@selvajs/local-provider 0.11.0

package/src/data/LocalShareLinkStore.ts

@@ -0,0 +1,138 @@
+import * as path from 'node:path';
+import type {
+	IShareLinkStore,
+	IDefinitionStore,
+	IEventSink,
+	ShareLink,
+	RequestContext,
+	ListOptions,
+	Page
+} from '@selvajs/platform';
+import { ProviderError, SYSTEM_CONTEXT, actorFrom, NoopEventSink } from '@selvajs/platform';
+import { paginate } from './pagination.js';
+import { readJsonFile, writeJsonFile } from './fsJson.js';
+
+interface OnDiskShape {
+	links: Record<string, ShareLink>;
+}
+
+const empty = (): OnDiskShape => ({ links: {} });
+
+export interface LocalShareLinkStoreOptions {
+	/** Absolute path to the JSON file backing this store. */
+	filePath: string;
+	events?: IEventSink;
+}
+
+/**
+ * Spec §7 — share-link store backed by share-links.json.
+ *
+ * `tryIncrementSolveCount` is the load-bearing race-sensitive method; in
+ * the local provider we read-modify-write under a single fs round-trip,
+ * which is acceptable at single-node scale. Postgres adapters use a true
+ * atomic UPDATE.
+ */
+export class LocalShareLinkStore implements IShareLinkStore {
+	private definitionProvider?: IDefinitionStore;
+	private readonly events: IEventSink;
+	private readonly configFilePath: string;
+
+	static fromEnv(env: Record<string, string | undefined>): LocalShareLinkStore {
+		if (!env.DATA_PATH) throw new Error('Missing required env var: DATA_PATH');
+		return new LocalShareLinkStore({
+			filePath: path.join(env.DATA_PATH, 'share-links.json')
+		});
+	}
+
+	constructor(opts: LocalShareLinkStoreOptions) {
+		this.configFilePath = opts.filePath;
+		this.events = opts.events ?? new NoopEventSink();
+	}
+
+	/**
+	 * Wire the definition store so token resolution can check the parent
+	 * definition's `deletedAt` (Permissions.md §7 cascade contract). Mirrors
+	 * Supabase, which performs the equivalent JOIN. Optional: when unset, the
+	 * store falls back to the local-only revoke check; the route layer in
+	 * the selva app does the parent lookup as a safety net either way.
+	 */
+	setDefinitionProvider(definitions: IDefinitionStore): void {
+		this.definitionProvider = definitions;
+	}
+
+	private async readAll(): Promise<OnDiskShape> {
+		return readJsonFile<OnDiskShape>(this.configFilePath, empty());
+	}
+
+	private async writeAll(data: OnDiskShape): Promise<void> {
+		await writeJsonFile(this.configFilePath, data);
+	}
+
+	private isLive(l: ShareLink | undefined | null): l is ShareLink {
+		return Boolean(l && l.revokedAt == null);
+	}
+
+	async create(ctx: RequestContext, link: ShareLink): Promise<void> {
+		const all = await this.readAll();
+		if (all.links[link.id]) {
+			throw new ProviderError(`Share link '${link.id}' already exists`, 409);
+		}
+		all.links[link.id] = { ...link, revokedAt: null };
+		await this.writeAll(all);
+		await this.events.emit({
+			type: 'share_link.minted',
+			linkId: link.id,
+			definitionId: link.definitionId,
+			actorId: actorFrom(ctx)
+		});
+	}
+
+	async listByDefinition(
+		_ctx: RequestContext,
+		definitionId: string,
+		opts?: ListOptions
+	): Promise<Page<ShareLink>> {
+		const all = await this.readAll();
+		const rows = Object.values(all.links)
+			.filter((l) => l.definitionId === definitionId && this.isLive(l))
+			.sort((a, b) => b.createdAt.localeCompare(a.createdAt));
+		return paginate(rows, opts);
+	}
+
+	async getById(_ctx: RequestContext, id: string): Promise<ShareLink | null> {
+		const all = await this.readAll();
+		return all.links[id] ?? null;
+	}
+
+	async getByTokenHash(_ctx: RequestContext, tokenHash: string): Promise<ShareLink | null> {
+		const all = await this.readAll();
+		const found = Object.values(all.links).find((l) => l.tokenHash === tokenHash);
+		if (!this.isLive(found)) return null;
+		// §7: token resolution MUST NOT see links whose parent definition is
+		// soft-deleted. Supabase enforces this via JOIN; here we look up.
