npm - @ledgerhq/ledger-key-ring-protocol - Versions diffs - 0.5.1-nightly.0 - Mend

@ledgerhq/ledger-key-ring-protocol 0.5.1-nightly.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (180) hide show

package/.eslintrc.js +33 -0
package/.turbo/turbo-build.log +4 -0
package/.unimportedrc.json +16 -0
package/CHANGELOG.md +299 -0
package/LICENSE.txt +21 -0
package/README.md +3 -0
package/jest.config.js +13 -0
package/lib/HWDeviceProvider.d.ts +25 -0
package/lib/HWDeviceProvider.d.ts.map +1 -0
package/lib/HWDeviceProvider.js +88 -0
package/lib/HWDeviceProvider.js.map +1 -0
package/lib/api.d.ts +77 -0
package/lib/api.d.ts.map +1 -0
package/lib/api.js +150 -0
package/lib/api.js.map +1 -0
package/lib/auth.d.ts +3 -0
package/lib/auth.d.ts.map +1 -0
package/lib/auth.js +79 -0
package/lib/auth.js.map +1 -0
package/lib/errors.d.ts +40 -0
package/lib/errors.d.ts.map +1 -0
package/lib/errors.js +18 -0
package/lib/errors.js.map +1 -0
package/lib/index.d.ts +6 -0
package/lib/index.d.ts.map +1 -0
package/lib/index.js +17 -0
package/lib/index.js.map +1 -0
package/lib/mockSdk.d.ts +22 -0
package/lib/mockSdk.d.ts.map +1 -0
package/lib/mockSdk.js +208 -0
package/lib/mockSdk.js.map +1 -0
package/lib/qrcode/cipher.d.ts +12 -0
package/lib/qrcode/cipher.d.ts.map +1 -0
package/lib/qrcode/cipher.js +69 -0
package/lib/qrcode/cipher.js.map +1 -0
package/lib/qrcode/cipher.test.d.ts +2 -0
package/lib/qrcode/cipher.test.d.ts.map +1 -0
package/lib/qrcode/cipher.test.js +40 -0
package/lib/qrcode/cipher.test.js.map +1 -0
package/lib/qrcode/index.d.ts +70 -0
package/lib/qrcode/index.d.ts.map +1 -0
package/lib/qrcode/index.js +312 -0
package/lib/qrcode/index.js.map +1 -0
package/lib/qrcode/index.test.d.ts +2 -0
package/lib/qrcode/index.test.d.ts.map +1 -0
package/lib/qrcode/index.test.js +131 -0
package/lib/qrcode/index.test.js.map +1 -0
package/lib/qrcode/types.d.ts +69 -0
package/lib/qrcode/types.d.ts.map +1 -0
package/lib/qrcode/types.js +3 -0
package/lib/qrcode/types.js.map +1 -0
package/lib/sdk.d.ts +31 -0
package/lib/sdk.d.ts.map +1 -0
package/lib/sdk.js +380 -0
package/lib/sdk.js.map +1 -0
package/lib/store.d.ts +71 -0
package/lib/store.d.ts.map +1 -0
package/lib/store.js +62 -0
package/lib/store.js.map +1 -0
package/lib/types.d.ts +181 -0
package/lib/types.d.ts.map +1 -0
package/lib/types.js +10 -0
package/lib/types.js.map +1 -0
package/lib-es/HWDeviceProvider.d.ts +25 -0
package/lib-es/HWDeviceProvider.d.ts.map +1 -0
package/lib-es/HWDeviceProvider.js +81 -0
package/lib-es/HWDeviceProvider.js.map +1 -0
package/lib-es/api.d.ts +77 -0
package/lib-es/api.d.ts.map +1 -0
package/lib-es/api.js +145 -0
package/lib-es/api.js.map +1 -0
package/lib-es/auth.d.ts +3 -0
package/lib-es/auth.d.ts.map +1 -0
package/lib-es/auth.js +75 -0
package/lib-es/auth.js.map +1 -0
package/lib-es/errors.d.ts +40 -0
package/lib-es/errors.d.ts.map +1 -0
package/lib-es/errors.js +15 -0
package/lib-es/errors.js.map +1 -0
package/lib-es/index.d.ts +6 -0
package/lib-es/index.d.ts.map +1 -0
package/lib-es/index.js +13 -0
package/lib-es/index.js.map +1 -0
package/lib-es/mockSdk.d.ts +22 -0
package/lib-es/mockSdk.d.ts.map +1 -0
package/lib-es/mockSdk.js +201 -0
package/lib-es/mockSdk.js.map +1 -0
package/lib-es/qrcode/cipher.d.ts +12 -0
package/lib-es/qrcode/cipher.d.ts.map +1 -0
package/lib-es/qrcode/cipher.js +61 -0
package/lib-es/qrcode/cipher.js.map +1 -0
package/lib-es/qrcode/cipher.test.d.ts +2 -0
package/lib-es/qrcode/cipher.test.d.ts.map +1 -0
package/lib-es/qrcode/cipher.test.js +38 -0
package/lib-es/qrcode/cipher.test.js.map +1 -0
package/lib-es/qrcode/index.d.ts +70 -0
package/lib-es/qrcode/index.d.ts.map +1 -0
package/lib-es/qrcode/index.js +304 -0
package/lib-es/qrcode/index.js.map +1 -0
package/lib-es/qrcode/index.test.d.ts +2 -0
