diff --git a/src/gateway/tools-invoke-http.test.ts b/src/gateway/tools-invoke-http.test.ts
index 335cab6454d..20a2f2c2c19 100644
--- a/src/gateway/tools-invoke-http.test.ts
+++ b/src/gateway/tools-invoke-http.test.ts
@@ -239,15 +239,20 @@ const postToolsInvoke = async (params: {
     body: JSON.stringify(params.body),
   });
 
+const withOptionalSessionKey = (body: Record<string, unknown>, sessionKey?: string) => ({
+  ...body,
+  ...(sessionKey ? { sessionKey } : {}),
+});
+
 const invokeAgentsList = async (params: {
   port: number;
   headers?: Record<string, string>;
   sessionKey?: string;
 }) => {
-  const body: Record<string, unknown> = { tool: "agents_list", action: "json", args: {} };
-  if (params.sessionKey) {
-    body.sessionKey = params.sessionKey;
-  }
+  const body = withOptionalSessionKey(
+    { tool: "agents_list", action: "json", args: {} },
+    params.sessionKey,
+  );
   return await postToolsInvoke({ port: params.port, headers: params.headers, body });
 };
 
@@ -259,16 +264,16 @@ const invokeTool = async (params: {
   headers?: Record<string, string>;
   sessionKey?: string;
 }) => {
-  const body: Record<string, unknown> = {
-    tool: params.tool,
-    args: params.args ?? {},
-  };
+  const body: Record<string, unknown> = withOptionalSessionKey(
+    {
+      tool: params.tool,
+      args: params.args ?? {},
+    },
+    params.sessionKey,
+  );
   if (params.action) {
     body.action = params.action;
   }
-  if (params.sessionKey) {
-    body.sessionKey = params.sessionKey;
-  }
   return await postToolsInvoke({ port: params.port, headers: params.headers, body });
 };
 
@@ -291,6 +296,36 @@ const invokeToolAuthed = async (params: {
     ...params,
   });
 
+const expectOkInvokeResponse = async (res: Response) => {
+  expect(res.status).toBe(200);
+  const body = await res.json();
+  expect(body.ok).toBe(true);
+  return body as { ok: boolean; result?: Record<string, unknown> };
+};
+
+const setMainAllowedTools = (params: {
+  allow: string[];
+  gatewayAllow?: string[];
+  gatewayDeny?: string[];
+}) => {
+  cfg = {
+    ...cfg,
+    agents: {
+      list: [{ id: "main", default: true, tools: { allow: params.allow } }],
+    },
+    ...(params.gatewayAllow || params.gatewayDeny
+      ? {
+          gateway: {
+            tools: {
+              ...(params.gatewayAllow ? { allow: params.gatewayAllow } : {}),
+              ...(params.gatewayDeny ? { deny: params.gatewayDeny } : {}),
+            },
+          },
+        }
+      : {}),
+  };
+};
+
 describe("POST /tools/invoke", () => {
   it("invokes a tool and returns {ok:true,result}", async () => {
     allowAgentsListForMain();
@@ -415,9 +450,7 @@ describe("POST /tools/invoke", () => {
       sessionKey: "main",
     });
 
-    expect(res.status).toBe(200);
-    const body = await res.json();
-    expect(body.ok).toBe(true);
+    const body = await expectOkInvokeResponse(res);
     expect(body.result?.route).toEqual({
       agentTo: "channel:24514",
       agentThreadId: "thread-24514",
@@ -425,12 +458,7 @@ describe("POST /tools/invoke", () => {
   });
 
   it("denies sessions_send via HTTP gateway", async () => {
-    cfg = {
-      ...cfg,
-      agents: {
-        list: [{ id: "main", default: true, tools: { allow: ["sessions_send"] } }],
-      },
-    };
+    setMainAllowedTools({ allow: ["sessions_send"] });
 
     const res = await invokeToolAuthed({
       tool: "sessions_send",
@@ -441,12 +469,7 @@ describe("POST /tools/invoke", () => {
   });
 
   it("denies gateway tool via HTTP", async () => {
-    cfg = {
-      ...cfg,
-      agents: {
-        list: [{ id: "main", default: true, tools: { allow: ["gateway"] } }],
-      },
-    };
+    setMainAllowedTools({ allow: ["gateway"] });
 
     const res = await invokeToolAuthed({
       tool: "gateway",
@@ -457,13 +480,7 @@ describe("POST /tools/invoke", () => {
   });
 
   it("allows gateway tool via HTTP when explicitly enabled in gateway.tools.allow", async () => {
-    cfg = {
-      ...cfg,
-      agents: {
-        list: [{ id: "main", default: true, tools: { allow: ["gateway"] } }],
-      },
-      gateway: { tools: { allow: ["gateway"] } },
-    };
+    setMainAllowedTools({ allow: ["gateway"], gatewayAllow: ["gateway"] });
 
     const res = await invokeToolAuthed({
       tool: "gateway",
@@ -478,13 +495,11 @@ describe("POST /tools/invoke", () => {
   });
 
   it("treats gateway.tools.deny as higher priority than gateway.tools.allow", async () => {
-    cfg = {
-      ...cfg,
-      agents: {
-        list: [{ id: "main", default: true, tools: { allow: ["gateway"] } }],
-      },
-      gateway: { tools: { allow: ["gateway"], deny: ["gateway"] } },
-    };
+    setMainAllowedTools({
+      allow: ["gateway"],
+      gatewayAllow: ["gateway"],
+      gatewayDeny: ["gateway"],
+    });
 
     const res = await invokeToolAuthed({
       tool: "gateway",
@@ -567,12 +582,7 @@ describe("POST /tools/invoke", () => {
   });
 
   it("passes deprecated format alias through invoke payloads even when schema omits it", async () => {
-    cfg = {
-      ...cfg,
-      agents: {
-        list: [{ id: "main", default: true, tools: { allow: ["diffs_compat_test"] } }],
-      },
-    };
+    setMainAllowedTools({ allow: ["diffs_compat_test"] });
 
     const res = await invokeToolAuthed({
       tool: "diffs_compat_test",
@@ -580,9 +590,7 @@ describe("POST /tools/invoke", () => {
       sessionKey: "main",
     });
 
-    expect(res.status).toBe(200);
-    const body = await res.json();
-    expect(body.ok).toBe(true);
+    const body = await expectOkInvokeResponse(res);
     expect(body.result?.observedFormat).toBe("pdf");
     expect(body.result?.observedFileFormat).toBeUndefined();
   });