holosphere 2.0.0-alpha1 → 2.0.0-alpha4

package/tests/unit/integration/scenario-11-cross-holosphere-federation.test.js

@@ -1,410 +0,0 @@
-import { describe, it, expect, beforeEach, afterEach } from 'vitest';
-import HoloSphere, { matchScope, createHologram } from '../../../src/index.js';
-
-describe('Integration: Scenario 11 - Cross-Holosphere Federation', () => {
-  // Two distinct private keys for two separate holospheres
-  const privateKeyA = '0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef';
-  const privateKeyB = 'fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210';
-
-  let holosphereA;
-  let holosphereB;
-  let publicKeyA;
-  let publicKeyB;
-  let testHolon;
-
-  beforeEach(async () => {
-    // Create two independent holospheres with different private keys and app namespaces
-    // Different appNames ensure data isolation in local mode
-    holosphereA = new HoloSphere({
-      relays: [],
-      appName: 'scenario-11-A',
-      privateKey: privateKeyA,
-      logLevel: 'ERROR'
-    });
-
-    holosphereB = new HoloSphere({
-      relays: [],
-      appName: 'scenario-11-B',
-      privateKey: privateKeyB,
-      logLevel: 'ERROR'
-    });
-
-    // Get public keys
-    publicKeyA = holosphereA.client.publicKey;
-    publicKeyB = holosphereB.client.publicKey;
-
-    // Create a test holon (H3 cell)
-    testHolon = await holosphereA.toHolon(37.7749, -122.4194, 9);
-  });
-
-  afterEach(async () => {
-    if (holosphereA?.client?.close) await holosphereA.client.close();
-    if (holosphereB?.client?.close) await holosphereB.client.close();
-  });
-
-  describe('Wildcard Scope Matching', () => {
-    it('should match exact scope', () => {
-      const tokenScope = { holonId: 'abc', lensName: 'quests' };
-      const requestedScope = { holonId: 'abc', lensName: 'quests' };
-      expect(matchScope(tokenScope, requestedScope)).toBe(true);
-    });
-
-    it('should match wildcard holonId', () => {
-      const tokenScope = { holonId: '*', lensName: 'quests' };
-      const requestedScope = { holonId: 'any-holon-id', lensName: 'quests' };
-      expect(matchScope(tokenScope, requestedScope)).toBe(true);
-    });
-
-    it('should match wildcard lensName', () => {
-      const tokenScope = { holonId: 'abc', lensName: '*' };
-      const requestedScope = { holonId: 'abc', lensName: 'any-lens' };
-      expect(matchScope(tokenScope, requestedScope)).toBe(true);
-    });
-
-    it('should match full wildcard scope', () => {
-      const tokenScope = { holonId: '*', lensName: '*' };
-      const requestedScope = { holonId: 'any-holon', lensName: 'any-lens' };
-      expect(matchScope(tokenScope, requestedScope)).toBe(true);
-    });
-
-    it('should match item-level scope', () => {
-      const tokenScope = { holonId: 'abc', lensName: 'quests', dataId: 'quest-001' };
-      const requestedScope = { holonId: 'abc', lensName: 'quests', dataId: 'quest-001' };
-      expect(matchScope(tokenScope, requestedScope)).toBe(true);
-    });
-
-    it('should match wildcard dataId', () => {
-      const tokenScope = { holonId: 'abc', lensName: 'quests', dataId: '*' };
-      const requestedScope = { holonId: 'abc', lensName: 'quests', dataId: 'any-id' };
-      expect(matchScope(tokenScope, requestedScope)).toBe(true);
-    });
-
-    it('should NOT match different holonId', () => {
-      const tokenScope = { holonId: 'abc', lensName: 'quests' };
-      const requestedScope = { holonId: 'xyz', lensName: 'quests' };
-      expect(matchScope(tokenScope, requestedScope)).toBe(false);
-    });
-
-    it('should NOT match different lensName', () => {
-      const tokenScope = { holonId: 'abc', lensName: 'quests' };
-      const requestedScope = { holonId: 'abc', lensName: 'events' };
-      expect(matchScope(tokenScope, requestedScope)).toBe(false);
-    });
-
-    it('should NOT match different dataId when specific', () => {
