multimodel-dev-os 3.1.0 → 3.5.0

package/tests/unit/registry-provenance.test.js

@@ -0,0 +1,185 @@
+import { describe, it, expect, beforeAll, afterAll, beforeEach } from 'vitest';
+import { existsSync, mkdirSync, rmSync, writeFileSync } from 'fs';
+import { join } from 'path';
+import {
+  loadRegistryLockfile,
+  saveRegistryLockfile,
+  updateLockfileEntry,
+  getLockfilePath
+} from '../../src/registry/provenance.js';
+
+const tempDir = join(process.cwd(), 'temp-provenance-test');
+
+describe('Registry Provenance — loadRegistryLockfile', () => {
+  beforeAll(() => {
+    mkdirSync(tempDir, { recursive: true });
+  });
+
+  afterAll(() => {
+    if (existsSync(tempDir)) {
+      rmSync(tempDir, { recursive: true, force: true });
+    }
+  });
+
+  it('returns an empty well-formed structure when no lockfile exists', () => {
+    const result = loadRegistryLockfile(tempDir);
+    expect(result).toEqual({
+      lockfile_version: '1',
+      generated_at: '',
+      entries: {}
+    });
+  });
+
+  it('returns empty structure if lockfile JSON is malformed', () => {
+    const aiDir = join(tempDir, '.ai');
+    mkdirSync(aiDir, { recursive: true });
+    writeFileSync(join(aiDir, 'registry-lock.json'), 'NOT VALID JSON', 'utf8');
+    const result = loadRegistryLockfile(tempDir);
+    expect(result.entries).toEqual({});
+  });
+
+  it('returns empty structure if lockfile JSON has no entries field', () => {
+    const aiDir = join(tempDir, '.ai');
+    mkdirSync(aiDir, { recursive: true });
+    writeFileSync(join(aiDir, 'registry-lock.json'), JSON.stringify({ lockfile_version: '1' }), 'utf8');
+    const result = loadRegistryLockfile(tempDir);
+    expect(result.entries).toEqual({});
+  });
+});
+
+
+describe('Registry Provenance — updateLockfileEntry', () => {
+  it('upserts a new entry into an empty lockfile', () => {
+    const lockfile = { lockfile_version: '1', generated_at: '', entries: {} };
+    const entry = {
+      url: 'https://example.com/catalog.yaml',
+      synced_at: '2026-01-01T00:00:00.000Z',
+      catalog_sha256: 'abc123',
+      manifest_sha256: null,
+      signature: null,
+      signature_alg: 'hmac-sha256'
+    };
+    updateLockfileEntry(lockfile, 'official', entry);
+    expect(lockfile.entries['official']).toBeDefined();
+    expect(lockfile.entries['official'].url).toBe('https://example.com/catalog.yaml');
+    expect(lockfile.entries['official'].catalog_sha256).toBe('abc123');
+    expect(lockfile.entries['official'].signature).toBeNull();
+  });
+
+  it('overwrites an existing entry for the same registry name', () => {
+    const lockfile = {
+      lockfile_version: '1',
+      generated_at: '',
+      entries: {
+        official: {
+          url: 'https://old.example.com/catalog.yaml',
+          synced_at: '2025-01-01T00:00:00.000Z',
+          catalog_sha256: 'oldhash',
+          manifest_sha256: null,
+          signature: null,
+          signature_alg: 'hmac-sha256'
+        }
+      }
+    };
+    updateLockfileEntry(lockfile, 'official', {
+      url: 'https://new.example.com/catalog.yaml',
+      synced_at: '2026-06-01T00:00:00.000Z',
+      catalog_sha256: 'newhash',
+      manifest_sha256: 'mhash',
+      signature: 'sig123',
+      signature_alg: 'hmac-sha256'
+    });
+    expect(lockfile.entries['official'].catalog_sha256).toBe('newhash');
+    expect(lockfile.entries['official'].signature).toBe('sig123');
+    expect(lockfile.entries['official'].url).toBe('https://new.example.com/catalog.yaml');
+  });
+
+  it('stores null for optional fields when not provided', () => {
+    const lockfile = { lockfile_version: '1', generated_at: '', entries: {} };
+    updateLockfileEntry(lockfile, 'test', {
+      url: 'https://example.com/catalog.yaml',
+      catalog_sha256: 'hash1'
