@syengup/friday-channel-next 0.1.40 → 1.0.0

package/dist/src/http 2/middleware/auth.js

@@ -0,0 +1,29 @@
+/**
+ * Bearer token authentication middleware for Friday HTTP routes.
+ *
+ * Validates that the bearer token matches the gateway's configured auth token.
+ * This ensures plugin HTTP endpoints use the same token as gateway WS connections.
+ */
+import { resolveFridayNextConfig } from "../../config.js";
+import { getHostOpenClawConfigSnapshot } from "../../host-config.js";
+import { getFridayNextRuntime } from "../../runtime.js";
+/**
+ * Extract and validate bearer token from Authorization header.
+ * Returns the token only if it matches the gateway's configured auth token.
+ * Returns null if token is missing, malformed, or doesn't match.
+ */
+export function extractBearerToken(req) {
+    const auth = req.headers.authorization;
+    if (!auth || typeof auth !== "string")
+        return null;
+    const parts = auth.trim().split(/\s+/);
+    if (parts.length !== 2 || parts[0].toLowerCase() !== "bearer")
+        return null;
+    const token = parts[1];
+    // Validate token matches the gateway's configured auth token.
+    const cfg = getHostOpenClawConfigSnapshot(getFridayNextRuntime().config);
+    const runtimeConfig = resolveFridayNextConfig(cfg);
+    if (!runtimeConfig.authToken || token !== runtimeConfig.authToken)
+        return null;
+    return token;
+}

package/dist/src/http 2/middleware/body.d.ts

@@ -0,0 +1,2 @@
+import type { IncomingMessage } from "node:http";
+export declare function readJsonBody(req: IncomingMessage, maxBytes?: number): Promise<Record<string, unknown> | null>;

package/dist/src/http 2/middleware/body.js

@@ -0,0 +1,24 @@
+export async function readJsonBody(req, maxBytes = 2 * 1024 * 1024) {
+    return await new Promise((resolve) => {
+        const chunks = [];
+        let total = 0;
+        req.on("data", (chunk) => {
+            total += chunk.length;
+            if (total > maxBytes) {
+                resolve(null);
+                req.destroy();
+                return;
+            }
+            chunks.push(chunk);
+        });
+        req.on("end", () => {
+            try {
+                resolve(JSON.parse(Buffer.concat(chunks).toString("utf-8")));
+            }
+            catch {
+                resolve(null);
+            }
+        });
+        req.on("error", () => resolve(null));
+    });
+}

package/dist/src/http 2/middleware/cors.d.ts

@@ -0,0 +1,2 @@
+import type { ServerResponse } from "node:http";
+export declare function applyCorsHeaders(res: ServerResponse): void;

package/dist/src/http 2/middleware/cors.js

@@ -0,0 +1,11 @@
+import { resolveFridayNextConfig } from "../../config.js";
+import { getHostOpenClawConfigSnapshot } from "../../host-config.js";
+import { getFridayNextRuntime } from "../../runtime.js";
+export function applyCorsHeaders(res) {
+    const cfg = resolveFridayNextConfig(getHostOpenClawConfigSnapshot(getFridayNextRuntime().config));
+    if (!cfg.corsEnabled)
+        return;
+    res.setHeader("Access-Control-Allow-Origin", cfg.corsAllowOrigin || "*");
+    res.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type, Last-Event-ID");
+    res.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS");
+}

package/dist/src/sse/emitter.d.ts

@@ -1,5 +1,5 @@
 import type { ServerResponse } from "node:http";
-export type SseEventType = "connected" | "agent" | "deliver" | "tool-hook" | "outbound" | "ping" | "subagent";
+export type SseEventType = "connected" | "agent" | "deliver" | "tool-hook" | "outbound" | "ping" | "subagent" | "approval";
 export interface SseEvent {
     type: SseEventType;
     data: Record<string, unknown>;

package/index.ts

@@ -15,6 +15,7 @@ import { sseEmitter } from "./src/sse/emitter.js";
 import {
   forwardAgentEventRaw,
   getLastRegisteredFridayDeviceId,
+  isCodexRun,
   resolveFridayDeviceIdForSessionKey,
 } from "./src/friday-session.js";
 import { setFridayAgentForwardRuntime } from "./src/agent-forward-runtime.js";
@@ -22,6 +23,7 @@ import { setUpgradeRuntime } from "./src/upgrade-runtime.js";
 import { getOpenClawAgentRunContext } from "./src/agent-run-context-bridge.js";
 import { accumulateRunUsage } from "./src/agent/run-usage-accumulator.js";
 import { createFridayNextLogger } from "./src/logging.js";
+import { ensureCodexReasoningSummary } from "./src/codex-reasoning-config.js";
 
 const hookLogger = createFridayNextLogger("hook");
 
