@bsv/wallet-toolbox 1.7.20 → 1.8.1

package/src/__tests/ShamirWalletManager.test.ts

@@ -0,0 +1,369 @@
+import { PrivateKey, WalletInterface } from '@bsv/sdk'
+import { ShamirWalletManager } from '../ShamirWalletManager'
+import { PrivilegedKeyManager } from '../sdk/PrivilegedKeyManager'
+import { jest } from '@jest/globals'
+
+// Mock WABClient
+const mockWABClient = {
+  startShareAuth: jest.fn<() => Promise<{ success: boolean }>>().mockResolvedValue({ success: true }),
+  storeShare: jest
+    .fn<() => Promise<{ success: boolean; userId: number }>>()
+    .mockResolvedValue({ success: true, userId: 1 }),
+  retrieveShare: jest.fn<() => Promise<{ success: boolean; shareB: string }>>().mockResolvedValue({
+    success: true,
+    shareB: '1.mockedserversharefromwab.2.test'
+  }),
+  updateShare: jest
+    .fn<() => Promise<{ success: boolean; shareVersion: number }>>()
+    .mockResolvedValue({ success: true, shareVersion: 2 }),
+  deleteShamirUser: jest.fn<() => Promise<{ success: boolean }>>().mockResolvedValue({ success: true })
+}
+
+jest.mock('../wab-client/WABClient', () => {
+  return {
+    WABClient: jest.fn().mockImplementation(() => mockWABClient)
+  }
+})
+
+// Mock wallet builder
+const mockWallet = {} as WalletInterface
+const mockWalletBuilder = jest.fn(
+  async (privateKey: PrivateKey, privilegedKeyManager: PrivilegedKeyManager) => mockWallet
+)
+
+describe('ShamirWalletManager', () => {
+  describe('Configuration', () => {
+    it('should use default 2-of-3 configuration', () => {
+      const manager = new ShamirWalletManager({
+        wabServerUrl: 'https://test.example.com',
+        authMethodType: 'DevConsole',
+        walletBuilder: mockWalletBuilder
+      })
+
+      expect(manager.getThreshold()).toBe(2)
+      expect(manager.getTotalShares()).toBe(3)
+    })
+
+    it('should accept custom threshold configuration', () => {
+      const manager = new ShamirWalletManager({
+        wabServerUrl: 'https://test.example.com',
+        authMethodType: 'DevConsole',
+        walletBuilder: mockWalletBuilder,
+        threshold: 3,
+        totalShares: 5
+      })
+
+      expect(manager.getThreshold()).toBe(3)
+      expect(manager.getTotalShares()).toBe(5)
+    })
+
+    it('should reject threshold less than 2', () => {
+      expect(() => {
+        new ShamirWalletManager({
+          wabServerUrl: 'https://test.example.com',
+          authMethodType: 'DevConsole',
+          walletBuilder: mockWalletBuilder,
+          threshold: 1,
+          totalShares: 3
+        })
+      }).toThrow('Threshold must be at least 2')
+    })
+
+    it('should reject totalShares less than 3', () => {
+      expect(() => {
+        new ShamirWalletManager({
+          wabServerUrl: 'https://test.example.com',
+          authMethodType: 'DevConsole',
+          walletBuilder: mockWalletBuilder,
+          threshold: 2,
+          totalShares: 2
+        })
+      }).toThrow('Total shares must be at least 3')
+    })
+
+    it('should reject configurations where user cannot recover independently (custodial)', () => {
+      // 3-of-4 means user gets 3 shares (4-1), which equals threshold - OK
+      expect(() => {
+        new ShamirWalletManager({
+          wabServerUrl: 'https://test.example.com',
+          authMethodType: 'DevConsole',
+          walletBuilder: mockWalletBuilder,
+          threshold: 3,
+          totalShares: 4
+        })
+      }).not.toThrow()
+
+      // 3-of-3 means user gets 2 shares (3-1), which is less than threshold 3 - NOT OK
+      expect(() => {
+        new ShamirWalletManager({
+          wabServerUrl: 'https://test.example.com',
+          authMethodType: 'DevConsole',
+          walletBuilder: mockWalletBuilder,
+          threshold: 3,
+          totalShares: 3
+        })
+      }).toThrow('User must have at least 3 shares to recover independently')
+    })
+  })
+
