@aithos/sdk 0.1.0-alpha.53 → 0.1.0-alpha.55

package/dist/src/rotate.d.ts

@@ -0,0 +1,94 @@
+/** Raw 32-byte seeds for a rotation. `root` is unchanged; the rest are new. */
+export interface RotationSeeds {
+    readonly root: Uint8Array;
+    readonly public: Uint8Array;
+    readonly circle: Uint8Array;
+    readonly self: Uint8Array;
+    /** Optional dedicated #data sphere (added if present). */
+    readonly data?: Uint8Array;
+}
+interface VerificationMethodLike {
+    id: string;
+    type: "Ed25519VerificationKey2020" | "X25519KeyAgreementKey2020";
+    controller: string;
+    publicKeyMultibase: string;
+}
+/** Minimal structural view of a did.json (browser-safe; no node import). */
+export interface DidDocumentLike {
+    "@context": readonly string[];
+    id: string;
+    verificationMethod: readonly VerificationMethodLike[];
+    keyAgreement?: readonly VerificationMethodLike[];
+    aithos: {
+        version: "0.1.0";
+        display_name?: string;
+        created_at: string;
+        rotated: readonly unknown[];
+    };
+    proof?: unknown;
+}
+/**
+ * Build + sign a rotated did.json. The result rotates every Ethos sphere whose
+ * seed differs from the previously-published key, appends one `rotated[]` entry
+ * per changed sphere (preserving prior history), carries / adds `#data`, and is
+ * signed by `#root`. Ready to POST via `aithos.rotate_sphere_key`.
+ *
+ * @param seeds        the post-rotation seeds (same root, new sphere seeds).
+ * @param previousDoc  the currently-published did.json (old pubkeys + history).
+ * @param displayName  display name to carry on the doc.
+ * @param reason       audit reason recorded on each new rotated entry.
+ */
+export declare function buildSignedRotatedDidDocument(seeds: RotationSeeds, previousDoc: DidDocumentLike, displayName: string, reason?: string): DidDocumentLike;
+import { type RekeyReport } from "./migrate.js";
+import { type ParsedRecoveryFile } from "./internal/recovery-file.js";
+export interface RotateEthosOptions {
+    /** api.aithos.be base URL. Default {@link DEFAULT_API_BASE_URL}. NOTE: the
+     *  Ethos-zone recopy uses @aithos/protocol-client's ambient endpoint
+     *  (api.aithos.be); a non-default apiBaseUrl only redirects the did.json
+     *  rotation, not the zone publish — keep them aligned (prod) for now. */
+    readonly apiBaseUrl?: string;
+    /** PDS base URL for the collection re-key. Default `https://pds.aithos.be`. */
+    readonly pdsUrl?: string;
+    readonly fetch?: typeof fetch;
+    /** Audit reason recorded in rotated[]. */
+    readonly reason?: string;
+    /**
+     * Skip the Ethos circle/self zone recopy (the live, protocol-client-RPC part).
+     * Used by hermetic tests and by data-only accounts. WARNING: with real
+     * circle/self content, skipping while rotating the sphere keys would orphan
+     * that content — rotateEthos refuses to rotate the Ethos spheres when an
+     * edition exists and zones are skipped (unless `force`).
+     */
+    readonly skipZones?: boolean;
+    /** Override the safety refusal above. */
+    readonly force?: boolean;
+    readonly onProgress?: (msg: string) => void;
+}
+export interface RotateEthosResult {
+    readonly did: string;
+    /** Ethos spheres whose key changed (always public/circle/self here). */
+    readonly rotatedSpheres: readonly string[];
+    /** Whether a fresh edition was republished (zones re-sealed under new keys). */
+    readonly editionRepublished: boolean;
+    /** Whether the account had an Ethos edition at all. */
+    readonly hadEdition: boolean;
+    /** Collection re-key report (dual #data wraps toward the NEW #data). */
+    readonly collections: RekeyReport;
+    /** New recovery file (ALL new sphere seeds + new #data). PERSIST THIS. */
+    readonly updatedRecoveryFile: string;
+}
+/**
+ * Fully rotate an Ethos: new public/circle/self/#data keys (root unchanged),
+ * re-encrypt the Ethos zones under the new keys (fresh edition), and dual-wrap
+ * every data collection toward the new #data. Entirely client-side; uses only
+ * existing API primitives (rotate_sphere_key, publish_ethos_edition via the
+ * protocol-client editor, rotate_cmk). Returns a new recovery file — persist it.