package/lib-es/qrcode/index.test.d.ts.map +1 -0
package/lib-es/qrcode/index.test.js +126 -0
package/lib-es/qrcode/index.test.js.map +1 -0
package/lib-es/qrcode/types.d.ts +69 -0
package/lib-es/qrcode/types.d.ts.map +1 -0
package/lib-es/qrcode/types.js +2 -0
package/lib-es/qrcode/types.js.map +1 -0
package/lib-es/sdk.d.ts +31 -0
package/lib-es/sdk.d.ts.map +1 -0
package/lib-es/sdk.js +371 -0
package/lib-es/sdk.js.map +1 -0
package/lib-es/store.d.ts +71 -0
package/lib-es/store.d.ts.map +1 -0
package/lib-es/store.js +51 -0
package/lib-es/store.js.map +1 -0
package/lib-es/types.d.ts +181 -0
package/lib-es/types.d.ts.map +1 -0
package/lib-es/types.js +7 -0
package/lib-es/types.js.map +1 -0
package/mocks/scenarios/addSameMemberMultipleTimes.json +426 -0
package/mocks/scenarios/create2trustchainInARow.json +616 -0
package/mocks/scenarios/getOrCreateTransactionCases.json +591 -0
package/mocks/scenarios/member3implicitlyAdded.json +648 -0
package/mocks/scenarios/membersManySelfAdd.json +1427 -0
package/mocks/scenarios/randomMemberTryToDestroy.json +371 -0
package/mocks/scenarios/removeMemberWithTheWrongSeed.json +510 -0
package/mocks/scenarios/removedMemberEjectedOnDeletedTrustchain.json +481 -0
package/mocks/scenarios/removedMemberEjectedOnGetMembers.json +648 -0
package/mocks/scenarios/removedMemberEjectedOnRestore.json +648 -0
package/mocks/scenarios/removingAMemberCreatesAnInteraction.json +593 -0
package/mocks/scenarios/removingYourselfIsForbidden.json +397 -0
package/mocks/scenarios/success.json +978 -0
package/mocks/scenarios/tokenExpires.json +371 -0
package/mocks/scenarios/twoAddMembersFollowedByDeviceAdd.json +705 -0
package/mocks/scenarios/userRefusesAuth.json +40 -0
package/mocks/scenarios/userRefusesRemoveMember.json +542 -0
package/package.json +91 -0
package/scripts/README.md +15 -0
package/scripts/e2e.ts +57 -0
package/src/HWDeviceProvider.ts +105 -0
package/src/__tests__/integration/mock.sdk.test.ts +47 -0
package/src/__tests__/integration/sdk.test.ts +20 -0
package/src/__tests__/tsconfig.json +8 -0
package/src/__tests__/unit/sdk.test.ts +236 -0
package/src/api.ts +202 -0
package/src/auth.ts +81 -0
package/src/errors.ts +18 -0
package/src/index.ts +20 -0
package/src/mockSdk.ts +253 -0
package/src/qrcode/cipher.test.ts +30 -0
package/src/qrcode/cipher.ts +63 -0
package/src/qrcode/index.test.ts +138 -0
package/src/qrcode/index.ts +395 -0
package/src/qrcode/types.ts +70 -0
package/src/sdk.ts +542 -0
package/src/store.ts +99 -0
package/src/types.ts +242 -0
package/tests/scenarios/_template.ts +18 -0
package/tests/scenarios/addSameMemberMultipleTimes.ts +20 -0
package/tests/scenarios/create2trustchainInARow.ts +14 -0
package/tests/scenarios/getOrCreateTransactionCases.ts +74 -0
package/tests/scenarios/member3implicitlyAdded.ts +51 -0
package/tests/scenarios/membersManySelfAdd.ts +18 -0
package/tests/scenarios/randomMemberTryToDestroy.ts +23 -0
package/tests/scenarios/removeMemberWithTheWrongSeed.ts +28 -0
package/tests/scenarios/removedMemberEjectedOnDeletedTrustchain.ts +31 -0
package/tests/scenarios/removedMemberEjectedOnGetMembers.ts +29 -0
package/tests/scenarios/removedMemberEjectedOnRestore.ts +31 -0
package/tests/scenarios/removingAMemberCreatesAnInteraction.ts +42 -0
package/tests/scenarios/removingYourselfIsForbidden.ts +11 -0
package/tests/scenarios/success.ts +94 -0
package/tests/scenarios/tokenExpires.ts +20 -0
package/tests/scenarios/twoAddMembersFollowedByDeviceAdd.ts +49 -0
package/tests/scenarios/userRefusesAuth.ts +28 -0
package/tests/scenarios/userRefusesRemoveMember.ts +66 -0
package/tests/test-helpers/recordTrustchainSdkTests.ts +178 -0
package/tests/test-helpers/replayTrustchainSdkTests.ts +141 -0
package/tests/test-helpers/types.ts +45 -0
package/tests/tsconfig.json +8 -0
package/tsconfig.json +15 -0

