@botcord/daemon 0.2.36 → 0.2.37

package/src/__tests__/provision.test.ts

@@ -145,6 +145,110 @@ function makeFakeGateway(initialChannelIds: string[] = []): FakeGateway {
   };
 }
 
+describe("list_agent_files handler", () => {
+  it("returns allowlisted workspace and attached hermes profile files for the requested agent", async () => {
+    const os = await import("node:os");
+    const fs = await import("node:fs");
+    const nodePath = await import("node:path");
+
+    const tmp = fs.mkdtempSync(nodePath.join(os.tmpdir(), "daemon-runtime-files-"));
+    const prevHome = process.env.HOME;
+    process.env.HOME = tmp;
+    try {
+      const credDir = nodePath.join(tmp, ".botcord", "credentials");
+      fs.mkdirSync(credDir, { recursive: true });
+      fs.writeFileSync(
+        nodePath.join(credDir, "ag_hermes.json"),
+        JSON.stringify({
+          version: 1,
+          hubUrl: "https://hub.example",
+          agentId: "ag_hermes",
+          keyId: "k_hermes",
+          privateKey: Buffer.alloc(32, 7).toString("base64"),
+          runtime: "hermes-agent",
+          hermesProfile: "default",
+        }),
+      );
+
+      const workspace = nodePath.join(tmp, ".botcord", "agents", "ag_hermes", "workspace");
+      fs.mkdirSync(workspace, { recursive: true });
+      fs.writeFileSync(nodePath.join(workspace, "memory.md"), "# Memory\nowned\n");
+      fs.writeFileSync(nodePath.join(workspace, "task.md"), "# Task\n");
+
+      const hermesMem = nodePath.join(tmp, ".hermes", "memories");
+      fs.mkdirSync(hermesMem, { recursive: true });
+      fs.writeFileSync(nodePath.join(tmp, ".hermes", "SOUL.md"), "# Soul\n");
+      fs.writeFileSync(nodePath.join(hermesMem, "MEMORY.md"), "# Hermes Memory\n");
+
+      const handler = createProvisioner({ gateway: makeFakeGateway() as any });
+      const res = await handler({
+        id: "req_files",
+        type: "list_agent_files",
+        params: { agentId: "ag_hermes" },
+      });
+
+      expect(res.ok).toBe(true);
+      const result = res.result as any;
+      expect(result.agentId).toBe("ag_hermes");
+      expect(result.runtime).toBe("hermes-agent");
+      const byName = Object.fromEntries(result.files.map((f: any) => [f.name, f]));
+      expect(byName["workspace/memory.md"].content).toBe("# Memory\nowned\n");
+      expect(byName["workspace/task.md"].content).toBe("# Task\n");
+      expect(byName["hermes/default/SOUL.md"].content).toBe("# Soul\n");
+      expect(byName["hermes/default/memories/MEMORY.md"].content).toBe("# Hermes Memory\n");
+      expect(result.files.some((f: any) => f.name.includes("credentials"))).toBe(false);
+    } finally {
+      if (prevHome === undefined) delete process.env.HOME;
+      else process.env.HOME = prevHome;
+    }
+  });
+
+  it("filters by daemon-issued file id", async () => {
+    const os = await import("node:os");
+    const fs = await import("node:fs");
+    const nodePath = await import("node:path");
+
+    const tmp = fs.mkdtempSync(nodePath.join(os.tmpdir(), "daemon-runtime-files-"));
+    const prevHome = process.env.HOME;
+    process.env.HOME = tmp;
+    try {
+      const credDir = nodePath.join(tmp, ".botcord", "credentials");
+      fs.mkdirSync(credDir, { recursive: true });
+      fs.writeFileSync(
+        nodePath.join(credDir, "ag_one.json"),
+        JSON.stringify({
+          version: 1,
+          hubUrl: "https://hub.example",
+          agentId: "ag_one",
+          keyId: "k_one",
+          privateKey: Buffer.alloc(32, 8).toString("base64"),
+          runtime: "claude-code",
+        }),
+      );
+      const workspace = nodePath.join(tmp, ".botcord", "agents", "ag_one", "workspace");
+      fs.mkdirSync(workspace, { recursive: true });
+      fs.writeFileSync(nodePath.join(workspace, "memory.md"), "# Memory\n");