@@ -63,6 +65,38 @@ function isFridaySessionKey(sk: string): boolean {
   return /^friday-next-/i.test(sk) || /^agent:main:friday-next-/i.test(sk);
 }
 
+/** Shell/exec-style tools whose stdout the app renders as a `command_output` row (A3). */
+const COMMAND_TOOL_NAMES = new Set([
+  "exec",
+  "bash",
+  "shell",
+  "local_shell",
+  "command",
+  "process",
+  "run_terminal_cmd",
+]);
+
+function isCommandTool(toolName: unknown): boolean {
+  return typeof toolName === "string" && COMMAND_TOOL_NAMES.has(toolName.trim().toLowerCase());
+}
+
+/** Best-effort flatten of an after-hook tool result into the stdout string the app expects. */
+function coerceCommandOutput(result: unknown): string {
+  if (typeof result === "string") return result;
+  if (result && typeof result === "object") {
+    const r = result as Record<string, unknown>;
+    for (const key of ["output", "stdout", "text"]) {
+      if (typeof r[key] === "string") return r[key] as string;
+    }
+    try {
+      return JSON.stringify(result);
+    } catch {
+      return "";
+    }
+  }
+  return result == null ? "" : String(result);
+}
+
 function shouldForwardToolEventToFriday(ctx: PluginHookToolContext): boolean {
   if (ctx.runId) {
     if (sseEmitter.getDeviceIdByRunId(ctx.runId)) return true;
@@ -134,6 +168,10 @@ export default defineChannelPluginEntry({
     }
     fridayNextToolHooksRegistered = true;
 
+    // Make Codex (ChatGPT/OAuth) models emit reasoning summary text so the app can stream
+    // "thinking". OpenClaw never sets this; we assert it on the plugin side. Best-effort.
+    ensureCodexReasoningSummary((msg) => hookLogger.info(msg));
+
     api.on("subagent_delivery_target", (event: any) => {
       if (!event.expectsCompletionMessage) return;
       const ch = event.requesterOrigin?.channel?.trim().toLowerCase();
@@ -219,6 +257,29 @@ export default defineChannelPluginEntry({
           ts: Date.now(),
         },
       });
+
+      // A3: the Codex app-server backend never puts exec stdout on the `command_output` stream
+      // (its tool result carries only exitCode/duration), so the app shows the command row with no
+      // output. The after-hook DOES carry the full stdout — synthesize a `command_output` end event
+      // keyed by toolCallId (== the forwarded `item kind:command` itemId) so the app attaches it.
+      // Codex-only: embedded runs already stream `command_output` on the bus.
+      if (isCodexRun(runId) && event.toolCallId && isCommandTool(event.toolName)) {
+        const output = coerceCommandOutput(event.result);
+        if (output) {
+          forwardAgentEventRaw({
+            runId,
+            stream: "command_output",
+            data: {
+              itemId: event.toolCallId,
+              phase: "end",
+              output,
+              status: event.error ? "failed" : "completed",
+              durationMs: event.durationMs ?? null,
+            },
+            sessionKey: ctx.sessionKey,
+          });
+        }
+      }
     });
   },
 });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@syengup/friday-channel-next",
-  "version": "0.1.40",
+  "version": "1.0.0",
   "description": "OpenClaw Friday Next Apple channel plugin",
   "license": "MIT",
   "type": "module",
@@ -12,6 +12,19 @@
     "tsconfig.json",
     "openclaw.plugin.json"
   ],
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "lint": "eslint .",
+    "lint:fix": "eslint . --fix",
+    "format": "prettier --write .",
+    "format:check": "prettier --check .",
+    "prepublishOnly": "pnpm build && rm -rf dist/attachments",
+    "test": "npm run test:unit && npm run test:e2e",
+    "test:unit": "vitest run",
+    "test:e2e": "vitest run --config vitest.e2e.config.ts",
+    "test:smoke": "node scripts/e2e-smoke.mjs",
+    "test:msg-live": "node scripts/message-roundtrip-live.mjs"
+  },
   "bin": {
     "friday-channel-next": "install.js"
   },
@@ -62,17 +75,5 @@
     "typescript-eslint": "^8.61.1",
     "vitest": "^4.1.5",
     "zod": "^4.3.6"
-  },
-  "scripts": {
-    "build": "tsc -p tsconfig.json",
-    "lint": "eslint .",
-    "lint:fix": "eslint . --fix",
-    "format": "prettier --write .",
-    "format:check": "prettier --check .",
-    "test": "npm run test:unit && npm run test:e2e",
-    "test:unit": "vitest run",
-    "test:e2e": "vitest run --config vitest.e2e.config.ts",
-    "test:smoke": "node scripts/e2e-smoke.mjs",
-    "test:msg-live": "node scripts/message-roundtrip-live.mjs"
   }
-}
+}

