@chainlesschain/personal-data-hub 0.2.0 → 0.2.2

package/__tests__/adapters/wechat-env-probe.test.js

@@ -0,0 +1,162 @@
+"use strict";
+
+import { describe, it, expect } from "vitest";
+
+const { probe, decide } = require("../../lib/adapters/wechat/env-probe");
+
+/**
+ * Build a scripted exec that returns a canned response per matching
+ * substring. Falls back to `{ code: 1, stdout: "", stderr: "" }`.
+ */
+function makeExec(table) {
+  return async (cmd) => {
+    for (const [needle, response] of table) {
+      if (cmd.includes(needle)) return { code: 0, stdout: response, stderr: "" };
+    }
+    return { code: 1, stdout: "", stderr: "" };
+  };
+}
+
+const ADB_DEVICES_OK = "List of devices attached\nABC123XYZ\tdevice\n\n";
+const WECHAT_7 = "    versionName=7.0.22\n";
+const WECHAT_8 = "    versionName=8.0.50\n";
+const NETSTAT_FRIDA = "tcp        0      0 0.0.0.0:27042           0.0.0.0:*               LISTEN\n";
+
+describe("decide() — pure decision logic", () => {
+  it("device unreachable → unsupported", () => {
+    const r = decide({
+      device: { reachable: false }, root: {}, frida: {}, wechat: {},
+    });
+    expect(r.suggestedKeyProvider).toBe("unsupported");
+  });
+
+  it("WeChat 7.x → md5 regardless of root/frida", () => {
+    const r = decide({
+      device: { reachable: true },
+      root: { detected: false },
+      frida: { serverRunning: false },
+      wechat: { installed: true, versionName: "7.0.22", majorVersion: 7 },
+    });
+    expect(r.suggestedKeyProvider).toBe("md5");
+  });
+
+  it("WeChat 8.x + root + frida → frida", () => {
+    const r = decide({
+      device: { reachable: true },
+      root: { detected: true, magiskInstalled: true },
+      frida: { serverRunning: true, port: 27042 },
+      wechat: { installed: true, versionName: "8.0.50", majorVersion: 8 },
+    });
+    expect(r.suggestedKeyProvider).toBe("frida");
+  });
+
+  it("WeChat 8.x + no root → unsupported", () => {
+    const r = decide({
+      device: { reachable: true },
+      root: { detected: false },
+      frida: { serverRunning: true },
+      wechat: { installed: true, versionName: "8.0.50", majorVersion: 8 },
+    });
+    expect(r.suggestedKeyProvider).toBe("unsupported");
+    expect(r.reasons.join(" ")).toMatch(/root/);
+  });
+
+  it("WeChat 8.x + root + no frida-server → unsupported", () => {
+    const r = decide({
+      device: { reachable: true },
+      root: { detected: true },
+      frida: { serverRunning: false },
+      wechat: { installed: true, versionName: "8.0.50", majorVersion: 8 },
+    });
+    expect(r.suggestedKeyProvider).toBe("unsupported");
+    expect(r.reasons.join(" ")).toMatch(/frida-server/i);
+  });
+
+  it("WeChat not installed → unsupported", () => {
+    const r = decide({
+      device: { reachable: true },
+      root: { detected: true },
+      frida: { serverRunning: true },
+      wechat: { installed: false },
+    });
+    expect(r.suggestedKeyProvider).toBe("unsupported");
+    expect(r.reasons.join(" ")).toMatch(/not installed/);
+  });
+
+  it("WeChat 8.x + root + frida + no Magisk → frida (warn reason)", () => {
+    const r = decide({
+      device: { reachable: true },
+      root: { detected: true, magiskInstalled: false },
+      frida: { serverRunning: true, port: 27042 },
+      wechat: { installed: true, versionName: "8.0.50", majorVersion: 8 },
+    });
+    expect(r.suggestedKeyProvider).toBe("frida");
+    expect(r.reasons.join(" ")).toMatch(/Magisk not detected/);
+  });
+});
+
+describe("probe() — end-to-end with mock exec", () => {
+  it("returns unsupported when no device", async () => {
+    const exec = makeExec([["adb devices", "List of devices attached\n\n"]]);
+    const r = await probe({ exec });
+    expect(r.ok).toBe(false);
+    expect(r.suggestedKeyProvider).toBe("unsupported");
+    expect(r.device.reachable).toBe(false);
+  });
+
+  it("WeChat 7.x device → md5 path", async () => {
+    const exec = makeExec([
+      ["adb devices", ADB_DEVICES_OK],
+      ["getprop ro.product.cpu.abi", "arm64-v8a\n"],
