@longarc/mdash 3.1.1 → 3.1.3

package/src/__tests__/phase2-4.test.ts

@@ -16,7 +16,7 @@ import { ZKProofsEngine, ClaimBuilder, InsuranceClaimProof, CIRCUIT_CONFIGS } fr
 import { MCCAEngine, ContextWindowManager, DEFAULT_INFLUENCE_BUDGET } from '../mcca/engine.js';
 import { generateTimestamp } from '../core/crypto.js';
 
-const TEST_SEAL_KEY = 'test-seal-key-phase-2-4-v3.0.0';
+const TEST_SEAL_KEY = 'test-seal-key-phase-2-4-v3.0.0-x';
 
 // ============================================================================
 // L2 TEE ATTESTATION TESTS
@@ -845,54 +845,3 @@ describe('Three-Layer Attestation Integration', () => {
   });
 });
 
-// ============================================================================
-// LATENCY SLA TESTS
-// ============================================================================
-
-describe('Latency SLA Compliance', () => {
-  let commitmentEngine: CommitmentEngine;
-  let teeEngine: TEEAttestationEngine;
-
-  beforeAll(async () => {
-    commitmentEngine = new CommitmentEngine();
-    await commitmentEngine.initialize(TEST_SEAL_KEY);
-    
-    teeEngine = new TEEAttestationEngine(commitmentEngine);
-    await teeEngine.initialize(TEST_SEAL_KEY);
-  });
-
-  it('L1 commitment should complete in <1ms (P99)', async () => {
-    const latencies: number[] = [];
-
-    for (let i = 0; i < 100; i++) {
-      const start = performance.now();
-      await commitmentEngine.commit({ iteration: i }, `latency-l1-${i}`);
-      latencies.push(performance.now() - start);
-    }
-
-    // Sort and get P99
-    latencies.sort((a, b) => a - b);
-    const p99 = latencies[98];
-
-    // Note: In Node.js environment, actual latency may vary
-    // Target is <1ms, we allow 5ms for test stability
-    expect(p99).toBeLessThan(5);
-  });
-
-  it('L2 attestation should complete in <10ms (P99)', async () => {
-    const latencies: number[] = [];
-
-    for (let i = 0; i < 50; i++) {
-      const start = performance.now();
-      await teeEngine.attest({ iteration: i }, `latency-l2-${i}`);
-      latencies.push(performance.now() - start);
-    }
-
-    // Sort and get P99
-    latencies.sort((a, b) => a - b);
-    const p99 = latencies[Math.floor(latencies.length * 0.99)];
-
-    // Target is <10ms, we allow 50ms for test stability
-    expect(p99).toBeLessThan(50);
-  });
-});

