@wipcomputer/wip-ldm-os 0.4.85-alpha.2 → 0.4.85-alpha.20

package/scripts/test-crc-agentid-tenant-boundary.mjs

@@ -0,0 +1,80 @@
+import { createHash } from "node:crypto";
+import { readFileSync } from "node:fs";
+
+const server = readFileSync("src/hosted-mcp/server.mjs", "utf8");
+
+function assertContains(needle, label) {
+  if (!server.includes(needle)) {
+    throw new Error(`${label} missing expected text: ${needle}`);
+  }
+}
+
+function assertNotContains(needle, label) {
+  if (server.includes(needle)) {
+    throw new Error(`${label} still contains forbidden text: ${needle}`);
+  }
+}
+
+assertContains('const ACCOUNT_TENANT_PREFIX = "acct:";', "account tenant prefix");
+assertContains('const LEGACY_API_KEY_TENANT_PREFIX = "key:";', "legacy key tenant prefix");
+assertContains('function accountTenantIdForUserId(userId)', "account tenant helper");
+assertContains('function identityForApiKey(key)', "api key identity helper");
+assertContains('return identityForApiKey(key);', "http auth uses identity helper");
+assertContains("const agentId = accountTenantIdForUserId(stored.userId);", "registration uses immutable account tenant");
+assertContains("function sanitizeDisplayLabel(raw)", "display label sanitizer");
+assertContains('replace(/[\\u0000-\\u001f\\u007f]/g, "").replace(/\\s+/g, " ").trim().slice(0, 64)', "display label sanitizer preserves label semantics");
+assertContains("const displayLabel = sanitizeDisplayLabel(body?.displayName || body?.username);", "registration treats entered name as display label");
+assertContains("displayLabel,", "registration challenge stores display label");
+assertContains("await saveApiKey(apiKey, agentId, { handle: credentialLabel });", "registration stores handle separately");
+assertContains("p.handle = identity.handle;", "pair stores display handle separately");
+assertContains("handle: identity.handle,", "relay metadata returns display handle");
+assertContains("codexDaemons.has(identity.agentId)", "daemon presence uses tenant id");
+assertContains("codexDaemonPubkeyRegistry.get(identity.agentId)", "daemon pubkey uses tenant id");
+assertContains("agentId: identity.agentId,", "relay tickets bind tenant id");
+assertContains("handle: identity.handle,", "relay tickets preserve display handle");
+assertContains("codexDaemons.set(identity.agentId, ws);", "daemon ws keyed by tenant id");
+assertContains("const key = codexRelayKey(identity.agentId, threadId);", "web ws keyed by tenant id");
+assertContains("const daemonWs = codexDaemons.get(identity.agentId);", "web sends to tenant daemon");
+assertNotContains("const agentId = stored.username || (\"passkey-\"", "registration must not use chosen handle as tenant");
+assertNotContains("const existingKey = Object.entries(API_KEYS).find(([k, v]) => v === agentId);", "oauth must not reuse chosen handle as tenant");
+assertNotContains("function isUsernameTaken", "display labels must not be globally unique usernames");
+assertNotContains("function sanitizeUsername", "display labels must not be modeled as usernames");
+assertNotContains('json(res, 409, { error: "reserved_handle"', "display labels must not be blocked as reserved security handles");
+assertNotContains('json(res, 409, { error: "handle_taken"', "duplicate display labels must be allowed");
+
+function legacyTenantIdForApiKey(key) {
+  return "key:" + createHash("sha256").update(key).digest("base64url").slice(0, 32);
+}
+
+function accountTenantIdForUserId(userId) {
+  return "acct:" + userId;
+}
+
+const chosenHandle = "parker-smoke-test";
+const sharedDisplayLabel = "Parker";
+const accountA = accountTenantIdForUserId("user-a");
+const accountB = accountTenantIdForUserId("user-b");
+const threadId = "thread-019dfa";
+if (accountA === accountB) {
+  throw new Error("different user ids collapsed to one account tenant");
+}
+if (`${sharedDisplayLabel}:${threadId}` === `${accountA}:${threadId}` || `${sharedDisplayLabel}:${threadId}` === `${accountB}:${threadId}`) {
+  throw new Error("display label was used as a relay route key");
+}
+
+const legacyA = legacyTenantIdForApiKey("ck-a");
+const legacyB = legacyTenantIdForApiKey("ck-b");
+if (legacyA === legacyB) {
+  throw new Error("legacy API-key tenants collided");
+}
+
+const webKeyA = `${accountA}:${threadId}`;
