@aithos/sdk 0.1.0-alpha.6 → 0.1.0-alpha.60

package/dist/test/schema-autoresolve.test.js

@@ -0,0 +1,146 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2026 Mathieu Colla
+// A reader that did NOT bundle a vendor schema can still read a collection that
+// uses it, by auto-resolving the PUBLISHED JSON Schema from the PDS and
+// deriving the field split from its aithos:indexable / aithos:auto annotations.
+// This is what lets the strangler reference app (and any latest-SDK client)
+// read any collection without hardcoding VENDOR_SCHEMAS.
+import { test } from "node:test";
+import { strict as assert } from "node:assert";
+import { randomBytes } from "node:crypto";
+import { createDataClient, liteFromPublishedSchema } from "../src/data.js";
+import * as ed from "@noble/ed25519";
+import { sha512 } from "@noble/hashes/sha2.js";
+ed.etc.sha512Sync = (...m) => sha512(ed.etc.concatBytes(...m));
+const MEMO_ID = "aithos.x.demo.memo.v1";
+const memoLite = {
+    schema: MEMO_ID,
+    indexable: new Set(["title"]),
+    encrypted: new Set(["body"]),
+    auto: new Set(),
+    defaults: {},
+};
+const memoJson = {
+    "aithos:schema": MEMO_ID,
+    "aithos:version": "1.0.0",
+    type: "object",
+    additionalProperties: false,
+    required: ["title"],
+    properties: {
+        title: { type: "string", "aithos:indexable": true },
+        body: { type: "string" },
+    },
+};
+test("liteFromPublishedSchema derives the field split from annotations", () => {
+    const lite = liteFromPublishedSchema(memoJson);
+    assert.equal(lite.schema, MEMO_ID);
+    assert.deepEqual([...lite.indexable].sort(), ["title"]);
+    assert.deepEqual([...lite.encrypted].sort(), ["body"]);
+    assert.equal(lite.auto.size, 0);
+});
+function makePds() {
+    const collections = new Map();
+    const records = new Map();
+    const schemas = new Map();
+    const fetchImpl = (async (_url, init) => {
+        const body = JSON.parse(init.body);
+        const p = body.params ?? {};
+        const ok = (result) => new Response(JSON.stringify({ jsonrpc: "2.0", id: body.id, result }), { status: 200 });
+        const er = (code, m) => new Response(JSON.stringify({ jsonrpc: "2.0", id: body.id, error: { code, message: m } }), { status: 200 });
+        const urn = (did, n) => `urn:aithos:collection:${did}:${n}`;
+        switch (body.method) {
+            case "aithos.data.register_schema":
+                schemas.set(p.schema_doc["aithos:schema"], p.schema_doc);
+                return ok({ schema_id: p.schema_doc["aithos:schema"], doc_hash: "h", created: true });
+            case "aithos.data.get_schema": {
+                const d = schemas.get(p.schema);
+                return d ? ok({ schema: d }) : er(-32070, "unknown schema");
+            }
+            case "aithos.data.create_collection": {
+                const u = urn(p.subject_did, p.collection_name);
+                collections.set(u, { urn: u, name: p.collection_name, schema: p.schema, subject_did: p.subject_did, cmk_envelope: p.cmk_envelope, record_count: 0 });
+                records.set(u, new Map());
+                return ok({ urn: u, name: p.collection_name, schema: p.schema, cmk_envelope: p.cmk_envelope });
+            }
+            case "aithos.data.get_collection": {
+                const c = collections.get(urn(p.subject_did, p.collection_name));
+                return c ? ok({ urn: c.urn, name: c.name, schema: c.schema, cmk_envelope: c.cmk_envelope, record_count: c.record_count }) : er(-32020, "nf");
+            }
+            case "aithos.data.insert_record": {
+                records.get(p.collection_urn).set(p.record_id, { record_id: p.record_id, metadata: p.metadata, payload: p.payload });
+                return ok({ record_id: p.record_id });
+            }
+            case "aithos.data.get_record": {
+                const r = records.get(p.collection_urn)?.get(p.record_id);
+                return r ? ok(r) : er(-32020, "nf");
+            }
+            default:
+                return er(-32601, body.method);
+        }
+    });
+    return { fetchImpl, schemas };
+}
+test("a reader without the bundled vendor lite decodes via the published schema", async () => {
+    const seed = new Uint8Array(randomBytes(32));
+    const pub = ed.getPublicKey(seed);
+    // did:key style (single-key) — fine for the data PDS owner path in this mock.
