@chainlesschain/personal-data-hub 0.2.0 → 0.2.1

package/__tests__/adapters/wechat-env-probe.test.js

@@ -0,0 +1,162 @@
+"use strict";
+
+import { describe, it, expect } from "vitest";
+
+const { probe, decide } = require("../../lib/adapters/wechat/env-probe");
+
+/**
+ * Build a scripted exec that returns a canned response per matching
+ * substring. Falls back to `{ code: 1, stdout: "", stderr: "" }`.
+ */
+function makeExec(table) {
+  return async (cmd) => {
+    for (const [needle, response] of table) {
+      if (cmd.includes(needle)) return { code: 0, stdout: response, stderr: "" };
+    }
+    return { code: 1, stdout: "", stderr: "" };
+  };
+}
+
+const ADB_DEVICES_OK = "List of devices attached\nABC123XYZ\tdevice\n\n";
+const WECHAT_7 = "    versionName=7.0.22\n";
+const WECHAT_8 = "    versionName=8.0.50\n";
+const NETSTAT_FRIDA = "tcp        0      0 0.0.0.0:27042           0.0.0.0:*               LISTEN\n";
+
+describe("decide() — pure decision logic", () => {
+  it("device unreachable → unsupported", () => {
+    const r = decide({
+      device: { reachable: false }, root: {}, frida: {}, wechat: {},
+    });
+    expect(r.suggestedKeyProvider).toBe("unsupported");
+  });
+
+  it("WeChat 7.x → md5 regardless of root/frida", () => {
+    const r = decide({
+      device: { reachable: true },
+      root: { detected: false },
+      frida: { serverRunning: false },
+      wechat: { installed: true, versionName: "7.0.22", majorVersion: 7 },
+    });
+    expect(r.suggestedKeyProvider).toBe("md5");
+  });
+
+  it("WeChat 8.x + root + frida → frida", () => {
+    const r = decide({
+      device: { reachable: true },
+      root: { detected: true, magiskInstalled: true },
+      frida: { serverRunning: true, port: 27042 },
+      wechat: { installed: true, versionName: "8.0.50", majorVersion: 8 },
+    });
+    expect(r.suggestedKeyProvider).toBe("frida");
+  });
+
+  it("WeChat 8.x + no root → unsupported", () => {
+    const r = decide({
+      device: { reachable: true },
+      root: { detected: false },
+      frida: { serverRunning: true },
+      wechat: { installed: true, versionName: "8.0.50", majorVersion: 8 },
+    });
+    expect(r.suggestedKeyProvider).toBe("unsupported");
+    expect(r.reasons.join(" ")).toMatch(/root/);
+  });
+
+  it("WeChat 8.x + root + no frida-server → unsupported", () => {
+    const r = decide({
+      device: { reachable: true },
+      root: { detected: true },
+      frida: { serverRunning: false },
+      wechat: { installed: true, versionName: "8.0.50", majorVersion: 8 },
+    });
+    expect(r.suggestedKeyProvider).toBe("unsupported");
+    expect(r.reasons.join(" ")).toMatch(/frida-server/i);
+  });
+
+  it("WeChat not installed → unsupported", () => {
+    const r = decide({
+      device: { reachable: true },
+      root: { detected: true },
+      frida: { serverRunning: true },
+      wechat: { installed: false },
+    });
+    expect(r.suggestedKeyProvider).toBe("unsupported");
+    expect(r.reasons.join(" ")).toMatch(/not installed/);
+  });
+
+  it("WeChat 8.x + root + frida + no Magisk → frida (warn reason)", () => {
+    const r = decide({
+      device: { reachable: true },
+      root: { detected: true, magiskInstalled: false },
+      frida: { serverRunning: true, port: 27042 },
+      wechat: { installed: true, versionName: "8.0.50", majorVersion: 8 },
