unbound-cli 1.6.4 → 1.7.0

package/test/setup-report.test.js

@@ -0,0 +1,102 @@
+const { test } = require('node:test');
+const assert = require('node:assert/strict');
+
+// reportSetupFailure must be BEST-EFFORT: it posts {serial_number, step,
+// exit_code} to /api/v1/setup/failed/, but a POST failure (offline/429/4xx)
+// must never reject — so a caller can `await` it inline in an error path without
+// masking the real error or changing the exit code.
+
+function freshReport() {
+  for (const m of ['../src/setup-report', '../src/api', '../src/config']) {
+    delete require.cache[require.resolve(m)];
+  }
+  const api = require('../src/api');
+  const config = require('../src/config');
+  const report = require('../src/setup-report');
+  return { api, config, report };
+}
+
+test('reportSetupFailure: posts the contract payload to /api/v1/setup/failed/', async () => {
+  const { api, config, report } = freshReport();
+  let captured = null;
+  api.post = async (path, opts) => { captured = { path, opts }; return { ok: true }; };
+  config.getApiKey = () => 'stored-key';
+
+  const ok = await report.reportSetupFailure({ step: 'cursor', exitCode: 2, backendUrl: 'https://b.acme' });
+
+  assert.equal(ok, true);
+  assert.equal(captured.path, '/api/v1/setup/failed/');
+  assert.equal(captured.opts.apiKey, 'stored-key');
+  assert.equal(captured.opts.baseUrl, 'https://b.acme');
+  const body = captured.opts.body;
+  assert.equal(typeof body.serial_number, 'string');
+  assert.ok(body.serial_number.length > 0 && body.serial_number.length <= 255);
+  assert.equal(body.step, 'cursor');
+  assert.equal(body.exit_code, 2);
+  // install_mode/managed are forced server-side — the CLI must NOT send them.
+  assert.equal('install_mode' in body, false);
+  assert.equal('managed' in body, false);
+});
+
+test('reportSetupFailure: bounds the POST with a 3s timeout (never blocks on default 30s)', async () => {
+  const { api, config, report } = freshReport();
+  let captured = null;
+  api.post = async (path, opts) => { captured = opts; return { ok: true }; };
+  config.getApiKey = () => 'k';
+
+  await report.reportSetupFailure({ step: 'cursor', exitCode: 1 });
+  assert.equal(captured.timeoutMs, 3000, 'failure report must pass a tight 3s timeout');
+});
+
+test('reportSetupFailure: swallows a POST rejection and returns false (best-effort)', async () => {
+  const { api, config, report } = freshReport();
+  api.post = async () => { throw new Error('ECONNREFUSED / offline'); };
+  config.getApiKey = () => 'k';
+
+  let result;
+  await assert.doesNotReject(async () => { result = await report.reportSetupFailure({ step: 'codex', exitCode: 1 }); });
+  assert.equal(result, false);
+});
+
+test('reportSetupFailure: a 429 (rate-limited) is swallowed too', async () => {
+  const { api, config, report } = freshReport();
+  api.post = async () => { const e = new Error('Too many requests'); e.statusCode = 429; throw e; };
+  config.getApiKey = () => 'k';
+
+  const result = await report.reportSetupFailure({ step: 'cursor', exitCode: 1 });
+  assert.equal(result, false);
+});
+
+test('reportSetupFailure: no API key → skips quietly (false), no POST attempted', async () => {
+  const { api, config, report } = freshReport();
+  let called = false;
+  api.post = async () => { called = true; return {}; };
+  config.getApiKey = () => null;
+
+  const result = await report.reportSetupFailure({ step: 'cursor', exitCode: 1 });
+  assert.equal(result, false);
+  assert.equal(called, false, 'no POST without a key');
+});
+
+test('normalizeStep: clamps to 64 chars and defaults empties to "unknown"', () => {
+  const { report } = freshReport();
+  assert.equal(report._normalizeStep(''), 'unknown');
+  assert.equal(report._normalizeStep(null), 'unknown');
+  assert.equal(report._normalizeStep('cursor'), 'cursor');
+  assert.equal(report._normalizeStep('x'.repeat(100)).length, 64);
+});
+
+test('normalizeExitCode: integers pass through, non-integers fall back to 1', () => {
+  const { report } = freshReport();
+  assert.equal(report._normalizeExitCode(2), 2);
+  assert.equal(report._normalizeExitCode(-1), -1);
+  assert.equal(report._normalizeExitCode('nope'), 1);
+  assert.equal(report._normalizeExitCode(undefined), 1);
+});
+
+test('deviceIdentifier: returns a non-empty string within the 255-char limit', () => {
+  const { report } = freshReport();
+  const id = report.deviceIdentifier();
+  assert.equal(typeof id, 'string');
+  assert.ok(id.length > 0 && id.length <= 255);
+});

package/test/telemetry.test.js

@@ -0,0 +1,114 @@
+const { test } = require('node:test');
+const assert = require('node:assert/strict');
+
+// Sentry observability is opt-out and DSN-gated. These tests prove it stays
+// fully disabled (no init, no network, no throw) when there's no DSN or when
+// the user opts out, and that beforeSend scrubs secrets before anything leaves
+// the machine. All without any real network or a real Sentry client.
