@hivemind-os/collective-core 0.2.0

package/tests/auth/session-store.test.ts

@@ -0,0 +1,201 @@
+import { createCipheriv, createHash, randomBytes, randomUUID } from 'node:crypto';
+import { mkdir, readFile, readdir, rm, writeFile } from 'node:fs/promises';
+import { join, resolve } from 'node:path';
+
+import { Ed25519Keypair } from '@mysten/sui/keypairs/ed25519';
+import { afterEach, describe, expect, it, vi } from 'vitest';
+
+import { SessionExpiredError } from '../../src/auth/errors.js';
+import { ZkLoginSessionStore } from '../../src/auth/session-store.js';
+import { SessionState } from '../../src/auth/session-state.js';
+import type { StoredZkLoginSession } from '../../src/auth/types.js';
+
+const createdPaths: string[] = [];
+
+afterEach(async () => {
+  await Promise.all(createdPaths.splice(0).map((path) => rm(path, { recursive: true, force: true })));
+});
+
+async function createTestDir(): Promise<string> {
+  const dir = resolve(process.cwd(), '.test-data', randomUUID());
+  createdPaths.push(dir);
+  await mkdir(dir, { recursive: true });
+  return dir;
+}
+
+function createSession(overrides: Partial<StoredZkLoginSession> = {}): StoredZkLoginSession {
+  return {
+    provider: 'google',
+    jwt: 'header.payload.signature',
+    salt: '12345',
+    epoch: 10,
+    ephemeralKeypair: Ed25519Keypair.generate(),
+    proof: {
+      proofPoints: { a: ['1', '2'], b: [['3'], ['4']], c: ['5', '6'] },
+      issBase64Details: { value: 'issuer', indexMod4: 0 },
+      headerBase64: 'header',
+      addressSeed: '98765',
+    },
+    maxEpoch: 12,
+    address: '0x123',
+    sub: 'subject-1',
+    iss: 'https://accounts.google.com',
+    aud: 'client-id',
+    randomness: '999',
+    refreshToken: 'refresh-token',
+    createdAt: 1,
+    updatedAt: 2,
+    ...overrides,
+  };
+}
+
+async function getOnlySessionFile(dir: string): Promise<string> {
+  const entries = await readdir(dir);
+  const sessionFile = entries.find((entry) => entry.endsWith('.json'));
+  if (!sessionFile) {
+    throw new Error('Expected a persisted session file.');
+  }
+
+  return join(dir, sessionFile);
+}
+
+async function writeLegacySession(dir: string, encryptionKey: Uint8Array, session: StoredZkLoginSession): Promise<void> {
+  const key = createHash('sha256').update(Buffer.from(encryptionKey)).digest();
+  const iv = randomBytes(12);
+  const cipher = createCipheriv('aes-256-gcm', key, iv);
+  const plaintext = Buffer.from(JSON.stringify({
+    ...session,
+    ephemeralSecretKey: session.ephemeralKeypair.getSecretKey(),
+  }), 'utf8');
+  const ciphertext = Buffer.concat([cipher.update(plaintext), cipher.final()]);
+  const tag = cipher.getAuthTag();
+  const filename = `${createHash('sha256').update(`${session.iss}:${session.sub}`).digest('hex')}.json`;
+
+  await writeFile(
+    join(dir, filename),
+    JSON.stringify({
+      version: 1,
+      metadata: {
+        address: session.address,
+        iss: session.iss,
+        sub: session.sub,
+        maxEpoch: session.maxEpoch,
+        updatedAt: session.updatedAt,
+      },
+      iv: iv.toString('base64'),
+      tag: tag.toString('base64'),
+      ciphertext: ciphertext.toString('base64'),
+    }),
+    'utf8',
+  );
+}
+
+describe('ZkLoginSessionStore', () => {
+  it('stores and loads encrypted sessions without leaking sensitive metadata', async () => {
+    const dir = await createTestDir();
+    const encryptionKey = new Uint8Array([1, 2, 3, 4]);
+    const store = new ZkLoginSessionStore(dir, encryptionKey);
+    const session = createSession();
+