-      const tokenScope = { holonId: 'abc', lensName: 'quests', dataId: 'quest-001' };
-      const requestedScope = { holonId: 'abc', lensName: 'quests', dataId: 'quest-002' };
-      expect(matchScope(tokenScope, requestedScope)).toBe(false);
-    });
-  });
-
-  describe('Federation Registry', () => {
-    it('should add a federated partner', async () => {
-      await holosphereA.addFederatedHolosphere(publicKeyB, {
-        alias: 'Partner B'
-      });
-
-      const partners = await holosphereA.getFederatedHolospheres();
-      expect(partners).toContain(publicKeyB);
-    });
-
-    it('should remove a federated partner', async () => {
-      await holosphereA.addFederatedHolosphere(publicKeyB);
-      await holosphereA.removeFederatedHolosphere(publicKeyB);
-
-      const partners = await holosphereA.getFederatedHolospheres();
-      expect(partners).not.toContain(publicKeyB);
-    });
-
-    it('should store inbound capabilities', async () => {
-      // A issues capability to B
-      const capabilityToken = await holosphereA.issueCapability(
-        ['read'],
-        { holonId: testHolon, lensName: 'shared' },
-        publicKeyB,
-        { issuerKey: privateKeyA }
-      );
-
-      // B stores the capability they received
-      await holosphereB.addFederatedHolosphere(publicKeyA);
-      await holosphereB.storeInboundCapability(publicKeyA, {
-        token: capabilityToken,
-        scope: { holonId: testHolon, lensName: 'shared' },
-        permissions: ['read'],
-        expires: Date.now() + 3600000
-      });
-
-      const registry = await holosphereB.getFederationRegistry();
-      const partner = registry.federatedWith.find(p => p.pubKey === publicKeyA);
-      expect(partner).toBeDefined();
-      expect(partner.inboundCapabilities.length).toBeGreaterThan(0);
-    });
-  });
-
-  describe('Capability Verification with Wildcards', () => {
-    it('should verify wildcard capability for any holon', async () => {
-      // Issue wildcard capability
-      const token = await holosphereA.issueCapability(
-        ['read'],
-        { holonId: '*', lensName: 'events' },
-        publicKeyB,
-        { issuerKey: privateKeyA }
-      );
-
-      // Should be valid for any holon with 'events' lens
-      const holon1 = await holosphereA.toHolon(40.7128, -74.0060, 9);
-      const holon2 = await holosphereA.toHolon(51.5074, -0.1278, 9);
-
-      expect(await holosphereA.verifyCapability(token, 'read', { holonId: holon1, lensName: 'events' })).toBe(true);
-      expect(await holosphereA.verifyCapability(token, 'read', { holonId: holon2, lensName: 'events' })).toBe(true);
-      // But not for different lens
-      expect(await holosphereA.verifyCapability(token, 'read', { holonId: holon1, lensName: 'other' })).toBe(false);
-    });
-
-    it('should verify full wildcard capability for all data', async () => {
-      const token = await holosphereA.issueCapability(
-        ['read', 'write'],
-        { holonId: '*', lensName: '*' },
-        publicKeyB,
-        { issuerKey: privateKeyA }
-      );
-
-      const randomHolon = await holosphereA.toHolon(35.6762, 139.6503, 9);
-
-      expect(await holosphereA.verifyCapability(token, 'read', { holonId: randomHolon, lensName: 'anything' })).toBe(true);
-      expect(await holosphereA.verifyCapability(token, 'write', { holonId: randomHolon, lensName: 'something-else' })).toBe(true);
-    });
-  });
-
-  describe('Cross-Holosphere Hologram Creation', () => {
-    it('should create a hologram with embedded capability', () => {
-      const capabilityToken = 'mock-capability-token';
-
-      const hologram = createHologram(
-        testHolon,        // sourceHolon
-        'target-holon',   // targetHolon
-        'quests',         // lensName
-        'quest-001',      // dataId
-        'scenario-11',    // appname
-        {
-          authorPubKey: publicKeyA,
-          capability: capabilityToken
-        }
-      );
-