+    });
+    expect(r.suggestedKeyProvider).toBe("frida");
+    expect(r.reasons.join(" ")).toMatch(/Magisk not detected/);
+  });
+});
+
+describe("probe() — end-to-end with mock exec", () => {
+  it("returns unsupported when no device", async () => {
+    const exec = makeExec([["adb devices", "List of devices attached\n\n"]]);
+    const r = await probe({ exec });
+    expect(r.ok).toBe(false);
+    expect(r.suggestedKeyProvider).toBe("unsupported");
+    expect(r.device.reachable).toBe(false);
+  });
+
+  it("WeChat 7.x device → md5 path", async () => {
+    const exec = makeExec([
+      ["adb devices", ADB_DEVICES_OK],
+      ["getprop ro.product.cpu.abi", "arm64-v8a\n"],
+      ["com.tencent.mm", WECHAT_7],
+    ]);
+    const r = await probe({ exec });
+    expect(r.ok).toBe(true);
+    expect(r.suggestedKeyProvider).toBe("md5");
+    expect(r.device.serial).toBe("ABC123XYZ");
+    expect(r.device.abi).toBe("arm64-v8a");
+    expect(r.wechat.majorVersion).toBe(7);
+  });
+
+  it("WeChat 8.x + rooted + frida → frida path", async () => {
+    const exec = makeExec([
+      ["adb devices", ADB_DEVICES_OK],
+      ["getprop ro.product.cpu.abi", "arm64-v8a\n"],
+      ['su -c id', "uid=0(root) gid=0(root) groups=0(root)\n"],
+      ["command -v magisk", "/system/bin/magisk\n"],
+      ["pgrep -f frida-server", "12345\n"],
+      ["netstat -tln", NETSTAT_FRIDA],
+      ["com.tencent.mm", WECHAT_8],
+    ]);
+    const r = await probe({ exec });
+    expect(r.ok).toBe(true);
+    expect(r.suggestedKeyProvider).toBe("frida");
+    expect(r.root.detected).toBe(true);
+    expect(r.root.magiskInstalled).toBe(true);
+    expect(r.frida.serverRunning).toBe(true);
+    expect(r.frida.port).toBe(27042);
+    expect(r.wechat.majorVersion).toBe(8);
+  });
+
+  it("WeChat 8.x but no root → unsupported with reason", async () => {
+    const exec = makeExec([
+      ["adb devices", ADB_DEVICES_OK],
+      ["getprop ro.product.cpu.abi", "arm64-v8a\n"],
+      ["com.tencent.mm", WECHAT_8],
+    ]);
+    const r = await probe({ exec });
+    expect(r.ok).toBe(false);
+    expect(r.suggestedKeyProvider).toBe("unsupported");
+    expect(r.reasons.join(" ")).toMatch(/root not detected/);
+  });
+
+  it("non-ARM ABI gets warning", async () => {
+    const exec = makeExec([
+      ["adb devices", ADB_DEVICES_OK],
+      ["getprop ro.product.cpu.abi", "x86_64\n"],
+      ["com.tencent.mm", WECHAT_7],
+    ]);
+    const r = await probe({ exec });
+    expect(r.warnings.join(" ")).toMatch(/x86_64/);
+  });
+});

package/__tests__/adapters/wechat-frida-agent.test.js

@@ -0,0 +1,191 @@
+"use strict";
+
+import { describe, it, expect, vi } from "vitest";
+
+const { loadAgentScript, runAgentUnderMock } = require("../../lib/adapters/wechat/frida-agent/loader");
+
+function hexToBuffer(hex) {
+  const out = new Uint8Array(hex.length / 2);
+  for (let i = 0; i < out.length; i++) {
+    out[i] = parseInt(hex.substr(i * 2, 2), 16);
+  }
+  return out.buffer;
+}
+
+/** Fake NativePointer — supports toInt32() (length) and readByteArray(len) (key bytes). */
+function fakePtr(value) {
+  return {
+    _v: value,
+    toInt32() { return typeof value === "number" ? value : 0; },
+    readByteArray(len) {
+      // value is a hex string for key bytes; len ignored beyond bounds
