@haiai/haiai 0.1.2

package/tests/a2a.test.ts

@@ -0,0 +1,379 @@
+import { afterEach, describe, expect, it, vi } from 'vitest';
+
+describe('a2a facade wrappers', () => {
+  afterEach(() => {
+    vi.restoreAllMocks();
+    vi.resetModules();
+    vi.unmock('@hai.ai/jacs/a2a');
+  });
+
+  it('returns a clear error when optional A2A exports are unavailable', async () => {
+    vi.doMock('@hai.ai/jacs/a2a', () => ({
+      JACSA2AIntegration: undefined,
+    }));
+    const mod = await import('../src/a2a.js');
+
+    await expect(mod.getA2AIntegration({})).rejects.toThrow(
+      "Module '@hai.ai/jacs/a2a' does not export class 'JACSA2AIntegration'",
+    );
+  });
+
+  it('delegates A2A calls to JACSA2AIntegration', async () => {
+    const calls: Record<string, unknown[]> = {};
+    vi.doMock('@hai.ai/jacs/a2a', () => {
+      class FakeA2AIntegration {
+        private readonly client: unknown;
+        private readonly trustPolicy: unknown;
+
+        constructor(client: unknown, trustPolicy?: unknown) {
+          this.client = client;
+          this.trustPolicy = trustPolicy;
+          calls.ctor = [client, trustPolicy as unknown];
+        }
+
+        static quickstart(options: Record<string, unknown>): Record<string, unknown> {
+          calls.quickstart = [options];
+          return { quickstart: true, options };
+        }
+
+        exportAgentCard(agentData: Record<string, unknown>): Record<string, unknown> {
+          calls.exportAgentCard = [this.client, this.trustPolicy, agentData];
+          return { op: 'exportAgentCard', agentData };
+        }
+
+        signArtifact(
+          artifact: Record<string, unknown>,
+          artifactType: string,
+          parentSignatures: Record<string, unknown>[] | null,
+        ): Record<string, unknown> {
+          calls.signArtifact = [this.client, this.trustPolicy, artifact, artifactType, parentSignatures];
+          return { op: 'signArtifact', artifactType };
+        }
+
+        verifyWrappedArtifact(
+          wrappedArtifact: string | Record<string, unknown>,
+        ): Record<string, unknown> {
+          calls.verifyWrappedArtifact = [this.client, this.trustPolicy, wrappedArtifact];
+          return { op: 'verifyWrappedArtifact' };
+        }
+
+        createChainOfCustody(artifacts: Record<string, unknown>[]): Record<string, unknown> {
+          calls.createChainOfCustody = [this.client, this.trustPolicy, artifacts];
+          return { op: 'createChainOfCustody', count: artifacts.length };
+        }
+
+        generateWellKnownDocuments(
+          agentCard: unknown,
+          jwsSignature: string,
+          publicKeyB64: string,
+          agentData: Record<string, unknown>,
+        ): Record<string, unknown> {
+          calls.generateWellKnownDocuments = [
+            this.client,
+            this.trustPolicy,
+            agentCard,
+            jwsSignature,
+            publicKeyB64,
+            agentData,
+          ];
+          return { op: 'generateWellKnownDocuments' };
+        }
+
+        assessRemoteAgent(agentCardJson: string | Record<string, unknown>): Record<string, unknown> {
+          calls.assessRemoteAgent = [this.client, this.trustPolicy, agentCardJson];
+          return { op: 'assessRemoteAgent', allowed: true };
+        }
+
+        trustA2AAgent(agentCardJson: string | Record<string, unknown>): string {
+          calls.trustA2AAgent = [this.client, this.trustPolicy, agentCardJson];
+          return 'trusted-agent';
+        }
+      }
+
+      return {
+        JACSA2AIntegration: FakeA2AIntegration,
+      };
+    });
+
+    const mod = await import('../src/a2a.js');
+    const fakeClient = { kind: 'jacs-client' };
+    const options = { trustPolicy: 'strict' as const };
+
+    const integration = await mod.getA2AIntegration(fakeClient, options);