+		if (this.definitionProvider) {
+			const parent = await this.definitionProvider.get(SYSTEM_CONTEXT, found.definitionId);
+			if (!parent) return null;
+		}
+		return found;
+	}
+
+	async revoke(ctx: RequestContext, id: string): Promise<void> {
+		const all = await this.readAll();
+		const l = all.links[id];
+		if (!l || !this.isLive(l)) return; // idempotent
+		l.revokedAt = new Date().toISOString();
+		await this.writeAll(all);
+		await this.events.emit({ type: 'share_link.revoked', linkId: id, actorId: actorFrom(ctx) });
+	}
+
+	async tryIncrementSolveCount(_ctx: RequestContext, id: string): Promise<number | null> {
+		const all = await this.readAll();
+		const l = all.links[id];
+		if (!l || !this.isLive(l)) return null;
+		if (l.maxSolves != null && l.solveCount >= l.maxSolves) return null;
+		l.solveCount += 1;
+		await this.writeAll(all);
+		return l.solveCount;
+	}
+}

package/src/data/__tests__/cascade.test.ts

@@ -0,0 +1,300 @@
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import * as fs from 'node:fs/promises';
+import * as path from 'node:path';
+import * as os from 'node:os';
+import { randomUUID } from 'node:crypto';
+import {
+	ALL_ORG_PERMISSIONS,
+	ALL_PLATFORM_PERMISSIONS,
+	SYSTEM_CONTEXT,
+	type RequestContext,
+	type DefinitionRecord,
+	type ShareLink
+} from '@selvajs/platform';
+import { LocalOrgStore, LocalOrgStoreLoader } from '../LocalOrgStore.js';
+import { LocalProjectStore } from '../LocalProjectStore.js';
+import { LocalDefinitionStore } from '../LocalDefinitionStore.js';
+import { LocalShareLinkStore } from '../LocalShareLinkStore.js';
+import { LocalInviteStore } from '../LocalInviteStore.js';
+import { LocalComputeServerStore } from '../LocalComputeServerStore.js';
+import { LocalPlatformProjectGrantStore } from '../LocalPlatformProjectGrantStore.js';
+
+/**
+ * Cross-store cascade behavior. Lives outside the per-store conformance suites
+ * because the invariants involve both `IOrgStore` and `IProjectStore`.