+      ["com.tencent.mm", WECHAT_7],
+    ]);
+    const r = await probe({ exec });
+    expect(r.ok).toBe(true);
+    expect(r.suggestedKeyProvider).toBe("md5");
+    expect(r.device.serial).toBe("ABC123XYZ");
+    expect(r.device.abi).toBe("arm64-v8a");
+    expect(r.wechat.majorVersion).toBe(7);
+  });
+
+  it("WeChat 8.x + rooted + frida → frida path", async () => {
+    const exec = makeExec([
+      ["adb devices", ADB_DEVICES_OK],
+      ["getprop ro.product.cpu.abi", "arm64-v8a\n"],
+      ['su -c id', "uid=0(root) gid=0(root) groups=0(root)\n"],
+      ["command -v magisk", "/system/bin/magisk\n"],
+      ["pgrep -f frida-server", "12345\n"],
+      ["netstat -tln", NETSTAT_FRIDA],
+      ["com.tencent.mm", WECHAT_8],
+    ]);
+    const r = await probe({ exec });
+    expect(r.ok).toBe(true);
+    expect(r.suggestedKeyProvider).toBe("frida");
+    expect(r.root.detected).toBe(true);
+    expect(r.root.magiskInstalled).toBe(true);
+    expect(r.frida.serverRunning).toBe(true);
+    expect(r.frida.port).toBe(27042);
+    expect(r.wechat.majorVersion).toBe(8);
+  });
+
+  it("WeChat 8.x but no root → unsupported with reason", async () => {
+    const exec = makeExec([
+      ["adb devices", ADB_DEVICES_OK],
+      ["getprop ro.product.cpu.abi", "arm64-v8a\n"],
+      ["com.tencent.mm", WECHAT_8],
+    ]);
+    const r = await probe({ exec });
+    expect(r.ok).toBe(false);
+    expect(r.suggestedKeyProvider).toBe("unsupported");
+    expect(r.reasons.join(" ")).toMatch(/root not detected/);
+  });
+
+  it("non-ARM ABI gets warning", async () => {
+    const exec = makeExec([
+      ["adb devices", ADB_DEVICES_OK],
+      ["getprop ro.product.cpu.abi", "x86_64\n"],
+      ["com.tencent.mm", WECHAT_7],
+    ]);
+    const r = await probe({ exec });
+    expect(r.warnings.join(" ")).toMatch(/x86_64/);
+  });
+});

package/__tests__/adapters/wechat-frida-agent.test.js

@@ -0,0 +1,322 @@
+"use strict";
+
+import { describe, it, expect, vi } from "vitest";
+
+const { loadAgentScript, runAgentUnderMock } = require("../../lib/adapters/wechat/frida-agent/loader");
+
+function hexToBuffer(hex) {
+  const out = new Uint8Array(hex.length / 2);
+  for (let i = 0; i < out.length; i++) {
+    out[i] = parseInt(hex.substr(i * 2, 2), 16);
+  }
+  return out.buffer;
+}
+
+/** Fake NativePointer — supports toInt32() (length) and readByteArray(len) (key bytes). */
+function fakePtr(value) {
+  return {
+    _v: value,
+    toInt32() { return typeof value === "number" ? value : 0; },
+    readByteArray(len) {
+      // value is a hex string for key bytes; len ignored beyond bounds
+      if (typeof value !== "string") return new Uint8Array(0).buffer;
+      const buf = hexToBuffer(value);
+      // truncate to requested len if needed
+      return new Uint8Array(buf, 0, Math.min(len, buf.byteLength)).buffer;
+    },
+  };
+}
+
+describe("frida-agent loader — script loading", () => {
+  it("loadAgentScript returns non-empty JS text", () => {
+    const src = loadAgentScript();
+    expect(src.length).toBeGreaterThan(100);
+    expect(src).toContain("libwcdb.so");
+    expect(src).toContain("sqlite3_key");
+  });
+});
+
+describe("frida-agent — sqlite3_key hook on module already loaded", () => {
+  it("emits hooked + key on sqlite3_key onEnter", () => {
+    const send = vi.fn();
+    const attached = {};
+    const Interceptor = {
+      attach(addr, handlers) {
+        attached[addr.symbol] = handlers;
+      },
+    };
+    const Module = {
+      findExportByName(mod, sym) {
+        if (mod !== "libwcdb.so") return null;
+        if (sym === "sqlite3_key") return { symbol: sym };
+        return null; // only sqlite3_key resolves; others null
+      },
+    };
+    const Process = {
+      findModuleByName(mod) { return mod === "libwcdb.so" ? { name: mod } : null; },
+    };
+
+    runAgentUnderMock({ Module, Process, Interceptor, send });
+
+    // After load, "hooked" event already sent
+    const hooked = send.mock.calls.find((c) => c[0].kind === "hooked");