package/src/approval/friday-approval-capability.test.ts

@@ -0,0 +1,78 @@
+import { describe, expect, it } from "vitest";
+import { buildPayload } from "./friday-approval-capability.js";
+
+const execView = {
+  approvalId: "exec:abc",
+  approvalKind: "exec",
+  title: "Codex command approval",
+  commandText: "curl -sS https://example.com",
+  commandPreview: "curl ...",
+  cwd: "/ws",
+  host: "sandbox",
+  metadata: [{ label: "Severity", value: "Warning" }],
+  actions: [
+    { decision: "allow-once", label: "Allow Once", style: "primary" },
+    { decision: "deny", label: "Deny", style: "danger" },
+  ],
+  expiresAtMs: 123,
+};
+
+const pluginView = {
+  approvalId: "plugin:xyz",
+  approvalKind: "plugin",
+  title: "Codex app-server command approval",
+  description: "Command: curl ...",
+  toolName: "codex_command_approval",
+  severity: "warning",
+  metadata: [{ label: "Tool", value: "codex_command_approval" }],
+  actions: [{ decision: "allow-always", label: "Allow Always", style: "secondary" }],
+  expiresAtMs: 456,
+};
+
+const reqWith = (sessionKey: string) => ({ request: { sessionKey } });
+
+describe("buildPayload", () => {
+  it("maps an exec approval view (command/cwd/host + actions)", () => {
+    const p = buildPayload({
+      op: "request",
+      view: execView,
+      request: reqWith("agent:main:fridaynext:s1"),
+      deviceId: "DEV1",
+    });
+    expect(p.op).toBe("request");
+    expect(p.kind).toBe("exec");
+    expect(p.approvalId).toBe("exec:abc");
+    expect(p.commandText).toBe("curl -sS https://example.com");
+    expect(p.cwd).toBe("/ws");
+    expect(p.host).toBe("sandbox");
+    expect(p.actions.map((a) => a.decision)).toEqual(["allow-once", "deny"]);
+    expect(p.sessionKey).toBe("agent:main:fridaynext:s1");
+    expect(p.deviceId).toBe("DEV1");
+    expect(p.expiresAtMs).toBe(123);
+  });
+
+  it("maps a plugin approval view (toolName/severity/description)", () => {
+    const p = buildPayload({
+      op: "request",
+      view: pluginView,
+      request: reqWith("agent:main:fridaynext:s2"),
+      deviceId: "DEV2",
+    });
+    expect(p.kind).toBe("plugin");
+    expect(p.toolName).toBe("codex_command_approval");
+    expect(p.severity).toBe("warning");
+    expect(p.description).toBe("Command: curl ...");
+    expect(p.actions[0].decision).toBe("allow-always");
+    expect(p.commandText).toBeNull();
+  });
+
+  it("defaults missing fields without throwing", () => {
+    const p = buildPayload({ op: "expired", view: {}, request: {}, deviceId: "D" });
+    expect(p.op).toBe("expired");
+    expect(p.kind).toBe("exec");
+    expect(p.approvalId).toBe("");
+    expect(p.actions).toEqual([]);
+    expect(p.metadata).toEqual([]);
+    expect(p.sessionKey).toBeNull();
+  });
+});

