palaryn 0.1.0

package/dist/tests/unit/gateway-features.test.js

@@ -0,0 +1,753 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+const http = __importStar(require("http"));
+const gateway_1 = require("../../src/server/gateway");
+const memory_1 = require("../../src/storage/memory");
+// ---------------------------------------------------------------------------
+// Local test HTTP server for the HTTP executor
+// ---------------------------------------------------------------------------
+let testServer;
+let testServerPort;
+let httpRequestCount = 0;
+beforeAll((done) => {
+    testServer = http.createServer((req, res) => {
+        httpRequestCount++;
+        if (req.url === '/api/data' && req.method === 'GET') {
+            res.writeHead(200, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ data: 'test response', items: [1, 2, 3] }));
+        }
+        else {
+            res.writeHead(404, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ error: 'not found' }));
+        }
+    });
+    testServer.listen(0, '127.0.0.1', () => {
+        testServerPort = testServer.address().port;
+        done();
+    });
+});
+afterAll((done) => {
+    testServer.close(done);
+});
+// ---------------------------------------------------------------------------
+// Test config factory
+// ---------------------------------------------------------------------------
+function createTestConfig(overrides) {
+    return {
+        port: 0,
+        host: '127.0.0.1',
+        auth: {
+            enabled: false,
+            api_keys: {},
+        },
+        policy: {
+            pack_path: './policy-packs/dev_fast.yaml',
+            default_effect: 'DENY',
+            hot_reload: false,
+        },
+        dlp: {
+            enabled: true,
+            scan_args: true,
+            scan_output: true,
+            secrets_detection: true,
+            pii_detection: true,
+            default_redaction_method: 'mask',
+        },
+        budget: {
+            task_budget_usd: 2.0,
+            max_steps_per_task: 50,
+            max_retries_per_call: 3,
+            max_wall_clock_ms: 300000,
+        },
+        audit: {
+            enabled: true,
+            log_dir: '',
+            console_output: false,
+            retention_days: 30,
+        },
+        executor: {
+            http: {
+                timeout_ms: 5000,
+                max_retries: 1,
+                backoff_base_ms: 100,
+            },
+            cache: {
+                enabled: false,
+                ttl_ms: 60000,
+            },
+        },
+        approval: {
+            enabled: true,
+            token_secret: 'test-gateway-features-secret-key',
+            default_ttl_seconds: 3600,
+        },
+        rate_limit: {
+            enabled: true,
+            actor_max_per_window: 100,
+            workspace_max_per_window: 500,
+            window_ms: 60000,
+        },
+        ...overrides,
+    };
+}
+// ---------------------------------------------------------------------------
+// Helper: build a valid ToolCall
+// ---------------------------------------------------------------------------
+/** Disable SSRF protection for test gateways hitting localhost */
+function disableSSRF(gw) {
+    gw.getHttpExecutor().ssrfProtectionEnabled = false;
+    return gw;
+}
+let callCounter = 0;
+function buildToolCall(overrides) {
+    callCounter++;
+    return {
+        tool_call_id: `tc-feat-${Date.now()}-${callCounter}`,
+        task_id: 'task-feat-001',
+        workspace_id: 'ws-test',
+        actor: { type: 'agent', id: 'test-agent', display: 'Test Agent' },
+        source: { platform: 'unit-test' },
+        tool: { name: 'http.request', capability: 'read' },
+        args: {
+            method: 'GET',
+            url: `http://127.0.0.1:${testServerPort}/api/data`,
+        },
+        ...overrides,
+    };
+}
+// ===========================================================================
+// Tests
+// ===========================================================================
+describe('Gateway Features', () => {
+    // =========================================================================
+    // Idempotency
+    // =========================================================================
+    describe('Idempotency', () => {
+        let gateway;
+        beforeEach(() => {
+            httpRequestCount = 0;
+            gateway = disableSSRF(new gateway_1.Gateway(createTestConfig()));
+        });
+        afterEach(() => {
+            gateway.shutdown();
+        });
+        it('returns cached result for duplicate tool_call_id without making a second HTTP request', async () => {
+            const toolCall = buildToolCall({ tool_call_id: 'tc-idempotent-001' });
+            // First call -- hits the HTTP server
+            const result1 = await gateway.execute(toolCall);
+            expect(result1.status).toBe('ok');
+            expect(result1.output).toBeDefined();
