[FIX] tests

Author: Dmi3yy

PRD.md

@@ -10,6 +10,21 @@
 - `SPEC.md` визначає технічні MUST/SHOULD контракти реалізації.
 - `TOOLSET.md` визначає публічний контракт tool names/params/responses/errors.
 
+## 0.1 Поточний статус delivery (as of 2026-03-03)
+Підтверджений стан у workspace:
+- `make demo-all` проходить end-to-end у `demo`.
+- Інсталяційний pipeline (`install/publish/migrate`) проходить стабільно.
+- `php artisan emcp:test` (`initialize`, `tools/list`) -> PASS.
+- Runtime HTTP integration (`tests/Integration/RuntimeIntegrationHttpTest.php`) -> PASS.
+- Підтверджено API шлях читання даних з БД через MCP (`evo.content.search`, `evo.content.root_tree`, `evo.content.get`).
+- Автоматично генерується `demo/logs.md` з деталями токена, MCP запитів/відповідей і manual-check командами.
+
+Залишок до RC-1 (core platform hardening):
+- live runtime integration job у GitHub Actions зі staging env/secrets;
+- live async checks для `sTask` (progress/result/retry/failover);
+- live stream/rate-limit операційні перевірки;
+- зафіксовані RC evidence артефакти (security sanity + performance baseline).
+
 ## 1. Контекст
 - Цільовий пакет: `eMCP` у `/Users/dmi3yy/PhpstormProjects/Extras/eMCP`.
 - Upstream MCP SDK: `/Users/dmi3yy/PhpstormProjects/Extras/LaravelMcp` (`laravel/mcp`).

README.md

@@ -237,6 +237,9 @@ make demo-all
 ```
 
 This target installs demo Evo, starts `php -S`, issues sApi JWT, runs `php artisan emcp:test`, then runs `composer run test` with HTTP runtime integration enabled.
+After run, detailed evidence is written to:
+- `demo/logs.md` (token/masked auth info, MCP request payloads, HTTP statuses, responses, manual verification commands)
+- `/tmp/emcp-demo-php-server.log` (php built-in server log)
 
 If GitHub API auth is needed during install, pass token via ENV (same pattern as `evolution`):
 
@@ -246,6 +249,25 @@ GITHUB_PAT=ghp_xxx make demo-all
 
 Fallback ENV names are also supported: `GITHUB_TOKEN`, `GH_TOKEN`.
 
+Manual content-read MCP examples (same calls used in `demo/logs.md`):
+
+```bash
+# list tools
+curl -sS -H 'Content-Type: application/json' -H 'Authorization: Bearer <TOKEN>' \
+  -d '{"jsonrpc":"2.0","id":"tools-1","method":"tools/list","params":{}}' \
+  'http://127.0.0.1:8787/api/v1/mcp/content'
+
+# read content slice from DB
+curl -sS -H 'Content-Type: application/json' -H 'Authorization: Bearer <TOKEN>' \
+  -d '{"jsonrpc":"2.0","id":"search-1","method":"tools/call","params":{"name":"evo.content.search","arguments":{"limit":3,"offset":0}}}' \
+  'http://127.0.0.1:8787/api/v1/mcp/content'
+
+# read one document
+curl -sS -H 'Content-Type: application/json' -H 'Authorization: Bearer <TOKEN>' \
+  -d '{"jsonrpc":"2.0","id":"get-1","method":"tools/call","params":{"name":"evo.content.get","arguments":{"id":1}}}' \
+  'http://127.0.0.1:8787/api/v1/mcp/content'
+```
+
 Optional runtime integration check (against deployed environment):
 