+ */
+describe('Cross-store cascade', () => {
+	let tempDir: string;
+	let orgs: LocalOrgStore;
+	let projects: LocalProjectStore;
+
+	beforeEach(async () => {
+		tempDir = await fs.mkdtemp(path.join(os.tmpdir(), 'selva-test-'));
+		const loader = new LocalOrgStoreLoader(tempDir);
+		const invites = new LocalInviteStore(tempDir);
+		const computeServer = new LocalComputeServerStore(
+			path.join(tempDir, 'compute.config.json'),
+			Buffer.alloc(32, 0x42)
+		);
+		const grants = new LocalPlatformProjectGrantStore(
+			path.join(tempDir, 'platform-project-grants.json')
+		);
+		orgs = new LocalOrgStore({ loader, invites, computeServer, grants });
+		projects = new LocalProjectStore({ loader, grants });
+	});
+
+	afterEach(async () => {
+		await fs.rm(tempDir, { recursive: true, force: true });
+	});
+
+	function ctxFor(userId: string): RequestContext {
+		return {
+			userId,
+			platformPermissions: [...ALL_PLATFORM_PERMISSIONS],
+			orgPermissions: [...ALL_ORG_PERMISSIONS]
+		};
+	}
+
+	it('removeOrgMember soft-deletes the user’s project memberships in that org (§9)', async () => {
+		const ownerId = randomUUID();
+		const memberId = randomUUID();
+		const orgId = randomUUID();
+		const projectAId = randomUUID();
+		const projectBId = randomUUID();
+		const now = new Date().toISOString();
+		const ownerCtx = ctxFor(ownerId);
+
+		await orgs.createOrg(ownerCtx, {
+			id: orgId,
+			name: 'Acme',
+			slug: 'acme',
+			ownerId,
+			createdBy: ownerId,
+			updatedBy: ownerId,
+			createdAt: now,
+			updatedAt: now,
+			deletedAt: null
+		});
+		await orgs.addOrgMember(ownerCtx, {
+			orgId,
+			userId: memberId,
+			role: 'member',
+			permissions: [],
+			joinedAt: now,
+			updatedAt: now,
+			updatedBy: ownerId,
+			deletedAt: null
+		});
+
+		for (const id of [projectAId, projectBId]) {
+			await projects.createProject(ownerCtx, {
+				id,
+				orgId,
+				ownerId,
+				name: `Project ${id.slice(0, 4)}`,
+				slug: `p-${id.slice(0, 4)}`,
+				visibility: 'private',
+				autoJoinOnUpload: false,
+				createdBy: ownerId,
+				updatedBy: ownerId,
+				createdAt: now,
+				updatedAt: now,
+				deletedAt: null
+			});
+			await projects.addProjectMember(ownerCtx, {
+				projectId: id,
+				userId: memberId,
+				role: 'editor',
+				joinedAt: now,
+				updatedAt: now,
+				updatedBy: ownerId,
+				deletedAt: null
+			});
+		}
+
+		// Sanity: memberships are live before the cascade fires.
+		expect(await projects.getProjectMember(ownerCtx, projectAId, memberId)).not.toBeNull();
+		expect(await projects.getProjectMember(ownerCtx, projectBId, memberId)).not.toBeNull();
+
+		await orgs.removeOrgMember(ownerCtx, orgId, memberId);
+
+		expect(await orgs.getOrgMember(ownerCtx, orgId, memberId)).toBeNull();
+		expect(await projects.getProjectMember(ownerCtx, projectAId, memberId)).toBeNull();
+		expect(await projects.getProjectMember(ownerCtx, projectBId, memberId)).toBeNull();
+	});
+
+	it('removeOrgMember does not touch project memberships in other orgs', async () => {
+		const ownerAId = randomUUID();
+		const ownerBId = randomUUID();
+		const memberId = randomUUID();
+		const orgAId = randomUUID();
+		const orgBId = randomUUID();
+		const projectAId = randomUUID();
+		const projectBId = randomUUID();
+		const now = new Date().toISOString();
+
+		await orgs.createOrg(ctxFor(ownerAId), {
+			id: orgAId,
+			name: 'Acme',
+			slug: 'acme',
+			ownerId: ownerAId,
+			createdBy: ownerAId,
+			updatedBy: ownerAId,
+			createdAt: now,
+			updatedAt: now,
+			deletedAt: null
+		});
+		await orgs.createOrg(ctxFor(ownerBId), {
+			id: orgBId,
+			name: 'BigClient',
+			slug: 'bigclient',
+			ownerId: ownerBId,
+			createdBy: ownerBId,
+			updatedBy: ownerBId,
