@storacha/encrypt-upload-client 1.1.63 → 1.1.65

package/dist/test/kms-crypto-adapter.spec.js

@@ -1,305 +0,0 @@
-import './setup.js';
-import { test, describe } from 'node:test';
-import assert from 'node:assert';
-import * as Server from '@ucanto/server';
-import { base64 } from 'multiformats/bases/base64';
-import * as Space from '@storacha/capabilities/space';
-import { GenericAesCtrStreamingCrypto } from '../src/crypto/symmetric/generic-aes-ctr-streaming-crypto.js';
-import { KMSCryptoAdapter } from '../src/crypto/adapters/kms-crypto-adapter.js';
-import { createMockKeyManagerService, createMockKeyManagerServer, } from './mocks/key-manager.js';
-import { createTestFixtures } from './fixtures/test-fixtures.js';
-import { stringToUint8Array, streamToUint8Array, uint8ArrayToString, } from './helpers/test-file-utils.js';
-await describe('KMSCryptoAdapter', async () => {
-    await describe('Unit Tests', async () => {
-        await test('should delegate symmetric crypto operations to the injected implementation', async () => {
-            const symmetricCrypto = new GenericAesCtrStreamingCrypto();
-            const adapter = new KMSCryptoAdapter(symmetricCrypto, 'https://private.storacha.link', 'did:web:private.storacha.link');
-            const originalText = 'Op, this is a test for KMS strategy-based encryption!';
-            const blob = new Blob([stringToUint8Array(originalText)]);
-            // Test that it delegates to the symmetric crypto implementation
-            const { key, iv, encryptedStream } = await adapter.encryptStream(blob);
-            assert(key instanceof Uint8Array, 'Key should be a Uint8Array');
-            assert(iv instanceof Uint8Array, 'IV should be a Uint8Array');
-            assert(encryptedStream instanceof ReadableStream, 'Encrypted stream should be a ReadableStream');
-            // Test decryption delegation
-            const decryptedStream = await adapter.decryptStream(encryptedStream, key, iv);
-            const decryptedBytes = await streamToUint8Array(decryptedStream);
-            const decryptedText = uint8ArrayToString(decryptedBytes);
-            assert.strictEqual(decryptedText, originalText, 'Decrypted text should match original');
-        });
-        await test('should initialize KMS adapter with correct configuration', async () => {
-            const symmetricCrypto = new GenericAesCtrStreamingCrypto();
-            const adapter = new KMSCryptoAdapter(symmetricCrypto, 'https://private.storacha.link', 'did:web:private.storacha.link');
-            // Test that the adapter can handle encryption options directly
-            assert(typeof adapter.encryptSymmetricKey === 'function', 'encryptSymmetricKey should be a function');
-            // Verify adapter constructor sets properties correctly
-            assert(typeof adapter.keyManagerServiceDID === 'object', 'Adapter should have gateway DID object');
-            assert.strictEqual(adapter.keyManagerServiceDID.did(), 'did:web:private.storacha.link', 'Adapter should have correct gateway DID');
-            assert(adapter.keyManagerServiceURL instanceof URL, 'Adapter should have gateway URL');
-        });
-        await test('should handle metadata extraction with invalid CAR data', async () => {
-            const symmetricCrypto = new GenericAesCtrStreamingCrypto();
-            const adapter = new KMSCryptoAdapter(symmetricCrypto, 'https://private.storacha.link', 'did:web:private.storacha.link');
-            // Test that the method exists
-            assert(typeof adapter.extractEncryptedMetadata === 'function', 'extractEncryptedMetadata should be a function');
-            assert(typeof adapter.getEncryptedKey === 'function', 'getEncryptedKey should be a function');
-            // Should throw error for invalid CAR data
-            const mockCar = new Uint8Array([1, 2, 3]);
-            assert.throws(() => {
-                adapter.extractEncryptedMetadata(mockCar);
-            }, /Invalid CAR header format/, 'Should throw error for invalid CAR data');
-        });
-        await test('should sanitize space DID for KMS key ID', async () => {
-            const symmetricCrypto = new GenericAesCtrStreamingCrypto();
-            const adapter = new KMSCryptoAdapter(symmetricCrypto, 'https://mock-gateway.example.com', 'did:web:mock');
-            const spaceDID = 'did:key:z6MkwDK3M4PxU1FqcSt6quBH1xRBSGnPRdQYP9B13h3Wq5X1';
-            const sanitized = adapter.sanitizeSpaceDIDForKMSKeyId(spaceDID);
-            assert.strictEqual(sanitized, 'z6MkwDK3M4PxU1FqcSt6quBH1xRBSGnPRdQYP9B13h3Wq5X1');
-            assert(!sanitized.includes('did:key:'));
-        });
-    });
-    await describe('Integration Tests', async () => {
