@wlfi-agent/cli 1.4.12 → 1.4.14

package/crates/vault-daemon/src/tests_parts/part2.rs

@@ -0,0 +1,1021 @@
+#[tokio::test]
+async fn broadcast_without_nonce_reservation_is_rejected() {
+    let daemon = InMemoryDaemon::new(
+        "vault-password",
+        SoftwareSignerBackend::default(),
+        DaemonConfig::default(),
+    )
+    .expect("daemon");
+
+    let lease = daemon.issue_lease("vault-password").await.expect("lease");
+    let session = AdminSession {
+        vault_password: "vault-password".to_string(),
+        lease,
+    };
+    daemon
+        .add_policy(&session, policy_all_per_tx(1_000_000_000_000_000_000))
+        .await
+        .expect("add per-tx policy");
+    daemon
+        .add_policy(&session, policy_per_chain_gas(1, 1_000_000_000_000_000))
+        .await
+        .expect("add gas policy");
+
+    let key = daemon
+        .create_vault_key(&session, KeyCreateRequest::Generate)
+        .await
+        .expect("key");
+    let agent_credentials = daemon
+        .create_agent_key(&session, key.id, PolicyAttachment::AllPolicies)
+        .await
+        .expect("agent");
+
+    let request = sign_request(
+        &agent_credentials,
+        AgentAction::BroadcastTx {
+            tx: BroadcastTx {
+                chain_id: 1,
+                nonce: 0,
+                to: "0x9300000000000000000000000000000000000000"
+                    .parse()
+                    .expect("to"),
+                value_wei: 0,
+                data_hex: "0x".to_string(),
+                gas_limit: 21_000,
+                max_fee_per_gas_wei: 1_000_000_000,
+                max_priority_fee_per_gas_wei: 1_000_000_000,
+                tx_type: 0x02,
+                delegation_enabled: false,
+            },
+        },
+    );
+    let err = daemon
+        .sign_for_agent(request)
+        .await
+        .expect_err("broadcast signing requires nonce reservation");
+    assert!(matches!(
+        err,
+        DaemonError::MissingNonceReservation {
+            chain_id: 1,
+            nonce: 0
+        }
+    ));
+}
+
+#[tokio::test]
+async fn reserve_nonce_is_monotonic_for_same_agent_and_chain() {
+    let daemon = InMemoryDaemon::new(
+        "vault-password",
+        SoftwareSignerBackend::default(),
+        DaemonConfig::default(),
+    )
+    .expect("daemon");
+
+    let lease = daemon.issue_lease("vault-password").await.expect("lease");
+    let session = AdminSession {
+        vault_password: "vault-password".to_string(),
+        lease,
+    };
+    daemon
+        .add_policy(&session, policy_all_per_tx(1_000_000_000_000_000_000))
+        .await
+        .expect("add policy");
+    let key = daemon
+        .create_vault_key(&session, KeyCreateRequest::Generate)
+        .await
+        .expect("key");
+    let agent_credentials = daemon
+        .create_agent_key(&session, key.id, PolicyAttachment::AllPolicies)
+        .await
+        .expect("agent");
+
+    let now = time::OffsetDateTime::now_utc();
+    let first = daemon
+        .reserve_nonce(NonceReservationRequest {
+            request_id: Uuid::new_v4(),
+            agent_key_id: agent_credentials.agent_key.id,
+            agent_auth_token: agent_credentials.auth_token.clone(),
+            chain_id: 1,
+            min_nonce: 7,
+            requested_at: now,
+            expires_at: now + time::Duration::minutes(2),
+        })
+        .await
+        .expect("first reservation");
+    let second = daemon
+        .reserve_nonce(NonceReservationRequest {
+            request_id: Uuid::new_v4(),
+            agent_key_id: agent_credentials.agent_key.id,
+            agent_auth_token: agent_credentials.auth_token,
+            chain_id: 1,
+            min_nonce: 7,
+            requested_at: now,
+            expires_at: now + time::Duration::minutes(2),
+        })
+        .await
+        .expect("second reservation");
+    assert_eq!(first.nonce, 7);
+    assert_eq!(second.nonce, 8);
+}
+
+#[tokio::test]
+async fn reserve_nonce_replayed_request_id_is_rejected() {
+    let daemon = InMemoryDaemon::new(
