@aithos/sdk 0.1.0-alpha.5 → 0.1.0-alpha.51

package/dist/test/compute-delegate-path.test.js

@@ -0,0 +1,183 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2026 Mathieu Colla
+// Tests for the delegate signing path on sdk.compute.invokeBedrock.
+// Until alpha.9 the method ALWAYS required an owner — a session that
+// only held a mandate (no owner signers) failed with sdk_no_owner
+// before any network call. From alpha.9 onward, when no owner is
+// loaded but a delegate matches the requested mandate id, the SDK
+// signs the envelope with the delegate's keypair and attaches the
+// SignedMandate.
+import { strict as assert } from "node:assert";
+import { afterEach, beforeEach, describe, it } from "node:test";
+import { createBrowserIdentity } from "@aithos/protocol-client";
+import { AithosAuth, AithosSDKError, ComputeNamespace, memoryKeyStore, noopStore, } from "../src/index.js";
+import { DEFAULT_SDK_ENDPOINTS } from "../src/endpoints.js";
+/* -------------------------------------------------------------------------- */
+/*  Test plumbing                                                             */
+/* -------------------------------------------------------------------------- */
+let savedFetch;
+let lastRequestBody = null;
+function installFetchMock(response) {
+    savedFetch = globalThis.fetch;
+    lastRequestBody = null;
+    globalThis.fetch = (async (_input, init) => {
+        lastRequestBody = JSON.parse(init?.body);
+        return new Response(JSON.stringify(response.json), {
+            status: response.status ?? 200,
+            headers: { "content-type": "application/json" },
+        });
+    });
+}
+function uninstallFetchMock() {
+    if (savedFetch)
+        globalThis.fetch = savedFetch;
+    savedFetch = undefined;
+    lastRequestBody = null;
+}
+const okResponse = {
+    json: {
+        jsonrpc: "2.0",
+        id: "x",
+        result: {
+            content: "ok",
+            stopReason: "end_turn",
+            usage: { inputTokens: 1, outputTokens: 1 },
+            creditsCharged: 1,
+            walletBalance: 999,
+            auditId: "audit-test",
+        },
+    },
+};
+function freshAuth() {
+    return new AithosAuth({
+        sessionStore: noopStore(),
+        keyStore: memoryKeyStore(),
+    });
+}
+function freshCompute(auth) {
+    return new ComputeNamespace({
+        auth,
+        appDid: "did:aithos:app:example-placeholder",
+        endpoints: DEFAULT_SDK_ENDPOINTS,
+        fetch: globalThis.fetch.bind(globalThis),
+    });
+}
+/**
+ * Build a delegate bundle JSON that matches the wire shape importMandate
+ * accepts. Uses a real SignedMandate-like object minted from a fresh
+ * issuer so signature verification on import succeeds.
+ */
+function makeDelegateBundleText(args) {
+    const issuer = createBrowserIdentity("alice", "Alice");
+    return JSON.stringify({
+        aithos_delegate_version: "0.1.0",
+        mandate: {
+            "aithos-mandate": "0.4.0",
+            id: args.mandateId,
+            issuer: issuer.did,
+            issued_by_key: `${issuer.did}#self`,
+            grantee: {
+                id: args.granteeId ?? "urn:aithos:agent:test",
+                pubkey: "z6MkqGenericPubKey",
+            },
+            actor_sphere: "self",
+            scopes: args.scopes,
+            not_before: "2026-05-10T00:00:00Z",
+            not_after: "2026-05-11T00:00:00Z",
+            issued_at: "2026-05-10T00:00:00Z",
+            nonce: "abc",
+            signature: { alg: "ed25519", key: `${issuer.did}#self`, value: "..." },
+        },
+        delegate_seed_hex: "11".repeat(32),
+    });
+}
+/* -------------------------------------------------------------------------- */
+/*  Tests                                                                     */
+/* -------------------------------------------------------------------------- */
+describe("ComputeNamespace.invokeBedrock — delegate path", () => {
+    beforeEach(() => {