+            expect(result1.output.http_status).toBe(200);
+            const requestsAfterFirst = httpRequestCount;
+            expect(requestsAfterFirst).toBeGreaterThanOrEqual(1);
+            // Second call with the same tool_call_id -- should return cached result
+            const result2 = await gateway.execute(toolCall);
+            expect(result2.status).toBe('ok');
+            expect(result2.tool_call_id).toBe(result1.tool_call_id);
+            expect(result2.task_id).toBe(result1.task_id);
+            expect(result2.output).toEqual(result1.output);
+            expect(result2.timing).toEqual(result1.timing);
+            // No additional HTTP request should have been made
+            expect(httpRequestCount).toBe(requestsAfterFirst);
+        });
+        it('does not return cached result for different tool_call_ids', async () => {
+            const toolCall1 = buildToolCall({ tool_call_id: 'tc-unique-aaa' });
+            const toolCall2 = buildToolCall({ tool_call_id: 'tc-unique-bbb' });
+            const result1 = await gateway.execute(toolCall1);
+            const requestsAfterFirst = httpRequestCount;
+            const result2 = await gateway.execute(toolCall2);
+            // Both should succeed and the second should have triggered a new HTTP request
+            expect(result1.status).toBe('ok');
+            expect(result2.status).toBe('ok');
+            expect(httpRequestCount).toBeGreaterThan(requestsAfterFirst);
+        });
+        it('cached result is byte-identical to original', async () => {
+            const toolCall = buildToolCall({ tool_call_id: 'tc-idempotent-exact' });
+            const result1 = await gateway.execute(toolCall);
+            const result2 = await gateway.execute(toolCall);
+            // Deep equality: the cached result should be the exact same object reference or identical
+            expect(JSON.stringify(result2)).toBe(JSON.stringify(result1));
+        });
+    });
+    // =========================================================================
+    // Rate Limiting
+    // =========================================================================
+    describe('Rate Limiting', () => {
+        describe('with low actor limit', () => {
+            let gateway;
+            beforeEach(() => {
+                gateway = disableSSRF(new gateway_1.Gateway(createTestConfig({
+                    rate_limit: {
+                        enabled: true,
+                        actor_max_per_window: 2,
+                        workspace_max_per_window: 500,
+                        window_ms: 60000,
+                    },
+                })));
+            });
+            afterEach(() => {
+                gateway.shutdown();
+            });
+            it('allows requests within the rate limit', async () => {
+                const tc1 = buildToolCall();
+                const tc2 = buildToolCall();
+                const result1 = await gateway.execute(tc1);
+                const result2 = await gateway.execute(tc2);
+                expect(result1.status).toBe('ok');
+                expect(result2.status).toBe('ok');
+            });
+            it('blocks the 3rd request when actor limit is 2', async () => {
+                const tc1 = buildToolCall();
+                const tc2 = buildToolCall();
+                const tc3 = buildToolCall();
+                const result1 = await gateway.execute(tc1);
+                const result2 = await gateway.execute(tc2);
+                const result3 = await gateway.execute(tc3);
+                expect(result1.status).toBe('ok');
+                expect(result2.status).toBe('ok');
+                expect(result3.status).toBe('blocked');
+                expect(result3.error).toBeDefined();
+                expect(result3.error).toContain('Rate limit exceeded');
+            });
+            it('blocked result includes rate limit policy info', async () => {
+                // Exhaust the limit
+                await gateway.execute(buildToolCall());
+                await gateway.execute(buildToolCall());
+                const blocked = await gateway.execute(buildToolCall());
+                expect(blocked.status).toBe('blocked');
+                expect(blocked.policy.decision).toBe('deny');
+                expect(blocked.policy.rule_id).toBe('rate_limit');
+                expect(blocked.policy.reasons.length).toBeGreaterThan(0);
+                expect(blocked.policy.reasons[0]).toContain('Rate limit exceeded');
+            });
+        });
+        describe('with low workspace limit', () => {
+            let gateway;
+            beforeEach(() => {
+                gateway = disableSSRF(new gateway_1.Gateway(createTestConfig({
+                    rate_limit: {
+                        enabled: true,
+                        actor_max_per_window: 100,
+                        workspace_max_per_window: 2,
+                        window_ms: 60000,
