@nkmc/gateway 0.1.0

package/src/credential/types.ts

@@ -0,0 +1,16 @@
+import type { HttpAuth } from "@nkmc/agent-fs";
+
+export interface StoredCredential {
+  domain: string;
+  auth: HttpAuth;
+  scope: "pool" | "byok";
+  developerId?: string;
+}
+
+export interface CredentialVault {
+  get(domain: string, developerId?: string): Promise<StoredCredential | null>;
+  putPool(domain: string, auth: HttpAuth): Promise<void>;
+  putByok(domain: string, developerId: string, auth: HttpAuth): Promise<void>;
+  delete(domain: string, developerId?: string): Promise<void>;
+  listDomains(): Promise<string[]>;
+}

package/src/d1/__tests__/sqlite-adapter.test.ts

@@ -0,0 +1,75 @@
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import Database from "better-sqlite3";
+import { createSqliteD1 } from "../sqlite-adapter.js";
+import type { D1Database } from "../types.js";
+
+describe("createSqliteD1", () => {
+  let raw: Database.Database;
+  let db: D1Database;
+
+  beforeEach(() => {
+    raw = new Database(":memory:");
+    db = createSqliteD1(raw);
+  });
+
+  afterEach(() => {
+    raw.close();
+  });
+
+  it("exec creates table", async () => {
+    await db.exec(
+      "CREATE TABLE t (id INTEGER PRIMARY KEY, name TEXT NOT NULL)",
+    );
+    // verify table exists by inserting a row via the raw db
+    const info = raw.prepare("INSERT INTO t (name) VALUES (?)").run("hello");
+    expect(info.changes).toBe(1);
+  });
+
+  it("prepare/bind/run inserts row", async () => {
+    await db.exec("CREATE TABLE items (id INTEGER PRIMARY KEY, val TEXT)");
+    const result = await db.prepare("INSERT INTO items (val) VALUES (?)").bind("foo").run();
+    expect(result.success).toBe(true);
+    expect(result.changes).toBe(1);
+    expect(result.lastRowId).toBeGreaterThan(0);
+  });
+
+  it("prepare/bind/first reads single row", async () => {
+    await db.exec("CREATE TABLE kv (k TEXT PRIMARY KEY, v TEXT)");
+    await db.prepare("INSERT INTO kv (k, v) VALUES (?, ?)").bind("a", "1").run();
+    await db.prepare("INSERT INTO kv (k, v) VALUES (?, ?)").bind("b", "2").run();
+
+    const row = await db.prepare("SELECT * FROM kv WHERE k = ?").bind("a").first<{ k: string; v: string }>();
+    expect(row).toEqual({ k: "a", v: "1" });
+  });
+
+  it("prepare/bind/all reads multiple rows", async () => {
+    await db.exec("CREATE TABLE nums (n INTEGER)");
+    await db.prepare("INSERT INTO nums (n) VALUES (?)").bind(10).run();
+    await db.prepare("INSERT INTO nums (n) VALUES (?)").bind(20).run();
+    await db.prepare("INSERT INTO nums (n) VALUES (?)").bind(30).run();
+
+    const result = await db.prepare("SELECT * FROM nums ORDER BY n").bind().all<{ n: number }>();
+    expect(result.success).toBe(true);
+    expect(result.results).toEqual([{ n: 10 }, { n: 20 }, { n: 30 }]);
+  });
+
+  it("first returns null for no match", async () => {
+    await db.exec("CREATE TABLE empty (id INTEGER PRIMARY KEY)");
+    const row = await db.prepare("SELECT * FROM empty WHERE id = ?").bind(999).first();
+    expect(row).toBeNull();
+  });
+
+  it("exec handles multiple statements", async () => {
+    await db.exec(`
+      CREATE TABLE a (id INTEGER PRIMARY KEY);
+      CREATE TABLE b (id INTEGER PRIMARY KEY);
+    `);
+    // verify both tables exist
+    await db.prepare("INSERT INTO a (id) VALUES (?)").bind(1).run();
+    await db.prepare("INSERT INTO b (id) VALUES (?)").bind(1).run();
+    const rowA = await db.prepare("SELECT * FROM a WHERE id = ?").bind(1).first();
+    const rowB = await db.prepare("SELECT * FROM b WHERE id = ?").bind(1).first();
+    expect(rowA).toEqual({ id: 1 });
+    expect(rowB).toEqual({ id: 1 });
+  });
+});