+    expect(calls.ctor).toEqual([fakeClient, 'strict']);
+
+    await expect(mod.quickstartA2A({
+      name: 'hai-agent',
+      domain: 'agent.example.com',
+      description: 'HAIAI agent',
+      algorithm: 'pq2025',
+    })).resolves.toEqual({
+      quickstart: true,
+      options: {
+        name: 'hai-agent',
+        domain: 'agent.example.com',
+        description: 'HAIAI agent',
+        algorithm: 'pq2025',
+      },
+    });
+
+    await expect(mod.exportAgentCard(fakeClient, { jacsId: 'agent-1' }, options)).resolves.toEqual({
+      op: 'exportAgentCard',
+      agentData: { jacsId: 'agent-1' },
+    });
+    expect(calls.exportAgentCard).toEqual([fakeClient, 'strict', { jacsId: 'agent-1' }]);
+
+    await expect(
+      mod.signArtifact(fakeClient, { taskId: 't-1' }, 'task', [{ parent: true }], options),
+    ).resolves.toEqual({ op: 'signArtifact', artifactType: 'task' });
+    expect(calls.signArtifact).toEqual([
+      fakeClient,
+      'strict',
+      { taskId: 't-1' },
+      'task',
+      [{ parent: true }],
+    ]);
+
+    await expect(mod.verifyArtifact(fakeClient, '{"wrapped":true}', options)).resolves.toEqual({
+      op: 'verifyWrappedArtifact',
+    });
+    expect(calls.verifyWrappedArtifact).toEqual([fakeClient, 'strict', '{"wrapped":true}']);
+
+    await expect(
+      mod.createChainOfCustody(fakeClient, [{ one: 1 }, { two: 2 }], options),
+    ).resolves.toEqual({
+      op: 'createChainOfCustody',
+      count: 2,
+    });
+    expect(calls.createChainOfCustody).toEqual([fakeClient, 'strict', [{ one: 1 }, { two: 2 }]]);
+
+    await expect(
+      mod.generateWellKnownDocuments(
+        fakeClient,
+        { name: 'Agent Card' },
+        'jws-signature',
+        'pubkey-b64',
+        { jacsId: 'agent-1' },
+        options,
+      ),
+    ).resolves.toEqual({
+      op: 'generateWellKnownDocuments',
+    });
+    expect(calls.generateWellKnownDocuments).toEqual([
+      fakeClient,
+      'strict',
+      { name: 'Agent Card' },
+      'jws-signature',
+      'pubkey-b64',
+      { jacsId: 'agent-1' },
+    ]);
+
+    await expect(mod.assessRemoteAgent(fakeClient, '{"card":true}', options)).resolves.toEqual({
+      op: 'assessRemoteAgent',
+      allowed: true,
+    });
+    expect(calls.assessRemoteAgent).toEqual([fakeClient, 'strict', '{"card":true}']);
+
+    await expect(mod.trustA2AAgent(fakeClient, '{"card":true}', options)).resolves.toBe('trusted-agent');
+    expect(calls.trustA2AAgent).toEqual([fakeClient, 'strict', '{"card":true}']);
+    expect(integration).toBeTruthy();
+  });
+
+  it('registerWithAgentCard merges card metadata and calls HaiClient.register', async () => {
+    vi.doMock('@hai.ai/jacs/a2a', () => {
+      class FakeA2AIntegration {
+        exportAgentCard(): Record<string, unknown> {
+          return {
+            name: 'Demo Agent',
+            supportedInterfaces: [{ url: 'https://agent.example.com', protocolBinding: 'jsonrpc', protocolVersion: '1.0' }],
+            capabilities: {},
+            skills: [{ id: 's1' }],
+            metadata: {},
+          };
+        }
+      }
+      return { JACSA2AIntegration: FakeA2AIntegration };
+    });
+
+    const mod = await import('../src/a2a.js');
+    const registerCalls: unknown[] = [];
+    const fakeHaiClient = {
+      jacsId: 'agent-1',
+      agentName: 'Agent One',
+      exportKeys: () => ({ publicKeyPem: '-----BEGIN PUBLIC KEY-----\nABC\n-----END PUBLIC KEY-----' }),
+      register: async (opts: Record<string, unknown>) => {
+        registerCalls.push(opts);
+        return { agentId: 'agent-1' };
+      },
+    };
+
+    const result = await mod.registerWithAgentCard(
+      fakeHaiClient,
+      {},
+      { jacsId: 'agent-1', jacsName: 'Agent One' },