+        "vault-password",
+        SoftwareSignerBackend::default(),
+        DaemonConfig::default(),
+    )
+    .expect("daemon");
+
+    let lease = daemon.issue_lease("vault-password").await.expect("lease");
+    let session = AdminSession {
+        vault_password: "vault-password".to_string(),
+        lease,
+    };
+    daemon
+        .add_policy(&session, policy_all_per_tx(1_000_000_000_000_000_000))
+        .await
+        .expect("add policy");
+    let key = daemon
+        .create_vault_key(&session, KeyCreateRequest::Generate)
+        .await
+        .expect("key");
+    let agent_credentials = daemon
+        .create_agent_key(&session, key.id, PolicyAttachment::AllPolicies)
+        .await
+        .expect("agent");
+
+    let now = time::OffsetDateTime::now_utc();
+    let request = NonceReservationRequest {
+        request_id: Uuid::new_v4(),
+        agent_key_id: agent_credentials.agent_key.id,
+        agent_auth_token: agent_credentials.auth_token,
+        chain_id: 1,
+        min_nonce: 0,
+        requested_at: now,
+        expires_at: now + time::Duration::minutes(2),
+    };
+
+    daemon
+        .reserve_nonce(request.clone())
+        .await
+        .expect("first reserve");
+
+    let err = daemon
+        .reserve_nonce(request)
+        .await
+        .expect_err("replayed reserve request id must fail");
+    assert!(matches!(err, DaemonError::RequestReplayDetected));
+}
+
+#[tokio::test]
+async fn release_nonce_reclaims_latest_unused_nonce() {
+    let daemon = InMemoryDaemon::new(
+        "vault-password",
+        SoftwareSignerBackend::default(),
+        DaemonConfig::default(),
+    )
+    .expect("daemon");
+
+    let lease = daemon.issue_lease("vault-password").await.expect("lease");
+    let session = AdminSession {
+        vault_password: "vault-password".to_string(),
+        lease,
+    };
+    daemon
+        .add_policy(&session, policy_all_per_tx(1_000_000_000_000_000_000))
+        .await
+        .expect("add policy");
+    let key = daemon
+        .create_vault_key(&session, KeyCreateRequest::Generate)
+        .await
+        .expect("key");
+    let agent_credentials = daemon
+        .create_agent_key(&session, key.id, PolicyAttachment::AllPolicies)
+        .await
+        .expect("agent");
+
+    let now = time::OffsetDateTime::now_utc();
+    let reservation = daemon
+        .reserve_nonce(NonceReservationRequest {
+            request_id: Uuid::new_v4(),
+            agent_key_id: agent_credentials.agent_key.id,
+            agent_auth_token: agent_credentials.auth_token.clone(),
+            chain_id: 56,
+            min_nonce: 0,
+            requested_at: now,
+            expires_at: now + time::Duration::minutes(2),
+        })
+        .await
+        .expect("reserve");
+    assert_eq!(reservation.nonce, 0);
+
+    daemon
+        .release_nonce(NonceReleaseRequest {
+            request_id: Uuid::new_v4(),
+            agent_key_id: agent_credentials.agent_key.id,
+            agent_auth_token: agent_credentials.auth_token.clone(),
+            reservation_id: reservation.reservation_id,
+            requested_at: now,
+            expires_at: now + time::Duration::minutes(2),
+        })
+        .await
+        .expect("release");
+
+    let next = daemon
+        .reserve_nonce(NonceReservationRequest {
+            request_id: Uuid::new_v4(),
+            agent_key_id: agent_credentials.agent_key.id,
+            agent_auth_token: agent_credentials.auth_token,
+            chain_id: 56,
+            min_nonce: 0,
+            requested_at: now,
+            expires_at: now + time::Duration::minutes(2),
+        })
+        .await
+        .expect("reserve after release");
+    assert_eq!(next.nonce, 0);
+}
+
+#[tokio::test]
+async fn expired_nonce_reservation_is_reclaimed_before_next_reserve() {
+    let daemon = InMemoryDaemon::new(
+        "vault-password",
+        SoftwareSignerBackend::default(),
+        DaemonConfig {
+            nonce_reservation_ttl: time::Duration::milliseconds(5),
+            ..DaemonConfig::default()