+      if (typeof value !== "string") return new Uint8Array(0).buffer;
+      const buf = hexToBuffer(value);
+      // truncate to requested len if needed
+      return new Uint8Array(buf, 0, Math.min(len, buf.byteLength)).buffer;
+    },
+  };
+}
+
+describe("frida-agent loader — script loading", () => {
+  it("loadAgentScript returns non-empty JS text", () => {
+    const src = loadAgentScript();
+    expect(src.length).toBeGreaterThan(100);
+    expect(src).toContain("libwcdb.so");
+    expect(src).toContain("sqlite3_key");
+  });
+});
+
+describe("frida-agent — sqlite3_key hook on module already loaded", () => {
+  it("emits hooked + key on sqlite3_key onEnter", () => {
+    const send = vi.fn();
+    const attached = {};
+    const Interceptor = {
+      attach(addr, handlers) {
+        attached[addr.symbol] = handlers;
+      },
+    };
+    const Module = {
+      findExportByName(mod, sym) {
+        if (mod !== "libwcdb.so") return null;
+        if (sym === "sqlite3_key") return { symbol: sym };
+        return null; // only sqlite3_key resolves; others null
+      },
+    };
+    const Process = {
+      findModuleByName(mod) { return mod === "libwcdb.so" ? { name: mod } : null; },
+    };
+
+    runAgentUnderMock({ Module, Process, Interceptor, send });
+
+    // After load, "hooked" event already sent
+    const hooked = send.mock.calls.find((c) => c[0].kind === "hooked");
+    expect(hooked).toBeDefined();
+    expect(hooked[0].symbol).toBe("sqlite3_key");
+    expect(hooked[0].module).toBe("libwcdb.so");
+
+    // Fire the hook: args = [sqlite3*, keyBytes, len]
+    const keyHex = "11223344556677889900aabbccddeeff" +
+                   "00112233445566778899aabbccddeeff"; // 64 hex = 32 bytes (SQLCipher 256-bit)
+    const args = [fakePtr(0), fakePtr(keyHex), fakePtr(32)];
+    attached.sqlite3_key.onEnter(args);
+
+    const key = send.mock.calls.find((c) => c[0].kind === "key");
+    expect(key).toBeDefined();
+    expect(key[0].hex).toBe(keyHex);
+    expect(key[0].source).toBe("sqlite3_key");
+  });
+
+  it("only emits the first key event (anti-detection: hook fires once)", () => {
+    const send = vi.fn();
+    const attached = {};
+    const Interceptor = {
+      attach(addr, handlers) { attached[addr.symbol] = handlers; },
+    };
+    const Module = {
+      findExportByName(mod, sym) {
+        if (sym === "sqlite3_key") return { symbol: sym };
+        return null;
+      },
+    };
+    const Process = { findModuleByName() { return { name: "libwcdb.so" }; } };
+
+    runAgentUnderMock({ Module, Process, Interceptor, send });
+
+    const args = [fakePtr(0), fakePtr("aabb" + "00".repeat(30)), fakePtr(32)];
+    attached.sqlite3_key.onEnter(args);
+    attached.sqlite3_key.onEnter(args);
+    attached.sqlite3_key.onEnter(args);
+
+    const keyEvents = send.mock.calls.filter((c) => c[0].kind === "key");
+    expect(keyEvents).toHaveLength(1);
+  });
+
+  it("rejects implausible key length with error event", () => {
+    const send = vi.fn();
+    const attached = {};
+    const Interceptor = {
+      attach(addr, handlers) { attached[addr.symbol] = handlers; },
+    };
+    const Module = {
+      findExportByName(mod, sym) { return sym === "sqlite3_key" ? { symbol: sym } : null; },
+    };
+    const Process = { findModuleByName() { return { name: "libwcdb.so" }; } };
+