package/src/d1/sqlite-adapter.ts

@@ -0,0 +1,59 @@
+import type Database from "better-sqlite3";
+import type {
+  D1Database,
+  D1PreparedStatement,
+  D1Result,
+  D1RunResult,
+} from "./types.js";
+
+class BoundStatement implements D1PreparedStatement {
+  private params: unknown[] = [];
+
+  constructor(
+    private db: Database.Database,
+    private sql: string,
+  ) {}
+
+  bind(...values: unknown[]): D1PreparedStatement {
+    this.params = values;
+    return this;
+  }
+
+  async first<T = Record<string, unknown>>(): Promise<T | null> {
+    const stmt = this.db.prepare(this.sql);
+    const row = stmt.get(...this.params) as T | undefined;
+    return row ?? null;
+  }
+
+  async all<T = Record<string, unknown>>(): Promise<D1Result<T>> {
+    const stmt = this.db.prepare(this.sql);
+    const rows = stmt.all(...this.params) as T[];
+    return { results: rows, success: true };
+  }
+
+  async run(): Promise<D1RunResult> {
+    const stmt = this.db.prepare(this.sql);
+    const info = stmt.run(...this.params);
+    return {
+      success: true,
+      changes: info.changes,
+      lastRowId: Number(info.lastInsertRowid),
+    };
+  }
+}
+
+/**
+ * Wraps a better-sqlite3 Database instance to implement the D1Database interface.
+ * This allows all existing D1-based stores (RegistryStore, CredentialVault, MeterStore)
+ * to work with a local SQLite database for standalone deployments.
+ */
+export function createSqliteD1(db: Database.Database): D1Database {
+  return {
+    prepare(sql: string): D1PreparedStatement {
+      return new BoundStatement(db, sql);
+    },
+    async exec(sql: string): Promise<void> {
+      db.exec(sql);
+    },
+  };
+}

package/src/d1/types.ts

@@ -0,0 +1,22 @@
+export interface D1Result<T = Record<string, unknown>> {
+  results: T[];
+  success: boolean;
+}
+
+export interface D1RunResult {
+  success: boolean;
+  changes: number;
+  lastRowId: number;
+}
+
+export interface D1PreparedStatement {
+  bind(...values: unknown[]): D1PreparedStatement;
+  first<T = Record<string, unknown>>(): Promise<T | null>;
+  all<T = Record<string, unknown>>(): Promise<D1Result<T>>;
+  run(): Promise<D1RunResult>;
+}
+
+export interface D1Database {
+  prepare(sql: string): D1PreparedStatement;
+  exec(sql: string): Promise<void>;
+}