+  describe('Entropy Collection', () => {
+    it('should track entropy collection', () => {
+      const manager = new ShamirWalletManager({
+        wabServerUrl: 'https://test.example.com',
+        authMethodType: 'DevConsole',
+        walletBuilder: mockWalletBuilder
+      })
+
+      expect(manager.hasEnoughEntropy()).toBe(false)
+
+      // Add a sample
+      const progress = manager.addMouseEntropy(100, 200)
+
+      // First sample should be accepted
+      expect(progress).not.toBeNull()
+      expect(manager.getEntropyProgress().collected).toBeGreaterThan(0)
+    })
+
+    it('should reset entropy', () => {
+      const manager = new ShamirWalletManager({
+        wabServerUrl: 'https://test.example.com',
+        authMethodType: 'DevConsole',
+        walletBuilder: mockWalletBuilder
+      })
+
+      // Add at least one sample
+      manager.addMouseEntropy(100, 200)
+
+      expect(manager.getEntropyProgress().collected).toBeGreaterThan(0)
+
+      manager.resetEntropy()
+
+      expect(manager.getEntropyProgress().collected).toBe(0)
+    })
+  })
+
+  describe('User ID Hash', () => {
+    it('should allow setting user ID hash', () => {
+      const manager = new ShamirWalletManager({
+        wabServerUrl: 'https://test.example.com',
+        authMethodType: 'DevConsole',
+        walletBuilder: mockWalletBuilder
+      })
+
+      expect(manager.getUserIdHash()).toBeUndefined()
+
+      manager.setUserIdHash('abc123')
+
+      expect(manager.getUserIdHash()).toBe('abc123')
+    })
+  })
+
+  describe('Share Validation', () => {
+    it('should validate share format with 4 parts', async () => {
+      const manager = new ShamirWalletManager({
+        wabServerUrl: 'https://test.example.com',
+        authMethodType: 'DevConsole',
+        walletBuilder: mockWalletBuilder
+      })
+
+      // This should fail because the share format is invalid
+      await expect(manager.recoverWithUserShares(['invalid-share', 'also-invalid'])).rejects.toThrow(
+        'Invalid share format'
+      )
+    })
+
+    it('should reject shares with threshold less than 2', async () => {
+      const manager = new ShamirWalletManager({
+        wabServerUrl: 'https://test.example.com',
+        authMethodType: 'DevConsole',
+        walletBuilder: mockWalletBuilder
+      })
+
+      await expect(manager.recoverWithUserShares(['1.data.1.check', '2.data.1.check'])).rejects.toThrow(
+        'Invalid share: threshold must be at least 2'
+      )
+    })
+  })
+
+  describe('Recovery', () => {
+    it('should require enough shares for recovery', async () => {
+      const manager = new ShamirWalletManager({
+        wabServerUrl: 'https://test.example.com',
+        authMethodType: 'DevConsole',
+        walletBuilder: mockWalletBuilder
+      })
+
+      // Only 1 share but threshold encoded in share is 2
+      await expect(manager.recoverWithUserShares(['1.somedata.2.check'])).rejects.toThrow(
+        'Need at least 2 shares to recover'
+      )
+    })
+
+    it('should require userIdHash for server share recovery', async () => {
+      const manager = new ShamirWalletManager({
+        wabServerUrl: 'https://test.example.com',
+        authMethodType: 'DevConsole',
+        walletBuilder: mockWalletBuilder
+      })
+
+      await expect(manager.recoverWithServerShare(['1.somedata.2.check'], { otp: '123456' })).rejects.toThrow(
+        'User ID hash not set'
+      )
+    })
+  })
+
+  describe('Wallet Building', () => {
+    it('should fail to build wallet without private key', async () => {
+      const manager = new ShamirWalletManager({
+        wabServerUrl: 'https://test.example.com',
+        authMethodType: 'DevConsole',
+        walletBuilder: mockWalletBuilder
+      })
+
+      await expect(manager.buildWallet()).rejects.toThrow('No private key available')
+    })
+
+    it('should fail to get wallet without building', () => {
