npm - cojson - Versions diffs - 0.19.22 → 0.20.1 - Mend

cojson 0.19.22 → 0.20.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (223) hide show

package/.turbo/turbo-build.log +1 -1
package/CHANGELOG.md +66 -0
package/dist/PeerState.d.ts +6 -1
package/dist/PeerState.d.ts.map +1 -1
package/dist/PeerState.js +18 -3
package/dist/PeerState.js.map +1 -1
package/dist/coValueContentMessage.d.ts +0 -2
package/dist/coValueContentMessage.d.ts.map +1 -1
package/dist/coValueContentMessage.js +0 -8
package/dist/coValueContentMessage.js.map +1 -1
package/dist/coValueCore/SessionMap.d.ts +4 -2
package/dist/coValueCore/SessionMap.d.ts.map +1 -1
package/dist/coValueCore/SessionMap.js +30 -0
package/dist/coValueCore/SessionMap.js.map +1 -1
package/dist/coValueCore/coValueCore.d.ts +70 -5
package/dist/coValueCore/coValueCore.d.ts.map +1 -1
package/dist/coValueCore/coValueCore.js +302 -31
package/dist/coValueCore/coValueCore.js.map +1 -1
package/dist/coValueCore/verifiedState.d.ts +6 -1
package/dist/coValueCore/verifiedState.d.ts.map +1 -1
package/dist/coValueCore/verifiedState.js +9 -0
package/dist/coValueCore/verifiedState.js.map +1 -1
package/dist/coValues/coList.d.ts +4 -2
package/dist/coValues/coList.d.ts.map +1 -1
package/dist/coValues/coList.js +3 -0
package/dist/coValues/coList.js.map +1 -1
package/dist/coValues/group.d.ts.map +1 -1
package/dist/coValues/group.js +3 -6
package/dist/coValues/group.js.map +1 -1
package/dist/config.d.ts +2 -8
package/dist/config.d.ts.map +1 -1
package/dist/config.js +4 -12
package/dist/config.js.map +1 -1
package/dist/crypto/NapiCrypto.d.ts +1 -2
package/dist/crypto/NapiCrypto.d.ts.map +1 -1
package/dist/crypto/NapiCrypto.js +19 -4
package/dist/crypto/NapiCrypto.js.map +1 -1
package/dist/crypto/RNCrypto.d.ts.map +1 -1
package/dist/crypto/RNCrypto.js +19 -4
package/dist/crypto/RNCrypto.js.map +1 -1
package/dist/crypto/WasmCrypto.d.ts +11 -4
package/dist/crypto/WasmCrypto.d.ts.map +1 -1
package/dist/crypto/WasmCrypto.js +52 -10
package/dist/crypto/WasmCrypto.js.map +1 -1
package/dist/crypto/WasmCryptoEdge.d.ts +1 -0
package/dist/crypto/WasmCryptoEdge.d.ts.map +1 -1
package/dist/crypto/WasmCryptoEdge.js +4 -1
package/dist/crypto/WasmCryptoEdge.js.map +1 -1
package/dist/crypto/crypto.d.ts +3 -3
package/dist/crypto/crypto.d.ts.map +1 -1
package/dist/crypto/crypto.js +6 -1
package/dist/crypto/crypto.js.map +1 -1
package/dist/exports.d.ts +5 -5
package/dist/exports.d.ts.map +1 -1
package/dist/exports.js +4 -3
package/dist/exports.js.map +1 -1
package/dist/ids.d.ts +4 -1
package/dist/ids.d.ts.map +1 -1
package/dist/ids.js +4 -0
package/dist/ids.js.map +1 -1
package/dist/knownState.d.ts +2 -0
package/dist/knownState.d.ts.map +1 -1
package/dist/localNode.d.ts +12 -0
package/dist/localNode.d.ts.map +1 -1
package/dist/localNode.js +14 -0
package/dist/localNode.js.map +1 -1
package/dist/platformUtils.d.ts +3 -0
package/dist/platformUtils.d.ts.map +1 -0
package/dist/platformUtils.js +24 -0
package/dist/platformUtils.js.map +1 -0
package/dist/queue/LinkedList.d.ts +9 -3
package/dist/queue/LinkedList.d.ts.map +1 -1
package/dist/queue/LinkedList.js +30 -1
package/dist/queue/LinkedList.js.map +1 -1
package/dist/queue/OutgoingLoadQueue.d.ts +95 -0
package/dist/queue/OutgoingLoadQueue.d.ts.map +1 -0
package/dist/queue/OutgoingLoadQueue.js +240 -0
package/dist/queue/OutgoingLoadQueue.js.map +1 -0
package/dist/storage/DeletedCoValuesEraserScheduler.d.ts +30 -0