+      { ownerEmail: 'owner@hai.ai', trustPolicy: 'verified' },
+    );
+
+    expect(registerCalls).toHaveLength(1);
+    const sent = registerCalls[0] as Record<string, unknown>;
+    expect(sent.ownerEmail).toBe('owner@hai.ai');
+    expect(typeof sent.agentJson).toBe('string');
+    const merged = JSON.parse(sent.agentJson as string) as Record<string, unknown>;
+    expect(merged.a2aAgentCard).toBeTruthy();
+    expect((merged.metadata as Record<string, unknown>).a2aProfile).toBe('1.0');
+    expect(result.agentCard).toBeTruthy();
+  });
+
+  it('onMediatedBenchmarkJob retries and submits signed artifacts', async () => {
+    const behavior = {
+      trustAllowed: true,
+      signatureValid: true,
+    };
+
+    vi.doMock('@hai.ai/jacs/a2a', () => {
+      class FakeA2AIntegration {
+        signArtifact(
+          artifact: Record<string, unknown>,
+          artifactType: string,
+        ): Record<string, unknown> {
+          return {
+            jacsType: `a2a-${artifactType}`,
+            a2aArtifact: artifact,
+            jacsSignature: { agentID: 'agent-1', signature: 'sig' },
+          };
+        }
+
+        verifyWrappedArtifact(): Record<string, unknown> {
+          return { valid: behavior.signatureValid, error: behavior.signatureValid ? '' : 'invalid' };
+        }
+
+        assessRemoteAgent(): Record<string, unknown> {
+          return { allowed: behavior.trustAllowed, reason: behavior.trustAllowed ? 'ok' : 'blocked' };
+        }
+      }
+      return { JACSA2AIntegration: FakeA2AIntegration };
+    });
+
+    const mod = await import('../src/a2a.js');
+    const submitCalls: unknown[] = [];
+    const emailCalls: unknown[] = [];
+    let onBenchmarkAttempts = 0;
+    const fakeHaiClient = {
+      onBenchmarkJob: async (handler: (job: Record<string, unknown>) => Promise<void>) => {
+        onBenchmarkAttempts += 1;
+        if (onBenchmarkAttempts === 1) {
+          throw new Error('temporary transport failure');
+        }
+        await handler({
+          runId: 'job-1',
+          data: {
+            job_id: 'job-1',
+            remoteAgentCard: { metadata: { jacsId: 'trusted-agent' } },
+            a2aTask: { wrapped: true },
+          },
+        });
+      },
+      submitResponse: async (...args: unknown[]) => {
+        submitCalls.push(args);
+        return { success: true };
+      },
+      sendEmail: async (opts: Record<string, unknown>) => {
+        emailCalls.push(opts);
+        return { status: 'sent' };
+      },
+    };
+
+    await mod.onMediatedBenchmarkJob(
+      fakeHaiClient,
+      {},
+      async () => ({ message: 'handled' }),
+      {
+        trustPolicy: 'strict',
+        transport: 'ws',
+        maxReconnectAttempts: 1,
+        enforceTrustPolicy: true,
+        verifyInboundArtifact: true,
+        notifyEmail: 'ops@hai.ai',
+      },
+    );
+
+    expect(onBenchmarkAttempts).toBe(2);
+    expect(submitCalls).toHaveLength(1);
+    expect(emailCalls).toHaveLength(1);
+  });
+
+  it('onMediatedBenchmarkJob rejects trust/signature failures', async () => {
+    const state = {
+      trustAllowed: false,
+      signatureValid: true,
+    };
+
+    vi.doMock('@hai.ai/jacs/a2a', () => {
+      class FakeA2AIntegration {
+        signArtifact(
+          artifact: Record<string, unknown>,
+          artifactType: string,
+        ): Record<string, unknown> {
+          return {
+            jacsType: `a2a-${artifactType}`,
+            a2aArtifact: artifact,
+            jacsSignature: { agentID: 'agent-1', signature: 'sig' },
+          };
+        }
+
+        verifyWrappedArtifact(): Record<string, unknown> {
+          return { valid: state.signatureValid, error: state.signatureValid ? '' : 'invalid' };
+        }
+
+        assessRemoteAgent(): Record<string, unknown> {