+const webKeyB = `${accountB}:${threadId}`;
+if (webKeyA === webKeyB) {
+  throw new Error("same display handle can still collide across account tenants");
+}
+if (`${chosenHandle}:${threadId}` === webKeyA || `${chosenHandle}:${threadId}` === webKeyB) {
+  throw new Error("model still keys relay routes by display handle");
+}
+
+console.log("crc agentId tenant boundary checks passed");

package/scripts/test-crc-e2ee-key-persistence.mjs

@@ -0,0 +1,150 @@
+import { readFileSync } from "node:fs";
+import {
+  buildCodexBootstrapPayload,
+  createCodexDaemonPubkeyRegistry,
+} from "../src/hosted-mcp/codex-relay-e2ee-registry.mjs";
+
+const server = readFileSync("src/hosted-mcp/server.mjs", "utf8");
+const registrySource = readFileSync("src/hosted-mcp/codex-relay-e2ee-registry.mjs", "utf8");
+const deployScript = readFileSync("src/hosted-mcp/deploy.sh", "utf8");
+
+function assertContains(haystack, needle, label) {
+  if (!haystack.includes(needle)) {
+    throw new Error(`${label} missing expected text: ${needle}`);
+  }
+}
+
+function assertBefore(haystack, first, second, label) {
+  const firstIndex = haystack.indexOf(first);
+  const secondIndex = haystack.indexOf(second);
+  if (firstIndex === -1 || secondIndex === -1 || firstIndex >= secondIndex) {
+    throw new Error(`${label} expected "${first}" before "${second}"`);
+  }
+}
+
+function assert(condition, label, detail = "") {
+  if (!condition) throw new Error(`${label}${detail ? ": " + detail : ""}`);
+}
+
+function bootstrapPayloadFor(registry, identity, threadId, daemonOnline = true) {
+  return buildCodexBootstrapPayload({
+    identity,
+    threadId,
+    daemonOnline,
+    daemonKey: registry.get(identity.agentId),
+  });
+}
+
+function createFakePrisma() {
+  const rows = new Map();
+  return {
+    rows,
+    async $executeRawUnsafe(sql, tenantId, pubkey, cryptoVersionsJson) {
+      if (/CREATE TABLE IF NOT EXISTS codex_daemon_e2ee_keys/.test(sql)) return;
+      if (/CREATE TABLE IF NOT EXISTS codex_daemon_e2ee_key_audit/.test(sql)) return;
+      if (/INSERT INTO codex_daemon_e2ee_keys/.test(sql)) {
+        rows.set(tenantId, {
+          tenant_id: tenantId,
+          pubkey,
+          crypto_versions_json: cryptoVersionsJson,
+          registered_at: new Date("2026-05-11T17:37:18.000Z"),
+        });
+        return;
+      }
+      if (/INSERT INTO codex_daemon_e2ee_key_audit/.test(sql)) return;
+      throw new Error("unexpected fake prisma execute: " + sql);
+    },
+    async $queryRawUnsafe(sql) {
+      if (/FROM codex_daemon_e2ee_keys/.test(sql)) return [...rows.values()];
+      throw new Error("unexpected fake prisma query: " + sql);
+    },
+  };
+}
+
+function createSilentLogger() {
+  return { log() {}, error() {} };
+}
+
+assertContains(registrySource, "CREATE TABLE IF NOT EXISTS codex_daemon_e2ee_keys", "persistent key table");
+assertContains(registrySource, "async function loadFromDb()", "boot load helper");
+assertContains(registrySource, "async function persist(agentId, pubkey, cryptoVersions)", "persist helper");
+assertContains(registrySource, "function register(agentId, pubkey, cryptoVersions, source)", "registration helper");
+assertContains(registrySource, "pubkeys.set(agentId, {", "registration updates in-memory bootstrap cache");
+assertContains(registrySource, "return persist(agentId, pubkey, normalizedVersions)", "registration persists after cache update");
+assertContains(server, "await codexDaemonPubkeyRegistry.loadFromDb();", "server boot load call");
+assertContains(server, "await codexDaemonPubkeyRegistry.register(identity.agentId, p.daemon_public_key, p.crypto_versions, \"pair-complete\");", "pair-complete persists key");
+assertContains(server, "if (envelope?.type === \"daemon.identity\") {", "daemon reconnect identity frame");
+assertContains(server, "codexDaemonPubkeyRegistry.register(", "daemon reconnect register call");
+assertContains(server, "buildCodexBootstrapPayload({ identity, threadId, daemonOnline, daemonKey })", "bootstrap uses shared payload builder");
+assertContains(deployScript, "codex-relay-e2ee-registry.mjs", "hosted deploy copies registry module");
+assertBefore(
+  server,
+  "await codexDaemonPubkeyRegistry.loadFromDb();",
+  "function handleCodexBootstrap(req, res, threadId)",
