@githolon/testing 0.16.2 → 0.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@githolon/testing",
3
- "version": "0.16.2",
3
+ "version": "0.17.0",
4
4
  "type": "module",
5
5
  "description": "@githolon/testing — law TDD for Nomos domains: boot the REAL engine plane in-process (the exact machinery every cloud DO, heavy container and web client runs), dispatch directives, assert rows, assert TYPED REFUSALS, fork for what-ifs — fully offline inside vitest.",
6
6
  "license": "SEE LICENSE IN LICENSE.md",
@@ -1368,7 +1368,8 @@ export function evolveDryRun(eng, ws, usda, domainHash, dispositions = null) {
1368
1368
  * and the generated clients call. The minted id rides IN the payload, so replay
1369
1369
  * reads the captured id and never re-mints (determinism via capture). */
1370
1370
  export function mintId(eng, typeTag) {
1371
- return JSON.parse(call(eng.ex, "mint", { typeTag, nowMillis: Date.now() }, eng.STDERR)).id;
1371
+ // P8: id reservation rides the ONE opaque `query` verb (op:"mint") no legacy top-level mint arm.
1372
+ return JSON.parse(call(eng.ex, "query", { queryBytes: b64Json({ op: "mint", typeTag, nowMillis: Date.now() }) }, eng.STDERR)).id;
1372
1373
  }
1373
1374
 
1374
1375
  export function author(eng, ws, domain, directiveId, payload, controllerHash, opts = {}) {
@@ -1763,24 +1764,25 @@ export const expand = (eng, ws, object, relation) => JSON.parse(call(eng.ex, "qu
1763
1764
  // from the law's nomosStableIds and passes aggSid/fieldSid; they ride IN the envelope so a rename
1764
1765
  // of the encrypted type/field never breaks decryption, and the gate proves they are the law's.
1765
1766
  export const cryptoSealField = (eng, { scopeKey, scope, epoch, aggSid, fieldSid, plaintext }) =>
1766
- JSON.parse(call(eng.ex, "crypto_seal_field", { scopeKey, scope, epoch, aggSid, fieldSid, plaintext }, eng.STDERR)).envelope;
1767
+ JSON.parse(call(eng.ex, "query", { queryBytes: b64Json({ op: "cryptoSealField", scopeKey, scope, epoch, aggSid, fieldSid, plaintext }) }, eng.STDERR)).envelope;
1767
1768
  // The client X25519 crypto (slice 6): keygen (device identity), wrap (committer → recipient pubkey),
1768
1769
  // unwrap (reader's device secret → scope key). The secret stays client/adapter-side, never on chain.
1769
- export const cryptoKeygen = (eng) => JSON.parse(call(eng.ex, "crypto_keygen", {}, eng.STDERR));
1770
+ // P8: all ride the ONE opaque `query` verb (non-effectful producers) no legacy top-level crypto arms.
1771
+ export const cryptoKeygen = (eng) => JSON.parse(call(eng.ex, "query", { queryBytes: b64Json({ op: "cryptoKeygen" }) }, eng.STDERR));
1770
1772
 
1771
1773
  // AUTHOR DEVICE KEY (warrant-flip, identity_keys.md) — mint an ed25519 signing keypair IN the holon
1772
1774
  // (`author_keygen`); the secret stays client-side (here: the test/adapter injects it back as `authorSecret`
1773
1775
  // on the author call). Returns { ok, secret, public } (both base64). `author_sign` is the lower-level
1774
1776
  // standalone signer; the author DOOR signs internally from the injected secret, so callers use `author`.
1775
- export const authorKeygen = (eng) => JSON.parse(call(eng.ex, "author_keygen", {}, eng.STDERR));
1777
+ export const authorKeygen = (eng) => JSON.parse(call(eng.ex, "query", { queryBytes: b64Json({ op: "authorKeygen" }) }, eng.STDERR));
1776
1778
  // THE CROSS-CUSTODY ATTESTATION SIGNER (home_holons §3/§5) — the asserter's client produces a SIGNED QUOTE
1777
1779
  // over the edge it is sharing (`attestation_sign`; the bytes are derived IN-wasm — the `author_sign` parity
1778
1780
  // contract). The device `secret` (base64) is injected for THIS call only. Returns { ok, signature, publicKey }
1779
1781
  // (base64) — the parts a `recordShare` payload carries; the subject's home gate verifies them (§3 gate-arm).
1780
1782
  export const attestationSign = (eng, { secret, asserterWorkspace, object, relation, subject, attestedAt }) =>
1781
- JSON.parse(call(eng.ex, "attestation_sign", { secret, asserterWorkspace, object, relation, subject, attestedAt }, eng.STDERR));
1782
- export const cryptoWrapKey = (eng, { recipientPub, scopeKey }) => JSON.parse(call(eng.ex, "crypto_wrap_key", { recipientPub, scopeKey }, eng.STDERR));
1783
- export const cryptoUnwrapKey = (eng, { secret, hpkeEpk, ct }) => JSON.parse(call(eng.ex, "crypto_unwrap_key", { secret, hpkeEpk, ct }, eng.STDERR)).scopeKey;
1783
+ JSON.parse(call(eng.ex, "query", { queryBytes: b64Json({ op: "attestationSign", secret, asserterWorkspace, object, relation, subject, attestedAt }) }, eng.STDERR));
1784
+ export const cryptoWrapKey = (eng, { recipientPub, scopeKey }) => JSON.parse(call(eng.ex, "query", { queryBytes: b64Json({ op: "cryptoWrapKey", recipientPub, scopeKey }) }, eng.STDERR));
1785
+ export const cryptoUnwrapKey = (eng, { secret, hpkeEpk, ct }) => JSON.parse(call(eng.ex, "query", { queryBytes: b64Json({ op: "cryptoUnwrapKey", secret, hpkeEpk, ct }) }, eng.STDERR)).scopeKey;
1784
1786
  // THE READ-POSTURE PROBE (slice 5.1): the githolon's own verdict on whether the
1785
1787
  // workspace is private + whether `principal` may read ALL of it — the adapter relays it
1786
1788
  // to gate the WHOLE-LEDGER reads (snapshot, git clone) it cannot serve partially.