+        installFetchMock(okResponse);
+    });
+    afterEach(() => {
+        uninstallFetchMock();
+    });
+    it("rejects with sdk_no_delegate_for_mandate when delegate-only and mandateId doesn't match", async () => {
+        const auth = freshAuth();
+        const compute = freshCompute(auth);
+        // Import a delegate with a DIFFERENT mandate id than the one the call
+        // requests. Should error with the new code (NOT sdk_no_owner anymore).
+        await auth.importMandate({
+            bundle: makeDelegateBundleText({
+                mandateId: "mandate:held",
+                scopes: ["compute.invoke"],
+            }),
+        });
+        await assert.rejects(() => compute.invokeBedrock({
+            mandateId: "mandate:other-not-held",
+            model: "claude-haiku-4-5",
+            messages: [{ role: "user", content: "Hi" }],
+            maxTokens: 1,
+        }), (e) => e instanceof AithosSDKError &&
+            e.code === "sdk_no_delegate_for_mandate");
+    });
+    it("signs with the delegate keypair + attaches the mandate when delegate-only matches", async () => {
+        const auth = freshAuth();
+        const compute = freshCompute(auth);
+        const mandateId = "mandate:matching";
+        await auth.importMandate({
+            bundle: makeDelegateBundleText({
+                mandateId,
+                scopes: ["compute.invoke"],
+            }),
+        });
+        await compute.invokeBedrock({
+            mandateId,
+            model: "claude-haiku-4-5",
+            messages: [{ role: "user", content: "Hi" }],
+            maxTokens: 1,
+        });
+        const env = lastRequestBody?.params?._envelope;
+        assert.ok(env, "envelope must be present");
+        // verificationMethod must be the delegate's bare multibase pubkey
+        // (NOT a `#sphere` DID URL). And the SignedMandate must be inside.
+        assert.match(env.proof.verificationMethod, /^z[1-9A-HJ-NP-Za-km-z]+$/, `expected multibase pubkey, got ${env.proof.verificationMethod}`);
+        assert.ok(env.mandate, "delegate envelopes must attach the SignedMandate");
+        assert.equal(env.mandate.id, mandateId);
+    });
+    it("still works the owner path when an owner is signed in", async () => {
+        const auth = freshAuth();
+        const compute = freshCompute(auth);
+        // Owner sign-in via recovery — picks up four sphere keys from the
+        // recovery file format. Build one inline.
+        const issuer = createBrowserIdentity("owner", "Owner");
+        const seedHex = (b) => Array.from(b).map((x) => x.toString(16).padStart(2, "0")).join("");
+        const recoveryText = JSON.stringify({
+            aithos_recovery_version: "0.1.0-plaintext",
+            handle: issuer.handle,
+            display_name: issuer.displayName,
+            did: issuer.did,
+            created_at: new Date().toISOString(),
+            seeds_hex: {
+                root: seedHex(issuer.root.seed),
+                public: seedHex(issuer.public.seed),
+                circle: seedHex(issuer.circle.seed),
+                self: seedHex(issuer.self.seed),
+            },
+        });
+        await auth.signInWithRecovery({ file: recoveryText });
+        await compute.invokeBedrock({
+            mandateId: "mandate:owner-managed",
+            model: "claude-haiku-4-5",
+            messages: [{ role: "user", content: "Hi" }],
+            maxTokens: 1,
+        });
+        const env = lastRequestBody?.params?._envelope;
+        assert.ok(env, "envelope must be present");
+        // Owner path: verificationMethod is a `#public` DID URL, and the
+        // envelope MUST NOT carry a mandate (server resolves from
+        // params.mandate_id).
+        assert.match(env.proof.verificationMethod, /#public$/);
+        assert.equal(env.mandate, undefined, "owner-signed envelopes should not attach a mandate");
+    });
+});
+//# sourceMappingURL=compute-delegate-path.test.js.map

