@kya-os/mcp-i 0.1.0-alpha.3.9 → 1.2.0

package/dist/runtime/__tests__/proof.test.js

@@ -0,0 +1,302 @@
+"use strict";
+/**
+ * Tests for Detached Proof Generation
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+const vitest_1 = require("vitest");
+const proof_js_1 = require("../proof.js");
+(0, vitest_1.describe)("ProofGenerator", () => {
+    let proofGenerator;
+    let mockIdentity;
+    let mockSession;
+    (0, vitest_1.beforeEach)(() => {
+        // Create mock identity with test keys
+        mockIdentity = {
+            did: "did:web:example.com:agents:test-agent",
+            keyId: "key-test-123",
+            privateKey: Buffer.from("test-private-key-32-bytes-long!!").toString("base64"),
+            publicKey: Buffer.from("test-public-key-32-bytes-long!!!").toString("base64"),
+            createdAt: new Date().toISOString(),
+        };
+        // Create mock session
+        mockSession = {
+            sessionId: "sess_test_123",
+            audience: "example.com",
+            nonce: "test-nonce-456",
+            timestamp: Math.floor(Date.now() / 1000),
+            createdAt: Math.floor(Date.now() / 1000),
+            lastActivity: Math.floor(Date.now() / 1000),
+            ttlMinutes: 30,
+        };
+        proofGenerator = new proof_js_1.ProofGenerator(mockIdentity);
+    });
+    (0, vitest_1.describe)("Canonical Hash Generation", () => {
+        (0, vitest_1.it)("should generate consistent hashes for same request/response", async () => {
+            const request = {
+                method: "test-tool",
+                params: { input: "hello" },
+            };
+            const response = {
+                data: { output: "world" },
+            };
+            const proof1 = await proofGenerator.generateProof(request, response, mockSession);
+            const proof2 = await proofGenerator.generateProof(request, response, mockSession);
+            // Hashes should be identical for same input
+            (0, vitest_1.expect)(proof1.meta.requestHash).toBe(proof2.meta.requestHash);
+            (0, vitest_1.expect)(proof1.meta.responseHash).toBe(proof2.meta.responseHash);
+        });
+        (0, vitest_1.it)("should generate different hashes for different requests", async () => {
+            const request1 = {
+                method: "test-tool",
+                params: { input: "hello" },
+            };
+            const request2 = {
+                method: "test-tool",
+                params: { input: "goodbye" },
+            };
+            const response = {
+                data: { output: "world" },
+            };
+            const proof1 = await proofGenerator.generateProof(request1, response, mockSession);
+            const proof2 = await proofGenerator.generateProof(request2, response, mockSession);
+            (0, vitest_1.expect)(proof1.meta.requestHash).not.toBe(proof2.meta.requestHash);
+            (0, vitest_1.expect)(proof1.meta.responseHash).toBe(proof2.meta.responseHash); // Same response
+        });
+        (0, vitest_1.it)("should generate different hashes for different responses", async () => {
+            const request = {
+                method: "test-tool",
+                params: { input: "hello" },
+            };
+            const response1 = {
+                data: { output: "world" },
+            };
+            const response2 = {
+                data: { output: "universe" },
+            };
+            const proof1 = await proofGenerator.generateProof(request, response1, mockSession);
+            const proof2 = await proofGenerator.generateProof(request, response2, mockSession);
+            (0, vitest_1.expect)(proof1.meta.requestHash).toBe(proof2.meta.requestHash); // Same request
+            (0, vitest_1.expect)(proof1.meta.responseHash).not.toBe(proof2.meta.responseHash);
+        });
+        (0, vitest_1.it)("should generate SHA-256 hashes with correct format", async () => {
+            const request = {
+                method: "test-tool",
+                params: { input: "hello" },
+            };
+            const response = {
+                data: { output: "world" },
+            };
+            const proof = await proofGenerator.generateProof(request, response, mockSession);
+            (0, vitest_1.expect)(proof.meta.requestHash).toMatch(/^sha256:[a-f0-9]{64}$/);
+            (0, vitest_1.expect)(proof.meta.responseHash).toMatch(/^sha256:[a-f0-9]{64}$/);
+        });
+        (0, vitest_1.it)("should handle requests without params", async () => {
+            const request = {
+                method: "simple-tool",
+            };
+            const response = {
+                data: { result: "success" },
