@aithos/sdk 0.1.0-alpha.2 → 0.1.0-alpha.20

package/dist/test/auth.test.js

@@ -0,0 +1,175 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2026 Mathieu Colla
+// Unit tests for AithosAuth — Sign in with Google flow.
+import { strict as assert } from "node:assert";
+import { describe, it } from "node:test";
+import { AithosAuth, AithosSDKError } from "../src/index.js";
+/** Tiny window-shim that records calls instead of actually navigating. */
+function makeFakeWindow(initialHref) {
+    let href = initialHref;
+    let assigned = null;
+    let replacedHref = null;
+    const win = {
+        location: {
+            get href() {
+                return href;
+            },
+            assign(target) {
+                assigned = target;
+            },
+        },
+        history: {
+            replaceState(_state, _title, url) {
+                replacedHref = url;
+                href = url;
+            },
+        },
+    };
+    return {
+        win: win,
+        get assigned() {
+            return assigned;
+        },
+        get replacedHref() {
+            return replacedHref;
+        },
+    };
+}
+function fakeSession(overrides = {}) {
+    return {
+        session: "jwt-token-here",
+        exp: Math.floor(Date.now() / 1000) + 3600,
+        did: "did:aithos:zABC123",
+        handle: "alice-x9y2",
+        blob_b64: "",
+        blob_nonce_b64: "",
+        blob_version: 0,
+        enc_key_b64: "MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=",
+        is_first_login: true,
+        ...overrides,
+    };
+}
+/* -------------------------------------------------------------------------- */
+/*  signInWithGoogle                                                          */
+/* -------------------------------------------------------------------------- */
+describe("AithosAuth.signInWithGoogle", () => {
+    it("navigates to /auth/sso/google/start with no params by default", () => {
+        const w = makeFakeWindow("https://app.aithos.be/login");
+        const auth = new AithosAuth({
+            authBaseUrl: "https://auth.example.test",
+            window: w.win,
+        });
+        assert.throws(() => auth.signInWithGoogle(), AithosSDKError);
+        assert.equal(w.assigned, "https://auth.example.test/auth/sso/google/start");
+    });
+    it("forwards appState as the app_state query param", () => {
+        const w = makeFakeWindow("https://app.aithos.be/login");
+        const auth = new AithosAuth({
+            authBaseUrl: "https://auth.example.test",
+            window: w.win,
+        });
+        assert.throws(() => auth.signInWithGoogle({ appState: "/dashboard" }), AithosSDKError);
+        const url = new URL(w.assigned);
+        assert.equal(url.searchParams.get("app_state"), "/dashboard");
+    });
+    it("rejects appState longer than 1024 chars without navigating", () => {
+        const w = makeFakeWindow("https://app.aithos.be/login");
+        const auth = new AithosAuth({
+            authBaseUrl: "https://auth.example.test",
+            window: w.win,
+        });
+        const tooLong = "x".repeat(1025);
+        assert.throws(() => auth.signInWithGoogle({ appState: tooLong }), (e) => e instanceof AithosSDKError && e.code === "auth_app_state_too_long");
+        assert.equal(w.assigned, null, "must not have navigated");
+    });
+    it("trims a trailing slash from authBaseUrl", () => {
+        const w = makeFakeWindow("https://app.aithos.be/");
+        const auth = new AithosAuth({
+            authBaseUrl: "https://auth.example.test/",
+            window: w.win,
+        });
+        assert.throws(() => auth.signInWithGoogle(), AithosSDKError);
+        assert.equal(w.assigned, "https://auth.example.test/auth/sso/google/start");
+    });
+});
+/* -------------------------------------------------------------------------- */
+/*  handleCallback                                                            */
+/* -------------------------------------------------------------------------- */
+describe("AithosAuth.handleCallback", () => {
+    it("returns null when the URL has no aithos_code", async () => {
+        const w = makeFakeWindow("https://app.aithos.be/auth/callback");
+        const auth = new AithosAuth({ window: w.win, fetch: undefinedFetch() });
+        const session = await auth.handleCallback();
