@githolon/testing 0.5.1 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/vendor/engine/engine.mjs +48 -3
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@githolon/testing",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.7.0",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "@githolon/testing — law TDD for Nomos domains: boot the REAL engine plane in-process (the exact machinery every cloud DO, heavy container and web client runs), dispatch directives, assert rows, assert TYPED REFUSALS, fork for what-ifs — fully offline inside vitest.",
|
|
6
6
|
"license": "SEE LICENSE IN LICENSE.md",
|
package/vendor/engine/engine.mjs
CHANGED
|
@@ -1190,7 +1190,7 @@ export function author(eng, ws, domain, directiveId, payload, controllerHash, op
|
|
|
1190
1190
|
// (`warmEngine`, which every host already calls) flushes it eagerly. Pass
|
|
1191
1191
|
// `opts.deferProjection: false` to keep the pre-#47 synchronous refresh.
|
|
1192
1192
|
const defer = opts.deferProjection !== false;
|
|
1193
|
-
const res = JSON.parse(call(eng.ex, "author", { repoArg: repoArgOf(ws), workspace: ws, domain, directiveId, payloadFile: `/work/payload-${seq}.json`, envelopeFile: `/work/envelope-${seq}.json`, seq, actor: "", domainFile: genesis ? "/work/domain.package.usda" : "", domainHash: genesis ? "" : controllerHash, branch: BRANCH, ...(defer ? { deferProjection: true } : {}) }, eng.STDERR));
|
|
1193
|
+
const res = JSON.parse(call(eng.ex, "author", { repoArg: repoArgOf(ws), workspace: ws, domain, directiveId, payloadFile: `/work/payload-${seq}.json`, envelopeFile: `/work/envelope-${seq}.json`, seq, actor: opts.actor ?? "", domainFile: genesis ? "/work/domain.package.usda" : "", domainHash: genesis ? "" : controllerHash, branch: BRANCH, ...(defer ? { deferProjection: true } : {}) }, eng.STDERR));
|
|
1194
1194
|
if (defer && res.ok) (eng.pendingProjection ??= new Set()).add(ws);
|
|
1195
1195
|
return res;
|
|
1196
1196
|
}
|
|
@@ -1208,6 +1208,25 @@ export function flushDeferredProjections(eng) {
|
|
|
1208
1208
|
if (eng.pendingProjection) eng.pendingProjection.clear();
|
|
1209
1209
|
}
|
|
1210
1210
|
|
|
1211
|
+
// ── PROJECTION CHECKPOINT (the cold-fold fix) ──────────────────────────────────────────────
|
|
1212
|
+
// A `:memory:` projection is rebuilt cold on every mount → a long-chain workspace (root, every
|
|
1213
|
+
// workspace's governance hub) re-folds genesis→tip = O(chain) (14s at 1105 commits, and it OOMs
|
|
1214
|
+
// the DO under load). The checkpoint persists the folded projection (cursor + every table) so a
|
|
1215
|
+
// cold mount RESTORES it and the first read folds only tip−cursor (O(delta)).
|
|
1216
|
+
|
|
1217
|
+
/** Export `ws`'s projection-at-head to a base64 blob the HOST persists. Returns
|
|
1218
|
+
* `{cursor, blob, bytes}` (or `{empty:true}` for an unborn branch). */
|
|
1219
|
+
export function exportCheckpoint(eng, ws) {
|
|
1220
|
+
return JSON.parse(call(eng.ex, "checkpoint_export", { repoArg: repoArgOf(ws), workspace: ws, branch: BRANCH }, eng.STDERR));
|
|
1221
|
+
}
|
|
1222
|
+
|
|
1223
|
+
/** Restore a checkpoint blob into the pool BEFORE the first read on a cold mount (no-op if the pool
|
|
1224
|
+
* is already warm). The HOST restores ONLY a blob whose stored lawHash matches the workspace's
|
|
1225
|
+
* CURRENT law (schema parity); a mismatched/absent blob costs at most a cold fold, never a wrong read. */
|
|
1226
|
+
export function importCheckpoint(eng, ws, blobB64) {
|
|
1227
|
+
return JSON.parse(call(eng.ex, "checkpoint_import", { repoArg: repoArgOf(ws), workspace: ws, branch: BRANCH, blob: blobB64 }, eng.STDERR));
|
|
1228
|
+
}
|
|
1229
|
+
|
|
1211
1230
|
// DURABILITY-BEFORE-ACK: only acked once the write LANDED in the ledger; a failed push
|
|
1212
1231
|
// unmounts (drops local state) so the next access re-restores from custody.
|
|
1213
1232
|
export async function commitAndPush(eng, ws, ledger) {
|
|
@@ -1219,14 +1238,40 @@ export async function commitAndPush(eng, ws, ledger) {
|
|
|
1219
1238
|
}
|
|
1220
1239
|
}
|
|
1221
1240
|
|
|
1222
|
-
|
|
1223
|
-
|
|
1241
|
+
// READ VISIBILITY (slice 5.1): the host STAMPS the presented `principal` onto the
|
|
1242
|
+
// read RPC (an impure identity read — never a host DECISION); the githolon gates the
|
|
1243
|
+
// read against its OWN folded role-bindings and returns `{ok:false, error:"read-
|
|
1244
|
+
// forbidden:..."}` for a private type the principal may not read. Absent/"" principal
|
|
1245
|
+
// is the pre-5.1 wire — public reads are byte-identical.