package/src/__tests__/provenance/api-handler.test.ts

@@ -0,0 +1,356 @@
+/**
+ * ProvenanceApiHandler Test Suite
+ *
+ * Validates the API surface that exposes provenance verification
+ * to external parties: model providers, verifiers, and regulators.
+ *
+ * 20+ tests covering:
+ * - Attest endpoint (5 tests)
+ * - Verify endpoint (6 tests)
+ * - Chain endpoint (5 tests)
+ * - Integration / lifecycle (5 tests)
+ */
+
+import { describe, it, expect, beforeEach } from 'vitest';
+import { ProvenanceEngine } from '../../provenance/provenance-engine.js';
+import { ProvenanceApiHandler } from '../../provenance/api-handler.js';
+import { sha256 } from '../../core/crypto.js';
+import type { AttestRequest, VerifyRequest } from '../../provenance/api-types.js';
+
+// ============================================================================
+// Fixtures
+// ============================================================================
+
+function makeAttestRequest(overrides?: Partial<AttestRequest>): AttestRequest {
+  return {
+    model: {
+      name: 'claude-opus-4.6',
+      version: '4.6.0',
+      manifestHash: 'abc123def456',
+      provider: 'anthropic',
+    },
+    constraints: {
+      safetyTier: 'high',
+      authorizedDomains: ['code_generation', 'analysis'],
+      excludedDomains: ['weapons'],
+      maxContextWindow: 200000,
+      reasoningEnabled: true,
+    },
+    deployment: {
+      environment: 'api',
+      region: 'us-east-1',
+      tenantId: 'longarc-studios',
+    },
+    ...overrides,
+  };
+}
+
+function makeVerifyRequest(overrides?: Partial<VerifyRequest>): VerifyRequest {
+  return {
+    modelName: 'claude-opus-4.6',
+    modelVersion: '4.6.0',
+    queryType: 'full_chain',
+    ...overrides,
+  };
+}
+
+// ============================================================================
+// Attest Endpoint
+// ============================================================================
+
+describe('ProvenanceApiHandler', () => {
+  let engine: ProvenanceEngine;
+  let handler: ProvenanceApiHandler;
+
+  beforeEach(() => {
+    engine = new ProvenanceEngine();
+    handler = new ProvenanceApiHandler(engine);
+  });
+
+  describe('handleAttest', () => {
+    it('valid request returns 201 with attestation ID', async () => {
+      const result = await handler.handleAttest(makeAttestRequest());
+
+      expect(result.status).toBe(201);
+      expect(result.body.status).toBe('created');
+      expect(result.body.attestationId).toBeTruthy();
+      expect(result.body.attestationId).toMatch(/^[a-f0-9]{64}$/);
+    });
+
+    it('response includes L1 hash and timestamp', async () => {
+      const result = await handler.handleAttest(makeAttestRequest());
+
+      expect(result.body.l1Hash).toBeTruthy();
+      expect(result.body.l1Hash).toMatch(/^[a-f0-9]{64}$/);
+      expect(result.body.timestamp).toBeTruthy();
+      expect(result.body.timestamp).toMatch(/^\d{4}-\d{2}-\d{2}T/);
+    });
+
+    it('missing model.name returns 400', async () => {
+      const req = makeAttestRequest();
+      req.model.name = '';
+
+      const result = await handler.handleAttest(req);
+
+      expect(result.status).toBe(400);
+      expect(result.body.status).toBe('error');
+      expect(result.body.error).toContain('name');
+    });
+
+    it('missing model.provider returns 400', async () => {
+      const req = makeAttestRequest();
+      req.model.provider = '';
+
+      const result = await handler.handleAttest(req);
+
+      expect(result.status).toBe(400);
+      expect(result.body.status).toBe('error');
+      expect(result.body.error).toContain('provider');
+    });
+
+    it('duplicate attestation returns 409', async () => {
+      await handler.handleAttest(makeAttestRequest());
+      const result = await handler.handleAttest(makeAttestRequest());
+
+      expect(result.status).toBe(409);
+      expect(result.body.status).toBe('error');
+      expect(result.body.error).toContain('already exists');
+    });
+  });
+
+  // ============================================================================
+  // Verify Endpoint
+  // ============================================================================
+
+  describe('handleVerify', () => {
+    beforeEach(async () => {
+      // Seed a model with a full provenance chain
+      const attestation = await engine.createIdentityAttestation(
+        { name: 'claude-opus-4.6', version: '4.6.0', manifestHash: 'abc', provider: 'anthropic' },
+        {
+          safetyTier: 'high',