+ *
+ * Option (a) semantics: the new head edition (carrying all current content) is
+ * fully verifiable under the new keys; pre-rotation edition snapshots are not
+ * re-verifiable against the rotated did.json (rotated[] retains the old keys so
+ * a rotated[]-aware verifier can be added later without re-rotating).
+ */
+export declare function rotateEthos(recovery: ParsedRecoveryFile | string, opts?: RotateEthosOptions): Promise<RotateEthosResult>;
+export {};
+//# sourceMappingURL=rotate.d.ts.map

package/dist/src/rotate.js

@@ -0,0 +1,298 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2026 Mathieu Colla
+/**
+ * Ethos rotation — building blocks.
+ *
+ * This module currently ships the foundational, fully-tested piece of the
+ * "rotate an Ethos completely" feature: {@link buildSignedRotatedDidDocument},
+ * which produces a root-signed did.json that rotates one or more sphere keys
+ * (and carries / adds the optional `#data` sphere), extending `aithos.rotated[]`
+ * so it is accepted by the existing `aithos.rotate_sphere_key` primitive.
+ *
+ * Root is NEVER rotated — it IS the DID (`did:aithos:<root-mb>`). Rotating it
+ * would change the DID (= a new identity).
+ *
+ * Browser-safe: only depends on `@aithos/protocol-core/{did,canonical}`
+ * (node-free) + the SDK's own X25519 derivation + @noble. So it runs both in
+ * the migration script (node) and in a future in-browser app.aithos.be/rotate
+ * page.
+ *
+ * NOTE (scope): the *full* `rotateEthos` orchestration also re-encrypts the
+ * Ethos circle/self ZONES under the new sphere keys (publish a fresh edition)
+ * before the rotated sphere keys take effect — otherwise existing encrypted
+ * zone content sealed to the old sphere kex becomes unreadable. That zone
+ * recopy goes through `@aithos/protocol-client`'s editor (loadEditSnapshot /
+ * publishZoneEdit) and is built/tested separately. This module deliberately
+ * exposes only the did.json builder so callers can't accidentally rotate the
+ * Ethos sphere keys without the matching zone recopy.
+ */
+import * as ed from "@noble/ed25519";
+import { sha512 } from "@noble/hashes/sha2.js";
+import { canonicalize } from "@aithos/protocol-core/canonical";
+import { ed25519PublicKeyToMultibase, x25519PublicKeyToMultibase, } from "@aithos/protocol-core/did";
+import { ed25519SeedToX25519PublicKey } from "./internal/cmk-wrap.js";
+// noble/ed25519 v2 needs a sync sha512 for sync sign.
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+ed.etc.sha512Sync = (...m) => 
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+sha512(ed.etc.concatBytes(...m));
+const SPHERES = ["public", "circle", "self"];
+/**
+ * Build + sign a rotated did.json. The result rotates every Ethos sphere whose
+ * seed differs from the previously-published key, appends one `rotated[]` entry
+ * per changed sphere (preserving prior history), carries / adds `#data`, and is
+ * signed by `#root`. Ready to POST via `aithos.rotate_sphere_key`.
+ *
+ * @param seeds        the post-rotation seeds (same root, new sphere seeds).
+ * @param previousDoc  the currently-published did.json (old pubkeys + history).
+ * @param displayName  display name to carry on the doc.
+ * @param reason       audit reason recorded on each new rotated entry.