+            };
+            const proof = await proofGenerator.generateProof(request, response, mockSession);
+            (0, vitest_1.expect)(proof.meta.requestHash).toMatch(/^sha256:[a-f0-9]{64}$/);
+            (0, vitest_1.expect)(proof.meta.responseHash).toMatch(/^sha256:[a-f0-9]{64}$/);
+        });
+    });
+    (0, vitest_1.describe)("Proof Metadata", () => {
+        (0, vitest_1.it)("should include all required metadata fields", async () => {
+            const request = {
+                method: "test-tool",
+                params: { input: "hello" },
+            };
+            const response = {
+                data: { output: "world" },
+            };
+            const proof = await proofGenerator.generateProof(request, response, mockSession);
+            (0, vitest_1.expect)(proof.meta.did).toBe(mockIdentity.did);
+            (0, vitest_1.expect)(proof.meta.kid).toBe(mockIdentity.keyId);
+            (0, vitest_1.expect)(proof.meta.ts).toBeTypeOf("number");
+            (0, vitest_1.expect)(proof.meta.nonce).toBe(mockSession.nonce);
+            (0, vitest_1.expect)(proof.meta.audience).toBe(mockSession.audience);
+            (0, vitest_1.expect)(proof.meta.sessionId).toBe(mockSession.sessionId);
+            (0, vitest_1.expect)(proof.meta.requestHash).toBeTruthy();
+            (0, vitest_1.expect)(proof.meta.responseHash).toBeTruthy();
+        });
+        (0, vitest_1.it)("should include optional fields when provided", async () => {
+            const request = {
+                method: "test-tool",
+                params: { input: "hello" },
+            };
+            const response = {
+                data: { output: "world" },
+            };
+            const options = {
+                scopeId: "orders.create",
+                delegationRef: "delegation-ref-123",
+            };
+            const proof = await proofGenerator.generateProof(request, response, mockSession, options);
+            (0, vitest_1.expect)(proof.meta.scopeId).toBe("orders.create");
+            (0, vitest_1.expect)(proof.meta.delegationRef).toBe("delegation-ref-123");
+        });
+        (0, vitest_1.it)("should bind request and response hashes to same session", async () => {
+            const request = {
+                method: "test-tool",
+                params: { input: "hello" },
+            };
+            const response = {
+                data: { output: "world" },
+            };
+            const proof = await proofGenerator.generateProof(request, response, mockSession);
+            // Both hashes should be bound to the same session and audience
+            (0, vitest_1.expect)(proof.meta.sessionId).toBe(mockSession.sessionId);
+            (0, vitest_1.expect)(proof.meta.audience).toBe(mockSession.audience);
+            (0, vitest_1.expect)(proof.meta.nonce).toBe(mockSession.nonce);
+        });
+    });
+    (0, vitest_1.describe)("Detached JWS Generation", () => {
+        (0, vitest_1.it)("should generate detached JWS in correct format", async () => {
+            const request = {
+                method: "test-tool",
+                params: { input: "hello" },
+            };
+            const response = {
+                data: { output: "world" },
+            };
+            const proof = await proofGenerator.generateProof(request, response, mockSession);
+            // Detached JWS should have format: header..signature (empty payload)
+            const jwsParts = proof.jws.split(".");
+            (0, vitest_1.expect)(jwsParts).toHaveLength(3);
+            (0, vitest_1.expect)(jwsParts[1]).toBe(""); // Empty payload for detached format
+            (0, vitest_1.expect)(jwsParts[0]).toBeTruthy(); // Header should exist
+            (0, vitest_1.expect)(jwsParts[2]).toBeTruthy(); // Signature should exist
+        });
+        (0, vitest_1.it)("should use EdDSA algorithm", async () => {
+            const request = {
+                method: "test-tool",
+                params: { input: "hello" },
+            };
+            const response = {
+                data: { output: "world" },
+            };
+            const proof = await proofGenerator.generateProof(request, response, mockSession);
+            // Decode header to check algorithm
+            const [headerB64] = proof.jws.split(".");
+            const header = JSON.parse(Buffer.from(headerB64, "base64url").toString());
+            (0, vitest_1.expect)(header.alg).toBe("EdDSA");
+            (0, vitest_1.expect)(header.kid).toBe(mockIdentity.keyId);
+        });
+    });
+    (0, vitest_1.describe)("Proof Verification", () => {
+        (0, vitest_1.it)("should verify valid proof structure", async () => {