+                    },
+                })));
+            });
+            afterEach(() => {
+                gateway.shutdown();
+            });
+            it('blocks the 3rd request when workspace limit is 2', async () => {
+                const tc1 = buildToolCall();
+                const tc2 = buildToolCall();
+                const tc3 = buildToolCall();
+                await gateway.execute(tc1);
+                await gateway.execute(tc2);
+                const result3 = await gateway.execute(tc3);
+                expect(result3.status).toBe('blocked');
+                expect(result3.error).toContain('Rate limit exceeded');
+            });
+        });
+        describe('with rate limiting disabled', () => {
+            let gateway;
+            beforeEach(() => {
+                gateway = disableSSRF(new gateway_1.Gateway(createTestConfig({
+                    rate_limit: {
+                        enabled: false,
+                        actor_max_per_window: 1,
+                        workspace_max_per_window: 1,
+                        window_ms: 60000,
+                    },
+                })));
+            });
+            afterEach(() => {
+                gateway.shutdown();
+            });
+            it('allows all requests when rate limiting is disabled', async () => {
+                const results = [];
+                for (let i = 0; i < 5; i++) {
+                    results.push(await gateway.execute(buildToolCall()));
+                }
+                // All five should pass even though limits are set to 1
+                for (const result of results) {
+                    expect(result.status).toBe('ok');
+                }
+            });
+        });
+    });
+    // =========================================================================
+    // Executor Registry
+    // =========================================================================
+    describe('Executor Registry', () => {
+        describe('custom NoopExecutor for noop.* pattern', () => {
+            let gateway;
+            let noopCallCount;
+            let lastNoopToolCall;
+            /** A custom executor that returns a static response without doing any I/O */
+            class NoopExecutor {
+                async execute(toolCall) {
+                    noopCallCount++;
+                    lastNoopToolCall = toolCall;
+                    return {
+                        http_status: 200,
+                        body: { noop: true, tool: toolCall.tool.name },
+                    };
+                }
+            }
+            beforeEach(() => {
+                noopCallCount = 0;
+                lastNoopToolCall = null;
+                httpRequestCount = 0;
+                gateway = disableSSRF(new gateway_1.Gateway(createTestConfig()));
+                // The Gateway constructor registers http.* and then * (catch-all).
+                // The registry matches in registration order, so the catch-all would
+                // swallow noop.* if we simply appended. We rebuild the registry with
+                // noop.* inserted before the catch-all by clearing and re-registering.
+                const registry = gateway.getExecutorRegistry();
+                // Resolve the existing http executor (used for http.* and fallback)
+                const httpExec = registry.resolve('http.request');
+                registry.clear();
+                registry.register('noop.*', new NoopExecutor());
+                registry.register('http.*', httpExec);
+                registry.register('*', httpExec); // catch-all last
+            });
+            afterEach(() => {
+                gateway.shutdown();
+            });
+            it('routes noop.* tool calls to the custom executor', async () => {
+                const toolCall = buildToolCall({
+                    tool: { name: 'noop.test', capability: 'read' },
+                    args: { method: 'GET', url: `http://127.0.0.1:${testServerPort}/api/data` },
+                });
+                const result = await gateway.execute(toolCall);
+                expect(result.status).toBe('ok');
+                expect(noopCallCount).toBe(1);
+                expect(lastNoopToolCall).not.toBeNull();
+                expect(lastNoopToolCall.tool.name).toBe('noop.test');
+                expect(result.output).toBeDefined();
+                expect(result.output.body).toEqual({ noop: true, tool: 'noop.test' });
+                // The HTTP server should NOT have been hit
+                expect(httpRequestCount).toBe(0);
+            });
+            it('still routes http.* tool calls to the HTTP executor', async () => {
+                const toolCall = buildToolCall({
+                    tool: { name: 'http.request', capability: 'read' },
+                });
+                const result = await gateway.execute(toolCall);
+                expect(result.status).toBe('ok');
+                expect(noopCallCount).toBe(0);