+ */
+export function buildSignedRotatedDidDocument(seeds, previousDoc, displayName, reason = "rotate") {
+    const rootPub = ed.getPublicKey(seeds.root);
+    const did = "did:aithos:" + ed25519PublicKeyToMultibase(rootPub);
+    if (previousDoc.id !== did) {
+        throw new Error("buildSignedRotatedDidDocument: root seed does not match previousDoc.id — root (and the DID) is never rotated");
+    }
+    const now = new Date().toISOString();
+    const verificationMethod = SPHERES.map((sphere) => ({
+        id: `${did}#${sphere}`,
+        type: "Ed25519VerificationKey2020",
+        controller: did,
+        publicKeyMultibase: ed25519PublicKeyToMultibase(ed.getPublicKey(seeds[sphere])),
+    }));
+    const keyAgreement = SPHERES.map((sphere) => ({
+        id: `${did}#${sphere}-kex`,
+        type: "X25519KeyAgreementKey2020",
+        controller: did,
+        publicKeyMultibase: x25519PublicKeyToMultibase(ed25519SeedToX25519PublicKey(seeds[sphere])),
+    }));
+    if (seeds.data) {
+        verificationMethod.push({
+            id: `${did}#data`,
+            type: "Ed25519VerificationKey2020",
+            controller: did,
+            publicKeyMultibase: ed25519PublicKeyToMultibase(ed.getPublicKey(seeds.data)),
+        });
+        keyAgreement.push({
+            id: `${did}#data-kex`,
+            type: "X25519KeyAgreementKey2020",
+            controller: did,
+            publicKeyMultibase: x25519PublicKeyToMultibase(ed25519SeedToX25519PublicKey(seeds.data)),
+        });
+    }
+    // Carry prior history + append one entry per Ethos sphere whose key changed.
+    const prevKeyOf = (sphere) => previousDoc.verificationMethod.find((vm) => vm.id === `${did}#${sphere}`)?.publicKeyMultibase;
+    const rotated = [...(previousDoc.aithos.rotated ?? [])];
+    for (const sphere of SPHERES) {
+        const oldKey = prevKeyOf(sphere);
+        const newKey = ed25519PublicKeyToMultibase(ed.getPublicKey(seeds[sphere]));
+        if (oldKey && oldKey !== newKey) {
+            rotated.push({ sphere, previous_key: oldKey, rotated_at: now, reason });
+        }
+    }
+    const unsigned = {
+        "@context": ["https://www.w3.org/ns/did/v1", "https://aithos.dev/spec/v0.1"],
+        id: did,
+        verificationMethod,
+        keyAgreement,
+        aithos: { version: "0.1.0", display_name: displayName, created_at: now, rotated },
+        proof: {
+            type: "Ed25519Signature2020",
+            created: now,
+            verificationMethod: `${did}#root`,
+            proofPurpose: "assertionMethod",
+            proofValue: "",
+        },
+    };
+    const bytes = new TextEncoder().encode(canonicalize(unsigned));
+    const sig = ed.sign(bytes, seeds.root);
+    return { ...unsigned, proof: { ...unsigned.proof, proofValue: base64url(sig) } };
+}
+function base64url(bytes) {
+    let bin = "";
+    for (let i = 0; i < bytes.length; i++)
+        bin += String.fromCharCode(bytes[i]);
+    return btoa(bin).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+/* ========================================================================== */
+/*  rotateEthos — full rotation orchestration                                 */
+/* ========================================================================== */
+import { loadEditSnapshot, publishZoneEdit, } from "@aithos/protocol-client";
+import { addDataSphereWrap } from "./migrate.js";
+import { DEFAULT_API_BASE_URL } from "./auth.js";
+import { signOwnerEnvelope } from "./internal/envelope.js";
+import { parseRecoveryFile, } from "./internal/recovery-file.js";
+/**
+ * Fully rotate an Ethos: new public/circle/self/#data keys (root unchanged),
+ * re-encrypt the Ethos zones under the new keys (fresh edition), and dual-wrap
+ * every data collection toward the new #data. Entirely client-side; uses only
+ * existing API primitives (rotate_sphere_key, publish_ethos_edition via the
+ * protocol-client editor, rotate_cmk). Returns a new recovery file — persist it.