package/src/federation/__tests__/d1-peer-store.test.ts

@@ -0,0 +1,218 @@
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import { readFileSync } from "node:fs";
+import { resolve } from "node:path";
+import Database from "better-sqlite3";
+import { createSqliteD1 } from "../../d1/sqlite-adapter.js";
+import { D1PeerStore } from "../d1-peer-store.js";
+import type { D1Database as D1 } from "../../d1/types.js";
+import type { PeerGateway, LendingRule } from "../types.js";
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+const MIGRATIONS_DIR = resolve(
+  import.meta.dirname ?? __dirname,
+  "../../../../../migrations",
+);
+
+const MIGRATION_FILES = [
+  "0001_init.sql",
+  "0002_auth_mode.sql",
+  "0003_federation.sql",
+];
+
+async function applyMigrations(db: D1): Promise<void> {
+  for (const f of MIGRATION_FILES) {
+    const sql = readFileSync(resolve(MIGRATIONS_DIR, f), "utf-8");
+    await db.exec(sql);
+  }
+}
+
+function makePeer(overrides: Partial<PeerGateway> = {}): PeerGateway {
+  return {
+    id: "peer-1",
+    name: "Test Gateway",
+    url: "https://peer1.example.com",
+    sharedSecret: "secret-abc",
+    status: "active",
+    advertisedDomains: ["api.example.com"],
+    lastSeen: Date.now(),
+    createdAt: Date.now(),
+    ...overrides,
+  };
+}
+
+function makeRule(overrides: Partial<LendingRule> = {}): LendingRule {
+  return {
+    domain: "api.example.com",
+    allow: true,
+    peers: "*",
+    pricing: { mode: "free" },
+    createdAt: Date.now(),
+    updatedAt: Date.now(),
+    ...overrides,
+  };
+}
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe("D1PeerStore — SQLite integration", () => {
+  let raw: Database.Database;
+  let db: D1;
+  let store: D1PeerStore;
+
+  beforeEach(async () => {
+    raw = new Database(":memory:");
+    db = createSqliteD1(raw);
+    await applyMigrations(db);
+    store = new D1PeerStore(db);
+  });
+
+  afterEach(() => {
+    raw.close();
+  });
+
+  // -----------------------------------------------------------------------
+  // Peer CRUD
+  // -----------------------------------------------------------------------
+
+  it("putPeer then getPeer returns the peer", async () => {
+    const peer = makePeer();
+    await store.putPeer(peer);
+
+    const result = await store.getPeer("peer-1");
+    expect(result).not.toBeNull();
+    expect(result!.id).toBe("peer-1");
+    expect(result!.name).toBe("Test Gateway");
+    expect(result!.url).toBe("https://peer1.example.com");
+    expect(result!.sharedSecret).toBe("secret-abc");
+    expect(result!.status).toBe("active");
+    expect(result!.advertisedDomains).toEqual(["api.example.com"]);
+  });
+
+  it("getPeer returns null for unknown id", async () => {
+    expect(await store.getPeer("nonexistent")).toBeNull();
+  });
+
+  it("deletePeer removes the peer", async () => {
+    await store.putPeer(makePeer());
+    await store.deletePeer("peer-1");
+    expect(await store.getPeer("peer-1")).toBeNull();
+  });
+
+  it("listPeers only returns active peers", async () => {
+    await store.putPeer(makePeer({ id: "a", status: "active", name: "A" }));
+    await store.putPeer(makePeer({ id: "b", status: "inactive", name: "B" }));
+    await store.putPeer(makePeer({ id: "c", status: "active", name: "C" }));
+
+    const list = await store.listPeers();
+    expect(list).toHaveLength(2);
+    expect(list.map((p) => p.id).sort()).toEqual(["a", "c"]);
+  });
+
+  it("updateLastSeen updates the timestamp", async () => {
+    await store.putPeer(makePeer({ lastSeen: 1000 }));