+            const request = {
+                method: "test-tool",
+                params: { input: "hello" },
+            };
+            const response = {
+                data: { output: "world" },
+            };
+            const proof = await proofGenerator.generateProof(request, response, mockSession);
+            const isValid = await proofGenerator.verifyProof(proof, request, response);
+            (0, vitest_1.expect)(isValid).toBe(true);
+        });
+        (0, vitest_1.it)("should reject proof with mismatched request", async () => {
+            const request1 = {
+                method: "test-tool",
+                params: { input: "hello" },
+            };
+            const request2 = {
+                method: "test-tool",
+                params: { input: "goodbye" },
+            };
+            const response = {
+                data: { output: "world" },
+            };
+            const proof = await proofGenerator.generateProof(request1, response, mockSession);
+            const isValid = await proofGenerator.verifyProof(proof, request2, response);
+            (0, vitest_1.expect)(isValid).toBe(false);
+        });
+        (0, vitest_1.it)("should reject proof with mismatched response", async () => {
+            const request = {
+                method: "test-tool",
+                params: { input: "hello" },
+            };
+            const response1 = {
+                data: { output: "world" },
+            };
+            const response2 = {
+                data: { output: "universe" },
+            };
+            const proof = await proofGenerator.generateProof(request, response1, mockSession);
+            const isValid = await proofGenerator.verifyProof(proof, request, response2);
+            (0, vitest_1.expect)(isValid).toBe(false);
+        });
+    });
+    (0, vitest_1.describe)("JSON Canonicalization", () => {
+        (0, vitest_1.it)("should canonicalize objects with sorted keys", () => {
+            const canonical = (0, proof_js_1.extractCanonicalData)({ method: "test", params: { b: 2, a: 1 } }, { data: { z: 26, a: 1 } });
+            // Keys should be sorted in canonical form
+            (0, vitest_1.expect)(canonical.request).toEqual({
+                method: "test",
+                params: { b: 2, a: 1 },
+            });
+            (0, vitest_1.expect)(canonical.response).toEqual({ z: 26, a: 1 });
+        });
+        (0, vitest_1.it)("should handle nested objects and arrays", () => {
+            const canonical = (0, proof_js_1.extractCanonicalData)({
+                method: "complex-tool",
+                params: {
+                    nested: { c: 3, a: 1 },
+                    array: [3, 1, 2],
+                },
+            }, { data: { result: [{ b: 2, a: 1 }] } });
+            (0, vitest_1.expect)(canonical.request.params.nested).toEqual({ c: 3, a: 1 });
+            (0, vitest_1.expect)(canonical.request.params.array).toEqual([3, 1, 2]);
+            (0, vitest_1.expect)(canonical.response.result).toEqual([{ b: 2, a: 1 }]);
+        });
+    });
+});
+(0, vitest_1.describe)("Utility Functions", () => {
+    let mockIdentity;
+    let mockSession;
+    (0, vitest_1.beforeEach)(() => {
+        mockIdentity = {
+            did: "did:web:example.com:agents:test-agent",
+            keyId: "key-test-123",
+            privateKey: Buffer.from("test-private-key-32-bytes-long!!").toString("base64"),
+            publicKey: Buffer.from("test-public-key-32-bytes-long!!!").toString("base64"),
+            createdAt: new Date().toISOString(),
+        };
+        mockSession = {
+            sessionId: "sess_test_123",
+            audience: "example.com",
+            nonce: "test-nonce-456",
+            timestamp: Math.floor(Date.now() / 1000),
+            createdAt: Math.floor(Date.now() / 1000),
+            lastActivity: Math.floor(Date.now() / 1000),
+            ttlMinutes: 30,
+        };
+    });
+    (0, vitest_1.describe)("createProofResponse", () => {
+        (0, vitest_1.it)("should create response with proof metadata", async () => {
+            const request = {
+                method: "test-tool",
+                params: { input: "hello" },
+            };
+            const data = { output: "world" };
+            const response = await (0, proof_js_1.createProofResponse)(request, data, mockIdentity, mockSession);
+            (0, vitest_1.expect)(response.data).toEqual(data);
+            (0, vitest_1.expect)(response.meta?.proof).toBeDefined();
+            (0, vitest_1.expect)(response.meta?.proof?.meta.did).toBe(mockIdentity.did);
+            (0, vitest_1.expect)(response.meta?.proof?.jws).toBeTruthy();
+        });