+    let n = 0n;
+    const mc = new Uint8Array([0xed, 0x01, ...pub]);
+    for (const b of mc)
+        n = (n << 8n) | BigInt(b);
+    const alpha = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+    let mb = "";
+    let x = n;
+    while (x > 0n) {
+        mb = alpha[Number(x % 58n)] + mb;
+        x /= 58n;
+    }
+    const did = `did:key:z${mb}`;
+    const vm = `${did}#z${mb}`;
+    const pds = makePds();
+    // Writer: bundles the lite, registers the JSON schema, writes a record.
+    const writer = createDataClient({ pdsUrl: "https://pds.test", did, sphereSeed: seed, verificationMethod: vm, schemas: [memoLite], fetch: pds.fetchImpl });
+    await writer.registerSchema(memoJson);
+    await writer.createCollection({ name: "memos", schema: MEMO_ID });
+    const recId = await writer.collection("memos").insert({ title: "Hello", body: "top secret body" });
+    // Reader: NO bundled schema. Must auto-resolve from the PDS-published schema.
+    const reader = createDataClient({ pdsUrl: "https://pds.test", did, sphereSeed: seed, verificationMethod: vm, fetch: pds.fetchImpl });
+    const got = await reader.collection("memos").get(recId);
+    assert.equal(got.title, "Hello", "indexable field present");
+    assert.equal(got.body, "top secret body", "encrypted field decoded via auto-resolved schema");
+});
+test("schema-less READ still works (decrypts); only WRITE requires the schema", async () => {
+    const seed = new Uint8Array(randomBytes(32));
+    const pub = ed.getPublicKey(seed);
+    let n = 0n;
+    const mc = new Uint8Array([0xed, 0x01, ...pub]);
+    for (const b of mc)
+        n = (n << 8n) | BigInt(b);
+    const alpha = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+    let mb = "";
+    let x = n;
+    while (x > 0n) {
+        mb = alpha[Number(x % 58n)] + mb;
+        x /= 58n;
+    }
+    const did = `did:key:z${mb}`;
+    const vm = `${did}#z${mb}`;
+    const pds = makePds();
+    // Writer bundles the lite, creates the collection + a record, but does NOT
+    // register the schema on the PDS (simulates an app like delie that keeps its
+    // schema local). So no client can auto-resolve it.
+    const writer = createDataClient({ pdsUrl: "https://pds.test", did, sphereSeed: seed, verificationMethod: vm, schemas: [memoLite], fetch: pds.fetchImpl });
+    await writer.createCollection({ name: "memos", schema: MEMO_ID });
+    const recId = await writer.collection("memos").insert({ title: "Hi", body: "encrypted secret" });
+    // Reader has NEITHER the bundled lite NOR a published schema to fetch.
+    const reader = createDataClient({ pdsUrl: "https://pds.test", did, sphereSeed: seed, verificationMethod: vm, fetch: pds.fetchImpl });
+    // READ still works — records decrypt from the CMK + metadata/payload; the
+    // schema is only needed to SPLIT on write. This is what makes a migrated
+    // collection directly usable under #data by any client.
+    const got = await reader.collection("memos").get(recId);
+    assert.equal(got.title, "Hi", "indexable field (plaintext metadata) present");
+    assert.equal(got.body, "encrypted secret", "encrypted field decrypted WITHOUT the schema");
+    // WRITE fails cleanly (can't split/validate without the schema).