package/dist/storage/DeletedCoValuesEraserScheduler.d.ts.map +1 -0
package/dist/storage/DeletedCoValuesEraserScheduler.js +84 -0
package/dist/storage/DeletedCoValuesEraserScheduler.js.map +1 -0
package/dist/storage/sqlite/client.d.ts +3 -0
package/dist/storage/sqlite/client.d.ts.map +1 -1
package/dist/storage/sqlite/client.js +44 -0
package/dist/storage/sqlite/client.js.map +1 -1
package/dist/storage/sqlite/sqliteMigrations.d.ts.map +1 -1
package/dist/storage/sqlite/sqliteMigrations.js +7 -0
package/dist/storage/sqlite/sqliteMigrations.js.map +1 -1
package/dist/storage/sqliteAsync/client.d.ts +3 -0
package/dist/storage/sqliteAsync/client.d.ts.map +1 -1
package/dist/storage/sqliteAsync/client.js +42 -0
package/dist/storage/sqliteAsync/client.js.map +1 -1
package/dist/storage/storageAsync.d.ts +7 -0
package/dist/storage/storageAsync.d.ts.map +1 -1
package/dist/storage/storageAsync.js +48 -0
package/dist/storage/storageAsync.js.map +1 -1
package/dist/storage/storageSync.d.ts +6 -0
package/dist/storage/storageSync.d.ts.map +1 -1
package/dist/storage/storageSync.js +42 -0
package/dist/storage/storageSync.js.map +1 -1
package/dist/storage/types.d.ts +59 -0
package/dist/storage/types.d.ts.map +1 -1
package/dist/storage/types.js +12 -1
package/dist/storage/types.js.map +1 -1
package/dist/sync.d.ts.map +1 -1
package/dist/sync.js +66 -43
package/dist/sync.js.map +1 -1
package/dist/tests/DeletedCoValuesEraserScheduler.test.d.ts +2 -0
package/dist/tests/DeletedCoValuesEraserScheduler.test.d.ts.map +1 -0
package/dist/tests/DeletedCoValuesEraserScheduler.test.js +149 -0
package/dist/tests/DeletedCoValuesEraserScheduler.test.js.map +1 -0
package/dist/tests/GarbageCollector.test.js +5 -6
package/dist/tests/GarbageCollector.test.js.map +1 -1
package/dist/tests/LinkedList.test.js +90 -0
package/dist/tests/LinkedList.test.js.map +1 -1
package/dist/tests/OutgoingLoadQueue.test.d.ts +2 -0
package/dist/tests/OutgoingLoadQueue.test.d.ts.map +1 -0
package/dist/tests/OutgoingLoadQueue.test.js +814 -0
package/dist/tests/OutgoingLoadQueue.test.js.map +1 -0
package/dist/tests/StorageApiAsync.test.js +484 -152
package/dist/tests/StorageApiAsync.test.js.map +1 -1
package/dist/tests/StorageApiSync.test.js +505 -136
package/dist/tests/StorageApiSync.test.js.map +1 -1
package/dist/tests/WasmCrypto.test.js +6 -3
package/dist/tests/WasmCrypto.test.js.map +1 -1
package/dist/tests/coValueCore.loadFromStorage.test.js +3 -0
package/dist/tests/coValueCore.loadFromStorage.test.js.map +1 -1
package/dist/tests/coValueCore.test.js +34 -13
package/dist/tests/coValueCore.test.js.map +1 -1
package/dist/tests/coreWasm.test.js +127 -4
package/dist/tests/coreWasm.test.js.map +1 -1
package/dist/tests/crypto.test.js +89 -93
package/dist/tests/crypto.test.js.map +1 -1
package/dist/tests/deleteCoValue.test.d.ts +2 -0
package/dist/tests/deleteCoValue.test.d.ts.map +1 -0
package/dist/tests/deleteCoValue.test.js +313 -0
package/dist/tests/deleteCoValue.test.js.map +1 -0
package/dist/tests/group.removeMember.test.js +18 -30
package/dist/tests/group.removeMember.test.js.map +1 -1
package/dist/tests/knownState.lazyLoading.test.js +3 -0
package/dist/tests/knownState.lazyLoading.test.js.map +1 -1
package/dist/tests/sync.concurrentLoad.test.d.ts +2 -0
package/dist/tests/sync.concurrentLoad.test.d.ts.map +1 -0
package/dist/tests/sync.concurrentLoad.test.js +481 -0
package/dist/tests/sync.concurrentLoad.test.js.map +1 -0
package/dist/tests/sync.deleted.test.d.ts +2 -0