-        await test('should complete full encryption workflow with mocked private gateway', async () => {
-            const fixtures = await createTestFixtures();
-            const { keyManagerServiceDID, spaceDID, issuer, publicKeyPem, keyPair, delegationProof, } = fixtures;
-            let setupCalled = false;
-            let decryptCalled = false;
-            let actualEncryptedKey = '';
-            // Create mock gateway service that performs real RSA encryption/decryption
-            const service = createMockKeyManagerService({
-                mockPublicKey: publicKeyPem,
-                onEncryptionSetup: (/** @type {any} */ input) => {
-                    setupCalled = true;
-                    assert.strictEqual(input.capability.with, spaceDID);
-                    assert.strictEqual(input.capability.can, 'space/encryption/setup');
-                },
-                onKeyDecrypt: (/** @type {any} */ input) => {
-                    decryptCalled = true;
-                    assert.strictEqual(input.capability.with, spaceDID);
-                    assert.strictEqual(input.capability.can, 'space/encryption/key/decrypt');
-                },
-            });
-            // Override the decrypt handler to actually decrypt with the private key
-            service.space.encryption.key.decrypt = Server.provide(Space.EncryptionKeyDecrypt, async (input) => {
-                decryptCalled = true;
-                assert.strictEqual(input.capability.with, spaceDID);
-                assert.strictEqual(input.capability.can, 'space/encryption/key/decrypt');
-                // Get the encrypted key from the request
-                const encryptedKeyBytes = input.capability.nb.key;
-                const encryptedSymmetricKey = base64.encode(encryptedKeyBytes);
-                actualEncryptedKey = encryptedSymmetricKey;
-                // Decrypt with RSA private key (simulate real KMS decryption)
-                const encryptedBytes = encryptedKeyBytes;
-                const decryptedBytes = await globalThis.crypto.subtle.decrypt({ name: 'RSA-OAEP' }, keyPair.privateKey, encryptedBytes);
-                // Return the decrypted symmetric key as base64
-                const decryptedKey = base64.encode(new Uint8Array(decryptedBytes));
-                return Server.ok({
-                    decryptedSymmetricKey: decryptedKey,
-                });
-            });
-            // Create mock gateway server (HTTPS by default)
-            const keyManagerServiceServer = await createMockKeyManagerServer(service, keyManagerServiceDID, 5555);
-            // Create KMS adapter with HTTP allowed for testing
-            const symmetricCrypto = new GenericAesCtrStreamingCrypto();
-            const adapter = new KMSCryptoAdapter(symmetricCrypto, keyManagerServiceServer.url, keyManagerServiceDID.did(), { allowInsecureHttp: true } // Allow HTTP for testing
-            );
-            try {
-                // Create test file and encrypt it to get real symmetric keys
-                const testFile = new Uint8Array([1, 2, 3, 4, 5, 6, 7, 8, 9, 10]);
-                const testBlob = new Blob([testFile], {
-                    type: 'application/octet-stream',
-                });
-                // Encrypt the file to get real symmetric keys
-                const { key, iv } = await adapter.encryptStream(testBlob);
-                const encryptionConfig = {
-                    issuer,
-                    spaceDID,
-                    location: 'us-central1',
-                    keyring: 'test-keyring',
-                };
-                // Test key encryption with real symmetric keys - this will call the mock setup
-                const encryptResult = await adapter.encryptSymmetricKey(key, iv, encryptionConfig);
-                assert(setupCalled, 'EncryptionSetup should have been called');
-                assert.strictEqual(encryptResult.strategy, 'kms');
-                const kmsMetadata = 
-                /** @type {import('../src/types.js').KMSKeyMetadata} */ (encryptResult.metadata);
-                assert.strictEqual(kmsMetadata.space, spaceDID);
-                assert.strictEqual(kmsMetadata.kms.provider, 'google-kms');
-                assert.strictEqual(kmsMetadata.kms.algorithm, 'RSA-OAEP-2048-SHA256');
-                assert(typeof encryptResult.encryptedKey === 'string');
-                // Test key decryption - this will call the mock decrypt
-                const decryptionConfig = {
-                    spaceDID,
-                    decryptDelegation: delegationProof,
-                    proofs: [],
-                };
-                const mockMetadata = {
-                    strategy: /** @type {'kms'} */ ('kms'),