+    await assert.rejects(() => reader.collection("memos").insert({ title: "no", body: "go" }), /needs its schema/);
+});
+//# sourceMappingURL=schema-autoresolve.test.js.map

package/dist/test/sdk.test.js

@@ -33,6 +33,9 @@ describe("DEFAULT_SDK_ENDPOINTS", () => {
     it("points at the production Aithos hosts", () => {
         assert.equal(DEFAULT_SDK_ENDPOINTS.compute, "https://compute.aithos.be");
         assert.equal(DEFAULT_SDK_ENDPOINTS.wallet, "https://wallet.aithos.be");
+        assert.equal(DEFAULT_SDK_ENDPOINTS.web, "https://extract.aithos.be");
+        assert.equal(DEFAULT_SDK_ENDPOINTS.pds, "https://pds.aithos.be");
+        assert.equal(DEFAULT_SDK_ENDPOINTS.assets, "https://assets.aithos.be");
     });
 });
 describe("AithosSDK constructor", () => {
@@ -101,7 +104,12 @@ describe("AithosSDK constructor", () => {
         assert.equal(typeof sdk.ethos.me, "function");
         assert.equal(typeof sdk.mandates.create, "function");
     });
-    it("compute.invokeBedrock rejects when no owner is signed in", async () => {
+    it("compute.invokeBedrock rejects when no owner AND no delegate matches the mandate", async () => {
+        // Since alpha.9, invokeBedrock supports a delegate signing path. The
+        // failure mode here (no owner loaded AND no imported mandate matching
+        // the requested id) returns code `sdk_no_delegate_for_mandate`.
+        // The previous `sdk_no_owner` code now applies only to other entry
+        // points where there's no delegate fallback.
         const auth = makeAuth();
         const sdk = new AithosSDK({
             auth,
@@ -114,7 +122,8 @@ describe("AithosSDK constructor", () => {
             mandateId: "mandate:x",
             model: "claude-sonnet-4-6",
             messages: [{ role: "user", content: "hi" }],
-        }), (e) => e instanceof AithosSDKError && e.code === "sdk_no_owner");
+        }), (e) => e instanceof AithosSDKError &&
+            e.code === "sdk_no_delegate_for_mandate");
     });
 });
 //# sourceMappingURL=sdk.test.js.map

package/dist/test/signup-bootstrap.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=signup-bootstrap.test.d.ts.map

package/dist/test/signup-bootstrap.test.js

@@ -0,0 +1,311 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2026 Mathieu Colla
+// Tests for the Ethos bootstrap step inside AithosAuth.signUp().
+//
+// The contract:
+//   1. POST /auth/register → creates the auth user (auth.aithos.be).
+//   2. POST /mcp/primitives/write with method=aithos.publish_identity →
+//      provisions the user's Ethos on api.aithos.be.
+//   3. Hydrate local state ONLY after both steps succeed.
+//
+// Failure modes:
+//   - register fails  → throw, no publish_identity attempted, no hydrate.
+//   - publish_identity rejected (JSON-RPC error) → throw immediately,
+//     no retry, no hydrate.
+//   - publish_identity 5xx / network error → 2 retries with backoff,
+//     then throw `ethos_bootstrap_failed` if all fail.
+//
+// We mock fetch end-to-end so the tests run offline. The protocol-client
+// crypto runs for real — we want to assert that the envelope shape coming
+// out of the SDK matches what api.aithos.be will accept.