+        assert.equal(session, null);
+    });
+    it("exchanges the code, returns the session, and strips query params", async () => {
+        const w = makeFakeWindow("https://app.aithos.be/auth/callback?aithos_code=abc123XYZ_-456&app_state=/dashboard");
+        const session = fakeSession({ is_first_login: true });
+        let capturedBody;
+        const fakeFetch = async (input, init) => {
+            assert.equal(typeof input === "string" ? input : input.toString(), "https://auth.example.test/auth/sso/exchange");
+            capturedBody = JSON.parse(init?.body);
+            return new Response(JSON.stringify(session), {
+                status: 200,
+                headers: { "content-type": "application/json" },
+            });
+        };
+        const auth = new AithosAuth({
+            authBaseUrl: "https://auth.example.test",
+            window: w.win,
+            fetch: fakeFetch,
+        });
+        const out = await auth.handleCallback();
+        assert.deepEqual(out, session);
+        assert.equal(capturedBody?.aithos_code, "abc123XYZ_-456");
+        assert.equal(w.replacedHref, "https://app.aithos.be/auth/callback", "callback params must be stripped from the URL");
+    });
+    it("throws AithosSDKError with the backend code on aithos_error", async () => {
+        const w = makeFakeWindow("https://app.aithos.be/auth/callback?aithos_error=google_id_token&app_state=/dashboard");
+        const auth = new AithosAuth({
+            authBaseUrl: "https://auth.example.test",
+            window: w.win,
+            fetch: undefinedFetch(),
+        });
+        await assert.rejects(auth.handleCallback(), (e) => e instanceof AithosSDKError && e.code === "auth_google_id_token");
+        // URL is cleaned even on error so a refresh doesn't loop the message.
+        assert.equal(w.replacedHref, "https://app.aithos.be/auth/callback");
+    });
+    it("wraps a 410 'code_consumed' as AithosSDKError(code='auth_code_consumed')", async () => {
+        const w = makeFakeWindow("https://app.aithos.be/auth/callback?aithos_code=abc123XYZ_-456");
+        const fakeFetch = async () => new Response(JSON.stringify({ error: "aithos_code expired or already used", code: "code_consumed" }), { status: 410, headers: { "content-type": "application/json" } });
+        const auth = new AithosAuth({
+            authBaseUrl: "https://auth.example.test",
+            window: w.win,
+            fetch: fakeFetch,
+        });
+        await assert.rejects(auth.handleCallback(), (e) => e instanceof AithosSDKError &&
+            e.code === "auth_code_consumed" &&
+            e.status === 410);
+    });
+    it("returns null in non-browser environments (no window)", async () => {
+        // No `window` injected and `globalThis.window` is undefined under Node test.
+        const auth = new AithosAuth({ window: undefined, fetch: undefinedFetch() });
+        const session = await auth.handleCallback();
+        assert.equal(session, null);
+    });
+});
+/* -------------------------------------------------------------------------- */
+/*  signOut                                                                   */
+/* -------------------------------------------------------------------------- */
+describe("AithosAuth.signOut", () => {
+    it("resolves immediately (sessions are stateless)", async () => {
+        const auth = new AithosAuth({ window: undefined, fetch: undefinedFetch() });
+        await auth.signOut();
+    });
+});
+/* -------------------------------------------------------------------------- */
+/*  Helpers                                                                   */
+/* -------------------------------------------------------------------------- */
+/** A fetch that fails the test if invoked — for code paths that mustn't fetch. */
+function undefinedFetch() {
+    return async () => {
+        throw new Error("fetch should not have been called");
+    };
+}
+//# sourceMappingURL=auth.test.js.map

package/dist/test/compute-delegate-path.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=compute-delegate-path.test.d.ts.map

package/dist/test/compute-delegate-path.test.js

@@ -0,0 +1,183 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2026 Mathieu Colla
+// Tests for the delegate signing path on sdk.compute.invokeBedrock.