+    runAgentUnderMock({ Module, Process, Interceptor, send });
+
+    attached.sqlite3_key.onEnter([fakePtr(0), fakePtr("aa"), fakePtr(9999)]);
+
+    const errs = send.mock.calls.filter((c) => c[0].kind === "error");
+    expect(errs.length).toBeGreaterThan(0);
+    expect(errs[0][0].message).toMatch(/implausible key length 9999/);
+  });
+});
+
+describe("frida-agent — fallback symbol resolution", () => {
+  it("attaches to wcdb_setkey when sqlite3_key absent", () => {
+    const send = vi.fn();
+    const attached = {};
+    const Interceptor = {
+      attach(addr, handlers) { attached[addr.symbol] = handlers; },
+    };
+    const Module = {
+      findExportByName(mod, sym) {
+        // WeChat 8.x renamed primary symbol
+        if (sym === "wcdb_setkey") return { symbol: sym };
+        return null;
+      },
+    };
+    const Process = { findModuleByName() { return { name: "libwcdb.so" }; } };
+
+    runAgentUnderMock({ Module, Process, Interceptor, send });
+
+    const hooked = send.mock.calls.find((c) => c[0].kind === "hooked");
+    expect(hooked[0].symbol).toBe("wcdb_setkey");
+    expect(attached.wcdb_setkey).toBeDefined();
+  });
+
+  it("emits source = matched symbol when fallback fires", () => {
+    const send = vi.fn();
+    const attached = {};
+    const Interceptor = {
+      attach(addr, handlers) { attached[addr.symbol] = handlers; },
+    };
+    const Module = {
+      findExportByName(mod, sym) {
+        return sym === "WCDBKeyDerive" ? { symbol: sym } : null;
+      },
+    };
+    const Process = { findModuleByName() { return { name: "libwcdb.so" }; } };
+
+    runAgentUnderMock({ Module, Process, Interceptor, send });
+
+    attached.WCDBKeyDerive.onEnter([
+      fakePtr(0),
+      fakePtr("deadbeef" + "00".repeat(28)),
+      fakePtr(32),
+    ]);
+
+    const key = send.mock.calls.find((c) => c[0].kind === "key");
+    expect(key[0].source).toBe("WCDBKeyDerive");
+  });
+});
+
+describe("frida-agent — module not yet loaded path", () => {
+  it("emits module-waiting and schedules retry", () => {
+    const send = vi.fn();
+    const Interceptor = { attach: vi.fn() };
+    const Module = { findExportByName: vi.fn().mockReturnValue(null) };
+    const Process = { findModuleByName: vi.fn().mockReturnValue(null) };
+    const setTimeoutMock = vi.fn();
+
+    runAgentUnderMock({ Module, Process, Interceptor, send, setTimeout: setTimeoutMock });
+
+    const waiting = send.mock.calls.find((c) => c[0].kind === "module-waiting");
+    expect(waiting).toBeDefined();
+    expect(waiting[0].module).toBe("libwcdb.so");
+    expect(setTimeoutMock).toHaveBeenCalled();
+    // First retry delay 500ms
+    expect(setTimeoutMock.mock.calls[0][1]).toBe(500);
+  });
+});

package/__tests__/adapters/wechat-frida-integration.test.js

@@ -0,0 +1,149 @@
+"use strict";
+
+import { describe, it, expect, vi } from "vitest";
+
+const {
+  WechatAdapter,
+  WeChatFridaKeyProvider,
+} = require("../../lib/adapters/wechat");
+
+/**
+ * Phase 12.6.5 — integration: WechatAdapter.authenticate flow against
+ * a mock FridaKeyProvider. We don't open a real SQLCipher DB here —
+ * that requires a fixture + better-sqlite3-multiple-ciphers compiled
+ * against the host's Node ABI, and is covered separately in the v0.5
+ * suite. Goal of this slice: prove the adapter's KeyProvider DI seam
+ * works identically for the Frida path.