-      expect(hologram.hologram).toBe(true);
-      expect(hologram.crossHolosphere).toBe(true);
-      expect(hologram.target.authorPubKey).toBe(publicKeyA);
-      expect(hologram.capability).toBe(capabilityToken);
-      expect(hologram._meta.sourcePubKey).toBe(publicKeyA);
-    });
-
-    it('should include correct target information', () => {
-      const hologram = createHologram(
-        testHolon,
-        'target-holon',
-        'events',
-        'event-001',
-        'my-app',
-        { authorPubKey: publicKeyA }
-      );
-
-      expect(hologram.target.holonId).toBe(testHolon);
-      expect(hologram.target.lensName).toBe('events');
-      expect(hologram.target.dataId).toBe('event-001');
-      expect(hologram.target.appname).toBe('my-app');
-      expect(hologram.target.authorPubKey).toBe(publicKeyA);
-    });
-  });
-
-  describe('Issue Capability for Federation', () => {
-    it('should issue capability and track in registry', async () => {
-      const token = await holosphereA.issueCapabilityForFederation(
-        publicKeyB,
-        { holonId: testHolon, lensName: 'shared' },
-        ['read'],
-        { expiresIn: 3600000, trackInRegistry: true }
-      );
-
-      expect(typeof token).toBe('string');
-
-      const registry = await holosphereA.getFederationRegistry();
-      const partner = registry.federatedWith.find(p => p.pubKey === publicKeyB);
-      expect(partner).toBeDefined();
-      expect(partner.outboundCapabilities.length).toBeGreaterThan(0);
-    });
-
-    it('should issue capability without tracking when disabled', async () => {
-      const token = await holosphereA.issueCapabilityForFederation(
-        publicKeyB,
-        { holonId: testHolon, lensName: 'private' },
-        ['read'],
-        { expiresIn: 3600000, trackInRegistry: false }
-      );
-
-      expect(typeof token).toBe('string');
-
-      // Should still be a valid token
-      const isValid = await holosphereA.verifyCapability(
-        token,
-        'read',
-        { holonId: testHolon, lensName: 'private' }
-      );
-      expect(isValid).toBe(true);
-    });
-  });
-
-  describe('Complete Cross-Holosphere Workflow', () => {
-    it('should complete manual federation workflow', async () => {
-      // === PHASE 1: A writes data ===
-      const secretData = {
-        id: 'secret-001',
-        title: 'Secret Quest',
-        description: 'Only visible with capability',
-        _creator: publicKeyA
-      };
-      await holosphereA.write(testHolon, 'quests', secretData);
-
-      // Verify A can read their own data
-      const aData = await holosphereA.read(testHolon, 'quests', 'secret-001');
-      expect(aData).toBeDefined();
-      expect(aData.title).toBe('Secret Quest');
-
-      // B cannot see A's data (different holosphere)
-      const bData = await holosphereB.read(testHolon, 'quests', 'secret-001');
-      expect(bData).toBeNull();
-
-      // === PHASE 2: A issues capability to B ===
-      const capabilityToken = await holosphereA.issueCapabilityForFederation(
-        publicKeyB,
-        { holonId: testHolon, lensName: 'quests' },
-        ['read'],
-        { expiresIn: 3600000 }
-      );
-
-      expect(typeof capabilityToken).toBe('string');
-
-      // === PHASE 3: B stores the capability ===
-      await holosphereB.addFederatedHolosphere(publicKeyA, {
-        alias: 'Holosphere A'
-      });
-
-      await holosphereB.storeInboundCapability(publicKeyA, {
-        token: capabilityToken,
-        scope: { holonId: testHolon, lensName: 'quests' },
-        permissions: ['read'],
-        expires: Date.now() + 3600000
-      });
-
-      // === PHASE 4: Verify B has access ===
-      const isValid = await holosphereB.verifyCapability(
-        capabilityToken,
-        'read',
-        { holonId: testHolon, lensName: 'quests' }
-      );
-      expect(isValid).toBe(true);
-
-      // === PHASE 5: Verify capability is in B's registry ===