package/src/approval/friday-approval-capability.ts

@@ -0,0 +1,227 @@
+// Friday Next exec/plugin approval capability.
+//
+// Lets the Friday app receive tool-execution approval REQUESTS (e.g. a Codex model wanting to run a
+// shell command that needs confirmation) and submit allow/deny DECISIONS — instead of those
+// approvals only reaching the gateway's built-in ControlUI.
+//
+// Model: unlike Slack (a separate approver list authorized per-account), friday-next uses a
+// device-owner model — the device that owns the originating session is the approver. HTTP requests
+// already carry the channel bearer token, so per-sender authorization happens at the route layer;
+// here we only resolve WHICH device a request belongs to (its session's device) and deliver the
+// prompt there over SSE. The decision round-trips via POST /friday-next/approvals/{id}.
+//
+// We intentionally do NOT set a `delivery.shouldSuppressForwardingFallback` adapter, so enabling
+// this stays additive: ControlUI keeps working as a fallback while the app surface is the primary.
+
+import { createChannelApprovalNativeRuntimeAdapter } from "openclaw/plugin-sdk/approval-handler-runtime";
+import type { ChannelApprovalCapability } from "openclaw/plugin-sdk/channel-contract";
+import { sseEmitter } from "../sse/emitter.js";
+import { resolveFridayDeviceIdForSessionKey } from "../friday-session.js";
+import { createFridayNextLogger } from "../logging.js";
+
+const logger = createFridayNextLogger("approval");
+
+/** SSE payload the app receives for an approval lifecycle event. `op` is the phase. */
+export interface FridayApprovalPayload {
+  op: "request" | "resolved" | "expired";
+  approvalId: string;
+  kind: "exec" | "plugin";
+  title: string;
+  description?: string | null;
+  // exec
+  commandText?: string | null;
+  commandPreview?: string | null;
+  cwd?: string | null;
+  host?: string | null;
+  // plugin
+  toolName?: string | null;
+  severity?: string | null;
+  metadata: { label: string; value: string }[];
+  actions: { decision: string; label: string; style: string }[];
+  expiresAtMs?: number | null;
+  decision?: string | null;
+  resolvedBy?: string | null;
+  sessionKey?: string | null;
+  runId?: string | null;
+  deviceId: string;
+  ts: number;
+}
+
+interface PreparedTarget {
+  deviceId: string;
+}
+interface PendingEntry {
+  deviceId: string;
+  approvalId: string;
+}
+
+/** Pull the originating sessionKey out of an exec/plugin approval request (`request.request.*`). */
+function sessionKeyOf(request: unknown): string | undefined {
+  const inner = (request as { request?: { sessionKey?: unknown } } | undefined)?.request;
+  const sk = inner?.sessionKey;
+  return typeof sk === "string" && sk.trim() ? sk.trim() : undefined;
+}
+
+/** Resolve the friday device that owns this approval's session, if any. */
+function deviceForRequest(request: unknown): string | undefined {
+  const sk = sessionKeyOf(request);
+  if (!sk) return undefined;
+  const dev = resolveFridayDeviceIdForSessionKey(sk);
+  return dev ? dev.toUpperCase() : undefined;
+}
+
+/** Build the normalized app payload from a pending/resolved/expired approval view. */
+export function buildPayload(params: {
+  op: FridayApprovalPayload["op"];
+  view: Record<string, unknown>;
+  request: unknown;
+  deviceId: string;
+}): FridayApprovalPayload {
+  const { op, view, request, deviceId } = params;
+  const str = (v: unknown): string | null => (typeof v === "string" ? v : null);
+  const num = (v: unknown): number | null => (typeof v === "number" ? v : null);
+  const actionsRaw = Array.isArray(view.actions) ? (view.actions as Record<string, unknown>[]) : [];
+  const metaRaw = Array.isArray(view.metadata) ? (view.metadata as Record<string, unknown>[]) : [];
+  return {
+    op,
+    approvalId: str(view.approvalId) ?? "",
+    kind: view.approvalKind === "plugin" ? "plugin" : "exec",
+    title: str(view.title) ?? "",
+    description: str(view.description),
+    commandText: str(view.commandText),
+    commandPreview: str(view.commandPreview),
+    cwd: str(view.cwd),
+    host: str(view.host),
+    toolName: str(view.toolName),
+    severity: str(view.severity),
+    metadata: metaRaw.map((m) => ({ label: str(m.label) ?? "", value: str(m.value) ?? "" })),
+    actions: actionsRaw.map((a) => ({
+      decision: str(a.decision) ?? "",
