npm - @wipcomputer/wip-ldm-os - Versions diffs - 0.4.85-alpha.10 → 0.4.85-alpha.11 - Mend

@wipcomputer/wip-ldm-os 0.4.85-alpha.10 → 0.4.85-alpha.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json +1 -1
package/scripts/test-crc-e2ee-key-persistence.mjs +122 -56
package/src/hosted-mcp/codex-relay-e2ee-registry.mjs +114 -0
package/src/hosted-mcp/server.mjs +16 -95

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-ldm-os",
-  "version": "0.4.85-alpha.10",
+  "version": "0.4.85-alpha.11",
   "type": "module",
   "description": "LDM OS: identity, memory, and sovereignty infrastructure for AI agents",
   "engines": {

package/scripts/test-crc-e2ee-key-persistence.mjs CHANGED Viewed

@@ -1,80 +1,146 @@
 import { readFileSync } from "node:fs";
+import {
+  buildCodexBootstrapPayload,
+  createCodexDaemonPubkeyRegistry,
+} from "../src/hosted-mcp/codex-relay-e2ee-registry.mjs";
 const server = readFileSync("src/hosted-mcp/server.mjs", "utf8");
+const registrySource = readFileSync("src/hosted-mcp/codex-relay-e2ee-registry.mjs", "utf8");
-function assertContains(needle, label) {
-  if (!server.includes(needle)) {
+function assertContains(haystack, needle, label) {
+  if (!haystack.includes(needle)) {
     throw new Error(`${label} missing expected text: ${needle}`);
   }
 }
-function assertBefore(first, second, label) {
-  const firstIndex = server.indexOf(first);
-  const secondIndex = server.indexOf(second);
+function assertBefore(haystack, first, second, label) {
+  const firstIndex = haystack.indexOf(first);
+  const secondIndex = haystack.indexOf(second);
   if (firstIndex === -1 || secondIndex === -1 || firstIndex >= secondIndex) {
     throw new Error(`${label} expected "${first}" before "${second}"`);
   }
 }
-assertContains("CREATE TABLE IF NOT EXISTS codex_daemon_e2ee_keys", "persistent key table");
-assertContains("async function loadCodexDaemonPubkeysFromDb()", "boot load helper");
-assertContains("await loadCodexDaemonPubkeysFromDb();", "boot load call");
-assertContains("async function persistCodexDaemonPubkey(agentId, pubkey, cryptoVersions)", "persist helper");
-assertContains("function registerCodexDaemonPubkey(agentId, pubkey, cryptoVersions, source)", "registration helper");
-assertContains("codexDaemonPubkeys.set(agentId, {", "registration updates in-memory bootstrap cache");
-assertContains("return persistCodexDaemonPubkey(agentId, pubkey, normalizedVersions)", "registration persists after cache update");
-assertContains("await registerCodexDaemonPubkey(identity.agentId, p.daemon_public_key, p.crypto_versions, \"pair-complete\");", "pair-complete persists key");
-assertContains("if (envelope?.type === \"daemon.identity\") {", "daemon reconnect identity frame");
-assertContains("envelope.daemon_public_key", "daemon identity carries public key");
-assertContains("envelope.crypto_versions", "daemon identity carries crypto versions");
-assertContains("\"daemon-reconnect\"", "daemon reconnect source marker");
-assertContains("const daemonKey = codexDaemonPubkeys.get(identity.agentId) || null;", "bootstrap uses loaded or registered key");
+function assert(condition, label, detail = "") {
+  if (!condition) throw new Error(`${label}${detail ? ": " + detail : ""}`);
+}
+function bootstrapPayloadFor(registry, identity, threadId, daemonOnline = true) {
+  return buildCodexBootstrapPayload({
+    identity,
+    threadId,
+    daemonOnline,
+    daemonKey: registry.get(identity.agentId),
+  });
+}
+function createFakePrisma() {
+  const rows = new Map();
+  return {
+    rows,
+    async $executeRawUnsafe(sql, tenantId, pubkey, cryptoVersionsJson) {
+      if (/CREATE TABLE IF NOT EXISTS codex_daemon_e2ee_keys/.test(sql)) return;
+      if (/INSERT INTO codex_daemon_e2ee_keys/.test(sql)) {
+        rows.set(tenantId, {
+          tenant_id: tenantId,