+      fs.writeFileSync(nodePath.join(workspace, "task.md"), "# Task\n");
+
+      const handler = createProvisioner({ gateway: makeFakeGateway() as any });
+      const res = await handler({
+        id: "req_one_file",
+        type: "list_agent_files",
+        params: { agentId: "ag_one", fileId: "workspace:task.md" },
+      });
+
+      expect(res.ok).toBe(true);
+      const result = res.result as any;
+      expect(result.files).toHaveLength(1);
+      expect(result.files[0].name).toBe("workspace/task.md");
+      expect(result.files[0].content).toBe("# Task\n");
+    } finally {
+      if (prevHome === undefined) delete process.env.HOME;
+      else process.env.HOME = prevHome;
+    }
+  });
+});
+
 describe("reload_config handler", () => {
   it("adds agents listed in config but missing from gateway", async () => {
     mockState.cfg = {
@@ -1585,3 +1689,78 @@ describe("provision_agent hermes profile attach", () => {
     });
   });
 });
+
+describe("W8: gateway frame param validation in provision dispatch", () => {
+  it("rejects malformed UPSERT_GATEWAY (missing accountId) with bad_params", async () => {
+    const gw = makeFakeGateway(["ag_a"]);
+    const provisioner = createProvisioner({
+      gateway: gw as unknown as Parameters<typeof createProvisioner>[0]["gateway"],
+    });
+    const ack = await provisioner({
+      id: "req_w8a",
+      type: CONTROL_FRAME_TYPES.UPSERT_GATEWAY,
+      params: { id: "gw_x", type: "telegram" } as unknown as Record<string, unknown>,
+    });
+    expect(ack.ok).toBe(false);
+    expect(ack.error?.code).toBe("bad_params");
+    expect(ack.error?.message).toContain("accountId");
+    expect(gw.addChannel).not.toHaveBeenCalled();
+  });
+
+  it("rejects malformed REMOVE_GATEWAY (params is not an object)", async () => {
+    const gw = makeFakeGateway();
+    const provisioner = createProvisioner({
+      gateway: gw as unknown as Parameters<typeof createProvisioner>[0]["gateway"],
+    });
+    const ack = await provisioner({
+      id: "req_w8b",
+      type: CONTROL_FRAME_TYPES.REMOVE_GATEWAY,
+      // @ts-expect-error — exercising the runtime guard
+      params: "not-an-object",
+    });
+    expect(ack.ok).toBe(false);
+    expect(ack.error?.code).toBe("bad_params");
+  });
+
+  it("rejects malformed TEST_GATEWAY (id missing)", async () => {
+    const gw = makeFakeGateway();
+    const provisioner = createProvisioner({
+      gateway: gw as unknown as Parameters<typeof createProvisioner>[0]["gateway"],
+    });
+    const ack = await provisioner({
+      id: "req_w8c",
+      type: CONTROL_FRAME_TYPES.TEST_GATEWAY,
+      params: {},
+    });
+    expect(ack.ok).toBe(false);
+    expect(ack.error?.code).toBe("bad_params");
+  });
+
+  it("rejects malformed GATEWAY_LOGIN_START (missing provider)", async () => {
+    const gw = makeFakeGateway();
+    const provisioner = createProvisioner({
+      gateway: gw as unknown as Parameters<typeof createProvisioner>[0]["gateway"],
+    });
+    const ack = await provisioner({
+      id: "req_w8d",
+      type: CONTROL_FRAME_TYPES.GATEWAY_LOGIN_START,
+      params: { accountId: "ag_a" },
+    });
+    expect(ack.ok).toBe(false);
+    expect(ack.error?.code).toBe("bad_params");
+  });
+
+  it("rejects malformed GATEWAY_LOGIN_STATUS (missing loginId)", async () => {
+    const gw = makeFakeGateway();
+    const provisioner = createProvisioner({
+      gateway: gw as unknown as Parameters<typeof createProvisioner>[0]["gateway"],
+    });
+    const ack = await provisioner({
+      id: "req_w8e",
+      type: CONTROL_FRAME_TYPES.GATEWAY_LOGIN_STATUS,
+      params: { provider: "wechat" },
+    });
+    expect(ack.ok).toBe(false);
+    expect(ack.error?.code).toBe("bad_params");
+  });
+});

