@nobulex/sdk 0.1.0

package/dist/plugins/plugins.test.js

@@ -0,0 +1,640 @@
+/**
+ * Comprehensive tests for all Stele SDK plugins.
+ *
+ * Tests the caching, authentication, metrics, and retry middleware plugins
+ * using the MiddlewarePipeline from middleware.ts.
+ */
+import { describe, it, expect, beforeEach } from 'vitest';
+import { MetricsRegistry, createMetricsRegistry } from '@nobulex/types';
+import { MiddlewarePipeline } from '../middleware.js';
+import { cachingMiddleware } from './cache.js';
+import { authMiddleware } from './auth.js';
+import { metricsMiddleware } from './metrics-plugin.js';
+import { retryMiddleware, executeWithRetry } from './retry-plugin.js';
+// ─── Test helpers ────────────────────────────────────────────────────────────
+/** Create an async operation that returns its input. */
+function echoOp(value) {
+    return async () => value;
+}
+/** Create an async operation that throws. */
+function failingOp(message) {
+    return async () => {
+        throw new Error(message);
+    };
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// Cache Plugin Tests
+// ─────────────────────────────────────────────────────────────────────────────
+describe('cachingMiddleware', () => {
+    let pipeline;
+    let cachePlugin;
+    beforeEach(() => {
+        pipeline = new MiddlewarePipeline();
+        cachePlugin = cachingMiddleware({ maxSize: 10, ttlMs: 5000 });
+        pipeline.use(cachePlugin);
+    });
+    it('has the name "cache"', () => {
+        expect(cachePlugin.name).toBe('cache');
+    });
+    it('returns initial stats with zero values', () => {
+        const stats = cachePlugin.stats();
+        expect(stats).toEqual({
+            hits: 0,
+            misses: 0,
+            size: 0,
+            hitRate: 0,
+        });
+    });
+    it('caches verifyCovenant results on second call', async () => {
+        const verifyResult = { valid: true, checks: [] };
+        let callCount = 0;
+        const fn = async () => {
+            callCount++;
+            return verifyResult;
+        };
+        const args = {
+            doc: { id: 'cov-123', signature: 'sig-abc', constraints: "permit read on '/data'" },
+        };
+        // First call: cache miss
+        const result1 = await pipeline.execute('verifyCovenant', args, fn);
+        expect(result1).toEqual(verifyResult);
+        expect(callCount).toBe(1);
+        // Second call: cache hit
+        const result2 = await pipeline.execute('verifyCovenant', args, fn);
+        expect(result2).toEqual(verifyResult);
+        // The operation fn still runs (pipeline always runs fn), but after hook returns cached result
+        expect(callCount).toBe(2);
+        const stats = cachePlugin.stats();
+        expect(stats.hits).toBe(1);
+        expect(stats.misses).toBe(1);
+    });
+    it('caches evaluateAction results', async () => {
+        const evalResult = { permitted: true, matchedRule: null };
+        const args = {
+            doc: { constraints: "permit read on '/data'" },
+            action: 'read',
+            resource: '/data',
+        };
+        await pipeline.execute('evaluateAction', args, echoOp(evalResult));
+        const stats1 = cachePlugin.stats();
+        expect(stats1.misses).toBe(1);
+        expect(stats1.size).toBe(1);
+        // Second call with same args
+        await pipeline.execute('evaluateAction', args, echoOp(evalResult));
+        const stats2 = cachePlugin.stats();
+        expect(stats2.hits).toBe(1);
+    });
+    it('does not cache non-cacheable operations', async () => {
+        await pipeline.execute('createCovenant', { data: 'test' }, echoOp('created'));
+        const stats = cachePlugin.stats();
+        expect(stats.hits).toBe(0);
+        expect(stats.misses).toBe(0);
+        expect(stats.size).toBe(0);
+    });
+    it('tracks hit rate correctly', async () => {
+        const args = {
+            doc: { id: 'cov-1', signature: 'sig-1', constraints: "permit read on '/data'" },
+        };
+        // 1 miss
+        await pipeline.execute('verifyCovenant', args, echoOp({ valid: true }));
+        // 3 hits
+        await pipeline.execute('verifyCovenant', args, echoOp({ valid: true }));
+        await pipeline.execute('verifyCovenant', args, echoOp({ valid: true }));