package/src/types.ts ADDED Viewed

@@ -0,0 +1,242 @@
+import { Observable } from "rxjs";
+import Transport from "@ledgerhq/hw-transport";
+import { TrustchainsResponse } from "./api";
+/**
+ * The JWT is a JSON Web Token that is used to authenticate the user.
+ */
+export type JWT = {
+  accessToken: string;
+  permissions: {
+    [trustchainId: string]: {
+      [path: string]: string[];
+    };
+  };
+};
+/**
+ * A function which allow all interactions with the hardware device.
+ */
+export type WithDevice = (
+  deviceId: string,
+  options?: { openTimeoutMs?: number },
+) => <T>(fn: (transport: Transport) => Observable<T>) => Observable<T>;
+/**
+ * A Trustchain contains the identifier and the contextual data we need to manage members and encrypt/decrypt data.
+ */
+export type Trustchain = {
+  /**
+   * The immutable id of the trustchain root
+   */
+  rootId: string;
+  /**
+   * The secret used to encrypt/decrypt the wallet sync data
+   */
+  walletSyncEncryptionKey: string;
+  /**
+   * The derivation path on which the current walletSyncEncryptionKey value is stored
+   */
+  applicationPath: string;
+};
+/**
+ * The Trustchain member credentials are stored on each client, with the privatekey only known by the current client.
+ */
+export type MemberCredentials = {
+  /**
+   * The public key of the member (in hexadecimal)
+   */
+  pubkey: string;
+  /**
+   * The private key of the member (in hexadecimal)
+   */
+  privatekey: string;
+};
+/**
+ * A member of the trustchain
+ */
+export type TrustchainMember = {
+  /**
+   * The id of the member. It corresponds to the MemberCredentials.pubkey
+   */
+  id: string;
+  /**
+   * The name of the member as displayed in the UI
+   */
+  name: string;
+  /**
+   * a technical permissions of the member. it will often just be Permissions.OWNER
+   */
+  permissions: number;
+};
+/**
+ * The TrustchainSDKContext is a context that is used to initialize the TrustchainSDK.
+ */
+export type TrustchainSDKContext = {
+  applicationId: number;
+  name: string;
+  apiBaseUrl: string;
+};
+/**
+ * provide global callbacks for specific lifecycles.
+ * this allows us to decouple trustchain with the rest of Ledger Live.
+ * For now, we only introduce very specific hooks we need.
+ */
+export type TrustchainLifecycle = {
+  /**
+   * called when a trustchain rotation is occuring
+   * the first function is called when the rotation is starting
+   * the second function is called when the rotation is done.
+   *
+   * in that case, we typically want to delete all other resources depending on it.
+   * we do this with the existing jwt token before refreshing it.
+   */
+  onTrustchainRotation: (
+    trustchainSdk: TrustchainSDK,
+    oldTrustchain: Trustchain,
+    memberCredentials: MemberCredentials,
+  ) => Promise<(newTrustchain: Trustchain) => Promise<void>>;
+};
+export enum TrustchainResultType {
+  created = "created",
+  updated = "updated",
+  restored = "restored",
+}
+/**
+ * the trustchain with a result type indicating what happened during getOrCreateTrustchain
+ */
+export type TrustchainResult =
+  | {
+      // the trustchain didn't exist and was created
+      type: TrustchainResultType.created;
+      trustchain: Trustchain;
+    }
+  | {
+      // the trustchain already existed and was updated (typically the current member was added)
+      type: TrustchainResultType.updated;
+      trustchain: Trustchain;
+    }
+  | {
+      // the trustchain existed and was just retrieved (no need to update it)
+      type: TrustchainResultType.restored;
+      trustchain: Trustchain;
+    };
+/**
+ * cache (default): the SDK will use the cached JWT if it's still valid, otherwise it will refresh it.