+  "persisted keys load before bootstrap handler",
+);
+
+const identity = {
+  agentId: "acct:test-user-a",
+  tenantId: "acct:test-user-a",
+  handle: "Parker smoke test",
+  apiKey: "ck-test",
+};
+const threadId = "019dfa1e-0c3d-7f01-86b9-9a22cd452bde";
+
+const fakePrisma = createFakePrisma();
+const registryBeforeRestart = createCodexDaemonPubkeyRegistry({
+  usePrisma: true,
+  prisma: fakePrisma,
+  devMode: false,
+  logger: createSilentLogger(),
+});
+await registryBeforeRestart.register(identity.agentId, "spki-key-before-restart", ["e2ee-v1"], "pair-complete");
+
+const beforeRestartBootstrap = bootstrapPayloadFor(registryBeforeRestart, identity, threadId);
+assert(beforeRestartBootstrap.e2ee_available === true, "bootstrap reports e2ee before restart");
+assert(beforeRestartBootstrap.daemon_public_key === "spki-key-before-restart", "bootstrap returns registered daemon key before restart");
+
+const registryAfterRestart = createCodexDaemonPubkeyRegistry({
+  usePrisma: true,
+  prisma: fakePrisma,
+  devMode: false,
+  logger: createSilentLogger(),
+});
+await registryAfterRestart.loadFromDb();
+
+const afterRestartBootstrap = bootstrapPayloadFor(registryAfterRestart, identity, threadId);
+assert(afterRestartBootstrap.e2ee_available === true, "bootstrap reports e2ee after restart from persisted key");
+assert(afterRestartBootstrap.daemon_public_key === "spki-key-before-restart", "bootstrap restores persisted daemon key after restart");
+assert(afterRestartBootstrap.daemon_crypto_versions?.[0] === "e2ee-v1", "bootstrap restores crypto versions after restart");
+
+const emptyFakePrisma = createFakePrisma();
+const registryBeforeReconnect = createCodexDaemonPubkeyRegistry({
+  usePrisma: true,
+  prisma: emptyFakePrisma,
+  devMode: false,
+  logger: createSilentLogger(),
+});
+await registryBeforeReconnect.loadFromDb();
+const beforeReconnectBootstrap = bootstrapPayloadFor(registryBeforeReconnect, identity, threadId);
+assert(beforeReconnectBootstrap.e2ee_available === false, "bootstrap is not e2ee available before daemon reconnect when no key exists");
+assert(beforeReconnectBootstrap.daemon_public_key === null, "bootstrap has no daemon key before daemon reconnect");
+
+await registryBeforeReconnect.register(identity.agentId, "spki-key-from-daemon-reconnect", [], "daemon-reconnect");
+const afterReconnectBootstrap = bootstrapPayloadFor(registryBeforeReconnect, identity, threadId);
+assert(afterReconnectBootstrap.e2ee_available === true, "bootstrap reports e2ee after daemon reconnect self-heal");
+assert(afterReconnectBootstrap.daemon_public_key === "spki-key-from-daemon-reconnect", "bootstrap returns daemon reconnect key");
+assert(afterReconnectBootstrap.daemon_crypto_versions?.[0] === "e2ee-v1", "daemon reconnect defaults crypto version");
+
+const registryAfterReconnectRestart = createCodexDaemonPubkeyRegistry({
+  usePrisma: true,
+  prisma: emptyFakePrisma,
+  devMode: false,
+  logger: createSilentLogger(),
+});
+await registryAfterReconnectRestart.loadFromDb();
+const afterReconnectRestartBootstrap = bootstrapPayloadFor(registryAfterReconnectRestart, identity, threadId);
+assert(afterReconnectRestartBootstrap.e2ee_available === true, "daemon reconnect key is persisted for the next restart");
+assert(afterReconnectRestartBootstrap.daemon_public_key === "spki-key-from-daemon-reconnect", "daemon reconnect key survives restart");
+
+console.log("crc e2ee key persistence restart regression checks passed");

package/scripts/test-crc-e2ee-session-route.mjs

@@ -0,0 +1,129 @@
+import { readFileSync } from "node:fs";
+
+const server = readFileSync("src/hosted-mcp/server.mjs", "utf8");
+
+function assertContains(needle, label) {
+  if (!server.includes(needle)) {
+    throw new Error(`${label} missing expected text: ${needle}`);
+  }
+}
+
+function assertBefore(first, second, label) {
+  const firstIndex = server.indexOf(first);
+  const secondIndex = firstIndex === -1 ? -1 : server.indexOf(second, firstIndex + first.length);
+  if (firstIndex === -1 || secondIndex === -1 || firstIndex >= secondIndex) {
+    throw new Error(`${label} expected "${first}" before "${second}"`);
+  }
+}
+
+assertContains("const codexWebClients = new Map(); // `${agentId}:${threadId}` -> Set<ws>", "thread-keyed web client sets");