+    await store.save(session);
+
+    const raw = await readFile(await getOnlySessionFile(dir), 'utf8');
+    const envelope = JSON.parse(raw) as { version: number; metadata: Record<string, unknown> };
+    const loaded = await store.loadLatest();
+
+    expect(envelope.version).toBe(2);
+    expect(envelope.metadata).toEqual({ maxEpoch: session.maxEpoch, updatedAt: session.updatedAt });
+    expect(raw).not.toContain(session.address);
+    expect(raw).not.toContain(session.sub);
+    expect(raw).not.toContain(session.refreshToken ?? '');
+    expect(loaded?.address).toBe(session.address);
+    expect(loaded?.refreshToken).toBe(session.refreshToken);
+    expect(loaded?.ephemeralKeypair.getSecretKey()).toBe(session.ephemeralKeypair.getSecretKey());
+  });
+
+  it('loads legacy version 1 session envelopes', async () => {
+    const dir = await createTestDir();
+    const encryptionKey = new Uint8Array([9, 8, 7, 6]);
+    const store = new ZkLoginSessionStore(dir, encryptionKey);
+    const session = createSession({ sub: 'legacy-user' });
+
+    await writeLegacySession(dir, encryptionKey, session);
+
+    await expect(store.loadLatest()).resolves.toMatchObject({
+      address: session.address,
+      sub: session.sub,
+      refreshToken: session.refreshToken,
+    });
+  });
+
+  it('filters expired sessions and refreshes near-expiry sessions', async () => {
+    const dir = await createTestDir();
+    const store = new ZkLoginSessionStore(dir, new Uint8Array([4, 3, 2, 1]));
+    const session = createSession();
+
+    await store.save(session);
+    expect(await store.loadLatestValid(11)).not.toBeNull();
+    expect(await store.refreshIfNeeded(11, async (current) => ({ ...current, maxEpoch: 20, updatedAt: 3 }))).toMatchObject({
+      maxEpoch: 20,
+    });
+
+    await store.deleteExpired(20);
+    expect(await store.loadLatest()).toBeNull();
+  });
+
+  it('retries refresh failures with exponential backoff before succeeding', async () => {
+    const dir = await createTestDir();
+    const sleep = vi.fn(async () => undefined);
+    const store = new ZkLoginSessionStore(dir, new Uint8Array([7, 7, 7, 7]), { sleep });
+    const session = createSession({ maxEpoch: 11 });
+    const refresher = vi
+      .fn(async (current: StoredZkLoginSession) => ({
+        ...current,
+        maxEpoch: 20,
+        updatedAt: 5,
+        refreshFailureCount: 0,
+        sessionState: SessionState.VALID,
+      }))
+      .mockRejectedValueOnce(new Error('temporary-1'))
+      .mockRejectedValueOnce(new Error('temporary-2'));
+
+    await store.save(session);
+
+    const refreshed = await store.refreshIfNeeded(10, refresher);
+
+    expect(refresher).toHaveBeenCalledTimes(3);
+    expect(sleep).toHaveBeenNthCalledWith(1, 1_000);
+    expect(sleep).toHaveBeenNthCalledWith(2, 2_000);
+    expect(refreshed).toMatchObject({ maxEpoch: 20, refreshFailureCount: 0, sessionState: SessionState.VALID });
+    expect(store.getSessionState()).toBe(SessionState.VALID);
+  });
+
+  it('marks sessions as needing re-authentication after max refresh failures', async () => {
+    const dir = await createTestDir();
+    const sleep = vi.fn(async () => undefined);
+    const states: SessionState[] = [];
+    const store = new ZkLoginSessionStore(dir, new Uint8Array([5, 5, 5, 5]), {
+      sleep,
+      onSessionStateChange: ({ currentState }) => {
+        states.push(currentState);
+      },
+    });
+    const session = createSession({ maxEpoch: 11 });
+
+    await store.save(session);
+
+    await expect(store.refreshIfNeeded(10, async () => {