package/dist/test/compute.test.js

@@ -187,4 +187,8 @@ describe("compute.invokeBedrock — abort", () => {
         assert.equal(receivedSignal, ac.signal);
     });
 });
+// `compute.invokeUrlFetch` was removed in alpha.24 (BREAKING). The
+// Anthropic API-direct + web_fetch tool path is replaced by the
+// `sdk.web.extract` namespace which routes through the deterministic
+// web-extractor Lambda. No tests here anymore.
 //# sourceMappingURL=compute.test.js.map

package/dist/test/endpoints.test.js

@@ -4,7 +4,7 @@
 import { strict as assert } from "node:assert";
 import { describe, it } from "node:test";
 import { DEFAULT_SDK_ENDPOINTS } from "../src/index.js";
-import { computeInvokeUrl, resolveEndpoints, walletTopupCheckoutUrl, } from "../src/endpoints.js";
+import { computeInvokeUrl, resolveEndpoints, walletTopupCheckoutUrl, webInvokeUrl, } from "../src/endpoints.js";
 describe("resolveEndpoints", () => {
     it("returns a fresh copy of the defaults when no override is given", () => {
         const a = resolveEndpoints();
@@ -23,12 +23,18 @@ describe("computeInvokeUrl", () => {
         assert.equal(computeInvokeUrl({
             compute: "https://compute.aithos.be",
             wallet: "https://wallet.aithos.be",
+            web: "https://extract.aithos.be",
+            pds: "https://pds.aithos.be",
+            assets: "https://assets.aithos.be",
         }), "https://compute.aithos.be/v1/invoke");
     });
     it("trims a trailing slash on the compute base", () => {
         assert.equal(computeInvokeUrl({
             compute: "https://compute.aithos.be/",
             wallet: "https://wallet.aithos.be",
+            web: "https://extract.aithos.be",
+            pds: "https://pds.aithos.be",
+            assets: "https://assets.aithos.be",
         }), "https://compute.aithos.be/v1/invoke");
     });
 });
@@ -37,7 +43,30 @@ describe("walletTopupCheckoutUrl", () => {
         assert.equal(walletTopupCheckoutUrl({
             compute: "https://compute.aithos.be",
             wallet: "https://wallet.aithos.be",
+            web: "https://extract.aithos.be",
+            pds: "https://pds.aithos.be",
+            assets: "https://assets.aithos.be",
         }), "https://wallet.aithos.be/v1/wallet/topup/checkout");
     });
 });
+describe("webInvokeUrl", () => {
+    it("appends /v1/invoke to the web base", () => {
+        assert.equal(webInvokeUrl({
+            compute: "https://compute.aithos.be",
+            wallet: "https://wallet.aithos.be",
+            web: "https://extract.aithos.be",
+            pds: "https://pds.aithos.be",
+            assets: "https://assets.aithos.be",
+        }), "https://extract.aithos.be/v1/invoke");
+    });
+    it("trims a trailing slash on the web base", () => {
+        assert.equal(webInvokeUrl({
+            compute: "https://compute.aithos.be",
+            wallet: "https://wallet.aithos.be",
+            web: "https://extract.aithos.be/",
+            pds: "https://pds.aithos.be",
+            assets: "https://assets.aithos.be",
+        }), "https://extract.aithos.be/v1/invoke");
+    });
+});
 //# sourceMappingURL=endpoints.test.js.map

package/dist/test/envelope-core-conformance.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=envelope-core-conformance.test.d.ts.map