+        await pipeline.execute('verifyCovenant', args, echoOp({ valid: true }));
+        const stats = cachePlugin.stats();
+        expect(stats.hits).toBe(3);
+        expect(stats.misses).toBe(1);
+        expect(stats.hitRate).toBe(0.75);
+    });
+    it('evicts LRU entries when maxSize is exceeded', async () => {
+        // maxSize is 10
+        for (let i = 0; i < 12; i++) {
+            await pipeline.execute('verifyCovenant', { doc: { id: `cov-${i}`, signature: `sig-${i}`, constraints: 'test' } }, echoOp({ valid: true, index: i }));
+        }
+        const stats = cachePlugin.stats();
+        // Should have evicted 2 entries (12 inserts, max 10)
+        expect(stats.size).toBe(10);
+    });
+    it('expires entries after TTL', async () => {
+        // Use a very short TTL
+        const shortCache = cachingMiddleware({ maxSize: 100, ttlMs: 50 });
+        const shortPipeline = new MiddlewarePipeline();
+        shortPipeline.use(shortCache);
+        const args = {
+            doc: { id: 'cov-ttl', signature: 'sig-ttl', constraints: 'test' },
+        };
+        // First call: miss
+        await shortPipeline.execute('verifyCovenant', args, echoOp({ valid: true }));
+        expect(shortCache.stats().misses).toBe(1);
+        // Wait for TTL to expire
+        await new Promise((r) => setTimeout(r, 60));
+        // Should be a miss again (expired)
+        await shortPipeline.execute('verifyCovenant', args, echoOp({ valid: true }));
+        expect(shortCache.stats().misses).toBe(2);
+        expect(shortCache.stats().hits).toBe(0);
+    });
+    it('clear() flushes all entries and resets stats', async () => {
+        const args = {
+            doc: { id: 'cov-clear', signature: 'sig-clear', constraints: 'test' },
+        };
+        await pipeline.execute('verifyCovenant', args, echoOp({ valid: true }));
+        await pipeline.execute('verifyCovenant', args, echoOp({ valid: true }));
+        expect(cachePlugin.stats().size).toBe(1);
+        expect(cachePlugin.stats().hits).toBe(1);
+        cachePlugin.clear();
+        const stats = cachePlugin.stats();
+        expect(stats.hits).toBe(0);
+        expect(stats.misses).toBe(0);
+        expect(stats.size).toBe(0);
+        expect(stats.hitRate).toBe(0);
+    });
+    it('uses default options when none provided', () => {
+        const defaultCache = cachingMiddleware();
+        expect(defaultCache.name).toBe('cache');
+        expect(defaultCache.stats().size).toBe(0);
+    });
+    it('caches different operations independently', async () => {
+        const verifyArgs = {
+            doc: { id: 'cov-1', signature: 'sig-1', constraints: "permit read on '/data'" },
+        };
+        const evalArgs = {
+            doc: { constraints: "permit read on '/data'" },
+            action: 'read',
+            resource: '/data',
+        };
+        await pipeline.execute('verifyCovenant', verifyArgs, echoOp({ valid: true }));
+        await pipeline.execute('evaluateAction', evalArgs, echoOp({ permitted: true }));
+        expect(cachePlugin.stats().size).toBe(2);
+        expect(cachePlugin.stats().misses).toBe(2);
+    });
+});
+// ─────────────────────────────────────────────────────────────────────────────
+// Auth Plugin Tests
+// ─────────────────────────────────────────────────────────────────────────────
+describe('authMiddleware', () => {
+    it('has the name "auth"', () => {
+        const mw = authMiddleware({ apiKey: 'test-key' });
+        expect(mw.name).toBe('auth');
+    });
+    it('throws if neither apiKey nor keyPair is provided', () => {
+        expect(() => authMiddleware({})).toThrow('authMiddleware requires at least one of apiKey or keyPair');
+    });
+    // ── API Key Auth ─────────────────────────────────────────────────────
+    describe('API key authentication', () => {
+        it('allows operations with a valid API key', async () => {
+            const pipeline = new MiddlewarePipeline();
+            pipeline.use(authMiddleware({ apiKey: 'my-secret-key' }));
+            const result = await pipeline.execute('createCovenant', {}, echoOp('created'));
+            expect(result).toBe('created');
+        });
+        it('injects auth metadata on success', async () => {