+
+function freshTelemetry() {
+  delete require.cache[require.resolve('../src/telemetry')];
+  return require('../src/telemetry');
+}
+
+function withEnv(vars, fn) {
+  const saved = {};
+  for (const k of Object.keys(vars)) {
+    saved[k] = process.env[k];
+    if (vars[k] === undefined) delete process.env[k];
+    else process.env[k] = vars[k];
+  }
+  try {
+    return fn();
+  } finally {
+    for (const k of Object.keys(vars)) {
+      if (saved[k] === undefined) delete process.env[k];
+      else process.env[k] = saved[k];
+    }
+  }
+}
+
+test('telemetry: disabled (no init, no throw) when UNBOUND_CLI_SENTRY_DSN is unset', () => {
+  withEnv({ UNBOUND_CLI_SENTRY_DSN: undefined, UNBOUND_TELEMETRY: undefined }, () => {
+    const t = freshTelemetry();
+    assert.equal(t.isEnabled(), false);
+    // init/captureError/flush must be no-ops that never throw or hit the network.
+    assert.doesNotThrow(() => t.init({ flow: 'onboard', runId: 'r1' }));
+    assert.doesNotThrow(() => t.captureError(new Error('boom')));
+    return t.flush(); // resolves, no-op
+  });
+});
+
+test('telemetry: opt-out via UNBOUND_TELEMETRY disables even with a DSN present', () => {
+  for (const optOut of ['0', 'false', 'no', 'FALSE', 'No']) {
+    withEnv({ UNBOUND_CLI_SENTRY_DSN: 'https://abc@example.invalid/1', UNBOUND_TELEMETRY: optOut }, () => {
+      const t = freshTelemetry();
+      assert.equal(t.isEnabled(), false, `opt-out value "${optOut}" should disable`);
+      assert.doesNotThrow(() => t.init());
+      assert.doesNotThrow(() => t.captureError(new Error('x')));
+    });
+  }
+});
+
+test('telemetry: enabled only when DSN set and not opted out', () => {
+  withEnv({ UNBOUND_CLI_SENTRY_DSN: 'https://abc@example.invalid/1', UNBOUND_TELEMETRY: undefined }, () => {
+    const t = freshTelemetry();
+    assert.equal(t.isEnabled(), true);
+  });
+  withEnv({ UNBOUND_CLI_SENTRY_DSN: 'https://abc@example.invalid/1', UNBOUND_TELEMETRY: '1' }, () => {
+    const t = freshTelemetry();
+    assert.equal(t.isEnabled(), true, 'UNBOUND_TELEMETRY=1 is not an opt-out');
+  });
+});
+
+test('telemetry: wrapAction returns the action result and never inits when disabled', async () => {
+  await withEnv({ UNBOUND_CLI_SENTRY_DSN: undefined }, async () => {
+    const t = freshTelemetry();
+    const wrapped = t.wrapAction('setup', async (a, b) => a + b);
+    const result = await wrapped(2, 3);
+    assert.equal(result, 5);
+  });
+});
+
+test('telemetry: wrapAction captures then rethrows the original error', async () => {
+  await withEnv({ UNBOUND_CLI_SENTRY_DSN: undefined }, async () => {
+    const t = freshTelemetry();
+    const original = new Error('real failure');
+    const wrapped = t.wrapAction('onboard', async () => { throw original; });
+    await assert.rejects(() => wrapped(), (err) => err === original);
+  });
+});
+
+test('beforeSend: scrubs known secret values, home paths, and username', () => {
+  const t = freshTelemetry();
+  t.rememberSecret('sk-supersecretkey123');
+  const home = require('os').homedir();
+  const username = require('os').userInfo().username;
+
+  const event = {
+    server_name: 'my-laptop',
+    user: { username, id: '1' },
+    message: `failed with key sk-supersecretkey123 at ${home}/.unbound/config.json`,
+    exception: { values: [{ value: `token ub_abcdefgh12345 leaked for user ${username}` }] },
+  };
+  const out = t._beforeSend(event);
+
+  assert.ok(out, 'event is not dropped');
+  assert.equal(out.server_name, undefined, 'server_name removed');
+  assert.equal(out.user.username, undefined, 'username field removed');
+  assert.ok(!out.message.includes('sk-supersecretkey123'), out.message);
+  assert.ok(!out.message.includes(home), out.message);
+  assert.ok(out.message.includes('~/.unbound'), out.message);
+  assert.ok(!out.exception.values[0].value.includes('ub_abcdefgh12345'), out.exception.values[0].value);
+});
+
+test('beforeSend: never throws — returns null instead of crashing the flow', () => {
+  const t = freshTelemetry();
+  // A frozen object can't be mutated; beforeSend must catch and drop, not throw.