+        },
+    )
+    .expect("daemon");
+
+    let lease = daemon.issue_lease("vault-password").await.expect("lease");
+    let session = AdminSession {
+        vault_password: "vault-password".to_string(),
+        lease,
+    };
+    daemon
+        .add_policy(&session, policy_all_per_tx(1_000_000_000_000_000_000))
+        .await
+        .expect("add policy");
+    let key = daemon
+        .create_vault_key(&session, KeyCreateRequest::Generate)
+        .await
+        .expect("key");
+    let agent_credentials = daemon
+        .create_agent_key(&session, key.id, PolicyAttachment::AllPolicies)
+        .await
+        .expect("agent");
+
+    let now = time::OffsetDateTime::now_utc();
+    let first = daemon
+        .reserve_nonce(NonceReservationRequest {
+            request_id: Uuid::new_v4(),
+            agent_key_id: agent_credentials.agent_key.id,
+            agent_auth_token: agent_credentials.auth_token.clone(),
+            chain_id: 56,
+            min_nonce: 0,
+            requested_at: now,
+            expires_at: now + time::Duration::minutes(2),
+        })
+        .await
+        .expect("first reserve");
+    assert_eq!(first.nonce, 0);
+
+    tokio::time::sleep(std::time::Duration::from_millis(20)).await;
+
+    let second = daemon
+        .reserve_nonce(NonceReservationRequest {
+            request_id: Uuid::new_v4(),
+            agent_key_id: agent_credentials.agent_key.id,
+            agent_auth_token: agent_credentials.auth_token,
+            chain_id: 56,
+            min_nonce: 0,
+            requested_at: time::OffsetDateTime::now_utc(),
+            expires_at: time::OffsetDateTime::now_utc() + time::Duration::minutes(2),
+        })
+        .await
+        .expect("second reserve");
+    assert_eq!(second.nonce, 0);
+}
+
+#[tokio::test]
+async fn reserve_nonce_rejects_zero_chain_id() {
+    let daemon = InMemoryDaemon::new(
+        "vault-password",
+        SoftwareSignerBackend::default(),
+        DaemonConfig::default(),
+    )
+    .expect("daemon");
+
+    let lease = daemon.issue_lease("vault-password").await.expect("lease");
+    let session = AdminSession {
+        vault_password: "vault-password".to_string(),
+        lease,
+    };
+    daemon
+        .add_policy(&session, policy_all_per_tx(1_000_000_000_000_000_000))
+        .await
+        .expect("add policy");
+    let key = daemon
+        .create_vault_key(&session, KeyCreateRequest::Generate)
+        .await
+        .expect("key");
+    let agent_credentials = daemon
+        .create_agent_key(&session, key.id, PolicyAttachment::AllPolicies)
+        .await
+        .expect("agent");
+
+    let now = time::OffsetDateTime::now_utc();
+    let err = daemon
+        .reserve_nonce(NonceReservationRequest {
+            request_id: Uuid::new_v4(),
+            agent_key_id: agent_credentials.agent_key.id,
+            agent_auth_token: agent_credentials.auth_token,
+            chain_id: 0,
+            min_nonce: 0,
+            requested_at: now,
+            expires_at: now + time::Duration::minutes(2),
+        })
+        .await
+        .expect_err("chain_id zero must fail");
+
+    assert!(matches!(
+        err,
+        DaemonError::InvalidNonceReservation(message)
+            if message.contains("chain_id must be greater than zero")
+    ));
+}
+
+#[tokio::test]
+async fn release_nonce_replayed_request_id_is_rejected() {
+    let daemon = InMemoryDaemon::new(
+        "vault-password",
+        SoftwareSignerBackend::default(),
+        DaemonConfig::default(),
+    )
+    .expect("daemon");
+
+    let lease = daemon.issue_lease("vault-password").await.expect("lease");
+    let session = AdminSession {
+        vault_password: "vault-password".to_string(),
+        lease,
+    };
+    daemon
+        .add_policy(&session, policy_all_per_tx(1_000_000_000_000_000_000))
+        .await
+        .expect("add policy");
+    let key = daemon
+        .create_vault_key(&session, KeyCreateRequest::Generate)
+        .await
+        .expect("key");
+    let agent_credentials = daemon