+            const pipeline = new MiddlewarePipeline();
+            pipeline.use(authMiddleware({ apiKey: 'my-key' }));
+            let capturedMetadata;
+            pipeline.use({
+                name: 'metaCapture',
+                async before(ctx) {
+                    capturedMetadata = { ...ctx.metadata };
+                    return { proceed: true };
+                },
+            });
+            await pipeline.execute('createCovenant', {}, echoOp('ok'));
+            expect(capturedMetadata).toBeDefined();
+            expect(capturedMetadata.authenticated).toBe(true);
+            expect(capturedMetadata.authMethod).toBe('apiKey');
+        });
+    });
+    // ── Key Pair Auth ────────────────────────────────────────────────────
+    describe('key pair authentication', () => {
+        const validKeyPair = {
+            publicKeyHex: 'abcdef0123456789',
+            privateKey: new Uint8Array(32).fill(1),
+        };
+        it('allows operations with a valid key pair', async () => {
+            const pipeline = new MiddlewarePipeline();
+            pipeline.use(authMiddleware({ keyPair: validKeyPair }));
+            const result = await pipeline.execute('verifyCovenant', {}, echoOp('verified'));
+            expect(result).toBe('verified');
+        });
+        it('injects key pair auth metadata', async () => {
+            const pipeline = new MiddlewarePipeline();
+            pipeline.use(authMiddleware({ keyPair: validKeyPair }));
+            let capturedMetadata;
+            pipeline.use({
+                name: 'metaCapture',
+                async before(ctx) {
+                    capturedMetadata = { ...ctx.metadata };
+                    return { proceed: true };
+                },
+            });
+            await pipeline.execute('createCovenant', {}, echoOp('ok'));
+            expect(capturedMetadata.authenticated).toBe(true);
+            expect(capturedMetadata.authMethod).toBe('keyPair');
+            expect(capturedMetadata.publicKeyHex).toBe('abcdef0123456789');
+        });
+        it('accepts 64-byte private keys', async () => {
+            const pipeline = new MiddlewarePipeline();
+            pipeline.use(authMiddleware({
+                keyPair: {
+                    publicKeyHex: 'abcdef',
+                    privateKey: new Uint8Array(64).fill(2),
+                },
+            }));
+            const result = await pipeline.execute('op', {}, echoOp('ok'));
+            expect(result).toBe('ok');
+        });
+        it('rejects key pair with empty public key', async () => {
+            const pipeline = new MiddlewarePipeline();
+            pipeline.use(authMiddleware({
+                keyPair: {
+                    publicKeyHex: '',
+                    privateKey: new Uint8Array(32).fill(1),
+                },
+            }));
+            await expect(pipeline.execute('op', {}, echoOp('ok'))).rejects.toThrow('Authentication required');
+        });
+        it('rejects key pair with invalid private key size', async () => {
+            const pipeline = new MiddlewarePipeline();
+            pipeline.use(authMiddleware({
+                keyPair: {
+                    publicKeyHex: 'abcdef',
+                    privateKey: new Uint8Array(16).fill(1),
+                },
+            }));
+            await expect(pipeline.execute('op', {}, echoOp('ok'))).rejects.toThrow('Authentication required');
+        });
+    });
+    // ── Configurable operations ──────────────────────────────────────────
+    describe('requiredFor configuration', () => {
+        it('only requires auth for specified operations', async () => {
+            const pipeline = new MiddlewarePipeline();
+            pipeline.use(authMiddleware({
+                apiKey: 'my-key',
+                requiredFor: ['createCovenant', 'verifyCovenant'],
+            }));
+            // This operation is not in requiredFor, should pass without auth check
+            const result = await pipeline.execute('evaluateAction', {}, echoOp('evaluated'));
+            expect(result).toBe('evaluated');
+        });
+        it('enforces auth for operations in requiredFor', async () => {
+            const pipeline = new MiddlewarePipeline();