+  const frozen = Object.freeze({ message: 'x', user: Object.freeze({ username: 'a' }) });
+  assert.doesNotThrow(() => {
+    const r = t._beforeSend(frozen);
+    // Either scrubbed or dropped (null) — both acceptable; the point is no throw.
+    assert.ok(r === null || typeof r === 'object');
+  });
+});

package/test/tool-health.test.js

@@ -79,15 +79,19 @@ test('detectTools: cursor config + script present but env key blank → tampered
   });
 });
 
-test('detectTools: cursor env key differs from the configured key → tampered, not healthy', () => {
+// WEB-4949: per-tool API keys are no longer equality-checked against the
+// stored config key — different valid keys for the same tenant are legal.
+// detectTools just verifies presence; validateToolKeys (separately tested
+// below) handles tenant-validity.
+test('detectTools: cursor env key differs from the configured key → still healthy (no equality check)', () => {
   withHome((tmp, th) => {
     const script = path.join(tmp, '.cursor', 'hooks', 'unbound.py');
     writeFile(path.join(tmp, '.cursor', 'hooks.json'), JSON.stringify({ hooks: { PreToolUse: [{ command: script }] } }));
     writeFile(script, '# unbound');
-    process.env.UNBOUND_CURSOR_API_KEY = 'stale-key';
+    process.env.UNBOUND_CURSOR_API_KEY = 'different-but-presumed-valid';
     try {
-      const cursor = th.detectTools({ apiKey: 'current-key' }).find((t) => t.key === 'cursor');
-      assert.equal(cursor.status, 'tampered');
+      const cursor = th.detectTools().find((t) => t.key === 'cursor');
+      assert.equal(cursor.status, 'healthy');
     } finally {
       delete process.env.UNBOUND_CURSOR_API_KEY;
     }
@@ -302,20 +306,242 @@ test('detectTools: codex binary regression (wrapper at ~/.codex/hooks/unbound.py
   });
 });
 
-test('detectTools: envCheck rc-file fallback (process.env stale, shell rc holds expected value) → healthy', () => {
+// envCheck's rc-file fallback applies to the gateway URL check
+// (ANTHROPIC_BASE_URL is still equality-checked since tenants share one
+// gateway URL). API keys are no longer equality-checked — see WEB-4949 — so
+// this test is repointed at the gateway-URL case to keep the rc-fallback
+// path covered. Stale process.env + fresh rc value → still healthy.
+test('detectTools: envCheck rc-file fallback (gateway URL env stale, rc holds the configured URL) → healthy', () => {
   withHome((tmp, th) => {
+    const settings = { apiKeyHelper: '/Users/whatever/.claude/anthropic_key.sh' };
+    writeFile(path.join(tmp, '.claude', 'settings.json'), JSON.stringify(settings));
+    writeFile(path.join(tmp, '.claude', 'anthropic_key.sh'), '#!/bin/sh\necho $UNBOUND_API_KEY\n');
+    process.env.UNBOUND_API_KEY = 'k';
+    // rcFiles() lists different files per platform; .bashrc is in both.