+        .create_agent_key(&session, key.id, PolicyAttachment::AllPolicies)
+        .await
+        .expect("agent");
+
+    let now = time::OffsetDateTime::now_utc();
+    let reservation = daemon
+        .reserve_nonce(NonceReservationRequest {
+            request_id: Uuid::new_v4(),
+            agent_key_id: agent_credentials.agent_key.id,
+            agent_auth_token: agent_credentials.auth_token.clone(),
+            chain_id: 1,
+            min_nonce: 0,
+            requested_at: now,
+            expires_at: now + time::Duration::minutes(2),
+        })
+        .await
+        .expect("reserve");
+
+    let release_request = NonceReleaseRequest {
+        request_id: Uuid::new_v4(),
+        agent_key_id: agent_credentials.agent_key.id,
+        agent_auth_token: agent_credentials.auth_token,
+        reservation_id: reservation.reservation_id,
+        requested_at: now,
+        expires_at: now + time::Duration::minutes(2),
+    };
+
+    daemon
+        .release_nonce(release_request.clone())
+        .await
+        .expect("first release");
+
+    let err = daemon
+        .release_nonce(release_request)
+        .await
+        .expect_err("replayed release request id must fail");
+    assert!(matches!(err, DaemonError::RequestReplayDetected));
+}
+
+#[tokio::test]
+async fn release_nonce_rejects_non_owner_agent() {
+    let daemon = InMemoryDaemon::new(
+        "vault-password",
+        SoftwareSignerBackend::default(),
+        DaemonConfig::default(),
+    )
+    .expect("daemon");
+
+    let lease = daemon.issue_lease("vault-password").await.expect("lease");
+    let session = AdminSession {
+        vault_password: "vault-password".to_string(),
+        lease,
+    };
+    daemon
+        .add_policy(&session, policy_all_per_tx(1_000_000_000_000_000_000))
+        .await
+        .expect("add policy");
+    let key = daemon
+        .create_vault_key(&session, KeyCreateRequest::Generate)
+        .await
+        .expect("key");
+
+    let owner_credentials = daemon
+        .create_agent_key(&session, key.id, PolicyAttachment::AllPolicies)
+        .await
+        .expect("owner");
+    let attacker_credentials = daemon
+        .create_agent_key(&session, key.id, PolicyAttachment::AllPolicies)
+        .await
+        .expect("attacker");
+
+    let now = time::OffsetDateTime::now_utc();
+    let reservation = daemon
+        .reserve_nonce(NonceReservationRequest {
+            request_id: Uuid::new_v4(),
+            agent_key_id: owner_credentials.agent_key.id,
+            agent_auth_token: owner_credentials.auth_token.clone(),
+            chain_id: 1,
+            min_nonce: 0,
+            requested_at: now,
+            expires_at: now + time::Duration::minutes(2),
+        })
+        .await
+        .expect("reserve");
+
+    let err = daemon
+        .release_nonce(NonceReleaseRequest {
+            request_id: Uuid::new_v4(),
+            agent_key_id: attacker_credentials.agent_key.id,
+            agent_auth_token: attacker_credentials.auth_token,
+            reservation_id: reservation.reservation_id,
+            requested_at: now,
+            expires_at: now + time::Duration::minutes(2),
+        })
+        .await
+        .expect_err("non-owner should not release reservation");
+    assert!(matches!(err, DaemonError::AgentAuthenticationFailed));
+
+    daemon
+        .release_nonce(NonceReleaseRequest {
+            request_id: Uuid::new_v4(),
+            agent_key_id: owner_credentials.agent_key.id,
+            agent_auth_token: owner_credentials.auth_token,
+            reservation_id: reservation.reservation_id,
+            requested_at: now,
+            expires_at: now + time::Duration::minutes(2),
+        })
+        .await
+        .expect("owner must still be able to release");
+}
+
+#[tokio::test]
+async fn explain_for_agent_returns_denial_without_error() {
+    let daemon = InMemoryDaemon::new(
+        "vault-password",
+        SoftwareSignerBackend::default(),
+        DaemonConfig::default(),
+    )
+    .expect("daemon");
+