+      throw new Error('refresh-down');
+    })).rejects.toBeInstanceOf(SessionExpiredError);
+
+    expect(sleep).toHaveBeenNthCalledWith(1, 1_000);
+    expect(sleep).toHaveBeenNthCalledWith(2, 2_000);
+    expect(states).toEqual([SessionState.VALID, SessionState.REFRESHING, SessionState.NEEDS_REAUTH]);
+    expect(store.getSessionState()).toBe(SessionState.NEEDS_REAUTH);
+    expect(store.getRefreshFailureCount()).toBe(3);
+    await expect(store.loadLatest()).resolves.toMatchObject({
+      refreshFailureCount: 3,
+      sessionState: SessionState.NEEDS_REAUTH,
+    });
+  });
+});

package/tests/auth/zklogin-provider.test.ts

@@ -0,0 +1,366 @@
+import { randomUUID } from 'node:crypto';
+import { mkdir, rm } from 'node:fs/promises';
+import { resolve } from 'node:path';
+
+import { afterEach, describe, expect, it, vi } from 'vitest';
+
+import { jwtToAddress } from '@mysten/sui/zklogin';
+
+import { ZkLoginSessionStore } from '../../src/auth/session-store.js';
+import { SessionState } from '../../src/auth/session-state.js';
+import { ZkLoginProvider } from '../../src/auth/zklogin-provider.js';
+import type { OAuthConfig } from '../../src/auth/types.js';
+
+const createdPaths: string[] = [];
+
+afterEach(async () => {
+  await Promise.all(createdPaths.splice(0).map((path) => rm(path, { recursive: true, force: true })));
+});
+
+async function createTestDir(): Promise<string> {
+  const dir = resolve(process.cwd(), '.test-data', randomUUID());
+  createdPaths.push(dir);
+  await mkdir(dir, { recursive: true });
+  return dir;
+}
+
+function createJwt(claims: Record<string, unknown>): string {
+  const header = Buffer.from(JSON.stringify({ alg: 'RS256', typ: 'JWT' })).toString('base64url');
+  const payload = Buffer.from(JSON.stringify(claims)).toString('base64url');
+  return `${header}.${payload}.signature`;
+}
+
+function createFetchFn(options: { failRefresh?: boolean } = {}): typeof fetch {
+  return vi.fn(async (input, init) => {
+    const url = typeof input === 'string' ? input : input.toString();
+    if (url.includes('get_salt')) {
+      return new Response(JSON.stringify({ salt: '123456' }));
+    }
+
+    if (url.includes('/v1')) {
+      return new Response(
+        JSON.stringify({
+          proofPoints: { a: ['1', '2'], b: [['3'], ['4']], c: ['5', '6'] },
+          issBase64Details: { value: 'issuer', indexMod4: 1 },
+          headerBase64: 'header',
+        }),
+      );
+    }
+
+    if (url.includes('/token')) {
+      const body = new URLSearchParams(String(init?.body ?? ''));
+      if (body.get('grant_type') === 'refresh_token' && options.failRefresh) {
+        return new Response(JSON.stringify({ error: 'temporarily_unavailable' }), { status: 503, statusText: 'Unavailable' });
+      }
+
+      return new Response(JSON.stringify({
+        id_token: createJwt({
+          iss: 'https://accounts.google.com',
+          aud: 'google-client-id',
+          sub: 'test-subject',
+          nonce: body.get('nonce') ?? 'refresh-nonce',
+          exp: Math.floor(Date.now() / 1_000) + 3600,
+        }),
+        refresh_token: 'refresh-token-2',
+      }));
+    }
+
+    throw new Error(`Unexpected URL: ${url}`);
+  }) as typeof fetch;
+}
+
+describe('ZkLoginProvider', () => {
+  it('creates an auth request, authenticates a session, and signs with zkLogin', async () => {
+    const oauth: OAuthConfig = {
+      provider: 'google',
+      clientId: 'google-client-id',
+      redirectUri: 'http://127.0.0.1:3000/auth/callback',
+      authorizationEndpoint: 'https://accounts.example/auth',