+ *
+ * Option (a) semantics: the new head edition (carrying all current content) is
+ * fully verifiable under the new keys; pre-rotation edition snapshots are not
+ * re-verifiable against the rotated did.json (rotated[] retains the old keys so
+ * a rotated[]-aware verifier can be added later without re-rotating).
+ */
+export async function rotateEthos(recovery, opts = {}) {
+    const rec = typeof recovery === "string" ? parseRecoveryFile(recovery) : recovery;
+    const fetchImpl = opts.fetch ?? globalThis.fetch.bind(globalThis);
+    const apiBaseUrl = (opts.apiBaseUrl ?? DEFAULT_API_BASE_URL).replace(/\/$/, "");
+    const reason = opts.reason ?? "full-rotation";
+    const did = rec.did;
+    const rootSeed = hexToBytes(rec.seedsHex.root);
+    const log = opts.onProgress ?? (() => { });
+    // 1. Fetch the currently-published did.json.
+    log("fetching current did.json");
+    const idRes = await apiRpc(fetchImpl, apiBaseUrl, "aithos.get_identity", { did }, did, rootSeed);
+    const previousDoc = (idRes.object ?? idRes);
+    // 2. Generate fresh seeds (root kept).
+    const newSeeds = {
+        root: rootSeed,
+        public: randomSeed32(),
+        circle: randomSeed32(),
+        self: randomSeed32(),
+        data: randomSeed32(),
+    };
+    const newDataHex = bytesToHex(newSeeds.data);
+    // 3. Probe whether an Ethos edition exists (mockable apiRpc — NOT the
+    //    protocol-client editor, so this stays testable). Absent → -32020.
+    let hadEdition = true;
+    try {
+        log("probing for an existing edition");
+        await apiRpc(fetchImpl, apiBaseUrl, "aithos.get_ethos_manifest", { did }, did, rootSeed);
+    }
+    catch (e) {
+        if (e.code === -32020 || /not found/i.test(String(e.message))) {
+            hadEdition = false;
+        }
+        else {
+            throw e;
+        }
+    }
+    if (hadEdition && opts.skipZones && !opts.force) {
+        throw new Error("rotateEthos: this Ethos has an edition with (possibly encrypted) zone content, but skipZones was set. " +
+            "Rotating the sphere keys without recopying the zones would orphan that content. " +
+            "Pass force: true only if you are certain the zones hold nothing to preserve.");
+    }
+    // 4. Publish the rotated did.json (root-signed) via rotate_sphere_key.
+    log("publishing rotated did.json");
+    const rotatedDoc = buildSignedRotatedDidDocument(newSeeds, previousDoc, rec.displayName, reason);
+    await apiRpc(fetchImpl, apiBaseUrl, "aithos.rotate_sphere_key", { new_did_document: rotatedDoc }, did, rootSeed);
+    // 5. Republish a fresh edition under the NEW identity → zones re-sealed under
+    //    the new sphere keys (LIVE: protocol-client editor, ambient api endpoint).
+    //    loadEditSnapshot decrypts circle/self with the OLD keys; publishZoneEdit
+    //    re-seals them under the NEW identity.
+    let editionRepublished = false;
+    if (hadEdition && !opts.skipZones) {
+        log("loading current edition (old keys) + republishing (new keys)");
+        const snap = await loadEditSnapshot(did, toStoredIdentity(rec));
+        const newStored = toStoredIdentity({
+            handle: rec.handle,
+            displayName: rec.displayName,
+            did,
+            seedsHex: {
+                root: rec.seedsHex.root,
+                public: bytesToHex(newSeeds.public),
+                circle: bytesToHex(newSeeds.circle),
+                self: bytesToHex(newSeeds.self),
+                data: newDataHex,
+            },
+        });
+        await publishZoneEdit({
+            identity: newStored,
+            snapshot: snap,
+            newPublicSections: snap.publicSections ?? [],
+            ...(snap.circleSections ? { newCircleSections: snap.circleSections } : {}),
+            ...(snap.selfSections ? { newSelfSections: snap.selfSections } : {}),
+        });
+        editionRepublished = true;
+    }
+    // 6. Dual-wrap every collection toward the NEW #data (unwrap with old seeds).
