tripwire-server 0.1.1 → 0.3.1

data/spec/fixtures/gate-delivery/approved-webhook-payload.valid.json

@@ -0,0 +1,20 @@
+{
+  "event": "gate.session.approved",
+  "service_id": "tripwire",
+  "gate_session_id": "gate_0123456789abcdefghjkmnpqrs",
+  "gate_account_id": "gacct_0123456789abcdefghjkmnpqrs",
+  "account_name": "Acme",
+  "metadata": {
+    "plan": "pro"
+  },
+  "tripwire": {
+    "verdict": "human",
+    "score": 0.12
+  },
+  "delivery": {
+    "version": 1,
+    "algorithm": "x25519-hkdf-sha256/aes-256-gcm",
+    "key_id": "LyGqfpvB0SCaX4P0inVpMJTAjCNJVWq_3OE87it2ZYo",
+    "public_key": "bn6szfMIS-7pLl01PqvssrrGRoW1SVTkUuqeg0hfrW0"
+  }
+}

data/spec/fixtures/gate-delivery/delivery-request.json

@@ -0,0 +1,9 @@
+{
+  "delivery": {
+    "version": 1,
+    "algorithm": "x25519-hkdf-sha256/aes-256-gcm",
+    "key_id": "LyGqfpvB0SCaX4P0inVpMJTAjCNJVWq_3OE87it2ZYo",
+    "public_key": "bn6szfMIS-7pLl01PqvssrrGRoW1SVTkUuqeg0hfrW0"
+  },
+  "derived_key_id": "LyGqfpvB0SCaX4P0inVpMJTAjCNJVWq_3OE87it2ZYo"
+}

data/spec/fixtures/gate-delivery/env-policy.json

@@ -0,0 +1,40 @@
+{
+  "derive_agent_token_env_key": [
+    {
+      "service_id": "tripwire",
+      "expected": "TRIPWIRE_GATE_AGENT_TOKEN"
+    },
+    {
+      "service_id": "acme-prod",
+      "expected": "ACME_PROD_GATE_AGENT_TOKEN"
+    }
+  ],
+  "is_gate_managed_env_var_key": [
+    {
+      "key": "TRIPWIRE_AGENT_TOKEN",
+      "managed": true
+    },
+    {
+      "key": "ACME_PROD_GATE_AGENT_TOKEN",
+      "managed": true
+    },
+    {
+      "key": "ACME_API_KEY",
+      "managed": false
+    }
+  ],
+  "is_blocked_gate_env_var_key": [
+    {
+      "key": "PATH",
+      "blocked": true
+    },
+    {
+      "key": "npm_config_registry",
+      "blocked": true
+    },
+    {
+      "key": "TRIPWIRE_SECRET_KEY",
+      "blocked": false
+    }
+  ]
+}

data/spec/fixtures/gate-delivery/vector.v1.json

@@ -0,0 +1,28 @@
+{
+  "version": 1,
+  "delivery": {
+    "version": 1,
+    "algorithm": "x25519-hkdf-sha256/aes-256-gcm",
+    "key_id": "LyGqfpvB0SCaX4P0inVpMJTAjCNJVWq_3OE87it2ZYo",
+    "public_key": "bn6szfMIS-7pLl01PqvssrrGRoW1SVTkUuqeg0hfrW0"
+  },
+  "private_key_pkcs8": "MC4CAQAwBQYDK2VuBCIEIL8KtbBiPaNXyTYwgHfrxlH5RQkpHQ41rwkX77or4_eV",
+  "payload": {
+    "version": 1,
+    "outputs": {
+      "TRIPWIRE_PUBLISHABLE_KEY": "pk_test_vector",
+      "TRIPWIRE_SECRET_KEY": "sk_test_vector"
+    },
+    "ack_token": "ack_test_vector"
+  },
+  "envelope": {
+    "version": 1,
+    "algorithm": "x25519-hkdf-sha256/aes-256-gcm",
+    "key_id": "LyGqfpvB0SCaX4P0inVpMJTAjCNJVWq_3OE87it2ZYo",
+    "ephemeral_public_key": "Q_5aebzWx6eFzTwWQfb0w_mLOmlelA2saRy4XdzCjEM",
+    "salt": "Zaieku8TjeKB-jfdRjlOfBufwGP5BsGY6PYIA1PwcQk",
+    "iv": "gf_vsGj9KXTwRobP",
+    "ciphertext": "pCDCqi28gW0GpyXNHhhX0koP_vyst774zO2n7WnLF2v36zYTTEonlEzqM3gOYpX3Vff1rsrBtQ_BS7KPmqvxh1ku93tWebjOUXcEu2ExvJxTakv5JtiS-uxcPDgUbNoy-9r-hFYCJsWZx9Bw2E8ohgUeVsGWWVvZXljfODbHRXlqa0it_pbm5ts6",
+    "tag": "fhlTs3NfvLN1rTo8-bpyNQ"
+  }
+}

