@aithos/sdk 0.1.0-alpha.3 → 0.1.0-alpha.5

package/dist/test/signer.test.js

@@ -0,0 +1,117 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2026 Mathieu Colla
+// Unit tests for the internal Signer abstraction.
+import { strict as assert } from "node:assert";
+import { describe, it } from "node:test";
+import { createBrowserIdentity, verify as ed25519Verify, } from "@aithos/protocol-client";
+import { RawSeedSigner } from "../src/internal/signer.js";
+import { OwnerSigners } from "../src/internal/owner-signers.js";
+/* -------------------------------------------------------------------------- */
+/*  RawSeedSigner                                                             */
+/* -------------------------------------------------------------------------- */
+describe("RawSeedSigner", () => {
+    it("signs a message that verifies under its public key", async () => {
+        const id = createBrowserIdentity("alice", "Alice");
+        const signer = new RawSeedSigner(id.public.seed, id.public.publicKey);
+        const msg = new TextEncoder().encode("hello aithos");
+        const sig = await signer.sign(msg);
+        assert.equal(sig.length, 64, "Ed25519 signatures are 64 bytes");
+        assert.ok(ed25519Verify(sig, msg, signer.publicKey), "signature should verify under the signer's public key");
+    });
+    it("defensively copies the seed — mutating the input has no effect", async () => {
+        const id = createBrowserIdentity("alice", "Alice");
+        const seedCopy = new Uint8Array(id.public.seed);
+        const signer = new RawSeedSigner(id.public.seed, id.public.publicKey);
+        // Tamper with the original seed buffer the caller passed in.
+        id.public.seed.fill(0xff);
+        const msg = new TextEncoder().encode("hello");
+        const sig = await signer.sign(msg);
+        // Recompute with the pristine seed → must match.
+        const expected = await new RawSeedSigner(seedCopy, id.public.publicKey).sign(msg);
+        assert.deepEqual(sig, expected, "signer must use its own copy of the seed");
+    });
+    it("destroy zeroizes and blocks further use", async () => {
+        const id = createBrowserIdentity("alice", "Alice");
+        const signer = new RawSeedSigner(id.public.seed, id.public.publicKey);
+        signer.destroy();
+        await assert.rejects(() => signer.sign(new Uint8Array(1)), /destroyed/, "sign() must reject after destroy()");
+        assert.throws(() => signer._unsafeKeyPair(), /destroyed/);
+        // Idempotent — second destroy() is a no-op.
+        assert.doesNotThrow(() => signer.destroy());
+    });
+    it("rejects malformed seed/public-key sizes", () => {
+        const id = createBrowserIdentity("alice", "Alice");
+        assert.throws(() => new RawSeedSigner(new Uint8Array(31), id.public.publicKey), /seed must be 32 bytes/);
+        assert.throws(() => new RawSeedSigner(id.public.seed, new Uint8Array(33)), /publicKey must be 32 bytes/);
+    });
+    it("_unsafeKeyPair returns a KeyPair compatible with protocol-client", async () => {
+        const id = createBrowserIdentity("alice", "Alice");
+        const signer = new RawSeedSigner(id.public.seed, id.public.publicKey);
+        const kp = signer._unsafeKeyPair();
+        assert.equal(kp.seed.length, 32);
+        assert.equal(kp.publicKey.length, 32);
+        assert.deepEqual(kp.publicKey, signer.publicKey);
+    });
+});
+/* -------------------------------------------------------------------------- */
+/*  OwnerSigners                                                              */
+/* -------------------------------------------------------------------------- */
+describe("OwnerSigners", () => {
+    it("fromBrowserIdentity yields four working signers", async () => {
+        const id = createBrowserIdentity("alice", "Alice");
+        const signers = OwnerSigners.fromBrowserIdentity(id);
+        assert.equal(signers.did, id.did);
+        assert.equal(signers.handle, id.handle);
+        assert.equal(signers.displayName, id.displayName);
+        for (const sphere of ["root", "public", "circle", "self"]) {
+            const sig = await signers[sphere].sign(new TextEncoder().encode(sphere));
+            assert.equal(sig.length, 64, `${sphere}: sig length`);
+            assert.ok(ed25519Verify(sig, new TextEncoder().encode(sphere), signers[sphere].publicKey), `${sphere}: signature must verify`);
+        }
+    });
+    it("signerForSphere maps strings to the right signer", () => {
+        const id = createBrowserIdentity("alice", "Alice");
+        const signers = OwnerSigners.fromBrowserIdentity(id);
+        assert.strictEqual(signers.signerForSphere("root"), signers.root);
+        assert.strictEqual(signers.signerForSphere("public"), signers.public);
+        assert.strictEqual(signers.signerForSphere("circle"), signers.circle);
+        assert.strictEqual(signers.signerForSphere("self"), signers.self);
+    });
+    it("destroy zeroizes all signers", async () => {
+        const id = createBrowserIdentity("alice", "Alice");
+        const signers = OwnerSigners.fromBrowserIdentity(id);
+        signers.destroy();
+        assert.equal(signers.destroyed, true);
+        await assert.rejects(() => signers.public.sign(new Uint8Array(1)), /destroyed/);
+        // Idempotent.
+        assert.doesNotThrow(() => signers.destroy());
+    });
+    it("fromStoredIdentity round-trips through hex", async () => {
+        const id = createBrowserIdentity("alice", "Alice");
+        const stored = {
+            version: "0.1.0",
+            handle: id.handle,
+            displayName: id.displayName,
+            did: id.did,
+            seeds: {
+                root: bytesToHex(id.root.seed),
+                public: bytesToHex(id.public.seed),
+                circle: bytesToHex(id.circle.seed),
+                self: bytesToHex(id.self.seed),
+            },
+            savedAt: new Date().toISOString(),
+        };
+        const signers = OwnerSigners.fromStoredIdentity(stored);
+        const sig = await signers.public.sign(new TextEncoder().encode("test"));
+        assert.ok(ed25519Verify(sig, new TextEncoder().encode("test"), signers.public.publicKey));
+        // The pubkey must match what we'd derive from the original BrowserIdentity.
+        assert.deepEqual(signers.public.publicKey, id.public.publicKey);
+    });
+});
+function bytesToHex(b) {
+    let out = "";
+    for (let i = 0; i < b.length; i++)
+        out += b[i].toString(16).padStart(2, "0");
+    return out;
+}
+//# sourceMappingURL=signer.test.js.map