 ```bash

README.uk.md

@@ -236,6 +236,9 @@ make demo-all
 ```
 
 Ця ціль встановлює demo Evo, запускає `php -S`, видає sApi JWT, виконує `php artisan emcp:test`, а потім `composer run test` з увімкненою HTTP runtime integration перевіркою.
+Після виконання детальні докази записуються у:
+- `demo/logs.md` (masked token, MCP payload-и, HTTP статуси, відповіді, manual verification команди)
+- `/tmp/emcp-demo-php-server.log` (лог PHP built-in server)
 
 Якщо під час інсталяції потрібна GitHub авторизація API, передай токен через ENV (як у `evolution`):
 
@@ -245,6 +248,25 @@ GITHUB_PAT=ghp_xxx make demo-all
 
 Також підтримуються `GITHUB_TOKEN` і `GH_TOKEN`.
 
+Ручні приклади MCP читання content (ті самі виклики, що пишуться у `demo/logs.md`):
+
+```bash
+# список tools
+curl -sS -H 'Content-Type: application/json' -H 'Authorization: Bearer <TOKEN>' \
+  -d '{"jsonrpc":"2.0","id":"tools-1","method":"tools/list","params":{}}' \
+  'http://127.0.0.1:8787/api/v1/mcp/content'
+
+# читання content з БД
+curl -sS -H 'Content-Type: application/json' -H 'Authorization: Bearer <TOKEN>' \
+  -d '{"jsonrpc":"2.0","id":"search-1","method":"tools/call","params":{"name":"evo.content.search","arguments":{"limit":3,"offset":0}}}' \
+  'http://127.0.0.1:8787/api/v1/mcp/content'
+
+# читання одного документа
+curl -sS -H 'Content-Type: application/json' -H 'Authorization: Bearer <TOKEN>' \
+  -d '{"jsonrpc":"2.0","id":"get-1","method":"tools/call","params":{"name":"evo.content.get","arguments":{"id":1}}}' \
+  'http://127.0.0.1:8787/api/v1/mcp/content'
+```
+
 Опційна runtime integration перевірка (проти розгорнутого середовища):
 
 ```bash

SPEC.md

@@ -5,13 +5,25 @@
 
 Status markers:
 - `SPEC Version`: `1.0-contract`
-- `Runtime Status`: `Gate C baseline implemented (full validation pending)`
+- `Runtime Status`: `Gate C baseline validated in demo runtime; RC-1 hardening pending`
 
 Normative hierarchy:
 - `SPEC.md` defines platform-wide MUST/SHOULD rules.
 - `TOOLSET.md` defines canonical public tool contract (`evo.content.*`, `evo.model.*`).
 - `DOCS*.md` are implementation and usage guides; if conflict occurs, `SPEC.md` + `TOOLSET.md` win.
 
+Current validation snapshot (2026-03-03):
+- `make demo-all` PASS (install + smoke + runtime integration).
+- `php artisan emcp:test` PASS for `initialize` and `tools/list`.
+- Runtime HTTP integration PASS for `/api/v1/mcp/{server}`.
+- Verified content-read tool flow in runtime (`evo.content.search`, `evo.content.root_tree`, `evo.content.get`).
+- One-click verification writes `demo/logs.md` with request/response evidence.
+
+Open RC-1 validation scope:
+- live CI runtime integration (external env/secrets) is not yet mandatory-on-push;
+- live async `sTask` e2e checks (queue lifecycle/progress/failover) are not yet enforced in CI;
+- live stream/rate-limit infra checks remain pending as RC evidence.
+
 ## 0. Джерела
 - `/Users/dmi3yy/PhpstormProjects/Extras/LaravelMcp` — upstream `laravel/mcp`.
 - `/Users/dmi3yy/PhpstormProjects/Extras/LaravelAi` — upstream SDK packaging patterns consumed via Evo thin wrappers.

scripts/demo_verify.sh

@@ -20,6 +20,7 @@ SAPI_BASE_PATH=${SAPI_BASE_PATH:-api}
 SAPI_VERSION=${SAPI_VERSION:-v1}
 SERVER_LOG=${SERVER_LOG:-/tmp/emcp-demo-php-server.log}
 SERVER_PID=
+TMP_DIR=
 
 if [ "${#SAPI_JWT_SECRET}" -lt 32 ]; then
   echo "[demo-verify] SAPI_JWT_SECRET is shorter than 32 chars; using SHA-256 normalized secret for compatibility."
@@ -42,6 +43,9 @@ case "${DEMO_CORE_DIR}" in
   *) DEMO_CORE_DIR_PATH="${REPO_ROOT}/${DEMO_CORE_DIR}" ;;
 esac
 
+LOGS_MD=${LOGS_MD:-${DEMO_DIR_PATH}/logs.md}
+TMP_DIR=$(mktemp -d "${TMPDIR:-/tmp}/emcp-demo-verify.XXXXXX")
+
 cleanup() {
   status=$?
 