+      const manager = new ShamirWalletManager({
+        wabServerUrl: 'https://test.example.com',
+        authMethodType: 'DevConsole',
+        walletBuilder: mockWalletBuilder
+      })
+
+      expect(() => manager.getWallet()).toThrow('Wallet not built')
+    })
+
+    it('should report no private key initially', () => {
+      const manager = new ShamirWalletManager({
+        wabServerUrl: 'https://test.example.com',
+        authMethodType: 'DevConsole',
+        walletBuilder: mockWalletBuilder
+      })
+
+      expect(manager.hasPrivateKey()).toBe(false)
+    })
+  })
+
+  describe('Wallet Creation', () => {
+    it('should create wallet and return correct number of user shares', async () => {
+      const manager = new ShamirWalletManager({
+        wabServerUrl: 'https://test.example.com',
+        authMethodType: 'DevConsole',
+        walletBuilder: mockWalletBuilder,
+        threshold: 2,
+        totalShares: 3
+      })
+
+      // Collect enough entropy
+      for (let i = 0; i < 256; i++) {
+        manager.addMouseEntropy(Math.random() * 1000, Math.random() * 1000)
+      }
+
+      let capturedShares: string[] = []
+
+      const result = await manager.createNewWallet({ otp: '123456' }, async (userShares, threshold, totalShares) => {
+        capturedShares = userShares
+        expect(threshold).toBe(2)
+        expect(totalShares).toBe(3)
+        return true
+      })
+
+      // Should get 2 user shares (totalShares - 1 for server)
+      expect(result.userShares.length).toBe(2)
+      expect(capturedShares.length).toBe(2)
+      expect(result.threshold).toBe(2)
+      expect(result.totalShares).toBe(3)
+      expect(result.userIdHash).toBeDefined()
+      expect(result.privateKey).toBeInstanceOf(PrivateKey)
+      expect(manager.hasPrivateKey()).toBe(true)
+    })
+
+    it('should return more user shares for higher totalShares', async () => {
+      const manager = new ShamirWalletManager({
+        wabServerUrl: 'https://test.example.com',
+        authMethodType: 'DevConsole',
+        walletBuilder: mockWalletBuilder,
+        threshold: 3,
+        totalShares: 5
+      })
+
+      for (let i = 0; i < 256; i++) {
+        manager.addMouseEntropy(Math.random() * 1000, Math.random() * 1000)
+      }
+
+      const result = await manager.createNewWallet({ otp: '123456' }, async userShares => {
+        expect(userShares.length).toBe(4) // 5 - 1 = 4 user shares
+        return true
+      })
+
+      expect(result.userShares.length).toBe(4)
+    })
+  })
+
+  describe('Account Deletion', () => {
+    it('should require userIdHash for deletion', async () => {
+      const manager = new ShamirWalletManager({
+        wabServerUrl: 'https://test.example.com',
+        authMethodType: 'DevConsole',
+        walletBuilder: mockWalletBuilder
+      })
+
+      await expect(manager.deleteAccount({ otp: '123456' })).rejects.toThrow('User ID hash not set')
+    })
+
+    it('should clear state after deletion', async () => {
+      const manager = new ShamirWalletManager({
+        wabServerUrl: 'https://test.example.com',
+        authMethodType: 'DevConsole',
+        walletBuilder: mockWalletBuilder
+      })
+
+      // Collect entropy and create wallet
+      for (let i = 0; i < 256; i++) {
+        manager.addMouseEntropy(Math.random() * 1000, Math.random() * 1000)
+      }
+
+      await manager.createNewWallet({ otp: '123456' }, async () => true)
+
+      expect(manager.hasPrivateKey()).toBe(true)
+      expect(manager.getUserIdHash()).toBeDefined()
+
+      // Delete
+      await manager.deleteAccount({ otp: '654321' })
+
+      expect(manager.hasPrivateKey()).toBe(false)
+      expect(manager.getUserIdHash()).toBeUndefined()
+    })
+  })
+
+  describe('Key Rotation', () => {
+    it('should require userIdHash for rotation', async () => {
+      const manager = new ShamirWalletManager({