package/dist/test/envelope-core-conformance.test.js

@@ -0,0 +1,75 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2026 Mathieu Colla
+/**
+ * Conformance for the envelope-signing refactor.
+ *
+ * `signOwnerEnvelope` now delegates to `@aithos/protocol-core`'s
+ * `signEnvelopeWith` (pluggable async signer) instead of carrying a private
+ * JCS + signing implementation. These tests assert the migrated path is
+ * correct and stable:
+ *
+ *   1. the produced envelope's `proof.proofValue` verifies against the signer's
+ *      public key over core's canonical signing bytes (i.e. the server will
+ *      accept it);
+ *   2. `params_hash` equals core's `envelopeParamsHash(params)`;
+ *   3. with a fixed clock + nonce the output is deterministic (snapshot), which
+ *      is what guarantees the wire format did not shift under the refactor.
+ *
+ * Note: this suite needs the SDK to resolve a build of `@aithos/protocol-core`
+ * that exposes `signEnvelopeWith` (>= 0.6.3). Run via `npm test`.
+ */
+import { describe, test } from "node:test";
+import { strict as assert } from "node:assert";
+import * as ed from "@noble/ed25519";
+import { sha512 } from "@noble/hashes/sha512";
+import { envelopeParamsHash, envelopeSigningBytes, } from "@aithos/protocol-core/envelope";
+import { signOwnerEnvelope } from "../src/internal/envelope.js";
+ed.etc.sha512Sync = (...m) => sha512(ed.etc.concatBytes(...m));
+const SEED = new Uint8Array(32).fill(11);
+const PUB = ed.getPublicKey(SEED);
+const NOW = new Date("2026-05-31T12:00:00.000Z");
+const NONCE = "01J0ENVELOPECONFORMANCE0000";
+const ISS = "did:aithos:z6MkEnvelopeConformance";
+const VM = `${ISS}#public`;
+const base = {
+    iss: ISS,
+    aud: "https://api.aithos.be/mcp/primitives/write",
+    method: "aithos.data.insert_record",
+    params: { b: 2, a: 1, nested: { y: [3, 1, 2], x: "z" } },
+    verificationMethod: VM,
+    signer: { sign: async (bytes) => ed.sign(bytes, SEED) },
+    ttlSeconds: 60,
+    now: NOW,
+    nonce: NONCE,
+};
+describe("signOwnerEnvelope — core delegation conformance", () => {
+    test("proofValue verifies against signing bytes (server will accept)", async () => {
+        const env = await signOwnerEnvelope({ ...base });
+        const sig = b64urlDecode(env.proof.proofValue);
+        assert.equal(ed.verify(sig, envelopeSigningBytes(env), PUB), true);
+    });
+    test("params_hash matches core.envelopeParamsHash", async () => {
+        const env = await signOwnerEnvelope({ ...base });
+        assert.equal(env.params_hash, envelopeParamsHash(base.params));
+    });
+    test("deterministic under fixed clock + nonce (wire-format snapshot)", async () => {
+        const a = await signOwnerEnvelope({ ...base });
+        const b = await signOwnerEnvelope({ ...base });
+        assert.equal(JSON.stringify(a), JSON.stringify(b));
+        assert.equal(a["aithos-envelope"], "0.1.0");
+        assert.equal(a.iat, 1780228800);
+        assert.equal(a.exp, 1780228860);
+        assert.equal(a.nonce, NONCE);
+        assert.equal(a.proof.verificationMethod, VM);
+    });
+});
+function b64urlDecode(s) {
+    const pad = s.length % 4 === 0 ? "" : "=".repeat(4 - (s.length % 4));
+    const b64 = s.replace(/-/g, "+").replace(/_/g, "/") + pad;
+    const bin = atob(b64);
+    const out = new Uint8Array(bin.length);
+    for (let i = 0; i < bin.length; i++)
+        out[i] = bin.charCodeAt(i);
+    return out;
+}
+//# sourceMappingURL=envelope-core-conformance.test.js.map

package/dist/test/envelope.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=envelope.test.d.ts.map