+    writeFile(path.join(tmp, '.bashrc'),
+      'export ANTHROPIC_BASE_URL="https://gateway.example.com"\n');
+    process.env.ANTHROPIC_BASE_URL = 'https://stale.example.com';
+    try {
+      const t = th.detectTools({ gatewayUrl: 'https://gateway.example.com' })
+        .find((x) => x.family === 'claude-code');
+      assert.equal(t.status, 'healthy');
+    } finally {
+      delete process.env.UNBOUND_API_KEY;
+      delete process.env.ANTHROPIC_BASE_URL;
+    }
+  });
+});
+
+// WEB-4949: validateToolKeys post-processes detectTools output. Verify the
+// three branches: valid → unchanged healthy; invalid → flips to tampered with
+// a meaningful summary; unknown (network error / 5xx) → fail-open healthy.
+
+test('validateToolKeys: valid verdict leaves the tool healthy', async () => {
+  await withHome(async (tmp, th) => {
     const script = path.join(tmp, '.cursor', 'hooks', 'unbound.py');
     writeFile(path.join(tmp, '.cursor', 'hooks.json'), JSON.stringify({ hooks: { PreToolUse: [{ command: script }] } }));
     writeFile(script, '# unbound');
-    // rcFiles() lists different files per platform (zprofile on darwin,
-    // zshrc/bashrc/profile on linux). Write to .bashrc — both lists include it.
-    writeFile(path.join(tmp, '.bashrc'), 'export UNBOUND_CURSOR_API_KEY="fresh-key"\n');
-    process.env.UNBOUND_CURSOR_API_KEY = 'stale-key';
+    process.env.UNBOUND_CURSOR_API_KEY = 'valid-key';
     try {
-      const t = th.detectTools({ apiKey: 'fresh-key' }).find((x) => x.key === 'cursor');
-      assert.equal(t.status, 'healthy');
+      const tools = th.detectTools();
+      await th.validateToolKeys(tools, async () => 'valid');
+      const cursor = tools.find((t) => t.key === 'cursor');
+      assert.equal(cursor.status, 'healthy');
+      const keyCheck = cursor.checks.find((c) => c.keyCheck);
+      assert.equal(keyCheck.ok, true);
+    } finally {
+      delete process.env.UNBOUND_CURSOR_API_KEY;
+    }
+  });
+});
+
+test('validateToolKeys: invalid verdict flips the tool to tampered', async () => {
+  await withHome(async (tmp, th) => {
+    const script = path.join(tmp, '.cursor', 'hooks', 'unbound.py');
+    writeFile(path.join(tmp, '.cursor', 'hooks.json'), JSON.stringify({ hooks: { PreToolUse: [{ command: script }] } }));
+    writeFile(script, '# unbound');
+    process.env.UNBOUND_CURSOR_API_KEY = 'rejected-key';
+    try {
+      const tools = th.detectTools();
+      await th.validateToolKeys(tools, async () => 'invalid');
+      const cursor = tools.find((t) => t.key === 'cursor');
+      assert.equal(cursor.status, 'tampered');
+      const keyCheck = cursor.checks.find((c) => c.keyCheck);
+      assert.equal(keyCheck.ok, false);
+      assert.match(keyCheck.summary, /invalid/);
+      assert.match(keyCheck.detail, /not valid for this tenant/);
+    } finally {
+      delete process.env.UNBOUND_CURSOR_API_KEY;
+    }
+  });
+});
+
+test('validateToolKeys: unknown verdict fails open — tool stays healthy', async () => {
+  await withHome(async (tmp, th) => {
+    const script = path.join(tmp, '.cursor', 'hooks', 'unbound.py');
+    writeFile(path.join(tmp, '.cursor', 'hooks.json'), JSON.stringify({ hooks: { PreToolUse: [{ command: script }] } }));
+    writeFile(script, '# unbound');
+    process.env.UNBOUND_CURSOR_API_KEY = 'cant-reach-gateway';
+    try {
+      const tools = th.detectTools();
+      await th.validateToolKeys(tools, async () => 'unknown');
+      const cursor = tools.find((t) => t.key === 'cursor');
+      assert.equal(cursor.status, 'healthy');
+    } finally {
+      delete process.env.UNBOUND_CURSOR_API_KEY;
+    }
+  });
+});
+
+test('validateToolKeys: distinct keys across tools are each validated once', async () => {
+  await withHome(async (tmp, th) => {
+    // Two tools with two distinct env-var values + one shared value.