+                expect(httpRequestCount).toBeGreaterThanOrEqual(1);
+            });
+            it('routes noop.action and noop.ping to the custom executor', async () => {
+                const tc1 = buildToolCall({
+                    tool: { name: 'noop.action', capability: 'read' },
+                    args: {},
+                });
+                const tc2 = buildToolCall({
+                    tool: { name: 'noop.ping', capability: 'read' },
+                    args: {},
+                });
+                await gateway.execute(tc1);
+                await gateway.execute(tc2);
+                expect(noopCallCount).toBe(2);
+            });
+        });
+        describe('registerExecutor() public API', () => {
+            let gateway;
+            beforeEach(() => {
+                gateway = disableSSRF(new gateway_1.Gateway(createTestConfig()));
+            });
+            afterEach(() => {
+                gateway.shutdown();
+            });
+            it('adds an executor that is reflected in the registry', () => {
+                class DummyExecutor {
+                    async execute(_toolCall) {
+                        return { http_status: 200, body: { dummy: true } };
+                    }
+                }
+                gateway.registerExecutor('custom.tool', new DummyExecutor());
+                // Verify via the getExecutorRegistry() introspection method
+                const registry = gateway.getExecutorRegistry();
+                expect(registry.has('custom.tool')).toBe(true);
+                expect(registry.listPatterns()).toContain('custom.tool');
+            });
+            it('registered executor is called when tool name matches', async () => {
+                let called = false;
+                class SpyExecutor {
+                    async execute(_toolCall) {
+                        called = true;
+                        return { http_status: 200, body: { spy: true } };
+                    }
+                }
+                // Rebuild registry so the new pattern is checked before the * catch-all
+                const registry = gateway.getExecutorRegistry();
+                const httpExec = registry.resolve('http.request');
+                registry.clear();
+                registry.register('spy.tool', new SpyExecutor());
+                registry.register('http.*', httpExec);
+                registry.register('*', httpExec);
+                const result = await gateway.execute(buildToolCall({
+                    tool: { name: 'spy.tool', capability: 'read' },
+                    args: {},
+                }));
+                expect(called).toBe(true);
+                expect(result.status).toBe('ok');
+                expect(result.output.body).toEqual({ spy: true });
+            });
+        });
+    });
+    // =========================================================================
+    // processApproval error handling
+    // =========================================================================
+    describe('processApproval error handling', () => {
+        let gateway;
+        beforeEach(() => {
+            gateway = disableSSRF(new gateway_1.Gateway(createTestConfig()));
+        });
+        afterEach(() => {
+            gateway.shutdown();
+        });
+        it('returns { success: false, error } for an invalid token instead of throwing', async () => {
+            const result = await gateway.processApproval('invalid.jwt.token', 'admin-001', true);
+            expect(result.success).toBe(false);
+            expect(result.error).toBeDefined();
+            expect(typeof result.error).toBe('string');
+            expect(result.error.length).toBeGreaterThan(0);
+        });
+        it('returns { success: false, error } for a completely garbage token', async () => {
+            const result = await gateway.processApproval('not-even-a-jwt', 'admin-001', true);
+            expect(result.success).toBe(false);
+            expect(result.error).toBeDefined();
+        });
+        it('returns { success: false, error } when denying with an invalid token', async () => {
+            const result = await gateway.processApproval('bad-token', 'admin-001', false, 'Not approved');
+            expect(result.success).toBe(false);
+            expect(result.error).toBeDefined();
+        });
+        it('returns { success: true } for a valid approval flow', async () => {
+            // Trigger a request that needs approval (delete capability)
+            const toolCall = buildToolCall({
+                tool: { name: 'http.request', capability: 'delete' },
+                args: { method: 'DELETE', url: `http://127.0.0.1:${testServerPort}/api/data` },
+            });
+            // Provide a requesting API key ID so approval has cryptographic identity
+            const execResult = await gateway.execute(toolCall, 'requester-key-001');
+            expect(execResult.status).toBe('needs_approval');