+    log("re-keying collections toward the new #data");
+    const collections = await addDataSphereWrap(rec, {
+        ...(opts.pdsUrl ? { pdsUrl: opts.pdsUrl } : {}),
+        fetch: fetchImpl,
+        targetDataSeedHex: newDataHex,
+    });
+    // 7. New recovery (all new seeds; persist!).
+    const updatedRecoveryFile = JSON.stringify({
+        aithos_recovery_version: "0.1.0-plaintext",
+        handle: rec.handle,
+        display_name: rec.displayName,
+        did,
+        seeds_hex: {
+            root: rec.seedsHex.root,
+            public: bytesToHex(newSeeds.public),
+            circle: bytesToHex(newSeeds.circle),
+            self: bytesToHex(newSeeds.self),
+            data: newDataHex,
+        },
+        saved_at: new Date().toISOString(),
+    }, null, 2);
+    return {
+        did,
+        rotatedSpheres: ["public", "circle", "self"],
+        editionRepublished,
+        hadEdition,
+        collections,
+        updatedRecoveryFile,
+    };
+}
+/* -------------------------------------------------------------------------- */
+/*  helpers                                                                   */
+/* -------------------------------------------------------------------------- */
+function toStoredIdentity(rec) {
+    return {
+        handle: rec.handle,
+        displayName: rec.displayName,
+        did: rec.did,
+        seeds: {
+            root: rec.seedsHex.root,
+            public: rec.seedsHex.public,
+            circle: rec.seedsHex.circle,
+            self: rec.seedsHex.self,
+            ...(rec.seedsHex.data ? { data: rec.seedsHex.data } : {}),
+        },
+    };
+}
+async function apiRpc(fetchImpl, apiBaseUrl, method, params, did, rootSeed) {
+    const url = `${apiBaseUrl}/mcp/primitives/${method.includes("get_") ? "read" : "write"}`;
+    const envelope = await signOwnerEnvelope({
+        iss: did,
+        aud: url,
+        method,
+        params,
+        verificationMethod: `${did}#root`,
+        signer: { sign: async (m) => ed.sign(m, rootSeed) },
+    });
+    const r = await fetchImpl(url, {
+        method: "POST",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify({ jsonrpc: "2.0", id: `rotate_${Date.now()}`, method, params: { ...params, _envelope: envelope } }),
+    });
+    const j = (await r.json());
+    if (j.error) {
+        throw Object.assign(new Error(`${method} failed: ${j.error.message}`), { code: j.error.code });
+    }
+    return j.result ?? {};
+}
+function randomSeed32() {
+    const buf = new Uint8Array(32);
+    globalThis.crypto?.getRandomValues(buf);
+    return buf;
+}
+function hexToBytes(hex) {
+    const out = new Uint8Array(hex.length / 2);
+    for (let i = 0; i < out.length; i++)
+        out[i] = parseInt(hex.substr(i * 2, 2), 16);
+    return out;
+}
+function bytesToHex(b) {
+    let out = "";
+    for (let i = 0; i < b.length; i++)
+        out += b[i].toString(16).padStart(2, "0");
+    return out;
+}
+//# sourceMappingURL=rotate.js.map

package/dist/src/sdk.d.ts

@@ -1,8 +1,8 @@
 import type { AithosAuth } from "./auth.js";
 import { AppsNamespace } from "./apps.js";
-import { ComputeNamespace } from "./compute.js";
+import { ComputeNamespace, type ComputeWorkingSet } from "./compute.js";
 import { type AithosSdkEndpoints } from "./endpoints.js";
-import { EthosNamespace } from "./ethos.js";
+import { EthosNamespace, type ZoneName } from "./ethos.js";
 import { MandatesNamespace } from "./mandates.js";
 import { WalletNamespace } from "./wallet.js";
 import { WebNamespace } from "./web.js";
@@ -57,5 +57,29 @@ export declare class AithosSDK {
     constructor(config: AithosSDKConfig);
     /** DID of the currently signed-in owner, or null if no owner is loaded. */
     get userDid(): string | null;
+    /**
+     * Build the client-decrypted working-set for an agentic conversation.