+    expect(hooked).toBeDefined();
+    expect(hooked[0].symbol).toBe("sqlite3_key");
+    expect(hooked[0].module).toBe("libwcdb.so");
+
+    // Fire the hook: args = [sqlite3*, keyBytes, len]
+    const keyHex = "11223344556677889900aabbccddeeff" +
+                   "00112233445566778899aabbccddeeff"; // 64 hex = 32 bytes (SQLCipher 256-bit)
+    const args = [fakePtr(0), fakePtr(keyHex), fakePtr(32)];
+    attached.sqlite3_key.onEnter(args);
+
+    const key = send.mock.calls.find((c) => c[0].kind === "key");
+    expect(key).toBeDefined();
+    expect(key[0].hex).toBe(keyHex);
+    expect(key[0].source).toBe("sqlite3_key");
+  });
+
+  it("only emits the first key event (anti-detection: hook fires once)", () => {
+    const send = vi.fn();
+    const attached = {};
+    const Interceptor = {
+      attach(addr, handlers) { attached[addr.symbol] = handlers; },
+    };
+    const Module = {
+      findExportByName(mod, sym) {
+        if (sym === "sqlite3_key") return { symbol: sym };
+        return null;
+      },
+    };
+    const Process = { findModuleByName() { return { name: "libwcdb.so" }; } };
+
+    runAgentUnderMock({ Module, Process, Interceptor, send });
+
+    const args = [fakePtr(0), fakePtr("aabb" + "00".repeat(30)), fakePtr(32)];
+    attached.sqlite3_key.onEnter(args);
+    attached.sqlite3_key.onEnter(args);
+    attached.sqlite3_key.onEnter(args);
+
+    const keyEvents = send.mock.calls.filter((c) => c[0].kind === "key");
+    expect(keyEvents).toHaveLength(1);
+  });
+
+  it("rejects implausible key length with error event", () => {
+    const send = vi.fn();
+    const attached = {};
+    const Interceptor = {
+      attach(addr, handlers) { attached[addr.symbol] = handlers; },
+    };
+    const Module = {
+      findExportByName(mod, sym) { return sym === "sqlite3_key" ? { symbol: sym } : null; },
+    };
+    const Process = { findModuleByName() { return { name: "libwcdb.so" }; } };
+
+    runAgentUnderMock({ Module, Process, Interceptor, send });
+
+    attached.sqlite3_key.onEnter([fakePtr(0), fakePtr("aa"), fakePtr(9999)]);
+
+    const errs = send.mock.calls.filter((c) => c[0].kind === "error");
+    expect(errs.length).toBeGreaterThan(0);
+    expect(errs[0][0].message).toMatch(/implausible key length 9999/);
+  });
+});
+
+describe("frida-agent — fallback symbol resolution", () => {
+  it("attaches to wcdb_setkey when sqlite3_key absent", () => {
+    const send = vi.fn();
+    const attached = {};
+    const Interceptor = {
+      attach(addr, handlers) { attached[addr.symbol] = handlers; },
+    };
+    const Module = {
+      findExportByName(mod, sym) {
+        // WeChat 8.x renamed primary symbol
+        if (sym === "wcdb_setkey") return { symbol: sym };
+        return null;
+      },
+    };
+    const Process = { findModuleByName() { return { name: "libwcdb.so" }; } };
+
+    runAgentUnderMock({ Module, Process, Interceptor, send });
+
+    const hooked = send.mock.calls.find((c) => c[0].kind === "hooked");
+    expect(hooked[0].symbol).toBe("wcdb_setkey");
+    expect(attached.wcdb_setkey).toBeDefined();
+  });
+
+  it("emits source = matched symbol when fallback fires", () => {
+    const send = vi.fn();
+    const attached = {};
+    const Interceptor = {
+      attach(addr, handlers) { attached[addr.symbol] = handlers; },
+    };
+    const Module = {
+      findExportByName(mod, sym) {
+        return sym === "WCDBKeyDerive" ? { symbol: sym } : null;
+      },
+    };
+    const Process = { findModuleByName() { return { name: "libwcdb.so" }; } };
+
+    runAgentUnderMock({ Module, Process, Interceptor, send });
+
+    attached.WCDBKeyDerive.onEnter([
+      fakePtr(0),
+      fakePtr("deadbeef" + "00".repeat(28)),
+      fakePtr(32),
+    ]);
+
+    const key = send.mock.calls.find((c) => c[0].kind === "key");
+    expect(key[0].source).toBe("WCDBKeyDerive");
+  });
+});
+
+describe("frida-agent — sjqz-audit fixes (sig + format + module case)", () => {
+  // Helper extending fakePtr with readCString for ascii-hex tests.