+ */
+
+function mockFrida({ keyHex, throwOnAttach, delayMs = 0 } = {}) {
+  const script = {
+    message: { connect: (h) => { script._handler = h; } },
+    load: async () => {
+      setTimeout(() => {
+        if (!script._handler) return;
+        script._handler({ type: "send", payload: {
+          kind: "hooked", symbol: "sqlite3_key", module: "libwcdb.so",
+        } });
+        script._handler({ type: "send", payload: {
+          kind: "key", hex: keyHex, source: "sqlite3_key",
+        } });
+      }, delayMs);
+    },
+    unload: async () => {},
+  };
+  const session = {
+    createScript: async () => script,
+    detach: async () => {},
+  };
+  const device = {
+    attach: async () => {
+      if (throwOnAttach) throw new Error(throwOnAttach);
+      return session;
+    },
+  };
+  return {
+    getDevice: async () => device,
+    getUsbDevice: async () => device,
+  };
+}
+
+describe("WechatAdapter + FridaKeyProvider — DI integration", () => {
+  it("authenticate succeeds when frida provides a key", async () => {
+    // dbPath needs to point to a real file for the existsSync gate
+    const fs = require("node:fs");
+    const path = require("node:path");
+    const os = require("node:os");
+    const tmpDb = path.join(os.tmpdir(), `wechat-mock-${Date.now()}.db`);
+    fs.writeFileSync(tmpDb, "fake sqlite header");
+
+    const frida = mockFrida({ keyHex: "ab".repeat(32) /* 64 hex */ });
+    const keyProvider = new WeChatFridaKeyProvider({
+      frida,
+      deviceId: "TEST",
+      agentLoader: () => "/* test agent */",
+    });
+
+    const adapter = new WechatAdapter({
+      account: { uin: "1234567890" },
+      dbPath: tmpDb,
+      keyProvider,
+    });
+
+    const r = await adapter.authenticate();
+    expect(r.ok).toBe(true);
+    expect(r.account).toBe("1234567890");
+
+    try { fs.unlinkSync(tmpDb); } catch (_e) { /* test cleanup */ }
+  });
+
+  it("authenticate reports NO_KEY_PROVIDER when keyProvider absent", async () => {
+    const fs = require("node:fs");
+    const path = require("node:path");
+    const os = require("node:os");
+    const tmpDb = path.join(os.tmpdir(), `wechat-mock-${Date.now()}.db`);
+    fs.writeFileSync(tmpDb, "fake");
+
+    const adapter = new WechatAdapter({
+      account: { uin: "1234567890" },
+      dbPath: tmpDb,
+      // keyProvider omitted on purpose
+    });
+    const r = await adapter.authenticate();
+    expect(r.ok).toBe(false);
+    expect(r.reason).toBe("NO_KEY_PROVIDER");
+
+    try { fs.unlinkSync(tmpDb); } catch (_e) { /* test cleanup */ }
+  });
+
+  it("authenticate reports KEY_PROVIDER_THREW when Frida times out", async () => {
+    const fs = require("node:fs");
+    const path = require("node:path");
+    const os = require("node:os");
+    const tmpDb = path.join(os.tmpdir(), `wechat-mock-${Date.now()}.db`);
+    fs.writeFileSync(tmpDb, "fake");
+
+    // Mock with no messages → will timeout
+    const session = {
+      createScript: async () => ({
+        message: { connect: () => {} },
+        load: async () => {},
+        unload: async () => {},
+      }),
+      detach: async () => {},
+    };
+    const frida = {
+      getDevice: async () => ({ attach: async () => session }),
+      getUsbDevice: async () => ({ attach: async () => session }),
+    };
+    const keyProvider = new WeChatFridaKeyProvider({
+      frida,
+      deviceId: "TEST",
+      agentLoader: () => "",
+      timeoutMs: 30,
+    });
+
+    const adapter = new WechatAdapter({
+      account: { uin: "1234567890" },
+      dbPath: tmpDb,
+      keyProvider,
+    });
+
+    const r = await adapter.authenticate();
+    expect(r.ok).toBe(false);
+    expect(r.reason).toBe("KEY_PROVIDER_THREW");
+    expect(r.error).toMatch(/30ms/);
+
+    try { fs.unlinkSync(tmpDb); } catch (_e) { /* test cleanup */ }
+  });
+
+  it("DB_NOT_PULLED takes precedence over keyProvider absence", async () => {
+    const adapter = new WechatAdapter({
+      account: { uin: "1234567890" },
+      dbPath: "/definitely/not/a/real/path/wechat.db",
+    });
+    const r = await adapter.authenticate();
+    expect(r.ok).toBe(false);
+    expect(r.reason).toBe("DB_NOT_PULLED");
+  });
+});

package/__tests__/adapters/wechat-frida-key-provider.test.js

@@ -0,0 +1,188 @@
+"use strict";
+
+import { describe, it, expect, vi } from "vitest";
+
+const { FridaKeyProvider } = require("../../lib/adapters/wechat/key-providers/frida-key-provider");
+
+/** Helper that builds a mock frida binding with a scripted message timeline. */
+function makeMockFrida({ onAttachThrow, onCreateScriptThrow, onLoadThrow, messages = [], deviceId = "device" }) {
+  const ops = {
+    unloadCalled: 0,
+    detachCalled: 0,
+    loadCalled: 0,
+    messageHandler: null,
+  };
+  const script = {
+    message: {
+      connect: (handler) => { ops.messageHandler = handler; },
+    },
+    load: vi.fn(async () => {
+      ops.loadCalled++;
+      if (onLoadThrow) throw onLoadThrow;
+      // Replay the scripted messages on next tick so .connect handler is
+      // wired before the first send fires.