+assertContains("const codexE2eeSessionRoutes = new Map(); // `${agentId}:${e2eeSession}` -> { threadId, webKey, ws }", "e2ee session route map");
+assertContains("function registerCodexE2eeSessionRoute(agentId, e2eeSession, threadId, ws)", "route registration helper");
+assertContains("codexE2eeSessionRoutes.set(codexRelayKey(agentId, e2eeSession), { threadId, webKey, ws });", "route map stores e2ee session to thread");
+assertContains("function addCodexWebClient(webKey, ws)", "web client set add helper");
+assertContains("function removeCodexWebClient(webKey, ws)", "web client set remove helper");
+assertContains("function openCodexWebClientsForKey(webKey)", "web client set read helper");
+assertContains("function resolveCodexWebClientsForDaemonFrame(agentId, routeId)", "daemon route resolver");
+assertContains("const routed = codexE2eeSessionRoutes.get(codexRelayKey(agentId, routeId));", "daemon route lookup uses e2ee session map");
+assertContains("if (routed && routed.ws && routed.ws.readyState === routed.ws.OPEN) return [routed.ws];", "daemon route resolves to active owner socket");
+assertContains("return openCodexWebClientsForKey(codexRelayKey(agentId, routeId));", "daemon route keeps direct thread fallback");
+assertContains("const targets = resolveCodexWebClientsForDaemonFrame(identity.agentId, sessionId);", "daemon frames use route resolver");
+assertContains("for (const target of targets) {", "daemon frames send to every resolved target");
+assertContains("if (isCodexE2eeEnvelope(envelope) && envelope.session) {", "web e2ee messages are detected");
+assertContains("envelope.route_thread_id = threadId;", "relay injects ticket-bound thread into e2ee hello");
+assertContains("text = JSON.stringify(envelope);", "relay forwards the route-bound e2ee hello");
+assertContains("registerCodexE2eeSessionRoute(identity.agentId, envelope.session, threadId, ws);", "web e2ee session is registered");
+assertContains("const clientCount = addCodexWebClient(key, ws);", "new web connections are added without replacing existing clients");
+assertContains("removeCodexWebClient(key, ws);", "close cleanup removes only the closing socket");
+assertContains("removeCodexE2eeRoutesForWeb(identity.agentId, threadId, ws);", "close cleanup");
+assertContains("if (route.webKey === webKey && (!ws || route.ws === ws)) {", "cleanup only removes routes owned by the closing socket");
+assertBefore(
+  "envelope.route_thread_id = threadId;",
+  "daemonWs.send(text);",
+  "web route thread is injected before forwarding to daemon",
+);
+assertBefore(
+  "registerCodexE2eeSessionRoute(identity.agentId, envelope.session, threadId, ws);",
+  "daemonWs.send(text);",
+  "web session route registered before forwarding to daemon",
+);
+if (server.includes("const previous = codexWebClients.get(key);")) {
+  throw new Error("web client replacement lookup is still present");
+}
+if (server.includes("codexWebClients.set(key, ws);")) {
+  throw new Error("web client singleton set is still present");
+}
+
+const OPEN = 1;
+const agentId = "parker-smoke-test";
+const threadId = "thread-123";
+const e2eeSession = "e2ee-random-session-456";
+if (e2eeSession === threadId) {
+  throw new Error("test setup must use a random E2EE session distinct from threadId");
+}
+
+const modelWebClients = new Map();
+const modelRoutes = new Map();
+const webSocketA = { readyState: OPEN, OPEN };
+const webSocketB = { readyState: OPEN, OPEN };
+const webSocketC = { readyState: OPEN, OPEN };
+const webKey = `${agentId}:${threadId}`;
+
+function modelAddWebClient(ws) {
+  let clients = modelWebClients.get(webKey);
+  if (!clients) {
+    clients = new Set();
+    modelWebClients.set(webKey, clients);
+  }
+  clients.add(ws);
+}
+
+function modelRegister(session, ws) {
+  modelRoutes.set(`${agentId}:${session}`, { webKey, ws });
+}
+
+function modelResolve(routeId) {
+  const route = modelRoutes.get(`${agentId}:${routeId}`);
+  if (route && route.ws.readyState === route.ws.OPEN) return [route.ws];
+  const clients = modelWebClients.get(`${agentId}:${routeId}`) || new Set();
+  return [...clients].filter((webWs) => webWs.readyState === webWs.OPEN);
+}
+
+function modelRemoveOwnedRoutes(ws) {
+  for (const [routeKey, route] of modelRoutes) {
+    if (route.webKey === webKey && route.ws === ws) modelRoutes.delete(routeKey);