+  function fakeAsciiHexPtr(asciiHex) {
+    return {
+      _v: asciiHex,
+      toInt32() { return 0; },
+      readByteArray(_len) { return new Uint8Array(0).buffer; },
+    };
+  }
+  function memoryReadCString(ptr, _maxLen) {
+    return ptr && typeof ptr._v === "string" ? ptr._v : null;
+  }
+
+  it("attaches when only uppercase libWCDB.so resolves (sjqz canonical name)", () => {
+    const send = vi.fn();
+    const Interceptor = { attach: vi.fn() };
+    const Module = {
+      findExportByName(mod, sym) {
+        return mod === "libWCDB.so" && sym === "sqlite3_key"
+          ? { symbol: sym }
+          : null;
+      },
+    };
+    const Process = {
+      findModuleByName(mod) {
+        return mod === "libWCDB.so" ? { name: mod } : null;
+      },
+    };
+
+    runAgentUnderMock({ Module, Process, Interceptor, send });
+
+    const hooked = send.mock.calls.find((c) => c[0].kind === "hooked");
+    expect(hooked).toBeDefined();
+    expect(hooked[0].module).toBe("libWCDB.so");
+  });
+
+  it("v2 hook reads key from args[2] and length from args[3] (not args[1]/[2])", () => {
+    const send = vi.fn();
+    const attached = {};
+    const Interceptor = {
+      attach(addr, handlers) { attached[addr.symbol] = handlers; },
+    };
+    const Module = {
+      findExportByName(mod, sym) {
+        return sym === "sqlite3_key_v2" ? { symbol: sym } : null;
+      },
+    };
+    const Process = { findModuleByName() { return { name: "libwcdb.so" }; } };
+
+    runAgentUnderMock({ Module, Process, Interceptor, send });
+
+    // sqlite3_key_v2(sqlite3 *db, const char *zDbName, const void *pKey, int nKey)
+    // args[0]=db, args[1]=name, args[2]=keyBytes, args[3]=len
+    const dbNamePtr = fakePtr("ffeeffeeffeeffeeffeeffeeffeeffee");  // would be wrong if read as key
+    const keyHex = "12345678" + "00".repeat(28);                     // 32 bytes
+    const args = [
+      fakePtr(0),                   // db
+      dbNamePtr,                    // name (NOT the key)
+      fakePtr(keyHex),              // pKey — correct args[2]
+      fakePtr(32),                  // nKey — correct args[3]
+    ];
+    attached.sqlite3_key_v2.onEnter(args);
+
+    const keyEvt = send.mock.calls.find((c) => c[0].kind === "key");
+    expect(keyEvt).toBeDefined();
+    expect(keyEvt[0].hex).toBe(keyHex);           // proves args[2] was read, not args[1]
+    expect(keyEvt[0].sig).toBe("v2");
+    expect(keyEvt[0].format).toBe("raw-bytes");
+    expect(keyEvt[0].length).toBe(32);
+  });
+
+  it("reads ascii-hex key via readCString when length === 64", () => {
+    const send = vi.fn();
+    const attached = {};
+    const Interceptor = {
+      attach(addr, handlers) { attached[addr.symbol] = handlers; },
+    };
+    const Module = {
+      findExportByName(mod, sym) {
+        return sym === "sqlite3_key" ? { symbol: sym } : null;
+      },
+    };
+    const Process = { findModuleByName() { return { name: "libwcdb.so" }; } };
+    const Memory = { readCString: memoryReadCString };
+
+    runAgentUnderMock({ Module, Process, Interceptor, send, Memory });
+
+    // 64-char ASCII hex string + len=64 → readCString path (sjqz scenario)