package/src/__tests__/secret-store.test.ts

@@ -0,0 +1,70 @@
+import { existsSync, mkdtempSync, rmSync, statSync, writeFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import path from "node:path";
+import { afterEach, beforeEach, describe, expect, it } from "vitest";
+import {
+  defaultGatewaySecretPath,
+  loadGatewaySecret,
+  saveGatewaySecret,
+  deleteGatewaySecret,
+} from "../gateway/channels/secret-store.js";
+
+describe("secret-store", () => {
+  let tmp: string;
+
+  beforeEach(() => {
+    tmp = mkdtempSync(path.join(tmpdir(), "botcord-secret-"));
+  });
+
+  afterEach(() => {
+    rmSync(tmp, { recursive: true, force: true });
+  });
+
+  it("derives the default path under ~/.botcord/daemon/gateways when no override is given", () => {
+    const file = defaultGatewaySecretPath("gw_abc");
+    expect(file.endsWith(path.join(".botcord", "daemon", "gateways", "gw_abc.json"))).toBe(true);
+  });
+
+  it("honors an explicit override path", () => {
+    const override = path.join(tmp, "custom.json");
+    expect(defaultGatewaySecretPath("gw_abc", override)).toBe(override);
+  });
+
+  it("writes the secret with mode 0600 in a 0700 directory and round-trips the payload", () => {
+    const override = path.join(tmp, "gw1", "secret.json");
+    const written = saveGatewaySecret("gw1", { botToken: "tok-123" }, override);
+    expect(written).toBe(override);
+    expect(existsSync(override)).toBe(true);
+    const fileMode = statSync(override).mode & 0o777;
+    expect(fileMode).toBe(0o600);
+    const dirMode = statSync(path.dirname(override)).mode & 0o777;
+    expect(dirMode).toBe(0o700);
+
+    const loaded = loadGatewaySecret<{ botToken: string }>("gw1", override);
+    expect(loaded).toEqual({ botToken: "tok-123" });
+  });
+
+  it("returns null when the secret file does not exist", () => {
+    const override = path.join(tmp, "missing.json");
+    expect(loadGatewaySecret("gw1", override)).toBeNull();
+  });
+
+  it("deleteGatewaySecret removes the file and is idempotent", () => {
+    const override = path.join(tmp, "gw1.json");
+    saveGatewaySecret("gw1", { botToken: "x" }, override);
+    expect(existsSync(override)).toBe(true);
+    deleteGatewaySecret("gw1", override);
+    expect(existsSync(override)).toBe(false);
+    // Second call must not throw.
+    deleteGatewaySecret("gw1", override);
+  });
+
+  it("W3: returns null and does not throw when the secret file contains invalid JSON", () => {
+    const override = path.join(tmp, "corrupt.json");
+    // Write intentionally corrupt JSON.
+    writeFileSync(override, "{ broken json }}}");
+    // Must not throw; must return null.
+    expect(() => loadGatewaySecret("gw_corrupt", override)).not.toThrow();
+    expect(loadGatewaySecret("gw_corrupt", override)).toBeNull();
+  });
+});

