@aithos/sdk 0.1.0-alpha.39 → 0.1.0-alpha.40

package/dist/test/compute-delegate-path.test.js

@@ -1,183 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0
-// Copyright 2026 Mathieu Colla
-// Tests for the delegate signing path on sdk.compute.invokeBedrock.
-// Until alpha.9 the method ALWAYS required an owner — a session that
-// only held a mandate (no owner signers) failed with sdk_no_owner
-// before any network call. From alpha.9 onward, when no owner is
-// loaded but a delegate matches the requested mandate id, the SDK
-// signs the envelope with the delegate's keypair and attaches the
-// SignedMandate.
-import { strict as assert } from "node:assert";
-import { afterEach, beforeEach, describe, it } from "node:test";
-import { createBrowserIdentity } from "@aithos/protocol-client";
-import { AithosAuth, AithosSDKError, ComputeNamespace, memoryKeyStore, noopStore, } from "../src/index.js";
-import { DEFAULT_SDK_ENDPOINTS } from "../src/endpoints.js";
-/* -------------------------------------------------------------------------- */
-/*  Test plumbing                                                             */
-/* -------------------------------------------------------------------------- */
-let savedFetch;
-let lastRequestBody = null;
-function installFetchMock(response) {
-    savedFetch = globalThis.fetch;
-    lastRequestBody = null;
-    globalThis.fetch = (async (_input, init) => {
-        lastRequestBody = JSON.parse(init?.body);
-        return new Response(JSON.stringify(response.json), {
-            status: response.status ?? 200,
-            headers: { "content-type": "application/json" },
-        });
-    });
-}
-function uninstallFetchMock() {
-    if (savedFetch)
-        globalThis.fetch = savedFetch;
-    savedFetch = undefined;
-    lastRequestBody = null;
-}
-const okResponse = {
-    json: {
-        jsonrpc: "2.0",
-        id: "x",
-        result: {
-            content: "ok",
-            stopReason: "end_turn",
-            usage: { inputTokens: 1, outputTokens: 1 },
-            creditsCharged: 1,
-            walletBalance: 999,
-            auditId: "audit-test",
-        },
-    },
-};
-function freshAuth() {
-    return new AithosAuth({
-        sessionStore: noopStore(),
-        keyStore: memoryKeyStore(),
-    });
-}
-function freshCompute(auth) {
-    return new ComputeNamespace({
-        auth,
-        appDid: "did:aithos:app:example-placeholder",
-        endpoints: DEFAULT_SDK_ENDPOINTS,
-        fetch: globalThis.fetch.bind(globalThis),
-    });
-}
-/**
- * Build a delegate bundle JSON that matches the wire shape importMandate
- * accepts. Uses a real SignedMandate-like object minted from a fresh
- * issuer so signature verification on import succeeds.
- */
-function makeDelegateBundleText(args) {
-    const issuer = createBrowserIdentity("alice", "Alice");
-    return JSON.stringify({
-        aithos_delegate_version: "0.1.0",
-        mandate: {
-            "aithos-mandate": "0.4.0",
-            id: args.mandateId,
-            issuer: issuer.did,
-            issued_by_key: `${issuer.did}#self`,
-            grantee: {
-                id: args.granteeId ?? "urn:aithos:agent:test",
-                pubkey: "z6MkqGenericPubKey",
-            },
-            actor_sphere: "self",
-            scopes: args.scopes,
-            not_before: "2026-05-10T00:00:00Z",
-            not_after: "2026-05-11T00:00:00Z",
-            issued_at: "2026-05-10T00:00:00Z",
-            nonce: "abc",
-            signature: { alg: "ed25519", key: `${issuer.did}#self`, value: "..." },
-        },
-        delegate_seed_hex: "11".repeat(32),
-    });
-}
-/* -------------------------------------------------------------------------- */
-/*  Tests                                                                     */
-/* -------------------------------------------------------------------------- */
-describe("ComputeNamespace.invokeBedrock — delegate path", () => {
-    beforeEach(() => {