+     *
+     * Reads the requested ethos zones for `did` through {@link EthosNamespace}
+     * (which decrypts client-side using the active owner/delegate keys) and
+     * packages them into the {@link ComputeWorkingSet} shape that
+     * `sdk.compute.runConversation({ workingSet })` consumes.
+     *
+     * Only zones the session can actually read are included: a zone the
+     * mandate does not grant (or whose delegate wrap is missing) throws
+     * `ethos_zone_unreadable` / `ethos_anonymous_private_zone` on read and is
+     * silently skipped — so the working-set is naturally bounded by what the
+     * caller is authorized to see. The proxy never holds a decryption key;
+     * this is where the plaintext is produced (see PLATFORM-COMPUTE-AGENTIC-MCP.md §4).
+     *
+     * Structured (gamma) data collections are not loaded here in v1 — attach
+     * them to the returned object's `data` field yourself if needed.
+     *
+     * @param did     Subject DID whose ethos to read (usually the signed-in owner).
+     * @param opts.zones  Zones to attempt. Defaults to all three.
+     */
+    buildWorkingSet(did: string, opts?: {
+        readonly zones?: readonly ZoneName[];
+    }): Promise<ComputeWorkingSet>;
 }
 //# sourceMappingURL=sdk.d.ts.map

package/dist/src/sdk.js

@@ -1,10 +1,11 @@
 // SPDX-License-Identifier: Apache-2.0
 // Copyright 2026 Mathieu Colla
 import { AppsNamespace } from "./apps.js";
-import { ComputeNamespace } from "./compute.js";
+import { ComputeNamespace, } from "./compute.js";
 import { resolveEndpoints } from "./endpoints.js";
 import { EthosNamespace } from "./ethos.js";
 import { MandatesNamespace } from "./mandates.js";
+import { AithosSDKError } from "./types.js";
 import { WalletNamespace } from "./wallet.js";
 import { WebNamespace } from "./web.js";
 export class AithosSDK {
@@ -80,5 +81,48 @@ export class AithosSDK {
     get userDid() {
         return this.auth.getOwnerInfo()?.did ?? null;
     }
+    /**
+     * Build the client-decrypted working-set for an agentic conversation.
+     *
+     * Reads the requested ethos zones for `did` through {@link EthosNamespace}
+     * (which decrypts client-side using the active owner/delegate keys) and
+     * packages them into the {@link ComputeWorkingSet} shape that
+     * `sdk.compute.runConversation({ workingSet })` consumes.
+     *
+     * Only zones the session can actually read are included: a zone the
+     * mandate does not grant (or whose delegate wrap is missing) throws
+     * `ethos_zone_unreadable` / `ethos_anonymous_private_zone` on read and is
+     * silently skipped — so the working-set is naturally bounded by what the
+     * caller is authorized to see. The proxy never holds a decryption key;
+     * this is where the plaintext is produced (see PLATFORM-COMPUTE-AGENTIC-MCP.md §4).
+     *
+     * Structured (gamma) data collections are not loaded here in v1 — attach
+     * them to the returned object's `data` field yourself if needed.
+     *
+     * @param did     Subject DID whose ethos to read (usually the signed-in owner).
+     * @param opts.zones  Zones to attempt. Defaults to all three.
