@mcp-i/core 1.1.1 → 1.2.0

package/src/__tests__/audit/helpers/crypto-helpers.ts

@@ -0,0 +1,245 @@
+/**
+ * Shared Test Helpers for Audit Tests
+ *
+ * Provides real (non-mocked) crypto, clock, and signing utilities
+ * for round-trip and boundary testing. All helpers use NodeCryptoProvider
+ * for actual Ed25519 operations.
+ */
+
+import * as zlib from 'node:zlib';
+import { NodeCryptoProvider } from '../../utils/node-crypto-provider.js';
+import { MemoryIdentityProvider, MemoryNonceCacheProvider } from '../../../providers/memory.js';
+import { ClockProvider, FetchProvider } from '../../../providers/base.js';
+import type { AgentIdentity } from '../../../providers/base.js';
+import type { Proof, StatusList2021Credential, DelegationRecord } from '../../../types/protocol.js';
+import type { VCSigningFunction } from '../../../delegation/vc-issuer.js';
+import type { SignatureVerificationFunction, DIDDocument } from '../../../delegation/vc-verifier.js';
+import { canonicalizeJSON } from '../../../delegation/utils.js';
+import { createDidKeyResolver } from '../../../delegation/did-key-resolver.js';
+import type { CompressionFunction, DecompressionFunction } from '../../../delegation/bitstring.js';
+import { StatusList2021Manager } from '../../../delegation/statuslist-manager.js';
+import { MemoryStatusListStorage } from '../../../delegation/storage/memory-statuslist-storage.js';
+
+// ── Crypto ──────────────────────────────────────────────────────
+
+export function createRealCryptoProvider(): NodeCryptoProvider {
+  return new NodeCryptoProvider();
+}
+
+export async function createRealIdentity(crypto: NodeCryptoProvider): Promise<AgentIdentity> {
+  const provider = new MemoryIdentityProvider(crypto);
+  return provider.getIdentity();
+}
+
+// ── Clock Providers ─────────────────────────────────────────────
+
+export class RealClockProvider extends ClockProvider {
+  now(): number {
+    return Date.now();
+  }
+  isWithinSkew(timestampMs: number, skewSeconds: number): boolean {
+    return Math.abs(Date.now() - timestampMs) <= skewSeconds * 1000;
+  }
+  hasExpired(expiresAt: number): boolean {
+    return Date.now() > expiresAt;
+  }
+  calculateExpiry(ttlSeconds: number): number {
+    return Date.now() + ttlSeconds * 1000;
+  }
+  format(timestamp: number): string {
+    return new Date(timestamp).toISOString();
+  }
+}
+
+/**
+ * Clock provider with a controllable "now" for precise boundary testing.
+ * `setNow(ms)` moves the clock to an exact millisecond.
+ */
+export class ControllableClockProvider extends ClockProvider {
+  private currentMs: number;
+
+  constructor(nowMs: number = Date.now()) {
+    super();
+    this.currentMs = nowMs;
+  }
+
+  setNow(ms: number): void {
+    this.currentMs = ms;
+  }
+
+  advance(ms: number): void {
+    this.currentMs += ms;
+  }
+
+  now(): number {
+    return this.currentMs;
+  }
+
+  isWithinSkew(timestampMs: number, skewSeconds: number): boolean {
+    return Math.abs(this.currentMs - timestampMs) <= skewSeconds * 1000;
+  }
+
+  hasExpired(expiresAt: number): boolean {
+    return this.currentMs > expiresAt;
+  }
+
+  calculateExpiry(ttlSeconds: number): number {
+    return this.currentMs + ttlSeconds * 1000;
+  }
+
+  format(timestamp: number): string {
+    return new Date(timestamp).toISOString();
+  }
+}
+
+// ── Fetch Provider ──────────────────────────────────────────────
+
+export class RealFetchProvider extends FetchProvider {
+  private didResolver = createDidKeyResolver();
+
+  async resolveDID(did: string): Promise<DIDDocument | null> {
+    return this.didResolver.resolve(did);
+  }
+
+  async fetchStatusList(_url: string): Promise<StatusList2021Credential | null> {
+    return null;
+  }
+
+  async fetchDelegationChain(_id: string): Promise<DelegationRecord[]> {
+    return [];
+  }
+
+  async fetch(_url: string, _options?: unknown): Promise<Response> {
+    throw new Error('Not implemented');
+  }
+}
+
+// ── Signing & Verification ──────────────────────────────────────
+
+/**
+ * Creates a real VCSigningFunction that produces Ed25519Signature2020 proofs.