package/src/__tests__/state-store.test.ts

@@ -0,0 +1,119 @@
+import { existsSync, mkdtempSync, readFileSync, rmSync, writeFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import path from "node:path";
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import {
+  GatewayStateStore,
+  defaultGatewayStatePath,
+} from "../gateway/channels/state-store.js";
+
+describe("state-store", () => {
+  let tmp: string;
+
+  beforeEach(() => {
+    tmp = mkdtempSync(path.join(tmpdir(), "botcord-state-"));
+  });
+
+  afterEach(() => {
+    rmSync(tmp, { recursive: true, force: true });
+  });
+
+  it("derives the default state path under ~/.botcord/daemon/gateways", () => {
+    const file = defaultGatewayStatePath("gw_abc");
+    expect(
+      file.endsWith(path.join(".botcord", "daemon", "gateways", "gw_abc.state.json")),
+    ).toBe(true);
+  });
+
+  it("round-trips cursor + provider state across instances when flushed", () => {
+    const file = path.join(tmp, "gw.state.json");
+    const store = new GatewayStateStore("gw", { override: file, debounceMs: 0 });
+    store.update({ cursor: "cur-1", providerState: { typingTicket: "tk1" } });
+    expect(store.getCursor()).toBe("cur-1");
+    expect(existsSync(file)).toBe(true);
+
+    const reopened = new GatewayStateStore("gw", { override: file, debounceMs: 0 });
+    expect(reopened.getCursor()).toBe("cur-1");
+    expect(reopened.getProviderState()).toEqual({ typingTicket: "tk1" });
+  });
+
+  it("debounces multiple writes into a single flush", async () => {
+    const file = path.join(tmp, "gw.state.json");
+    const store = new GatewayStateStore("gw", { override: file, debounceMs: 30 });
+    store.update({ cursor: "a" });
+    store.update({ cursor: "b" });
+    store.update({ cursor: "c" });
+    // No file written yet — debounce window still open.
+    expect(existsSync(file)).toBe(false);
+
+    await new Promise((r) => setTimeout(r, 60));
+    expect(existsSync(file)).toBe(true);
+    const onDisk = JSON.parse(readFileSync(file, "utf8")) as { cursor?: string };
+    expect(onDisk.cursor).toBe("c");
+    store.close();
+  });
+
+  it("W9: write failure leaves state dirty and surfaces lastError", () => {
+    // Point the file at a path whose parent path is a regular file — mkdirSync
+    // recursive cannot turn that into a directory, so writeStateSync throws.
+    const blockerFile = path.join(tmp, "blocker");
+    require("node:fs").writeFileSync(blockerFile, "x");
+    const file = path.join(blockerFile, "child.state.json");
+    const store = new GatewayStateStore("gw", { override: file, debounceMs: 0 });
+    expect(() => store.update({ cursor: "v1" })).toThrow();
+    expect(store.lastError).not.toBeNull();
+    // Repair: remove the blocker so the next write succeeds, and assert the
+    // pending state is still in memory and is written by the next update().
+    require("node:fs").rmSync(blockerFile, { force: true });
+    store.update({ cursor: "v2" });
+    expect(existsSync(file)).toBe(true);
+    expect(JSON.parse(readFileSync(file, "utf8")).cursor).toBe("v2");
+    expect(store.lastError).toBeNull();
+    store.close();
+  });
+
+  it("W3: scheduleFlushRetry stops after MAX_FLUSH_RETRIES and sets lastError", async () => {
+    // Use an unwritable path by making parent a regular file — persistent failure.
+    const blockerFile = path.join(tmp, "blocker2");
+    writeFileSync(blockerFile, "x");
+    const file = path.join(blockerFile, "child.state.json");
+
+    vi.useFakeTimers();
+    const errSpy = vi.spyOn(console, "error").mockImplementation(() => {});
+
+    const store = new GatewayStateStore("gw-retry", {
+      override: file,
+      // debounceMs > 0 so scheduleFlushRetry arms timers (not sync mode).
+      // The retry clamps to 250ms but with fake timers we advance manually.
+      debounceMs: 10,
+    });
+
+    store.update({ cursor: "fail" });
+
+    // Advance through 11 timer ticks (debounce + 10 retries); each retry is
+    // 250ms (the clamped minimum). The 11th tick should trigger "giving up".
+    for (let i = 0; i < 12; i++) {
+      await vi.advanceTimersByTimeAsync(300);
+    }
+
+    // lastError must be set (persistent failure)
+    expect(store.lastError).not.toBeNull();
+    // "giving up" log emitted exactly once
+    expect(errSpy).toHaveBeenCalledTimes(1);
+    expect(errSpy.mock.calls[0][0]).toMatch(/giving up/);
+
+    vi.useRealTimers();
+    errSpy.mockRestore();
+  });
+
+  it("flush() forces an immediate synchronous write", () => {
+    const file = path.join(tmp, "gw.state.json");
+    const store = new GatewayStateStore("gw", { override: file, debounceMs: 5_000 });
+    store.update({ cursor: "x" });
+    expect(existsSync(file)).toBe(false);
+    store.flush();
+    expect(existsSync(file)).toBe(true);
+    expect(JSON.parse(readFileSync(file, "utf8")).cursor).toBe("x");
+    store.close();
+  });
+});