-                    encryptedDataCID: 'bafybeid',
-                    encryptedSymmetricKey: encryptResult.encryptedKey,
-                    space: spaceDID,
-                    kms: kmsMetadata.kms,
-                };
-                const decryptResult = await adapter.decryptSymmetricKey(encryptResult.encryptedKey, {
-                    decryptionConfig,
-                    metadata: mockMetadata,
-                    resourceCID: 
-                    /** @type {import('@storacha/upload-client/types').AnyLink} */ (
-                    /** @type {any} */ ('bafybeid')),
-                    issuer,
-                    audience: keyManagerServiceDID.did(),
-                });
-                // Verify the round-trip worked
-                assert(setupCalled, 'EncryptionSetup should have been called');
-                assert(decryptCalled, 'KeyDecrypt should have been called');
-                assert(decryptResult.key instanceof Uint8Array, 'Decrypted key should be Uint8Array');
-                assert(decryptResult.iv instanceof Uint8Array, 'Decrypted IV should be Uint8Array');
-                // Most importantly: verify the decrypted keys match the original
-                assert.deepStrictEqual(decryptResult.key, key, 'Decrypted key should match original key');
-                assert.deepStrictEqual(decryptResult.iv, iv, 'Decrypted IV should match original IV');
-                // Verify the encrypted key was actually encrypted (different from original)
-                const originalCombined = adapter.symmetricCrypto.combineKeyAndIV(key, iv);
-                const originalBase64 = base64.encode(originalCombined);
-                assert.notStrictEqual(actualEncryptedKey, originalBase64, 'Encrypted key should be different from original');
-            }
-            catch (error) {
-                console.error('Test failed with error:', error);
-                throw error;
-            }
-            finally {
-                // Clean up server
-                await keyManagerServiceServer.close();
-            }
-        });
-        await test('should handle encryption setup errors gracefully', async () => {
-            const fixtures = await createTestFixtures();
-            const { keyManagerServiceDID, spaceDID, issuer } = fixtures;
-            // Create service that returns errors
-            const service = createMockKeyManagerService({
-                mockPublicKey: 'invalid',
-                onEncryptionSetup: () => {
-                    // This will be called but service will return error
-                },
-            });
-            // Override service to return error
-            service.space.encryption.setup = Server.provide(Space.EncryptionSetup, async () => {
-                return Server.error({
-                    name: 'SpaceNotProvisioned',
-                    message: 'Space is not provisioned for encryption',
-                });
-            });
-            const keyManagerServiceServer = await createMockKeyManagerServer(service, keyManagerServiceDID, 5556);
-            const symmetricCrypto = new GenericAesCtrStreamingCrypto();
-            const adapter = new KMSCryptoAdapter(symmetricCrypto, keyManagerServiceServer.url, keyManagerServiceDID.did(), { allowInsecureHttp: true } // Allow HTTP for testing
-            );
-            try {
-                const testKey = new Uint8Array(32).fill(1);
-                const testIV = new Uint8Array(16).fill(2);
-                const encryptionConfig = {
-                    issuer,
-                    spaceDID,
-                };
-                // Should throw error
-                await assert.rejects(() => adapter.encryptSymmetricKey(testKey, testIV, encryptionConfig), /Space is not provisioned for encryption/);
-            }
-            finally {
-                await keyManagerServiceServer.close();
-            }
-        });
-        await test('should handle key decryption errors gracefully', async () => {
-            const fixtures = await createTestFixtures();
-            const { keyManagerServiceDID, spaceDID, issuer, delegationProof } = fixtures;
-            // Create service that returns errors for decrypt
-            const service = createMockKeyManagerService({
-                mockPublicKey: 'mock-key',
-            });
-            // Override decrypt service to return error
-            service.space.encryption.key.decrypt = Server.provide(Space.EncryptionKeyDecrypt, async () => {
-                return Server.error({
-                    name: 'KeyNotFound',
-                    message: 'KMS key not found',
-                });
-            });
-            const keyManagerServiceServer = await createMockKeyManagerServer(service, keyManagerServiceDID, 5557);