+ * The signature is over the canonicalized VC (the `canonicalVC` string passed in).
+ */
+export function createRealSigningFunction(
+  crypto: NodeCryptoProvider,
+  identity: AgentIdentity
+): VCSigningFunction {
+  return async (canonicalVC: string, issuerDid: string, kid: string): Promise<Proof> => {
+    const data = new TextEncoder().encode(canonicalVC);
+    const signature = await crypto.sign(data, identity.privateKey);
+    const proofValue = Buffer.from(signature).toString('base64url');
+
+    return {
+      type: 'Ed25519Signature2020',
+      created: new Date().toISOString(),
+      verificationMethod: kid,
+      proofPurpose: 'assertionMethod',
+      proofValue,
+    };
+  };
+}
+
+/**
+ * Creates a real SignatureVerificationFunction for the VC verifier.
+ * Strips `proof`, canonicalizes, and verifies the Ed25519 signature.
+ */
+export function createRealSignatureVerifier(
+  crypto: NodeCryptoProvider
+): SignatureVerificationFunction {
+  return async (vc, publicKeyJwk) => {
+    try {
+      const jwk = publicKeyJwk as { x?: string };
+      if (!jwk.x) {
+        return { valid: false, reason: 'Missing public key x coordinate' };
+      }
+
+      // Decode the public key from base64url (JWK x parameter)
+      const publicKeyBase64 = Buffer.from(jwk.x, 'base64url').toString('base64');
+
+      // Strip proof and canonicalize
+      const vcWithoutProof = { ...vc } as Record<string, unknown>;
+      delete vcWithoutProof['proof'];
+      const canonicalVC = canonicalizeJSON(vcWithoutProof);
+      const data = new TextEncoder().encode(canonicalVC);
+
+      // Extract signature from proof
+      const proofValue = vc.proof?.proofValue;
+      if (!proofValue) {
+        return { valid: false, reason: 'Missing proofValue' };
+      }
+
+      const signature = Buffer.from(proofValue as string, 'base64url');
+      const isValid = await crypto.verify(data, new Uint8Array(signature), publicKeyBase64);
+
+      return { valid: isValid, reason: isValid ? undefined : 'Signature verification failed' };
+    } catch (error) {
+      return {
+        valid: false,
+        reason: `Verification error: ${error instanceof Error ? error.message : String(error)}`,
+      };
+    }
+  };
+}
+
+// ── Compression (real gzip via Node.js zlib) ────────────────────
+
+export const nodeCompressor: CompressionFunction = {
+  compress(data: Uint8Array): Promise<Uint8Array> {
+    return new Promise((resolve, reject) => {
+      zlib.gzip(Buffer.from(data), (err, result) => {
+        if (err) reject(err);
+        else resolve(new Uint8Array(result));
+      });
+    });
+  },
+};
+
+export const nodeDecompressor: DecompressionFunction = {
+  decompress(data: Uint8Array): Promise<Uint8Array> {
+    return new Promise((resolve, reject) => {
+      zlib.gunzip(Buffer.from(data), (err, result) => {
+        if (err) reject(err);
+        else resolve(new Uint8Array(result));
+      });
+    });
+  },
+};
+
+// ── StatusList2021 Manager (real) ───────────────────────────────
+
+export interface RealStatusListSetup {
+  manager: StatusList2021Manager;
+  storage: MemoryStatusListStorage;
+}
+
+export function createRealStatusListManager(
+  crypto: NodeCryptoProvider,
+  identity: AgentIdentity,
+  options?: { statusListBaseUrl?: string; defaultListSize?: number }
+): RealStatusListSetup {
+  const storage = new MemoryStatusListStorage();
+  const signingFunction = createRealSigningFunction(crypto, identity);
+
+  const identityProvider = {
+    getDid: () => identity.did,
+    getKeyId: () => identity.kid,
+  };
+
+  const manager = new StatusList2021Manager(
+    storage,
+    identityProvider,
+    signingFunction,
+    nodeCompressor,
+    nodeDecompressor,
+    options
+  );
+
+  return { manager, storage };
+}
+
+// ── Re-exports for convenience ──────────────────────────────────
+
+export { MemoryNonceCacheProvider } from '../../../providers/memory.js';
+export { MemoryIdentityProvider } from '../../../providers/memory.js';
+export { MemoryDelegationGraphStorage } from '../../../delegation/storage/memory-graph-storage.js';
+export { MemoryStatusListStorage } from '../../../delegation/storage/memory-statuslist-storage.js';

package/src/__tests__/audit/proof-boundary.test.ts

@@ -0,0 +1,269 @@
+/**
+ * Proof Boundary Audit Tests
+ *
+ * Tests the proof generation → verification pipeline at exact boundary
+ * conditions: timestamp skew thresholds, nonce scoping, malformed proofs.