+          return { allowed: state.trustAllowed, reason: 'blocked' };
+        }
+      }
+      return { JACSA2AIntegration: FakeA2AIntegration };
+    });
+
+    const mod = await import('../src/a2a.js');
+    const fakeHaiClient = {
+      onBenchmarkJob: async (handler: (job: Record<string, unknown>) => Promise<void>) => {
+        await handler({
+          runId: 'job-1',
+          data: {
+            job_id: 'job-1',
+            remoteAgentCard: { metadata: { jacsId: 'unknown' } },
+            a2aTask: { wrapped: true },
+          },
+        });
+      },
+      submitResponse: async () => ({ success: true }),
+    };
+
+    await expect(
+      mod.onMediatedBenchmarkJob(
+        fakeHaiClient,
+        {},
+        async () => ({ message: 'handled' }),
+        {
+          transport: 'ws',
+          enforceTrustPolicy: true,
+          verifyInboundArtifact: true,
+        },
+      ),
+    ).rejects.toThrow('trust policy rejected remote agent');
+
+    state.trustAllowed = true;
+    state.signatureValid = false;
+
+    await expect(
+      mod.onMediatedBenchmarkJob(
+        fakeHaiClient,
+        {},
+        async () => ({ message: 'handled' }),
+        {
+          transport: 'ws',
+          enforceTrustPolicy: true,
+          verifyInboundArtifact: true,
+        },
+      ),
+    ).rejects.toThrow('inbound a2a task signature invalid');
+  });
+});

package/tests/binary.test.ts

@@ -0,0 +1,90 @@
+import { describe, it, expect } from "vitest";
+import { spawnSync } from "child_process";
+import { existsSync } from "fs";
+import path from "path";
+
+const PLATFORMS: Record<string, string> = {
+  "darwin-arm64": "@haiai/cli-darwin-arm64",
+  "darwin-x64": "@haiai/cli-darwin-x64",
+  "linux-x64": "@haiai/cli-linux-x64",
+  "linux-arm64": "@haiai/cli-linux-arm64",
+  "win32-x64": "@haiai/cli-win32-x64",
+};
+
+const binWrapper = path.resolve(__dirname, "..", "bin", "haiai.cjs");
+
+describe("binary wrapper", () => {
+  it("wrapper script exists and is valid JS", () => {
+    expect(existsSync(binWrapper)).toBe(true);
+    const content = require("fs").readFileSync(binWrapper, "utf-8");
+    expect(content).toContain("findBinary");
+    expect(content).toContain("PLATFORMS");
+  });
+
+  it("wrapper script can be parsed by Node.js without errors", () => {
+    const result = spawnSync(process.execPath, ["--check", binWrapper]);
+    expect(result.status).toBe(0);
+  });
+
+  it("wrapper exits gracefully when no binary is available", () => {
+    // Run with empty PATH and no platform packages to trigger fallback
+    const result = spawnSync(process.execPath, [binWrapper], {
+      env: { ...process.env, HAIAI_BINARY_PATH: "", PATH: "" },
+      timeout: 5000,
+    });
+    const stderr = result.stderr?.toString() ?? "";
+    // Should not crash with a ReferenceError (CJS/ESM mismatch)
+    expect(stderr).not.toContain("ReferenceError");
+    // Should not crash with a SyntaxError
+    expect(stderr).not.toContain("SyntaxError");
+  });
+
+  it("platform key matches a known package", () => {
+    const key = `${process.platform}-${process.arch}`;
+    expect(PLATFORMS[key]).toBeDefined();
+  });
+
+  it("platform package.json exists for current platform", () => {
+    const key = `${process.platform}-${process.arch}`;
+    const pkgName = PLATFORMS[key];
+    const pkgJsonPath = path.resolve(
+      __dirname,
+      "..",
+      "npm",
+      ...pkgName.split("/"),
+      "package.json"
+    );
+    expect(existsSync(pkgJsonPath)).toBe(true);
+
+    const pkg = JSON.parse(require("fs").readFileSync(pkgJsonPath, "utf-8"));
+    expect(pkg.name).toBe(pkgName);
+    expect(pkg.os).toContain(process.platform);
+    expect(pkg.cpu).toContain(process.arch);
+  });
+
+  it("all 5 platform packages have valid package.json", () => {