-            const symmetricCrypto = new GenericAesCtrStreamingCrypto();
-            const adapter = new KMSCryptoAdapter(symmetricCrypto, keyManagerServiceServer.url, keyManagerServiceDID.did(), { allowInsecureHttp: true } // Allow HTTP for testing
-            );
-            const decryptionOptions = {
-                spaceDID,
-                decryptDelegation: delegationProof,
-            };
-            const mockKey = new Uint8Array([1, 2, 3]); // test value as bytes
-            const mockKeyString = base64.encode(mockKey);
-            const mockMetadata = {
-                strategy: /** @type {'kms'} */ ('kms'),
-                encryptedDataCID: 'bafybeid',
-                key: mockKey, // use bytes, not string
-                space: spaceDID,
-                kms: {
-                    provider: /** @type {'google-kms'} */ ('google-kms'),
-                    keyId: 'test-key',
-                    algorithm: /** @type {'RSA-OAEP-2048-SHA256'} */ ('RSA-OAEP-2048-SHA256'),
-                },
-            };
-            const decryptConfigs = /** @type {any} */ ({
-                decryptionConfig: decryptionOptions,
-                metadata: mockMetadata,
-                delegationCAR: new Uint8Array(),
-                resourceCID: 'bafybeid',
-                issuer,
-                audience: keyManagerServiceDID.did(),
-            });
-            try {
-                // Should throw error
-                await assert.rejects(() => adapter.decryptSymmetricKey(mockKeyString, decryptConfigs), /KMS key not found/);
-            }
-            finally {
-                await keyManagerServiceServer.close();
-            }
-        });
-    });
-    await describe('Validation Tests', async () => {
-        await test('should validate required decryption parameters', async () => {
-            const symmetricCrypto = new GenericAesCtrStreamingCrypto();
-            const adapter = new KMSCryptoAdapter(symmetricCrypto, 'https://mock-gateway.example.com', 'did:web:mock');
-            const invalidConfigs = /** @type {any} */ ({
-                decryptionConfig: {}, // Missing spaceDID and decryptDelegation
-                metadata: { strategy: 'kms' },
-                delegationCAR: new Uint8Array(),
-                resourceCID: 'bafybeid',
-                issuer: null,
-                audience: 'did:web:mock',
-            });
-            await assert.rejects(() => adapter.decryptSymmetricKey('key', invalidConfigs), /SpaceDID and decryptDelegation are required/);
-        });
-        await test('should validate issuer is provided', async () => {
-            const fixtures = await createTestFixtures();
-            const { spaceDID, delegationProof } = fixtures;
-            const symmetricCrypto = new GenericAesCtrStreamingCrypto();
-            const adapter = new KMSCryptoAdapter(symmetricCrypto, 'https://mock-gateway.example.com', 'did:web:mock');
-            const invalidConfigs = /** @type {any} */ ({
-                decryptionConfig: { spaceDID, decryptDelegation: delegationProof },
-                metadata: { strategy: 'kms' },
-                delegationCAR: new Uint8Array(),
-                resourceCID: 'bafybeid',
-                issuer: null, // Missing issuer
-                audience: 'did:web:mock',
-            });
-            await assert.rejects(() => adapter.decryptSymmetricKey('key', invalidConfigs), /Issuer is required/);
-        });
-        await test('should reject non-KMS metadata', async () => {
-            const symmetricCrypto = new GenericAesCtrStreamingCrypto();
-            const adapter = new KMSCryptoAdapter(symmetricCrypto, 'https://mock-gateway.example.com', 'did:web:mock');
-            const invalidConfigs = /** @type {any} */ ({
-                decryptionOptions: { spaceDID: 'did:key:test', delegationProof: {} },
-                metadata: { strategy: 'lit' }, // Wrong strategy
-                delegationCAR: new Uint8Array(),
-                resourceCID: 'bafybeid',
-                issuer: {},
-                audience: 'did:web:mock',
-            });
-            await assert.rejects(() => adapter.decryptSymmetricKey('key', invalidConfigs), /KMSCryptoAdapter can only handle KMS metadata/);
-        });
-    });
-});
-//# sourceMappingURL=kms-crypto-adapter.spec.js.map

package/dist/test/lit-crypto-adapter.spec.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=lit-crypto-adapter.spec.d.ts.map

package/dist/test/lit-crypto-adapter.spec.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"lit-crypto-adapter.spec.d.ts","sourceRoot":"","sources":["../../test/lit-crypto-adapter.spec.js"],"names":[],"mappings":""}

package/dist/test/lit-crypto-adapter.spec.js

