-    );
-    expect(result).toBe(true);
-  });
-
   test("required field present → true", async () => {
     const { isRefAuthComplete } = await import("./config-store");
     const result = isRefAuthComplete(
@@ -1307,5 +1122,61 @@ describe("isRefAuthComplete + cached authFields", () => {
     );
     expect(result).toBe(true);
   });
+
+  test("resolvableFields satisfies required, non-automated fields absent from config", async () => {
+    // Scenario: registry-hosted OAuth where the platform injects
+    // client_id / client_secret at runtime via resolveCredentials.
+    // The registry sees them as user-provided (required + non-automated)
+    // but the consumer environment satisfies them externally.
+    const { isRefAuthComplete } = await import("./config-store");
+    const result = isRefAuthComplete(
+      {
+        ref: "google-gmail",
+        name: "google-gmail",
+        scheme: "registry",
+        config: {
+          // client_id / client_secret missing — resolved from env vars.
+          access_token: "tok",
+        },
+      },
+      {
+        ref: "google-gmail",
+        fetchedAt: new Date().toISOString(),
+        authFields: {
+          client_id: { required: true, automated: false },
+          client_secret: { required: true, automated: false },
+          access_token: { required: true, automated: true },
+        },
+      },
+      { resolvableFields: ["client_id", "client_secret"] },
+    );
+    expect(result).toBe(true);
+  });
+
+  test("resolvableFields does not bypass missing fields it doesn't list", async () => {
+    const { isRefAuthComplete } = await import("./config-store");
+    const result = isRefAuthComplete(
+      {
+        ref: "@oauth",
+        name: "@oauth",
+        scheme: "https",
+        url: "http://localhost",
+        config: {
+          client_id: "abc",
+          // client_secret missing AND not listed as resolvable.
+        },
+      },
+      {
+        ref: "@oauth",
+        fetchedAt: new Date().toISOString(),
+        authFields: {
+          client_id: { required: true, automated: false },
+          client_secret: { required: true, automated: false },
+        },
+      },
+      { resolvableFields: ["client_id"] },
+    );
+    expect(result).toBe(false);
+  });
 });