+      tokenEndpoint: 'https://accounts.example/token',
+      saltEndpoint: 'https://salt.example/get_salt',
+      proverEndpoint: 'https://prover.example/v1',
+    };
+    const client = {
+      getCurrentEpoch: vi.fn().mockResolvedValue({ epoch: '42' }),
+    };
+    const fetchFn: typeof fetch = vi.fn(async (input) => {
+      const url = typeof input === 'string' ? input : input.toString();
+      if (url.includes('get_salt')) {
+        return new Response(JSON.stringify({ salt: '123456' }));
+      }
+
+      if (url.includes('/v1')) {
+        return new Response(
+          JSON.stringify({
+            proofPoints: { a: ['1', '2'], b: [['3'], ['4']], c: ['5', '6'] },
+            issBase64Details: { value: 'issuer', indexMod4: 1 },
+            headerBase64: 'header',
+          }),
+        );
+      }
+
+      throw new Error(`Unexpected URL: ${url}`);
+    }) as typeof fetch;
+    const provider = new ZkLoginProvider({ client, oauth, fetchFn });
+
+    const authRequest = await provider.createAuthorizationRequest({
+      redirectUri: oauth.redirectUri,
+      state: 'portal-state',
+      codeChallenge: 'pkce-challenge',
+    });
+
+    expect(authRequest.authorizationUrl).toContain('code_challenge=pkce-challenge');
+    expect(authRequest.authorizationUrl).toContain('state=portal-state');
+    expect(authRequest.pendingSession.maxEpoch).toBe(44);
+
+    const jwt = createJwt({
+      iss: 'https://accounts.google.com',
+      aud: oauth.clientId,
+      sub: 'test-subject',
+      email: 'mesh@example.com',
+      nonce: authRequest.pendingSession.nonce,
+    });
+    const session = await provider.authenticateWithJwt(jwt, {
+      pendingSession: authRequest.pendingSession,
+      refreshToken: 'refresh-token',
+    });
+
+    expect(provider.isAuthenticated()).toBe(true);
+    await expect(provider.isSessionValid?.()).resolves.toBe(true);
+    expect(provider.getSessionState()).toBe(SessionState.VALID);
+    expect(await provider.getAddress()).toBe(jwtToAddress(jwt, session.salt));
+    expect(provider.getDID()).toBe(`did:mesh:zklogin:${session.address}`);
+    expect(provider.getSession()?.provider).toBe('google');
+    expect(provider.getSession()?.refreshToken).toBe('refresh-token');
+    expect(provider.toSuiSigner().toSuiAddress()).toBe(session.address);
+
+    const signedTransaction = await provider.signTransaction(new Uint8Array([1, 2, 3]));
+    const signedMessage = await provider.signPersonalMessage(new Uint8Array([4, 5, 6]));
+
+    expect(signedTransaction.length).toBeGreaterThan(0);
+    expect(signedMessage.signature.length).toBeGreaterThan(0);
+    expect(provider.getPublicKey().length).toBeGreaterThan(0);
+  });
+
+  it('uses Apple-specific authorization parameters when requested', async () => {
+    const provider = new ZkLoginProvider({
+      client: {
+        getCurrentEpoch: vi.fn().mockResolvedValue({ epoch: '42' }),
+      },
+      oauth: {
+        provider: 'apple',
+        clientId: 'apple-client-id',
+        redirectUri: 'http://127.0.0.1:3000/auth/apple/callback',
+        authorizationEndpoint: 'https://appleid.example/auth',
+        tokenEndpoint: 'https://appleid.example/token',
+        saltEndpoint: 'https://salt.example/get_salt',
+        proverEndpoint: 'https://prover.example/v1',
+      },
+      fetchFn: vi.fn() as typeof fetch,
+    });
+
+    const authRequest = await provider.createAuthorizationRequest({
+      redirectUri: 'http://127.0.0.1:3000/auth/apple/callback',
+      state: 'apple-state',