-        installFetchMock(okResponse);
-    });
-    afterEach(() => {
-        uninstallFetchMock();
-    });
-    it("rejects with sdk_no_delegate_for_mandate when delegate-only and mandateId doesn't match", async () => {
-        const auth = freshAuth();
-        const compute = freshCompute(auth);
-        // Import a delegate with a DIFFERENT mandate id than the one the call
-        // requests. Should error with the new code (NOT sdk_no_owner anymore).
-        await auth.importMandate({
-            bundle: makeDelegateBundleText({
-                mandateId: "mandate:held",
-                scopes: ["compute.invoke"],
-            }),
-        });
-        await assert.rejects(() => compute.invokeBedrock({
-            mandateId: "mandate:other-not-held",
-            model: "claude-haiku-4-5",
-            messages: [{ role: "user", content: "Hi" }],
-            maxTokens: 1,
-        }), (e) => e instanceof AithosSDKError &&
-            e.code === "sdk_no_delegate_for_mandate");
-    });
-    it("signs with the delegate keypair + attaches the mandate when delegate-only matches", async () => {
-        const auth = freshAuth();
-        const compute = freshCompute(auth);
-        const mandateId = "mandate:matching";
-        await auth.importMandate({
-            bundle: makeDelegateBundleText({
-                mandateId,
-                scopes: ["compute.invoke"],
-            }),
-        });
-        await compute.invokeBedrock({
-            mandateId,
-            model: "claude-haiku-4-5",
-            messages: [{ role: "user", content: "Hi" }],
-            maxTokens: 1,
-        });
-        const env = lastRequestBody?.params?._envelope;
-        assert.ok(env, "envelope must be present");
-        // verificationMethod must be the delegate's bare multibase pubkey
-        // (NOT a `#sphere` DID URL). And the SignedMandate must be inside.
-        assert.match(env.proof.verificationMethod, /^z[1-9A-HJ-NP-Za-km-z]+$/, `expected multibase pubkey, got ${env.proof.verificationMethod}`);
-        assert.ok(env.mandate, "delegate envelopes must attach the SignedMandate");
-        assert.equal(env.mandate.id, mandateId);
-    });
-    it("still works the owner path when an owner is signed in", async () => {
-        const auth = freshAuth();
-        const compute = freshCompute(auth);
-        // Owner sign-in via recovery — picks up four sphere keys from the
-        // recovery file format. Build one inline.
-        const issuer = createBrowserIdentity("owner", "Owner");
-        const seedHex = (b) => Array.from(b).map((x) => x.toString(16).padStart(2, "0")).join("");
-        const recoveryText = JSON.stringify({
-            aithos_recovery_version: "0.1.0-plaintext",
-            handle: issuer.handle,
-            display_name: issuer.displayName,
-            did: issuer.did,
-            created_at: new Date().toISOString(),
-            seeds_hex: {
-                root: seedHex(issuer.root.seed),
-                public: seedHex(issuer.public.seed),
-                circle: seedHex(issuer.circle.seed),
-                self: seedHex(issuer.self.seed),
-            },
-        });
-        await auth.signInWithRecovery({ file: recoveryText });
-        await compute.invokeBedrock({
-            mandateId: "mandate:owner-managed",
-            model: "claude-haiku-4-5",
-            messages: [{ role: "user", content: "Hi" }],
-            maxTokens: 1,
-        });
-        const env = lastRequestBody?.params?._envelope;
-        assert.ok(env, "envelope must be present");
-        // Owner path: verificationMethod is a `#public` DID URL, and the
-        // envelope MUST NOT carry a mandate (server resolves from
-        // params.mandate_id).
-        assert.match(env.proof.verificationMethod, /#public$/);
-        assert.equal(env.mandate, undefined, "owner-signed envelopes should not attach a mandate");
-    });
-});
-//# sourceMappingURL=compute-delegate-path.test.js.map