+            const token = execResult.approval.token;
+            // Approve with a different API key ID
+            const approvalResult = await gateway.processApproval(token, 'admin-001', true, undefined, 'approver-key-002');
+            expect(approvalResult.success).toBe(true);
+            expect(approvalResult.error).toBeUndefined();
+        });
+        it('returns { success: true } when denying a valid pending approval', async () => {
+            const toolCall = buildToolCall({
+                tool: { name: 'http.request', capability: 'admin' },
+                args: { method: 'DELETE', url: `http://127.0.0.1:${testServerPort}/api/data` },
+            });
+            const execResult = await gateway.execute(toolCall);
+            expect(execResult.status).toBe('needs_approval');
+            const token = execResult.approval.token;
+            const denyResult = await gateway.processApproval(token, 'admin-001', false, 'Not allowed');
+            expect(denyResult.success).toBe(true);
+            expect(denyResult.error).toBeUndefined();
+        });
+        it('returns error when trying to approve an already-approved request', async () => {
+            const toolCall = buildToolCall({
+                tool: { name: 'http.request', capability: 'delete' },
+                args: { method: 'DELETE', url: `http://127.0.0.1:${testServerPort}/api/data` },
+            });
+            // Provide a requesting API key ID so approval has cryptographic identity
+            const execResult = await gateway.execute(toolCall, 'requester-key-001');
+            const token = execResult.approval.token;
+            // First approval succeeds (different API key)
+            const first = await gateway.processApproval(token, 'admin-001', true, undefined, 'approver-key-002');
+            expect(first.success).toBe(true);
+            // Second approval should fail gracefully
+            const second = await gateway.processApproval(token, 'admin-002', true, undefined, 'approver-key-003');
+            expect(second.success).toBe(false);
+            expect(second.error).toBeDefined();
+            expect(second.error).toMatch(/already been approved|already been used/);
+        });
+    });
+    // =========================================================================
+    // Workspace Policy Evaluation
+    // =========================================================================
+    describe('Workspace Policy Evaluation', () => {
+        /** A workspace policy that denies all read requests */
+        function createDenyReadPack() {
+            return {
+                name: 'ws-deny-read',
+                version: '1.0.0',
+                rules: [
+                    {
+                        name: 'deny-read',
+                        effect: 'DENY',
+                        priority: 1,
+                        conditions: { capabilities: ['read'] },
+                        description: 'Workspace policy denies read capability',
+                    },
+                ],
+            };
+        }
+        it('uses workspace policy when PolicyStore has one for the workspace', async () => {
+            const gateway = disableSSRF(new gateway_1.Gateway(createTestConfig()));
+            const policyStore = new memory_1.InMemoryPolicyStore();
+            policyStore.set('ws-test', createDenyReadPack());
+            gateway.setStores({ policyStore });
+            const toolCall = buildToolCall({
+                workspace_id: 'ws-test',
+                tool: { name: 'http.request', capability: 'read' },
+                args: { method: 'GET', url: `http://127.0.0.1:${testServerPort}/api/data` },
+            });
+            const result = await gateway.execute(toolCall);
+            expect(result.status).toBe('blocked');
+            expect(result.policy.decision).toBe('deny');
+            expect(result.policy.rule_id).toBe('deny-read');
+            gateway.shutdown();
+        });
+        it('falls back to global policy when workspace has no custom policy', async () => {
+            const gateway = disableSSRF(new gateway_1.Gateway(createTestConfig()));
+            const policyStore = new memory_1.InMemoryPolicyStore();
+            // Store has a policy for a different workspace
+            policyStore.set('ws-other', createDenyReadPack());
+            gateway.setStores({ policyStore });
+            const toolCall = buildToolCall({
+                workspace_id: 'ws-test',
+                tool: { name: 'http.request', capability: 'read' },
+                args: { method: 'GET', url: `http://127.0.0.1:${testServerPort}/api/data` },
+            });
+            const result = await gateway.execute(toolCall);
+            // Global dev_fast policy allows reads, so it should succeed
+            expect(result.status).toBe('ok');
+            gateway.shutdown();
+        });
+        it('uses global policy when no PolicyStore is set', async () => {