+    let lease = daemon.issue_lease("vault-password").await.expect("lease");
+    let session = AdminSession {
+        vault_password: "vault-password".to_string(),
+        lease,
+    };
+    let policy = policy_all_per_tx(10);
+    daemon
+        .add_policy(&session, policy.clone())
+        .await
+        .expect("add policy");
+
+    let key = daemon
+        .create_vault_key(&session, KeyCreateRequest::Generate)
+        .await
+        .expect("key");
+    let agent_credentials = daemon
+        .create_agent_key(&session, key.id, PolicyAttachment::AllPolicies)
+        .await
+        .expect("agent");
+
+    let request = sign_request(
+        &agent_credentials,
+        AgentAction::Transfer {
+            chain_id: 1,
+            token: "0x7700000000000000000000000000000000000000"
+                .parse()
+                .expect("token"),
+            to: "0x8700000000000000000000000000000000000000"
+                .parse()
+                .expect("recipient"),
+            amount_wei: 11,
+        },
+    );
+    let explanation = daemon
+        .explain_for_agent(request)
+        .await
+        .expect("explain should return payload");
+    assert_eq!(explanation.applicable_policy_ids, vec![policy.id]);
+    assert_eq!(explanation.evaluated_policy_ids, vec![policy.id]);
+    match explanation.decision {
+        vault_policy::PolicyDecision::Deny(PolicyError::PerTxLimitExceeded { .. }) => {}
+        other => panic!("unexpected explanation decision: {other:?}"),
+    }
+}
+
+#[tokio::test]
+async fn unknown_agent_key_is_not_disclosed_in_sign_api() {
+    let daemon = InMemoryDaemon::new(
+        "vault-password",
+        SoftwareSignerBackend::default(),
+        DaemonConfig::default(),
+    )
+    .expect("daemon");
+
+    let token = "0x7100000000000000000000000000000000000000"
+        .parse::<EvmAddress>()
+        .expect("token");
+    let recipient = "0x8100000000000000000000000000000000000000"
+        .parse::<EvmAddress>()
+        .expect("recipient");
+
+    let request = SignRequest {
+        request_id: Uuid::new_v4(),
+        agent_key_id: Uuid::new_v4(),
+        agent_auth_token: "random-token".to_string(),
+        payload: to_vec(&AgentAction::Transfer {
+            chain_id: 1,
+            token: token.clone(),
+            to: recipient.clone(),
+            amount_wei: 1,
+        })
+        .expect("payload"),
+        action: AgentAction::Transfer {
+            chain_id: 1,
+            token,
+            to: recipient,
+            amount_wei: 1,
+        },
+        requested_at: time::OffsetDateTime::now_utc(),
+        expires_at: time::OffsetDateTime::now_utc() + time::Duration::minutes(2),
+    };
+
+    let err = daemon
+        .sign_for_agent(request)
+        .await
+        .expect_err("unknown key must not leak key existence");
+    assert!(matches!(err, DaemonError::AgentAuthenticationFailed));
+}
+
+#[tokio::test]
+async fn release_nonce_removes_reservation_from_snapshot() {
+    let daemon = InMemoryDaemon::new(
+        "vault-password",
+        SoftwareSignerBackend::default(),
+        DaemonConfig::default(),
+    )
+    .expect("daemon");
+
+    let lease = daemon.issue_lease("vault-password").await.expect("lease");
+    let session = AdminSession {
+        vault_password: "vault-password".to_string(),
+        lease,
+    };
+    daemon
+        .add_policy(&session, policy_all_per_tx(1_000_000_000_000_000_000))
+        .await
+        .expect("add policy");
+    let key = daemon
+        .create_vault_key(&session, KeyCreateRequest::Generate)
+        .await
+        .expect("key");
+    let agent_credentials = daemon
+        .create_agent_key(&session, key.id, PolicyAttachment::AllPolicies)
+        .await
+        .expect("agent");
+
+    let now = time::OffsetDateTime::now_utc();
+    let reservation = daemon
+        .reserve_nonce(NonceReservationRequest {
+            request_id: Uuid::new_v4(),
+            agent_key_id: agent_credentials.agent_key.id,
+            agent_auth_token: agent_credentials.auth_token.clone(),
+            chain_id: 1,