+     */
+    async buildWorkingSet(did, opts) {
+        const zones = opts?.zones ?? ["public", "circle", "self"];
+        const client = await this.ethos.of(did);
+        const ethos = {};
+        for (const zone of zones) {
+            try {
+                const sections = await client.zone(zone).sections();
+                ethos[zone] = sections.map((s) => ({
+                    id: s.id,
+                    title: s.title,
+                    body: s.body,
+                }));
+            }
+            catch (e) {
+                // Zone not granted / not decryptable for this session → skip it.
+                if (e instanceof AithosSDKError)
+                    continue;
+                throw e;
+            }
+        }
+        return { ethos };
+    }
 }
 //# sourceMappingURL=sdk.js.map

package/dist/test/converse.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=converse.test.d.ts.map

package/dist/test/converse.test.js

@@ -0,0 +1,162 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2026 Mathieu Colla
+// Unit tests for sdk.compute.runConversation with a mock fetch.
+//
+// Mirrors compute.test.ts: a real BrowserIdentity drives the actual
+// envelope-signing path, and we assert on the JSON-RPC body posted to
+// the compute proxy (method name + camelCase→snake_case param mapping).
+import { strict as assert } from "node:assert";
+import { describe, it } from "node:test";
+import { createBrowserIdentity } from "@aithos/protocol-client";
+import { AithosAuth, AithosSDK, AithosSDKError, memoryKeyStore, noopStore, } from "../src/index.js";
+import { serializeRecoveryFile } from "../src/internal/recovery-file.js";
+const APP_DID = "did:aithos:app:test";
+async function makeSdk(fetchImpl) {
+    const id = createBrowserIdentity("test-handle", "Test User");
+    const auth = new AithosAuth({
+        authBaseUrl: "https://auth.test",
+        fetch: (() => {
+            throw new Error("auth not used in converse tests");
+        }),
+        sessionStore: noopStore(),
+        keyStore: memoryKeyStore(),
+    });
+    const { text } = serializeRecoveryFile(id);
+    await auth.signInWithRecovery({ file: text });
+    return new AithosSDK({
+        auth,
+        appDid: APP_DID,
+        endpoints: { compute: "https://compute.example.test" },
+        fetch: fetchImpl,
+    });
+}
+const HAPPY_RESULT = {
+    content: "Voici le résumé.",
+    stopReason: "end_turn",
+    iterations: 2,
+    usage: { inputTokens: 420, outputTokens: 95 },
+    toolCalls: [{ name: "ethos_read_section", ok: true, turn: 1 }],
+    creditsCharged: 130,
+    walletBalance: 99_870,
+    auditId: "audit-cv-1",
+    fundedBy: "purchase",
+};
+describe("compute.runConversation — happy path + param mapping", () => {
+    it("posts aithos.compute_converse with mapped params and parses the result", async () => {
+        let capturedUrl;
+        let capturedInit;
+        const fakeFetch = async (input, init) => {
+            capturedUrl = typeof input === "string" ? input : input.toString();
+            capturedInit = init;
+            return new Response(JSON.stringify({ result: HAPPY_RESULT }), {
+                status: 200,
+                headers: { "content-type": "application/json" },
+            });
+        };
+        const sdk = await makeSdk(fakeFetch);
+        const out = await sdk.compute.runConversation({
+            mandateId: "mandate:abc",
+            model: "claude-sonnet-4-6",
+            system: "Tu agis dans la voix de l'utilisateur.",
+            messages: [{ role: "user", content: "Résume mon ethos." }],
+            mcp: { server: "aithos", tools: ["ethos_list_sections", "ethos_read_section"] },
+            workingSet: {
+                ethos: { public: [{ id: "p1", title: "Bio", body: "..." }] },
+            },
+            maxIterations: 5,
+            maxTokens: 800,
+            temperature: 0.4,
+        });
+        assert.deepEqual(out, HAPPY_RESULT);
+        assert.equal(capturedUrl, "https://compute.example.test/v1/invoke");
+        assert.equal(capturedInit?.method, "POST");
+        const body = JSON.parse(capturedInit?.body);
+        assert.equal(body.jsonrpc, "2.0");
+        assert.equal(body.method, "aithos.compute_converse");
+        assert.equal(body.params.app_did, APP_DID);
+        assert.equal(body.params.mandate_id, "mandate:abc");
+        assert.equal(body.params.model, "claude-sonnet-4-6");
+        assert.equal(body.params.system, "Tu agis dans la voix de l'utilisateur.");
+        // camelCase → snake_case mapping on the wire.