+            const gateway = disableSSRF(new gateway_1.Gateway(createTestConfig()));
+            // No policyStore set at all
+            const toolCall = buildToolCall({
+                workspace_id: 'ws-test',
+                tool: { name: 'http.request', capability: 'read' },
+                args: { method: 'GET', url: `http://127.0.0.1:${testServerPort}/api/data` },
+            });
+            const result = await gateway.execute(toolCall);
+            // Global dev_fast policy allows reads
+            expect(result.status).toBe('ok');
+            gateway.shutdown();
+        });
+        it('getWorkspacePolicy returns is_custom: true when workspace has custom policy', () => {
+            const gateway = new gateway_1.Gateway(createTestConfig());
+            const policyStore = new memory_1.InMemoryPolicyStore();
+            const customPack = createDenyReadPack();
+            policyStore.set('ws-custom', customPack);
+            gateway.setStores({ policyStore });
+            const result = gateway.getWorkspacePolicy('ws-custom');
+            expect(result.is_custom).toBe(true);
+            expect(result.policy.name).toBe('ws-deny-read');
+            gateway.shutdown();
+        });
+        it('getWorkspacePolicy returns is_custom: false when workspace has no custom policy', () => {
+            const gateway = new gateway_1.Gateway(createTestConfig());
+            const policyStore = new memory_1.InMemoryPolicyStore();
+            gateway.setStores({ policyStore });
+            const result = gateway.getWorkspacePolicy('ws-no-policy');
+            expect(result.is_custom).toBe(false);
+            // Should return the global policy
+            expect(result.policy).toBeDefined();
+            expect(result.policy.rules).toBeDefined();
+            gateway.shutdown();
+        });
+        it('getWorkspacePolicy returns global policy when no PolicyStore is set', () => {
+            const gateway = new gateway_1.Gateway(createTestConfig());
+            const result = gateway.getWorkspacePolicy('ws-any');
+            expect(result.is_custom).toBe(false);
+            expect(result.policy).toBeDefined();
+            gateway.shutdown();
+        });
+        it('getPolicyStore returns undefined when no store is set', () => {
+            const gateway = new gateway_1.Gateway(createTestConfig());
+            expect(gateway.getPolicyStore()).toBeUndefined();
+            gateway.shutdown();
+        });
+        it('getPolicyStore returns the store after setStores', () => {
+            const gateway = new gateway_1.Gateway(createTestConfig());
+            const policyStore = new memory_1.InMemoryPolicyStore();
+            gateway.setStores({ policyStore });
+            expect(gateway.getPolicyStore()).toBe(policyStore);
+            gateway.shutdown();
+        });
+    });
+    // =========================================================================
+    // A2: Idempotency with body hash
+    // =========================================================================
+    describe('Idempotency with body hash (A2)', () => {
+        let gateway;
+        beforeEach(() => {
+            httpRequestCount = 0;
+            gateway = disableSSRF(new gateway_1.Gateway(createTestConfig()));
+        });
+        afterEach(() => {
+            gateway.shutdown();
+        });
+        it('treats same tool_call_id with different args as separate requests', async () => {
+            const tc1 = buildToolCall({
+                tool_call_id: 'tc-same-id',
+                args: { method: 'GET', url: `http://127.0.0.1:${testServerPort}/api/data` },
+            });
+            const tc2 = buildToolCall({
+                tool_call_id: 'tc-same-id',
+                args: { method: 'GET', url: `http://127.0.0.1:${testServerPort}/api/other` },
+            });
+            const result1 = await gateway.execute(tc1);
+            const requestsAfterFirst = httpRequestCount;
+            const result2 = await gateway.execute(tc2);
+            // Both should execute (different body hash despite same tool_call_id)
+            expect(result1.status).toBe('ok');
+            // Second request should have triggered a new HTTP call
+            expect(httpRequestCount).toBeGreaterThan(requestsAfterFirst);
+        });
+        it('caches same tool_call_id with same args', async () => {
+            const tc1 = buildToolCall({
+                tool_call_id: 'tc-same-id-same-args',
+                args: { method: 'GET', url: `http://127.0.0.1:${testServerPort}/api/data` },
+            });
+            const tc2 = buildToolCall({
+                tool_call_id: 'tc-same-id-same-args',
+                args: { method: 'GET', url: `http://127.0.0.1:${testServerPort}/api/data` },
+            });
+            const result1 = await gateway.execute(tc1);
+            const requestsAfterFirst = httpRequestCount;