+            pipeline.use(authMiddleware({
+                apiKey: 'valid-key',
+                requiredFor: ['createCovenant'],
+            }));
+            const result = await pipeline.execute('createCovenant', {}, echoOp('created'));
+            expect(result).toBe('created');
+        });
+        it('allows unrestricted operations without auth', async () => {
+            const pipeline = new MiddlewarePipeline();
+            pipeline.use(authMiddleware({
+                keyPair: {
+                    publicKeyHex: '',
+                    privateKey: new Uint8Array(16), // Invalid key pair
+                },
+                requiredFor: ['createCovenant'],
+            }));
+            // evaluateAction not in requiredFor, should pass
+            const result = await pipeline.execute('evaluateAction', {}, echoOp('ok'));
+            expect(result).toBe('ok');
+        });
+        it('blocks auth-required operations with invalid credentials', async () => {
+            const pipeline = new MiddlewarePipeline();
+            pipeline.use(authMiddleware({
+                keyPair: {
+                    publicKeyHex: '',
+                    privateKey: new Uint8Array(16),
+                },
+                requiredFor: ['createCovenant'],
+            }));
+            await expect(pipeline.execute('createCovenant', {}, echoOp('ok'))).rejects.toThrow('Authentication required for operation "createCovenant"');
+        });
+    });
+    // ── Both auth methods ────────────────────────────────────────────────
+    describe('dual authentication', () => {
+        it('succeeds with API key even if key pair is invalid', async () => {
+            const pipeline = new MiddlewarePipeline();
+            pipeline.use(authMiddleware({
+                apiKey: 'valid-key',
+                keyPair: {
+                    publicKeyHex: '',
+                    privateKey: new Uint8Array(16),
+                },
+            }));
+            const result = await pipeline.execute('op', {}, echoOp('ok'));
+            expect(result).toBe('ok');
+        });
+    });
+});
+// ─────────────────────────────────────────────────────────────────────────────
+// Metrics Plugin Tests
+// ─────────────────────────────────────────────────────────────────────────────
+describe('metricsMiddleware', () => {
+    let pipeline;
+    let registry;
+    let metricsPlugin;
+    beforeEach(() => {
+        pipeline = new MiddlewarePipeline();
+        registry = createMetricsRegistry();
+        metricsPlugin = metricsMiddleware({ registry, prefix: 'test' });
+        pipeline.use(metricsPlugin);
+    });
+    it('has the name "metrics"', () => {
+        expect(metricsPlugin.name).toBe('metrics');
+    });
+    it('exposes the metrics registry', () => {
+        expect(metricsPlugin.registry).toBe(registry);
+    });
+    it('creates its own registry when none provided', () => {
+        const mw = metricsMiddleware();
+        expect(mw.registry).toBeInstanceOf(MetricsRegistry);
+    });
+    it('uses default prefix "stele" when none provided', () => {
+        const mw = metricsMiddleware();
+        const pipeline2 = new MiddlewarePipeline();
+        pipeline2.use(mw);
+        // Execute an operation to create the metrics
+        pipeline2.execute('op', {}, echoOp('ok'));
+        const snapshot = mw.registry.getAll();
+        expect(snapshot.counters).toHaveProperty('stele.operations.total');
+    });
+    // ── Counters ─────────────────────────────────────────────────────────
+    describe('operation counters', () => {
+        it('increments total operations counter', async () => {
+            await pipeline.execute('op1', {}, echoOp('ok'));
+            await pipeline.execute('op2', {}, echoOp('ok'));
+            await pipeline.execute('op3', {}, echoOp('ok'));
+            const counter = registry.counter('test.operations.total');
+            expect(counter.get()).toBe(3);
+        });
+        it('increments error counter on failure', async () => {
+            await expect(pipeline.execute('op', {}, failingOp('boom'))).rejects.toThrow('boom');
+            const errorCounter = registry.counter('test.operations.errors');
+            expect(errorCounter.get()).toBe(1);
+        });