+    });
+    expect(lockfile.entries['test'].manifest_sha256).toBeNull();
+    expect(lockfile.entries['test'].signature).toBeNull();
+    expect(lockfile.entries['test'].signature_alg).toBe('hmac-sha256');
+    expect(lockfile.entries['test'].public_signature_status).toBeNull();
+    expect(lockfile.entries['test'].public_signature_algorithm).toBeNull();
+    expect(lockfile.entries['test'].public_signature_key_id).toBeNull();
+    expect(lockfile.entries['test'].trusted_publisher_status).toBeNull();
+    expect(lockfile.entries['test'].trust_store_path).toBeNull();
+    expect(lockfile.entries['test'].trust_verdict).toBeNull();
+    expect(lockfile.entries['test'].lockfile_verdict).toBeNull();
+    expect(lockfile.entries['test'].verification_errors).toEqual([]);
+    expect(lockfile.entries['test'].verification_warnings).toEqual([]);
+  });
+
+  it('initialises entries object if missing from lockfile', () => {
+    const lockfile = { lockfile_version: '1', generated_at: '' };
+    updateLockfileEntry(lockfile, 'test', {
+      url: 'https://example.com/catalog.yaml',
+      catalog_sha256: 'hash1'
+    });
+    expect(lockfile.entries).toBeDefined();
+    expect(lockfile.entries['test']).toBeDefined();
+  });
+});
+
+describe('Registry Provenance — saveRegistryLockfile + round-trip', () => {
+  const roundTripDir = join(process.cwd(), 'temp-provenance-roundtrip');
+
+  beforeEach(() => {
+    mkdirSync(roundTripDir, { recursive: true });
+  });
+
+  afterAll(() => {
+    if (existsSync(roundTripDir)) {
+      rmSync(roundTripDir, { recursive: true, force: true });
+    }
+  });
+
+  it('writes and re-reads the lockfile with correct content', () => {
+    const lockfile = { lockfile_version: '1', generated_at: '', entries: {} };
+    updateLockfileEntry(lockfile, 'alpha', {
+      url: 'https://alpha.example.com/catalog.yaml',
+      synced_at: '2026-06-01T10:00:00.000Z',
+      catalog_sha256: 'deadbeef',
+      manifest_sha256: 'cafe1234',
+      signature: 'sig_hex_abc',
+      signature_alg: 'hmac-sha256'
+    });
+    saveRegistryLockfile(roundTripDir, lockfile);
+
+    const reloaded = loadRegistryLockfile(roundTripDir);
+    expect(reloaded.lockfile_version).toBe('1');
+    expect(reloaded.generated_at).toBeTruthy();
+    expect(reloaded.entries['alpha'].catalog_sha256).toBe('deadbeef');
+    expect(reloaded.entries['alpha'].signature).toBe('sig_hex_abc');
+    expect(reloaded.entries['alpha'].manifest_sha256).toBe('cafe1234');
+  });
+
+  it('getLockfilePath returns the expected path', () => {
+    const expectedPath = join(roundTripDir, '.ai', 'registry-lock.json');
+    expect(getLockfilePath(roundTripDir)).toBe(expectedPath);
+  });
+
+  it('round-trip is idempotent for multiple saves', () => {
+    const lockfile1 = { lockfile_version: '1', generated_at: '', entries: {} };
+    updateLockfileEntry(lockfile1, 'beta', {
+      url: 'https://beta.example.com/catalog.yaml',
+      catalog_sha256: 'hash_beta'
+    });
+    saveRegistryLockfile(roundTripDir, lockfile1);
+
+    const lockfile2 = loadRegistryLockfile(roundTripDir);
+    updateLockfileEntry(lockfile2, 'gamma', {
+      url: 'https://gamma.example.com/catalog.yaml',
+      catalog_sha256: 'hash_gamma'
+    });
+    saveRegistryLockfile(roundTripDir, lockfile2);
+
+    const reloaded = loadRegistryLockfile(roundTripDir);
+    expect(reloaded.entries['beta'].catalog_sha256).toBe('hash_beta');
+    expect(reloaded.entries['gamma'].catalog_sha256).toBe('hash_gamma');
+  });
+});

package/tests/unit/registry-public-signing.test.js

@@ -0,0 +1,109 @@
+import { describe, it, expect } from 'vitest';
+import {
+  generateEd25519KeyPair,
+  signEd25519Payload,
+  verifyEd25519Payload,
+  createCanonicalPayload,
+  normalizePublicKey