+ * refresh: the SDK will always refresh the JWT if possible.
+ * no-cache: the SDK will always request a new JWT.
+ */
+export type AuthCachePolicy = "no-cache" | "refresh" | "cache";
+/**
+ * The main interface for the UI to interact with the trustchain protocol.
+ *
+ * @example
+ *
+ * import { sdk } from "@ledgerhq/ledger-key-ring-protocol";
+ *
+ * sdk.getOrCreateTrustchain(deviceId, memberCredentials).then(trustchain => console.log(trustchain));
+ */
+export interface TrustchainSDK {
+  /**
+   * Generate the live credentials that represents a Live instance, member of the trustchain.
+   * This method is expected to be used the first time Ledger Live is opened (if Live never generated them before) and then persisted over the future user sessions of Ledger Live in order for the member to be able to authenticate and manage the trustchain.
+   */
+  initMemberCredentials(): Promise<MemberCredentials>;
+  /**
+   * Access a JWT from the TrustchainSDK. manage the reauthentication if needed.
+   * A trustchain must have been created and the Live instance must have been added as a member.
+   * The returned token will typically be used for regular operations like wallet sync.
+   */
+  withAuth<T>(
+    trustchain: Trustchain,
+    memberCredentials: MemberCredentials,
+    f: (jwt: JWT) => Promise<T>,
+    policy?: AuthCachePolicy,
+    ignorePermissionsChecks?: boolean,
+  ): Promise<T>;
+  /**
+   * This method will either create the required trustchains (root and application) or restore them.
+   * The returned trustchain will be initialized on the root level and also will have the branch derivation corresponding to the contextual applicationId.
+   * It will also have the wallet sync encryption key initialized.
+   * The latest jwt is also returned because it was potentially updated during the process.
+   */
+  getOrCreateTrustchain(
+    deviceId: string,
+    memberCredentials: MemberCredentials,
+    callbacks?: GetOrCreateTrustchainCallbacks,
+    topic?: Uint8Array,
+    currentTrustchain?: Trustchain,
+  ): Promise<TrustchainResult>;
+  /**
+   * Restore the current trustchain encryption key, typically due to a key rotation.
+   */
+  restoreTrustchain(
+    trustchain: Trustchain,
+    memberCredentials: MemberCredentials,
+  ): Promise<Trustchain>;
+  /**
+   * list the current members of the application trustchain
+   */
+  getMembers(
+    trustchain: Trustchain,
+    memberCredentials: MemberCredentials,
+  ): Promise<TrustchainMember[]>;
+  /**
+   * remove a member from the application trustchain
+   */
+  removeMember(
+    deviceId: string,
+    trustchain: Trustchain,
+    memberCredentials: MemberCredentials,
+    member: TrustchainMember,
+    callbacks?: TrustchainDeviceCallbacks,
+  ): Promise<Trustchain>;
+  /**
+   * add a member to the application trustchain
+   */
+  addMember(
+    trustchain: Trustchain,
+    memberCredentials: MemberCredentials,
+    member: TrustchainMember,
+  ): Promise<void>;
+  /**
+   * destroy the trustchain
+   */
+  destroyTrustchain(trustchain: Trustchain, memberCredentials: MemberCredentials): Promise<void>;
+  /**
+   * encrypt data with the trustchain encryption key
+   */
+  encryptUserData(trustchain: Trustchain, obj: object): Promise<Uint8Array>;
+  /**
+   * decrypt data with the trustchain encryption key
+   */
+  decryptUserData(trustchain: Trustchain, data: Uint8Array): Promise<Uint8Array>;
+  invalidateJwt(): void;
+}
+export interface TrustchainDeviceCallbacks {
+  onStartRequestUserInteraction?: () => void;
+  onEndRequestUserInteraction?: () => void;
+}
+export interface GetOrCreateTrustchainCallbacks extends TrustchainDeviceCallbacks {
+  onInitialResponse?: (trustchains: TrustchainsResponse) => void;
+}