+ * Uses ControllableClockProvider for deterministic timestamp testing.
+ */
+
+import { describe, it, expect, beforeAll, beforeEach } from 'vitest';
+import { ProofGenerator } from '../../proof/generator.js';
+import { ProofVerifier } from '../../proof/verifier.js';
+import type { AgentIdentity } from '../../providers/base.js';
+import type { DetachedProof } from '../../types/protocol.js';
+import { extractPublicKeyFromDidKey, publicKeyToJwk } from '../../delegation/did-key-resolver.js';
+import {
+  createRealCryptoProvider,
+  createRealIdentity,
+  ControllableClockProvider,
+  RealFetchProvider,
+  MemoryNonceCacheProvider,
+} from './helpers/crypto-helpers.js';
+import { NodeCryptoProvider } from '../utils/node-crypto-provider.js';
+import type { Ed25519JWK } from '../../utils/crypto-service.js';
+
+describe('Proof Boundary Audit', () => {
+  let crypto: NodeCryptoProvider;
+  let agentA: AgentIdentity;
+  let agentB: AgentIdentity;
+  const SKEW_SECONDS = 300; // default 5 minutes
+
+  beforeAll(async () => {
+    crypto = createRealCryptoProvider();
+    agentA = await createRealIdentity(crypto);
+    agentB = await createRealIdentity(crypto);
+  });
+
+  function makeGenerator(identity: AgentIdentity): ProofGenerator {
+    return new ProofGenerator(
+      { did: identity.did, kid: identity.kid, privateKey: identity.privateKey, publicKey: identity.publicKey },
+      crypto
+    );
+  }
+
+  function makeVerifier(clock: ControllableClockProvider): {
+    verifier: ProofVerifier;
+    nonceCache: MemoryNonceCacheProvider;
+  } {
+    const nonceCache = new MemoryNonceCacheProvider();
+    const verifier = new ProofVerifier({
+      cryptoProvider: crypto,
+      clockProvider: clock,
+      nonceCacheProvider: nonceCache,
+      fetchProvider: new RealFetchProvider(),
+      timestampSkewSeconds: SKEW_SECONDS,
+    });
+    return { verifier, nonceCache };
+  }
+
+  function getPublicKeyJwk(identity: AgentIdentity): Ed25519JWK {
+    const rawPublicKey = extractPublicKeyFromDidKey(identity.did);
+    const jwk = publicKeyToJwk(rawPublicKey!);
+    jwk.kid = identity.kid;
+    return jwk as Ed25519JWK;
+  }
+
+  async function generateProof(identity: AgentIdentity): Promise<DetachedProof> {
+    const gen = makeGenerator(identity);
+    return gen.generateProof(
+      { method: 'tools/call', params: { name: 'test-tool', arguments: { input: 'hello' } } },
+      { data: { output: 'world' } },
+      {
+        sessionId: 'sess_test_boundary',
+        audience: 'did:web:test-server.example.com',
+        nonce: `nonce-${Date.now()}-${Math.random().toString(36).slice(2)}`,
+        timestamp: Math.floor(Date.now() / 1000),
+        createdAt: Math.floor(Date.now() / 1000),
+        lastActivity: Math.floor(Date.now() / 1000),
+        ttlMinutes: 30,
+        identityState: 'anonymous',
+      }
+    );
+  }
+
+  // ── Timestamp Skew Boundary Tests ─────────────────────────────
+
+  describe('timestamp skew boundaries', () => {
+    it('should accept proof at exactly the skew boundary (300s)', async () => {
+      // Generate proof first, then use its actual meta.ts to set the clock.