data/spec/fixtures/gate-delivery/webhook-signature.json

@@ -0,0 +1,9 @@
+{
+  "secret": "whsec_test",
+  "timestamp": "1735776000",
+  "expired_timestamp": "1735775400",
+  "now_seconds": 1735776000,
+  "raw_body": "{\"event\":\"gate.session.approved\",\"service_id\":\"tripwire\"}",
+  "signature": "e31cfe4ad62aa4a5ed4eaa8c31c05af7f6482d276ff43eb466c562d101835b26",
+  "invalid_signature": "031cfe4ad62aa4a5ed4eaa8c31c05af7f6482d276ff43eb466c562d101835b26"
+}

data/spec/fixtures/manifest.json

@@ -0,0 +1,179 @@
+{
+  "fixtures": [
+    {
+      "file": "errors/missing-api-key.json",
+      "path": "/v1/sessions",
+      "method": "get",
+      "status": "401"
+    },
+    {
+      "file": "errors/invalid-api-key.json",
+      "path": "/v1/sessions",
+      "method": "get",
+      "status": "401"
+    },
+    {
+      "file": "errors/not-found.json",
+      "path": "/v1/sessions/{sessionId}",
+      "method": "get",
+      "status": "404"
+    },
+    {
+      "file": "errors/validation-error.json",
+      "path": "/v1/sessions",
+      "method": "get",
+      "status": "422"
+    },
+    {
+      "file": "api/sessions/list.json",
+      "path": "/v1/sessions",
+      "method": "get",
+      "status": "200"
+    },
+    {
+      "file": "api/sessions/detail.json",
+      "path": "/v1/sessions/{sessionId}",
+      "method": "get",
+      "status": "200"
+    },
+    {
+      "file": "api/fingerprints/list.json",
+      "path": "/v1/fingerprints",
+      "method": "get",
+      "status": "200"
+    },
+    {
+      "file": "api/fingerprints/detail.json",
+      "path": "/v1/fingerprints/{visitorId}",
+      "method": "get",
+      "status": "200"
+    },
+    {
+      "file": "api/teams/team.json",
+      "path": "/v1/teams/{teamId}",
+      "method": "get",
+      "status": "200"
+    },
+    {
+      "file": "api/teams/team-create.json",
+      "path": "/v1/teams",
+      "method": "post",
+      "status": "201"
+    },
+    {
+      "file": "api/teams/team-update.json",
+      "path": "/v1/teams/{teamId}",
+      "method": "patch",
+      "status": "200"
+    },
+    {
+      "file": "api/teams/api-key-create.json",
+      "path": "/v1/teams/{teamId}/api-keys",
+      "method": "post",
+      "status": "201"
+    },
+    {
+      "file": "api/teams/api-key-list.json",
+      "path": "/v1/teams/{teamId}/api-keys",
+      "method": "get",
+      "status": "200"
+    },
+    {
+      "file": "api/teams/api-key-rotate.json",