package/tests/scenarios/_template.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import { ScenarioOptions } from "../test-helpers/types";
+export async function scenario(deviceId: string, { sdkForName }: ScenarioOptions) {
+  /**
+   * Edit this code to the test you want.
+   * This script will be used both as a end-to-end tests and unit tests.
+   * The end-to-end tests are used to generate mock for the same unit tests.
+   */
+  const name1 = "cli-member1";
+  const sdk1 = sdkForName(name1);
+  const memberCredentials = await sdk1.initMemberCredentials();
+  const { trustchain } = await sdk1.getOrCreateTrustchain(deviceId, memberCredentials);
+  await sdk1.destroyTrustchain(trustchain, memberCredentials);
+}
+// this can overrides the default config used by the recorder
+export const recorderConfig = {};

package/tests/scenarios/addSameMemberMultipleTimes.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import { ScenarioOptions } from "../test-helpers/types";
+export async function scenario(deviceId: string, { sdkForName }: ScenarioOptions) {
+  const name1 = "Member 1";
+  const sdk = sdkForName(name1);
+  const member1creds = await sdk.initMemberCredentials();
+  const { trustchain } = await sdk.getOrCreateTrustchain(deviceId, member1creds);
+  const name2 = "Member 2";
+  const member2creds = await sdk.initMemberCredentials();
+  const member2 = { name: name2, id: member2creds.pubkey, permissions: 0xffffffff };
+  await sdk.addMember(trustchain, member1creds, member2);
+  await sdk.addMember(trustchain, member1creds, member2);
+  const members = await sdk.getMembers(trustchain, member1creds);
+  await sdk.destroyTrustchain(trustchain, member1creds);
+  expect(members.length).toBe(2);
+}

package/tests/scenarios/create2trustchainInARow.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import { ScenarioOptions } from "../test-helpers/types";
+export async function scenario(deviceId: string, { sdkForName }: ScenarioOptions) {
+  const sdk = sdkForName("Foo");
+  const creds = await sdk.initMemberCredentials();
+  const t1 = await sdk.getOrCreateTrustchain(deviceId, creds);
+  await sdk.destroyTrustchain(t1.trustchain, creds);
+  expect(t1.type).toBe("created");
+  const t2 = await sdk.getOrCreateTrustchain(deviceId, creds);
+  await sdk.destroyTrustchain(t2.trustchain, creds);
+  expect(t2.type).toBe("created");
+}

package/tests/scenarios/getOrCreateTransactionCases.ts ADDED Viewed

@@ -0,0 +1,74 @@
+import { ScenarioOptions } from "../test-helpers/types";
+export async function scenario(deviceId: string, { sdkForName }: ScenarioOptions) {
+  const name1 = "Member 1";
+  const sdk1 = sdkForName(name1);
+  const member1creds = await sdk1.initMemberCredentials();
+  let interactionCounter = 0;
+  let totalInteractionCounter = 0;
+  const callbacks = {
+    onStartRequestUserInteraction: () => {
+      totalInteractionCounter++;
+      interactionCounter++;
+    },
+    onEndRequestUserInteraction: () => {
+      interactionCounter--;
+    },
+  };
+  // verify that getOrCreateTrustchain is idempotent
+  const { trustchain: t1, type: type1 } = await sdk1.getOrCreateTrustchain(
+    deviceId,
+    member1creds,
+    callbacks,
+  );
+  expect(type1).toBe("created");
+  expect(totalInteractionCounter).toBe(2); // there are two interaction: one for device auth, one for trustchain addition
+  const { trustchain: t2, type: type2 } = await sdk1.getOrCreateTrustchain(
+    deviceId,
+    member1creds,
+    callbacks,
+  );
+  expect(type2).toBe("restored");
+  expect(totalInteractionCounter).toBe(3); // one more device auth interaction happened
+  expect(t1).toEqual(t2);
+  // verify that a second member can join the trustchain and get the same trustchain
+  const name2 = "Member 2";
+  const sdk2 = sdkForName(name2);
+  const member2creds = await sdk2.initMemberCredentials();
+  const { trustchain: t3, type: type3 } = await sdk2.getOrCreateTrustchain(
+    deviceId,
+    member2creds,
+    callbacks,
+  );
+  expect(type3).toBe("updated");
+  expect(t1).toEqual(t3);
+  // check there are indeed our two members in the trustchain
+  const members = await sdk1.getMembers(t1, member1creds);
+  expect(members).toEqual([
+    {
+      id: member1creds.pubkey,
+      name: name1,
+      permissions: 0xffffffff,
+    },
+    {
+      id: member2creds.pubkey,
+      name: name2,
+      permissions: 0xffffffff,
+    },
+  ]);
+  // destroy
+  await sdk1.destroyTrustchain(t1, member1creds);
+  expect({
+    interactionCounter,
+    totalInteractionCounter,
+  }).toEqual({
+    interactionCounter: 0, // total of interaction+- is back at 0
+    totalInteractionCounter: 5,
+  });
+}