package/src/__tests__/third-party-gateway.test.ts

@@ -0,0 +1,126 @@
+import { describe, expect, it } from "vitest";
+import type { DaemonConfig } from "../config.js";
+import {
+  BOTCORD_CHANNEL_TYPE,
+  TELEGRAM_CHANNEL_TYPE,
+  WECHAT_CHANNEL_TYPE,
+  toGatewayConfig,
+} from "../daemon-config-map.js";
+import { createDaemonChannel } from "../daemon.js";
+import type { GatewayChannelConfig } from "../gateway/index.js";
+
+function baseConfig(partial: Partial<DaemonConfig> = {}): DaemonConfig {
+  return {
+    agentId: "ag_daemon",
+    defaultRoute: { adapter: "claude-code", cwd: "/home/alice" },
+    routes: [],
+    streamBlocks: true,
+    ...partial,
+  };
+}
+
+describe("toGatewayConfig + thirdPartyGateways", () => {
+  it("appends one channel per enabled third-party gateway after the BotCord channels", () => {
+    const cfg = baseConfig({
+      thirdPartyGateways: [
+        {
+          id: "gw_tg_1",
+          type: "telegram",
+          accountId: "ag_daemon",
+          allowedChatIds: ["123"],
+        },
+        {
+          id: "gw_wx_1",
+          type: "wechat",
+          accountId: "ag_daemon",
+          baseUrl: "https://ilinkai.weixin.qq.com",
+          allowedSenderIds: ["abc@im.wechat"],
+          splitAt: 1800,
+        },
+      ],
+    });
+    const gw = toGatewayConfig(cfg);
+    expect(gw.channels.map((c) => ({ id: c.id, type: c.type }))).toEqual([
+      { id: "ag_daemon", type: BOTCORD_CHANNEL_TYPE },
+      { id: "gw_tg_1", type: TELEGRAM_CHANNEL_TYPE },
+      { id: "gw_wx_1", type: WECHAT_CHANNEL_TYPE },
+    ]);
+    const tg = gw.channels[1]!;
+    expect(tg.accountId).toBe("ag_daemon");
+    expect(tg.allowedChatIds).toEqual(["123"]);
+    const wx = gw.channels[2]!;
+    expect(wx.baseUrl).toBe("https://ilinkai.weixin.qq.com");
+    expect(wx.allowedSenderIds).toEqual(["abc@im.wechat"]);
+    expect(wx.splitAt).toBe(1800);
+  });
+
+  it("filters out gateways with enabled === false", () => {
+    const cfg = baseConfig({
+      thirdPartyGateways: [
+        { id: "gw_off", type: "telegram", accountId: "ag_daemon", enabled: false },
+        { id: "gw_on", type: "wechat", accountId: "ag_daemon", enabled: true },
+      ],
+    });
+    const gw = toGatewayConfig(cfg);
+    const ids = gw.channels.map((c) => c.id);
+    expect(ids).toContain("gw_on");
+    expect(ids).not.toContain("gw_off");
+  });
+
+  it("treats omitted enabled as enabled", () => {
+    const cfg = baseConfig({
+      thirdPartyGateways: [{ id: "gw_a", type: "telegram", accountId: "ag_daemon" }],
+    });
+    const gw = toGatewayConfig(cfg);
+    expect(gw.channels.some((c) => c.id === "gw_a")).toBe(true);
+  });
+});
+
+describe("createDaemonChannel", () => {
+  const deps = {
+    credentialPathByAgentId: new Map<string, string>(),
+  };
+
+  it("dispatches botcord type to the BotCord adapter", () => {
+    const chCfg: GatewayChannelConfig = {
+      id: "ag_x",
+      type: "botcord",
+      accountId: "ag_x",
+      agentId: "ag_x",
+    };
+    const adapter = createDaemonChannel(chCfg, deps);
+    expect(adapter.type).toBe("botcord");
+    expect(adapter.id).toBe("ag_x");
+  });
+
+  it("dispatches telegram type to the Telegram adapter", () => {
+    const chCfg: GatewayChannelConfig = {
+      id: "gw_tg_1",
+      type: "telegram",
+      accountId: "ag_x",
+    };
+    const adapter = createDaemonChannel(chCfg, deps);
+    expect(adapter.type).toBe("telegram");
+    expect(adapter.id).toBe("gw_tg_1");
+  });
+
+  it("dispatches wechat type to the WeChat adapter", () => {
+    const chCfg: GatewayChannelConfig = {
+      id: "gw_wx_1",
+      type: "wechat",
+      accountId: "ag_x",
+    };
+    const adapter = createDaemonChannel(chCfg, deps);
+    expect(adapter.type).toBe("wechat");
+    expect(adapter.id).toBe("gw_wx_1");
+  });
+
+  it("throws on unknown channel type", () => {
+    const chCfg: GatewayChannelConfig = {
+      id: "gw_x",
+      type: "unknown-provider",
+      accountId: "ag_x",
+    };
+    expect(() => createDaemonChannel(chCfg, deps)).toThrow(/unknown channel type "unknown-provider"/);
+  });
+});