+			createdAt: now,
+			updatedAt: now,
+			deletedAt: null
+		});
+
+		for (const [orgOwner, orgId] of [
+			[ownerAId, orgAId],
+			[ownerBId, orgBId]
+		]) {
+			await orgs.addOrgMember(ctxFor(orgOwner), {
+				orgId,
+				userId: memberId,
+				role: 'member',
+				permissions: [],
+				joinedAt: now,
+				updatedAt: now,
+				updatedBy: orgOwner,
+				deletedAt: null
+			});
+		}
+
+		for (const [orgOwner, orgId, projectId] of [
+			[ownerAId, orgAId, projectAId],
+			[ownerBId, orgBId, projectBId]
+		]) {
+			await projects.createProject(ctxFor(orgOwner), {
+				id: projectId,
+				orgId,
+				ownerId: orgOwner,
+				name: `Project ${projectId.slice(0, 4)}`,
+				slug: `p-${projectId.slice(0, 4)}`,
+				visibility: 'private',
+				autoJoinOnUpload: false,
+				createdBy: orgOwner,
+				updatedBy: orgOwner,
+				createdAt: now,
+				updatedAt: now,
+				deletedAt: null
+			});
+			await projects.addProjectMember(ctxFor(orgOwner), {
+				projectId,
+				userId: memberId,
+				role: 'editor',
+				joinedAt: now,
+				updatedAt: now,
+				updatedBy: orgOwner,
+				deletedAt: null
+			});
+		}
+
+		// Remove from org A only.
+		await orgs.removeOrgMember(ctxFor(ownerAId), orgAId, memberId);
+
+		expect(await projects.getProjectMember(ctxFor(ownerAId), projectAId, memberId)).toBeNull();
+		// Org B membership and its project membership are untouched.
+		expect(await orgs.getOrgMember(ctxFor(ownerBId), orgBId, memberId)).not.toBeNull();
+		expect(await projects.getProjectMember(ctxFor(ownerBId), projectBId, memberId)).not.toBeNull();
+	});
+
+	it('share-link getByTokenHash returns null when parent definition is soft-deleted (§7)', async () => {
+		// §7: token resolution MUST fail closed when its parent definition is
+		// soft-deleted. Supabase enforces this via JOIN; the local store gets
+		// the same behavior by injecting a definition provider through the
+		// LocalDataProvider wiring (see LocalShareLinkStore.setDefinitionProvider).
+		const ownerId = randomUUID();
+		const orgId = randomUUID();
+		const projectId = randomUUID();
+		const definitionId = randomUUID();
+		const linkId = randomUUID();
+		const tokenHash = `hash-${randomUUID()}`;
+		const now = new Date().toISOString();
+		const ownerCtx = ctxFor(ownerId);
+
+		await orgs.createOrg(ownerCtx, {
+			id: orgId,
+			name: 'Acme',
+			slug: 'acme',
+			ownerId,
+			createdBy: ownerId,
+			updatedBy: ownerId,
+			createdAt: now,
+			updatedAt: now,
+			deletedAt: null
+		});
+		await projects.createProject(ownerCtx, {
+			id: projectId,
+			orgId,
+			ownerId,
+			name: 'P',
+			slug: 'p',
+			visibility: 'private',
+			autoJoinOnUpload: false,
+			createdBy: ownerId,
+			updatedBy: ownerId,
+			createdAt: now,
+			updatedAt: now,
+			deletedAt: null
+		});
+
+		const definitions = new LocalDefinitionStore(tempDir);
+		const shareLinks = new LocalShareLinkStore({
+			filePath: path.join(tempDir, 'share-links.json')
+		});
+		shareLinks.setDefinitionProvider(definitions);
+
+		const definition: DefinitionRecord = {
+			guid: definitionId,
+			projectId,
+			ownerId,
+			createdBy: ownerId,
+			updatedBy: ownerId,
+			displayName: 'Def',
+			status: 'published',
+			solveCount: 0,
+			liveVersionId: null,
+			draftVersionId: null,
+			createdAt: now,
+			updatedAt: now,
+			deletedAt: null
+		};
+		await definitions.create(ownerCtx, definition);
+
+		const link: ShareLink = {
+			id: linkId,
+			definitionId,
+			channel: 'live',
+			tokenHash,
+			createdBy: ownerId,
+			createdAt: now,
+			expiresAt: null,
+			revokedAt: null,
+			allowSolve: true,
+			maxSolves: null,
+			solveCount: 0
+		};
+		await shareLinks.create(SYSTEM_CONTEXT, link);
+
+		// Sanity: token resolves while parent is live.