package/dist/test/wallet.test.js

@@ -4,12 +4,23 @@
 import { strict as assert } from "node:assert";
 import { describe, it } from "node:test";
 import { createBrowserIdentity } from "@aithos/protocol-client";
-import { AithosSDK, AithosSDKError } from "../src/index.js";
+import { AithosAuth, AithosSDK, AithosSDKError, memoryKeyStore, noopStore, } from "../src/index.js";
+import { serializeRecoveryFile } from "../src/internal/recovery-file.js";
 const APP_DID = "did:aithos:app:test";
-function makeSdk(fetchImpl) {
-    const identity = createBrowserIdentity("test-handle", "Test User");
+async function makeSdk(fetchImpl) {
+    const id = createBrowserIdentity("test-handle", "Test User");
+    const auth = new AithosAuth({
+        authBaseUrl: "https://auth.test",
+        fetch: (() => {
+            throw new Error("auth not used in wallet tests");
+        }),
+        sessionStore: noopStore(),
+        keyStore: memoryKeyStore(),
+    });
+    const { text } = serializeRecoveryFile(id);
+    await auth.signInWithRecovery({ file: text });
     return new AithosSDK({
-        identity,
+        auth,
         appDid: APP_DID,
         endpoints: { wallet: "https://wallet.example.test" },
         fetch: fetchImpl,
@@ -27,7 +38,7 @@ describe("wallet.createTopupSession — happy path", () => {
                 session_id: "cs_test_xyz",
             }), { status: 200, headers: { "content-type": "application/json" } });
         };
-        const sdk = makeSdk(fakeFetch);
+        const sdk = await makeSdk(fakeFetch);
         const out = await sdk.wallet.createTopupSession({
             packId: "credits-1m",
             successUrl: "https://app.example.com/?topup=success",
@@ -47,7 +58,7 @@ describe("wallet.createTopupSession — errors", () => {
         const fakeFetch = async () => {
             throw new TypeError("Failed to fetch");
         };
-        const sdk = makeSdk(fakeFetch);
+        const sdk = await makeSdk(fakeFetch);
         await assert.rejects(sdk.wallet.createTopupSession({
             packId: "credits-100k",
             successUrl: "https://app.example.com/?ok",
@@ -60,7 +71,7 @@ describe("wallet.createTopupSession — errors", () => {
     });
     it("surfaces the proxy's structured error (error/detail) on a 4xx", async () => {
         const fakeFetch = async () => new Response(JSON.stringify({ error: "unknown_pack", pack_id: "credits-9999" }), { status: 400, headers: { "content-type": "application/json" } });
-        const sdk = makeSdk(fakeFetch);
+        const sdk = await makeSdk(fakeFetch);
         await assert.rejects(sdk.wallet.createTopupSession({
             // @ts-expect-error: deliberately invalid pack id
             packId: "credits-9999",
@@ -78,7 +89,7 @@ describe("wallet.createTopupSession — errors", () => {
             status: 500,
             headers: { "content-type": "text/html" },
         });
-        const sdk = makeSdk(fakeFetch);
+        const sdk = await makeSdk(fakeFetch);
         await assert.rejects(sdk.wallet.createTopupSession({
             packId: "credits-100k",
             successUrl: "https://app.example.com/?ok",
@@ -95,7 +106,7 @@ describe("wallet.createTopupSession — errors", () => {
             status: 200,
             headers: { "content-type": "application/json" },
         });
-        const sdk = makeSdk(fakeFetch);
+        const sdk = await makeSdk(fakeFetch);
         await assert.rejects(sdk.wallet.createTopupSession({
             packId: "credits-100k",
             successUrl: "https://app.example.com/?ok",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aithos/sdk",
-  "version": "0.1.0-alpha.3",
+  "version": "0.1.0-alpha.5",
   "description": "Aithos SDK — high-level TypeScript developer kit for building agentic apps on the Aithos protocol. Wraps @aithos/protocol-client and exposes the Aithos compute proxy and wallet (Stripe top-up) endpoints.",
   "keywords": [
     "aithos",
@@ -52,11 +52,12 @@
     "node": ">=20"
   },
   "peerDependencies": {
-    "@aithos/protocol-client": ">=0.1.0-alpha.7 <0.2.0"
+    "@aithos/protocol-client": ">=0.1.0-alpha.11 <0.2.0"
   },
   "devDependencies": {
-    "@aithos/protocol-client": "^0.1.0-alpha.7",
+    "@aithos/protocol-client": "^0.1.0-alpha.11",
     "@types/node": "^24.12.2",
+    "fake-indexeddb": "^6.2.5",
     "typescript": "^5.9.2"
   },
   "publishConfig": {