package/dist/tests/sync.deleted.test.d.ts.map +1 -0
package/dist/tests/sync.deleted.test.js +214 -0
package/dist/tests/sync.deleted.test.js.map +1 -0
package/dist/tests/sync.mesh.test.js +3 -2
package/dist/tests/sync.mesh.test.js.map +1 -1
package/dist/tests/sync.storage.test.js +4 -3
package/dist/tests/sync.storage.test.js.map +1 -1
package/dist/tests/sync.test.js +3 -2
package/dist/tests/sync.test.js.map +1 -1
package/dist/tests/testStorage.d.ts +3 -0
package/dist/tests/testStorage.d.ts.map +1 -1
package/dist/tests/testStorage.js +17 -1
package/dist/tests/testStorage.js.map +1 -1
package/dist/tests/testUtils.d.ts +7 -3
package/dist/tests/testUtils.d.ts.map +1 -1
package/dist/tests/testUtils.js +19 -4
package/dist/tests/testUtils.js.map +1 -1
package/package.json +6 -16
package/src/PeerState.ts +26 -3
package/src/coValueContentMessage.ts +0 -14
package/src/coValueCore/SessionMap.ts +43 -1
package/src/coValueCore/coValueCore.ts +415 -27
package/src/coValueCore/verifiedState.ts +26 -3
package/src/coValues/coList.ts +9 -3
package/src/coValues/group.ts +5 -6
package/src/config.ts +4 -13
package/src/crypto/NapiCrypto.ts +29 -13
package/src/crypto/RNCrypto.ts +29 -11
package/src/crypto/WasmCrypto.ts +67 -20
package/src/crypto/WasmCryptoEdge.ts +5 -1
package/src/crypto/crypto.ts +16 -4
package/src/exports.ts +4 -2
package/src/ids.ts +11 -1
package/src/localNode.ts +15 -0
package/src/platformUtils.ts +26 -0
package/src/queue/LinkedList.ts +34 -4
package/src/queue/OutgoingLoadQueue.ts +307 -0
package/src/storage/DeletedCoValuesEraserScheduler.ts +124 -0
package/src/storage/sqlite/client.ts +77 -0
package/src/storage/sqlite/sqliteMigrations.ts +7 -0
package/src/storage/sqliteAsync/client.ts +75 -0
package/src/storage/storageAsync.ts +62 -0
package/src/storage/storageSync.ts +58 -0
package/src/storage/types.ts +69 -0
package/src/sync.ts +78 -46
package/src/tests/DeletedCoValuesEraserScheduler.test.ts +185 -0
package/src/tests/GarbageCollector.test.ts +6 -10
package/src/tests/LinkedList.test.ts +111 -0
package/src/tests/OutgoingLoadQueue.test.ts +1129 -0
package/src/tests/StorageApiAsync.test.ts +572 -162
package/src/tests/StorageApiSync.test.ts +580 -143
package/src/tests/WasmCrypto.test.ts +8 -3
package/src/tests/coValueCore.loadFromStorage.test.ts +6 -0
package/src/tests/coValueCore.test.ts +49 -14
package/src/tests/coreWasm.test.ts +319 -10
package/src/tests/crypto.test.ts +141 -150
package/src/tests/deleteCoValue.test.ts +528 -0
package/src/tests/group.removeMember.test.ts +35 -35
package/src/tests/knownState.lazyLoading.test.ts +6 -0
package/src/tests/sync.concurrentLoad.test.ts +650 -0
package/src/tests/sync.deleted.test.ts +294 -0
package/src/tests/sync.mesh.test.ts +5 -2
package/src/tests/sync.storage.test.ts +6 -3
package/src/tests/sync.test.ts +5 -2
package/src/tests/testStorage.ts +31 -2
package/src/tests/testUtils.ts +31 -10
package/dist/crypto/PureJSCrypto.d.ts +0 -77
package/dist/crypto/PureJSCrypto.d.ts.map +0 -1
package/dist/crypto/PureJSCrypto.js +0 -236
package/dist/crypto/PureJSCrypto.js.map +0 -1
package/dist/tests/PureJSCrypto.test.d.ts +0 -2
package/dist/tests/PureJSCrypto.test.d.ts.map +0 -1
package/dist/tests/PureJSCrypto.test.js +0 -145
package/dist/tests/PureJSCrypto.test.js.map +0 -1
package/src/crypto/PureJSCrypto.ts +0 -429
package/src/tests/PureJSCrypto.test.ts +0 -217

package/src/tests/crypto.test.ts CHANGED Viewed