+      "path": "/v1/teams/{teamId}/api-keys/{keyId}/rotations",
+      "method": "post",
+      "status": "201"
+    },
+    {
+      "file": "api/teams/api-key-revoke.json",
+      "path": "/v1/teams/{teamId}/api-keys/{keyId}",
+      "method": "delete",
+      "status": "200"
+    },
+    {
+      "file": "api/gate/registry-list.json",
+      "path": "/v1/gate/registry",
+      "method": "get",
+      "status": "200"
+    },
+    {
+      "file": "api/gate/registry-detail.json",
+      "path": "/v1/gate/registry/{serviceId}",
+      "method": "get",
+      "status": "200"
+    },
+    {
+      "file": "api/gate/services-list.json",
+      "path": "/v1/gate/services",
+      "method": "get",
+      "status": "200"
+    },
+    {
+      "file": "api/gate/service-detail.json",
+      "path": "/v1/gate/services/{serviceId}",
+      "method": "get",
+      "status": "200"
+    },
+    {
+      "file": "api/gate/service-create.json",
+      "path": "/v1/gate/services",
+      "method": "post",
+      "status": "201"
+    },
+    {
+      "file": "api/gate/service-update.json",
+      "path": "/v1/gate/services/{serviceId}",
+      "method": "patch",
+      "status": "200"
+    },
+    {
+      "file": "api/gate/service-disable.json",
+      "path": "/v1/gate/services/{serviceId}",
+      "method": "delete",
+      "status": "200"
+    },
+    {
+      "file": "api/gate/session-create.json",
+      "path": "/v1/gate/sessions",
+      "method": "post",
+      "status": "201"
+    },
+    {
+      "file": "api/gate/session-poll.json",
+      "path": "/v1/gate/sessions/{gateSessionId}",
+      "method": "get",
+      "status": "200"
+    },
+    {
+      "file": "api/gate/session-ack.json",
+      "path": "/v1/gate/sessions/{gateSessionId}/ack",
+      "method": "post",
+      "status": "200"
+    },
+    {
+      "file": "api/gate/login-session-create.json",
+      "path": "/v1/gate/login-sessions",
+      "method": "post",
+      "status": "201"
+    },
+    {
+      "file": "api/gate/login-session-consume.json",
+      "path": "/v1/gate/login-sessions/consume",
+      "method": "post",
+      "status": "200"
+    },
+    {
+      "file": "api/gate/agent-token-verify.json",
+      "path": "/v1/gate/agent-tokens/verify",
+      "method": "post",
+      "status": "200"
+    },
+    {
+      "file": "api/gate/agent-token-revoke.json",
+      "path": "/v1/gate/agent-tokens/revoke",
+      "method": "post",
+      "status": "204",
+      "body": "none"
+    }
+  ]
+}