|
|
1246
|
+
// `keys` (slice 6) = the reader's injected scope keys [{scope, epoch, key(b64)}], resolved
|
|
1247
|
+
// host-side (X25519 unwrap). Threaded into the read RPC; the wasm AEAD-opens envelope fields.
|
|
1248
|
+
export const qById = (eng, ws, id, principal = "", keys = []) => JSON.parse(call(eng.ex, "query_by_id", { repoArg: repoArgOf(ws), workspace: ws, aggregateId: id, principal, keys, branch: BRANCH }, eng.STDERR));
|
|
1249
|
+
export const query = (eng, ws, queryId, paramsJson, principal = "", keys = []) => JSON.parse(call(eng.ex, "query", { repoArg: repoArgOf(ws), workspace: ws, queryId, paramsJson, principal, keys, branch: BRANCH }, eng.STDERR));
|
|
1250
|
+
// THE AUTHOR-SIDE SEAL (slice 6): encrypt a plaintext field value into the on-chain envelope
|
|
1251
|
+
// (XChaCha isn't in WebCrypto, so the client calls the wasm; the scope key is injected, never on chain).
|
|
1252
|
+
// The SLOT IDENTITY is the #58 STABLE SID (rename-safety): the caller resolves (type,field)→sid
|
|
1253
|
+
// from the law's nomosStableIds and passes aggSid/fieldSid; they ride IN the envelope so a rename
|
|
1254
|
+
// of the encrypted type/field never breaks decryption, and the gate proves they are the law's.
|
|
1255
|
+
export const cryptoSealField = (eng, { scopeKey, scope, epoch, aggSid, fieldSid, plaintext }) =>
|
|
1256
|
+
JSON.parse(call(eng.ex, "crypto_seal_field", { scopeKey, scope, epoch, aggSid, fieldSid, plaintext }, eng.STDERR)).envelope;
|
|
1257
|
+
// The client X25519 crypto (slice 6): keygen (device identity), wrap (committer → recipient pubkey),
|
|
1258
|
+
// unwrap (reader's device secret → scope key). The secret stays client/host-side, never on chain.
|
|
1259
|
+
export const cryptoKeygen = (eng) => JSON.parse(call(eng.ex, "crypto_keygen", {}, eng.STDERR));
|
|
1260
|
+
export const cryptoWrapKey = (eng, { recipientPub, scopeKey }) => JSON.parse(call(eng.ex, "crypto_wrap_key", { recipientPub, scopeKey }, eng.STDERR));
|
|
1261
|
+
export const cryptoUnwrapKey = (eng, { secret, hpkeEpk, ct }) => JSON.parse(call(eng.ex, "crypto_unwrap_key", { secret, hpkeEpk, ct }, eng.STDERR)).scopeKey;
|
|
1262
|
+
// THE READ-POSTURE PROBE (slice 5.1): the githolon's own verdict on whether the
|
|
1263
|
+
// workspace is private + whether `principal` may read ALL of it — the host relays it
|
|
1264
|
+
// to gate the BULK reads (snapshot, git clone, count/sum) it cannot gate per-row-type.
|
|
1265
|
+
export const readPosture = (eng, ws, principal = "") => JSON.parse(call(eng.ex, "read_posture", { repoArg: repoArgOf(ws), workspace: ws, principal, branch: BRANCH }, eng.STDERR));
|
|
1224
1266
|
export const count = (eng, ws, countId, groupKey) => JSON.parse(call(eng.ex, "count", { repoArg: repoArgOf(ws), workspace: ws, countId, groupKey, branch: BRANCH }, eng.STDERR));
|
|
1225
1267
|
export const sum = (eng, ws, sumId, groupKey) => JSON.parse(call(eng.ex, "sum", { repoArg: repoArgOf(ws), workspace: ws, sumId, groupKey, branch: BRANCH }, eng.STDERR));
|
|
1226
1268
|
/** The maintained O(1) min/max read (#47 — the slice-4 extremum hand-back made an RPC).
|
|
1227
1269
|
* `kind` = "min"|"max"; an absent group answers `value: null` (never a fabricated 0). */
|
|
1228
1270
|
export const extremum = (eng, ws, extremumId, kind, groupKey) => JSON.parse(call(eng.ex, "extremum", { repoArg: repoArgOf(ws), workspace: ws, extremumId, kind, groupKey: groupKey ?? "", branch: BRANCH }, eng.STDERR));
|
|
1229
1271
|
export const nomosActive = (eng, ws) => qById(eng, ws, `domain-installation:${eng.hashes.nomos}`).length > 0;
|
|
1272
|
+
// E2E crypto linkage probe (the encryption arc): run the wrap→unwrap + field seal→open
|
|
1273
|
+
// INSIDE the deployable wasm. Pure — no workspace, no chain. Returns {wrapHandoff, fieldAead}.
|
|
1274
|
+
export const cryptoSelftest = (eng) => JSON.parse(call(eng.ex, "crypto_selftest", { repoArg: "/work/none" }, eng.STDERR));
|
|
1230
1275
|
|
|
1231
1276
|
/** Re-admit ONE carried intent (bytes) on local main — the DLQ-retry primitive. */
|
|
1232
1277
|
export function applyIntentBytes(eng, ws, bytes) {
|