package/dist/test/compute.test.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=compute.test.d.ts.map

package/dist/test/compute.test.js

@@ -1,194 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0
-// Copyright 2026 Mathieu Colla
-// Unit tests for sdk.compute.invokeBedrock with a mock fetch.
-//
-// We construct a real BrowserIdentity (Ed25519 keypairs are synchronous)
-// rather than stubbing it out — that way the envelope-signing path runs
-// for real and any signature/canonicalization regression in the SDK or
-// in protocol-client surfaces here.
-import { strict as assert } from "node:assert";
-import { describe, it } from "node:test";
-import { createBrowserIdentity } from "@aithos/protocol-client";
-import { AithosAuth, AithosSDK, AithosSDKError, memoryKeyStore, noopStore, } from "../src/index.js";
-import { serializeRecoveryFile } from "../src/internal/recovery-file.js";
-const APP_DID = "did:aithos:app:test";
-async function makeSdk(fetchImpl) {
-    const id = createBrowserIdentity("test-handle", "Test User");
-    const auth = new AithosAuth({
-        authBaseUrl: "https://auth.test",
-        fetch: (() => {
-            throw new Error("auth not used in compute tests");
-        }),
-        sessionStore: noopStore(),
-        keyStore: memoryKeyStore(),
-    });
-    const { text } = serializeRecoveryFile(id);
-    await auth.signInWithRecovery({ file: text });
-    return new AithosSDK({
-        auth,
-        appDid: APP_DID,
-        endpoints: { compute: "https://compute.example.test" },
-        fetch: fetchImpl,
-    });
-}
-const HAPPY_RESULT = {
-    content: "Hello, Aithos!",
-    stopReason: "end_turn",
-    usage: { inputTokens: 12, outputTokens: 8 },
-    creditsCharged: 9,
-    walletBalance: 99_991,
-    auditId: "audit-1",
-};
-describe("compute.invokeBedrock — happy path", () => {
-    it("posts to ${compute}/v1/invoke with a JSON-RPC envelope and parses the result", async () => {
-        let capturedUrl;
-        let capturedInit;
-        const fakeFetch = async (input, init) => {
-            capturedUrl = typeof input === "string" ? input : input.toString();
-            capturedInit = init;
-            return new Response(JSON.stringify({ result: HAPPY_RESULT }), {
-                status: 200,
-                headers: { "content-type": "application/json" },
-            });
-        };
-        const sdk = await makeSdk(fakeFetch);
-        const out = await sdk.compute.invokeBedrock({
-            mandateId: "mandate:abc",
-            model: "claude-sonnet-4-6",
-            messages: [{ role: "user", content: "Hi" }],
-        });
-        assert.deepEqual(out, HAPPY_RESULT);
-        assert.equal(capturedUrl, "https://compute.example.test/v1/invoke");
-        assert.equal(capturedInit?.method, "POST");
-        const headers = capturedInit?.headers;
-        assert.equal(headers["content-type"], "application/json");
-        const body = JSON.parse(capturedInit?.body);
-        assert.equal(body.jsonrpc, "2.0");
-        assert.equal(body.method, "aithos.compute_invoke");
-        assert.equal(body.params.app_did, APP_DID);
-        assert.equal(body.params.mandate_id, "mandate:abc");
-        assert.equal(body.params.model, "claude-sonnet-4-6");
-        // Idempotency key is auto-generated when not provided.
-        assert.match(body.params.idempotency_key, /^[0-9a-f]{32}$/);
-        // Envelope is present on the wire.
-        assert.ok(body.params._envelope, "request must carry a signed envelope");
-    });
-    it("forwards optional system / max_tokens / temperature and respects a caller-provided idempotencyKey", async () => {
-        let capturedBody;
-        const fakeFetch = async (_input, init) => {
-            capturedBody = JSON.parse(init?.body).params;
-            return new Response(JSON.stringify({ result: HAPPY_RESULT }), {
-                status: 200,
-                headers: { "content-type": "application/json" },
-            });
-        };
-        const sdk = await makeSdk(fakeFetch);
-        await sdk.compute.invokeBedrock({
-            mandateId: "mandate:abc",
-            model: "claude-sonnet-4-6",
-            messages: [{ role: "user", content: "Hi" }],
-            system: "You are concise.",
-            maxTokens: 256,
-            temperature: 0.2,
