ship-safe 4.3.0 → 5.0.1

package/cli/__tests__/agents.test.js

@@ -720,3 +720,582 @@ describe('Code Context in Findings', () => {
     } finally { cleanup(dir); }
   });
 });
+
+// =============================================================================
+// MCP SECURITY AGENT (v5.0)
+// =============================================================================
+
+describe('MCPSecurityAgent', async () => {
+  const { MCPSecurityAgent } = await import('../agents/mcp-security-agent.js');
+  const agent = new MCPSecurityAgent();
+
+  it('detects MCP tool with shell execution', async () => {
+    const { dir, file } = writeTempFile('server.tool("run_cmd", async (a) => { return execSync(a.cmd); });');
+    try {
+      const findings = await agent.analyze({ rootPath: dir, files: [file], recon: {}, options: {} });
+      assert.ok(findings.some(f => f.rule === 'MCP_TOOL_SHELL_EXEC'), 'Should detect shell exec in MCP tool');
+    } finally { cleanup(dir); }
+  });
+
+  it('detects MCP tool with file system write', async () => {
+    const { dir, file } = writeTempFile('server.tool("write", async (a) => { fs.writeFileSync(a.path, a.data); });');
+    try {
+      const findings = await agent.analyze({ rootPath: dir, files: [file], recon: {}, options: {} });
+      assert.ok(findings.some(f => f.rule === 'MCP_TOOL_FS_WRITE'), 'Should detect fs write in MCP tool');
+    } finally { cleanup(dir); }
+  });
+
+  it('detects MCP tool arguments passed to eval', async () => {
+    const { dir, file } = writeTempFile('server.tool("exec", async (a) => { return eval(a.code); });');
+    try {
+      const findings = await agent.analyze({ rootPath: dir, files: [file], recon: {}, options: {} });
+      assert.ok(findings.some(f => f.rule === 'MCP_TOOL_ARGS_TO_EVAL'), 'Should detect eval in MCP tool');
+    } finally { cleanup(dir); }
+  });
+
+  it('detects HTTP without TLS for remote MCP', async () => {
+    const { dir, file } = writeTempFile(`
+      const transport = new SSEServerTransport("http://remote-server.com:8080/mcp");
+    `);
+    try {
+      const findings = await agent.analyze({ rootPath: dir, files: [file], recon: {}, options: {} });
+      assert.ok(findings.some(f => f.rule === 'MCP_HTTP_NO_TLS'), 'Should detect HTTP without TLS');
+    } finally { cleanup(dir); }
+  });
+});
+
+// =============================================================================
+// AGENTIC SECURITY AGENT (v5.0)
+// =============================================================================
+
+describe('AgenticSecurityAgent', async () => {
+  const { AgenticSecurityAgent } = await import('../agents/agentic-security-agent.js');
+  const agent = new AgenticSecurityAgent();
+
+  it('detects auto-execute without confirmation', async () => {
+    const { dir, file } = writeTempFile(`
+      const config = {
+        auto_approve: true,
+        requireConfirmation: false,
+      };
+    `);
+    try {
+      const findings = await agent.analyze({ rootPath: dir, files: [file], recon: {}, options: {} });
+      assert.ok(findings.some(f => f.rule === 'AGENT_TOOL_NO_CONFIRMATION'), 'Should detect auto-approve');
+    } finally { cleanup(dir); }
+  });
+
+  it('detects user input in agent memory', async () => {
+    const { dir, file } = writeTempFile(`
+      memory.push(userMessage);
+      context.add(input);
+    `);
+    try {
+      const findings = await agent.analyze({ rootPath: dir, files: [file], recon: {}, options: {} });
+      assert.ok(findings.some(f => f.rule === 'AGENT_MEMORY_USER_WRITE'), 'Should detect memory poisoning');
+    } finally { cleanup(dir); }
+  });
+
+  it('detects agent with shell tool access', async () => {
+    const { dir, file } = writeTempFile(`
+      const tools = [searchTool, child_process.exec];
+      const functions = [subprocess.run];
+    `);
+    try {
+      const findings = await agent.analyze({ rootPath: dir, files: [file], recon: {}, options: {} });
+      assert.ok(findings.some(f => f.rule === 'AGENT_TOOL_SHELL_ACCESS'), 'Should detect shell access in tools');
+    } finally { cleanup(dir); }
+  });
+});
+
+// =============================================================================