@@ -50,6 +54,10 @@ cleanup() {
     wait "${SERVER_PID}" 2>/dev/null || true
   fi
 
+  if [ -n "${TMP_DIR}" ] && [ -d "${TMP_DIR}" ]; then
+    rm -rf "${TMP_DIR}" >/dev/null 2>&1 || true
+  fi
+
   if [ "${status}" -ne 0 ] && [ -f "${SERVER_LOG}" ]; then
     echo "[demo-verify] FAILED (exit ${status}). php -S log tail:" >&2
     tail -n 120 "${SERVER_LOG}" >&2 || true
@@ -170,13 +178,230 @@ echo $signingInput . "." . $base64Url($signature);
 ')
 fi
 
+token_masked=$(printf '%s' "${token}" | php -r '
+$token = trim((string)stream_get_contents(STDIN));
+if ($token === "") {
+    echo "";
+    exit(0);
+}
+$len = strlen($token);
+if ($len <= 24) {
+    echo $token;
+    exit(0);
+}
+echo substr($token, 0, 16) . "..." . substr($token, -8);
+')
+
+mcp_url="${DEMO_BASE_URL}${api_prefix}/mcp/${EMCP_SERVER_HANDLE}"
+session_id=""
+
+initialize_payload='{"jsonrpc":"2.0","id":"init-doc","method":"initialize","params":{"protocolVersion":"2025-11-25","capabilities":{},"clientInfo":{"name":"emcp-demo-verify","version":"1.0.0"}}}'
+tools_list_payload='{"jsonrpc":"2.0","id":"tools-doc","method":"tools/list","params":{}}'
+content_search_payload='{"jsonrpc":"2.0","id":"search-doc","method":"tools/call","params":{"name":"evo.content.search","arguments":{"limit":3,"offset":0}}}'
+content_root_tree_payload='{"jsonrpc":"2.0","id":"root-doc","method":"tools/call","params":{"name":"evo.content.root_tree","arguments":{"limit":3,"offset":0,"depth":2}}}'
+content_get_payload='{"jsonrpc":"2.0","id":"get-doc","method":"tools/call","params":{"name":"evo.content.get","arguments":{"id":1}}}'
+
+init_headers_file="${TMP_DIR}/init.headers"
+init_raw=$(curl -sS -D "${init_headers_file}" \
+  -H 'Content-Type: application/json' \
+  -H "Authorization: Bearer ${token}" \
+  -d "${initialize_payload}" \
+  -w "\n__HTTP_CODE__:%{http_code}" \
+  "${mcp_url}" || true)
+init_http_code=$(printf '%s' "${init_raw}" | sed -n 's/^__HTTP_CODE__://p' | tail -n 1)
+init_response=$(printf '%s' "${init_raw}" | sed '/^__HTTP_CODE__:/d')
+session_id=$(awk 'BEGIN{IGNORECASE=1} /^MCP-Session-Id:/{gsub("\r","",$2); print $2}' "${init_headers_file}" | tail -n 1)
+
+mcp_post_with_optional_session() {
+  payload="$1"
+  headers_file="$2"
+  if [ -n "${session_id}" ]; then
+    curl -sS -D "${headers_file}" \
+      -H 'Content-Type: application/json' \
+      -H "Authorization: Bearer ${token}" \
+      -H "MCP-Session-Id: ${session_id}" \
+      -d "${payload}" \
+      -w "\n__HTTP_CODE__:%{http_code}" \
+      "${mcp_url}" || true
+    return
+  fi
+
+  curl -sS -D "${headers_file}" \
+    -H 'Content-Type: application/json' \
+    -H "Authorization: Bearer ${token}" \
+    -d "${payload}" \
+    -w "\n__HTTP_CODE__:%{http_code}" \
+    "${mcp_url}" || true
+}
+
+tools_headers_file="${TMP_DIR}/tools.headers"
+tools_raw=$(mcp_post_with_optional_session "${tools_list_payload}" "${tools_headers_file}")
+tools_http_code=$(printf '%s' "${tools_raw}" | sed -n 's/^__HTTP_CODE__://p' | tail -n 1)
+tools_response=$(printf '%s' "${tools_raw}" | sed '/^__HTTP_CODE__:/d')
+
+search_headers_file="${TMP_DIR}/search.headers"
+search_raw=$(mcp_post_with_optional_session "${content_search_payload}" "${search_headers_file}")
+search_http_code=$(printf '%s' "${search_raw}" | sed -n 's/^__HTTP_CODE__://p' | tail -n 1)
+search_response=$(printf '%s' "${search_raw}" | sed '/^__HTTP_CODE__:/d')
+
+root_headers_file="${TMP_DIR}/root.headers"
+root_raw=$(mcp_post_with_optional_session "${content_root_tree_payload}" "${root_headers_file}")