-            idempotencyKey: "idem-1",
-        });
-        assert.equal(capturedBody?.system, "You are concise.");
-        assert.equal(capturedBody?.max_tokens, 256);
-        assert.equal(capturedBody?.temperature, 0.2);
-        assert.equal(capturedBody?.idempotency_key, "idem-1");
-    });
-});
-describe("compute.invokeBedrock — errors", () => {
-    it("wraps a network failure as AithosSDKError(code='network')", async () => {
-        const fakeFetch = async () => {
-            throw new Error("fetch failed: ECONNREFUSED");
-        };
-        const sdk = await makeSdk(fakeFetch);
-        await assert.rejects(sdk.compute.invokeBedrock({
-            mandateId: "mandate:abc",
-            model: "claude-sonnet-4-6",
-            messages: [{ role: "user", content: "Hi" }],
-        }), (err) => {
-            assert.ok(err instanceof AithosSDKError);
-            assert.equal(err.code, "network");
-            assert.match(err.message, /ECONNREFUSED/);
-            return true;
-        });
-    });
-    it("wraps an HTTP non-2xx as AithosSDKError(code='http')", async () => {
-        const fakeFetch = async () => new Response("nope", { status: 503, statusText: "Service Unavailable" });
-        const sdk = await makeSdk(fakeFetch);
-        await assert.rejects(sdk.compute.invokeBedrock({
-            mandateId: "mandate:abc",
-            model: "claude-sonnet-4-6",
-            messages: [{ role: "user", content: "Hi" }],
-        }), (err) => {
-            assert.ok(err instanceof AithosSDKError);
-            assert.equal(err.code, "http");
-            assert.equal(err.status, 503);
-            return true;
-        });
-    });
-    it("wraps a JSON-RPC error response with the proxy's code and message", async () => {
-        const fakeFetch = async () => new Response(JSON.stringify({
-            error: {
-                code: 402,
-                message: "insufficient_credits",
-                data: { balance: 0, required: 1 },
-            },
-        }), { status: 200, headers: { "content-type": "application/json" } });
-        const sdk = await makeSdk(fakeFetch);
-        await assert.rejects(sdk.compute.invokeBedrock({
-            mandateId: "mandate:abc",
-            model: "claude-sonnet-4-6",
-            messages: [{ role: "user", content: "Hi" }],
-        }), (err) => {
-            assert.ok(err instanceof AithosSDKError);
-            assert.equal(err.code, "402");
-            assert.equal(err.message, "insufficient_credits");
-            return true;
-        });
-    });
-    it("rejects an empty result payload as AithosSDKError(code='empty')", async () => {
-        const fakeFetch = async () => new Response(JSON.stringify({}), {
-            status: 200,
-            headers: { "content-type": "application/json" },
-        });
-        const sdk = await makeSdk(fakeFetch);
-        await assert.rejects(sdk.compute.invokeBedrock({
-            mandateId: "mandate:abc",
-            model: "claude-sonnet-4-6",
-            messages: [{ role: "user", content: "Hi" }],
-        }), (err) => {
-            assert.ok(err instanceof AithosSDKError);
-            assert.equal(err.code, "empty");
-            return true;
-        });
-    });
-});
-describe("compute.invokeBedrock — abort", () => {
-    it("propagates an AbortSignal to fetch", async () => {
-        let receivedSignal;
-        const fakeFetch = async (_input, init) => {
-            receivedSignal = init?.signal;
-            return new Response(JSON.stringify({ result: HAPPY_RESULT }), {
-                status: 200,
-                headers: { "content-type": "application/json" },
-            });
-        };
-        const sdk = await makeSdk(fakeFetch);
-        const ac = new AbortController();
-        await sdk.compute.invokeBedrock({
-            mandateId: "mandate:abc",
-            model: "claude-sonnet-4-6",
-            messages: [{ role: "user", content: "Hi" }],
-            signal: ac.signal,
-        });
-        assert.equal(receivedSignal, ac.signal);
-    });
-});
-// `compute.invokeUrlFetch` was removed in alpha.24 (BREAKING). The
-// Anthropic API-direct + web_fetch tool path is replaced by the
-// `sdk.web.extract` namespace which routes through the deterministic
-// web-extractor Lambda. No tests here anymore.
-//# sourceMappingURL=compute.test.js.map