@@ -3,176 +3,167 @@ import { x25519 } from "@noble/curves/ed25519";
 import { blake3 } from "@noble/hashes/blake3";
 import { base58, base64url } from "@scure/base";
 import { expect, test, vi } from "vitest";
-import { PureJSCrypto } from "../crypto/PureJSCrypto.js";
 import { WasmCrypto } from "../crypto/WasmCrypto.js";
 import { SessionID } from "../ids.js";
 import { stableStringify } from "../jsonStringify.js";
-const wasmCrypto = await WasmCrypto.create();
-const pureJSCrypto = await PureJSCrypto.create();
-[wasmCrypto, pureJSCrypto].forEach((crypto) => {
-  const name = crypto.constructor.name;
-  test(`Signatures round-trip and use stable stringify [${name}]`, () => {
-    const data = { b: "world", a: "hello" };
-    const signer = crypto.newRandomSigner();
-    const signature = crypto.sign(signer, data);
-    expect(signature).toMatch(/^signature_z/);
-    expect(
-      crypto.verify(
-        signature,
-        { a: "hello", b: "world" },
-        crypto.getSignerID(signer),
-      ),
-    ).toBe(true);
-  });
+const crypto = await WasmCrypto.create();
-  test(`Invalid signatures don't verify [${name}]`, () => {
-    const data = { b: "world", a: "hello" };
-    const signer = crypto.newRandomSigner();
-    const signer2 = crypto.newRandomSigner();
-    const wrongSignature = crypto.sign(signer2, data);
+const name = crypto.constructor.name;
-    expect(
-      crypto.verify(wrongSignature, data, crypto.getSignerID(signer)),
-    ).toBe(false);
-  });
+test(`Signatures round-trip and use stable stringify [${name}]`, () => {
+  const data = { b: "world", a: "hello" };
+  const signer = crypto.newRandomSigner();
+  const signature = crypto.sign(signer, data);
-  test(`encrypting round-trips, but invalid receiver can't unseal [${name}]`, () => {
-    const data = { b: "world", a: "hello" };
-    const sender = crypto.newRandomSealer();
-    const sealer = crypto.newRandomSealer();
-    const wrongSealer = crypto.newRandomSealer();
-    const nOnceMaterial = {
-      in: "co_zTEST",
-      tx: { sessionID: "co_zTEST_session_zTEST" as SessionID, txIndex: 0 },
-    } as const;
-    const sealed = crypto.seal({
-      message: data,
-      from: sender,
-      to: crypto.getSealerID(sealer),
-      nOnceMaterial,
-    });
-    expect(
-      crypto.unseal(sealed, sealer, crypto.getSealerID(sender), nOnceMaterial),
-    ).toEqual(data);
-    expect(() =>
-      crypto.unseal(
-        sealed,
-        wrongSealer,
-        crypto.getSealerID(sender),
-        nOnceMaterial,
-      ),
-    ).toThrow(name === "PureJSCrypto" ? "invalid tag" : "Wrong tag");
-    // trying with wrong sealer secret, by hand
-    const nOnce = blake3(
-      new TextEncoder().encode(stableStringify(nOnceMaterial)),
-    ).slice(0, 24);
-    const sealer3priv = base58.decode(
-      wrongSealer.substring("sealerSecret_z".length),
-    );
-    const senderPub = base58.decode(
-      crypto.getSealerID(sender).substring("sealer_z".length),
-    );
-    const sealedBytes = base64url.decode(sealed.substring("sealed_U".length));
-    const sharedSecret = x25519.getSharedSecret(sealer3priv, senderPub);
-    expect(() => {
-      const _ = xsalsa20poly1305(sharedSecret, nOnce).decrypt(sealedBytes);
-    }).toThrow("invalid tag");
-  });
+  expect(signature).toMatch(/^signature_z/);
+  expect(
+    crypto.verify(
+      signature,
+      { a: "hello", b: "world" },
+      crypto.getSignerID(signer),
+    ),
+  ).toBe(true);