+      // This avoids a race where a second boundary is crossed between
+      // capturing the timestamp and generating the proof (which would
+      // cause a JWS signature mismatch).
+      const proof = await generateProof(agentA);
+      const proofTimestampMs = proof.meta.ts * 1000;
+
+      // Clock is exactly SKEW_SECONDS * 1000 ms ahead of the proof timestamp
+      const clock = new ControllableClockProvider(proofTimestampMs + SKEW_SECONDS * 1000);
+      const { verifier } = makeVerifier(clock);
+
+      const jwk = getPublicKeyJwk(agentA);
+      const result = await verifier.verifyProof(proof, jwk);
+
+      expect(result.valid).toBe(true);
+    });
+
+    it('should reject proof 1ms beyond the skew boundary', async () => {
+      const proof = await generateProof(agentA);
+      const proofTimestampMs = proof.meta.ts * 1000;
+
+      // Clock is 1ms beyond the skew window
+      const clock = new ControllableClockProvider(proofTimestampMs + SKEW_SECONDS * 1000 + 1);
+      const { verifier } = makeVerifier(clock);
+
+      const jwk = getPublicKeyJwk(agentA);
+      const result = await verifier.verifyProof(proof, jwk);
+
+      expect(result.valid).toBe(false);
+      expect(result.reason).toContain('skew');
+    });
+
+    it('should accept proof when verifier clock is behind by exactly the skew boundary', async () => {
+      // Generate proof with real timestamp (meta.ts ≈ now)
+      const proof = await generateProof(agentA);
+      const proofTimestampMs = proof.meta.ts * 1000;
+
+      // Set verifier clock to be exactly SKEW_SECONDS behind the proof
+      // This simulates verifying a proof from a clock-ahead agent
+      const clock = new ControllableClockProvider(proofTimestampMs - SKEW_SECONDS * 1000);
+      const { verifier } = makeVerifier(clock);
+
+      const jwk = getPublicKeyJwk(agentA);
+      const result = await verifier.verifyProof(proof, jwk);
+
+      expect(result.valid).toBe(true);
+    });
+
+    it('should reject proof when verifier clock is behind beyond the skew boundary', async () => {
+      const proof = await generateProof(agentA);
+      const proofTimestampMs = proof.meta.ts * 1000;
+
+      // Set verifier clock 1ms further than the boundary
+      const clock = new ControllableClockProvider(proofTimestampMs - SKEW_SECONDS * 1000 - 1);
+      const { verifier } = makeVerifier(clock);
+
+      const jwk = getPublicKeyJwk(agentA);
+      const result = await verifier.verifyProof(proof, jwk);
+
+      expect(result.valid).toBe(false);
+      expect(result.reason).toContain('skew');
+    });
+  });
+
+  // ── Nonce Scoping Tests ───────────────────────────────────────
+
+  describe('nonce scoping', () => {
+    it('should allow same nonce value from different agents (no cross-agent collision)', async () => {
+      const sharedNonce = 'shared-nonce-value-12345';
+      const clock = new ControllableClockProvider(Date.now());
+      const { verifier } = makeVerifier(clock);
+
+      // Generate proofs for both agents with the same nonce
+      const genA = makeGenerator(agentA);
+      const genB = makeGenerator(agentB);
+
+      const session = {
+        sessionId: 'sess_nonce_test',
+        audience: 'did:web:server.example.com',
+        nonce: sharedNonce,
+        timestamp: Math.floor(Date.now() / 1000),
+        createdAt: Math.floor(Date.now() / 1000),
+        lastActivity: Math.floor(Date.now() / 1000),
+        ttlMinutes: 30,
+        identityState: 'anonymous' as const,
+      };
+
+      const request = { method: 'tools/call', params: { name: 'test' } };