package/tests/scenarios/member3implicitlyAdded.ts ADDED Viewed

@@ -0,0 +1,51 @@
+import { ScenarioOptions } from "../test-helpers/types";
+/**
+ * a complete scenario with 3 members and various sdk successful interactions.
+ */
+export async function scenario(deviceId: string, { sdkForName }: ScenarioOptions) {
+  // members
+  const name1 = "Member 1";
+  const sdk1 = sdkForName(name1);
+  const member1creds = await sdk1.initMemberCredentials();
+  const name2 = "Member 2";
+  const sdk2 = sdkForName(name2);
+  const member2creds = await sdk2.initMemberCredentials();
+  const name3 = "Member 3";
+  const sdk3 = sdkForName(name3);
+  const member3creds = await sdk3.initMemberCredentials();
+  // auth with the device and init the first trustchain
+  const { trustchain } = await sdk1.getOrCreateTrustchain(deviceId, member1creds);
+  // member 1 adds member 2
+  const member2 = { name: name2, id: member2creds.pubkey, permissions: 0xffffffff };
+  await sdk1.addMember(trustchain, member1creds, member2);
+  // member 3 do a getOrCreateTrustchain that should add itself implicitly
+  const { trustchain: trustchain3 } = await sdk3.getOrCreateTrustchain(deviceId, member3creds);
+  // list members
+  const members = await sdk3.getMembers(trustchain3, member3creds);
+  expect(members).toEqual([
+    {
+      id: member1creds.pubkey,
+      name: name1,
+      permissions: 0xffffffff,
+    },
+    {
+      id: member2creds.pubkey,
+      name: name2,
+      permissions: 0xffffffff,
+    },
+    {
+      id: member3creds.pubkey,
+      name: name3,
+      permissions: 0xffffffff,
+    },
+  ]);
+  await sdk2.destroyTrustchain(trustchain, member2creds);
+}

package/tests/scenarios/membersManySelfAdd.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import { ScenarioOptions } from "../test-helpers/types";
+export async function scenario(deviceId: string, { sdkForName }: ScenarioOptions) {
+  let trustchainId;
+  const n = 10;
+  for (let i = 1; i < n; i++) {
+    const name = "Member " + i;
+    const sdk = sdkForName(name);
+    const creds = await sdk.initMemberCredentials();
+    const { trustchain } = await sdk.getOrCreateTrustchain(deviceId, creds);
+    if (!trustchainId) trustchainId = trustchain.rootId;
+    expect(trustchain.rootId).toBe(trustchainId);
+    if (i === n - 1) {
+      // cleanup
+      await sdk.destroyTrustchain(trustchain, creds);
+    }
+  }
+}

package/tests/scenarios/randomMemberTryToDestroy.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import { TrustchainEjected } from "../../src/errors";
+import { ScenarioOptions } from "../test-helpers/types";
+export async function scenario(deviceId: string, { sdkForName }: ScenarioOptions) {
+  // first member initializes itself
+  const name1 = "Member 1";
+  const sdk1 = sdkForName(name1);
+  const member1creds = await sdk1.initMemberCredentials();
+  // second member initializes itself
+  const name2 = "Member 2";
+  const sdk2 = sdkForName(name2);
+  const member2creds = await sdk2.initMemberCredentials();
+  // auth with the device and init the first trustchain
+  const { trustchain } = await sdk1.getOrCreateTrustchain(deviceId, member1creds);
+  // now member2 will get an ejected error when trying to destroy the trustchain
+  await expect(sdk2.destroyTrustchain(trustchain, member2creds)).rejects.toThrow(TrustchainEjected);
+  // member1 can destroy the trustchain
+  await sdk1.destroyTrustchain(trustchain, member1creds);
+}