+          pubkey,
+          crypto_versions_json: cryptoVersionsJson,
+          registered_at: new Date("2026-05-11T17:37:18.000Z"),
+        });
+        return;
+      }
+      throw new Error("unexpected fake prisma execute: " + sql);
+    },
+    async $queryRawUnsafe(sql) {
+      if (/FROM codex_daemon_e2ee_keys/.test(sql)) return [...rows.values()];
+      throw new Error("unexpected fake prisma query: " + sql);
+    },
+  };
+}
+function createSilentLogger() {
+  return { log() {}, error() {} };
+}
+assertContains(registrySource, "CREATE TABLE IF NOT EXISTS codex_daemon_e2ee_keys", "persistent key table");
+assertContains(registrySource, "async function loadFromDb()", "boot load helper");
+assertContains(registrySource, "async function persist(agentId, pubkey, cryptoVersions)", "persist helper");
+assertContains(registrySource, "function register(agentId, pubkey, cryptoVersions, source)", "registration helper");
+assertContains(registrySource, "pubkeys.set(agentId, {", "registration updates in-memory bootstrap cache");
+assertContains(registrySource, "return persist(agentId, pubkey, normalizedVersions)", "registration persists after cache update");
+assertContains(server, "await codexDaemonPubkeyRegistry.loadFromDb();", "server boot load call");
+assertContains(server, "await codexDaemonPubkeyRegistry.register(identity.agentId, p.daemon_public_key, p.crypto_versions, \"pair-complete\");", "pair-complete persists key");
+assertContains(server, "if (envelope?.type === \"daemon.identity\") {", "daemon reconnect identity frame");
+assertContains(server, "codexDaemonPubkeyRegistry.register(", "daemon reconnect register call");
+assertContains(server, "buildCodexBootstrapPayload({ identity, threadId, daemonOnline, daemonKey })", "bootstrap uses shared payload builder");
 assertBefore(
-  "await loadCodexDaemonPubkeysFromDb();",
+  server,
+  "await codexDaemonPubkeyRegistry.loadFromDb();",
   "function handleCodexBootstrap(req, res, threadId)",
   "persisted keys load before bootstrap handler",
 );
-const modelPubkeys = new Map();
-const persistedRows = new Map();
+const identity = {
+  agentId: "acct:test-user-a",
+  tenantId: "acct:test-user-a",
+  handle: "Parker smoke test",
+  apiKey: "ck-test",
+};
+const threadId = "019dfa1e-0c3d-7f01-86b9-9a22cd452bde";
-function normalizeVersions(versions) {
-  const out = Array.isArray(versions)
-    ? versions.filter((v) => typeof v === "string" && v.length > 0 && v.length <= 32).slice(0, 8)
-    : [];
-  return out.length ? out : ["e2ee-v1"];
-}
+const fakePrisma = createFakePrisma();
+const registryBeforeRestart = createCodexDaemonPubkeyRegistry({
+  usePrisma: true,
+  prisma: fakePrisma,
+  devMode: false,
+  logger: createSilentLogger(),
+});
+await registryBeforeRestart.register(identity.agentId, "spki-key-before-restart", ["e2ee-v1"], "pair-complete");
-function modelRegister(agentId, pubkey, versions) {
-  const normalized = normalizeVersions(versions);
-  modelPubkeys.set(agentId, { pubkey, crypto_versions: normalized });
-  persistedRows.set(agentId, { pubkey, crypto_versions_json: JSON.stringify(normalized) });
-}
+const beforeRestartBootstrap = bootstrapPayloadFor(registryBeforeRestart, identity, threadId);
+assert(beforeRestartBootstrap.e2ee_available === true, "bootstrap reports e2ee before restart");
+assert(beforeRestartBootstrap.daemon_public_key === "spki-key-before-restart", "bootstrap returns registered daemon key before restart");
-function modelBootLoad() {
-  const restored = new Map();
-  for (const [agentId, row] of persistedRows) {
-    restored.set(agentId, {
-      pubkey: row.pubkey,
-      crypto_versions: normalizeVersions(JSON.parse(row.crypto_versions_json)),
-    });
-  }
-  return restored;
-}
+const registryAfterRestart = createCodexDaemonPubkeyRegistry({