+		expect(await shareLinks.getByTokenHash(SYSTEM_CONTEXT, tokenHash)).not.toBeNull();
+
+		// Soft-delete the parent definition.
+		await definitions.delete(ownerCtx, definitionId);
+
+		// Cascade contract: token resolution must now fail closed.
+		expect(await shareLinks.getByTokenHash(SYSTEM_CONTEXT, tokenHash)).toBeNull();
+	});
+});

package/src/data/__tests__/compute-server-conformance.test.ts

@@ -0,0 +1,26 @@
+import { describe, beforeEach, afterEach } from 'vitest';
+import * as fs from 'node:fs/promises';
+import * as path from 'node:path';
+import * as os from 'node:os';
+import { runComputeServerStoreConformance } from '@selvajs/platform/testing';
+import { LocalComputeServerStore } from '../LocalComputeServerStore.js';
+
+const TEST_SECRET_KEY = Buffer.alloc(32, 0x42);
+
+describe('LocalComputeServerStore', () => {
+	let tempDir: string;
+
+	beforeEach(async () => {
+		tempDir = await fs.mkdtemp(path.join(os.tmpdir(), 'selva-compute-'));
+	});
+
+	afterEach(async () => {
+		await fs.rm(tempDir, { recursive: true, force: true });
+	});
+
+	runComputeServerStoreConformance({
+		name: 'LocalComputeServerStore',
+		createStore: () =>
+			new LocalComputeServerStore(path.join(tempDir, 'compute.config.json'), TEST_SECRET_KEY)
+	});
+});

package/src/data/__tests__/compute-server-encryption.test.ts

@@ -0,0 +1,185 @@
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import * as fs from 'node:fs/promises';
+import * as path from 'node:path';
+import * as os from 'node:os';
+import { SYSTEM_CONTEXT, type PlatformComputeServer } from '@selvajs/platform';
+import { LocalComputeServerStore } from '../LocalComputeServerStore.js';
+
+const TEST_SECRET_KEY = Buffer.alloc(32, 0x42);
+const OTHER_KEY = Buffer.alloc(32, 0x99);
+
+function makePlatformServer(
+	overrides: Partial<Omit<PlatformComputeServer, 'scope'>> = {}
+): PlatformComputeServer {
+	return {
+		id: overrides.id ?? 'a1',
+		scope: 'platform',
+		sharedWith: overrides.sharedWith ?? 'all',
+		label: overrides.label ?? 'Test',
+		serverUrl: overrides.serverUrl ?? 'http://localhost:5000',
+		apiKey: overrides.apiKey,
+		timeoutMs: overrides.timeoutMs,
+		retryCount: overrides.retryCount
+	};
+}
+
+describe('LocalComputeServerStore — apiKey encryption at rest', () => {
+	let tempDir: string;
+	let configPath: string;
+
+	beforeEach(async () => {
+		tempDir = await fs.mkdtemp(path.join(os.tmpdir(), 'selva-compute-enc-'));
+		configPath = path.join(tempDir, 'compute.config.json');
+	});
+
+	afterEach(async () => {
+		await fs.rm(tempDir, { recursive: true, force: true });
+	});
+
+	it('round-trips apiKey plaintext through the store', async () => {
+		const store = new LocalComputeServerStore(configPath, TEST_SECRET_KEY);
+		await store.savePlatformServers(
+			SYSTEM_CONTEXT,
+			[makePlatformServer({ apiKey: 'super-secret-value' })],
+			'a1'
+		);
+
+		const got = await store.getConfig(SYSTEM_CONTEXT);
+		expect(got.servers[0].apiKey).toBe('super-secret-value');
+	});
+
+	it('does not write the plaintext apiKey to disk', async () => {
+		const store = new LocalComputeServerStore(configPath, TEST_SECRET_KEY);
+		const plaintext = 'plaintext-must-not-appear-on-disk';
+		await store.savePlatformServers(