+// RAG SECURITY AGENT (v5.0)
+// =============================================================================
+
+describe('RAGSecurityAgent', async () => {
+  const { RAGSecurityAgent } = await import('../agents/rag-security-agent.js');
+  const agent = new RAGSecurityAgent();
+
+  it('detects user upload to vector store', async () => {
+    const { dir, file } = writeTempFile('const docs = multer().single("file"); await vectorStore.addDocuments(docs);');
+    try {
+      const findings = await agent.analyze({ rootPath: dir, files: [file], recon: {}, options: {} });
+      assert.ok(findings.some(f => f.rule === 'RAG_USER_UPLOAD_TO_VECTORDB'), 'Should detect user upload to vector DB');
+    } finally { cleanup(dir); }
+  });
+
+  it('detects trust_remote_code=True', async () => {
+    const { dir, file } = writeTempFile(`
+      model = AutoModel.from_pretrained("user/model", trust_remote_code=True)
+    `, '.py');
+    try {
+      const findings = await agent.analyze({ rootPath: dir, files: [file], recon: {}, options: {} });
+      assert.ok(findings.some(f => f.rule === 'RAG_TRUST_REMOTE_CODE'), 'Should detect trust_remote_code');
+    } finally { cleanup(dir); }
+  });
+
+  it('detects pickle model loading', async () => {
+    const { dir, file } = writeTempFile(`
+      model = torch.load("model.pkl")
+    `, '.py');
+    try {
+      const findings = await agent.analyze({ rootPath: dir, files: [file], recon: {}, options: {} });
+      assert.ok(findings.some(f => f.rule === 'RAG_PICKLE_EMBEDDING_MODEL'), 'Should detect pickle load');
+    } finally { cleanup(dir); }
+  });
+});
+
+// =============================================================================
+// PII COMPLIANCE AGENT (v5.0)
+// =============================================================================
+
+describe('PIIComplianceAgent', async () => {
+  const { PIIComplianceAgent } = await import('../agents/pii-compliance-agent.js');
+  const agent = new PIIComplianceAgent();
+
+  it('detects PII in console.log', async () => {
+    const { dir, file } = writeTempFile('console.log("User email:", user.email);');
+    try {
+      const findings = await agent.analyze({ rootPath: dir, files: [file], recon: {}, options: {} });
+      assert.ok(findings.some(f => f.rule === 'PII_IN_CONSOLE_LOG'), 'Should detect PII in console.log');
+    } finally { cleanup(dir); }
+  });
+
+  it('detects PII sent to analytics', async () => {
+    const { dir, file } = writeTempFile(`
+      analytics.track("signup", { email: user.email, phone: user.phone });
+    `);
+    try {
+      const findings = await agent.analyze({ rootPath: dir, files: [file], recon: {}, options: {} });
+      assert.ok(findings.some(f => f.rule === 'PII_TO_ANALYTICS'), 'Should detect PII to analytics');
+    } finally { cleanup(dir); }
+  });
+
+  it('detects SSN pattern in source code', async () => {
+    const { dir, file } = writeTempFile('const testSSN = "123-45-6789";');
+    try {
+      const findings = await agent.analyze({ rootPath: dir, files: [file], recon: {}, options: {} });
+      assert.ok(findings.some(f => f.rule === 'PII_SSN_IN_CODE'), 'Should detect SSN pattern');
+    } finally { cleanup(dir); }
+  });
+});
+
+// =============================================================================
+// VIBE CODE DETECTION (v5.0)
+// =============================================================================
+
+describe('Vibe Code Detection', async () => {
+  const { InjectionTester } = await import('../agents/injection-tester.js');
+  const agent = new InjectionTester();
+
+  it('detects TODO to add authentication', async () => {
+    const { dir, file } = writeTempFile('// TODO: add authentication\napp.post("/api/admin", handler);');
+    try {
+      const findings = await agent.analyze({ rootPath: dir, files: [file], recon: {}, options: {} });
+      assert.ok(findings.some(f => f.rule === 'VIBE_TODO_AUTH'), 'Should detect TODO auth');
+    } finally { cleanup(dir); }
+  });
+
+  it('detects placeholder secrets', async () => {
+    const { dir, file } = writeTempFile('const apiKey = "your-api-key-here";');
+    try {