+});
-  test(`Hashing is deterministic [${name}]`, () => {
-    expect(crypto.secureHash({ b: "world", a: "hello" })).toEqual(
-      crypto.secureHash({ a: "hello", b: "world" }),
-    );
+test(`Invalid signatures don't verify [${name}]`, () => {
+  const data = { b: "world", a: "hello" };
+  const signer = crypto.newRandomSigner();
+  const signer2 = crypto.newRandomSigner();
+  const wrongSignature = crypto.sign(signer2, data);
-    expect(crypto.shortHash({ b: "world", a: "hello" })).toEqual(
-      crypto.shortHash({ a: "hello", b: "world" }),
-    );
+  expect(crypto.verify(wrongSignature, data, crypto.getSignerID(signer))).toBe(
+    false,
+  );
+});
+test(`encrypting round-trips, but invalid receiver can't unseal [${name}]`, () => {
+  const data = { b: "world", a: "hello" };
+  const sender = crypto.newRandomSealer();
+  const sealer = crypto.newRandomSealer();
+  const wrongSealer = crypto.newRandomSealer();
+  const nOnceMaterial = {
+    in: "co_zTEST",
+    tx: { sessionID: "co_zTEST_session_zTEST" as SessionID, txIndex: 0 },
+  } as const;
+  const sealed = crypto.seal({
+    message: data,
+    from: sender,
+    to: crypto.getSealerID(sealer),
+    nOnceMaterial,
   });
-  test(`Encryption of keySecrets round-trips [${name}]`, () => {
-    const toEncrypt = crypto.newRandomKeySecret();
-    const encrypting = crypto.newRandomKeySecret();
+  expect(
+    crypto.unseal(sealed, sealer, crypto.getSealerID(sender), nOnceMaterial),
+  ).toEqual(data);
+  expect(() =>
+    crypto.unseal(
+      sealed,
+      wrongSealer,
+      crypto.getSealerID(sender),
+      nOnceMaterial,
+    ),
+  ).toThrow("Wrong tag");
+  // trying with wrong sealer secret, by hand
+  const nOnce = blake3(
+    new TextEncoder().encode(stableStringify(nOnceMaterial)),
+  ).slice(0, 24);
+  const sealer3priv = base58.decode(
+    wrongSealer.substring("sealerSecret_z".length),
+  );
+  const senderPub = base58.decode(
+    crypto.getSealerID(sender).substring("sealer_z".length),
+  );
+  const sealedBytes = base64url.decode(sealed.substring("sealed_U".length));
+  const sharedSecret = x25519.getSharedSecret(sealer3priv, senderPub);
+  expect(() => {
+    const _ = xsalsa20poly1305(sharedSecret, nOnce).decrypt(sealedBytes);
+  }).toThrow("invalid tag");
+});
+test(`Hashing is deterministic [${name}]`, () => {
+  expect(crypto.secureHash({ b: "world", a: "hello" })).toEqual(
+    crypto.secureHash({ a: "hello", b: "world" }),
+  );
-    const keys = {
-      toEncrypt,
-      encrypting,
-    };
+  expect(crypto.shortHash({ b: "world", a: "hello" })).toEqual(
+    crypto.shortHash({ a: "hello", b: "world" }),
+  );
+});
-    const encrypted = crypto.encryptKeySecret(keys);
+test(`Encryption of keySecrets round-trips [${name}]`, () => {
+  const toEncrypt = crypto.newRandomKeySecret();
+  const encrypting = crypto.newRandomKeySecret();
-    const decrypted = crypto.decryptKeySecret(encrypted, encrypting.secret);
+  const keys = {
+    toEncrypt,
+    encrypting,
+  };
-    expect(decrypted).toEqual(toEncrypt.secret);
-  });
+  const encrypted = crypto.encryptKeySecret(keys);
-  test(`Encryption of keySecrets doesn't decrypt with a wrong key [${name}]`, () => {
-    const toEncrypt = crypto.newRandomKeySecret();
-    const encrypting = crypto.newRandomKeySecret();
-    const encryptingWrong = crypto.newRandomKeySecret();
+  const decrypted = crypto.decryptKeySecret(encrypted, encrypting.secret);