+        wabServerUrl: 'https://test.example.com',
+        authMethodType: 'DevConsole',
+        walletBuilder: mockWalletBuilder
+      })
+
+      // Collect entropy
+      for (let i = 0; i < 256; i++) {
+        manager.addMouseEntropy(Math.random() * 1000, Math.random() * 1000)
+      }
+
+      await expect(manager.rotateKeys({ otp: '123456' }, async () => true)).rejects.toThrow('User ID hash not set')
+    })
+
+    it('should require entropy for rotation', async () => {
+      const manager = new ShamirWalletManager({
+        wabServerUrl: 'https://test.example.com',
+        authMethodType: 'DevConsole',
+        walletBuilder: mockWalletBuilder
+      })
+
+      manager.setUserIdHash('abc123')
+
+      await expect(manager.rotateKeys({ otp: '123456' }, async () => true)).rejects.toThrow(
+        'Collect entropy before key rotation'
+      )
+    })
+  })
+})

package/src/__tests/WalletPermissionsManager.callbacks.test.ts

@@ -1,5 +1,6 @@
 import { mockUnderlyingWallet, MockedBSV_SDK } from './WalletPermissionsManager.fixtures'
-import { WalletPermissionsManager } from '../WalletPermissionsManager'
+import { WalletPermissionsManager, GroupedPermissions } from '../WalletPermissionsManager'
+import { WalletProtocol } from '@bsv/sdk'
 
 import { jest } from '@jest/globals'
 
@@ -320,4 +321,142 @@ describe('WalletPermissionsManager - Callbacks & Event Handling', () => {
     await expect(call1).resolves.toBeDefined()
     await expect(call2).rejects.toThrow(/Permission denied/)
   })
+
+  // -------------------------------------------------------------------------
+  // 3) Grouped Permission Error Handling Tests
+  // -------------------------------------------------------------------------
+
+  describe('grantGroupedPermission error handling', () => {
+    it('should reject pending promises when grantGroupedPermission throws a validation error', async () => {
+      // This test verifies the fix for the bug where pending promises would hang forever
+      // if grantGroupedPermission() threw an error during validation.
+
+      const groupedCb = jest.fn(() => {})
+      manager.bindCallback('onGroupedPermissionRequested', groupedCb)
+
+      // Manually set up a grouped permission request in the activeRequests map
+      // This simulates what happens when waitForAuthentication() is called
+      const requestID = 'group:test-originator.com'
+      const originalRequest = {
+        originator: 'test-originator.com',
+        permissions: {
+          protocolPermissions: [
+            { protocolID: [1, 'requested-protocol'] as WalletProtocol, counterparty: 'self', description: 'test' }
+          ]
+        }
+      }
+
+      // Create a promise that would normally hang forever if the fix isn't in place
+      let resolvedValue: any = null
+      let rejectedError: any = null
+      const pendingPromise = new Promise<boolean>((resolve, reject) => {
+        ;(manager as any).activeRequests.set(requestID, {
+          request: originalRequest,
+          pending: [{ resolve, reject }]
+        })
+      }).then(
+        val => {
+          resolvedValue = val
+          return val
+        },
+        err => {
+          rejectedError = err
+          throw err
+        }
+      )
+
+      // Try to grant with MISMATCHED permissions (different protocol than requested)
+      // This should cause grantGroupedPermission to throw a validation error
+      const grantPromise = manager.grantGroupedPermission({
+        requestID,
+        granted: {
+          protocolPermissions: [
+            { protocolID: [1, 'DIFFERENT-protocol'] as WalletProtocol, counterparty: 'self', description: 'test' }
+          ]
+        }
+      })
+
+      // grantGroupedPermission should throw
+      await expect(grantPromise).rejects.toThrow(/not a subset of the original request/)
+
+      // The pending promise should also be rejected (not left hanging!)