+      setTimeout(() => {
+        for (const m of messages) {
+          if (ops.messageHandler) ops.messageHandler({ type: "send", payload: m });
+        }
+      }, 0);
+    }),
+    unload: vi.fn(async () => { ops.unloadCalled++; }),
+  };
+  const session = {
+    createScript: vi.fn(async () => {
+      if (onCreateScriptThrow) throw onCreateScriptThrow;
+      return script;
+    }),
+    detach: vi.fn(async () => { ops.detachCalled++; }),
+  };
+  const device = {
+    attach: vi.fn(async (pkg) => {
+      if (onAttachThrow) throw onAttachThrow;
+      device._attachedTo = pkg;
+      return session;
+    }),
+  };
+  const frida = {
+    getDevice: vi.fn(async (id) => {
+      device._id = id;
+      return device;
+    }),
+    getUsbDevice: vi.fn(async () => device),
+  };
+  return { frida, device, session, script, ops };
+}
+
+describe("FridaKeyProvider — construction", () => {
+  it("defaults packageName to com.tencent.mm", () => {
+    const p = new FridaKeyProvider({});
+    expect(p._packageName).toBe("com.tencent.mm");
+  });
+
+  it("name is frida", () => {
+    const p = new FridaKeyProvider({});
+    expect(p.name).toBe("frida");
+  });
+
+  it("getKey throws FRIDA_BINDING_MISSING when frida not available", async () => {
+    const p = new FridaKeyProvider({});
+    try {
+      await p.getKey();
+      throw new Error("should have thrown");
+    } catch (err) {
+      expect(err.code).toBe("FRIDA_BINDING_MISSING");
+    }
+  });
+});
+
+describe("FridaKeyProvider — happy path", () => {
+  it("captures key hex and detaches", async () => {
+    const keyHex = "00112233445566778899aabbccddeeff" +
+                   "ffeeddccbbaa99887766554433221100";
+    const { frida, ops } = makeMockFrida({
+      messages: [
+        { kind: "hooked", symbol: "sqlite3_key", module: "libwcdb.so" },
+        { kind: "key", hex: keyHex.toUpperCase(), source: "sqlite3_key" },
+      ],
+    });
+    const p = new FridaKeyProvider({ frida, deviceId: "Z1", agentLoader: () => "/* mock agent */" });
+    const k = await p.getKey();
+    expect(k).toBe(keyHex); // lowercased
+    expect(ops.unloadCalled).toBe(1);
+    expect(ops.detachCalled).toBe(1);
+    const tel = p.getLastTelemetry();
+    expect(tel.keySource).toBe("sqlite3_key");
+    expect(tel.hooked).toHaveLength(1);
+    expect(tel.durationMs).toBeGreaterThanOrEqual(0);
+  });
+
+  it("uses USB device when no deviceId provided", async () => {
+    const { frida } = makeMockFrida({
+      messages: [{ kind: "key", hex: "aa" + "00".repeat(31), source: "sqlite3_key" }],
+    });
+    const p = new FridaKeyProvider({ frida, agentLoader: () => "/* mock */" });
+    await p.getKey();
+    expect(frida.getUsbDevice).toHaveBeenCalled();
+    expect(frida.getDevice).not.toHaveBeenCalled();
+  });
+});
+
+describe("FridaKeyProvider — error paths", () => {
+  it("WECHAT_NOT_RUNNING when attach reports process not found", async () => {
+    const { frida } = makeMockFrida({
+      onAttachThrow: new Error("unable to find process with name 'com.tencent.mm'"),