+    const asciiHex = "ABCDEF0123456789".repeat(4).toLowerCase();
+    const args = [fakePtr(0), fakeAsciiHexPtr(asciiHex), fakePtr(64)];
+    attached.sqlite3_key.onEnter(args);
+
+    const keyEvt = send.mock.calls.find((c) => c[0].kind === "key");
+    expect(keyEvt).toBeDefined();
+    expect(keyEvt[0].hex).toBe(asciiHex);
+    expect(keyEvt[0].format).toBe("ascii-hex");
+    expect(keyEvt[0].length).toBe(64);
+  });
+
+  it("emits unsupported-signature error for mangled C++ symbol (no host attempt)", () => {
+    const send = vi.fn();
+    const attached = {};
+    const Interceptor = {
+      attach(addr, handlers) { attached[addr.symbol] = handlers; },
+    };
+    const mangledSymbol =
+      "_ZN4WCDB8Database13setCipherKeyERKNSt6__ndk112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEE";
+    const Module = {
+      findExportByName(mod, sym) {
+        return sym === mangledSymbol ? { symbol: sym } : null;
+      },
+    };
+    const Process = { findModuleByName() { return { name: "libwcdb.so" }; } };
+
+    runAgentUnderMock({ Module, Process, Interceptor, send });
+
+    attached[mangledSymbol].onEnter([fakePtr(0), fakePtr("aabb"), fakePtr(32)]);
+
+    const errEvt = send.mock.calls.find(
+      (c) => c[0].kind === "error" && /unsupported symbol signature/.test(c[0].message),
+    );
+    expect(errEvt).toBeDefined();
+    // And NO key event emitted (host must fall back to MD5 path).
+    const keyEvt = send.mock.calls.find((c) => c[0].kind === "key");
+    expect(keyEvt).toBeUndefined();
+  });
+});
+
+describe("frida-agent — module not yet loaded path", () => {
+  it("emits module-waiting and schedules retry", () => {
+    const send = vi.fn();
+    const Interceptor = { attach: vi.fn() };
+    const Module = { findExportByName: vi.fn().mockReturnValue(null) };
+    const Process = { findModuleByName: vi.fn().mockReturnValue(null) };
+    const setTimeoutMock = vi.fn();
+
+    runAgentUnderMock({ Module, Process, Interceptor, send, setTimeout: setTimeoutMock });
+
+    const waiting = send.mock.calls.find((c) => c[0].kind === "module-waiting");
+    expect(waiting).toBeDefined();
+    // Post-sjqz audit: agent now tries both libWCDB.so (uppercase, sjqz-verified)
+    // and libwcdb.so. The module-waiting event surfaces the join so the
+    // host telemetry shows both attempted names.
+    expect(waiting[0].module).toBe("libWCDB.so|libwcdb.so");
+    expect(setTimeoutMock).toHaveBeenCalled();
+    // First retry delay 500ms
+    expect(setTimeoutMock.mock.calls[0][1]).toBe(500);
+  });
+});

package/__tests__/adapters/wechat-frida-integration.test.js

@@ -0,0 +1,149 @@
+"use strict";
+
+import { describe, it, expect, vi } from "vitest";
+
+const {
+  WechatAdapter,
+  WeChatFridaKeyProvider,
+} = require("../../lib/adapters/wechat");
+
+/**
+ * Phase 12.6.5 — integration: WechatAdapter.authenticate flow against
+ * a mock FridaKeyProvider. We don't open a real SQLCipher DB here —
+ * that requires a fixture + better-sqlite3-multiple-ciphers compiled
+ * against the host's Node ABI, and is covered separately in the v0.5
+ * suite. Goal of this slice: prove the adapter's KeyProvider DI seam
+ * works identically for the Frida path.