+  usePrisma: true,
+  prisma: fakePrisma,
+  devMode: false,
+  logger: createSilentLogger(),
+});
+await registryAfterRestart.loadFromDb();
-modelRegister("acct:user-a", "spki-key-a", ["e2ee-v1"]);
-const afterRestart = modelBootLoad();
-if (afterRestart.get("acct:user-a")?.pubkey !== "spki-key-a") {
-  throw new Error("boot load did not restore persisted daemon pubkey");
-}
+const afterRestartBootstrap = bootstrapPayloadFor(registryAfterRestart, identity, threadId);
+assert(afterRestartBootstrap.e2ee_available === true, "bootstrap reports e2ee after restart from persisted key");
+assert(afterRestartBootstrap.daemon_public_key === "spki-key-before-restart", "bootstrap restores persisted daemon key after restart");
+assert(afterRestartBootstrap.daemon_crypto_versions?.[0] === "e2ee-v1", "bootstrap restores crypto versions after restart");
-modelRegister("acct:user-a", "spki-key-b", []);
-const afterReconnect = modelBootLoad();
-if (afterReconnect.get("acct:user-a")?.pubkey !== "spki-key-b") {
-  throw new Error("daemon reconnect did not replace persisted daemon pubkey");
-}
-if (afterReconnect.get("acct:user-a")?.crypto_versions?.[0] !== "e2ee-v1") {
-  throw new Error("daemon reconnect did not default crypto version");
-}
+const emptyFakePrisma = createFakePrisma();
+const registryBeforeReconnect = createCodexDaemonPubkeyRegistry({
+  usePrisma: true,
+  prisma: emptyFakePrisma,
+  devMode: false,
+  logger: createSilentLogger(),
+});
+await registryBeforeReconnect.loadFromDb();
+const beforeReconnectBootstrap = bootstrapPayloadFor(registryBeforeReconnect, identity, threadId);
+assert(beforeReconnectBootstrap.e2ee_available === false, "bootstrap is not e2ee available before daemon reconnect when no key exists");
+assert(beforeReconnectBootstrap.daemon_public_key === null, "bootstrap has no daemon key before daemon reconnect");
+await registryBeforeReconnect.register(identity.agentId, "spki-key-from-daemon-reconnect", [], "daemon-reconnect");
+const afterReconnectBootstrap = bootstrapPayloadFor(registryBeforeReconnect, identity, threadId);
+assert(afterReconnectBootstrap.e2ee_available === true, "bootstrap reports e2ee after daemon reconnect self-heal");
+assert(afterReconnectBootstrap.daemon_public_key === "spki-key-from-daemon-reconnect", "bootstrap returns daemon reconnect key");
+assert(afterReconnectBootstrap.daemon_crypto_versions?.[0] === "e2ee-v1", "daemon reconnect defaults crypto version");
+const registryAfterReconnectRestart = createCodexDaemonPubkeyRegistry({
+  usePrisma: true,
+  prisma: emptyFakePrisma,
+  devMode: false,
+  logger: createSilentLogger(),
+});
+await registryAfterReconnectRestart.loadFromDb();
+const afterReconnectRestartBootstrap = bootstrapPayloadFor(registryAfterReconnectRestart, identity, threadId);
+assert(afterReconnectRestartBootstrap.e2ee_available === true, "daemon reconnect key is persisted for the next restart");
+assert(afterReconnectRestartBootstrap.daemon_public_key === "spki-key-from-daemon-reconnect", "daemon reconnect key survives restart");
-console.log("crc e2ee key persistence checks passed");
+console.log("crc e2ee key persistence restart regression checks passed");

package/src/hosted-mcp/codex-relay-e2ee-registry.mjs ADDED Viewed

@@ -0,0 +1,114 @@
+export function normalizeCodexCryptoVersions(versions) {
+  const out = Array.isArray(versions)
+    ? versions.filter((v) => typeof v === "string" && v.length > 0 && v.length <= 32).slice(0, 8)
+    : [];
+  return out.length ? out : ["e2ee-v1"];
+}
+export function buildCodexBootstrapPayload({ identity, threadId, daemonOnline, daemonKey }) {
+  return {
+    handle: identity.handle,
+    thread_id: threadId,
+    daemon_online: daemonOnline,
+    daemon_public_key: daemonKey ? daemonKey.pubkey : null,
+    daemon_crypto_versions: daemonKey ? daemonKey.crypto_versions : null,