+      const findings = await agent.analyze({ rootPath: dir, files: [file], recon: {}, options: {} });
+      assert.ok(findings.some(f => f.rule === 'VIBE_PLACEHOLDER_SECRET'), 'Should detect placeholder secret');
+    } finally { cleanup(dir); }
+  });
+});
+
+// =============================================================================
+// VERIFIER AGENT (v5.0)
+// =============================================================================
+
+describe('VerifierAgent', async () => {
+  const { VerifierAgent } = await import('../agents/verifier-agent.js');
+  const verifier = new VerifierAgent();
+
+  it('confirms finding with user input and no sanitization', async () => {
+    const code = 'app.post("/api", (req, res) => {\n  const name = req.body.name;\n  db.query(`SELECT * FROM users WHERE name = ${name}`);\n  res.send("ok");\n});';
+    const { dir, file } = writeTempFile(code);
+    try {
+      const findings = [{
+        file, line: 3, severity: 'critical', confidence: 'high',
+        rule: 'SQL_INJECTION', matched: '`SELECT * FROM users',
+      }];
+      const verified = verifier.verify(findings);
+      assert.strictEqual(verified[0].verified, true, 'Should verify finding with user input');
+      assert.strictEqual(verified[0].confidence, 'high', 'Should keep high confidence');
+    } finally { cleanup(dir); }
+  });
+
+  it('downgrades finding with sanitization upstream', async () => {
+    const code = 'app.post("/api", (req, res) => {\n  const name = sanitize(req.body.name);\n  const validated = validator.escape(name);\n  db.query(`SELECT * FROM users WHERE name = ${validated}`);\n  res.send("ok");\n});';
+    const { dir, file } = writeTempFile(code);
+    try {
+      const findings = [{
+        file, line: 4, severity: 'critical', confidence: 'high',
+        rule: 'SQL_INJECTION', matched: '`SELECT * FROM users',
+      }];
+      const verified = verifier.verify(findings);
+      assert.strictEqual(verified[0].verified, false, 'Should not verify sanitized finding');
+      assert.strictEqual(verified[0].confidence, 'medium', 'Should downgrade confidence');
+    } finally { cleanup(dir); }
+  });
+
+  it('skips verification for medium/low severity', async () => {
+    const findings = [{
+      file: '/fake/path.js', line: 1, severity: 'medium', confidence: 'high',
+      rule: 'SOME_RULE', matched: 'something',
+    }];
+    const verified = verifier.verify(findings);
+    assert.strictEqual(verified[0].verified, null, 'Should skip medium severity');
+  });
+});
+
+// =============================================================================
+// DEEP ANALYZER
+// =============================================================================
+
+describe('DeepAnalyzer', async () => {
+  const { DeepAnalyzer } = await import('../agents/deep-analyzer.js');
+
+  it('returns findings unchanged when no provider is set', async () => {
+    const analyzer = new DeepAnalyzer({ provider: null });
+    const findings = [
+      { file: '/test.js', line: 1, severity: 'critical', rule: 'SQL_INJECTION', confidence: 'high' },
+    ];
+    const result = await analyzer.analyze(findings);
+    assert.strictEqual(result.length, 1);
+    assert.strictEqual(result[0].deepAnalysis, undefined, 'No deep analysis without provider');
+  });
+
+  it('only selects critical/high findings for analysis', async () => {
+    // Mock provider that records what it receives
+    let receivedPrompt = '';
+    const mockProvider = {
+      name: 'MockLLM',
+      async complete(sys, prompt) {
+        receivedPrompt = prompt;
+        return '[]';
+      },
+    };
+
+    const analyzer = new DeepAnalyzer({ provider: mockProvider, budgetCents: 100 });
+    const findings = [
+      { file: '/a.js', line: 1, severity: 'critical', rule: 'RULE_A', confidence: 'high', title: 'A', description: 'A' },
+      { file: '/b.js', line: 2, severity: 'medium', rule: 'RULE_B', confidence: 'high', title: 'B', description: 'B' },
+      { file: '/c.js', line: 3, severity: 'low', rule: 'RULE_C', confidence: 'high', title: 'C', description: 'C' },
+      { file: '/d.js', line: 4, severity: 'high', rule: 'RULE_D', confidence: 'high', title: 'D', description: 'D' },