@@ -1,120 +0,0 @@
-import './setup.js';
-import { test, describe } from 'node:test';
-import assert from 'node:assert';
-import { GenericAesCtrStreamingCrypto } from '../src/crypto/symmetric/generic-aes-ctr-streaming-crypto.js';
-import { NodeAesCbcCrypto } from '../src/crypto/symmetric/node-aes-cbc-crypto.js';
-import { LitCryptoAdapter } from '../src/crypto/adapters/lit-crypto-adapter.js';
-import { stringToUint8Array, streamToUint8Array, uint8ArrayToString, } from './helpers/test-file-utils.js';
-// Mock Lit client - cast to any for testing
-const mockLitClient = /** @type {any} */ ({
-// Add mock methods as needed
-});
-await describe('LitCryptoAdapter', async () => {
-    await describe('Generic AES-CTR Crypto Implementation', async () => {
-        await test('should delegate symmetric crypto operations to the generic implementation', async () => {
-            const symmetricCrypto = new GenericAesCtrStreamingCrypto();
-            const adapter = new LitCryptoAdapter(symmetricCrypto, mockLitClient);
-            const originalText = 'Op, this is a test for strategy-based encryption!';
-            const blob = new Blob([stringToUint8Array(originalText)]);
-            // Test that it delegates to the symmetric crypto implementation
-            const { key, iv, encryptedStream } = await adapter.encryptStream(blob);
-            assert(key instanceof Uint8Array, 'Key should be a Uint8Array');
-            assert(iv instanceof Uint8Array, 'IV should be a Uint8Array');
-            assert(encryptedStream instanceof ReadableStream, 'Encrypted stream should be a ReadableStream');
-            // Test decryption delegation
-            const decryptedStream = await adapter.decryptStream(encryptedStream, key, iv);
-            const decryptedBytes = await streamToUint8Array(decryptedStream);
-            const decryptedText = uint8ArrayToString(decryptedBytes);
-            assert.strictEqual(decryptedText, originalText, 'Decrypted text should match original');
-        });
-        await test('should initialize Generic Lit adapter with correct configuration', async () => {
-            const symmetricCrypto = new GenericAesCtrStreamingCrypto();
-            const adapter = new LitCryptoAdapter(symmetricCrypto, mockLitClient);
-            // Test that the adapter has the required methods
-            assert(typeof adapter.encryptSymmetricKey === 'function', 'encryptSymmetricKey should be a function');
-            assert(typeof adapter.decryptSymmetricKey === 'function', 'decryptSymmetricKey should be a function');
-            // Verify adapter has the lit client
-            assert.strictEqual(adapter.litClient, mockLitClient, 'Adapter should store the Lit client');
-            // Verify it uses the correct crypto implementation
-            assert(adapter.symmetricCrypto instanceof GenericAesCtrStreamingCrypto, 'Should use GenericAesCtrStreamingCrypto');
-        });
-    });
-    await describe('Node.js AES-CBC Crypto Implementation (Legacy)', async () => {
-        await test('should delegate symmetric crypto operations to the Node.js implementation', async () => {
-            const symmetricCrypto = new NodeAesCbcCrypto();
-            const adapter = new LitCryptoAdapter(symmetricCrypto, mockLitClient);
-            const originalText = 'Op, this is a test for legacy Node.js encryption!';
-            const blob = new Blob([stringToUint8Array(originalText)]);
-            // Test that it delegates to the symmetric crypto implementation
-            const { key, iv, encryptedStream } = await adapter.encryptStream(blob);
-            assert(key instanceof Uint8Array, 'Key should be a Uint8Array');
-            assert(iv instanceof Uint8Array, 'IV should be a Uint8Array');
-            assert(encryptedStream instanceof ReadableStream, 'Encrypted stream should be a ReadableStream');
-            // Test decryption delegation
-            const decryptedStream = await adapter.decryptStream(encryptedStream, key, iv);
-            const decryptedBytes = await streamToUint8Array(decryptedStream);
-            const decryptedText = uint8ArrayToString(decryptedBytes);
-            assert.strictEqual(decryptedText, originalText, 'Decrypted text should match original');
-        });
-        await test('should initialize Node.js Lit adapter with correct configuration', async () => {
-            const symmetricCrypto = new NodeAesCbcCrypto();
-            const adapter = new LitCryptoAdapter(symmetricCrypto, mockLitClient);
-            // Test that the adapter has the required methods
-            assert(typeof adapter.encryptSymmetricKey === 'function', 'encryptSymmetricKey should be a function');