+      await expect(pendingPromise).rejects.toThrow(/not a subset of the original request/)
+
+      // Verify the activeRequests map was cleaned up
+      expect((manager as any).activeRequests.has(requestID)).toBe(false)
+    })
+
+    it('should clean up activeRequests even when grantGroupedPermission throws', async () => {
+      // Set up a request
+      const requestID = 'group:cleanup-test.com'
+      ;(manager as any).activeRequests.set(requestID, {
+        request: {
+          originator: 'cleanup-test.com',
+          permissions: { protocolPermissions: [] }
+        },
+        pending: [
+          {
+            resolve: () => {},
+            reject: () => {}
+          }
+        ]
+      })
+
+      // Verify it's in the map
+      expect((manager as any).activeRequests.has(requestID)).toBe(true)
+
+      // Grant with mismatched spending authorization to trigger an error
+      await expect(
+        manager.grantGroupedPermission({
+          requestID,
+          granted: {
+            spendingAuthorization: { amount: 1000, description: 'test' }
+          }
+        })
+      ).rejects.toThrow()
+
+      // The request should be cleaned up even though an error was thrown
+      expect((manager as any).activeRequests.has(requestID)).toBe(false)
+    })
+
+    it('should resolve pending promises when grantGroupedPermission succeeds', async () => {
+      // Mock createPermissionOnChain to prevent actual on-chain operations
+      jest.spyOn(manager as any, 'createPermissionOnChain').mockResolvedValue(undefined)
+
+      const requestID = 'group:success-test.com'
+      const requestedPermissions: Partial<GroupedPermissions> = {
+        protocolPermissions: [
+          { protocolID: [1, 'test-proto'] as WalletProtocol, counterparty: 'self', description: 'Test' }
+        ]
+      }
+
+      // Set up a pending request
+      let wasResolved = false
+      const pendingPromise = new Promise<boolean>((resolve, reject) => {
+        ;(manager as any).activeRequests.set(requestID, {
+          request: {
+            originator: 'success-test.com',
+            permissions: requestedPermissions
+          },
+          pending: [{ resolve, reject }]
+        })
+      }).then(val => {
+        wasResolved = true
+        return val
+      })
+
+      // Grant with matching permissions
+      await manager.grantGroupedPermission({
+        requestID,
+        granted: requestedPermissions
+      })
+
+      // The pending promise should resolve
+      await expect(pendingPromise).resolves.toBe(true)
+      expect(wasResolved).toBe(true)
+
+      // The request should be cleaned up
+      expect((manager as any).activeRequests.has(requestID)).toBe(false)
+    })
+  })
 })

package/src/__tests/WalletPermissionsManager.pmodules.test.ts

@@ -14,6 +14,134 @@ describe('WalletPermissionsManager - Permission Module Support', () => {
     underlying = mockUnderlyingWallet()
   })
 
+  describe('P-Label Delegation', () => {
+    it('should delegate listActions through P-label modules in order and return responses in reverse order', async () => {
+      const callOrder: string[] = []
+
+      const module1: PermissionsModule = {
+        onRequest: jest.fn(async req => {
+          callOrder.push('req1')
+          expect((req.args as any).req1Processed).toBeUndefined()
+          return { ...req, args: { ...(req.args as any), req1Processed: true } }
+        }),
+        onResponse: jest.fn(async res => {
+          callOrder.push('res1')
+          expect((res as any).processedBy).toBe('module2')
+          return { ...res, finalProcessedBy: 'module1' }
+        })
+      }
+
+      const module2: PermissionsModule = {
+        onRequest: jest.fn(async req => {
+          callOrder.push('req2')
+          expect((req.args as any).req1Processed).toBe(true)
+          return { ...req, args: { ...(req.args as any), req2Processed: true } }
+        }),
+        onResponse: jest.fn(async res => {
+          callOrder.push('res2')
+          expect((res as any).processedBy).toBeUndefined()
+          return { ...res, processedBy: 'module2' }
+        })
+      }
+
+      const config: PermissionsManagerConfig = {
+        permissionModules: {
+          scheme1: module1,
+          scheme2: module2
+        },
+        seekPermissionWhenListingActionsByLabel: false
+      }
+