+import { strict as assert } from "node:assert";
+import { describe, it } from "node:test";
+import { AithosAuth, AithosSDKError, memoryKeyStore, noopStore, } from "../src/index.js";
+function makeMockFetch(handlers) {
+    const calls = [];
+    const fetchImpl = (async (input, init) => {
+        const url = String(input);
+        const method = init?.method ?? "GET";
+        const bodyText = typeof init?.body === "string"
+            ? init.body
+            : init?.body == null
+                ? null
+                : String(init.body);
+        const body = bodyText ? JSON.parse(bodyText) : null;
+        const call = { url, method, body };
+        calls.push(call);
+        for (const h of handlers) {
+            if (!url.includes(h.url))
+                continue;
+            if (h.method && h.method !== method)
+                continue;
+            if (h.remaining !== undefined && h.remaining <= 0)
+                continue;
+            if (h.remaining !== undefined)
+                h.remaining--;
+            const out = await h.respond(call);
+            const status = out.status ?? 200;
+            return new Response(JSON.stringify(out.json), {
+                status,
+                headers: { "content-type": "application/json" },
+            });
+        }
+        throw new Error(`unhandled fetch: ${method} ${url}`);
+    });
+    return { fetch: fetchImpl, calls };
+}
+function fakeRegisterOk() {
+    return {
+        json: {
+            session: "jwt-token-here",
+            exp: Math.floor(Date.now() / 1000) + 3600,
+        },
+    };
+}
+function fakePublishIdentityOk() {
+    return {
+        json: {
+            jsonrpc: "2.0",
+            id: "publish_identity",
+            result: { ok: true, did_document_url: "https://cdn.aithos.be/ethos/zABC/did.json" },
+        },
+    };
+}
+function makeAuth(fetchImpl) {
+    return new AithosAuth({
+        authBaseUrl: "https://auth.test",
+        apiBaseUrl: "https://api.test",
+        fetch: fetchImpl,
+        sessionStore: noopStore(),
+        keyStore: memoryKeyStore(),
+    });
+}
+const validInput = {
+    email: "alice@test.example",
+    password: "correct horse battery staple",
+    handle: "alice",
+};
+/* -------------------------------------------------------------------------- */
+/*  Happy path                                                                */
+/* -------------------------------------------------------------------------- */
+describe("AithosAuth.signUp — Ethos bootstrap", () => {
+    it("calls /auth/register THEN /mcp/primitives/write with publish_identity", async () => {
+        const { fetch: f, calls } = makeMockFetch([
+            { url: "/auth/register", method: "POST", respond: fakeRegisterOk },
+            {
+                url: "/mcp/primitives/write",
+                method: "POST",
+                respond: fakePublishIdentityOk,
+            },
+        ]);
+        const auth = makeAuth(f);
+        const r = await auth.signUp(validInput);
+        assert.equal(calls.length, 2, "should make exactly 2 calls");
+        assert.match(calls[0].url, /\/auth\/register$/);
+        assert.match(calls[1].url, /\/mcp\/primitives\/write$/);
+        assert.ok(r.session.session === "jwt-token-here");
+        assert.ok(auth.canSignAsOwner(), "must be hydrated as owner");
+    });
+    it("envelope is JSON-RPC publish_identity, signed by #root, with valid params", async () => {
+        let publishBody = null;
+        const { fetch: f } = makeMockFetch([
+            { url: "/auth/register", method: "POST", respond: fakeRegisterOk },
+            {
+                url: "/mcp/primitives/write",
+                method: "POST",
+                respond: (call) => {
+                    publishBody = call.body;
+                    return fakePublishIdentityOk();
+                },
+            },
+        ]);
+        await makeAuth(f).signUp(validInput);
+        // JSON-RPC envelope shape
+        assert.equal(publishBody.jsonrpc, "2.0");
+        assert.equal(publishBody.method, "aithos.publish_identity");
+        // params include the inline _envelope and the publish_identity payload
+        const params = publishBody.params;
+        assert.equal(typeof params.handle, "string");
+        assert.equal(params.handle, "alice");
+        assert.equal(typeof params.display_name, "string");
+        assert.ok(params.did_document, "did_document must be present");
+        assert.ok(params._envelope, "_envelope must be present");