+    supported_crypto_versions: ["e2ee-v1"],
+    e2ee_available: !!daemonKey,
+  };
+}
+export function createCodexDaemonPubkeyRegistry({
+  usePrisma,
+  prisma,
+  devMode = false,
+  logger = console,
+} = {}) {
+  const pubkeys = new Map();
+  async function ensureStore() {
+    if (!usePrisma) return;
+    await prisma.$executeRawUnsafe(`
+      CREATE TABLE IF NOT EXISTS codex_daemon_e2ee_keys (
+        tenant_id TEXT PRIMARY KEY,
+        pubkey TEXT NOT NULL,
+        crypto_versions_json TEXT NOT NULL,
+        registered_at TIMESTAMPTZ NOT NULL DEFAULT now()
+      )
+    `);
+  }
+  async function loadFromDb() {
+    if (!usePrisma) return;
+    try {
+      await ensureStore();
+      const rows = await prisma.$queryRawUnsafe(`
+        SELECT tenant_id, pubkey, crypto_versions_json, registered_at
+        FROM codex_daemon_e2ee_keys
+      `);
+      for (const row of rows) {
+        let cryptoVersions = ["e2ee-v1"];
+        try { cryptoVersions = normalizeCodexCryptoVersions(JSON.parse(row.crypto_versions_json)); } catch {}
+        pubkeys.set(row.tenant_id, {
+          pubkey: row.pubkey,
+          crypto_versions: cryptoVersions,
+          registered_at: row.registered_at instanceof Date ? row.registered_at.toISOString() : String(row.registered_at),
+        });
+      }
+      logger.log("codex-relay: loaded " + rows.length + " persisted E2EE daemon pubkey(s)");
+    } catch (err) {
+      logger.error("codex-relay: failed to load persisted E2EE daemon pubkeys:", err.message);
+      if (!devMode) process.exit(1);
+    }
+  }
+  async function persist(agentId, pubkey, cryptoVersions) {
+    if (!usePrisma) return;
+    await ensureStore();
+    await prisma.$executeRawUnsafe(
+      `INSERT INTO codex_daemon_e2ee_keys
+        (tenant_id, pubkey, crypto_versions_json, registered_at)
+       VALUES ($1, $2, $3, now())
+       ON CONFLICT (tenant_id)
+       DO UPDATE SET
+        pubkey = EXCLUDED.pubkey,
+        crypto_versions_json = EXCLUDED.crypto_versions_json,
+        registered_at = EXCLUDED.registered_at`,
+      agentId,
+      pubkey,
+      JSON.stringify(cryptoVersions),
+    );
+  }
+  function register(agentId, pubkey, cryptoVersions, source) {
+    if (typeof agentId !== "string" || !agentId) return Promise.resolve(false);
+    if (typeof pubkey !== "string" || !pubkey || pubkey.length > 1024) return Promise.resolve(false);
+    const normalizedVersions = normalizeCodexCryptoVersions(cryptoVersions);
+    const registeredAt = new Date().toISOString();
+    pubkeys.set(agentId, {
+      pubkey,
+      crypto_versions: normalizedVersions,
+      registered_at: registeredAt,
+    });
+    logger.log("codex-relay: registered E2EE pubkey for " + agentId + " via " + source);
+    return persist(agentId, pubkey, normalizedVersions)
+      .then(() => true)
+      .catch((err) => {
+        logger.error("codex-relay: failed to persist E2EE pubkey for " + agentId + ":", err.message);
+        if (!devMode) throw err;
+        return false;
+      });
+  }
+  return {
+    pubkeys,
+    ensureStore,
+    loadFromDb,
+    register,
+    get(agentId) {
+      return pubkeys.get(agentId) || null;
+    },
+    clearMemoryForTest() {
+      pubkeys.clear();
+    },
+  };
+}

package/src/hosted-mcp/server.mjs CHANGED Viewed

@@ -23,6 +23,10 @@ import {
 import QRCode from "qrcode";
 import { WebSocketServer } from "ws";
 import { parse as parseUrlQs } from "node:querystring";
+import {
+  buildCodexBootstrapPayload,
+  createCodexDaemonPubkeyRegistry,
+} from "./codex-relay-e2ee-registry.mjs";
 // ── Settings ─────────────────────────────────────────────────────────
@@ -2607,7 +2611,7 @@ const codexE2eeSessionRoutes = new Map(); // `${agentId}:${e2eeSession}` -> { th
 // E2EE substrate (Phase 2.5).