+    await store.updateLastSeen("peer-1", 9999);
+
+    const peer = await store.getPeer("peer-1");
+    expect(peer!.lastSeen).toBe(9999);
+  });
+
+  it("updateLastSeen is a no-op for unknown peer", async () => {
+    // should not throw
+    await store.updateLastSeen("nonexistent", Date.now());
+  });
+
+  it("putPeer overwrites existing peer", async () => {
+    await store.putPeer(makePeer({ name: "Original" }));
+    await store.putPeer(makePeer({ name: "Updated" }));
+
+    const peer = await store.getPeer("peer-1");
+    expect(peer!.name).toBe("Updated");
+  });
+
+  // -----------------------------------------------------------------------
+  // Lending Rule CRUD
+  // -----------------------------------------------------------------------
+
+  it("putRule then getRule returns the rule", async () => {
+    const rule = makeRule();
+    await store.putRule(rule);
+
+    const result = await store.getRule("api.example.com");
+    expect(result).not.toBeNull();
+    expect(result!.domain).toBe("api.example.com");
+    expect(result!.allow).toBe(true);
+    expect(result!.peers).toBe("*");
+    expect(result!.pricing).toEqual({ mode: "free" });
+  });
+
+  it("getRule returns null for unknown domain", async () => {
+    expect(await store.getRule("unknown.example.com")).toBeNull();
+  });
+
+  it("deleteRule removes the rule", async () => {
+    await store.putRule(makeRule());
+    await store.deleteRule("api.example.com");
+    expect(await store.getRule("api.example.com")).toBeNull();
+  });
+
+  it("listRules returns all rules", async () => {
+    await store.putRule(makeRule({ domain: "a.com" }));
+    await store.putRule(makeRule({ domain: "b.com" }));
+    await store.putRule(makeRule({ domain: "c.com" }));
+
+    const list = await store.listRules();
+    expect(list).toHaveLength(3);
+    expect(list.map((r) => r.domain).sort()).toEqual(["a.com", "b.com", "c.com"]);
+  });
+
+  it("putRule overwrites existing rule", async () => {
+    await store.putRule(makeRule({ domain: "x.com", allow: true }));
+    await store.putRule(makeRule({ domain: "x.com", allow: false }));
+
+    const rule = await store.getRule("x.com");
+    expect(rule!.allow).toBe(false);
+  });
+
+  it("stores and retrieves rateLimit", async () => {
+    const rule = makeRule({
+      rateLimit: { requests: 100, window: "minute" },
+    });
+    await store.putRule(rule);
+
+    const result = await store.getRule("api.example.com");
+    expect(result!.rateLimit).toEqual({ requests: 100, window: "minute" });
+  });
+
+  it("stores rule with specific peer list", async () => {
+    const rule = makeRule({
+      peers: ["peer-1", "peer-2"],
+      pricing: { mode: "per-request", amount: 0.01 },
+    });
+    await store.putRule(rule);
+
+    const result = await store.getRule("api.example.com");
+    expect(result!.peers).toEqual(["peer-1", "peer-2"]);
+    expect(result!.pricing).toEqual({ mode: "per-request", amount: 0.01 });
+  });
+
+  // -----------------------------------------------------------------------
+  // Migration completeness
+  // -----------------------------------------------------------------------
+
+  it("peers and lending_rules tables exist after migrations", async () => {
+    for (const table of ["peers", "lending_rules"]) {
+      const row = await db
+        .prepare(
+          "SELECT name FROM sqlite_master WHERE type='table' AND name=?",
+        )
+        .bind(table)
+        .first<{ name: string }>();
+      expect(row, `table '${table}' should exist`).not.toBeNull();
+    }
+  });
+});