+  }
+}
+
+function modelRemoveWebClient(ws) {
+  const clients = modelWebClients.get(webKey);
+  if (!clients) return;
+  clients.delete(ws);
+  if (clients.size === 0) modelWebClients.delete(webKey);
+}
+
+modelAddWebClient(webSocketA);
+modelAddWebClient(webSocketB);
+modelRegister(e2eeSession, webSocketA);
+if (modelResolve(e2eeSession)[0] !== webSocketA) {
+  throw new Error("random E2EE session did not route to the owning thread web socket");
+}
+const threadTargets = modelResolve(threadId);
+if (threadTargets.length !== 2 || !threadTargets.includes(webSocketA) || !threadTargets.includes(webSocketB)) {
+  throw new Error("direct thread fallback did not broadcast to every thread web socket");
+}
+
+modelRemoveOwnedRoutes(webSocketA);
+modelRemoveWebClient(webSocketA);
+modelAddWebClient(webSocketC);
+modelRegister(e2eeSession, webSocketC);
+modelRemoveOwnedRoutes(webSocketA);
+if (modelResolve(e2eeSession)[0] !== webSocketC) {
+  throw new Error("old socket cleanup removed or stole the replacement E2EE route");
+}
+const remainingThreadTargets = modelResolve(threadId);
+if (remainingThreadTargets.length !== 2 || !remainingThreadTargets.includes(webSocketB) || !remainingThreadTargets.includes(webSocketC)) {
+  throw new Error("closing one web socket removed another browser client");
+}
+
+console.log("crc e2ee session route checks passed");

package/scripts/test-crc-pair-login-flow.mjs

@@ -0,0 +1,40 @@
+import { readFileSync } from "node:fs";
+
+const server = readFileSync("src/hosted-mcp/server.mjs", "utf8");
+const loginFiles = [
+  "src/hosted-mcp/app/kaleidoscope-login.html",
+  "src/hosted-mcp/demo/login.html",
+];
+
+function assertContains(source, needle, label) {
+  if (!source.includes(needle)) {
+    throw new Error(`${label} missing expected text: ${needle}`);
+  }
+}
+
+function assertBefore(source, first, second, label) {
+  const firstIndex = source.indexOf(first);
+  const secondIndex = source.indexOf(second);
+  if (firstIndex === -1 || secondIndex === -1 || firstIndex >= secondIndex) {
+    throw new Error(`${label} expected "${first}" before "${second}"`);
+  }
+}
+
+assertContains(server, "const PAIR_NEXT_REGEX = /^\\/pair\\/[ABCDEFGHJKLMNPQRSTUVWXYZ23456789]{6}$/;", "server pair regex");
+assertContains(server, "const REMOTE_CONTROL_NEXT_REGEX = /^\\/codex-remote-control\\/", "server remote-control regex");
+assertContains(server, "purpose,           // \"pair\" | null", "server stores pair purpose");
+assertContains(server, "next: next || null, // sanitized `/pair/<CODE>` or null", "server stores sanitized next");
+assertContains(server, "json(res, 200, { status: \"approved\", agentId: entry.agentId });", "server strips desktop pair status");
+assertContains(server, "json(res, 200, { ok: true, next: entry.next });", "server returns next to phone approve");
+
+for (const file of loginFiles) {
+  const html = readFileSync(file, "utf8");
+  assertContains(html, "function isPairNextOnDesktop()", `${file} desktop pair helper`);
+  assertContains(html, "} else if (isPairNextOnDesktop()) {", `${file} auto-start desktop pair QR`);
+  assertContains(html, "startQrLogin('', 'signin');", `${file} pair QR uses sign-in mode`);
+  assertContains(html, "if (approveResponse && typeof approveResponse.next === 'string' && isWhitelistedNext(approveResponse.next))", `${file} consumes approve next`);
+  assertContains(html, "if (urlNext && PAIR_NEXT_REGEX.test(urlNext))", `${file} desktop pair approved branch`);
+  assertBefore(html, "if (isPairNextOnDesktop() && !qrSessionMode)", "if (needsCustomQR() && !qrSessionMode)", `${file} create button forces pair QR before normal QR fallback`);
+}
+
+console.log("crc pair login flow checks passed");

package/scripts/test-crc-pair-relink-audit-and-rotation.mjs

@@ -0,0 +1,164 @@
+import { readFileSync } from "node:fs";
+import {
+  codexDaemonPubkeyFingerprint,
+  createCodexDaemonPubkeyRegistry,
+  evaluateCodexDaemonReconnectPubkey,
+} from "../src/hosted-mcp/codex-relay-e2ee-registry.mjs";
+
+const server = readFileSync("src/hosted-mcp/server.mjs", "utf8");
+const pairHtml = readFileSync("src/hosted-mcp/app/pair.html", "utf8");
+const loginHtml = readFileSync("src/hosted-mcp/app/kaleidoscope-login.html", "utf8");