+      codeChallenge: 'apple-challenge',
+      scopes: ['name', 'email'],
+    });
+    const authorizationUrl = new URL(authRequest.authorizationUrl);
+
+    expect(authorizationUrl.searchParams.get('response_mode')).toBe('form_post');
+    expect(authorizationUrl.searchParams.get('response_type')).toBe('code id_token');
+    expect(authorizationUrl.searchParams.get('scope')).toBe('name email');
+    expect(authorizationUrl.searchParams.get('nonce')).toBe(authRequest.pendingSession.nonce);
+  });
+
+  it('throws SessionExpiredError after refresh retries are exhausted', async () => {
+    const dir = await createTestDir();
+    const sleep = vi.fn(async () => undefined);
+    const client = {
+      getCurrentEpoch: vi
+        .fn()
+        .mockResolvedValueOnce({ epoch: '41' })
+        .mockResolvedValue({ epoch: '42' }),
+    };
+    const oauth: OAuthConfig = {
+      provider: 'google',
+      clientId: 'google-client-id',
+      redirectUri: 'http://127.0.0.1:3000/auth/callback',
+      authorizationEndpoint: 'https://accounts.example/auth',
+      tokenEndpoint: 'https://accounts.example/token',
+      saltEndpoint: 'https://salt.example/get_salt',
+      proverEndpoint: 'https://prover.example/v1',
+    };
+    const sessionStore = new ZkLoginSessionStore(resolve(dir, 'sessions'), new Uint8Array([1, 9, 9, 1]), { sleep });
+    const provider = new ZkLoginProvider({
+      client,
+      oauth,
+      fetchFn: createFetchFn({ failRefresh: true }),
+      sessionStore,
+    });
+    const sessionStates: SessionState[] = [];
+    provider.onSessionStateChange((event) => {
+      sessionStates.push(event.currentState);
+    });
+
+    const authRequest = await provider.createAuthorizationRequest({
+      redirectUri: oauth.redirectUri,
+      state: 'refresh-state',
+      codeChallenge: 'refresh-challenge',
+    });
+    const jwt = createJwt({
+      iss: 'https://accounts.google.com',
+      aud: oauth.clientId,
+      sub: 'test-subject',
+      nonce: authRequest.pendingSession.nonce,
+      exp: Math.floor(Date.now() / 1_000) + 60,
+    });
+    await provider.authenticateWithJwt(jwt, {
+      pendingSession: authRequest.pendingSession,
+      refreshToken: 'refresh-token',
+    });
+
+    await expect(provider.restoreSession()).rejects.toMatchObject({ name: 'SessionExpiredError' });
+
+    expect(sleep).toHaveBeenNthCalledWith(1, 1_000);
+    expect(sleep).toHaveBeenNthCalledWith(2, 2_000);
+    expect(provider.isAuthenticated()).toBe(false);
+    expect(provider.getSession()).toBeNull();
+    expect(provider.getSessionState()).toBe(SessionState.NEEDS_REAUTH);
+    expect(await provider.isSessionValid?.()).toBe(false);
+    expect(sessionStates).toContain(SessionState.REFRESHING);
+    expect(sessionStates.at(-1)).toBe(SessionState.NEEDS_REAUTH);
+  });
+
+  it('treats expired sessions as unauthenticated and surfaces SessionExpiredError', async () => {
+    const oauth: OAuthConfig = {
+      provider: 'google',
+      clientId: 'google-client-id',
+      redirectUri: 'http://127.0.0.1:3000/auth/callback',
+      authorizationEndpoint: 'https://accounts.example/auth',
+      tokenEndpoint: 'https://accounts.example/token',
+      saltEndpoint: 'https://salt.example/get_salt',
+      proverEndpoint: 'https://prover.example/v1',
+    };
+    const provider = new ZkLoginProvider({
+      client: {
+        getCurrentEpoch: vi.fn().mockResolvedValue({ epoch: '42' }),
+      },
+      oauth,
+      fetchFn: vi.fn(async (input) => {
+        const url = typeof input === 'string' ? input : input.toString();