+    ];
+    await analyzer.analyze(findings);
+    // Only critical and high should be in the prompt
+    assert.ok(receivedPrompt.includes('RULE_A'), 'Should include critical finding');
+    assert.ok(receivedPrompt.includes('RULE_D'), 'Should include high finding');
+    assert.ok(!receivedPrompt.includes('RULE_B'), 'Should exclude medium finding');
+    assert.ok(!receivedPrompt.includes('RULE_C'), 'Should exclude low finding');
+  });
+
+  it('attaches deep analysis from LLM response', async () => {
+    const mockProvider = {
+      name: 'MockLLM',
+      async complete() {
+        return JSON.stringify([{
+          findingId: 'test.js:5:XSS_DANGEROUS',
+          tainted: true,
+          sanitized: false,
+          exploitability: 'confirmed',
+          reasoning: 'User input flows directly to innerHTML without sanitization.',
+        }]);
+      },
+    };
+
+    const analyzer = new DeepAnalyzer({ provider: mockProvider, budgetCents: 100 });
+    const findings = [{
+      file: '/some/path/test.js', line: 5, severity: 'critical',
+      rule: 'XSS_DANGEROUS', confidence: 'medium', title: 'XSS', description: 'XSS via innerHTML',
+    }];
+
+    const result = await analyzer.analyze(findings);
+    assert.ok(result[0].deepAnalysis, 'Should have deepAnalysis attached');
+    assert.strictEqual(result[0].deepAnalysis.tainted, true);
+    assert.strictEqual(result[0].deepAnalysis.sanitized, false);
+    assert.strictEqual(result[0].deepAnalysis.exploitability, 'confirmed');
+    assert.strictEqual(result[0].confidence, 'high', 'Confirmed finding should have high confidence');
+  });
+
+  it('downgrades confidence for false_positive analysis', async () => {
+    const mockProvider = {
+      name: 'MockLLM',
+      async complete() {
+        return JSON.stringify([{
+          findingId: 'app.js:10:EVAL_CALL',
+          tainted: false,
+          sanitized: false,
+          exploitability: 'false_positive',
+          reasoning: 'Static string passed to eval, no user input path.',
+        }]);
+      },
+    };
+
+    const analyzer = new DeepAnalyzer({ provider: mockProvider, budgetCents: 100 });
+    const findings = [{
+      file: '/code/app.js', line: 10, severity: 'high',
+      rule: 'EVAL_CALL', confidence: 'high', title: 'Eval', description: 'eval() usage',
+    }];
+
+    const result = await analyzer.analyze(findings);
+    assert.strictEqual(result[0].confidence, 'low', 'False positive should downgrade to low confidence');
+    assert.strictEqual(result[0].deepAnalysis.exploitability, 'false_positive');
+  });
+
+  it('respects budget limit', async () => {
+    let callCount = 0;
+    const mockProvider = {
+      name: 'MockLLM',
+      async complete() {
+        callCount++;
+        // Return a very long response to burn budget
+        return '[]';
+      },
+    };
+
+    const analyzer = new DeepAnalyzer({ provider: mockProvider, budgetCents: 0 });
+    const findings = Array.from({ length: 10 }, (_, i) => ({
+      file: `/f${i}.js`, line: 1, severity: 'critical', rule: `RULE_${i}`,
+      confidence: 'high', title: `Rule ${i}`, description: `Desc ${i}`,
+    }));
+
+    await analyzer.analyze(findings);
+    // With 0 budget, should not make any calls (budget check happens before first batch)
+    assert.strictEqual(callCount, 0, 'Should not call LLM when budget is 0');
+  });
+
+  it('handles LLM errors gracefully', async () => {
+    const mockProvider = {
+      name: 'MockLLM',
+      async complete() {
+        throw new Error('API rate limit exceeded');
+      },
+    };
+
+    const analyzer = new DeepAnalyzer({ provider: mockProvider, budgetCents: 100 });
+    const findings = [{
+      file: '/err.js', line: 1, severity: 'critical', rule: 'SOME_RULE',
+      confidence: 'high', title: 'Rule', description: 'Desc',
+    }];
+
+    // Should not throw
+    const result = await analyzer.analyze(findings);
+    assert.strictEqual(result.length, 1);
+    assert.strictEqual(result[0].deepAnalysis, undefined, 'Failed analysis should not attach result');
+  });
+
+  it('parses malformed LLM response without crashing', async () => {
+    const mockProvider = {
+      name: 'MockLLM',