package/src/__tests__/url-guard.test.ts

@@ -0,0 +1,85 @@
+import { describe, expect, it } from "vitest";
+import {
+  assertSafeBaseUrl,
+  UnsafeBaseUrlError,
+} from "../gateway/channels/url-guard.js";
+import { mintLoginId } from "../gateway/channels/login-session.js";
+
+describe("assertSafeBaseUrl (W9 allowlist)", () => {
+  it("accepts undefined / empty (caller falls back to default)", () => {
+    expect(() => assertSafeBaseUrl(undefined)).not.toThrow();
+    expect(() => assertSafeBaseUrl(null)).not.toThrow();
+    expect(() => assertSafeBaseUrl("")).not.toThrow();
+  });
+
+  it("accepts the production iLink and Telegram base URLs", () => {
+    expect(() => assertSafeBaseUrl("https://ilinkai.weixin.qq.com")).not.toThrow();
+    expect(() => assertSafeBaseUrl("https://api.telegram.org")).not.toThrow();
+  });
+
+  it("rejects http://", () => {
+    expect(() => assertSafeBaseUrl("http://api.telegram.org")).toThrow(UnsafeBaseUrlError);
+  });
+
+  it("rejects loopback hostname (allowlist miss)", () => {
+    expect(() => assertSafeBaseUrl("https://localhost")).toThrow(UnsafeBaseUrlError);
+    expect(() => assertSafeBaseUrl("https://localhost:9999")).toThrow(UnsafeBaseUrlError);
+  });
+
+  it("rejects loopback IPv4", () => {
+    expect(() => assertSafeBaseUrl("https://127.0.0.1")).toThrow(UnsafeBaseUrlError);
+    expect(() => assertSafeBaseUrl("https://127.1.2.3")).toThrow(UnsafeBaseUrlError);
+  });
+
+  it("rejects link-local AWS metadata IP", () => {
+    expect(() => assertSafeBaseUrl("https://169.254.169.254")).toThrow(UnsafeBaseUrlError);
+  });
+
+  it("rejects RFC1918 private IPv4", () => {
+    expect(() => assertSafeBaseUrl("https://10.0.0.5")).toThrow(UnsafeBaseUrlError);
+    expect(() => assertSafeBaseUrl("https://192.168.1.1")).toThrow(UnsafeBaseUrlError);
+    expect(() => assertSafeBaseUrl("https://172.16.5.5")).toThrow(UnsafeBaseUrlError);
+  });
+
+  it("rejects loopback IPv6", () => {
+    expect(() => assertSafeBaseUrl("https://[::1]")).toThrow(UnsafeBaseUrlError);
+  });
+
+  it("rejects malformed URLs", () => {
+    expect(() => assertSafeBaseUrl("not-a-url")).toThrow(UnsafeBaseUrlError);
+  });
+
+  it("W9: rejects GCP metadata hostnames not in allowlist", () => {
+    expect(() => assertSafeBaseUrl("https://metadata.google.internal")).toThrow(UnsafeBaseUrlError);
+    expect(() => assertSafeBaseUrl("https://metadata")).toThrow(UnsafeBaseUrlError);
+  });
+
+  it("W9: rejects *.internal and *.svc.cluster.local hostnames", () => {
+    expect(() => assertSafeBaseUrl("https://evil.internal")).toThrow(UnsafeBaseUrlError);
+    expect(() => assertSafeBaseUrl("https://my-service.svc.cluster.local")).toThrow(UnsafeBaseUrlError);
+  });
+
+  it("W9: rejects any arbitrary hostname not in allowlist", () => {
+    expect(() => assertSafeBaseUrl("https://attacker.com")).toThrow(UnsafeBaseUrlError);
+    expect(() => assertSafeBaseUrl("https://evil.api.telegram.org")).toThrow(UnsafeBaseUrlError);
+  });
+});
+
+describe("W5: mintLoginId uses 128-bit entropy", () => {
+  it("generates a wechat loginId with 32 hex chars in the random segment", () => {
+    const id = mintLoginId("wechat");
+    expect(id).toMatch(/^wxl_/);
+    const rand = id.split("_")[2]!;
+    // randomBytes(16).toString("hex") = 32 hex chars
+    expect(rand).toHaveLength(32);
+    expect(rand).toMatch(/^[0-9a-f]{32}$/);
+  });
+
+  it("generates a telegram loginId with 32 hex chars in the random segment", () => {
+    const id = mintLoginId("telegram");
+    expect(id).toMatch(/^tgl_/);
+    const rand = id.split("_")[2]!;
+    expect(rand).toHaveLength(32);
+    expect(rand).toMatch(/^[0-9a-f]{32}$/);
+  });
+});