+// Until alpha.9 the method ALWAYS required an owner — a session that
+// only held a mandate (no owner signers) failed with sdk_no_owner
+// before any network call. From alpha.9 onward, when no owner is
+// loaded but a delegate matches the requested mandate id, the SDK
+// signs the envelope with the delegate's keypair and attaches the
+// SignedMandate.
+import { strict as assert } from "node:assert";
+import { afterEach, beforeEach, describe, it } from "node:test";
+import { createBrowserIdentity } from "@aithos/protocol-client";
+import { AithosAuth, AithosSDKError, ComputeNamespace, memoryKeyStore, noopStore, } from "../src/index.js";
+import { DEFAULT_SDK_ENDPOINTS } from "../src/endpoints.js";
+/* -------------------------------------------------------------------------- */
+/*  Test plumbing                                                             */
+/* -------------------------------------------------------------------------- */
+let savedFetch;
+let lastRequestBody = null;
+function installFetchMock(response) {
+    savedFetch = globalThis.fetch;
+    lastRequestBody = null;
+    globalThis.fetch = (async (_input, init) => {
+        lastRequestBody = JSON.parse(init?.body);
+        return new Response(JSON.stringify(response.json), {
+            status: response.status ?? 200,
+            headers: { "content-type": "application/json" },
+        });
+    });
+}
+function uninstallFetchMock() {
+    if (savedFetch)
+        globalThis.fetch = savedFetch;
+    savedFetch = undefined;
+    lastRequestBody = null;
+}
+const okResponse = {
+    json: {
+        jsonrpc: "2.0",
+        id: "x",
+        result: {
+            content: "ok",
+            stopReason: "end_turn",
+            usage: { inputTokens: 1, outputTokens: 1 },
+            creditsCharged: 1,
+            walletBalance: 999,
+            auditId: "audit-test",
+        },
+    },
+};
+function freshAuth() {
+    return new AithosAuth({
+        sessionStore: noopStore(),
+        keyStore: memoryKeyStore(),
+    });
+}
+function freshCompute(auth) {
+    return new ComputeNamespace({
+        auth,
+        appDid: "did:aithos:app:example-placeholder",
+        endpoints: DEFAULT_SDK_ENDPOINTS,
+        fetch: globalThis.fetch.bind(globalThis),
+    });
+}
+/**
+ * Build a delegate bundle JSON that matches the wire shape importMandate
+ * accepts. Uses a real SignedMandate-like object minted from a fresh
+ * issuer so signature verification on import succeeds.
+ */
+function makeDelegateBundleText(args) {
+    const issuer = createBrowserIdentity("alice", "Alice");
+    return JSON.stringify({
+        aithos_delegate_version: "0.1.0",
+        mandate: {
+            "aithos-mandate": "0.4.0",
+            id: args.mandateId,
+            issuer: issuer.did,
+            issued_by_key: `${issuer.did}#self`,
+            grantee: {
+                id: args.granteeId ?? "urn:aithos:agent:test",
+                pubkey: "z6MkqGenericPubKey",
+            },
+            actor_sphere: "self",
+            scopes: args.scopes,
+            not_before: "2026-05-10T00:00:00Z",
+            not_after: "2026-05-11T00:00:00Z",
+            issued_at: "2026-05-10T00:00:00Z",
+            nonce: "abc",
+            signature: { alg: "ed25519", key: `${issuer.did}#self`, value: "..." },
+        },
+        delegate_seed_hex: "11".repeat(32),
+    });
+}
+/* -------------------------------------------------------------------------- */
+/*  Tests                                                                     */
+/* -------------------------------------------------------------------------- */
+describe("ComputeNamespace.invokeBedrock — delegate path", () => {
+    beforeEach(() => {
+        installFetchMock(okResponse);
+    });
+    afterEach(() => {
+        uninstallFetchMock();
+    });
+    it("rejects with sdk_no_delegate_for_mandate when delegate-only and mandateId doesn't match", async () => {
+        const auth = freshAuth();
+        const compute = freshCompute(auth);
+        // Import a delegate with a DIFFERENT mandate id than the one the call
+        // requests. Should error with the new code (NOT sdk_no_owner anymore).