package/tests/scenarios/removeMemberWithTheWrongSeed.ts ADDED Viewed

@@ -0,0 +1,28 @@
+import { ScenarioOptions } from "../test-helpers/types";
+import { TrustchainNotAllowed } from "../../src/errors";
+export async function scenario(
+  deviceId: string,
+  { sdkForName, switchDeviceSeed }: ScenarioOptions,
+) {
+  const name1 = "Member 1";
+  const sdk1 = sdkForName(name1);
+  const member1creds = await sdk1.initMemberCredentials();
+  const member1 = { name: name1, id: member1creds.pubkey, permissions: 0xffffffff };
+  const name2 = "Member 2";
+  const sdk2 = sdkForName(name2);
+  const member2creds = await sdk2.initMemberCredentials();
+  const member2 = { name: name2, id: member2creds.pubkey, permissions: 0xffffffff };
+  const { trustchain } = await sdk1.getOrCreateTrustchain(deviceId, member1creds);
+  await sdk1.addMember(trustchain, member1creds, member2);
+  const device = await switchDeviceSeed();
+  await expect(sdk1.removeMember(device.id, trustchain, member2creds, member1)).rejects.toThrow(
+    TrustchainNotAllowed,
+  );
+  await sdk2.destroyTrustchain(trustchain, member2creds);
+}

package/tests/scenarios/removedMemberEjectedOnDeletedTrustchain.ts ADDED Viewed

@@ -0,0 +1,31 @@
+import { ScenarioOptions } from "../test-helpers/types";
+export async function scenario(deviceId: string, { sdkForName }: ScenarioOptions) {
+  // first member initializes itself
+  const name1 = "Member 1";
+  const sdk1 = sdkForName(name1);
+  const member1creds = await sdk1.initMemberCredentials();
+  // second member initializes itself
+  const name2 = "Member 2";
+  const sdk2 = sdkForName(name2);
+  const member2creds = await sdk2.initMemberCredentials();
+  const member2 = { name: name2, id: member2creds.pubkey, permissions: 0xffffffff };
+  // auth with the device and init the first trustchain
+  const { trustchain } = await sdk1.getOrCreateTrustchain(deviceId, member1creds);
+  // member 1 adds member 2 (= qr code flow)
+  await sdk1.addMember(trustchain, member1creds, member2);
+  // member2 can get the members
+  await sdk2.getMembers(trustchain, member2creds);
+  // member1 removes trustchain
+  await sdk1.destroyTrustchain(trustchain, member1creds);
+  // force a refresh to happen (which normally happen after some time)
+  await sdk2.withAuth(trustchain, member2creds, jwt => Promise.resolve(jwt), "refresh", true);
+  // member2 is no longer a member so is not authorized to get the members
+  await expect(sdk2.getMembers(trustchain, member2creds)).rejects.toThrow();
+}

package/tests/scenarios/removedMemberEjectedOnGetMembers.ts ADDED Viewed

@@ -0,0 +1,29 @@
+import { TrustchainEjected } from "../../src/errors";
+import { ScenarioOptions } from "../test-helpers/types";
+export async function scenario(deviceId: string, { sdkForName }: ScenarioOptions) {
+  // first member initializes itself
+  const name1 = "Member 1";
+  const sdk1 = sdkForName(name1);
+  const member1creds = await sdk1.initMemberCredentials();
+  // second member initializes itself
+  const name2 = "Member 2";
+  const sdk2 = sdkForName(name2);
+  const member2creds = await sdk2.initMemberCredentials();
+  const member2 = { name: name2, id: member2creds.pubkey, permissions: 0xffffffff };
+  // auth with the device and init the first trustchain
+  const { trustchain } = await sdk1.getOrCreateTrustchain(deviceId, member1creds);
+  // member 1 adds member 2 (= qr code flow)
+  await sdk1.addMember(trustchain, member1creds, member2);
+  // member1 removes member2
+  const newTrustchain = await sdk1.removeMember(deviceId, trustchain, member1creds, member2);
+  // member2 is no longer a member so is not authorized to get the members
+  await expect(sdk2.getMembers(trustchain, member2creds)).rejects.toThrow(TrustchainEjected);
+  // member3 destroy the trustchain
+  await sdk1.destroyTrustchain(newTrustchain, member1creds);
+}