+    for (const [key, pkgName] of Object.entries(PLATFORMS)) {
+      const pkgJsonPath = path.resolve(
+        __dirname,
+        "..",
+        "npm",
+        ...pkgName.split("/"),
+        "package.json"
+      );
+      expect(existsSync(pkgJsonPath)).toBe(true);
+
+      const pkg = JSON.parse(require("fs").readFileSync(pkgJsonPath, "utf-8"));
+      expect(pkg.name).toBe(pkgName);
+      expect(pkg.os).toBeDefined();
+      expect(pkg.cpu).toBeDefined();
+      expect(pkg.bin).toBeDefined();
+      expect(pkg.bin.haiai).toBeDefined();
+    }
+  });
+
+  it("wrapper falls back gracefully when binary not present", () => {
+    const content = require("fs").readFileSync(binWrapper, "utf-8");
+    expect(content).toContain("native binary not found");
+    expect(content).toContain("process.exit(1)");
+  });
+});

package/tests/client-api-methods.test.ts

@@ -0,0 +1,176 @@
+import { afterEach, describe, expect, it, vi } from 'vitest';
+import { HaiClient } from '../src/client.js';
+import { generateTestKeypair as generateKeypair } from './setup.js';
+
+async function makeClient(jacsId: string = 'agent/with/slash'): Promise<HaiClient> {
+  const keypair = generateKeypair();
+  return HaiClient.fromCredentials(jacsId, keypair.privateKeyPem, { url: 'https://hai.example', privateKeyPassphrase: 'keygen-password' });
+}
+
+describe('client additional API methods', () => {
+  afterEach(() => {
+    vi.unstubAllGlobals();
+    vi.restoreAllMocks();
+  });
+
+  it('escapes updateUsername agentId and uses PUT', async () => {
+    const client = await makeClient();
+    const fetchMock = vi.fn(async (url: string | URL, init?: RequestInit) => {
+      expect(String(url)).toBe('https://hai.example/api/v1/agents/agent%2F..%2Fescape/username');
+      expect(init?.method).toBe('PUT');
+      expect(init?.body).toBe(JSON.stringify({ username: 'new-name' }));
+      return new Response(
+        JSON.stringify({
+          username: 'new-name',
+          email: 'new-name@hai.ai',
+          previous_username: 'old-name',
+        }),
+        {
+          status: 200,
+          headers: { 'Content-Type': 'application/json' },
+        },
+      );
+    });
+    vi.stubGlobal('fetch', fetchMock);
+
+    const result = await client.updateUsername('agent/../escape', 'new-name');
+    expect(result.username).toBe('new-name');
+    expect(result.previousUsername).toBe('old-name');
+  });
+
+  it('escapes deleteUsername agentId and uses DELETE', async () => {
+    const client = await makeClient();
+    const fetchMock = vi.fn(async (url: string | URL, init?: RequestInit) => {
+      expect(String(url)).toBe('https://hai.example/api/v1/agents/agent%2F..%2Fescape/username');
+      expect(init?.method).toBe('DELETE');
+      return new Response(
+        JSON.stringify({
+          released_username: 'old-name',
+          cooldown_until: '2026-03-01T00:00:00Z',
+          message: 'released',
+        }),
+        {
+          status: 200,
+          headers: { 'Content-Type': 'application/json' },
+        },
+      );
+    });
+    vi.stubGlobal('fetch', fetchMock);
+
+    const result = await client.deleteUsername('agent/../escape');
+    expect(result.releasedUsername).toBe('old-name');
+    expect(result.cooldownUntil).toBe('2026-03-01T00:00:00Z');
+  });
+
+  it('verifyDocument POSTs to public /api/jacs/verify without auth header', async () => {
+    const client = await makeClient();
+    const fetchMock = vi.fn(async (url: string | URL, init?: RequestInit) => {
+      expect(String(url)).toBe('https://hai.example/api/jacs/verify');
+      expect(init?.method).toBe('POST');
+      expect(init?.body).toBe(JSON.stringify({ document: '{"jacsId":"a"}' }));
+      const headers = new Headers(init?.headers as HeadersInit | undefined);