+    });
+    const p = new FridaKeyProvider({ frida, deviceId: "Z1", agentLoader: () => "" });
+    await expect(p.getKey()).rejects.toMatchObject({ code: "WECHAT_NOT_RUNNING" });
+  });
+
+  it("FRIDA_ATTACH_FAILED on generic attach error", async () => {
+    const { frida } = makeMockFrida({
+      onAttachThrow: new Error("permission denied"),
+    });
+    const p = new FridaKeyProvider({ frida, deviceId: "Z1", agentLoader: () => "" });
+    await expect(p.getKey()).rejects.toMatchObject({ code: "FRIDA_ATTACH_FAILED" });
+  });
+
+  it("FRIDA_ATTACH_FAILED + session cleanup when createScript throws", async () => {
+    const { frida, ops } = makeMockFrida({
+      onCreateScriptThrow: new Error("syntax error in agent"),
+    });
+    const p = new FridaKeyProvider({ frida, deviceId: "Z1", agentLoader: () => "BAD" });
+    await expect(p.getKey()).rejects.toMatchObject({ code: "FRIDA_ATTACH_FAILED" });
+    // Even though createScript threw, the session was already attached;
+    // implementation cleans it up in the catch path.
+    expect(ops.detachCalled).toBe(1);
+  });
+
+  it("WCDB_KEY_TIMEOUT when no key event in time", async () => {
+    const { frida, ops } = makeMockFrida({
+      messages: [{ kind: "hooked", symbol: "sqlite3_key", module: "libwcdb.so" }],
+    });
+    const p = new FridaKeyProvider({
+      frida,
+      deviceId: "Z1",
+      timeoutMs: 50,
+      agentLoader: () => "",
+    });
+    await expect(p.getKey()).rejects.toMatchObject({ code: "WCDB_KEY_TIMEOUT" });
+    expect(ops.unloadCalled).toBe(1);
+    expect(ops.detachCalled).toBe(1);
+  });
+
+  it("non-fatal hook errors are recorded but don't reject", async () => {
+    const keyHex = "ee" + "00".repeat(31);
+    const { frida } = makeMockFrida({
+      messages: [
+        { kind: "error", message: "Interceptor.attach failed for WCDBKeyDerive: not found" },
+        { kind: "hooked", symbol: "sqlite3_key", module: "libwcdb.so" },
+        { kind: "key", hex: keyHex, source: "sqlite3_key" },
+      ],
+    });
+    const p = new FridaKeyProvider({ frida, deviceId: "Z1", agentLoader: () => "" });
+    const k = await p.getKey();
+    expect(k).toBe(keyHex);
+    expect(p.getLastTelemetry().errors).toContain("Interceptor.attach failed for WCDBKeyDerive: not found");
+  });
+});
+
+describe("FridaKeyProvider — logger DI", () => {
+  it("logger receives frida-message events", async () => {
+    const events = [];
+    const { frida } = makeMockFrida({
+      messages: [
+        { kind: "hooked", symbol: "sqlite3_key", module: "libwcdb.so" },
+        { kind: "key", hex: "ff" + "00".repeat(31), source: "sqlite3_key" },
+      ],
+    });
+    const p = new FridaKeyProvider({
+      frida,
+      deviceId: "Z1",
+      agentLoader: () => "",
+      logger: (e) => events.push(e),
+    });
+    await p.getKey();
+    expect(events.some((e) => e.kind === "frida-message" && e.evt.kind === "hooked")).toBe(true);
+    expect(events.some((e) => e.kind === "frida-message" && e.evt.kind === "key")).toBe(true);
+  });
+});