+        it('does not increment error counter on success', async () => {
+            await pipeline.execute('op', {}, echoOp('ok'));
+            const errorCounter = registry.counter('test.operations.errors');
+            expect(errorCounter.get()).toBe(0);
+        });
+        it('tracks total and error counters independently', async () => {
+            await pipeline.execute('op1', {}, echoOp('ok'));
+            await expect(pipeline.execute('op2', {}, failingOp('boom'))).rejects.toThrow();
+            await pipeline.execute('op3', {}, echoOp('ok'));
+            const totalCounter = registry.counter('test.operations.total');
+            const errorCounter = registry.counter('test.operations.errors');
+            expect(totalCounter.get()).toBe(3);
+            expect(errorCounter.get()).toBe(1);
+        });
+    });
+    // ── Histogram ────────────────────────────────────────────────────────
+    describe('duration histogram', () => {
+        it('records operation duration', async () => {
+            await pipeline.execute('op', {}, async () => {
+                await new Promise((r) => setTimeout(r, 10));
+                return 'done';
+            });
+            const histogram = registry.histogram('test.operations.duration');
+            const snapshot = histogram.get();
+            expect(snapshot.count).toBe(1);
+            expect(snapshot.min).toBeGreaterThanOrEqual(0);
+        });
+        it('records duration for multiple operations', async () => {
+            for (let i = 0; i < 5; i++) {
+                await pipeline.execute('op', {}, echoOp('ok'));
+            }
+            const histogram = registry.histogram('test.operations.duration');
+            const snapshot = histogram.get();
+            expect(snapshot.count).toBe(5);
+        });
+        it('records duration even on error', async () => {
+            await expect(pipeline.execute('op', {}, failingOp('fail'))).rejects.toThrow();
+            const histogram = registry.histogram('test.operations.duration');
+            const snapshot = histogram.get();
+            expect(snapshot.count).toBe(1);
+        });
+    });
+    // ── Gauge ────────────────────────────────────────────────────────────
+    describe('active operations gauge', () => {
+        it('returns to zero after successful operation', async () => {
+            await pipeline.execute('op', {}, echoOp('ok'));
+            const gauge = registry.gauge('test.operations.active');
+            expect(gauge.get()).toBe(0);
+        });
+        it('returns to zero after failed operation', async () => {
+            await expect(pipeline.execute('op', {}, failingOp('boom'))).rejects.toThrow();
+            const gauge = registry.gauge('test.operations.active');
+            expect(gauge.get()).toBe(0);
+        });
+        it('increments during operation', async () => {
+            let gaugeValueDuringOp;
+            await pipeline.execute('op', {}, async () => {
+                const gauge = registry.gauge('test.operations.active');
+                gaugeValueDuringOp = gauge.get();
+                return 'done';
+            });
+            expect(gaugeValueDuringOp).toBe(1);
+        });
+    });
+    // ── Snapshot ─────────────────────────────────────────────────────────
+    describe('full snapshot', () => {
+        it('provides a complete metrics snapshot', async () => {
+            await pipeline.execute('op1', {}, echoOp('ok'));
+            await expect(pipeline.execute('op2', {}, failingOp('fail'))).rejects.toThrow();
+            const snapshot = registry.getAll();
+            expect(snapshot.counters['test.operations.total']).toBe(2);
+            expect(snapshot.counters['test.operations.errors']).toBe(1);
+            expect(snapshot.gauges['test.operations.active']).toBe(0);
+            expect(snapshot.histograms['test.operations.duration']).toBeDefined();
+            expect(snapshot.histograms['test.operations.duration'].count).toBe(2);
+        });
+    });
+});
+// ─────────────────────────────────────────────────────────────────────────────
+// Retry Plugin Tests
+// ─────────────────────────────────────────────────────────────────────────────
+describe('retryMiddleware', () => {
+    it('has the name "retry"', () => {