+        (0, vitest_1.it)("should include optional proof options", async () => {
+            const request = {
+                method: "test-tool",
+                params: { input: "hello" },
+            };
+            const data = { output: "world" };
+            const options = { scopeId: "orders.create" };
+            const response = await (0, proof_js_1.createProofResponse)(request, data, mockIdentity, mockSession, options);
+            (0, vitest_1.expect)(response.meta?.proof?.meta.scopeId).toBe("orders.create");
+        });
+    });
+});

package/dist/runtime/__tests__/session.test.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Tests for Session Management System
+ */
+export {};

package/dist/runtime/__tests__/session.test.js

@@ -0,0 +1,254 @@
+"use strict";
+/**
+ * Tests for Session Management System
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+const vitest_1 = require("vitest");
+const session_js_1 = require("../session.js");
+const memory_nonce_cache_js_1 = require("../../cache/memory-nonce-cache.js");
+(0, vitest_1.describe)("SessionManager", () => {
+    let sessionManager;
+    let mockNonceCache;
+    (0, vitest_1.beforeEach)(() => {
+        mockNonceCache = new memory_nonce_cache_js_1.MemoryNonceCache();
+        sessionManager = new session_js_1.SessionManager({
+            timestampSkewSeconds: 120,
+            sessionTtlMinutes: 30,
+            nonceCache: mockNonceCache,
+        });
+        // Mock console.warn to avoid noise in tests
+        vitest_1.vi.spyOn(console, "warn").mockImplementation(() => { });
+    });
+    (0, vitest_1.afterEach)(() => {
+        mockNonceCache.destroy();
+        vitest_1.vi.restoreAllMocks();
+    });
+    (0, vitest_1.describe)("Handshake Validation", () => {
+        (0, vitest_1.it)("should accept valid handshake", async () => {
+            const request = {
+                nonce: "test-nonce-123",
+                audience: "example.com",
+                timestamp: Math.floor(Date.now() / 1000),
+            };
+            const result = await sessionManager.validateHandshake(request);
+            (0, vitest_1.expect)(result.success).toBe(true);
+            (0, vitest_1.expect)(result.session).toBeDefined();
+            (0, vitest_1.expect)(result.session.audience).toBe("example.com");
+            (0, vitest_1.expect)(result.session.nonce).toBe("test-nonce-123");
+            (0, vitest_1.expect)(result.session.sessionId).toMatch(/^sess_/);
+        });
+        (0, vitest_1.it)("should reject handshake with timestamp too old", async () => {
+            const request = {
+                nonce: "test-nonce-old",
+                audience: "example.com",
+                timestamp: Math.floor(Date.now() / 1000) - 200, // 200 seconds ago
+            };
+            const result = await sessionManager.validateHandshake(request);
+            (0, vitest_1.expect)(result.success).toBe(false);
+            (0, vitest_1.expect)(result.error?.code).toBe("XMCP_I_EHANDSHAKE");
+            (0, vitest_1.expect)(result.error?.message).toContain("Timestamp outside acceptable range");
+            (0, vitest_1.expect)(result.error?.remediation).toContain("Check NTP sync");
+        });
+        (0, vitest_1.it)("should reject handshake with timestamp too far in future", async () => {
+            const request = {
+                nonce: "test-nonce-future",
+                audience: "example.com",
+                timestamp: Math.floor(Date.now() / 1000) + 200, // 200 seconds in future
+            };
+            const result = await sessionManager.validateHandshake(request);
+            (0, vitest_1.expect)(result.success).toBe(false);
+            (0, vitest_1.expect)(result.error?.code).toBe("XMCP_I_EHANDSHAKE");
+            (0, vitest_1.expect)(result.error?.message).toContain("Timestamp outside acceptable range");
+        });
+        (0, vitest_1.it)("should reject duplicate nonce (replay attack)", async () => {
+            const request = {
+                nonce: "duplicate-nonce",
+                audience: "example.com",
+                timestamp: Math.floor(Date.now() / 1000),
+            };
+            // First request should succeed
+            const result1 = await sessionManager.validateHandshake(request);
+            (0, vitest_1.expect)(result1.success).toBe(true);
+            // Second request with same nonce should fail
+            const result2 = await sessionManager.validateHandshake(request);
+            (0, vitest_1.expect)(result2.success).toBe(false);
+            (0, vitest_1.expect)(result2.error?.code).toBe("XMCP_I_EHANDSHAKE");
+            (0, vitest_1.expect)(result2.error?.message).toContain("Nonce already used");