package/dist/test/envelope.test.js

@@ -0,0 +1,318 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2026 Mathieu Colla
+// Unit tests for the signed-envelope primitive — both the SDK-internal
+// helper `signOwnerEnvelope` and the public surface
+// `AithosAuth.signEnvelope`.
+//
+// Two levels of testing:
+//
+//   1. Internal helper: tests that can inject deterministic `now` and
+//      `nonce` to lock byte-for-byte output. These guard against any
+//      future drift in canonicalization, default TTL, field order, or
+//      crypto wiring.
+//
+//   2. Public surface: tests that exercise the full path through
+//      `AithosAuth.signEnvelope`, including sphere resolution, throw
+//      semantics, and binding to the loaded owner's DID. These guard
+//      the developer contract documented in the JSDoc.
+import { strict as assert } from "node:assert";
+import { describe, it } from "node:test";
+import { createBrowserIdentity, sign as ed25519Sign, verify as ed25519Verify, } from "@aithos/protocol-client";
+import { AithosAuth, AithosSDKError, memoryKeyStore, noopStore, } from "../src/index.js";
+import { signOwnerEnvelope } from "../src/internal/envelope.js";
+import { serializeRecoveryFile } from "../src/internal/recovery-file.js";
+/* -------------------------------------------------------------------------- */
+/*  Test helpers                                                              */
+/* -------------------------------------------------------------------------- */
+/** Build a minimal AithosAuth, no network, no persistence. */
+function makeAuth() {
+    return new AithosAuth({
+        authBaseUrl: "https://auth.test",
+        fetch: (() => {
+            throw new Error("network not expected in this test");
+        }),
+        sessionStore: noopStore(),
+        keyStore: memoryKeyStore(),
+    });
+}
+/** Recovery-file text + DID for a fresh BrowserIdentity. */
+function recoveryTextFor(handle, displayName) {
+    const id = createBrowserIdentity(handle, displayName);
+    return { text: serializeRecoveryFile(id).text, did: id.did };
+}
+/** Inline signer wrapping a raw seed — matches what data.ts does. */
+function inlineSigner(seed) {
+    return {
+        async sign(message) {
+            return ed25519Sign(message, seed);
+        },
+    };
+}
+/** base64url decoder for envelope.proof.proofValue. */
+function base64urlDecode(s) {
+    const std = s.replace(/-/g, "+").replace(/_/g, "/");
+    const padded = std + "=".repeat((4 - (std.length % 4)) % 4);
+    const bin = atob(padded);
+    const out = new Uint8Array(bin.length);
+    for (let i = 0; i < bin.length; i++)
+        out[i] = bin.charCodeAt(i);
+    return out;
+}
+/** Canonicalize a JS value the same way envelope.ts does — for the
+ *  test that recomputes the bytes the server would verify against. */
+function canonical(value) {
+    if (value === null)
+        return "null";
+    if (typeof value === "boolean")
+        return value ? "true" : "false";
+    if (typeof value === "number")
+        return value.toString();
+    if (typeof value === "string")
+        return JSON.stringify(value);
+    if (Array.isArray(value)) {
+        return "[" + value.map(canonical).join(",") + "]";
+    }
+    if (typeof value === "object") {
+        const obj = value;
+        const keys = Object.keys(obj).sort();
+        return ("{" +
+            keys.map((k) => JSON.stringify(k) + ":" + canonical(obj[k])).join(",") +
+            "}");
+    }
+    throw new Error(`Cannot canonicalize ${typeof value}`);
+}
+/* -------------------------------------------------------------------------- */
+/*  signOwnerEnvelope — internal helper                                       */
+/* -------------------------------------------------------------------------- */
+describe("signOwnerEnvelope (internal helper)", () => {
+    it("signs an envelope whose signature verifies under the signer's pubkey", async () => {
+        const id = createBrowserIdentity("alice", "Alice");
+        const envelope = await signOwnerEnvelope({
+            iss: id.did,
+            aud: "https://api.example.com/v1/widgets",
+            method: "myapp.widgets.create",
+            params: { name: "Widget #1" },
+            signer: inlineSigner(id.public.seed),
+            verificationMethod: `${id.did}#public`,
+        });
+        // Re-derive the exact bytes the server would canonicalize and check.
+        const { proof, ...unsignedWithEmptyProof } = envelope;
+        const unsigned = {
+            ...unsignedWithEmptyProof,
+            proof: { ...proof, proofValue: "" },
+        };
+        const bytes = new TextEncoder().encode(canonical(unsigned));
+        const sig = base64urlDecode(envelope.proof.proofValue);
+        assert.ok(ed25519Verify(sig, bytes, id.public.publicKey), "envelope signature must verify under the public-sphere pubkey");
+    });
+    it("produces an envelope conforming to spec §11.2 shape", async () => {