+const registrySource = readFileSync("src/hosted-mcp/codex-relay-e2ee-registry.mjs", "utf8");
+const ticket = readFileSync("ai/product/bugs/codex-remote-control/2026-05-05--codex--remote-control-pair-relink-audit-and-rotation.md", "utf8");
+
+function assertContains(haystack, needle, label) {
+  if (!haystack.includes(needle)) {
+    throw new Error(`${label} missing expected text: ${needle}`);
+  }
+}
+
+function assert(condition, label, detail = "") {
+  if (!condition) throw new Error(`${label}${detail ? ": " + detail : ""}`);
+}
+
+function createSilentLogger() {
+  return { log() {}, error() {} };
+}
+
+assertContains(server, "const CODEX_PAIR_PRESENCE_TTL_MS = 2 * 60 * 1000;", "short pair presence ttl");
+assertContains(server, "const codexPairPresenceTokens = new Map();", "pair presence token store");
+assertContains(server, "function generateCodexPairPresenceToken(agentId)", "pair presence token mint");
+assertContains(server, "function consumeCodexPairPresenceToken(token, agentId)", "pair presence token consume");
+assertContains(server, "codex_pair_presence_token: generateCodexPairPresenceToken(agentId)", "registration mints pair presence token");
+assertContains(server, "codex_pair_presence_token: generateCodexPairPresenceToken(entry.agentId)", "authentication mints pair presence token");
+assertContains(server, 'error: "fresh_presence_required"', "pair-complete fresh presence rejection");
+assertContains(server, "consumeCodexPairPresenceToken(pairPresenceToken, identity.agentId)", "pair-complete consumes pair presence token");
+assertContains(server, 'json(res, 404, { error: "invalid or already-used code" });', "pair code reuse rejection");
+assertContains(server, 'json(res, 410, { error: "code expired or already used" });', "pair code expiry rejection");
+assertContains(server, "invalidateCodexBrowserSessionsForAgent(identity.agentId, \"daemon key replaced\")", "daemon replacement invalidates stale browser sessions");
+assertContains(server, "evaluateCodexDaemonReconnectPubkey(", "daemon reconnect checks existing key policy");
+assertContains(server, "daemon key change requires fresh pair", "changed daemon reconnect key requires pair flow");
+assertContains(server, "daemonIdentityAccepted = activateCodexDaemonWs();", "daemon only becomes active after identity is accepted");
+assertContains(server, "daemon already online", "duplicate daemon cannot evict an online daemon");
+assertContains(server, "daemon identity required", "daemon frames require identity before routing");
+assertContains(server, "p.replaced_daemon_key = !!daemonKeyResult?.replaced;", "pair state records replacement status");
+assertContains(server, "replaced_daemon_key: !!p.replaced_daemon_key", "pair-status exposes relink replacement status");
+assertContains(pairHtml, "codex_pair_presence_token: getPairPresenceToken()", "pair page sends pair presence token");
+assertContains(pairHtml, "fresh_presence_required", "pair page handles fresh presence error");
+assertContains(pairHtml, "Remote Control relinked this laptop.", "pair page gives relink message");
+assertContains(loginHtml, "wip_codex_pair_presence_token", "login carries pair presence token into pair page");
+assertContains(registrySource, "CREATE TABLE IF NOT EXISTS codex_daemon_e2ee_key_audit", "pair audit table");
+assertContains(registrySource, "old_pubkey_fingerprint", "audit stores old key fingerprint");
+assertContains(registrySource, "new_pubkey_fingerprint", "audit stores new key fingerprint");
+assertContains(ticket, "status: done", "ticket marked done");
+
+const oldFingerprint = codexDaemonPubkeyFingerprint("old-spki-key");
+const newFingerprint = codexDaemonPubkeyFingerprint("new-spki-key");
+assert(oldFingerprint && oldFingerprint.startsWith("sha256:"), "fingerprint has sha256 prefix");
+assert(oldFingerprint !== newFingerprint, "fingerprint changes when daemon key changes");
+
+const registry = createCodexDaemonPubkeyRegistry({
+  usePrisma: false,
+  devMode: false,
+  logger: createSilentLogger(),
+});
+const first = await registry.register("acct:test-user-a", "old-spki-key", ["e2ee-v1"], "pair-complete");
+assert(first.registered === true, "first pair registers key");
+assert(first.replaced === false, "first pair is not replacement");
+const second = await registry.register("acct:test-user-a", "new-spki-key", ["e2ee-v1"], "pair-complete");