+      async complete() {
+        return 'This is not valid JSON at all';
+      },
+    };
+
+    const analyzer = new DeepAnalyzer({ provider: mockProvider, budgetCents: 100 });
+    const findings = [{
+      file: '/bad.js', line: 1, severity: 'high', rule: 'BAD_RULE',
+      confidence: 'high', title: 'Bad', description: 'Bad response test',
+    }];
+
+    const result = await analyzer.analyze(findings);
+    assert.strictEqual(result.length, 1);
+    assert.strictEqual(result[0].deepAnalysis, undefined, 'Malformed response should not attach result');
+  });
+
+  it('static create() returns null when no provider available', () => {
+    // Remove all API key env vars temporarily
+    const saved = {};
+    for (const key of ['ANTHROPIC_API_KEY', 'OPENAI_API_KEY', 'GOOGLE_API_KEY', 'GEMINI_API_KEY']) {
+      saved[key] = process.env[key];
+      delete process.env[key];
+    }
+
+    try {
+      const analyzer = DeepAnalyzer.create('/nonexistent/path');
+      assert.strictEqual(analyzer, null, 'Should return null when no provider is available');
+    } finally {
+      // Restore
+      for (const [key, val] of Object.entries(saved)) {
+        if (val !== undefined) process.env[key] = val;
+      }
+    }
+  });
+});
+
+// =============================================================================
+// CROSS-AGENT AWARENESS & FRAMEWORK-AWARE shouldRun
+// =============================================================================
+
+describe('Framework-aware shouldRun', async () => {
+  const { MobileScanner } = await import('../agents/mobile-scanner.js');
+  const { SupabaseRLSAgent } = await import('../agents/supabase-rls-agent.js');
+  const { InjectionTester } = await import('../agents/injection-tester.js');
+
+  it('MobileScanner skips when no mobile framework detected', () => {
+    const agent = new MobileScanner();
+    const recon = { frameworks: ['express', 'nextjs'], databases: ['postgres'] };
+    assert.strictEqual(agent.shouldRun(recon), false, 'Should skip for non-mobile projects');
+  });
+
+  it('MobileScanner runs when react-native detected', () => {
+    const agent = new MobileScanner();
+    const recon = { frameworks: ['react-native'] };
+    assert.strictEqual(agent.shouldRun(recon), true, 'Should run for React Native projects');
+  });
+
+  it('SupabaseRLSAgent skips when no Supabase detected', () => {
+    const agent = new SupabaseRLSAgent();
+    const recon = { frameworks: ['express'], databases: ['postgres'], authPatterns: ['jwt'] };
+    assert.strictEqual(agent.shouldRun(recon), false, 'Should skip for non-Supabase projects');
+  });
+
+  it('SupabaseRLSAgent runs when Supabase detected', () => {
+    const agent = new SupabaseRLSAgent();
+    const recon = { databases: ['supabase'], authPatterns: ['supabase-auth'] };
+    assert.strictEqual(agent.shouldRun(recon), true, 'Should run for Supabase projects');
+  });
+
+  it('InjectionTester always runs (default shouldRun)', () => {
+    const agent = new InjectionTester();
+    const recon = { frameworks: ['express'] };
+    assert.strictEqual(agent.shouldRun(recon), true, 'Universal agents always run');
+  });
+});
+
+// =============================================================================
+// SECRETS VERIFIER
+// =============================================================================
+
+describe('SecretsVerifier', async () => {
+  const { SecretsVerifier } = await import('../utils/secrets-verifier.js');
+
+  it('skips non-secret findings', async () => {
+    const verifier = new SecretsVerifier();
+    const findings = [
+      { file: '/a.js', line: 1, severity: 'high', category: 'injection', rule: 'SQL_INJECTION', matched: 'SELECT *' },
+    ];
+    const results = await verifier.verify(findings);
+    assert.strictEqual(results.length, 0, 'Should skip non-secret findings');
+  });
+
+  it('extracts secret value from quoted match', () => {
+    const verifier = new SecretsVerifier();
+    const secret = verifier._extractSecret('API_KEY="sk_live_abc123def456"');
+    assert.strictEqual(secret, 'sk_live_abc123def456');
+  });
+
+  it('extracts secret value from assignment', () => {