 //
-// codexDaemonPubkeys: per tenant id, the most recently paired daemon's
+// codexDaemonPubkeyRegistry: per tenant id, the most recently paired daemon's
 //   public key (P-256 SPKI base64url) + supported crypto versions +
 //   registration timestamp. This is what the browser fetches via
 //   bootstrap before opening an encrypted session.
@@ -2616,92 +2620,17 @@ const codexE2eeSessionRoutes = new Map(); // `${agentId}:${e2eeSession}` -> { th
 //   ?token=ck-... in the browser WebSocket URL. Bound to a specific
 //   (agentId, threadId) so a leaked ticket cannot drive a different
 //   route, even by the same authenticated user.
-const codexDaemonPubkeys = new Map();   // tenantId -> { pubkey, crypto_versions, registered_at }
 const codexRelayTickets = new Map();    // ticket -> { agentId, threadId, expires, used }
 const CODEX_RELAY_TICKET_TTL_MS = 60 * 1000; // 60s; browser must connect immediately
-async function ensureCodexDaemonPubkeyStore() {
-  if (!usePrisma) return;
-  await prisma.$executeRawUnsafe(`
-    CREATE TABLE IF NOT EXISTS codex_daemon_e2ee_keys (
-      tenant_id TEXT PRIMARY KEY,
-      pubkey TEXT NOT NULL,
-      crypto_versions_json TEXT NOT NULL,
-      registered_at TIMESTAMPTZ NOT NULL DEFAULT now()
-    )
-  `);
-}
-function normalizeCodexCryptoVersions(versions) {
-  const out = Array.isArray(versions)
-    ? versions.filter((v) => typeof v === "string" && v.length > 0 && v.length <= 32).slice(0, 8)
-    : [];
-  return out.length ? out : ["e2ee-v1"];
-}
-async function loadCodexDaemonPubkeysFromDb() {
-  if (!usePrisma) return;
-  try {
-    await ensureCodexDaemonPubkeyStore();
-    const rows = await prisma.$queryRawUnsafe(`
-      SELECT tenant_id, pubkey, crypto_versions_json, registered_at
-      FROM codex_daemon_e2ee_keys
-    `);
-    for (const row of rows) {
-      let cryptoVersions = ["e2ee-v1"];
-      try { cryptoVersions = normalizeCodexCryptoVersions(JSON.parse(row.crypto_versions_json)); } catch {}
-      codexDaemonPubkeys.set(row.tenant_id, {
-        pubkey: row.pubkey,
-        crypto_versions: cryptoVersions,
-        registered_at: row.registered_at instanceof Date ? row.registered_at.toISOString() : String(row.registered_at),
-      });
-    }
-    console.log("codex-relay: loaded " + rows.length + " persisted E2EE daemon pubkey(s)");
-  } catch (err) {
-    console.error("codex-relay: failed to load persisted E2EE daemon pubkeys:", err.message);
-    if (!DEV_MODE) process.exit(1);
-  }
-}
-async function persistCodexDaemonPubkey(agentId, pubkey, cryptoVersions) {
-  if (!usePrisma) return;
-  await ensureCodexDaemonPubkeyStore();
-  await prisma.$executeRawUnsafe(
-    `INSERT INTO codex_daemon_e2ee_keys
-      (tenant_id, pubkey, crypto_versions_json, registered_at)
-     VALUES ($1, $2, $3, now())
-     ON CONFLICT (tenant_id)
-     DO UPDATE SET
-      pubkey = EXCLUDED.pubkey,
-      crypto_versions_json = EXCLUDED.crypto_versions_json,
-      registered_at = EXCLUDED.registered_at`,
-    agentId,
-    pubkey,
-    JSON.stringify(cryptoVersions),
-  );
-}