+        await auth.importMandate({
+            bundle: makeDelegateBundleText({
+                mandateId: "mandate:held",
+                scopes: ["compute.invoke"],
+            }),
+        });
+        await assert.rejects(() => compute.invokeBedrock({
+            mandateId: "mandate:other-not-held",
+            model: "claude-haiku-4-5",
+            messages: [{ role: "user", content: "Hi" }],
+            maxTokens: 1,
+        }), (e) => e instanceof AithosSDKError &&
+            e.code === "sdk_no_delegate_for_mandate");
+    });
+    it("signs with the delegate keypair + attaches the mandate when delegate-only matches", async () => {
+        const auth = freshAuth();
+        const compute = freshCompute(auth);
+        const mandateId = "mandate:matching";
+        await auth.importMandate({
+            bundle: makeDelegateBundleText({
+                mandateId,
+                scopes: ["compute.invoke"],
+            }),
+        });
+        await compute.invokeBedrock({
+            mandateId,
+            model: "claude-haiku-4-5",
+            messages: [{ role: "user", content: "Hi" }],
+            maxTokens: 1,
+        });
+        const env = lastRequestBody?.params?._envelope;
+        assert.ok(env, "envelope must be present");
+        // verificationMethod must be the delegate's bare multibase pubkey
+        // (NOT a `#sphere` DID URL). And the SignedMandate must be inside.
+        assert.match(env.proof.verificationMethod, /^z[1-9A-HJ-NP-Za-km-z]+$/, `expected multibase pubkey, got ${env.proof.verificationMethod}`);
+        assert.ok(env.mandate, "delegate envelopes must attach the SignedMandate");
+        assert.equal(env.mandate.id, mandateId);
+    });
+    it("still works the owner path when an owner is signed in", async () => {
+        const auth = freshAuth();
+        const compute = freshCompute(auth);
+        // Owner sign-in via recovery — picks up four sphere keys from the
+        // recovery file format. Build one inline.
+        const issuer = createBrowserIdentity("owner", "Owner");
+        const seedHex = (b) => Array.from(b).map((x) => x.toString(16).padStart(2, "0")).join("");
+        const recoveryText = JSON.stringify({
+            aithos_recovery_version: "0.1.0-plaintext",
+            handle: issuer.handle,
+            display_name: issuer.displayName,
+            did: issuer.did,
+            created_at: new Date().toISOString(),
+            seeds_hex: {
+                root: seedHex(issuer.root.seed),
+                public: seedHex(issuer.public.seed),
+                circle: seedHex(issuer.circle.seed),
+                self: seedHex(issuer.self.seed),
+            },
+        });
+        await auth.signInWithRecovery({ file: recoveryText });
+        await compute.invokeBedrock({
+            mandateId: "mandate:owner-managed",
+            model: "claude-haiku-4-5",
+            messages: [{ role: "user", content: "Hi" }],
+            maxTokens: 1,
+        });
+        const env = lastRequestBody?.params?._envelope;
+        assert.ok(env, "envelope must be present");
+        // Owner path: verificationMethod is a `#public` DID URL, and the
+        // envelope MUST NOT carry a mandate (server resolves from
+        // params.mandate_id).