+        if (url.includes('get_salt')) {
+          return new Response(JSON.stringify({ salt: '123456' }));
+        }
+
+        if (url.includes('/v1')) {
+          return new Response(
+            JSON.stringify({
+              proofPoints: { a: ['1', '2'], b: [['3'], ['4']], c: ['5', '6'] },
+              issBase64Details: { value: 'issuer', indexMod4: 1 },
+              headerBase64: 'header',
+            }),
+          );
+        }
+
+        throw new Error(`Unexpected URL: ${url}`);
+      }) as typeof fetch,
+    });
+    const authRequest = await provider.createAuthorizationRequest({
+      redirectUri: oauth.redirectUri,
+      state: 'portal-state',
+      codeChallenge: 'pkce-challenge',
+    });
+
+    await provider.authenticateWithJwt(
+      createJwt({
+        iss: 'https://accounts.google.com',
+        aud: oauth.clientId,
+        sub: 'test-subject',
+        nonce: authRequest.pendingSession.nonce,
+        exp: Math.floor(Date.now() / 1_000) - 60,
+      }),
+      { pendingSession: authRequest.pendingSession },
+    );
+
+    expect(provider.isAuthenticated()).toBe(false);
+    await expect(provider.getAddress()).rejects.toMatchObject({ name: 'SessionExpiredError' });
+  });
+
+  it('rejects JWTs with mismatched issuer, audience, or nonce claims', async () => {
+    const oauth: OAuthConfig = {
+      provider: 'google',
+      clientId: 'google-client-id',
+      redirectUri: 'http://127.0.0.1:3000/auth/callback',
+      authorizationEndpoint: 'https://accounts.example/auth',
+      tokenEndpoint: 'https://accounts.example/token',
+      saltEndpoint: 'https://salt.example/get_salt',
+      proverEndpoint: 'https://prover.example/v1',
+    };
+    const provider = new ZkLoginProvider({
+      client: {
+        getCurrentEpoch: vi.fn().mockResolvedValue({ epoch: '42' }),
+      },
+      oauth,
+      fetchFn: vi.fn(async (input) => {
+        const url = typeof input === 'string' ? input : input.toString();
+        if (url.includes('get_salt')) {
+          return new Response(JSON.stringify({ salt: '123456' }));
+        }
+
+        if (url.includes('/v1')) {
+          return new Response(
+            JSON.stringify({
+              proofPoints: { a: ['1', '2'], b: [['3'], ['4']], c: ['5', '6'] },
+              issBase64Details: { value: 'issuer', indexMod4: 1 },
+              headerBase64: 'header',
+            }),
+          );
+        }
+
+        throw new Error(`Unexpected URL: ${url}`);
+      }) as typeof fetch,
+    });
+    const authRequest = await provider.createAuthorizationRequest({
+      redirectUri: oauth.redirectUri,
+      state: 'portal-state',
+      codeChallenge: 'pkce-challenge',
+    });
+
+    await expect(
+      provider.authenticateWithJwt(
+        createJwt({
+          iss: 'https://issuer.example',
+          aud: oauth.clientId,
+          sub: 'test-subject',
+          nonce: authRequest.pendingSession.nonce,
+        }),
+        { pendingSession: authRequest.pendingSession },
+      ),
+    ).rejects.toThrow('OAuth token issuer mismatch.');
+
+    await expect(
+      provider.authenticateWithJwt(
+        createJwt({
+          iss: 'https://accounts.google.com',
+          aud: 'someone-else',
+          sub: 'test-subject',
+          nonce: authRequest.pendingSession.nonce,
+        }),
+        { pendingSession: authRequest.pendingSession },
+      ),
+    ).rejects.toThrow('OAuth token audience mismatch.');
+
+    await expect(
+      provider.authenticateWithJwt(
+        createJwt({