+    const verifier = new SecretsVerifier();
+    const secret = verifier._extractSecret('token=ghp_abcdefghijklmnop');
+    assert.strictEqual(secret, 'ghp_abcdefghijklmnop');
+  });
+
+  it('returns null for short/empty matches', () => {
+    const verifier = new SecretsVerifier();
+    assert.strictEqual(verifier._extractSecret(''), null);
+    assert.strictEqual(verifier._extractSecret(null), null);
+  });
+
+  it('finds probe for known rule names', () => {
+    const verifier = new SecretsVerifier();
+    assert.ok(verifier._findProbe('GITHUB_TOKEN'), 'Should find GitHub probe');
+    assert.ok(verifier._findProbe('OPENAI_API_KEY'), 'Should find OpenAI probe');
+    assert.ok(verifier._findProbe('STRIPE_LIVE_KEY'), 'Should find Stripe probe');
+    assert.strictEqual(verifier._findProbe('UNKNOWN_PATTERN_XYZ'), null, 'Should return null for unknown');
+  });
+});
+
+// =============================================================================
+// SBOM GENERATOR (CRA Enhancement)
+// =============================================================================
+
+describe('SBOMGenerator CRA', async () => {
+  const { SBOMGenerator } = await import('../agents/sbom-generator.js');
+
+  it('generates SBOM with CRA-required fields', () => {
+    const sbom = new SBOMGenerator();
+    const bom = sbom.generate(process.cwd());
+
+    // CRA fields
+    assert.ok(bom.metadata.supplier, 'Should have supplier field');
+    assert.ok(bom.metadata.lifecycles, 'Should have lifecycles field');
+    assert.strictEqual(bom.metadata.lifecycles[0].phase, 'build');
+    assert.ok(Array.isArray(bom.vulnerabilities), 'Should have vulnerabilities array');
+  });
+
+  it('attachVulnerabilities adds CVEs to SBOM', () => {
+    const sbom = new SBOMGenerator();
+    const bom = sbom.generate(process.cwd());
+
+    const vulns = [
+      { id: 'CVE-2024-1234', package: 'lodash@4.17.20', severity: 'high', description: 'Prototype pollution' },
+    ];
+    sbom.attachVulnerabilities(bom, vulns);
+
+    assert.strictEqual(bom.vulnerabilities.length, 1);
+    assert.strictEqual(bom.vulnerabilities[0].id, 'CVE-2024-1234');
+    assert.strictEqual(bom.vulnerabilities[0].ratings[0].severity, 'high');
+  });
+
+  it('detects licenses from node_modules', () => {
+    const sbom = new SBOMGenerator();
+    const licenses = sbom._detectLicenses(process.cwd());
+    // Our project uses chalk, commander, etc. — should find some licenses
+    if (Object.keys(licenses).length > 0) {
+      const firstLicense = Object.values(licenses)[0];
+      assert.ok(typeof firstLicense === 'string', 'License should be a string');
+    }
+  });
+});
+
+// =============================================================================
+// ORCHESTRATOR — CROSS-AGENT SHARED FINDINGS
+// =============================================================================
+
+describe('Orchestrator cross-agent awareness', async () => {
+  const { Orchestrator } = await import('../agents/orchestrator.js');
+
+  it('passes sharedFindings in context to agents', async () => {
+    const orchestrator = new Orchestrator();
+    let receivedSharedFindings = null;
+
+    // Mock agent that captures context
+    const mockAgent = {
+      name: 'MockAgent',
+      category: 'test',
+      shouldRun: () => true,
+      async analyze(context) {
+        receivedSharedFindings = context.sharedFindings;
+        return [];
+      },
+    };
+
+    orchestrator.register(mockAgent);
+    await orchestrator.runAll(process.cwd(), { quiet: true, skipVerifier: true });
+
+    assert.ok(Array.isArray(receivedSharedFindings), 'sharedFindings should be an array in context');
+  });
+
+  it('skips agents where shouldRun returns false', async () => {
+    const orchestrator = new Orchestrator();
+    let ran = false;
+
+    const skipAgent = {
+      name: 'SkipMe',
+      category: 'test',
+      shouldRun: () => false,
+      async analyze() { ran = true; return []; },
+    };
+
+    orchestrator.register(skipAgent);
+    await orchestrator.runAll(process.cwd(), { quiet: true, skipVerifier: true });
+
+    assert.strictEqual(ran, false, 'Agent with shouldRun=false should not execute');
+  });
+});