+        assert.equal(body.params.max_iterations, 5);
+        assert.equal(body.params.max_tokens, 800);
+        assert.equal(body.params.temperature, 0.4);
+        assert.ok(body.params.working_set, "working_set must be on the wire");
+        assert.deepEqual(body.params.mcp, {
+            server: "aithos",
+            tools: ["ethos_list_sections", "ethos_read_section"],
+        });
+        assert.match(body.params.idempotency_key, /^[0-9a-f]{32}$/);
+        assert.ok(body.params._envelope, "request must carry a signed envelope");
+        // SDK-only camelCase keys must NOT leak onto the wire.
+        assert.equal(body.params.maxIterations, undefined);
+        assert.equal(body.params.workingSet, undefined);
+    });
+    it("omits optional fields when not provided", async () => {
+        let capturedInit;
+        const fakeFetch = async (_input, init) => {
+            capturedInit = init;
+            return new Response(JSON.stringify({ result: HAPPY_RESULT }), {
+                status: 200,
+                headers: { "content-type": "application/json" },
+            });
+        };
+        const sdk = await makeSdk(fakeFetch);
+        await sdk.compute.runConversation({
+            mandateId: "mandate:abc",
+            model: "claude-haiku-4-5",
+            messages: [{ role: "user", content: "Salut" }],
+        });
+        const body = JSON.parse(capturedInit?.body);
+        assert.equal(body.params.system, undefined);
+        assert.equal(body.params.mcp, undefined);
+        assert.equal(body.params.working_set, undefined);
+        assert.equal(body.params.max_iterations, undefined);
+        assert.equal(body.params.max_tokens, undefined);
+    });
+});
+describe("compute.runConversation — errors", () => {
+    it("maps a JSON-RPC error to AithosSDKError with the proxy code", async () => {
+        const fakeFetch = async () => new Response(JSON.stringify({
+            error: { code: -32071, message: "insufficient credits" },
+        }), { status: 200, headers: { "content-type": "application/json" } });
+        const sdk = await makeSdk(fakeFetch);
+        await assert.rejects(() => sdk.compute.runConversation({
+            mandateId: "mandate:abc",
+            model: "claude-sonnet-4-6",
+            messages: [{ role: "user", content: "Hi" }],
+        }), (err) => {
+            assert.ok(err instanceof AithosSDKError);
+            assert.equal(err.code, "-32071");
+            return true;
+        });
+    });
+    it("throws sdk_no_signer when no owner and no mandate", async () => {
+        // Build an SDK with no signed-in owner.
+        const auth = new AithosAuth({
+            authBaseUrl: "https://auth.test",
+            fetch: (() => {
+                throw new Error("unused");
+            }),
+            sessionStore: noopStore(),
+            keyStore: memoryKeyStore(),
+        });
+        const sdk = new AithosSDK({
+            auth,
+            appDid: APP_DID,
+            endpoints: { compute: "https://compute.example.test" },
+            fetch: (() => {
+                throw new Error("fetch must not be reached");
+            }),
+        });
+        await assert.rejects(() => sdk.compute.runConversation({
+            model: "claude-sonnet-4-6",
+            messages: [{ role: "user", content: "Hi" }],
+        }), (err) => {
+            assert.ok(err instanceof AithosSDKError);
+            assert.equal(err.code, "sdk_no_signer");
+            return true;
+        });
+    });
+});
+//# sourceMappingURL=converse.test.js.map

package/dist/test/migrate.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=migrate.test.d.ts.map