+        const id = createBrowserIdentity("alice", "Alice");
+        const envelope = await signOwnerEnvelope({
+            iss: id.did,
+            aud: "https://api.example.com/v1/x",
+            method: "x.do",
+            params: {},
+            signer: inlineSigner(id.public.seed),
+            verificationMethod: `${id.did}#public`,
+        });
+        assert.equal(envelope["aithos-envelope"], "0.1.0");
+        assert.equal(envelope.iss, id.did);
+        assert.equal(envelope.aud, "https://api.example.com/v1/x");
+        assert.equal(envelope.method, "x.do");
+        assert.equal(typeof envelope.iat, "number");
+        assert.equal(typeof envelope.exp, "number");
+        assert.equal(typeof envelope.nonce, "string");
+        assert.ok(envelope.params_hash.startsWith("sha256-"));
+        assert.equal(envelope.proof.type, "Ed25519Signature2020");
+        assert.equal(envelope.proof.verificationMethod, `${id.did}#public`);
+        assert.equal(typeof envelope.proof.created, "string");
+        assert.ok(envelope.proof.proofValue.length > 0);
+    });
+    it("params_hash is canonical — key order does not affect the hash", async () => {
+        const id = createBrowserIdentity("alice", "Alice");
+        const common = {
+            iss: id.did,
+            aud: "https://api.example.com/v1/x",
+            method: "x.do",
+            signer: inlineSigner(id.public.seed),
+            verificationMethod: `${id.did}#public`,
+            now: new Date("2024-01-01T00:00:00.000Z"),
+            nonce: "01HXJZK7MK8VPN0FQR5T6Y2A3Z",
+        };
+        const env1 = await signOwnerEnvelope({
+            ...common,
+            params: { alpha: 1, beta: 2, gamma: [3, 4] },
+        });
+        const env2 = await signOwnerEnvelope({
+            ...common,
+            params: { gamma: [3, 4], alpha: 1, beta: 2 },
+        });
+        assert.equal(env1.params_hash, env2.params_hash, "params_hash must be stable across JS object key order");
+    });
+    it("respects an explicit ttlSeconds", async () => {
+        const id = createBrowserIdentity("alice", "Alice");
+        const envelope = await signOwnerEnvelope({
+            iss: id.did,
+            aud: "https://api.example.com/v1/x",
+            method: "x.do",
+            params: {},
+            signer: inlineSigner(id.public.seed),
+            verificationMethod: `${id.did}#public`,
+            now: new Date("2024-01-01T00:00:00.000Z"),
+            ttlSeconds: 173,
+        });
+        assert.equal(envelope.exp - envelope.iat, 173);
+    });
+    it("defaults ttlSeconds to 60 — guards against drift from data.ts's prior behavior", async () => {
+        const id = createBrowserIdentity("alice", "Alice");
+        const envelope = await signOwnerEnvelope({
+            iss: id.did,
+            aud: "https://api.example.com/v1/x",
+            method: "x.do",
+            params: {},
+            signer: inlineSigner(id.public.seed),
+            verificationMethod: `${id.did}#public`,
+            now: new Date("2024-01-01T00:00:00.000Z"),
+        });
+        assert.equal(envelope.exp - envelope.iat, 60);
+    });
+    it("nonce defaults to a fresh value per call (unique across calls)", async () => {
+        const id = createBrowserIdentity("alice", "Alice");
+        const args = {
+            iss: id.did,
+            aud: "https://api.example.com/v1/x",
+            method: "x.do",
+            params: {},
+            signer: inlineSigner(id.public.seed),
+            verificationMethod: `${id.did}#public`,
+        };
+        const e1 = await signOwnerEnvelope(args);
+        const e2 = await signOwnerEnvelope(args);
+        assert.notEqual(e1.nonce, e2.nonce, "two successive calls must produce different nonces");
+    });
+    it("is deterministic when now and nonce are both injected (regression lock)", async () => {
+        // With identical inputs INCLUDING the override hooks, two calls must
+        // produce byte-for-byte identical envelopes — including the
+        // signature. This catches any future regression in canonicalization,
+        // ordering, default values, or signing path.
+        const id = createBrowserIdentity("alice", "Alice");
+        const args = {
+            iss: id.did,
+            aud: "https://api.example.com/v1/widgets",
+            method: "myapp.widgets.create",
+            params: { name: "Widget #1", count: 3, tags: ["a", "b"] },
+            signer: inlineSigner(id.public.seed),
+            verificationMethod: `${id.did}#public`,
+            now: new Date("2024-01-01T00:00:00.000Z"),
+            nonce: "01HXJZK7MK8VPN0FQR5T6Y2A3Z",
+            ttlSeconds: 120,
+        };
+        const e1 = await signOwnerEnvelope(args);
+        const e2 = await signOwnerEnvelope(args);
+        assert.deepEqual(e1, e2, "envelope must be deterministic under fixed inputs");
+        // Belt and braces: also lock the timestamp arithmetic.
+        assert.equal(e1.iat, 1704067200);