+        });
+        (0, vitest_1.it)("should respect custom timestamp skew configuration", async () => {
+            const customManager = new session_js_1.SessionManager({
+                timestampSkewSeconds: 60, // 1 minute
+                nonceCache: mockNonceCache,
+            });
+            const request = {
+                nonce: "test-nonce-skew",
+                audience: "example.com",
+                timestamp: Math.floor(Date.now() / 1000) - 90, // 90 seconds ago
+            };
+            const result = await customManager.validateHandshake(request);
+            (0, vitest_1.expect)(result.success).toBe(false);
+            (0, vitest_1.expect)(result.error?.message).toContain("±60s");
+        });
+    });
+    (0, vitest_1.describe)("Session Management", () => {
+        (0, vitest_1.it)("should retrieve active session", async () => {
+            const request = {
+                nonce: "session-test-nonce",
+                audience: "example.com",
+                timestamp: Math.floor(Date.now() / 1000),
+            };
+            const handshakeResult = await sessionManager.validateHandshake(request);
+            (0, vitest_1.expect)(handshakeResult.success).toBe(true);
+            const sessionId = handshakeResult.session.sessionId;
+            const retrievedSession = await sessionManager.getSession(sessionId);
+            (0, vitest_1.expect)(retrievedSession).toBeDefined();
+            (0, vitest_1.expect)(retrievedSession.sessionId).toBe(sessionId);
+            (0, vitest_1.expect)(retrievedSession.audience).toBe("example.com");
+        });
+        (0, vitest_1.it)("should return null for non-existent session", async () => {
+            const session = await sessionManager.getSession("non-existent-session");
+            (0, vitest_1.expect)(session).toBeNull();
+        });
+        (0, vitest_1.it)("should expire session after idle timeout", async () => {
+            const shortTtlManager = new session_js_1.SessionManager({
+                sessionTtlMinutes: 0.01, // 0.6 seconds
+                nonceCache: mockNonceCache,
+            });
+            const request = {
+                nonce: "expire-test-nonce",
+                audience: "example.com",
+                timestamp: Math.floor(Date.now() / 1000),
+            };
+            const handshakeResult = await shortTtlManager.validateHandshake(request);
+            const sessionId = handshakeResult.session.sessionId;
+            // Session should exist initially
+            let session = await shortTtlManager.getSession(sessionId);
+            (0, vitest_1.expect)(session).toBeDefined();
+            // Wait for expiration
+            await new Promise((resolve) => setTimeout(resolve, 1000));
+            // Session should be expired
+            session = await shortTtlManager.getSession(sessionId);
+            (0, vitest_1.expect)(session).toBeNull();
+        });
+        (0, vitest_1.it)("should update last activity on session access", async () => {
+            const request = {
+                nonce: "activity-test-nonce",
+                audience: "example.com",
+                timestamp: Math.floor(Date.now() / 1000),
+            };
+            const handshakeResult = await sessionManager.validateHandshake(request);
+            const sessionId = handshakeResult.session.sessionId;
+            const initialActivity = handshakeResult.session.lastActivity;
+            // Wait a bit to ensure time difference
+            await new Promise((resolve) => setTimeout(resolve, 1100));
+            // Access session
+            const session = await sessionManager.getSession(sessionId);
+            (0, vitest_1.expect)(session.lastActivity).toBeGreaterThan(initialActivity);
+        });
+        (0, vitest_1.it)("should respect absolute session lifetime when configured", async () => {
+            const absoluteLifetimeManager = new session_js_1.SessionManager({
+                sessionTtlMinutes: 60, // 1 hour idle
+                absoluteSessionLifetime: 0.01, // 0.6 seconds absolute
+                nonceCache: mockNonceCache,
+            });
+            const request = {
+                nonce: "absolute-test-nonce",
+                audience: "example.com",
+                timestamp: Math.floor(Date.now() / 1000),
+            };
+            const handshakeResult = await absoluteLifetimeManager.validateHandshake(request);
+            const sessionId = handshakeResult.session.sessionId;
+            // Wait for absolute expiration
+            await new Promise((resolve) => setTimeout(resolve, 1000));
+            // Session should be expired due to absolute lifetime