+      label: str(a.label) ?? "",
+      style: str(a.style) ?? "secondary",
+    })),
+    expiresAtMs: num(view.expiresAtMs),
+    decision: str(view.decision),
+    resolvedBy: str(view.resolvedBy),
+    sessionKey: sessionKeyOf(request) ?? null,
+    runId: sseEmitter.getLastRunIdForDevice(deviceId),
+    deviceId,
+    ts: Date.now(),
+  };
+}
+
+function emitApproval(deviceId: string, payload: FridayApprovalPayload): void {
+  sseEmitter.broadcast({ type: "approval", data: { ...payload } }, deviceId, true);
+}
+
+const fridayApprovalNativeRuntime = createChannelApprovalNativeRuntimeAdapter<
+  FridayApprovalPayload,
+  PreparedTarget,
+  PendingEntry,
+  never,
+  FridayApprovalPayload
+>({
+  eventKinds: ["exec", "plugin"],
+  availability: {
+    isConfigured: () => true,
+    shouldHandle: ({ request }) => deviceForRequest(request) !== undefined,
+  },
+  presentation: {
+    buildPendingPayload: ({ request, view }) => {
+      const deviceId = deviceForRequest(request) ?? "";
+      return buildPayload({
+        op: "request",
+        view: view as unknown as Record<string, unknown>,
+        request,
+        deviceId,
+      });
+    },
+    buildResolvedResult: ({ request, view }) => {
+      const deviceId = deviceForRequest(request) ?? "";
+      return {
+        kind: "update",
+        payload: buildPayload({
+          op: "resolved",
+          view: view as unknown as Record<string, unknown>,
+          request,
+          deviceId,
+        }),
+      };
+    },
+    buildExpiredResult: ({ request, view }) => {
+      const deviceId = deviceForRequest(request) ?? "";
+      return {
+        kind: "update",
+        payload: buildPayload({
+          op: "expired",
+          view: view as unknown as Record<string, unknown>,
+          request,
+          deviceId,
+        }),
+      };
+    },
+  },
+  transport: {
+    prepareTarget: ({ plannedTarget, request }) => {
+      const planned =
+        typeof plannedTarget?.target?.to === "string" && plannedTarget.target.to.trim()
+          ? plannedTarget.target.to.trim().toUpperCase()
+          : undefined;
+      const deviceId = planned ?? deviceForRequest(request);
+      if (!deviceId) return null;
+      return { dedupeKey: `friday-approval:${deviceId}`, target: { deviceId } };
+    },
+    deliverPending: ({ preparedTarget, pendingPayload }) => {
+      const deviceId = preparedTarget.deviceId;
+      logger.info(`deliver approval ${pendingPayload.approvalId} kind=${pendingPayload.kind} -> ${deviceId}`);
+      emitApproval(deviceId, { ...pendingPayload, deviceId });
+      return { deviceId, approvalId: pendingPayload.approvalId };
+    },
+    updateEntry: async ({ entry, payload }) => {
+      emitApproval(entry.deviceId, { ...payload, deviceId: entry.deviceId });
+    },
+    deleteEntry: async ({ entry, phase }) => {
+      emitApproval(entry.deviceId, {
+        op: phase === "resolved" ? "resolved" : "expired",
+        approvalId: entry.approvalId,
+        kind: "exec",
+        title: "",
+        metadata: [],
+        actions: [],
+        deviceId: entry.deviceId,
+        ts: Date.now(),
+      });
+    },
+  },
+  observe: {
+    onDeliveryError: ({ error }) => {
+      logger.warn(`approval delivery failed: ${String(error)}`);
+    },
+  },
+});
+
+/**
+ * friday-next approval capability. `native` declares delivery to the originating device's session;
+ * `nativeRuntime` builds the app payload and ferries it over SSE. No `delivery` suppressor → additive
+ * with ControlUI.
+ */
+export const fridayApprovalCapability: ChannelApprovalCapability = {
+  native: {
+    describeDeliveryCapabilities: ({ request }) => {
+      const enabled = deviceForRequest(request) !== undefined;
+      return {
+        enabled,
+        preferredSurface: "origin",
+        supportsOriginSurface: true,
+        supportsApproverDmSurface: false,
+      };
+    },
+    resolveOriginTarget: ({ request }) => {
+      const deviceId = deviceForRequest(request);
+      return deviceId ? { to: deviceId } : null;
+    },
+  },
+  // Cast widens the parameterized adapter to the field's `unknown`-typed shape (function-param
+  // contravariance). Same escape hatch Slack uses for its lazy runtime adapter.
+  nativeRuntime: fridayApprovalNativeRuntime as unknown as ChannelApprovalCapability["nativeRuntime"],
+};