data/spec/fixtures/sealed-token/vector.v1.json

@@ -2,40 +2,53 @@
   "version": 1,
   "secretKey": "sk_live_fixture_secret",
   "secretHash": "c173e2c1467e446744e3b6aba8fc07e639008fdf3c4b82e32dceef9b41217dc3",
-  "token": "Ae06cX3X+GJm5kIEpWCttcHCIVI9o3Y0HWX/clGdryb0XO2K0eIIsEkh3bdtCTKJMfykSJGkECwhajrvmYFjPSPMbs7gSfUeUnKYHX/4hV1SZNkGby8hHvrhPGiXuxOeqwBfTokfhpJrUIMVLhH3DArgNBi9su6VFrdYNoSf9ca8ttWY/mq2fDvQdHoNg8Kg8VNnCTEALVcOOf4TwtLqbp59GRto59rDPQpFtWFtGcCDNCvGsMoBqqdm3gcEsD38nGIiWhasFlr9/1h26qJhDl7Jy4ZYIjhSxLQRv8O/Xj+YBbQvM5NkhgqfrvTVdzQkpuvM3HZawOXw9PP5MowhzLLKWEEPwgJnWbLXqxVmB1IXU6yovT9jNPiYW9bNlAb0QzhNVHfJWsy247VGMVSXEO7FKu3L3JVhuU7HzoV+DNjQXjp3KzwNw7AbzGTEqJGrEgc8WgkbDSpWl86X+jJv6igFf308BT49QcP7GlpklYM+c9olYThBy1+L8Mw=",
+  "token": "AQyvpqAj2Es6mvd4vsMZGi4SpmWM/C8VAuASfl/6rQR6kAg2dFEXuWcfLojx8obJCYopv8H+v/b/FPn/+q80KRIFA5+cdsIPmjrHY0Z/rcrB2VIBrm1g0+wMkQnTEJb3VbtlobShig+pa4UQhMohhse30n1bzrGbH+8qVbwKbczz/UowIY+uQ7OI8iBWE3ev+wp9u0kvFDMyJMpgRJHuLSvm3oVBgO+MBmvSTyIrVI5o8f2gKtHuFu0whSgMkvaD9iYmWb6OgHvQdcI8QjkNRMniree81af/sw6p175ntU2lwFCsS+P4hHdUKl4doDJjpZiUnRCGeHrmPtxC02M1oNMfpAGH7y130EsNxl8KVuIyAf5wSr546n0rAOUNtwQtUe6CFg7DdyYgdHJMgUmreGARMQJbHf66ykNLV307UpbfM4IzU7kWD7ampH34HLBLoRBgZhkRfhy5LNsKUEBzVxEEGPJwcJxOOhpqlQEblAdaWduSvbOtPOm8kcNNJTitdjejZOctBtMb/X1QjjdHOxURf9XaXlS3v8y2+vJwPjEa/F+oUj5V/z6tLqm029VHU/snUzhdEs7MQ+Y8ACMQTyWhHLcwBGpo3IWVTv/xl4pz7c0PVKQ=",
   "payload": {
-    "eventId": "evt_fixture",
-    "sessionId": "sid_fixture",
-    "verdict": "human",
-    "score": 7,
-    "manipulationScore": 0,
-    "manipulationVerdict": "none",
-    "evaluationDuration": 123,
-    "scoredAt": 1711310400000,
-    "metadata": {
-      "userAgent": "Mozilla/5.0",
+    "object": "session_verification",
+    "session_id": "sid_0123456789abcdefghjkmnpqrs",
+    "decision": {
+      "event_id": "evt_0123456789abcdefghjkmnpqrs",
+      "verdict": "human",
+      "risk_score": 7,
+      "phase": "behavioral",
+      "is_provisional": false,
+      "manipulation": {
+        "score": 0,
+        "verdict": "none"
+      },
+      "evaluation_duration_ms": 123,
+      "evaluated_at": "2026-03-24T20:00:00.000Z"
+    },
+    "request": {
+      "user_agent": "Mozilla/5.0",
       "url": "https://example.com/signup",
-      "screenSize": "1440x900",
-      "touchDevice": false,
-      "clientIp": "203.0.113.9"
+      "screen_size": "1440x900",
+      "is_touch_capable": false,
+      "ip_address": "203.0.113.9"
+    },
+    "visitor_fingerprint": {
+      "object": "visitor_fingerprint",
+      "id": "vid_0123456789abcdefghjkmnpqrs",
+      "confidence": 94,
+      "identified_at": "2026-03-24T19:59:59.000Z"
     },
     "signals": [
       {
         "id": "E6",
         "category": "environment",
-        "confidence": "low",
+        "confidence": "strong",
         "score": 20
       }
     ],
-    "categoryScores": {
-      "behavioral": 9,
-      "environment": 20
+    "score_breakdown": {
+      "categories": {
+        "behavioral": 9,
+        "environment": 20
+      }
+    },
+    "attribution": {
+      "bot": null
     },
-    "botAttribution": null,
-    "visitorId": "vis_fixture",
-    "visitorIdConfidence": 94,
-    "embedContext": null,
-    "phase": "behavioral",
-    "provisional": false
+    "embed": null
   }
 }