+          iss: 'https://accounts.google.com',
+          aud: oauth.clientId,
+          sub: 'test-subject',
+          nonce: 'unexpected-nonce',
+        }),
+        { pendingSession: authRequest.pendingSession },
+      ),
+    ).rejects.toThrow('OAuth token nonce mismatch.');
+  });
+});

package/tests/blobstore/encrypted-store.test.ts

@@ -0,0 +1,78 @@
+import { randomUUID } from 'node:crypto';
+import { mkdir, rm } from 'node:fs/promises';
+import { resolve } from 'node:path';
+
+import { afterEach, describe, expect, it } from 'vitest';
+
+import {
+  EncryptedBlobStore,
+  FilesystemBlobStore,
+  generateX25519KeyPair,
+  parseEncryptedPayload,
+} from '../../src/index.js';
+
+const createdPaths: string[] = [];
+const encoder = new TextEncoder();
+
+async function createBaseDir(): Promise<string> {
+  const baseDir = resolve(process.cwd(), '.test-data', randomUUID());
+  createdPaths.push(baseDir);
+  await mkdir(baseDir, { recursive: true });
+  return baseDir;
+}
+
+afterEach(async () => {
+  await Promise.all(createdPaths.splice(0).map((path) => rm(path, { recursive: true, force: true })));
+});
+
+describe('EncryptedBlobStore', () => {
+  it('stores encrypted data and fetches decrypted plaintext', async () => {
+    const inner = new FilesystemBlobStore(await createBaseDir());
+    const sender = new EncryptedBlobStore(inner, generateX25519KeyPair());
+    const recipientKeys = generateX25519KeyPair();
+    const recipient = new EncryptedBlobStore(inner, recipientKeys);
+    const data = encoder.encode('private payload');
+
+    const stored = await sender.storeEncrypted(data, recipientKeys.publicKey);
+    const decrypted = await recipient.fetchDecrypted(stored.blobId);
+
+    expect(Buffer.from(decrypted ?? [])).toEqual(Buffer.from(data));
+  });
+
+  it('stores ciphertext instead of plaintext', async () => {
+    const inner = new FilesystemBlobStore(await createBaseDir());
+    const sender = new EncryptedBlobStore(inner, generateX25519KeyPair());
+    const recipient = generateX25519KeyPair();
+    const plaintext = encoder.encode('ciphertext check');
+
+    const stored = await sender.storeEncrypted(plaintext, recipient.publicKey);
+    const raw = await sender.fetch(stored.blobId);
+
+    expect(Buffer.from(raw ?? [])).not.toEqual(Buffer.from(plaintext));
+    expect(parseEncryptedPayload(raw ?? new Uint8Array())).not.toBeNull();
+  });
+
+  it('keeps the regular blobstore interface unencrypted for compatibility', async () => {
+    const inner = new FilesystemBlobStore(await createBaseDir());
+    const store = new EncryptedBlobStore(inner, generateX25519KeyPair());
+    const plaintext = encoder.encode('plain compatibility');
+
+    const stored = await store.store(plaintext);
+    const fetched = await store.fetch(stored.blobId);
+    const decrypted = await store.fetchDecrypted(stored.blobId);
+
+    expect(Buffer.from(fetched ?? [])).toEqual(Buffer.from(plaintext));
+    expect(Buffer.from(decrypted ?? [])).toEqual(Buffer.from(plaintext));
+  });
+
+  it('fails to decrypt with the wrong recipient key', async () => {
+    const inner = new FilesystemBlobStore(await createBaseDir());
+    const sender = new EncryptedBlobStore(inner, generateX25519KeyPair());
+    const recipient = generateX25519KeyPair();
+    const outsider = new EncryptedBlobStore(inner, generateX25519KeyPair());
+
+    const stored = await sender.storeEncrypted(encoder.encode('recipient only'), recipient.publicKey);
+
+    await expect(outsider.fetchDecrypted(stored.blobId)).rejects.toBeInstanceOf(Error);
+  });
+});