+        // envelope is signed by #root
+        const env = params._envelope;
+        assert.equal(env["aithos-envelope"], "0.1.0");
+        assert.match(env.iss, /^did:aithos:/);
+        assert.equal(env.method, "aithos.publish_identity");
+        assert.equal(env.aud, "https://api.test/mcp/primitives/write");
+        assert.equal(env.proof.type, "Ed25519Signature2020");
+        assert.match(env.proof.verificationMethod, /#root$/);
+        assert.equal(typeof env.proof.proofValue, "string");
+        assert.ok(env.proof.proofValue.length > 0);
+    });
+    it("does NOT hydrate state when /auth/register fails", async () => {
+        const { fetch: f, calls } = makeMockFetch([
+            {
+                url: "/auth/register",
+                method: "POST",
+                respond: () => ({
+                    status: 409,
+                    json: { error: "email_taken" },
+                }),
+            },
+        ]);
+        const auth = makeAuth(f);
+        await assert.rejects(() => auth.signUp(validInput), AithosSDKError);
+        assert.equal(calls.length, 1, "publish_identity must NOT be called");
+        assert.equal(auth.canSignAsOwner(), false);
+    });
+    it("does NOT hydrate state when publish_identity returns a JSON-RPC error", async () => {
+        const { fetch: f, calls } = makeMockFetch([
+            { url: "/auth/register", method: "POST", respond: fakeRegisterOk },
+            {
+                url: "/mcp/primitives/write",
+                method: "POST",
+                respond: () => ({
+                    json: {
+                        jsonrpc: "2.0",
+                        id: "publish_identity",
+                        error: { code: -32600, message: "invalid envelope signature" },
+                    },
+                }),
+            },
+        ]);
+        const auth = makeAuth(f);
+        await assert.rejects(() => auth.signUp(validInput), (e) => e instanceof AithosSDKError && e.code === "ethos_bootstrap_failed");
+        // No retry on JSON-RPC error: 1 register + 1 publish.
+        assert.equal(calls.length, 2);
+        assert.equal(auth.canSignAsOwner(), false);
+    });
+    it("retries publish_identity on 5xx, then succeeds", async () => {
+        let publishCalls = 0;
+        const { fetch: f } = makeMockFetch([
+            { url: "/auth/register", method: "POST", respond: fakeRegisterOk },
+            {
+                url: "/mcp/primitives/write",
+                method: "POST",
+                respond: () => {
+                    publishCalls++;
+                    if (publishCalls < 2) {
+                        return { status: 503, json: { error: "transient" } };
+                    }
+                    return fakePublishIdentityOk();
+                },
+            },
+        ]);
+        const auth = makeAuth(f);
+        await auth.signUp(validInput);
+        assert.equal(publishCalls, 2);
+        assert.ok(auth.canSignAsOwner());
+    });
+    it("throws ethos_bootstrap_failed after all retries fail with 5xx", async () => {
+        let publishCalls = 0;
+        const { fetch: f } = makeMockFetch([
+            { url: "/auth/register", method: "POST", respond: fakeRegisterOk },
+            {
+                url: "/mcp/primitives/write",
+                method: "POST",
+                respond: () => {
+                    publishCalls++;
+                    return { status: 503, json: { error: "transient" } };
+                },
+            },
+        ]);
+        const auth = makeAuth(f);
+        await assert.rejects(() => auth.signUp(validInput), (e) => e instanceof AithosSDKError && e.code === "ethos_bootstrap_failed");
+        // 3 attempts total (initial + 2 retries).
+        assert.equal(publishCalls, 3);
+        assert.equal(auth.canSignAsOwner(), false);
+    });
+    /* ------------------------------------------------------------------------ */
+    /*  alpha.36 — defense-in-depth for legacy backends without semantic-equal  */
+    /* ------------------------------------------------------------------------ */
+    it("treats -32022 'different did.json already published' as a no-op success", async () => {
+        // This is the regression introduced in alpha.33: republishing the same
+        // identity returns -32022 because `signedDidDocument()` regenerates
+        // `aithos.created_at` on every call. For an honest signer, this is
+        // semantically a no-op — the Ethos is published, crypto material matches.