-      const bRegistry = await holosphereB.getFederationRegistry();
-      const partnerA = bRegistry.federatedWith.find(p => p.pubKey === publicKeyA);
-      expect(partnerA).toBeDefined();
-      expect(partnerA.inboundCapabilities.length).toBeGreaterThan(0);
-    });
-
-    it('should reject operations without valid capability', async () => {
-      // A writes data
-      await holosphereA.write(testHolon, 'protected', {
-        id: 'protected-001',
-        content: 'This is protected data'
-      });
-
-      // B adds A as partner but without capability
-      await holosphereB.addFederatedHolosphere(publicKeyA);
-
-      // B should not be able to read from A (no capability)
-      await expect(
-        holosphereB.readFromFederatedSource(publicKeyA, testHolon, 'protected', 'protected-001')
-      ).rejects.toThrow('No valid capability for federated source');
-    });
-
-    it('should reject expired capabilities', async () => {
-      // Issue already expired capability
-      const expiredToken = await holosphereA.issueCapability(
-        ['read'],
-        { holonId: testHolon, lensName: 'temp' },
-        publicKeyB,
-        { expiresIn: -1000, issuerKey: privateKeyA } // Already expired
-      );
-
-      await holosphereB.addFederatedHolosphere(publicKeyA);
-      await holosphereB.storeInboundCapability(publicKeyA, {
-        token: expiredToken,
-        scope: { holonId: testHolon, lensName: 'temp' },
-        permissions: ['read'],
-        expires: Date.now() - 1000 // Already expired
-      });
-
-      // Verification should fail
-      const isValid = await holosphereB.verifyCapability(
-        expiredToken,
-        'read',
-        { holonId: testHolon, lensName: 'temp' }
-      );
-      expect(isValid).toBe(false);
-    });
-  });
-
-  describe('Scope Boundary Enforcement', () => {
-    it('should enforce holon boundary', async () => {
-      const holon1 = await holosphereA.toHolon(40.7128, -74.0060, 9);
-      const holon2 = await holosphereA.toHolon(51.5074, -0.1278, 9);
-
-      // Issue capability only for holon1
-      const token = await holosphereA.issueCapability(
-        ['read'],
-        { holonId: holon1, lensName: 'events' },
-        publicKeyB,
-        { issuerKey: privateKeyA }
-      );
-
-      // Valid for holon1
-      expect(await holosphereA.verifyCapability(token, 'read', { holonId: holon1, lensName: 'events' })).toBe(true);
-
-      // Invalid for holon2
-      expect(await holosphereA.verifyCapability(token, 'read', { holonId: holon2, lensName: 'events' })).toBe(false);
-    });
-
-    it('should enforce lens boundary', async () => {
-      const token = await holosphereA.issueCapability(
-        ['read'],
-        { holonId: testHolon, lensName: 'quests' },
-        publicKeyB,
-        { issuerKey: privateKeyA }
-      );
-
-      // Valid for 'quests' lens
-      expect(await holosphereA.verifyCapability(token, 'read', { holonId: testHolon, lensName: 'quests' })).toBe(true);
-
-      // Invalid for 'events' lens
-      expect(await holosphereA.verifyCapability(token, 'read', { holonId: testHolon, lensName: 'events' })).toBe(false);
-    });
-
-    it('should enforce permission boundary', async () => {
-      const readOnlyToken = await holosphereA.issueCapability(
-        ['read'],
-        { holonId: testHolon, lensName: 'docs' },
-        publicKeyB,
-        { issuerKey: privateKeyA }
-      );
-
-      // Has read permission
-      expect(await holosphereA.verifyCapability(readOnlyToken, 'read', { holonId: testHolon, lensName: 'docs' })).toBe(true);
-
-      // Does NOT have write permission
-      expect(await holosphereA.verifyCapability(readOnlyToken, 'write', { holonId: testHolon, lensName: 'docs' })).toBe(false);
-
-      // Does NOT have delete permission
-      expect(await holosphereA.verifyCapability(readOnlyToken, 'delete', { holonId: testHolon, lensName: 'docs' })).toBe(false);
-    });
-  });
-});