package/src/channel.ts

@@ -10,6 +10,9 @@ import os from "node:os";
 import path from "node:path";
 import { createChatChannelPlugin } from "openclaw/plugin-sdk/core";
 import { waitUntilAbort } from "openclaw/plugin-sdk/channel-lifecycle";
+import { registerChannelRuntimeContext } from "openclaw/plugin-sdk/channel-runtime-context";
+import { CHANNEL_APPROVAL_NATIVE_RUNTIME_CONTEXT_CAPABILITY } from "openclaw/plugin-sdk/approval-handler-adapter-runtime";
+import type { ChannelGatewayContext } from "openclaw/plugin-sdk/channel-contract";
 import { createFridayNextLogger } from "./logging.js";
 import type { ChannelAccountSnapshot } from "openclaw/plugin-sdk/status-helpers";
 import { saveMediaBuffer } from "openclaw/plugin-sdk/media-store";
@@ -24,6 +27,7 @@ import {
 } from "./friday-session.js";
 import { getRunRoute } from "./run-metadata.js";
 import { getLastFridayInboundAt } from "./friday-inbound-stats.js";
+import { fridayApprovalCapability } from "./approval/friday-approval-capability.js";
 
 const logger = createFridayNextLogger("channel");
 const CHANNEL_ID = "friday-next" as const;
@@ -113,7 +117,22 @@ const fridayLifecycle = {
  * (reload/shutdown) so the channel stays `running:true` and continuously deliverable.
  */
 const fridayGateway = {
-  startAccount: async (ctx: { abortSignal: AbortSignal }): Promise<void> => {
+  startAccount: async (ctx: ChannelGatewayContext): Promise<void> => {
+    // Activate exec/plugin approval delivery to the app. The gateway's approval-handler bootstrap
+    // only wires up our `approvalCapability` once the channel registers an "approval.native" runtime
+    // context (the registration event is the gate — without it approvals silently skip friday-next
+    // and only reach ControlUI). friday-next's nativeRuntime needs no per-account state — it resolves
+    // the target device from each request's sessionKey via global singletons — so context is empty.
+    if (ctx.channelRuntime) {
+      registerChannelRuntimeContext({
+        channelRuntime: ctx.channelRuntime,
+        channelId: CHANNEL_ID,
+        accountId: ctx.accountId,
+        capability: CHANNEL_APPROVAL_NATIVE_RUNTIME_CONTEXT_CAPABILITY,
+        context: {},
+        abortSignal: ctx.abortSignal,
+      });
+    }
     await waitUntilAbort(ctx.abortSignal);
   },
 };
@@ -342,3 +361,8 @@ export const fridayNextChannelPlugin = createChatChannelPlugin({
     },
   },
 });
+
+// Attach exec/plugin approval delivery to the app. `createChatChannelPlugin` has no config slot for
+// it, so it's set on the returned plugin object; setting it auto-registers the native approval
+// handler via the gateway's approval bootstrap. Additive with ControlUI (no forwarding suppressor).
+fridayNextChannelPlugin.approvalCapability = fridayApprovalCapability;

package/src/codex-reasoning-config.test.ts

@@ -0,0 +1,28 @@
+import { describe, expect, it } from "vitest";
+import { hasTopLevelSummaryKey } from "./codex-reasoning-config.js";
+
+describe("hasTopLevelSummaryKey", () => {
+  it("returns true when the key is a top-level entry", () => {
+    expect(hasTopLevelSummaryKey('model_reasoning_summary = "detailed"\n')).toBe(true);
+    expect(
+      hasTopLevelSummaryKey('model_reasoning_summary = "auto"\n\n[projects."/x"]\ntrust_level = "trusted"\n'),
+    ).toBe(true);
+  });
+
+  it("returns false when the file has no key", () => {
+    expect(hasTopLevelSummaryKey("")).toBe(false);
+    expect(hasTopLevelSummaryKey('[projects."/x"]\ntrust_level = "trusted"\n')).toBe(false);
+  });
+
+  it("treats a key nested under a [section] as NOT top-level (TOML scoping)", () => {
+    // This is the trap: appended after a table header the key belongs to that table, so Codex
+    // ignores it. Must be reported as absent so the caller prepends a real top-level key.
+    const nested = '[projects."/x"]\ntrust_level = "trusted"\nmodel_reasoning_summary = "detailed"\n';
+    expect(hasTopLevelSummaryKey(nested)).toBe(false);
+  });
+
+  it("ignores commented or partial matches", () => {
+    expect(hasTopLevelSummaryKey('# model_reasoning_summary = "detailed"\n')).toBe(false);
+    expect(hasTopLevelSummaryKey("model_reasoning_summary_extra = 1\n")).toBe(false);
+  });
+});