+        assert.match(env.proof.verificationMethod, /#public$/);
+        assert.equal(env.mandate, undefined, "owner-signed envelopes should not attach a mandate");
+    });
+});
+//# sourceMappingURL=compute-delegate-path.test.js.map

package/dist/test/compute.test.js

@@ -9,12 +9,23 @@
 import { strict as assert } from "node:assert";
 import { describe, it } from "node:test";
 import { createBrowserIdentity } from "@aithos/protocol-client";
-import { AithosSDK, AithosSDKError } from "../src/index.js";
+import { AithosAuth, AithosSDK, AithosSDKError, memoryKeyStore, noopStore, } from "../src/index.js";
+import { serializeRecoveryFile } from "../src/internal/recovery-file.js";
 const APP_DID = "did:aithos:app:test";
-function makeSdk(fetchImpl) {
-    const identity = createBrowserIdentity("test-handle", "Test User");
+async function makeSdk(fetchImpl) {
+    const id = createBrowserIdentity("test-handle", "Test User");
+    const auth = new AithosAuth({
+        authBaseUrl: "https://auth.test",
+        fetch: (() => {
+            throw new Error("auth not used in compute tests");
+        }),
+        sessionStore: noopStore(),
+        keyStore: memoryKeyStore(),
+    });
+    const { text } = serializeRecoveryFile(id);
+    await auth.signInWithRecovery({ file: text });
     return new AithosSDK({
-        identity,
+        auth,
         appDid: APP_DID,
         endpoints: { compute: "https://compute.example.test" },
         fetch: fetchImpl,
@@ -40,7 +51,7 @@ describe("compute.invokeBedrock — happy path", () => {
                 headers: { "content-type": "application/json" },
             });
         };
-        const sdk = makeSdk(fakeFetch);
+        const sdk = await makeSdk(fakeFetch);
         const out = await sdk.compute.invokeBedrock({
             mandateId: "mandate:abc",
             model: "claude-sonnet-4-6",
@@ -71,7 +82,7 @@ describe("compute.invokeBedrock — happy path", () => {
                 headers: { "content-type": "application/json" },
             });
         };
-        const sdk = makeSdk(fakeFetch);
+        const sdk = await makeSdk(fakeFetch);
         await sdk.compute.invokeBedrock({
             mandateId: "mandate:abc",
             model: "claude-sonnet-4-6",
@@ -92,7 +103,7 @@ describe("compute.invokeBedrock — errors", () => {
         const fakeFetch = async () => {
             throw new Error("fetch failed: ECONNREFUSED");
         };
-        const sdk = makeSdk(fakeFetch);
+        const sdk = await makeSdk(fakeFetch);
         await assert.rejects(sdk.compute.invokeBedrock({
             mandateId: "mandate:abc",
             model: "claude-sonnet-4-6",
@@ -106,7 +117,7 @@ describe("compute.invokeBedrock — errors", () => {
     });
     it("wraps an HTTP non-2xx as AithosSDKError(code='http')", async () => {
         const fakeFetch = async () => new Response("nope", { status: 503, statusText: "Service Unavailable" });
-        const sdk = makeSdk(fakeFetch);
+        const sdk = await makeSdk(fakeFetch);
         await assert.rejects(sdk.compute.invokeBedrock({
             mandateId: "mandate:abc",
             model: "claude-sonnet-4-6",
@@ -126,7 +137,7 @@ describe("compute.invokeBedrock — errors", () => {
                 data: { balance: 0, required: 1 },
             },
         }), { status: 200, headers: { "content-type": "application/json" } });
-        const sdk = makeSdk(fakeFetch);
+        const sdk = await makeSdk(fakeFetch);
         await assert.rejects(sdk.compute.invokeBedrock({
             mandateId: "mandate:abc",
             model: "claude-sonnet-4-6",