+        assert.equal(e1.exp, 1704067320);
+        assert.equal(e1.nonce, "01HXJZK7MK8VPN0FQR5T6Y2A3Z");
+        assert.equal(e1.proof.created, "2024-01-01T00:00:00.000Z");
+        assert.equal(e1.proof.verificationMethod, `${id.did}#public`);
+    });
+});
+/* -------------------------------------------------------------------------- */
+/*  AithosAuth.signEnvelope — public surface                                  */
+/* -------------------------------------------------------------------------- */
+describe("AithosAuth.signEnvelope (public surface)", () => {
+    it("defaults to the public sphere when no sphere is passed", async () => {
+        const auth = makeAuth();
+        const { text, did } = recoveryTextFor("alice", "Alice");
+        await auth.signInWithRecovery({ file: text });
+        const envelope = await auth.signEnvelope({
+            aud: "https://api.example.com/v1/x",
+            method: "x.do",
+            params: { ok: true },
+        });
+        assert.equal(envelope.iss, did);
+        assert.equal(envelope.proof.verificationMethod, `${did}#public`);
+    });
+    it("honors explicit sphere overrides (root / public / circle / self)", async () => {
+        const auth = makeAuth();
+        const { text, did } = recoveryTextFor("alice", "Alice");
+        await auth.signInWithRecovery({ file: text });
+        for (const sphere of ["root", "public", "circle", "self"]) {
+            const envelope = await auth.signEnvelope({
+                aud: "https://api.example.com/v1/x",
+                method: "x.do",
+                params: {},
+                sphere,
+            });
+            assert.equal(envelope.proof.verificationMethod, `${did}#${sphere}`, `verificationMethod must end with #${sphere}`);
+        }
+    });
+    it("throws auth_not_signed_in when no owner is loaded", async () => {
+        const auth = makeAuth();
+        await assert.rejects(() => auth.signEnvelope({
+            aud: "https://api.example.com/v1/x",
+            method: "x.do",
+            params: {},
+        }), (e) => e instanceof AithosSDKError &&
+            e.code === "auth_not_signed_in");
+    });
+    it("throws auth_invalid_sphere when an unknown sphere is passed (untyped caller)", async () => {
+        const auth = makeAuth();
+        const { text } = recoveryTextFor("alice", "Alice");
+        await auth.signInWithRecovery({ file: text });
+        await assert.rejects(() => auth.signEnvelope({
+            aud: "https://api.example.com/v1/x",
+            method: "x.do",
+            params: {},
+            // Untyped callers (e.g. plain JS) could pass anything.
+            sphere: "bogus",
+        }), (e) => e instanceof AithosSDKError &&
+            e.code === "auth_invalid_sphere");
+    });
+    it("envelope ttlSeconds defaults to 60 — non-regression of internal default", async () => {
+        const auth = makeAuth();
+        const { text } = recoveryTextFor("alice", "Alice");
+        await auth.signInWithRecovery({ file: text });
+        const envelope = await auth.signEnvelope({
+            aud: "https://api.example.com/v1/x",
+            method: "x.do",
+            params: {},
+        });
+        assert.equal(envelope.exp - envelope.iat, 60);
+    });
+    it("envelope ttlSeconds is honored when provided", async () => {
+        const auth = makeAuth();
+        const { text } = recoveryTextFor("alice", "Alice");
+        await auth.signInWithRecovery({ file: text });
+        const envelope = await auth.signEnvelope({
+            aud: "https://api.example.com/v1/x",
+            method: "x.do",
+            params: {},
+            ttlSeconds: 240,
+        });
+        assert.equal(envelope.exp - envelope.iat, 240);
+    });
+    it("envelope signs with the correct sphere key (sig verifies under that pubkey)", async () => {
+        const auth = makeAuth();
+        const id = createBrowserIdentity("alice", "Alice");
+        const { text } = serializeRecoveryFile(id);
+        await auth.signInWithRecovery({ file: text });
+        const envelope = await auth.signEnvelope({
+            aud: "https://api.example.com/v1/x",
+            method: "x.do",
+            params: { x: 1 },
+            sphere: "circle",
+        });
+        // Reconstruct what the server would canonicalize-and-verify.
+        const { proof, ...unsignedWithEmptyProof } = envelope;
+        const unsigned = {
+            ...unsignedWithEmptyProof,
+            proof: { ...proof, proofValue: "" },
+        };
+        const bytes = new TextEncoder().encode(canonical(unsigned));
+        const sig = base64urlDecode(envelope.proof.proofValue);
+        assert.ok(ed25519Verify(sig, bytes, id.circle.publicKey), "envelope signed with sphere 'circle' must verify under circle.publicKey");
+    });
+});
+//# sourceMappingURL=envelope.test.js.map

package/dist/test/ethos-first-edition.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=ethos-first-edition.test.d.ts.map