+            min_nonce: 0,
+            requested_at: now,
+            expires_at: now + time::Duration::minutes(2),
+        })
+        .await
+        .expect("reserve");
+
+    let release_request = NonceReleaseRequest {
+        request_id: Uuid::new_v4(),
+        agent_key_id: agent_credentials.agent_key.id,
+        agent_auth_token: agent_credentials.auth_token,
+        reservation_id: reservation.reservation_id,
+        requested_at: now,
+        expires_at: now + time::Duration::minutes(2),
+    };
+
+    daemon
+        .release_nonce(release_request)
+        .await
+        .expect("release");
+
+    let snapshot = daemon.snapshot_state().expect("snapshot");
+    assert!(
+        !snapshot
+            .nonce_reservations
+            .contains_key(&reservation.reservation_id),
+        "released reservation must be removed from persisted state snapshot"
+    );
+}
+
+#[tokio::test]
+async fn payload_action_mismatch_is_rejected() {
+    let daemon = InMemoryDaemon::new(
+        "vault-password",
+        SoftwareSignerBackend::default(),
+        DaemonConfig::default(),
+    )
+    .expect("daemon");
+
+    let lease = daemon.issue_lease("vault-password").await.expect("lease");
+    let session = AdminSession {
+        vault_password: "vault-password".to_string(),
+        lease,
+    };
+    daemon
+        .add_policy(&session, policy_all_per_tx(100))
+        .await
+        .expect("add policy");
+
+    let key = daemon
+        .create_vault_key(&session, KeyCreateRequest::Generate)
+        .await
+        .expect("key");
+    let agent_credentials = daemon
+        .create_agent_key(&session, key.id, PolicyAttachment::AllPolicies)
+        .await
+        .expect("agent");
+
+    let token = "0x9000000000000000000000000000000000000000"
+        .parse::<EvmAddress>()
+        .expect("token");
+    let recipient = "0xa000000000000000000000000000000000000000"
+        .parse::<EvmAddress>()
+        .expect("recipient");
+
+    let declared_action = AgentAction::Transfer {
+        chain_id: 1,
+        token: token.clone(),
+        to: recipient.clone(),
+        amount_wei: 10,
+    };
+    let mut request = sign_request(&agent_credentials, declared_action.clone());
+    request.payload = to_vec(&AgentAction::Transfer {
+        chain_id: 1,
+        token,
+        to: recipient,
+        amount_wei: 99,
+    })
+    .expect("payload");
+    request.action = declared_action;
+
+    let err = daemon
+        .sign_for_agent(request)
+        .await
+        .expect_err("mismatched payload/action must fail");
+    assert!(matches!(err, DaemonError::PayloadActionMismatch));
+}
+
+#[tokio::test]
+async fn malformed_payload_is_rejected() {
+    let daemon = InMemoryDaemon::new(
+        "vault-password",
+        SoftwareSignerBackend::default(),
+        DaemonConfig::default(),
+    )
+    .expect("daemon");
+
+    let lease = daemon.issue_lease("vault-password").await.expect("lease");
+    let session = AdminSession {
+        vault_password: "vault-password".to_string(),
+        lease,
+    };
+    daemon
+        .add_policy(&session, policy_all_per_tx(100))
+        .await
+        .expect("add policy");
+
+    let key = daemon
+        .create_vault_key(&session, KeyCreateRequest::Generate)
+        .await
+        .expect("key");
+    let agent_credentials = daemon
+        .create_agent_key(&session, key.id, PolicyAttachment::AllPolicies)
+        .await
+        .expect("agent");
+
+    let token = "0x9100000000000000000000000000000000000000"
+        .parse::<EvmAddress>()
+        .expect("token");
+    let recipient = "0xa100000000000000000000000000000000000000"
+        .parse::<EvmAddress>()
+        .expect("recipient");
+
+    let mut request = sign_request(
+        &agent_credentials,
+        AgentAction::Transfer {
+            chain_id: 1,
+            token,
+            to: recipient,
+            amount_wei: 1,
+        },
+    );
+    request.payload = b"not-json".to_vec();
+
+    let err = daemon
+        .sign_for_agent(request)
+        .await