package/dist/test/endpoints.test.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=endpoints.test.d.ts.map

package/dist/test/endpoints.test.js

@@ -1,62 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0
-// Copyright 2026 Mathieu Colla
-// Unit tests for endpoint resolution + URL composition.
-import { strict as assert } from "node:assert";
-import { describe, it } from "node:test";
-import { DEFAULT_SDK_ENDPOINTS } from "../src/index.js";
-import { computeInvokeUrl, resolveEndpoints, walletTopupCheckoutUrl, webInvokeUrl, } from "../src/endpoints.js";
-describe("resolveEndpoints", () => {
-    it("returns a fresh copy of the defaults when no override is given", () => {
-        const a = resolveEndpoints();
-        const b = resolveEndpoints();
-        assert.deepEqual(a, DEFAULT_SDK_ENDPOINTS);
-        assert.notEqual(a, b, "resolveEndpoints must not return a shared instance");
-    });
-    it("merges partial overrides on top of the defaults", () => {
-        const e = resolveEndpoints({ compute: "https://staging.aithos.be" });
-        assert.equal(e.compute, "https://staging.aithos.be");
-        assert.equal(e.wallet, DEFAULT_SDK_ENDPOINTS.wallet);
-    });
-});
-describe("computeInvokeUrl", () => {
-    it("appends /v1/invoke to the compute base", () => {
-        assert.equal(computeInvokeUrl({
-            compute: "https://compute.aithos.be",
-            wallet: "https://wallet.aithos.be",
-            web: "https://extract.aithos.be",
-        }), "https://compute.aithos.be/v1/invoke");
-    });
-    it("trims a trailing slash on the compute base", () => {
-        assert.equal(computeInvokeUrl({
-            compute: "https://compute.aithos.be/",
-            wallet: "https://wallet.aithos.be",
-            web: "https://extract.aithos.be",
-        }), "https://compute.aithos.be/v1/invoke");
-    });
-});
-describe("walletTopupCheckoutUrl", () => {
-    it("appends /v1/wallet/topup/checkout to the wallet base", () => {
-        assert.equal(walletTopupCheckoutUrl({
-            compute: "https://compute.aithos.be",
-            wallet: "https://wallet.aithos.be",
-            web: "https://extract.aithos.be",
-        }), "https://wallet.aithos.be/v1/wallet/topup/checkout");
-    });
-});
-describe("webInvokeUrl", () => {
-    it("appends /v1/invoke to the web base", () => {
-        assert.equal(webInvokeUrl({
-            compute: "https://compute.aithos.be",
-            wallet: "https://wallet.aithos.be",
-            web: "https://extract.aithos.be",
-        }), "https://extract.aithos.be/v1/invoke");
-    });
-    it("trims a trailing slash on the web base", () => {
-        assert.equal(webInvokeUrl({
-            compute: "https://compute.aithos.be",
-            wallet: "https://wallet.aithos.be",
-            web: "https://extract.aithos.be/",
-        }), "https://extract.aithos.be/v1/invoke");
-    });
-});
-//# sourceMappingURL=endpoints.test.js.map

package/dist/test/envelope.test.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=envelope.test.d.ts.map