+      const manager = new WalletPermissionsManager(underlying, 'customToken.domain.com', config)
+
+      underlying.listActions.mockResolvedValue({ totalActions: 0, actions: [] })
+
+      const result = await manager.listActions(
+        {
+          labels: ['p scheme1 alpha', 'p scheme2 beta', 'regular-label']
+        },
+        'app.com'
+      )
+
+      expect(module1.onRequest).toHaveBeenCalledTimes(1)
+      expect(module2.onRequest).toHaveBeenCalledTimes(1)
+      expect(module1.onResponse).toHaveBeenCalledTimes(1)
+      expect(module2.onResponse).toHaveBeenCalledTimes(1)
+      expect(callOrder).toEqual(['req1', 'req2', 'res2', 'res1'])
+      expect((result as any).finalProcessedBy).toBe('module1')
+    })
+
+    it('should delegate createAction when a P-label is present', async () => {
+      const testModule: PermissionsModule = {
+        onRequest: jest.fn(async req => req),
+        onResponse: jest.fn(async res => res)
+      }
+
+      const config: PermissionsManagerConfig = {
+        permissionModules: {
+          labels: testModule
+        },
+        seekSpendingPermissions: false,
+        seekBasketInsertionPermissions: false,
+        seekPermissionWhenApplyingActionLabels: false
+      }
+
+      const manager = new WalletPermissionsManager(underlying, 'customToken.domain.com', config)
+
+      underlying.createAction.mockResolvedValue({ txid: 'abc123', tx: [] })
+
+      await manager.createAction(
+        {
+          description: 'Label-based createAction',
+          labels: ['p labels token', 'regular-label'],
+          outputs: [
+            {
+              lockingScript: 'abcd',
+              satoshis: 1000,
+              basket: 'regular-basket',
+              outputDescription: 'Test output'
+            }
+          ]
+        },
+        'app.com'
+      )
+
+      expect(testModule.onRequest).toHaveBeenCalledTimes(1)
+      expect(testModule.onResponse).toHaveBeenCalledTimes(1)
+    })
+
+    it('should delegate internalizeAction when a P-label is present', async () => {
+      const testModule: PermissionsModule = {
+        onRequest: jest.fn(async req => req),
+        onResponse: jest.fn(async res => res)
+      }
+
+      const config: PermissionsManagerConfig = {
+        permissionModules: {
+          labels: testModule
+        },
+        seekPermissionWhenApplyingActionLabels: false
+      }
+
+      const manager = new WalletPermissionsManager(underlying, 'customToken.domain.com', config)
+
+      underlying.internalizeAction.mockResolvedValue({ accepted: true })
+
+      await manager.internalizeAction(
+        {
+          tx: [],
+          description: 'Internalize with label',
+          labels: ['p labels internal', 'regular-label'],
+          outputs: []
+        } as any,
+        'app.com'
+      )
+
+      expect(testModule.onRequest).toHaveBeenCalledTimes(1)
+      expect(testModule.onResponse).toHaveBeenCalledTimes(1)
+    })
+  })
+
   afterEach(() => {
     jest.clearAllMocks()
   })
@@ -658,6 +786,30 @@ describe('WalletPermissionsManager - Permission Module Support', () => {
   })
 
   describe('P-Module Error Handling', () => {
+    it('should reject invalid P-label formats', async () => {
+      const manager = new WalletPermissionsManager(underlying, 'customToken.domain.com', {})
+
+      await expect(manager.listActions({ labels: ['p schemeOnly'] }, 'app.com')).rejects.toThrow(
+        'Invalid P-label format'
+      )
+      await expect(manager.listActions({ labels: ['p  missingScheme'] }, 'app.com')).rejects.toThrow(
+        'Invalid P-label format'
+      )
+      await expect(manager.listActions({ labels: ['p scheme '] }, 'app.com')).rejects.toThrow('Invalid P-label format')
+
+      expect(underlying.listActions).not.toHaveBeenCalled()
+    })
+
+    it('should throw if P-label scheme is unsupported', async () => {
+      const manager = new WalletPermissionsManager(underlying, 'customToken.domain.com', {})
+
+      await expect(manager.listActions({ labels: ['p unknown scheme', 'regular-label'] }, 'app.com')).rejects.toThrow(
+        'Unsupported P-label scheme: p unknown'
+      )
+
+      expect(underlying.listActions).not.toHaveBeenCalled()
+    })
+
     it('should throw if P-module onRequest throws', async () => {
       const testModule: PermissionsModule = {
         onRequest: jest.fn(async () => {