+			SYSTEM_CONTEXT,
+			[makePlatformServer({ apiKey: plaintext })],
+			'a1'
+		);
+
+		const onDisk = await fs.readFile(configPath, 'utf-8');
+		expect(onDisk).not.toContain(plaintext);
+		expect(onDisk).toContain('enc:v1:');
+	});
+
+	it('getConfig with the wrong key returns the server with apiKey omitted (does not throw)', async () => {
+		// Per-row tolerance: a key mismatch on `getConfig` must not blank out
+		// the entire compute-config response, because every page that reads
+		// it (e.g. /projects) would otherwise 500. Strict detection is the
+		// job of `verifySecrets` at boot.
+		const writer = new LocalComputeServerStore(configPath, TEST_SECRET_KEY);
+		await writer.savePlatformServers(
+			SYSTEM_CONTEXT,
+			[makePlatformServer({ apiKey: 'value' })],
+			'a1'
+		);
+
+		const reader = new LocalComputeServerStore(configPath, OTHER_KEY);
+		const got = await reader.getConfig(SYSTEM_CONTEXT);
+		expect(got.servers).toHaveLength(1);
+		expect(got.servers[0].apiKey).toBeUndefined();
+	});
+
+	it('verifySecrets reports key_mismatch when the at-rest key has rotated', async () => {
+		const writer = new LocalComputeServerStore(configPath, TEST_SECRET_KEY);
+		await writer.savePlatformServers(
+			SYSTEM_CONTEXT,
+			[makePlatformServer({ id: 'a1', label: 'Prod', apiKey: 'value' })],
+			'a1'
+		);
+
+		const reader = new LocalComputeServerStore(configPath, OTHER_KEY);
+		const report = await reader.verifySecrets();
+		expect(report.ok).toBe(false);
+		expect(report.plaintextFound).toBe(false);
+		expect(report.failures).toHaveLength(1);
+		expect(report.failures[0]).toMatchObject({
+			serverId: 'a1',
+			serverLabel: 'Prod',
+			reason: 'key_mismatch'
+		});
+	});
+
+	it('verifySecrets reports plaintext_on_disk for hand-edited config', async () => {
+		await fs.mkdir(path.dirname(configPath), { recursive: true });
+		await fs.writeFile(
+			configPath,
+			JSON.stringify({
+				servers: [
+					{
+						id: 'a1',
+						scope: 'platform',
+						sharedWith: 'all',
+						label: 'Legacy',
+						serverUrl: 'http://localhost:5000',
+						apiKey: 'plaintext-leftover'
+					}
+				]
+			}),
+			'utf-8'
+		);
+
+		const store = new LocalComputeServerStore(configPath, TEST_SECRET_KEY);
+		const report = await store.verifySecrets();
+		expect(report.ok).toBe(false);
+		expect(report.plaintextFound).toBe(true);
+		expect(report.failures[0]).toMatchObject({
+			serverId: 'a1',
+			reason: 'plaintext_on_disk'
+		});
+	});
+
+	it('verifySecrets returns ok when every encrypted apiKey decrypts', async () => {
+		const store = new LocalComputeServerStore(configPath, TEST_SECRET_KEY);
+		await store.savePlatformServers(
+			SYSTEM_CONTEXT,
+			[
+				makePlatformServer({ id: 'a1', apiKey: 'one' }),
+				makePlatformServer({ id: 'a2', apiKey: 'two' }),
+				makePlatformServer({ id: 'a3' }) // no apiKey — ignored
+			],
+			'a1'
+		);
+
+		const report = await store.verifySecrets();
+		expect(report.ok).toBe(true);
+		expect(report.failures).toEqual([]);
+		expect(report.plaintextFound).toBe(false);
+	});
+
+	it('refuses to read a legacy plaintext apiKey from disk', async () => {
+		// Simulate a hand-edited or legacy file with a plaintext apiKey.