@@ -143,7 +154,7 @@ describe("compute.invokeBedrock — errors", () => {
             status: 200,
             headers: { "content-type": "application/json" },
         });
-        const sdk = makeSdk(fakeFetch);
+        const sdk = await makeSdk(fakeFetch);
         await assert.rejects(sdk.compute.invokeBedrock({
             mandateId: "mandate:abc",
             model: "claude-sonnet-4-6",
@@ -165,7 +176,7 @@ describe("compute.invokeBedrock — abort", () => {
                 headers: { "content-type": "application/json" },
             });
         };
-        const sdk = makeSdk(fakeFetch);
+        const sdk = await makeSdk(fakeFetch);
         const ac = new AbortController();
         await sdk.compute.invokeBedrock({
             mandateId: "mandate:abc",
@@ -176,4 +187,166 @@ describe("compute.invokeBedrock — abort", () => {
         assert.equal(receivedSignal, ac.signal);
     });
 });
+/* -------------------------------------------------------------------------- */
+/*  invokeUrlFetch                                                            */
+/* -------------------------------------------------------------------------- */
+const URL_FETCH_HAPPY_RESULT = {
+    content: "Tata.com propose un service Y avec une couleur primaire bleu (#1E40AF).",
+    citations: [
+        {
+            url: "https://tata.com",
+            citedText: "Notre service révolutionne...",
+            documentTitle: "Tata — Home",
+            startCharIndex: 0,
+            endCharIndex: 28,
+        },
+    ],
+    urlsFetched: [
+        {
+            url: "https://tata.com",
+            retrievedAt: "2026-05-12T10:00:00Z",
+            title: "Tata — Home",
+        },
+    ],
+    stopReason: "end_turn",
+    usage: { inputTokens: 28_500, outputTokens: 420, webFetchInvocations: 1 },
+    creditsCharged: 35,
+    walletBalance: 99_965,
+    auditId: "audit-url-1",
+};
+describe("compute.invokeUrlFetch — happy path", () => {
+    it("posts to ${compute}/v1/invoke with method=aithos.compute_invoke_url_fetch", async () => {
+        let capturedUrl;
+        let capturedInit;
+        const fakeFetch = async (input, init) => {
+            capturedUrl = typeof input === "string" ? input : input.toString();
+            capturedInit = init;
+            return new Response(JSON.stringify({ result: URL_FETCH_HAPPY_RESULT }), {
+                status: 200,
+                headers: { "content-type": "application/json" },
+            });
+        };
+        const sdk = await makeSdk(fakeFetch);
+        const out = await sdk.compute.invokeUrlFetch({
+            mandateId: "mandate:abc",
+            prompt: "Voici l'URL https://tata.com — résume.",
+        });
+        assert.deepEqual(out, URL_FETCH_HAPPY_RESULT);
+        assert.equal(capturedUrl, "https://compute.example.test/v1/invoke");
+        const body = JSON.parse(capturedInit?.body);
+        assert.equal(body.jsonrpc, "2.0");
+        assert.equal(body.method, "aithos.compute_invoke_url_fetch");
+        assert.equal(body.params.app_did, APP_DID);
+        assert.equal(body.params.mandate_id, "mandate:abc");
+        // Default model is Haiku 4.5 (cheapest model that supports web_fetch).
+        assert.equal(body.params.model, "claude-haiku-4-5");
+        assert.equal(body.params.prompt, "Voici l'URL https://tata.com — résume.");
+        // Auto-generated idempotency key.
+        assert.match(body.params.idempotency_key, /^[0-9a-f]{32}$/);
+        // Envelope is present on the wire.
+        assert.ok(body.params._envelope, "request must carry a signed envelope");
+        // Optional params NOT forwarded when not provided.