-            assert(typeof adapter.decryptSymmetricKey === 'function', 'decryptSymmetricKey should be a function');
-            // Verify adapter has the lit client
-            assert.strictEqual(adapter.litClient, mockLitClient, 'Adapter should store the Lit client');
-            // Verify it uses the correct crypto implementation
-            assert(adapter.symmetricCrypto instanceof NodeAesCbcCrypto, 'Should use NodeAesCbcCrypto');
-        });
-    });
-    await describe('Cross-Implementation Compatibility', async () => {
-        await test('should demonstrate algorithm differences between implementations', async () => {
-            const genericCrypto = new GenericAesCtrStreamingCrypto();
-            const nodeCrypto = new NodeAesCbcCrypto();
-            const genericAdapter = new LitCryptoAdapter(genericCrypto, mockLitClient);
-            const nodeAdapter = new LitCryptoAdapter(nodeCrypto, mockLitClient);
-            const originalText = 'Test data for algorithm comparison';
-            const blob = new Blob([stringToUint8Array(originalText)]);
-            // Encrypt with both adapters
-            const genericResult = await genericAdapter.encryptStream(blob);
-            const nodeResult = await nodeAdapter.encryptStream(blob);
-            // Convert streams to bytes
-            const genericEncrypted = await streamToUint8Array(genericResult.encryptedStream);
-            const nodeEncrypted = await streamToUint8Array(nodeResult.encryptedStream);
-            // Verify they produce different results (different algorithms)
-            assert.notDeepEqual(genericEncrypted, nodeEncrypted, 'AES-CTR and AES-CBC should produce different encrypted outputs');
-            // Verify both can decrypt their own data
-            const genericDecryptStream = new ReadableStream({
-                start(controller) {
-                    controller.enqueue(genericEncrypted);
-                    controller.close();
-                },
-            });
-            const nodeDecryptStream = new ReadableStream({
-                start(controller) {
-                    controller.enqueue(nodeEncrypted);
-                    controller.close();
-                },
-            });
-            const genericDecrypted = await genericAdapter.decryptStream(genericDecryptStream, genericResult.key, genericResult.iv);
-            const nodeDecrypted = await nodeAdapter.decryptStream(nodeDecryptStream, nodeResult.key, nodeResult.iv);
-            const genericDecryptedBytes = await streamToUint8Array(genericDecrypted);
-            const nodeDecryptedBytes = await streamToUint8Array(nodeDecrypted);
-            // Both should decrypt to the same original text
-            assert.strictEqual(uint8ArrayToString(genericDecryptedBytes), originalText, 'Generic adapter should decrypt correctly');
-            assert.strictEqual(uint8ArrayToString(nodeDecryptedBytes), originalText, 'Node adapter should decrypt correctly');
-            console.log('Both crypto implementations work with Lit adapter but produce different encrypted outputs');
-        });
-        await test('should verify factory function behavior', async () => {
-            const { createGenericLitAdapter, createNodeLitAdapter } = await import('../src/crypto/factories.node.js');
-            const genericAdapter = createGenericLitAdapter(mockLitClient);
-            const nodeAdapter = createNodeLitAdapter(mockLitClient);
-            // Verify factory functions create adapters with correct crypto implementations
-            assert(genericAdapter.symmetricCrypto instanceof GenericAesCtrStreamingCrypto, 'Generic factory should create adapter with GenericAesCtrStreamingCrypto');
-            assert(nodeAdapter.symmetricCrypto instanceof NodeAesCbcCrypto, 'Node factory should create adapter with NodeAesCbcCrypto');
-            console.log('Factory functions create adapters with correct crypto implementations');
-        });
-    });
-});
-//# sourceMappingURL=lit-crypto-adapter.spec.js.map

package/dist/test/memory-efficiency.spec.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=memory-efficiency.spec.d.ts.map

package/dist/test/memory-efficiency.spec.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"memory-efficiency.spec.d.ts","sourceRoot":"","sources":["../../test/memory-efficiency.spec.js"],"names":[],"mappings":""}

package/dist/test/memory-efficiency.spec.js

@@ -1,93 +0,0 @@
-import './setup.js';
-import { test, describe } from 'node:test';
-import assert from 'node:assert';
-import { GenericAesCtrStreamingCrypto } from '../src/crypto/symmetric/generic-aes-ctr-streaming-crypto.js';
-import { createTestFile } from './helpers/test-file-utils.js';
-/**
- * These tests demonstrate why streaming is necessary for large files.