+assert(second.registered === true, "relink registers new key");
+assert(second.replaced === true, "relink replacement is detected");
+assert(second.old_fingerprint === oldFingerprint, "relink reports old fingerprint");
+assert(second.new_fingerprint === newFingerprint, "relink reports new fingerprint");
+assert(registry.auditLog.length === 2, "registry keeps audit entries");
+assert(registry.auditLog[1].replaced === true, "audit marks replacement");
+assert(registry.auditLog[1].old_pubkey_fingerprint === oldFingerprint, "audit stores old fingerprint");
+assert(registry.auditLog[1].new_pubkey_fingerprint === newFingerprint, "audit stores new fingerprint");
+
+const firstReconnectPolicy = evaluateCodexDaemonReconnectPubkey(null, "daemon-reconnect-key");
+assert(firstReconnectPolicy.allowed === true, "daemon reconnect can self-heal when no key is registered");
+assert(firstReconnectPolicy.replaced === false, "first daemon reconnect is not a replacement");
+const sameReconnectPolicy = evaluateCodexDaemonReconnectPubkey({ pubkey: "daemon-reconnect-key" }, "daemon-reconnect-key");
+assert(sameReconnectPolicy.allowed === true, "daemon reconnect can re-register the same key");
+assert(sameReconnectPolicy.replaced === false, "same-key daemon reconnect is not a replacement");
+const changedReconnectPolicy = evaluateCodexDaemonReconnectPubkey({ pubkey: "daemon-reconnect-key" }, "attacker-reconnect-key");
+assert(changedReconnectPolicy.allowed === false, "daemon reconnect cannot replace an existing key");
+assert(changedReconnectPolicy.reason === "fresh_pair_required", "changed daemon reconnect requires fresh pair");
+assert(changedReconnectPolicy.replaced === true, "changed daemon reconnect is detected as replacement");
+assert(changedReconnectPolicy.old_fingerprint === codexDaemonPubkeyFingerprint("daemon-reconnect-key"), "changed reconnect reports old fingerprint");
+assert(changedReconnectPolicy.new_fingerprint === codexDaemonPubkeyFingerprint("attacker-reconnect-key"), "changed reconnect reports new fingerprint");
+const invalidReconnectPolicy = evaluateCodexDaemonReconnectPubkey({ pubkey: "daemon-reconnect-key" }, "");
+assert(invalidReconnectPolicy.allowed === false, "daemon reconnect rejects missing pubkey");
+assert(invalidReconnectPolicy.reason === "invalid_daemon_pubkey", "missing daemon reconnect pubkey has explicit reason");
+const oversizedReconnectPolicy = evaluateCodexDaemonReconnectPubkey(null, "x".repeat(1025));
+assert(oversizedReconnectPolicy.allowed === false, "daemon reconnect rejects oversized pubkey");
+assert(oversizedReconnectPolicy.reason === "invalid_daemon_pubkey", "oversized daemon reconnect pubkey has explicit reason");
+
+const executeCalls = [];
+const persistedRegistry = createCodexDaemonPubkeyRegistry({
+  usePrisma: true,
+  devMode: false,
+  logger: createSilentLogger(),
+  prisma: {
+    async $executeRawUnsafe(sql, ...args) {
+      executeCalls.push({ sql, args });
+      return 1;
+    },
+  },
+});
+await persistedRegistry.register("acct:test-user-b", "persisted-spki-key", ["e2ee-v1"], "daemon-reconnect");
+const auditInsert = executeCalls.find((call) => call.sql.includes("INSERT INTO codex_daemon_e2ee_key_audit"));
+assert(auditInsert, "audit insert executes for persisted registry");
+assert(auditInsert.sql.includes("$7::timestamptz"), "audit insert casts registered_at parameter to timestamptz");
+assert(typeof auditInsert.args[6] === "string" && auditInsert.args[6].includes("T"), "audit insert passes ISO registered_at value");
+
+function pairCompleteModel({ hasDaemonPublicKey, pairPresenceOk, previousPubkey, nextPubkey }) {
+  if (hasDaemonPublicKey && !pairPresenceOk) return { code: 403, error: "fresh_presence_required" };
+  const replaced = !!(previousPubkey && nextPubkey && previousPubkey !== nextPubkey);
+  return { code: 200, replaced };
+}
+
+assert(
+  pairCompleteModel({
+    hasDaemonPublicKey: true,
+    pairPresenceOk: false,
+    previousPubkey: "old",
+    nextPubkey: "new",
+  }).code === 403,
+  "ck token alone cannot replace daemon key",
+);
+assert(
+  pairCompleteModel({
+    hasDaemonPublicKey: true,
+    pairPresenceOk: true,
+    previousPubkey: "old",
+    nextPubkey: "new",
+  }).replaced === true,