+    const cursorScript = path.join(tmp, '.cursor', 'hooks', 'unbound.py');
+    writeFile(path.join(tmp, '.cursor', 'hooks.json'), JSON.stringify({ hooks: { PreToolUse: [{ command: cursorScript }] } }));
+    writeFile(cursorScript, '# unbound');
+    const copilotCfg = path.join(tmp, '.copilot', 'hooks', 'unbound.json');
+    const copilotScript = path.join(tmp, '.copilot', 'hooks', 'unbound.py');
+    writeFile(copilotCfg, JSON.stringify({ hooks: { PreToolUse: [{ command: copilotScript }] } }));
+    writeFile(copilotScript, '# unbound');
+    process.env.UNBOUND_CURSOR_API_KEY = 'key-A';
+    process.env.UNBOUND_COPILOT_API_KEY = 'key-B';
+    try {
+      const tools = th.detectTools();
+      const seen = [];
+      await th.validateToolKeys(tools, async (k) => { seen.push(k); return 'valid'; });
+      // Each unique key is validated exactly once, regardless of how many
+      // tools reference it. Order isn't asserted.
+      assert.deepEqual(new Set(seen), new Set(['key-A', 'key-B']));
+      assert.equal(seen.length, 2);
+    } finally {
+      delete process.env.UNBOUND_CURSOR_API_KEY;
+      delete process.env.UNBOUND_COPILOT_API_KEY;
+    }
+  });
+});
+
+// Real-world common case: one tool's key was rotated and the env wasn't
+// updated. The valid tool stays healthy; the invalid one flips. They share
+// the same fan-out, so a partial verdict must round-trip correctly.
+test('validateToolKeys: mixed verdicts — invalid tool flips, valid tool unchanged', async () => {
+  await withHome(async (tmp, th) => {
+    const cursorScript = path.join(tmp, '.cursor', 'hooks', 'unbound.py');
+    writeFile(path.join(tmp, '.cursor', 'hooks.json'), JSON.stringify({ hooks: { PreToolUse: [{ command: cursorScript }] } }));
+    writeFile(cursorScript, '# unbound');
+    const copilotCfg = path.join(tmp, '.copilot', 'hooks', 'unbound.json');
+    const copilotScript = path.join(tmp, '.copilot', 'hooks', 'unbound.py');
+    writeFile(copilotCfg, JSON.stringify({ hooks: { PreToolUse: [{ command: copilotScript }] } }));
+    writeFile(copilotScript, '# unbound');
+    process.env.UNBOUND_CURSOR_API_KEY = 'good';
+    process.env.UNBOUND_COPILOT_API_KEY = 'bad';
+    try {
+      const tools = th.detectTools();
+      await th.validateToolKeys(tools, async (k) => k === 'good' ? 'valid' : 'invalid');
+      const cursor = tools.find((t) => t.key === 'cursor');
+      const copilot = tools.find((t) => t.key === 'copilot');
+      assert.equal(cursor.status, 'healthy');
+      assert.equal(copilot.status, 'tampered');
+    } finally {
+      delete process.env.UNBOUND_CURSOR_API_KEY;
+      delete process.env.UNBOUND_COPILOT_API_KEY;
+    }
+  });
+});
+
+// Defensive: a validator that throws (a future api.validateApiKey bug, a
+// transport regression) must NOT take down `unbound status`/`doctor`. Each
+// thrown key is coerced to 'unknown' so the tool stays healthy and the skip
+// counter surfaces the issue to the operator.
+test('validateToolKeys: throwing validator coerces to unknown (does not propagate)', async () => {
+  await withHome(async (tmp, th) => {
+    const script = path.join(tmp, '.cursor', 'hooks', 'unbound.py');
+    writeFile(path.join(tmp, '.cursor', 'hooks.json'), JSON.stringify({ hooks: { PreToolUse: [{ command: script }] } }));
+    writeFile(script, '# unbound');
+    process.env.UNBOUND_CURSOR_API_KEY = 'k';
+    try {
+      const tools = th.detectTools();
+      await assert.doesNotReject(
+        th.validateToolKeys(tools, async () => { throw new Error('boom'); })
+      );
+      const cursor = tools.find((t) => t.key === 'cursor');
+      assert.equal(cursor.status, 'healthy');
+      const keyCheck = cursor.checks.find((c) => c.keyCheck);
+      assert.equal(keyCheck.validationSkipped, true);
+      assert.equal(th.countValidationSkipped(tools), 1);
+    } finally {
+      delete process.env.UNBOUND_CURSOR_API_KEY;
+    }
+  });
+});
+
+// Tag for offline surfacing — without this the operator can't distinguish a
+// fully-validated run from one that silently failed open.