+          authorizedDomains: ['code_generation'],
+          excludedDomains: ['weapons'],
+          maxContextWindow: 200000,
+          reasoningEnabled: true,
+          custom: {},
+        },
+        { environment: 'api', region: 'us-east-1' }
+      );
+      const warrants = [await sha256('warrant-0'), await sha256('warrant-1')];
+      const glossEntries = [
+        { id: 'g-0', type: 'action', agentId: 'a-1', sessionId: 's-1', timestamp: new Date().toISOString() },
+        { id: 'g-1', type: 'action', agentId: 'a-1', sessionId: 's-1', timestamp: new Date().toISOString() },
+        { id: 'g-2', type: 'action', agentId: 'a-1', sessionId: 's-2', timestamp: new Date().toISOString() },
+      ];
+      await engine.buildProvenanceChain(attestation, warrants, glossEntries);
+    });
+
+    it('known model with full chain returns verified', async () => {
+      const result = await handler.handleVerify(makeVerifyRequest());
+
+      expect(result.status).toBe(200);
+      expect(result.body.status).toBe('verified');
+      expect(result.body.chain.isComplete).toBe(true);
+    });
+
+    it('unknown model returns unverified with 404', async () => {
+      const result = await handler.handleVerify(
+        makeVerifyRequest({ modelName: 'unknown-model', modelVersion: '1.0.0' })
+      );
+
+      expect(result.status).toBe(404);
+      expect(result.body.status).toBe('unverified');
+      expect(result.body.chain.isComplete).toBe(false);
+    });
+
+    it('missing modelName returns 400', async () => {
+      const result = await handler.handleVerify(
+        makeVerifyRequest({ modelName: '' })
+      );
+
+      expect(result.status).toBe(400);
+      expect(result.body.status).toBe('error');
+      expect(result.body.error).toContain('modelName');
+    });
+
+    it('query type identity returns identity data', async () => {
+      const result = await handler.handleVerify(
+        makeVerifyRequest({ queryType: 'identity' })
+      );
+
+      expect(result.status).toBe(200);
+      expect(result.body.chain.isComplete).toBe(true);
+    });
+
+    it('ZK proof requested returns proof and verification key', async () => {
+      const result = await handler.handleVerify(
+        makeVerifyRequest({ generateZkProof: true })
+      );
+
+      expect(result.status).toBe(200);
+      expect(result.body.zkProof).toBeTruthy();
+      expect(result.body.zkProof!.claim).toBeTruthy();
+      expect(result.body.zkProof!.proof).toMatch(/^[a-f0-9]{64}$/);
+      expect(result.body.zkProof!.verificationKey).toMatch(/^[a-f0-9]{64}$/);
+    });
+
+    it('hardware attestation requested includes L2 placeholder', async () => {
+      const result = await handler.handleVerify(
+        makeVerifyRequest({ requireHardwareAttestation: true })
+      );
+
+      expect(result.status).toBe(200);
+      // L2 placeholder is on the chain identity, reflected in the response
+      expect(result.body.status).toBe('verified');
+    });
+  });
+
+  // ============================================================================
+  // Chain Endpoint
+  // ============================================================================
+
+  describe('handleGetChain', () => {
+    beforeEach(async () => {
+      const attestation = await engine.createIdentityAttestation(
+        { name: 'claude-opus-4.6', version: '4.6.0', manifestHash: 'abc', provider: 'anthropic' },
+        {
+          safetyTier: 'high',
+          authorizedDomains: ['code_generation'],
+          excludedDomains: ['weapons'],
+          maxContextWindow: 200000,
+          reasoningEnabled: true,
+          custom: {},
+        },
+        { environment: 'api', region: 'us-east-1' }
+      );
+      const warrants = [await sha256('warrant-0'), await sha256('warrant-1'), await sha256('warrant-2')];
+      const glossEntries = [
+        { id: 'g-0', type: 'action', agentId: 'a-1', sessionId: 's-1', timestamp: new Date().toISOString() },
+        { id: 'g-1', type: 'action', agentId: 'a-1', sessionId: 's-2', timestamp: new Date().toISOString() },
+      ];
+      await engine.buildProvenanceChain(attestation, warrants, glossEntries);
+    });
+
+    it('known model returns full chain response', async () => {
+      const result = await handler.handleGetChain('claude-opus-4.6:4.6.0');
+
+      expect(result.status).toBe(200);
+      expect(result.body.modelId).toBe('claude-opus-4.6:4.6.0');
+      expect(result.body.identity.name).toBe('claude-opus-4.6');
+      expect(result.body.identity.provider).toBe('anthropic');
+    });
