Every compliance-critical path covered. RLS isolation verified at the PostgreSQL layer — not mocked. Numbers below are generated from the real suite on each build (commit 63a93f0).
Public SDK unit tests. Mocks fetch globally. Covers client construction, model hash utility, all resource wrappers, retry logic, error mapping, and HMAC webhook verification.
MCP tool handler unit tests. Tests all three tools directly without MCP transport. KakuninMcpClient mocked to isolate handler logic.
Deterministic expected score for every action type. Band boundary assertions. Auto-revocation threshold checks.
Issuance (KMS signing → DB → audit), public edge-cached verification, manual revocation + CRL refresh, and the cryptographic kill switch with signed halt receipt.
Core event pipeline: Zod validation → quota check → risk scoring → DB write → async side effects.
Live Supabase test DB. Tenant A cannot read Tenant B data at the PostgreSQL layer — no application-level filter can fake this. Currently skipped in CI until the dedicated RLS test project is reprovisioned.
Human→agent→sub-agent authority via nested RFC 8693 act-claims, as a stateless signed token (HS256). Build/parse round-trip, depth bounds, sign/verify/tamper/expiry.
Vendor-neutral OTLP/HTTP JSON for metrics, logs, and traces. Deterministic span/trace IDs for idempotent retries, PII-safe by construction, per-stream keyset export cursor with a filter-injection guard.
EU AI Act Art. 5 manipulation/deception detection on agent output. Short-text saturating risk curve, risk bands, deterministic span anchoring, tolerant LLM-output parsing.
CI deploy gate on peak behavioral risk (pass / action_required / fail+revoke), and tamper-evident HMAC-SHA256 forensics proofs over an ordered event set.
| Test file | Passed | Failed | Skipped |
|---|---|---|---|
__tests__/api/agents.test.ts | 14 | 0 | 0 |
__tests__/api/assessment.test.ts | 4 | 0 | 0 |
__tests__/api/certify.test.ts | 6 | 0 | 0 |
__tests__/api/events.test.ts | 19 | 0 | 0 |
__tests__/api/halt.test.ts | 9 | 0 | 0 |
__tests__/api/mcp.test.ts | 3 | 0 | 0 |
__tests__/api/provision-inbox.test.ts | 2 | 0 | 0 |
__tests__/api/report-quotas.test.ts | 2 | 0 | 0 |
__tests__/api/revoke.test.ts | 10 | 0 | 0 |
__tests__/api/verify.test.ts | 5 | 0 | 0 |
__tests__/api/webhook-delivery.test.ts | 3 | 0 | 0 |
__tests__/api/webhooks.test.ts | 6 | 0 | 0 |
__tests__/api/webmcp.test.ts | 3 | 0 | 0 |
__tests__/assessment/llm.test.ts | 5 | 0 | 0 |
__tests__/assessment/scan.test.ts | 5 | 0 | 0 |
__tests__/email/assessment-template.test.ts | 4 | 0 | 0 |
__tests__/email/system-templates.test.ts | 4 | 0 | 0 |
__tests__/security/rls-isolation.test.ts | 0 | 0 | 21 |
__tests__/unit/assessment-rate-limit.test.ts | 4 | 0 | 0 |
__tests__/unit/audit-hmac.test.ts | 14 | 0 | 0 |
__tests__/unit/bearer-auth.test.ts | 6 | 0 | 0 |
__tests__/unit/blog-route-safety.test.ts | 1 | 0 | 0 |
__tests__/unit/connections-cursor.test.ts | 14 | 0 | 0 |
__tests__/unit/content-risk.test.ts | 28 | 0 | 0 |
__tests__/unit/credentials-crypto.test.ts | 8 | 0 | 0 |
__tests__/unit/delegation.test.ts | 11 | 0 | 0 |
__tests__/unit/forensics-proof.test.ts | 5 | 0 | 0 |
__tests__/unit/github-gate.test.ts | 7 | 0 | 0 |
__tests__/unit/inbox-providers.test.ts | 9 | 0 | 0 |
__tests__/unit/openrouter-client.test.ts | 13 | 0 | 0 |
__tests__/unit/otlp-transform.test.ts | 25 | 0 | 0 |
__tests__/unit/risk-engine.test.ts | 23 | 0 | 0 |
__tests__/unit/standards-map.test.ts | 8 | 0 | 0 |
__tests__/unit/url-guard.test.ts | 25 | 0 | 0 |
__tests__/unit/vc-decode.test.ts | 5 | 0 | 0 |
mcp/kakunin-mcp/tests/mcp.test.ts | 16 | 0 | 0 |
sdk/middleware/tests/verify.test.ts | 9 | 0 | 0 |
sdk/typescript/tests/sdk.test.ts | 21 | 0 | 0 |
sdk/typescript/tests/verify.test.ts | 13 | 0 | 0 |
Exercised end-to-end against https://www.kakunin.ai on 2026-07-07: delegation issue+verify, content-risk submission, forensics export, and the OTLP connection lifecycle.
valid token, 2-link chain
rejected as expected
enqueued (benign text → scored async, below persist threshold)
forensics export OK
connect/status/delete all OK (cleaned up)
mutating — set KAKUNIN_SMOKE_RUN_GATE=1 (throwaway agent only)
| Component | Approach | Reason |
|---|---|---|
| Risk scoring logic | Real code, no mock | Pure function — tests the actual algorithm |
| Content-risk curve + bands | Real code, no mock | Pure scoring — deterministic short-text saturating curve |
| Delegation tokens | Real code, no mock | HS256 sign/verify via Node crypto — real signatures |
| OTLP transform + cursor | Real code, no mock | Pure payload builders + keyset cursor validation |
| Certificate issuance | Real code, KMS mocked | KMS calls require live AWS credentials |
| Supabase DB operations | Mocked | Avoids test DB dependency; tests business logic in isolation |
| QStash job queue | Mocked | Fire-and-forget — tested for invocation, not delivery |
| AWS KMS signing | Mocked | Requires live AWS credentials with KMS permissions |
| RLS policies | Live test DB | Must run against real Postgres RLS engine — cannot mock |
| v2 API routes (live smoke) | Live deployment | Exercised end-to-end against a running deployment via scripts/v2-smoke.ts |
npm run testnpm run test:resultsnode --env-file=.env.rls.test node_modules/.bin/vitest runnpx tsx scripts/v2-smoke.tscd sdk/typescript && npm test