+} from '../../src/registry/signing.js';
+
+describe('Registry Public Signing — Ed25519 Key Generation', () => {
+  it('generates valid PEM format keys', () => {
+    const { publicKey, privateKey } = generateEd25519KeyPair();
+    expect(publicKey).toContain('-----BEGIN PUBLIC KEY-----');
+    expect(publicKey).toContain('-----END PUBLIC KEY-----');
+    expect(privateKey).toContain('-----BEGIN PRIVATE KEY-----');
+    expect(privateKey).toContain('-----END PRIVATE KEY-----');
+  });
+});
+
+describe('Registry Public Signing — Ed25519 Sign/Verify', () => {
+  it('signs and verifies a payload successfully', () => {
+    const { publicKey, privateKey } = generateEd25519KeyPair();
+    const payload = 'test-canonical-payload-data';
+    const signature = signEd25519Payload(privateKey, payload);
+
+    expect(signature).toBeTruthy();
+    expect(typeof signature).toBe('string');
+    // Base64 signature check
+    expect(signature).toMatch(/^[a-zA-Z0-9+/=]+$/);
+
+    const verified = verifyEd25519Payload(publicKey, payload, signature);
+    expect(verified).toBe(true);
+  });
+
+  it('fails verification for a tampered payload', () => {
+    const { publicKey, privateKey } = generateEd25519KeyPair();
+    const payload = 'original-payload';
+    const signature = signEd25519Payload(privateKey, payload);
+
+    const verified = verifyEd25519Payload(publicKey, 'tampered-payload', signature);
+    expect(verified).toBe(false);
+  });
+
+  it('fails verification for an invalid signature', () => {
+    const { publicKey } = generateEd25519KeyPair();
+    const verified = verifyEd25519Payload(publicKey, 'payload', 'not-a-valid-base64-signature!');
+    expect(verified).toBe(false);
+  });
+
+  it('fails verification with a different key', () => {
+    const pairA = generateEd25519KeyPair();
+    const pairB = generateEd25519KeyPair();
+    const payload = 'some-payload';
+    const signature = signEd25519Payload(pairA.privateKey, payload);
+
+    const verified = verifyEd25519Payload(pairB.publicKey, payload, signature);
+    expect(verified).toBe(false);
+  });
+});
+
+describe('Registry Public Signing — Canonical Payload Determinism', () => {
+  it('generates identical payload regardless of key insertion order', () => {
+    const obj1 = { name: 'registry-a', version: '1.0.0', catalog_hash: 'hash123' };
+    const obj2 = { catalog_hash: 'hash123', name: 'registry-a', version: '1.0.0' };
+    const fields = ['name', 'version', 'catalog_hash'];
+
+    const payload1 = createCanonicalPayload(obj1, fields);
+    const payload2 = createCanonicalPayload(obj2, fields);
+
+    expect(payload1).toBe(payload2);
+    // Keys sorted alphabetically: catalog_hash, name, version
+    const parsed = JSON.parse(payload1);
+    const keys = Object.keys(parsed);
+    expect(keys).toEqual(['catalog_hash', 'name', 'version']);
+  });
+
+  it('handles nested objects deterministically by sorting their keys', () => {
+    const obj1 = {
+      name: 'registry-b',
+      metadata: { z: 3, a: 1, m: 2 }
+    };
+    const obj2 = {
+      metadata: { a: 1, m: 2, z: 3 },
+      name: 'registry-b'
+    };
+    const fields = ['name', 'metadata'];
+
+    const payload1 = createCanonicalPayload(obj1, fields);
+    const payload2 = createCanonicalPayload(obj2, fields);
+
+    expect(payload1).toBe(payload2);
+    expect(payload1).toContain('"metadata":{"a":1,"m":2,"z":3}');
+  });
+});
+
+describe('Registry Public Signing — normalizePublicKey', () => {
+  it('keeps PEM headers intact if already present', () => {
+    const raw = '-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEA9vWwyE5+fY0dvEzl9S1UcvtoMkOAIDhDCzZAkP+CVNo=\n-----END PUBLIC KEY-----';
+    expect(normalizePublicKey(raw)).toBe(raw);
+  });
+
+  it('wraps a raw base64 string into PEM format', () => {