package/src/federation/__tests__/peer-client.test.ts

@@ -0,0 +1,205 @@
+import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
+import { PeerClient } from "../peer-client.js";
+import type { PeerGateway } from "../types.js";
+
+function makePeer(overrides: Partial<PeerGateway> = {}): PeerGateway {
+  return {
+    id: "peer-1",
+    name: "Test Gateway",
+    url: "https://peer1.example.com",
+    sharedSecret: "secret-abc",
+    status: "active",
+    advertisedDomains: ["api.example.com"],
+    lastSeen: Date.now(),
+    createdAt: Date.now(),
+    ...overrides,
+  };
+}
+
+describe("PeerClient", () => {
+  let client: PeerClient;
+  const originalFetch = globalThis.fetch;
+
+  beforeEach(() => {
+    client = new PeerClient("self-gateway");
+  });
+
+  afterEach(() => {
+    globalThis.fetch = originalFetch;
+    vi.restoreAllMocks();
+  });
+
+  describe("query", () => {
+    it("returns available:true when peer responds with it", async () => {
+      globalThis.fetch = vi.fn().mockResolvedValue({
+        ok: true,
+        json: async () => ({
+          available: true,
+          pricing: { mode: "free" },
+        }),
+      });
+
+      const result = await client.query(makePeer(), "api.example.com");
+
+      expect(result).toEqual({
+        available: true,
+        pricing: { mode: "free" },
+      });
+
+      expect(globalThis.fetch).toHaveBeenCalledWith(
+        "https://peer1.example.com/federation/query",
+        expect.objectContaining({
+          method: "POST",
+          headers: expect.objectContaining({
+            "X-Peer-Id": "self-gateway",
+            Authorization: "Bearer secret-abc",
+          }),
+        }),
+      );
+    });
+
+    it("returns available:false on HTTP error", async () => {
+      globalThis.fetch = vi.fn().mockResolvedValue({
+        ok: false,
+        status: 500,
+      });
+
+      const result = await client.query(makePeer(), "api.example.com");
+      expect(result).toEqual({ available: false });
+    });
+
+    it("returns available:false on network error", async () => {
+      globalThis.fetch = vi
+        .fn()
+        .mockRejectedValue(new Error("Network error"));
+
+      const result = await client.query(makePeer(), "api.example.com");
+      expect(result).toEqual({ available: false });
+    });
+  });
+
+  describe("exec", () => {
+    it("returns data on success", async () => {
+      globalThis.fetch = vi.fn().mockResolvedValue({
+        ok: true,
+        status: 200,
+        json: async () => ({ ok: true, data: ["file1.txt", "file2.txt"] }),
+      });
+
+      const result = await client.exec(makePeer(), {
+        command: "ls /api.example.com/",
+        agentId: "agent-1",
+      });
+
+      expect(result).toEqual({
+        ok: true,
+        data: ["file1.txt", "file2.txt"],
+      });
+
+      expect(globalThis.fetch).toHaveBeenCalledWith(
+        "https://peer1.example.com/federation/exec",
+        expect.objectContaining({
+          method: "POST",
+          body: JSON.stringify({
+            command: "ls /api.example.com/",
+            agentId: "agent-1",
+          }),
+        }),
+      );
+    });
+
+    it("returns paymentRequired on 402", async () => {
+      const headers = new Map([
+        ["X-402-Price", "100"],
+        ["X-402-Currency", "USD"],
+        ["X-402-Pay-To", "wallet-abc"],
+        ["X-402-Network", "lightning"],
+      ]);
+
+      globalThis.fetch = vi.fn().mockResolvedValue({
+        ok: false,
+        status: 402,
+        headers: {
+          get: (key: string) => headers.get(key) ?? null,
+        },
+      });
+
+      const result = await client.exec(makePeer(), {
+        command: "cat /api.example.com/data",
+        agentId: "agent-1",
+      });
+
+      expect(result).toEqual({
+        ok: false,
+        paymentRequired: {
+          price: 100,
+          currency: "USD",
+          payTo: "wallet-abc",
+          network: "lightning",
+        },
+      });
+    });
+
+    it("returns error on non-402 failure", async () => {
+      globalThis.fetch = vi.fn().mockResolvedValue({
+        ok: false,
+        status: 500,
+        json: async () => ({ error: "Internal server error" }),
+      });
+
+      const result = await client.exec(makePeer(), {
+        command: "ls /api.example.com/",
+        agentId: "agent-1",
+      });
+
+      expect(result).toEqual({
+        ok: false,
+        error: "Internal server error",
+      });
+    });
+
+    it("returns error on network failure", async () => {
+      globalThis.fetch = vi
+        .fn()
+        .mockRejectedValue(new Error("Connection refused"));
+
+      const result = await client.exec(makePeer(), {
+        command: "ls /api.example.com/",
+        agentId: "agent-1",
+      });
+
+      expect(result).toEqual({
+        ok: false,
+        error: "Connection refused",
+      });
+    });
+  });
+
+  describe("announce", () => {
+    it("sends domains to peer", async () => {
+      globalThis.fetch = vi.fn().mockResolvedValue({
+        ok: true,
+        json: async () => ({ ok: true }),
+      });
+
+      await client.announce(makePeer(), [
+        "api.example.com",
+        "github.com",
+      ]);
+
+      expect(globalThis.fetch).toHaveBeenCalledWith(
+        "https://peer1.example.com/federation/announce",
+        expect.objectContaining({
+          method: "POST",
+          headers: expect.objectContaining({
+            "X-Peer-Id": "self-gateway",
+            Authorization: "Bearer secret-abc",
+          }),
+          body: JSON.stringify({
+            domains: ["api.example.com", "github.com"],
+          }),
+        }),
+      );
+    });
+  });
+});