+
+    it('unknown model returns 404', async () => {
+      const result = await handler.handleGetChain('nonexistent:1.0.0');
+
+      expect(result.status).toBe(404);
+    });
+
+    it('response includes warrant summary', async () => {
+      const result = await handler.handleGetChain('claude-opus-4.6:4.6.0');
+
+      expect(result.body.warrants.total).toBe(3);
+      expect(result.body.warrants.active).toBe(3);
+      expect(result.body.warrants.chainHash).toBeTruthy();
+    });
+
+    it('response includes behavioral summary', async () => {
+      const result = await handler.handleGetChain('claude-opus-4.6:4.6.0');
+
+      expect(result.body.behavior.totalSessions).toBe(2);
+      expect(result.body.behavior.totalActions).toBe(2);
+      expect(result.body.behavior.violations).toBe(0);
+    });
+
+    it('response includes verdict', async () => {
+      const result = await handler.handleGetChain('claude-opus-4.6:4.6.0');
+
+      expect(result.body.verdict.isComplete).toBe(true);
+      expect(result.body.verdict.confidence).toBeGreaterThan(0.5);
+      expect(result.body.verdict.assessment).toBeTruthy();
+    });
+  });
+
+  // ============================================================================
+  // Integration / Lifecycle
+  // ============================================================================
+
+  describe('Integration', () => {
+    it('attest then verify then chain: full lifecycle', async () => {
+      // Step 1: Attest
+      const attestResult = await handler.handleAttest(makeAttestRequest());
+      expect(attestResult.status).toBe(201);
+
+      // Step 2: Verify (engine has identity but no chain yet -- will build minimal)
+      const verifyResult = await handler.handleVerify(makeVerifyRequest());
+      expect(verifyResult.status).toBe(200);
+
+      // Step 3: Get chain
+      const chainResult = await handler.handleGetChain('claude-opus-4.6:4.6.0');
+      expect(chainResult.status).toBe(200);
+      expect(chainResult.body.identity.l1Hash).toBe(attestResult.body.l1Hash);
+    });
+
+    it('attest clean model then verify returns high confidence', async () => {
+      // Attest via API
+      await handler.handleAttest(makeAttestRequest());
+
+      // Build a chain with good history directly on engine
+      const identity = engine.getIdentity('claude-opus-4.6', '4.6.0')!;
+      const warrants = [await sha256('w-0'), await sha256('w-1')];
+      const entries = Array.from({ length: 10 }, (_, i) => ({
+        id: `g-${i}`, type: 'action', agentId: 'a-1',
+        sessionId: `s-${i % 3}`, timestamp: new Date().toISOString(),
+      }));
+      await engine.buildProvenanceChain(identity, warrants, entries);
+
+      const result = await handler.handleVerify(makeVerifyRequest());
+      expect(result.body.chain.confidence).toBeGreaterThanOrEqual(0.9);
+      expect(result.body.chain.flags).toEqual([]);
+    });
+
+    it('query model with no attestation returns unverified', async () => {
+      const result = await handler.handleVerify(
+        makeVerifyRequest({ modelName: 'phantom-model', modelVersion: '0.0.1' })
+      );
+
+      expect(result.status).toBe(404);
+      expect(result.body.status).toBe('unverified');
+      expect(result.body.chain.confidence).toBe(0);
+    });
+
+    it('two models attested, each returns correct chain', async () => {
+      // Attest model A
+      await handler.handleAttest(makeAttestRequest());
+
+      // Attest model B
+      await handler.handleAttest(makeAttestRequest({
+        model: { name: 'gpt-5', version: '5.0.0', provider: 'openai' },
+        deployment: { environment: 'enterprise' },
+      }));
+
+      const chainA = await handler.handleGetChain('claude-opus-4.6:4.6.0');
+      const chainB = await handler.handleGetChain('gpt-5:5.0.0');
+
+      expect(chainA.body.identity.provider).toBe('anthropic');
+      expect(chainB.body.identity.provider).toBe('openai');
+      expect(chainA.body.identity.l1Hash).not.toBe(chainB.body.identity.l1Hash);
+    });
+
+    it('verify with time window passes through to engine', async () => {
+      await handler.handleAttest(makeAttestRequest());
+
+      const result = await handler.handleVerify(makeVerifyRequest({
+        timeWindow: {
+          start: '2026-01-01T00:00:00Z',
+          end: '2026-12-31T23:59:59Z',
+        },
+      }));
+
+      // Time window doesn't change outcome for in-memory store,
+      // but the request should succeed without error
+      expect(result.status).toBe(200);
+    });
+  });
+});