- * They show that buffered approaches fail with memory errors while streaming succeeds.
- */
-await describe('Memory Efficiency - Why Streaming Matters', async () => {
-    await test('should show streaming handles progressively larger files', async () => {
-        const streamingCrypto = new GenericAesCtrStreamingCrypto();
-        // Test with multiple sizes to show streaming scales linearly
-        const testSizes = [5, 10, 15, 20, 50, 100, 500, 1000]; // MB - sizes that would challenge buffered approaches
-        for (const sizeMB of testSizes) {
-            console.log(`Processing ${sizeMB}MB file...`);
-            const testFile = createTestFile(sizeMB);
-            const startTime = Date.now();
-            const { encryptedStream } = await streamingCrypto.encryptStream(testFile);
-            let processedBytes = 0;
-            let chunkCount = 0;
-            const reader = encryptedStream.getReader();
-            try {
-                // eslint-disable-next-line no-constant-condition
-                while (true) {
-                    const { done, value } = await reader.read();
-                    if (done)
-                        break;
-                    processedBytes += value.length;
-                    chunkCount++;
-                }
-            }
-            finally {
-                reader.releaseLock();
-            }
-            const processingTime = Date.now() - startTime;
-            const throughput = processedBytes / 1024 / 1024 / (processingTime / 1000); // MB/s
-            assert.strictEqual(processedBytes, testFile.size, `Should process entire ${sizeMB}MB file`);
-            console.log(`✓ ${sizeMB}MB: ${chunkCount} chunks, ${throughput.toFixed(1)} MB/s`);
-        }
-        console.log('DEMONSTRATED: Streaming handles large files with consistent performance');
-    });
-    await test('should project memory behavior for realistic file sizes', async () => {
-        const streamingCrypto = new GenericAesCtrStreamingCrypto();
-        // Test with a size we can actually handle to project larger files
-        const testFile = createTestFile(5); // 5MB
-        const getMemoryUsage = () => {
-            if (globalThis.gc)
-                globalThis.gc();
-            return process.memoryUsage ? process.memoryUsage().heapUsed : 0;
-        };
-        const baseMemory = getMemoryUsage();
-        const { encryptedStream } = await streamingCrypto.encryptStream(testFile);
-        let peakMemoryDelta = 0;
-        let processedBytes = 0;
-        const reader = encryptedStream.getReader();
-        try {
-            // eslint-disable-next-line no-constant-condition
-            while (true) {
-                const { done, value } = await reader.read();
-                if (done)
-                    break;
-                processedBytes += value.length;
-                // Sample memory usage
-                const currentMemory = getMemoryUsage();
-                const memoryDelta = currentMemory - baseMemory;
-                peakMemoryDelta = Math.max(peakMemoryDelta, memoryDelta);
-            }
-        }
-        finally {
-            reader.releaseLock();
-        }
-        const peakMemoryMB = peakMemoryDelta / 1024 / 1024;
-        const fileSize = testFile.size / 1024 / 1024;
-        const memoryEfficiency = (peakMemoryDelta / testFile.size) * 100;
-        console.log(`File size: ${fileSize.toFixed(1)}MB`);
-        console.log(`Peak memory delta: ${peakMemoryMB.toFixed(2)}MB`);
-        console.log(`Memory efficiency: ${memoryEfficiency.toFixed(1)}% of file size`);
-        // Project to larger file sizes
-        console.log('\nProjected memory usage:');
-        const projectedSizes = [100, 1000, 5000]; // MB = 100MB, 1GB, 5GB