+        const mw = retryMiddleware();
+        expect(mw.name).toBe('retry');
+    });
+    it('initializes retryCount in metadata', async () => {
+        const pipeline = new MiddlewarePipeline();
+        pipeline.use(retryMiddleware());
+        let capturedMetadata;
+        pipeline.use({
+            name: 'metaCapture',
+            async before(ctx) {
+                capturedMetadata = { ...ctx.metadata };
+                return { proceed: true };
+            },
+        });
+        await pipeline.execute('op', {}, echoOp('ok'));
+        expect(capturedMetadata).toBeDefined();
+        expect(capturedMetadata.retryCount).toBe(0);
+    });
+    it('records retry count on error', async () => {
+        const pipeline = new MiddlewarePipeline();
+        const retryPlugin = retryMiddleware({ maxRetries: 2, baseDelayMs: 1 });
+        pipeline.use(retryPlugin);
+        let retryCount;
+        pipeline.use({
+            name: 'retryCapture',
+            async onError(ctx) {
+                retryCount = ctx.metadata.retryCount;
+            },
+        });
+        await expect(pipeline.execute('op', {}, failingOp('boom'))).rejects.toThrow('boom');
+        // The retry middleware records count but can't re-invoke in onError
+        expect(retryCount).toBeDefined();
+    });
+    it('uses default options when none provided', () => {
+        const mw = retryMiddleware();
+        expect(mw.name).toBe('retry');
+        expect(mw.before).toBeDefined();
+        expect(mw.after).toBeDefined();
+        expect(mw.onError).toBeDefined();
+    });
+    it('passes through on success', async () => {
+        const pipeline = new MiddlewarePipeline();
+        pipeline.use(retryMiddleware());
+        const result = await pipeline.execute('op', {}, echoOp('success'));
+        expect(result).toBe('success');
+    });
+    it('respects shouldRetry predicate', async () => {
+        const pipeline = new MiddlewarePipeline();
+        pipeline.use(retryMiddleware({
+            maxRetries: 3,
+            baseDelayMs: 1,
+            shouldRetry: (error) => error.message.includes('retryable'),
+        }));
+        // Non-retryable error
+        await expect(pipeline.execute('op', {}, failingOp('fatal error'))).rejects.toThrow('fatal error');
+    });
+});
+// ─── executeWithRetry standalone function ────────────────────────────────────
+describe('executeWithRetry', () => {
+    it('returns result on first success', async () => {
+        const { result, retryCount } = await executeWithRetry(async () => 'hello', { maxRetries: 3, baseDelayMs: 1 });
+        expect(result).toBe('hello');
+        expect(retryCount).toBe(0);
+    });
+    it('retries on failure and succeeds eventually', async () => {
+        let attempts = 0;
+        const { result, retryCount } = await executeWithRetry(async () => {
+            attempts++;
+            if (attempts < 3) {
+                throw new Error('transient');
+            }
+            return 'recovered';
+        }, { maxRetries: 5, baseDelayMs: 1 });
+        expect(result).toBe('recovered');
+        expect(retryCount).toBe(2);
+        expect(attempts).toBe(3);
+    });
+    it('throws after exhausting max retries', async () => {
+        let attempts = 0;
+        await expect(executeWithRetry(async () => {
+            attempts++;
+            throw new Error('always fails');
+        }, { maxRetries: 3, baseDelayMs: 1 })).rejects.toThrow('always fails');
+        expect(attempts).toBe(4); // 1 initial + 3 retries
+    });
+    it('respects shouldRetry predicate', async () => {
+        let attempts = 0;
+        await expect(executeWithRetry(async () => {
+            attempts++;
+            throw new Error('non-retryable');
+        }, {
+            maxRetries: 5,
+            baseDelayMs: 1,
+            shouldRetry: (err) => !err.message.includes('non-retryable'),
+        })).rejects.toThrow('non-retryable');
+        // Should not retry at all
+        expect(attempts).toBe(1);
+    });
+    it('uses exponential backoff', async () => {
+        const startTime = Date.now();
+        let attempts = 0;
+        await expect(executeWithRetry(async () => {
+            attempts++;
+            throw new Error('fail');