+        .expect_err("malformed payload must fail");
+    assert!(matches!(err, DaemonError::PayloadActionMismatch));
+}
+
+#[tokio::test]
+async fn payload_with_extra_fields_is_rejected() {
+    let daemon = InMemoryDaemon::new(
+        "vault-password",
+        SoftwareSignerBackend::default(),
+        DaemonConfig::default(),
+    )
+    .expect("daemon");
+
+    let lease = daemon.issue_lease("vault-password").await.expect("lease");
+    let session = AdminSession {
+        vault_password: "vault-password".to_string(),
+        lease,
+    };
+    daemon
+        .add_policy(&session, policy_all_per_tx(100))
+        .await
+        .expect("add policy");
+
+    let key = daemon
+        .create_vault_key(&session, KeyCreateRequest::Generate)
+        .await
+        .expect("key");
+    let agent_credentials = daemon
+        .create_agent_key(&session, key.id, PolicyAttachment::AllPolicies)
+        .await
+        .expect("agent");
+
+    let token = "0x9100000000000000000000000000000000000000"
+        .parse::<EvmAddress>()
+        .expect("token");
+    let recipient = "0xa100000000000000000000000000000000000000"
+        .parse::<EvmAddress>()
+        .expect("recipient");
+
+    let action = AgentAction::Transfer {
+        chain_id: 1,
+        token: token.clone(),
+        to: recipient.clone(),
+        amount_wei: 1,
+    };
+    let mut request = sign_request(&agent_credentials, action.clone());
+    request.payload = format!(
+        "{{\"kind\":\"Transfer\",\"token\":\"{}\",\"to\":\"{}\",\"amount_wei\":\"1\",\"unexpected\":\"x\"}}",
+        token.as_str(),
+        recipient.as_str()
+    )
+    .into_bytes();
+    request.action = action;
+
+    let err = daemon
+        .sign_for_agent(request)
+        .await
+        .expect_err("non-canonical payload must fail");
+    assert!(matches!(err, DaemonError::PayloadActionMismatch));
+}
+
+#[tokio::test]
+async fn oversized_payload_is_rejected() {
+    let config = DaemonConfig {
+        max_sign_payload_bytes: 64,
+        ..DaemonConfig::default()
+    };
+    let daemon =
+        InMemoryDaemon::new("vault-password", SoftwareSignerBackend::default(), config)
+            .expect("daemon");
+
+    let lease = daemon.issue_lease("vault-password").await.expect("lease");
+    let session = AdminSession {
+        vault_password: "vault-password".to_string(),
+        lease,
+    };
+    daemon
+        .add_policy(&session, policy_all_per_tx(100))
+        .await
+        .expect("add policy");
+
+    let key = daemon
+        .create_vault_key(&session, KeyCreateRequest::Generate)
+        .await
+        .expect("key");
+    let agent_credentials = daemon
+        .create_agent_key(&session, key.id, PolicyAttachment::AllPolicies)
+        .await
+        .expect("agent");
+
+    let token = "0x9100000000000000000000000000000000000000"
+        .parse::<EvmAddress>()
+        .expect("token");
+    let recipient = "0xa100000000000000000000000000000000000000"
+        .parse::<EvmAddress>()
+        .expect("recipient");
+
+    let mut request = sign_request(
+        &agent_credentials,
+        AgentAction::Transfer {
+            chain_id: 1,
+            token,
+            to: recipient,
+            amount_wei: 1,
+        },
+    );
+    request.payload = vec![b'a'; 65];
+
+    let err = daemon
+        .sign_for_agent(request)
+        .await
+        .expect_err("oversized payload must fail");
+    assert!(matches!(
+        err,
+        DaemonError::PayloadTooLarge { max_bytes: 64 }
+    ));
+}
+
+#[tokio::test]
+async fn spend_log_retention_prunes_old_entries() {
+    let daemon = InMemoryDaemon::new(
+        "vault-password",
+        SoftwareSignerBackend::default(),
+        DaemonConfig::default(),
+    )
+    .expect("daemon");
+
+    let lease = daemon.issue_lease("vault-password").await.expect("lease");
+    let session = AdminSession {
+        vault_password: "vault-password".to_string(),
+        lease,
+    };
+    daemon
+        .add_policy(&session, policy_all_per_tx(100))
+        .await
+        .expect("add policy");
+