+        assert.equal(body.params.system, undefined);
+        assert.equal(body.params.max_fetches, undefined);
+        assert.equal(body.params.max_content_tokens, undefined);
+        assert.equal(body.params.citations, undefined);
+        assert.equal(body.params.allowed_domains, undefined);
+        assert.equal(body.params.blocked_domains, undefined);
+    });
+    it("forwards all optional knobs: system / maxTokens / maxFetches / maxContentTokens / citations / allowedDomains / idempotencyKey / model", async () => {
+        let capturedBody;
+        const fakeFetch = async (_input, init) => {
+            capturedBody = JSON.parse(init?.body).params;
+            return new Response(JSON.stringify({ result: URL_FETCH_HAPPY_RESULT }), {
+                status: 200,
+                headers: { "content-type": "application/json" },
+            });
+        };
+        const sdk = await makeSdk(fakeFetch);
+        await sdk.compute.invokeUrlFetch({
+            mandateId: "mandate:abc",
+            model: "claude-sonnet-4-6",
+            prompt: "Analyse https://tata.com",
+            system: "You are a brand analyst.",
+            maxTokens: 1024,
+            temperature: 0.1,
+            maxFetches: 3,
+            maxContentTokens: 50_000,
+            citations: false,
+            allowedDomains: ["tata.com", "*.tata.com"],
+            idempotencyKey: "idem-url-1",
+        });
+        assert.equal(capturedBody?.model, "claude-sonnet-4-6");
+        assert.equal(capturedBody?.system, "You are a brand analyst.");
+        assert.equal(capturedBody?.max_tokens, 1024);
+        assert.equal(capturedBody?.temperature, 0.1);
+        assert.equal(capturedBody?.max_fetches, 3);
+        assert.equal(capturedBody?.max_content_tokens, 50_000);
+        assert.equal(capturedBody?.citations, false);
+        assert.deepEqual(capturedBody?.allowed_domains, ["tata.com", "*.tata.com"]);
+        assert.equal(capturedBody?.idempotency_key, "idem-url-1");
+        // Empty / undefined arrays must NOT bleed through as `[]` on the wire.
+        assert.equal(capturedBody?.blocked_domains, undefined);
+    });
+    it("omits empty allowedDomains / blockedDomains arrays from the wire payload", async () => {
+        let capturedBody;
+        const fakeFetch = async (_input, init) => {
+            capturedBody = JSON.parse(init?.body).params;
+            return new Response(JSON.stringify({ result: URL_FETCH_HAPPY_RESULT }), {
+                status: 200,
+                headers: { "content-type": "application/json" },
+            });
+        };
+        const sdk = await makeSdk(fakeFetch);
+        await sdk.compute.invokeUrlFetch({
+            mandateId: "mandate:abc",
+            prompt: "Analyse https://tata.com",
+            allowedDomains: [],
+            blockedDomains: [],
+        });
+        assert.equal(capturedBody?.allowed_domains, undefined);
+        assert.equal(capturedBody?.blocked_domains, undefined);
+    });
+});
+describe("compute.invokeUrlFetch — errors", () => {
+    it("wraps a JSON-RPC error from the proxy as AithosSDKError with the proxy code", async () => {
+        const fakeFetch = async () => new Response(JSON.stringify({
+            error: {
+                code: -32074,
+                message: "web_fetch failed: robots.txt disallows /api/* — fetch refused",
+                data: { detail: "robots_blocked" },
+            },
+        }), { status: 200, headers: { "content-type": "application/json" } });
+        const sdk = await makeSdk(fakeFetch);
+        await assert.rejects(sdk.compute.invokeUrlFetch({
+            mandateId: "mandate:abc",
+            prompt: "Analyse https://tata.com/api/secret",
+        }), (err) => {
+            assert.ok(err instanceof AithosSDKError);
+            assert.equal(err.code, "-32074");
+            assert.match(err.message, /robots\.txt/);
+            return true;
+        });
+    });
+});
+describe("compute.invokeUrlFetch — abort", () => {
+    it("propagates an AbortSignal to fetch", async () => {
+        let receivedSignal;
+        const fakeFetch = async (_input, init) => {
+            receivedSignal = init?.signal;
+            return new Response(JSON.stringify({ result: URL_FETCH_HAPPY_RESULT }), {
+                status: 200,
+                headers: { "content-type": "application/json" },
+            });
+        };
+        const sdk = await makeSdk(fakeFetch);
+        const ac = new AbortController();
+        await sdk.compute.invokeUrlFetch({
+            mandateId: "mandate:abc",
+            prompt: "Analyse https://tata.com",
+            signal: ac.signal,
+        });
+        assert.equal(receivedSignal, ac.signal);
+    });
+});
 //# sourceMappingURL=compute.test.js.map

package/dist/test/ethos-first-edition.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=ethos-first-edition.test.d.ts.map