-function registerCodexDaemonPubkey(agentId, pubkey, cryptoVersions, source) {
-  if (typeof agentId !== "string" || !agentId) return Promise.resolve(false);
-  if (typeof pubkey !== "string" || !pubkey || pubkey.length > 1024) return Promise.resolve(false);
-  const normalizedVersions = normalizeCodexCryptoVersions(cryptoVersions);
-  const registeredAt = new Date().toISOString();
-  codexDaemonPubkeys.set(agentId, {
-    pubkey,
-    crypto_versions: normalizedVersions,
-    registered_at: registeredAt,
-  });
-  console.log("codex-relay: registered E2EE pubkey for " + agentId + " via " + source);
-  return persistCodexDaemonPubkey(agentId, pubkey, normalizedVersions)
-    .then(() => true)
-    .catch((err) => {
-      console.error("codex-relay: failed to persist E2EE pubkey for " + agentId + ":", err.message);
-      if (!DEV_MODE) throw err;
-      return false;
-    });
-}
+const codexDaemonPubkeyRegistry = createCodexDaemonPubkeyRegistry({
+  usePrisma,
+  prisma,
+  devMode: DEV_MODE,
+  logger: console,
+});
-await loadCodexDaemonPubkeysFromDb();
+await codexDaemonPubkeyRegistry.loadFromDb();
 function codexRelayKey(agentId, id) {
   return agentId + ":" + id;
@@ -2876,7 +2805,7 @@ async function handleCodexPairComplete(req, res) {
   // authenticated immutable tenant id. The display handle is returned
   // as metadata only.
   if (p.daemon_public_key) {
-    await registerCodexDaemonPubkey(identity.agentId, p.daemon_public_key, p.crypto_versions, "pair-complete");
+    await codexDaemonPubkeyRegistry.register(identity.agentId, p.daemon_public_key, p.crypto_versions, "pair-complete");
   }
   delete codexPairingByCode[code];
   console.log("codex-relay: paired daemon for tenant " + identity.agentId + " handle " + identity.handle);
@@ -2901,16 +2830,8 @@ function handleCodexBootstrap(req, res, threadId) {
   if (!identity) { json(res, 401, { error: "Unauthorized" }); return; }
   if (!threadId) { json(res, 400, { error: "missing threadId" }); return; }
   const daemonOnline = codexDaemons.has(identity.agentId);
-  const daemonKey = codexDaemonPubkeys.get(identity.agentId) || null;
-  json(res, 200, {
-    handle: identity.handle,
-    thread_id: threadId,
-    daemon_online: daemonOnline,
-    daemon_public_key: daemonKey ? daemonKey.pubkey : null,
-    daemon_crypto_versions: daemonKey ? daemonKey.crypto_versions : null,
-    supported_crypto_versions: ["e2ee-v1"],
-    e2ee_available: !!daemonKey,
-  });
+  const daemonKey = codexDaemonPubkeyRegistry.get(identity.agentId);
+  json(res, 200, buildCodexBootstrapPayload({ identity, threadId, daemonOnline, daemonKey }));
 }
 // POST /api/codex-relay/ws-ticket
@@ -3141,7 +3062,7 @@ httpServer.on("upgrade", (req, socket, head) => {
         let envelope = null;
         try { envelope = JSON.parse(text); } catch {}
         if (envelope?.type === "daemon.identity") {
-          void registerCodexDaemonPubkey(
+          void codexDaemonPubkeyRegistry.register(
             identity.agentId,
             envelope.daemon_public_key,
             envelope.crypto_versions,