+        // The SDK swallows this specific case so chatty publish_identity callers
+        // (signInCustodial, verifyEmail) don't break on every subsequent sign-in.
+        const { fetch: f, calls } = makeMockFetch([
+            { url: "/auth/register", method: "POST", respond: fakeRegisterOk },
+            {
+                url: "/mcp/primitives/write",
+                method: "POST",
+                respond: () => ({
+                    json: {
+                        jsonrpc: "2.0",
+                        id: "publish_identity",
+                        error: {
+                            code: -32022,
+                            message: "different did.json already published for this DID",
+                            data: { existing_doc_url: "https://cdn.aithos.be/did.json" },
+                        },
+                    },
+                }),
+            },
+        ]);
+        const auth = makeAuth(f);
+        // Must succeed, not throw — the republish-conflict is masked.
+        await auth.signUp(validInput);
+        // Hydrate worked: owner is loaded.
+        assert.equal(auth.canSignAsOwner(), true);
+        // No retry on -32022 (deterministic) — exactly 1 publish call.
+        assert.equal(calls.filter((c) => c.url.includes("/mcp/primitives/write")).length, 1, "publish_identity must not retry on -32022");
+    });
+    it("still throws ethos_bootstrap_failed on -32022 with a DIFFERENT message", async () => {
+        // The shim is narrow: it ONLY swallows the specific
+        // "different did.json already published" message. Other -32022 cases
+        // (server might use the same code for different semantics) must still
+        // bubble up as ethos_bootstrap_failed.
+        const { fetch: f } = makeMockFetch([
+            { url: "/auth/register", method: "POST", respond: fakeRegisterOk },
+            {
+                url: "/mcp/primitives/write",
+                method: "POST",
+                respond: () => ({
+                    json: {
+                        jsonrpc: "2.0",
+                        id: "publish_identity",
+                        error: {
+                            code: -32022,
+                            message: "subject identity is tombstoned",
+                        },
+                    },
+                }),
+            },
+        ]);
+        const auth = makeAuth(f);
+        await assert.rejects(() => auth.signUp(validInput), (e) => e instanceof AithosSDKError &&
+            e.code === "ethos_bootstrap_failed" &&
+            /tombstoned/i.test(e.message));
+        assert.equal(auth.canSignAsOwner(), false);
+    });
+    it("still throws ethos_bootstrap_failed on the conflict message under a different code", async () => {
+        // Conversely, an error matching the message but with a code OTHER than
+        // -32022 is not swallowed — we anchor on both (code, message) to keep
+        // the shim narrow.
+        const { fetch: f } = makeMockFetch([
+            { url: "/auth/register", method: "POST", respond: fakeRegisterOk },
+            {
+                url: "/mcp/primitives/write",
+                method: "POST",
+                respond: () => ({
+                    json: {
+                        jsonrpc: "2.0",
+                        id: "publish_identity",
+                        error: {
+                            code: -32000,
+                            message: "different did.json already published for this DID",
+                        },
+                    },
+                }),
+            },
+        ]);
+        const auth = makeAuth(f);
+        await assert.rejects(() => auth.signUp(validInput), (e) => e instanceof AithosSDKError && e.code === "ethos_bootstrap_failed");
+        assert.equal(auth.canSignAsOwner(), false);
+    });
+});
+//# sourceMappingURL=signup-bootstrap.test.js.map

package/dist/test/transcribe-invoke.test.d.ts

@@ -0,0 +1,2 @@
+import "fake-indexeddb/auto";
+//# sourceMappingURL=transcribe-invoke.test.d.ts.map