+    let key = daemon
+        .create_vault_key(&session, KeyCreateRequest::Generate)
+        .await
+        .expect("key");
+    let agent_credentials = daemon
+        .create_agent_key(&session, key.id, PolicyAttachment::AllPolicies)
+        .await
+        .expect("agent");
+
+    let old_token = "0x9200000000000000000000000000000000000000"
+        .parse::<EvmAddress>()
+        .expect("token");
+    let old_recipient = "0xa200000000000000000000000000000000000000"
+        .parse::<EvmAddress>()
+        .expect("recipient");
+    daemon
+        .spend_log
+        .write()
+        .expect("log write")
+        .push(vault_domain::SpendEvent {
+            agent_key_id: agent_credentials.agent_key.id,
+            chain_id: 1,
+            asset: AssetId::Erc20(old_token),
+            recipient: old_recipient,
+            amount_wei: 1,
+            at: time::OffsetDateTime::now_utc() - time::Duration::days(30),
+        });
+
+    let token = "0x9300000000000000000000000000000000000000"
+        .parse::<EvmAddress>()
+        .expect("token");
+    let recipient = "0xa300000000000000000000000000000000000000"
+        .parse::<EvmAddress>()
+        .expect("recipient");
+    daemon
+        .sign_for_agent(sign_request(
+            &agent_credentials,
+            AgentAction::Transfer {
+                chain_id: 1,
+                token,
+                to: recipient,
+                amount_wei: 1,
+            },
+        ))
+        .await
+        .expect("sign must pass");
+
+    let log = daemon.spend_log.read().expect("log read");
+    assert!(
+        log.iter().all(|event| {
+            event.at >= time::OffsetDateTime::now_utc() - time::Duration::days(8)
+        }),
+        "all old entries must be pruned"
+    );
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn concurrent_sign_requests_do_not_race_policy_windows() {
+    let daemon = Arc::new(
+        InMemoryDaemon::new(
+            "vault-password",
+            SoftwareSignerBackend::default(),
+            DaemonConfig::default(),
+        )
+        .expect("daemon"),
+    );
+
+    let lease = daemon.issue_lease("vault-password").await.expect("lease");
+    let session = AdminSession {
+        vault_password: "vault-password".to_string(),
+        lease,
+    };
+
+    let policy = SpendingPolicy::new(
+        0,
+        PolicyType::DailyMaxSpending,
+        100,
+        EntityScope::All,
+        EntityScope::All,
+        EntityScope::All,
+    )
+    .expect("policy");
+    daemon
+        .add_policy(&session, policy)
+        .await
+        .expect("add policy");
+
+    let key = daemon
+        .create_vault_key(&session, KeyCreateRequest::Generate)
+        .await
+        .expect("key");
+    let agent_credentials = daemon
+        .create_agent_key(&session, key.id, PolicyAttachment::AllPolicies)
+        .await
+        .expect("agent");
+
+    let token = "0x5000000000000000000000000000000000000000"
+        .parse::<EvmAddress>()
+        .expect("token");
+    let recipient = "0x6000000000000000000000000000000000000000"
+        .parse::<EvmAddress>()
+        .expect("recipient");
+
+    let req1 = sign_request(
+        &agent_credentials,
+        AgentAction::Transfer {
+            chain_id: 1,
+            token: token.clone(),
+            to: recipient.clone(),
+            amount_wei: 60,
+        },
+    );
+    let req2 = sign_request(
+        &agent_credentials,
+        AgentAction::Transfer {
+            chain_id: 1,
+            token,
+            to: recipient,
+            amount_wei: 60,
+        },
+    );
+
+    let daemon_a = daemon.clone();
+    let daemon_b = daemon.clone();
+    let (res1, res2) =
+        tokio::join!(daemon_a.sign_for_agent(req1), daemon_b.sign_for_agent(req2));
+
+    let success_count = usize::from(res1.is_ok()) + usize::from(res2.is_ok());
+    let failure_count = usize::from(res1.is_err()) + usize::from(res2.is_err());
+    assert_eq!(success_count, 1, "exactly one request must pass");
+    assert_eq!(failure_count, 1, "exactly one request must fail");
+}