+		await fs.mkdir(path.dirname(configPath), { recursive: true });
+		await fs.writeFile(
+			configPath,
+			JSON.stringify({
+				servers: [
+					{
+						id: 'a1',
+						scope: 'platform',
+						sharedWith: 'all',
+						label: 'Legacy',
+						serverUrl: 'http://localhost:5000',
+						apiKey: 'plaintext-leftover'
+					}
+				]
+			}),
+			'utf-8'
+		);
+
+		const store = new LocalComputeServerStore(configPath, TEST_SECRET_KEY);
+		await expect(store.getConfig(SYSTEM_CONTEXT)).rejects.toThrow(/unencrypted apiKey/);
+	});
+
+	it('preserves servers with no apiKey', async () => {
+		const store = new LocalComputeServerStore(configPath, TEST_SECRET_KEY);
+		await store.savePlatformServers(
+			SYSTEM_CONTEXT,
+			[makePlatformServer({ label: 'No Key' })],
+			'a1'
+		);
+
+		const got = await store.getConfig(SYSTEM_CONTEXT);
+		expect(got.servers[0].apiKey).toBeUndefined();
+	});
+});

package/src/data/__tests__/definition-conformance.test.ts

@@ -0,0 +1,23 @@
+import { describe, beforeEach, afterEach } from 'vitest';
+import * as fs from 'node:fs/promises';
+import * as path from 'node:path';
+import * as os from 'node:os';
+import { runDefinitionStoreConformance } from '@selvajs/platform/testing';
+import { LocalDefinitionStore } from '../LocalDefinitionStore.js';
+
+describe('LocalDefinitionStore', () => {
+	let tempDir: string;
+
+	beforeEach(async () => {
+		tempDir = await fs.mkdtemp(path.join(os.tmpdir(), 'selva-test-'));
+	});
+
+	afterEach(async () => {
+		await fs.rm(tempDir, { recursive: true, force: true });
+	});
+
+	runDefinitionStoreConformance({
+		name: 'LocalDefinitionStore',
+		createStore: () => new LocalDefinitionStore(tempDir)
+	});
+});

package/src/data/__tests__/event-sink-conformance.test.ts

@@ -0,0 +1,28 @@
+import * as fs from 'node:fs/promises';
+import * as path from 'node:path';
+import * as os from 'node:os';
+import { randomUUID } from 'node:crypto';
+import { runEventSinkConformance, type RecordingEventSink } from '@selvajs/platform/testing';
+import { LocalDataProvider } from '../LocalDataProvider.js';
+
+const tempDirs: string[] = [];
+
+runEventSinkConformance({
+	name: 'LocalDataProvider',
+	createProvider: async (sink: RecordingEventSink) => {
+		const tempDir = await fs.mkdtemp(path.join(os.tmpdir(), 'selva-events-'));
+		tempDirs.push(tempDir);
+		return LocalDataProvider.fromEnv(
+			{
+				DATA_PATH: tempDir,
+				SELVA_AT_REST_KEY: '0'.repeat(64)
+			},
+			sink
+		);
+	},
+	createActorId: async () => ({ userId: randomUUID() }),
+	cleanup: async () => {
+		await Promise.all(tempDirs.map((d) => fs.rm(d, { recursive: true, force: true })));
+		tempDirs.length = 0;
+	}
+});