-        for (const sizeMB of projectedSizes) {
-            const projectedMemory = (memoryEfficiency / 100) * sizeMB;
-            const sizeLabel = sizeMB >= 1000 ? `${sizeMB / 1000}GB` : `${sizeMB}MB`;
-            console.log(`  ${sizeLabel}: ~${projectedMemory.toFixed(1)}MB memory`);
-        }
-        // Memory should be bounded (much less than file size)
-        assert(peakMemoryMB < fileSize, 'Streaming should use less memory than file size');
-        assert(memoryEfficiency < 50, 'Memory usage should be less than 50% of file size');
-        console.log('DEMONSTRATED: Streaming memory usage scales sub-linearly with file size');
-    });
-});
-//# sourceMappingURL=memory-efficiency.spec.js.map

package/dist/test/mocks/key-manager.d.ts

@@ -1,58 +0,0 @@
-/**
- * Create mock KMS service with proper capability handlers
- *
- * @param {object} options
- * @param {string} options.mockPublicKey - Mock RSA public key in PEM format
- * @param {string} [options.mockProvider] - Mock KMS provider
- * @param {string} [options.mockAlgorithm] - Mock algorithm
- * @param {Function} [options.onEncryptionSetup] - Optional callback for setup calls
- * @param {Function} [options.onKeyDecrypt] - Optional callback for decrypt calls
- */
-export function createMockKeyManagerService(options: {
-    mockPublicKey: string;
-    mockProvider?: string | undefined;
-    mockAlgorithm?: string | undefined;
-    onEncryptionSetup?: Function | undefined;
-    onKeyDecrypt?: Function | undefined;
-}): {
-    space: {
-        encryption: {
-            setup: Server.ServiceMethod<Server.API.Capability<"space/encryption/setup", `did:key:${string}` & `did:${string}` & Server.API.Phantom<{
-                protocol: "did:";
-            }>, Partial<Pick<{
-                location: string | undefined;
-                keyring: string | undefined;
-            }, "location" | "keyring">>>, {
-                publicKey: string;
-                provider: string;
-                algorithm: string;
-            }, Server.API.Failure & {
-                name: string;
-                message: string;
-            }>;
-            key: {
-                decrypt: Server.ServiceMethod<Server.API.Capability<"space/encryption/key/decrypt", `did:key:${string}` & `did:${string}` & Server.API.Phantom<{
-                    protocol: "did:";
-                }>, Pick<{
-                    key: Uint8Array<ArrayBufferLike>;
-                }, "key">>, {
-                    decryptedSymmetricKey: string;
-                }, Server.API.Failure & {
-                    name: string;
-                    message: string;
-                }>;
-            };
-        };
-    };
-};
-/**
- * Create a mock key manager service server
- *
- * @param {object} service - The service object with capability handlers
- * @param {*} keyManagerServiceDID - The key manager service DID keypair
- * @param {number} port - The port to listen on
- * @param {boolean} [useHttps] - Whether to use HTTPS URLs (testing HTTPS scenarios)
- */
-export function createMockKeyManagerServer(service: object, keyManagerServiceDID: any, port: number, useHttps?: boolean): Promise<any>;
-import * as Server from '@ucanto/server';
-//# sourceMappingURL=key-manager.d.ts.map

package/dist/test/mocks/key-manager.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"key-manager.d.ts","sourceRoot":"","sources":["../../../test/mocks/key-manager.js"],"names":[],"mappings":"AAMA;;;;;;;;;GASG;AACH,qDANG;IAAwB,aAAa,EAA7B,MAAM;IACW,YAAY;IACZ,aAAa;IACX,iBAAiB;IACjB,YAAY;CACzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAwEA;AAED;;;;;;;GAOG;AACH,oDALW,MAAM,wBACN,GAAC,QACD,MAAM,aACN,OAAO,gBA6DjB;wBA3JuB,gBAAgB"}