+ */
+
+function mockFrida({ keyHex, throwOnAttach, delayMs = 0 } = {}) {
+  const script = {
+    message: { connect: (h) => { script._handler = h; } },
+    load: async () => {
+      setTimeout(() => {
+        if (!script._handler) return;
+        script._handler({ type: "send", payload: {
+          kind: "hooked", symbol: "sqlite3_key", module: "libwcdb.so",
+        } });
+        script._handler({ type: "send", payload: {
+          kind: "key", hex: keyHex, source: "sqlite3_key",
+        } });
+      }, delayMs);
+    },
+    unload: async () => {},
+  };
+  const session = {
+    createScript: async () => script,
+    detach: async () => {},
+  };
+  const device = {
+    attach: async () => {
+      if (throwOnAttach) throw new Error(throwOnAttach);
+      return session;
+    },
+  };
+  return {
+    getDevice: async () => device,
+    getUsbDevice: async () => device,
+  };
+}
+
+describe("WechatAdapter + FridaKeyProvider — DI integration", () => {
+  it("authenticate succeeds when frida provides a key", async () => {
+    // dbPath needs to point to a real file for the existsSync gate
+    const fs = require("node:fs");
+    const path = require("node:path");
+    const os = require("node:os");
+    const tmpDb = path.join(os.tmpdir(), `wechat-mock-${Date.now()}.db`);
+    fs.writeFileSync(tmpDb, "fake sqlite header");
+
+    const frida = mockFrida({ keyHex: "ab".repeat(32) /* 64 hex */ });
+    const keyProvider = new WeChatFridaKeyProvider({
+      frida,
+      deviceId: "TEST",
+      agentLoader: () => "/* test agent */",
+    });
+
+    const adapter = new WechatAdapter({
+      account: { uin: "1234567890" },
+      dbPath: tmpDb,
+      keyProvider,
+    });
+
+    const r = await adapter.authenticate();
+    expect(r.ok).toBe(true);
+    expect(r.account).toBe("1234567890");
+
+    try { fs.unlinkSync(tmpDb); } catch (_e) { /* test cleanup */ }
+  });
+
+  it("authenticate reports NO_KEY_PROVIDER when keyProvider absent", async () => {
+    const fs = require("node:fs");
+    const path = require("node:path");
+    const os = require("node:os");
+    const tmpDb = path.join(os.tmpdir(), `wechat-mock-${Date.now()}.db`);
+    fs.writeFileSync(tmpDb, "fake");
+
+    const adapter = new WechatAdapter({
+      account: { uin: "1234567890" },
+      dbPath: tmpDb,
+      // keyProvider omitted on purpose
+    });
+    const r = await adapter.authenticate();
+    expect(r.ok).toBe(false);
+    expect(r.reason).toBe("NO_KEY_PROVIDER");
+
+    try { fs.unlinkSync(tmpDb); } catch (_e) { /* test cleanup */ }
+  });
+
+  it("authenticate reports KEY_PROVIDER_THREW when Frida times out", async () => {
+    const fs = require("node:fs");
+    const path = require("node:path");
+    const os = require("node:os");
+    const tmpDb = path.join(os.tmpdir(), `wechat-mock-${Date.now()}.db`);
+    fs.writeFileSync(tmpDb, "fake");
+
+    // Mock with no messages → will timeout
+    const session = {
+      createScript: async () => ({
+        message: { connect: () => {} },
+        load: async () => {},
+        unload: async () => {},
+      }),
+      detach: async () => {},
+    };
+    const frida = {
+      getDevice: async () => ({ attach: async () => session }),
+      getUsbDevice: async () => ({ attach: async () => session }),
+    };
+    const keyProvider = new WeChatFridaKeyProvider({
+      frida,
+      deviceId: "TEST",
+      agentLoader: () => "",
+      timeoutMs: 30,
+    });
+
+    const adapter = new WechatAdapter({
+      account: { uin: "1234567890" },
+      dbPath: tmpDb,
+      keyProvider,
+    });
+
+    const r = await adapter.authenticate();
+    expect(r.ok).toBe(false);
+    expect(r.reason).toBe("KEY_PROVIDER_THREW");
+    expect(r.error).toMatch(/30ms/);
+
+    try { fs.unlinkSync(tmpDb); } catch (_e) { /* test cleanup */ }
+  });
+
+  it("DB_NOT_PULLED takes precedence over keyProvider absence", async () => {
+    const adapter = new WechatAdapter({
+      account: { uin: "1234567890" },
+      dbPath: "/definitely/not/a/real/path/wechat.db",
+    });
+    const r = await adapter.authenticate();
+    expect(r.ok).toBe(false);
+    expect(r.reason).toBe("DB_NOT_PULLED");
+  });
+});