+        }, { maxRetries: 2, baseDelayMs: 10 })).rejects.toThrow('fail');
+        const elapsed = Date.now() - startTime;
+        expect(attempts).toBe(3); // 1 initial + 2 retries
+        // Should have some delay (backoff), but with jitter it's not deterministic
+        // Just verify it didn't execute instantly
+        expect(elapsed).toBeGreaterThanOrEqual(0);
+    });
+    it('uses default options when none provided', async () => {
+        const { result, retryCount } = await executeWithRetry(async () => 42);
+        expect(result).toBe(42);
+        expect(retryCount).toBe(0);
+    });
+    it('handles non-Error exceptions', async () => {
+        let attempts = 0;
+        await expect(executeWithRetry(async () => {
+            attempts++;
+            throw 'string error';
+        }, { maxRetries: 1, baseDelayMs: 1 })).rejects.toThrow('string error');
+        expect(attempts).toBe(2);
+    });
+});
+// ─────────────────────────────────────────────────────────────────────────────
+// Plugin Composition Tests
+// ─────────────────────────────────────────────────────────────────────────────
+describe('Plugin composition', () => {
+    it('composes auth + metrics + cache together', async () => {
+        const pipeline = new MiddlewarePipeline();
+        const registry = createMetricsRegistry();
+        pipeline.use(authMiddleware({ apiKey: 'key' }));
+        pipeline.use(metricsMiddleware({ registry, prefix: 'composed' }));
+        pipeline.use(cachingMiddleware({ maxSize: 100, ttlMs: 5000 }));
+        const result = await pipeline.execute('verifyCovenant', { doc: { id: 'cov-1', signature: 'sig-1', constraints: 'test' } }, echoOp({ valid: true }));
+        expect(result).toEqual({ valid: true });
+        // Metrics should have been recorded
+        const totalCounter = registry.counter('composed.operations.total');
+        expect(totalCounter.get()).toBe(1);
+    });
+    it('auth blocks unauthenticated operations in composed pipeline', async () => {
+        const pipeline = new MiddlewarePipeline();
+        const registry = createMetricsRegistry();
+        pipeline.use(metricsMiddleware({ registry, prefix: 'composed' }));
+        pipeline.use(authMiddleware({
+            keyPair: { publicKeyHex: '', privateKey: new Uint8Array(16) },
+        }));
+        await expect(pipeline.execute('createCovenant', {}, echoOp('ok'))).rejects.toThrow('Authentication required');
+        // Metrics should still track the failed operation
+        const totalCounter = registry.counter('composed.operations.total');
+        expect(totalCounter.get()).toBe(1);
+        const errorCounter = registry.counter('composed.operations.errors');
+        expect(errorCounter.get()).toBe(1);
+    });
+    it('composes all four plugins together', async () => {
+        const pipeline = new MiddlewarePipeline();
+        const registry = createMetricsRegistry();
+        pipeline.use(authMiddleware({ apiKey: 'valid-key' }));
+        pipeline.use(metricsMiddleware({ registry, prefix: 'all' }));
+        pipeline.use(retryMiddleware({ maxRetries: 1, baseDelayMs: 1 }));
+        pipeline.use(cachingMiddleware({ maxSize: 100, ttlMs: 5000 }));
+        const result = await pipeline.execute('evaluateAction', { doc: { constraints: "permit read on '/data'" }, action: 'read', resource: '/data' }, echoOp({ permitted: true }));
+        expect(result).toEqual({ permitted: true });
+        const totalCounter = registry.counter('all.operations.total');
+        expect(totalCounter.get()).toBe(1);
+    });
+    it('metrics tracks duration across composed middleware', async () => {
+        const pipeline = new MiddlewarePipeline();
+        const registry = createMetricsRegistry();
+        pipeline.use(metricsMiddleware({ registry, prefix: 'timing' }));
+        pipeline.use(cachingMiddleware({ maxSize: 10, ttlMs: 5000 }));
+        await pipeline.execute('op', {}, async () => {
+            await new Promise((r) => setTimeout(r, 5));
+            return 'done';
+        });
+        const histogram = registry.histogram('timing.operations.duration');
+        const snapshot = histogram.get();
+        expect(snapshot.count).toBe(1);
+        expect(snapshot.min).toBeGreaterThanOrEqual(0);
+    });
+});
+//# sourceMappingURL=plugins.test.js.map