+      expect(headers.has('Authorization')).toBe(false);
+      return new Response(
+        JSON.stringify({
+          valid: true,
+          verified_at: '2026-01-01T00:00:00Z',
+          document_type: 'JacsDocument',
+          issuer_verified: true,
+          signature_verified: true,
+          signer_id: 'agent-1',
+          signed_at: '2026-01-01T00:00:00Z',
+        }),
+        {
+          status: 200,
+          headers: { 'Content-Type': 'application/json' },
+        },
+      );
+    });
+    vi.stubGlobal('fetch', fetchMock);
+
+    const result = await client.verifyDocument({ jacsId: 'a' });
+    expect(result.valid).toBe(true);
+    expect(result.documentType).toBe('JacsDocument');
+    expect(result.signerId).toBe('agent-1');
+  });
+
+  it('getVerification GETs public advanced verification endpoint without auth header', async () => {
+    const client = await makeClient();
+    const fetchMock = vi.fn(async (url: string | URL, init?: RequestInit) => {
+      expect(String(url)).toBe('https://hai.example/api/v1/agents/agent%2F..%2Fescape/verification');
+      expect(init?.method).toBe('GET');
+      const headers = new Headers(init?.headers as HeadersInit | undefined);
+      expect(headers.has('Authorization')).toBe(false);
+      return new Response(
+        JSON.stringify({
+          agent_id: 'agent/../escape',
+          verification: {
+            jacs_valid: true,
+            dns_valid: true,
+            hai_registered: false,
+            badge: 'domain',
+          },
+          hai_signatures: ['ed25519:abc...'],
+          verified_at: '2026-01-02T00:00:00Z',
+          errors: [],
+        }),
+        {
+          status: 200,
+          headers: { 'Content-Type': 'application/json' },
+        },
+      );
+    });
+    vi.stubGlobal('fetch', fetchMock);
+
+    const result = await client.getVerification('agent/../escape');
+    expect(result.agentId).toBe('agent/../escape');
+    expect(result.verification.badge).toBe('domain');
+    expect(result.verification.jacsValid).toBe(true);
+    expect(result.verification.dnsValid).toBe(true);
+    expect(result.verification.haiRegistered).toBe(false);
+    expect(result.haiSignatures).toEqual(['ed25519:abc...']);
+  });
+
+  it('verifyAgentDocumentOnHai POSTs public /api/v1/agents/verify without auth header', async () => {
+    const client = await makeClient();
+    const fetchMock = vi.fn(async (url: string | URL, init?: RequestInit) => {
+      expect(String(url)).toBe('https://hai.example/api/v1/agents/verify');
+      expect(init?.method).toBe('POST');
+      expect(init?.body).toBe(
+        JSON.stringify({
+          agent_json: '{"jacsId":"agent-1","jacsAgentDomain":"example.com"}',
+          domain: 'override.example.com',
+        }),
+      );
+      const headers = new Headers(init?.headers as HeadersInit | undefined);
+      expect(headers.has('Authorization')).toBe(false);
+      return new Response(
+        JSON.stringify({
+          agent_id: 'agent-1',
+          verification: {
+            jacs_valid: true,
+            dns_valid: true,
+            hai_registered: true,
+            badge: 'attested',
+          },
+          hai_signatures: ['ed25519:def...'],
+          verified_at: '2026-01-02T00:00:00Z',
+          errors: [],
+        }),
+        {
+          status: 200,
+          headers: { 'Content-Type': 'application/json' },
+        },
+      );
+    });
+    vi.stubGlobal('fetch', fetchMock);
+
+    const result = await client.verifyAgentDocumentOnHai(
+      { jacsId: 'agent-1', jacsAgentDomain: 'example.com' },
+      { domain: 'override.example.com' },
+    );
+    expect(result.agentId).toBe('agent-1');
+    expect(result.verification.badge).toBe('attested');
+    expect(result.verification.haiRegistered).toBe(true);
+  });
+});