@githolon/testing 0.5.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@githolon/testing",
3
- "version": "0.5.0",
3
+ "version": "0.6.0",
4
4
  "type": "module",
5
5
  "description": "@githolon/testing — law TDD for Nomos domains: boot the REAL engine plane in-process (the exact machinery every cloud DO, heavy container and web client runs), dispatch directives, assert rows, assert TYPED REFUSALS, fork for what-ifs — fully offline inside vitest.",
6
6
  "license": "SEE LICENSE IN LICENSE.md",
@@ -1149,6 +1149,15 @@ export function unmount(eng, ws) {
1149
1149
 
1150
1150
  function writeWork(eng, name, bytes) { eng.preopen.dir.contents.set(name, new File(bytes)); }
1151
1151
 
1152
+ /** THE CURRENT LAW PER DOMAIN KEY — the holon's OWN resolution (`refresh_key_map`,
1153
+ * the map the verify walk and every dispatch use: latest Active install per key
1154
+ * by install stamp). Returns `{ "<domainKey>": "<currentHash>", … }`. status uses
1155
+ * THIS instead of re-deriving recency host-side from deploy order. */
1156
+ export function currentLaw(eng, ws) {
1157
+ const out = JSON.parse(call(eng.ex, "current_law", { repoArg: repoArgOf(ws), branch: BRANCH }, eng.STDERR));
1158
+ return out.keyMap || {};
1159
+ }
1160
+
1152
1161
  /** THE EVOLVE DRY-RUN (managed_rollout.md slice 1 — "would this upgrade admit?"):
1153
1162
  * the evolve gate's pure judgment over the mounted workspace's folded state and a
1154
1163
  * CANDIDATE package, without installing. Returns {admits} or {admits:false,
@@ -1210,14 +1219,40 @@ export async function commitAndPush(eng, ws, ledger) {
1210
1219
  }
1211
1220
  }
1212
1221
 
1213
- export const qById = (eng, ws, id) => JSON.parse(call(eng.ex, "query_by_id", { repoArg: repoArgOf(ws), workspace: ws, aggregateId: id, branch: BRANCH }, eng.STDERR));
1214
- export const query = (eng, ws, queryId, paramsJson) => JSON.parse(call(eng.ex, "query", { repoArg: repoArgOf(ws), workspace: ws, queryId, paramsJson, branch: BRANCH }, eng.STDERR));
1222
+ // READ VISIBILITY (slice 5.1): the host STAMPS the presented `principal` onto the
1223
+ // read RPC (an impure identity read never a host DECISION); the githolon gates the
1224
+ // read against its OWN folded role-bindings and returns `{ok:false, error:"read-
1225
+ // forbidden:..."}` for a private type the principal may not read. Absent/"" principal
1226
+ // is the pre-5.1 wire — public reads are byte-identical.
1227
+ // `keys` (slice 6) = the reader's injected scope keys [{scope, epoch, key(b64)}], resolved
1228
+ // host-side (X25519 unwrap). Threaded into the read RPC; the wasm AEAD-opens envelope fields.
1229
+ export const qById = (eng, ws, id, principal = "", keys = []) => JSON.parse(call(eng.ex, "query_by_id", { repoArg: repoArgOf(ws), workspace: ws, aggregateId: id, principal, keys, branch: BRANCH }, eng.STDERR));
1230
+ export const query = (eng, ws, queryId, paramsJson, principal = "", keys = []) => JSON.parse(call(eng.ex, "query", { repoArg: repoArgOf(ws), workspace: ws, queryId, paramsJson, principal, keys, branch: BRANCH }, eng.STDERR));
1231
+ // THE AUTHOR-SIDE SEAL (slice 6): encrypt a plaintext field value into the on-chain envelope
1232
+ // (XChaCha isn't in WebCrypto, so the client calls the wasm; the scope key is injected, never on chain).
1233
+ // The SLOT IDENTITY is the #58 STABLE SID (rename-safety): the caller resolves (type,field)→sid
1234
+ // from the law's nomosStableIds and passes aggSid/fieldSid; they ride IN the envelope so a rename
1235
+ // of the encrypted type/field never breaks decryption, and the gate proves they are the law's.
1236
+ export const cryptoSealField = (eng, { scopeKey, scope, epoch, aggSid, fieldSid, plaintext }) =>
1237
+ JSON.parse(call(eng.ex, "crypto_seal_field", { scopeKey, scope, epoch, aggSid, fieldSid, plaintext }, eng.STDERR)).envelope;
1238
+ // The client X25519 crypto (slice 6): keygen (device identity), wrap (committer → recipient pubkey),
1239
+ // unwrap (reader's device secret → scope key). The secret stays client/host-side, never on chain.
1240
+ export const cryptoKeygen = (eng) => JSON.parse(call(eng.ex, "crypto_keygen", {}, eng.STDERR));
1241
+ export const cryptoWrapKey = (eng, { recipientPub, scopeKey }) => JSON.parse(call(eng.ex, "crypto_wrap_key", { recipientPub, scopeKey }, eng.STDERR));
1242
+ export const cryptoUnwrapKey = (eng, { secret, hpkeEpk, ct }) => JSON.parse(call(eng.ex, "crypto_unwrap_key", { secret, hpkeEpk, ct }, eng.STDERR)).scopeKey;
1243
+ // THE READ-POSTURE PROBE (slice 5.1): the githolon's own verdict on whether the
1244
+ // workspace is private + whether `principal` may read ALL of it — the host relays it
1245
+ // to gate the BULK reads (snapshot, git clone, count/sum) it cannot gate per-row-type.
1246
+ export const readPosture = (eng, ws, principal = "") => JSON.parse(call(eng.ex, "read_posture", { repoArg: repoArgOf(ws), workspace: ws, principal, branch: BRANCH }, eng.STDERR));
1215
1247
  export const count = (eng, ws, countId, groupKey) => JSON.parse(call(eng.ex, "count", { repoArg: repoArgOf(ws), workspace: ws, countId, groupKey, branch: BRANCH }, eng.STDERR));
1216
1248
  export const sum = (eng, ws, sumId, groupKey) => JSON.parse(call(eng.ex, "sum", { repoArg: repoArgOf(ws), workspace: ws, sumId, groupKey, branch: BRANCH }, eng.STDERR));
1217
1249
  /** The maintained O(1) min/max read (#47 — the slice-4 extremum hand-back made an RPC).
1218
1250
  * `kind` = "min"|"max"; an absent group answers `value: null` (never a fabricated 0). */
1219
1251
  export const extremum = (eng, ws, extremumId, kind, groupKey) => JSON.parse(call(eng.ex, "extremum", { repoArg: repoArgOf(ws), workspace: ws, extremumId, kind, groupKey: groupKey ?? "", branch: BRANCH }, eng.STDERR));
1220
1252
  export const nomosActive = (eng, ws) => qById(eng, ws, `domain-installation:${eng.hashes.nomos}`).length > 0;
1253
+ // E2E crypto linkage probe (the encryption arc): run the wrap→unwrap + field seal→open
1254
+ // INSIDE the deployable wasm. Pure — no workspace, no chain. Returns {wrapHandoff, fieldAead}.
1255
+ export const cryptoSelftest = (eng) => JSON.parse(call(eng.ex, "crypto_selftest", { repoArg: "/work/none" }, eng.STDERR));
1221
1256
 
1222
1257
  /** Re-admit ONE carried intent (bytes) on local main — the DLQ-retry primitive. */
1223
1258
  export function applyIntentBytes(eng, ws, bytes) {