+root_http_code=$(printf '%s' "${root_raw}" | sed -n 's/^__HTTP_CODE__://p' | tail -n 1)
+root_response=$(printf '%s' "${root_raw}" | sed '/^__HTTP_CODE__:/d')
+
+get_headers_file="${TMP_DIR}/get.headers"
+get_raw=$(mcp_post_with_optional_session "${content_get_payload}" "${get_headers_file}")
+get_http_code=$(printf '%s' "${get_raw}" | sed -n 's/^__HTTP_CODE__://p' | tail -n 1)
+get_response=$(printf '%s' "${get_raw}" | sed '/^__HTTP_CODE__:/d')
+
 echo "[demo-verify] Step 4/4: running full test suite with runtime HTTP integration"
+
+set +e
 EMCP_INTEGRATION_ENABLED=1 \
 EMCP_BASE_URL="${DEMO_BASE_URL}" \
 EMCP_API_PATH="${api_prefix}/mcp/{server}" \
 EMCP_API_TOKEN="${token}" \
 EMCP_SERVER_HANDLE="${EMCP_SERVER_HANDLE}" \
 EMCP_DISPATCH_CHECK="${EMCP_DISPATCH_CHECK}" \
 composer run test
+test_exit=$?
+set -e
+
+test_status="PASS"
+if [ "${test_exit}" -ne 0 ]; then
+  test_status="FAIL"
+fi
+
+run_utc_ts=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+
+cat > "${LOGS_MD}" <<EOF
+# eMCP Demo Verify Log
+
+Generated at (UTC): \`${run_utc_ts}\`  
+Result: **${test_status}** (exit code: \`${test_exit}\`)
+
+## Environment
+
+- Base URL: \`${DEMO_BASE_URL}\`
+- API prefix: \`${api_prefix}\`
+- MCP endpoint: \`${mcp_url}\`
+- Server handle: \`${EMCP_SERVER_HANDLE}\`
+- Token endpoint: \`${DEMO_BASE_URL}${api_prefix}/token\`
+- Token (masked): \`${token_masked}\`
+- MCP Session ID: \`${session_id:-n/a}\`
+- php -S log file: \`${SERVER_LOG}\`
+
+## Smoke Check
+
+\`php artisan emcp:test\`: passed (initialize/tools:list OK)
+
+## HTTP / MCP Probe Requests
+
+### 1) initialize
+
+Request:
+\`\`\`json
+${initialize_payload}
+\`\`\`
+
+HTTP: \`${init_http_code}\`
+
+Response:
+\`\`\`json
+${init_response}
+\`\`\`
+
+### 2) tools/list
+
+Request:
+\`\`\`json
+${tools_list_payload}
+\`\`\`
+
+HTTP: \`${tools_http_code}\`
+
+Response:
+\`\`\`json
+${tools_response}
+\`\`\`
+
+### 3) site content via evo.content.search
+
+Request:
+\`\`\`json
+${content_search_payload}
+\`\`\`
+
+HTTP: \`${search_http_code}\`
+
+Response:
+\`\`\`json
+${search_response}
+\`\`\`
+
+### 4) site content via evo.content.root_tree
+
+Request:
+\`\`\`json
+${content_root_tree_payload}
+\`\`\`
+
+HTTP: \`${root_http_code}\`
+
+Response:
+\`\`\`json
+${root_response}
+\`\`\`
+
+### 5) site content via evo.content.get (id=1)
+
+Request:
+\`\`\`json
+${content_get_payload}
+\`\`\`
+
+HTTP: \`${get_http_code}\`
+
+Response:
+\`\`\`json
+${get_response}
+\`\`\`
+
+## How To Verify Manually
+
+1. Get token:
+\`\`\`bash
+curl -sS -H 'Content-Type: application/json' \\
+  -d '{"username":"${DEMO_ADMIN_USERNAME}","password":"${DEMO_ADMIN_PASSWORD}"}' \\
+  '${DEMO_BASE_URL}${api_prefix}/token'
+\`\`\`
+
+2. Initialize MCP:
+\`\`\`bash
+curl -sS -H 'Content-Type: application/json' -H 'Authorization: Bearer <TOKEN>' \\
+  -d '${initialize_payload}' \\
+  '${mcp_url}'
+\`\`\`
+
+3. Read site content (search):
+\`\`\`bash
+curl -sS -H 'Content-Type: application/json' -H 'Authorization: Bearer <TOKEN>' \\
+  -d '${content_search_payload}' \\
+  '${mcp_url}'
+\`\`\`
+
+4. Read one document (id=1):
+\`\`\`bash
+curl -sS -H 'Content-Type: application/json' -H 'Authorization: Bearer <TOKEN>' \\
+  -d '${content_get_payload}' \\
+  '${mcp_url}'
+\`\`\`
+EOF
+
+echo "[demo-verify] Wrote detailed run log: ${LOGS_MD}"
+
+if [ "${test_exit}" -ne 0 ]; then
+  exit "${test_exit}"
+fi
 
 echo "[demo-verify] PASS: demo is running and MCP checks are green."