+test('validateToolKeys: unknown verdict tags the check with validationSkipped + countValidationSkipped reports it', async () => {
+  await withHome(async (tmp, th) => {
+    const script = path.join(tmp, '.cursor', 'hooks', 'unbound.py');
+    writeFile(path.join(tmp, '.cursor', 'hooks.json'), JSON.stringify({ hooks: { PreToolUse: [{ command: script }] } }));
+    writeFile(script, '# unbound');
+    process.env.UNBOUND_CURSOR_API_KEY = 'k';
+    try {
+      const tools = th.detectTools();
+      await th.validateToolKeys(tools, async () => 'unknown');
+      assert.equal(th.countValidationSkipped(tools), 1);
+      const cursor = tools.find((t) => t.key === 'cursor');
+      const keyCheck = cursor.checks.find((c) => c.keyCheck);
+      assert.equal(keyCheck.validationSkipped, true);
+      assert.equal(keyCheck.ok, true); // fail-open: still healthy
     } finally {
       delete process.env.UNBOUND_CURSOR_API_KEY;
     }
   });
 });
+
+// Bot regression (Bugbot Medium / Greptile P1): validateToolKeys was
+// unconditionally re-running statusOf, which overwrites `managed-by-mdm`
+// (since `statusOf` doesn't know about that sentinel) back to `healthy`,
+// erasing the MDM badge from both human + JSON output. The fix is to only
+// re-derive status when a check's `ok` actually flipped.
+test('validateToolKeys: managed-by-mdm status survives validation when nothing flips', async () => {
+  await withHome(async (tmp, th) => {
+    const mdmDir = path.join(tmp, 'mdm', 'ClaudeCode');
+    writeFile(path.join(mdmDir, 'managed-settings.json'),
+      JSON.stringify({ hooks: { PreToolUse: [{ command: path.join(mdmDir, 'hooks', 'unbound.py') }] } }));
+    writeFile(path.join(mdmDir, 'hooks', 'unbound.py'), '#');
+    const tools = th.detectTools({ _mdmDirs: { 'claude-code': mdmDir } });
+    const claude = tools.find((t) => t.family === 'claude-code');
+    assert.equal(claude.status, 'managed-by-mdm', 'pre-validation sanity');
+    // No keyCheck entries on the MDM variant, so the validator is never
+    // consulted. Status must NOT collapse to plain 'healthy'.
+    let called = false;
+    await th.validateToolKeys(tools, async () => { called = true; return 'valid'; });
+    assert.equal(claude.status, 'managed-by-mdm', 'MDM badge was overwritten');
+    assert.equal(claude.scope, 'mdm');
+    assert.equal(called, false);
+  });
+});
+
+// W2 defensive guards.
+test('validateToolKeys: null/empty tools — no throw, no validator calls', async () => {
+  const th = require('../src/toolHealth');
+  let called = false;
+  await th.validateToolKeys(null, async () => { called = true; });
+  await th.validateToolKeys(undefined, async () => { called = true; });
+  await th.validateToolKeys([], async () => { called = true; });
+  assert.equal(called, false);
+});
+
+test('validateToolKeys: missing key (no env var) → tampered without consulting the validator', async () => {
+  await withHome(async (tmp, th) => {
+    const script = path.join(tmp, '.cursor', 'hooks', 'unbound.py');
+    writeFile(path.join(tmp, '.cursor', 'hooks.json'), JSON.stringify({ hooks: { PreToolUse: [{ command: script }] } }));
+    writeFile(script, '# unbound');
+    delete process.env.UNBOUND_CURSOR_API_KEY;
+    let called = false;
+    const tools = th.detectTools();
+    await th.validateToolKeys(tools, async () => { called = true; return 'valid'; });
+    const cursor = tools.find((t) => t.key === 'cursor');
+    assert.equal(cursor.status, 'tampered');
+    // The validator is never called for missing keys — there's no value to check.
+    assert.equal(called, false);
+  });
+});