+      const response = { data: { result: 'ok' } };
+
+      const proofA = await genA.generateProof(request, response, session);
+      const proofB = await genB.generateProof(request, response, session);
+
+      const jwkA = getPublicKeyJwk(agentA);
+      const jwkB = getPublicKeyJwk(agentB);
+
+      const resultA = await verifier.verifyProof(proofA, jwkA);
+      expect(resultA.valid).toBe(true);
+
+      // Same nonce, different agent — should also succeed
+      const resultB = await verifier.verifyProof(proofB, jwkB);
+      expect(resultB.valid).toBe(true);
+    });
+
+    it('should reject replay of same nonce from same agent', async () => {
+      const clock = new ControllableClockProvider(Date.now());
+      const { verifier } = makeVerifier(clock);
+
+      const proof = await generateProof(agentA);
+      const jwk = getPublicKeyJwk(agentA);
+
+      const result1 = await verifier.verifyProof(proof, jwk);
+      expect(result1.valid).toBe(true);
+
+      // Same exact proof (same nonce, same agent) — should be rejected as replay
+      const result2 = await verifier.verifyProof(proof, jwk);
+      expect(result2.valid).toBe(false);
+      expect(result2.reason).toContain('replay');
+    });
+  });
+
+  // ── Wrong Key Tests ───────────────────────────────────────────
+
+  describe('signature verification with wrong key', () => {
+    it('should reject proof verified with wrong public key', async () => {
+      const clock = new ControllableClockProvider(Date.now());
+      const { verifier } = makeVerifier(clock);
+
+      // Generate proof with agent A
+      const proof = await generateProof(agentA);
+
+      // Try to verify with agent B's public key
+      const wrongJwk = getPublicKeyJwk(agentB);
+
+      const result = await verifier.verifyProof(proof, wrongJwk);
+      expect(result.valid).toBe(false);
+    });
+  });
+
+  // ── Malformed Proof Tests ─────────────────────────────────────
+
+  describe('malformed proof rejection', () => {
+    it('should reject proof with empty nonce', async () => {
+      const clock = new ControllableClockProvider(Date.now());
+      const { verifier } = makeVerifier(clock);
+
+      const proof = await generateProof(agentA);
+      proof.meta.nonce = '';
+
+      const jwk = getPublicKeyJwk(agentA);
+      const result = await verifier.verifyProof(proof, jwk);
+
+      expect(result.valid).toBe(false);
+    });
+
+    it('should reject proof with malformed requestHash', async () => {
+      const clock = new ControllableClockProvider(Date.now());
+      const { verifier } = makeVerifier(clock);
+
+      const proof = await generateProof(agentA);
+      proof.meta.requestHash = 'md5:abc123';
+
+      const jwk = getPublicKeyJwk(agentA);
+      const result = await verifier.verifyProof(proof, jwk);
+
+      expect(result.valid).toBe(false);
+    });
+
+    it('should reject proof with ts=0', async () => {
+      const clock = new ControllableClockProvider(Date.now());
+      const { verifier } = makeVerifier(clock);
+
+      const proof = await generateProof(agentA);
+      proof.meta.ts = 0;
+
+      const jwk = getPublicKeyJwk(agentA);
+      const result = await verifier.verifyProof(proof, jwk);
+
+      expect(result.valid).toBe(false);
+    });
+  });
+});

package/src/__tests__/audit/statuslist-bitstring-roundtrip.test.ts

@@ -0,0 +1,135 @@
+/**
+ * StatusList2021 + Bitstring Round-Trip Audit Tests
+ *
+ * Tests the full lifecycle: allocate status entry → check (not revoked) →
+ * revoke → check (revoked), using real gzip compression and bitstring encoding.