+            const session = await absoluteLifetimeManager.getSession(sessionId);
+            (0, vitest_1.expect)(session).toBeNull();
+        });
+    });
+    (0, vitest_1.describe)("Cleanup", () => {
+        (0, vitest_1.it)("should clean up expired sessions", async () => {
+            const shortTtlManager = new session_js_1.SessionManager({
+                sessionTtlMinutes: 0.01, // 0.6 seconds
+                nonceCache: mockNonceCache,
+            });
+            const request = {
+                nonce: "cleanup-test-nonce",
+                audience: "example.com",
+                timestamp: Math.floor(Date.now() / 1000),
+            };
+            await shortTtlManager.validateHandshake(request);
+            // Should have 1 active session
+            (0, vitest_1.expect)(shortTtlManager.getStats().activeSessions).toBe(1);
+            // Wait for expiration
+            await new Promise((resolve) => setTimeout(resolve, 1000));
+            // Cleanup
+            await shortTtlManager.cleanup();
+            // Should have 0 active sessions
+            (0, vitest_1.expect)(shortTtlManager.getStats().activeSessions).toBe(0);
+        });
+    });
+    (0, vitest_1.describe)("Statistics", () => {
+        (0, vitest_1.it)("should provide session statistics", async () => {
+            const stats = sessionManager.getStats();
+            (0, vitest_1.expect)(stats).toHaveProperty("activeSessions");
+            (0, vitest_1.expect)(stats).toHaveProperty("config");
+            (0, vitest_1.expect)(stats.config.timestampSkewSeconds).toBe(120);
+            (0, vitest_1.expect)(stats.config.sessionTtlMinutes).toBe(30);
+            (0, vitest_1.expect)(stats.config.cacheType).toBe("MemoryNonceCache");
+        });
+    });
+    (0, vitest_1.describe)("Environment Configuration", () => {
+        (0, vitest_1.it)("should read configuration from environment variables", () => {
+            // Mock environment variables
+            const originalEnv = process.env;
+            process.env.XMCP_I_TS_SKEW_SEC = "60";
+            process.env.XMCP_I_SESSION_TTL_MIN = "15";
+            const envManager = new session_js_1.SessionManager();
+            const stats = envManager.getStats();
+            (0, vitest_1.expect)(stats.config.timestampSkewSeconds).toBe(60);
+            (0, vitest_1.expect)(stats.config.sessionTtlMinutes).toBe(15);
+            // Restore environment
+            process.env = originalEnv;
+        });
+    });
+});
+(0, vitest_1.describe)("Utility Functions", () => {
+    (0, vitest_1.describe)("createHandshakeRequest", () => {
+        (0, vitest_1.it)("should create valid handshake request", () => {
+            const request = (0, session_js_1.createHandshakeRequest)("example.com");
+            (0, vitest_1.expect)(request.audience).toBe("example.com");
+            (0, vitest_1.expect)(request.nonce).toBeTruthy();
+            (0, vitest_1.expect)(request.timestamp).toBeCloseTo(Math.floor(Date.now() / 1000), 1);
+        });
+        (0, vitest_1.it)("should generate unique nonces", () => {
+            const request1 = (0, session_js_1.createHandshakeRequest)("example.com");
+            const request2 = (0, session_js_1.createHandshakeRequest)("example.com");
+            (0, vitest_1.expect)(request1.nonce).not.toBe(request2.nonce);
+        });
+    });
+    (0, vitest_1.describe)("validateHandshakeFormat", () => {
+        (0, vitest_1.it)("should validate correct handshake format", () => {
+            const validRequest = {
+                nonce: "test-nonce",
+                audience: "example.com",
+                timestamp: Math.floor(Date.now() / 1000),
+            };
+            (0, vitest_1.expect)((0, session_js_1.validateHandshakeFormat)(validRequest)).toBe(true);
+        });
+        (0, vitest_1.it)("should reject invalid handshake formats", () => {
+            const invalidRequests = [
+                null,
+                undefined,
+                {},
+                { nonce: "", audience: "example.com", timestamp: 123 },
+                { nonce: "test", audience: "", timestamp: 123 },
+                { nonce: "test", audience: "example.com", timestamp: "invalid" },
+                { nonce: "test", audience: "example.com", timestamp: -1 },
+                { nonce: "test", audience: "example.com", timestamp: 123.45 },
+            ];
+            for (const invalid of invalidRequests) {
+                (0, vitest_1.expect)((0, session_js_1.validateHandshakeFormat)(invalid)).toBe(false);
+            }
+        });
+    });
+});

package/dist/runtime/__tests__/well-known.test.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Tests for Well-Known Endpoints
+ */
+export {};