+  "fresh pair presence permits relink",
+);
+assert(
+  pairCompleteModel({
+    hasDaemonPublicKey: true,
+    pairPresenceOk: true,
+    previousPubkey: null,
+    nextPubkey: "new",
+  }).replaced === false,
+  "fresh pair presence permits first pair",
+);
+
+function pairCodeModel(pair, codeKnown, now) {
+  if (!codeKnown) return { code: 404, error: "invalid or already-used code" };
+  if (!pair || pair.status !== "pending" || now > pair.expires) {
+    return { code: 410, error: "code expired or already used" };
+  }
+  pair.status = "completed";
+  return { code: 200 };
+}
+
+const pair = { status: "pending", expires: 100 };
+assert(pairCodeModel(pair, true, 10).code === 200, "first pair-complete succeeds");
+assert(pairCodeModel(pair, true, 20).code === 410, "pair code reuse fails");
+assert(pairCodeModel({ status: "pending", expires: 100 }, true, 200).code === 410, "expired pair code fails");
+assert(pairCodeModel(null, false, 10).code === 404, "unknown pair code fails");
+
+console.log("crc pair relink audit and rotation checks passed");

package/scripts/test-crc-pair-status-poll-token.mjs

@@ -0,0 +1,73 @@
+import { readFileSync } from "node:fs";
+
+const server = readFileSync("src/hosted-mcp/server.mjs", "utf8");
+
+function assertContains(needle, label) {
+  if (!server.includes(needle)) {
+    throw new Error(`${label} missing expected text: ${needle}`);
+  }
+}
+
+function assertNotContains(needle, label) {
+  if (server.includes(needle)) {
+    throw new Error(`${label} still contains forbidden text: ${needle}`);
+  }
+}
+
+assertContains("function generateCodexPairPollToken()", "pair poll token generator");
+assertContains('return "ppt_" + randomBytes(32).toString("base64url");', "pair poll token entropy");
+assertContains("function getBearerToken(req)", "bearer token helper");
+assertContains("const pollToken = generateCodexPairPollToken();", "pair-init mints poll token");
+assertContains("poll_token: pollToken,", "pair state stores poll token");
+assertContains("poll_token_used: false,", "pair state tracks token consumption");
+assertContains("pair_poll_token: pollToken,", "pair-init returns poll token to daemon");
+assertContains('json(res, 401, { error: "pair_poll_token_expired" });', "expired token rejected");
+assertContains('json(res, 401, { error: "invalid_pair_poll_token" });', "missing or wrong token rejected");
+assertContains("if (!pollToken || pollToken !== p.poll_token || p.poll_token_used)", "pair-status validates token");
+assertContains("p.poll_token_used = true;", "completed credential response consumes token");
+
+function pairStatusModel(pair, bearer, now) {
+  if (now > pair.expires) return { code: 401, body: { error: "pair_poll_token_expired" } };
+  if (!bearer || bearer !== pair.poll_token || pair.poll_token_used) {
+    return { code: 401, body: { error: "invalid_pair_poll_token" } };
+  }
+  if (pair.status === "completed") {
+    pair.poll_token_used = true;
+    return { code: 200, body: { status: "completed", api_key: pair.apiKey, handle: pair.handle } };
+  }
+  return { code: 200, body: { status: pair.status } };
+}
+
+const pair = {
+  status: "pending",
+  expires: 10_000,
+  poll_token: "ppt_good",
+  poll_token_used: false,
+  apiKey: "ck_secret",
+  handle: "Parker",
+};
+
+if (pairStatusModel({ ...pair }, null, 1).code !== 401) {
+  throw new Error("missing poll token should fail");
+}
+if (pairStatusModel({ ...pair }, "ppt_wrong", 1).code !== 401) {
+  throw new Error("wrong poll token should fail");
+}
+if (pairStatusModel({ ...pair }, "ppt_good", 20_000).code !== 401) {
+  throw new Error("expired poll token should fail");
+}
+if (pairStatusModel({ ...pair }, "ppt_good", 1).body.status !== "pending") {
+  throw new Error("correct poll token should return pending before completion");
+}
+
+const completedPair = { ...pair, status: "completed" };
+const completed = pairStatusModel(completedPair, "ppt_good", 1);
+if (completed.code !== 200 || completed.body.api_key !== "ck_secret") {
+  throw new Error("correct poll token should return completed credential once");
+}
+const replay = pairStatusModel(completedPair, "ppt_good", 1);
+if (replay.code !== 401) {
+  throw new Error("reused completed poll token should fail");
+}
+
+console.log("crc pair-status poll token checks passed");