-    const keys = {
-      toEncrypt,
-      encrypting,
-    };
+  expect(decrypted).toEqual(toEncrypt.secret);
+});
-    const encrypted = crypto.encryptKeySecret(keys);
+test(`Encryption of keySecrets doesn't decrypt with a wrong key [${name}]`, () => {
+  const toEncrypt = crypto.newRandomKeySecret();
+  const encrypting = crypto.newRandomKeySecret();
+  const encryptingWrong = crypto.newRandomKeySecret();
-    const decrypted = crypto.decryptKeySecret(
-      encrypted,
-      encryptingWrong.secret,
-    );
+  const keys = {
+    toEncrypt,
+    encrypting,
+  };
-    expect(decrypted).toBeUndefined();
-  });
+  const encrypted = crypto.encryptKeySecret(keys);
-  test(`Unsealing malformed JSON logs error [${name}]`, () => {
-    const data = "not valid json";
-    const sender = crypto.newRandomSealer();
-    const sealer = crypto.newRandomSealer();
-    const consoleSpy = vi.spyOn(console, "error").mockImplementation(() => {});
-    const nOnceMaterial = {
-      in: "co_zTEST",
-      tx: { sessionID: "co_zTEST_session_zTEST" as SessionID, txIndex: 0 },
-    } as const;
-    // Create a sealed message with invalid JSON
-    const nOnce = blake3(
-      new TextEncoder().encode(stableStringify(nOnceMaterial)),
-    ).slice(0, 24);
-    const senderPriv = base58.decode(sender.substring("sealerSecret_z".length));
-    const sealerPub = base58.decode(
-      crypto.getSealerID(sealer).substring("sealer_z".length),
-    );
-    const plaintext = new TextEncoder().encode(data);
-    const sharedSecret = x25519.getSharedSecret(senderPriv, sealerPub);
-    const sealedBytes = xsalsa20poly1305(sharedSecret, nOnce).encrypt(
-      plaintext,
-    );
-    const sealed = `sealed_U${base64url.encode(sealedBytes)}`;
-    const result = crypto.unseal(
-      sealed as any,
-      sealer,
-      crypto.getSealerID(sender),
-      nOnceMaterial,
-    );
+  const decrypted = crypto.decryptKeySecret(encrypted, encryptingWrong.secret);
-    expect(result).toBeUndefined();
-    expect(consoleSpy.mock.lastCall?.[0]).toContain(
-      "Failed to decrypt/parse sealed message",
-    );
-  });
+  expect(decrypted).toBeUndefined();
+});
+test(`Unsealing malformed JSON logs error [${name}]`, () => {
+  const data = "not valid json";
+  const sender = crypto.newRandomSealer();
+  const sealer = crypto.newRandomSealer();
+  const consoleSpy = vi.spyOn(console, "error").mockImplementation(() => {});
+  const nOnceMaterial = {
+    in: "co_zTEST",
+    tx: { sessionID: "co_zTEST_session_zTEST" as SessionID, txIndex: 0 },
+  } as const;
+  // Create a sealed message with invalid JSON
+  const nOnce = blake3(
+    new TextEncoder().encode(stableStringify(nOnceMaterial)),
+  ).slice(0, 24);
+  const senderPriv = base58.decode(sender.substring("sealerSecret_z".length));
+  const sealerPub = base58.decode(
+    crypto.getSealerID(sealer).substring("sealer_z".length),
+  );
+  const plaintext = new TextEncoder().encode(data);
+  const sharedSecret = x25519.getSharedSecret(senderPriv, sealerPub);
+  const sealedBytes = xsalsa20poly1305(sharedSecret, nOnce).encrypt(plaintext);
+  const sealed = `sealed_U${base64url.encode(sealedBytes)}`;
+  const result = crypto.unseal(
+    sealed as any,
+    sealer,
+    crypto.getSealerID(sender),
+    nOnceMaterial,
+  );
+  expect(result).toBeUndefined();
+  expect(consoleSpy.mock.lastCall?.[0]).toContain(
+    "Failed to decrypt/parse sealed message",
+  );
 });