+ */
+
+import { describe, it, expect, beforeEach, beforeAll } from 'vitest';
+import type { AgentIdentity } from '../../providers/base.js';
+import {
+  createRealCryptoProvider,
+  createRealIdentity,
+  createRealStatusListManager,
+  type RealStatusListSetup,
+} from './helpers/crypto-helpers.js';
+import { NodeCryptoProvider } from '../utils/node-crypto-provider.js';
+
+describe('StatusList Bitstring Round-Trip Audit', () => {
+  let crypto: NodeCryptoProvider;
+  let identity: AgentIdentity;
+  let setup: RealStatusListSetup;
+
+  beforeAll(async () => {
+    crypto = createRealCryptoProvider();
+    identity = await createRealIdentity(crypto);
+  });
+
+  beforeEach(() => {
+    setup = createRealStatusListManager(crypto, identity);
+  });
+
+  it('should allocate, check not revoked, revoke, then check revoked', async () => {
+    const statusEntry = await setup.manager.allocateStatusEntry('revocation');
+
+    // Initially not revoked
+    const beforeRevoke = await setup.manager.checkStatus(statusEntry);
+    expect(beforeRevoke).toBe(false);
+
+    // Revoke
+    await setup.manager.updateStatus(statusEntry, true);
+
+    // Now revoked
+    const afterRevoke = await setup.manager.checkStatus(statusEntry);
+    expect(afterRevoke).toBe(true);
+  });
+
+  it('should selectively revoke entries in the same status list', async () => {
+    // Allocate 5 entries
+    const entries = [];
+    for (let i = 0; i < 5; i++) {
+      entries.push(await setup.manager.allocateStatusEntry('revocation'));
+    }
+
+    // Revoke entries at index 1 and 3
+    await setup.manager.updateStatus(entries[1]!, true);
+    await setup.manager.updateStatus(entries[3]!, true);
+
+    // Check all 5
+    const statuses = await Promise.all(
+      entries.map((e) => setup.manager.checkStatus(e))
+    );
+
+    expect(statuses[0]).toBe(false);
+    expect(statuses[1]).toBe(true);
+    expect(statuses[2]).toBe(false);
+    expect(statuses[3]).toBe(true);
+    expect(statuses[4]).toBe(false);
+  });
+
+  it('should report revoked indices correctly via getRevokedIndices', async () => {
+    const entries = [];
+    for (let i = 0; i < 6; i++) {
+      entries.push(await setup.manager.allocateStatusEntry('revocation'));
+    }
+
+    // Revoke indices 0, 2, 5
+    await setup.manager.updateStatus(entries[0]!, true);
+    await setup.manager.updateStatus(entries[2]!, true);
+    await setup.manager.updateStatus(entries[5]!, true);
+
+    const statusListId = `${setup.manager.getStatusListBaseUrl()}/revocation/v1`;
+    const revoked = await setup.manager.getRevokedIndices(statusListId);
+
+    expect(revoked).toContain(0);
+    expect(revoked).toContain(2);
+    expect(revoked).toContain(5);
+    expect(revoked).not.toContain(1);
+    expect(revoked).not.toContain(3);
+    expect(revoked).not.toContain(4);
+  });
+
+  it('should re-sign the status list credential after update', async () => {
+    const entry = await setup.manager.allocateStatusEntry('revocation');
+
+    const statusListId = `${setup.manager.getStatusListBaseUrl()}/revocation/v1`;
+    const credBefore = await setup.storage.getStatusList(statusListId);
+    const proofBefore = credBefore?.proof?.proofValue;
+
+    // Revoke — triggers re-signing
+    await setup.manager.updateStatus(entry, true);
+
+    const credAfter = await setup.storage.getStatusList(statusListId);
+    const proofAfter = credAfter?.proof?.proofValue;
+
+    expect(proofBefore).toBeDefined();
+    expect(proofAfter).toBeDefined();
+    expect(proofAfter).not.toBe(proofBefore);
+  });
+
+  it('should handle bits at byte boundaries correctly (index 7 and 8)', async () => {
+    // Allocate enough entries to reach index 7 and 8
+    const entries = [];
+    for (let i = 0; i < 9; i++) {
+      entries.push(await setup.manager.allocateStatusEntry('revocation'));
+    }
+
+    // Index 7 = last bit of byte 0, Index 8 = first bit of byte 1
+    await setup.manager.updateStatus(entries[7]!, true);
+    await setup.manager.updateStatus(entries[8]!, true);
+
+    expect(await setup.manager.checkStatus(entries[6]!)).toBe(false);
+    expect(await setup.manager.checkStatus(entries[7]!)).toBe(true);
+    expect(await setup.manager.checkStatus(entries[8]!)).toBe(true);
+  });
+
+  it('should un-revoke (restore) an entry by setting status to false', async () => {
+    const entry = await setup.manager.allocateStatusEntry('revocation');
+
+    await setup.manager.updateStatus(entry, true);
+    expect(await setup.manager.checkStatus(entry)).toBe(true);
+
+    await setup.manager.updateStatus(entry, false);
+    expect(await setup.manager.checkStatus(entry)).toBe(false);
+  });
+});