package/tests/scenarios/removedMemberEjectedOnRestore.ts ADDED Viewed

@@ -0,0 +1,31 @@
+import { TrustchainEjected } from "../../src/errors";
+import { ScenarioOptions } from "../test-helpers/types";
+export async function scenario(deviceId: string, { sdkForName }: ScenarioOptions) {
+  // first member initializes itself
+  const name1 = "Member 1";
+  const sdk1 = sdkForName(name1);
+  const member1creds = await sdk1.initMemberCredentials();
+  // auth with the device and init the first trustchain
+  const { trustchain } = await sdk1.getOrCreateTrustchain(deviceId, member1creds);
+  // second member initializes itself
+  const name2 = "Member 2";
+  const sdk2 = sdkForName(name2);
+  const member2creds = await sdk2.initMemberCredentials();
+  // member 1 adds member 2 (= qr code flow)
+  const member2 = { name: name2, id: member2creds.pubkey, permissions: 0xffffffff };
+  await sdk1.addMember(trustchain, member1creds, member2);
+  // member1 removes member2
+  const newTrustchain = await sdk1.removeMember(deviceId, trustchain, member1creds, member2);
+  // now member2 will get an ejected error when trying to restore the trustchain
+  // NB: restoreTrustchain is typically what we would call when member2 see that the encryptionKey no longer work after the rotation
+  await expect(sdk2.restoreTrustchain(trustchain, member2creds)).rejects.toThrow(TrustchainEjected);
+  // member3 destroy the trustchain
+  await sdk1.destroyTrustchain(newTrustchain, member1creds);
+}

package/tests/scenarios/removingAMemberCreatesAnInteraction.ts ADDED Viewed

@@ -0,0 +1,42 @@
+import { ScenarioOptions } from "../test-helpers/types";
+export async function scenario(deviceId: string, { sdkForName }: ScenarioOptions) {
+  const name1 = "Member 1";
+  const sdk1 = sdkForName(name1);
+  const member1creds = await sdk1.initMemberCredentials();
+  const name2 = "Member 2";
+  const sdk2 = sdkForName(name2);
+  const member2creds = await sdk2.initMemberCredentials();
+  const member2 = { name: name2, id: member2creds.pubkey, permissions: 0xffffffff };
+  let interactionCounter = 0;
+  let totalInteractionCounter = 0;
+  const callbacks = {
+    onStartRequestUserInteraction: () => {
+      totalInteractionCounter++;
+      interactionCounter++;
+    },
+    onEndRequestUserInteraction: () => {
+      interactionCounter--;
+    },
+  };
+  const { trustchain } = await sdk1.getOrCreateTrustchain(deviceId, member1creds, callbacks);
+  expect(totalInteractionCounter).toBe(2); // there are two interaction: one for device auth, one for trustchain addition
+  await sdk1.addMember(trustchain, member1creds, member2);
+  const newTrustchain = await sdk1.removeMember(
+    deviceId,
+    trustchain,
+    member1creds,
+    member2,
+    callbacks,
+  );
+  expect(totalInteractionCounter).toBe(5); // there are 2 interactions for trustchain addition
+  // destroy the trustchain
+  await sdk1.destroyTrustchain(newTrustchain, member1creds);
+  expect(interactionCounter).toBe(0); // the start/stop is coherent
+}

package/tests/scenarios/removingYourselfIsForbidden.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import { ScenarioOptions } from "../test-helpers/types";
+export async function scenario(deviceId: string, { sdkForName }: ScenarioOptions) {
+  const name1 = "Member 1";
+  const sdk1 = sdkForName(name1);
+  const member1creds = await sdk1.initMemberCredentials();
+  const { trustchain } = await sdk1.getOrCreateTrustchain(deviceId, member1creds);
+  const members = await sdk1.getMembers(trustchain, member1creds);
+  await expect(sdk1.removeMember(deviceId, trustchain, member1creds, members[0])).rejects.toThrow();
+  await sdk1.destroyTrustchain(trustchain, member1creds);
+}