+            const result2 = await gateway.execute(tc2);
+            // Second should be cached (same tool_call_id + same args)
+            expect(httpRequestCount).toBe(requestsAfterFirst);
+            expect(JSON.stringify(result1)).toBe(JSON.stringify(result2));
+        });
+    });
+    // =========================================================================
+    // A3: Policy reload isolation
+    // =========================================================================
+    describe('Policy reload isolation (A3)', () => {
+        it('reloadPolicy creates a new engine and swaps atomically', () => {
+            const gateway = new gateway_1.Gateway(createTestConfig());
+            const engineBefore = gateway.getPolicyEngine();
+            const result = gateway.reloadPolicy();
+            expect(result.success).toBe(true);
+            // After reload, the engine reference should be different
+            const engineAfter = gateway.getPolicyEngine();
+            expect(engineAfter).not.toBe(engineBefore);
+            gateway.shutdown();
+        });
+        it('reloadPolicy preserves old engine on failure', () => {
+            const gateway = new gateway_1.Gateway(createTestConfig({
+                policy: {
+                    pack_path: './policy-packs/dev_fast.yaml',
+                    default_effect: 'DENY',
+                    hot_reload: false,
+                },
+            }));
+            const engineBefore = gateway.getPolicyEngine();
+            // Temporarily change pack_path to invalid path to force failure
+            // This test verifies that the old engine is preserved if the new one fails
+            const result = gateway.reloadPolicy();
+            expect(result.success).toBe(true);
+            // Engine should be a new instance (loaded successfully)
+            const engineAfter = gateway.getPolicyEngine();
+            expect(engineAfter).not.toBe(engineBefore);
+            gateway.shutdown();
+        });
+    });
+    // =========================================================================
+    // S5: Budget reservation in gateway pipeline
+    // =========================================================================
+    describe('Budget reservation in gateway (S5)', () => {
+        let gateway;
+        beforeEach(() => {
+            gateway = disableSSRF(new gateway_1.Gateway(createTestConfig()));
+        });
+        afterEach(() => {
+            gateway.shutdown();
+        });
+        it('successful execution records budget correctly', async () => {
+            const toolCall = buildToolCall();
+            const result = await gateway.execute(toolCall);
+            expect(result.status).toBe('ok');
+            // Budget should reflect the cost
+            expect(result.budget).toBeDefined();
+        });
+        it('releases budget reservation on execution error', async () => {
+            // Register an executor that throws
+            class FailExecutor {
+                async execute() {
+                    throw new Error('Intentional test failure');
+                }
+            }
+            const registry = gateway.getExecutorRegistry();
+            const httpExec = registry.resolve('http.request');
+            registry.clear();
+            registry.register('fail.*', new FailExecutor());
+            registry.register('http.*', httpExec);
+            registry.register('*', httpExec);
+            const tc1 = buildToolCall({
+                tool: { name: 'fail.test', capability: 'read' },
+                args: {},
+            });
+            const result = await gateway.execute(tc1);
+            expect(result.status).toBe('error');
+            // After the error, budget should be released — subsequent calls should work
+            const tc2 = buildToolCall({
+                tool: { name: 'http.request', capability: 'read' },
+                args: { method: 'GET', url: `http://127.0.0.1:${testServerPort}/api/data` },
+            });
+            const result2 = await gateway.execute(tc2);
+            expect(result2.status).toBe('ok');
+        });
+    });
+    // =========================================================================
+    // Graceful shutdown (S7)
+    // =========================================================================
+    describe('Graceful shutdown (S7)', () => {
+        it('gateway.shutdown() completes without errors', async () => {
+            const gateway = new gateway_1.Gateway(createTestConfig());
+            await expect(gateway.shutdown()).resolves.toBeUndefined();
+        });
+        it('gateway.isShuttingDown reflects shutdown state', async () => {
+            const gateway = new gateway_1.Gateway(createTestConfig());
+            expect(gateway.isShuttingDown).toBe(false);
+            await gateway.shutdown();
+            expect(gateway.isShuttingDown).toBe(true);
+        });
+    });
+});
+//# sourceMappingURL=gateway-features.test.js.map