+    const raw = 'MCowBQYDK2VwAyEA9vWwyE5+fY0dvEzl9S1UcvtoMkOAIDhDCzZAkP+CVNo=';
+    const normalized = normalizePublicKey(raw);
+    expect(normalized).toContain('-----BEGIN PUBLIC KEY-----');
+    expect(normalized).toContain('-----END PUBLIC KEY-----');
+    expect(normalized.replace(/\s+/g, '')).toContain(raw);
+  });
+});

package/tests/unit/registry-signature-policy.test.js

@@ -0,0 +1,100 @@
+import { describe, it, expect } from 'vitest';
+import { verifySignatureBlock } from '../../src/registry/signing.js';
+
+describe('Registry Signature Policy — Unsigned Registries', () => {
+  const manifest = {
+    registry_name: 'test-registry',
+    publisher: 'Test Publisher',
+    version: '1.0.0',
+    catalog_hash: 'sha256:abc'
+  };
+
+  it('allows unsigned bundled registry by default', () => {
+    const policy = {
+      allow_unsigned_bundled: true,
+      allow_unsigned_local: true,
+      allow_unsigned_remote: false,
+      require_signature: false
+    };
+    const source = { name: 'bundled', type: 'local' };
+    const res = verifySignatureBlock({ manifest, policy, source });
+    expect(res.verified).toBe(true);
+    expect(res.status).toBe('unsigned');
+  });
+
+  it('allows unsigned local registry by default', () => {
+    const policy = {
+      allow_unsigned_bundled: true,
+      allow_unsigned_local: true,
+      allow_unsigned_remote: false,
+      require_signature: false
+    };
+    const source = { name: 'my-local-registry', type: 'local' };
+    const res = verifySignatureBlock({ manifest, policy, source });
+    expect(res.verified).toBe(true);
+    expect(res.status).toBe('unsigned');
+  });
+
+  it('blocks unsigned remote registry by default if allow_unsigned_remote is false', () => {
+    const policy = {
+      allow_unsigned_bundled: true,
+      allow_unsigned_local: true,
+      allow_unsigned_remote: false,
+      require_signature: false
+    };
+    const source = { name: 'official', type: 'remote' };
+    const res = verifySignatureBlock({ manifest, policy, source });
+    expect(res.verified).toBe(false);
+    expect(res.error).toContain('Unsigned remote registries are not allowed');
+  });
+
+  it('allows unsigned remote registry if explicitly permitted by policy', () => {
+    const policy = {
+      allow_unsigned_bundled: true,
+      allow_unsigned_local: true,
+      allow_unsigned_remote: true,
+      require_signature: false
+    };
+    const source = { name: 'official', type: 'remote' };
+    const res = verifySignatureBlock({ manifest, policy, source });
+    expect(res.verified).toBe(true);
+    expect(res.status).toBe('unsigned');
+  });
+
+  it('blocks unsigned registry if require_signature is true', () => {
+    const policy = {
+      allow_unsigned_bundled: true,
+      allow_unsigned_local: true,
+      allow_unsigned_remote: true,
+      require_signature: true
+    };
+    const source = { name: 'bundled', type: 'local' };
+    const res = verifySignatureBlock({ manifest, policy, source });
+    expect(res.verified).toBe(false);
+    expect(res.error).toContain('Signature is required by policy but missing');
+  });
+});
+
+describe('Registry Signature Policy — Allowed Algorithms', () => {
+  const manifest = {
+    registry_name: 'test-registry',
+    publisher: 'Test Publisher',
+    version: '1.0.0',
+    catalog_hash: 'sha256:abc',
+    signature: {
+      algorithm: 'rsa-sha256', // Unsupported / not allowed algorithm
+      key_id: 'active-key',
+      signature: 'sig',
+      signed_fields: ['registry_name', 'version']
+    }
+  };
+
+  it('fails verification if algorithm is not allowed', () => {
+    const policy = {
+      allowed_signature_algorithms: ['ed25519', 'hmac-sha256']
+    };
+    const res = verifySignatureBlock({ manifest, policy });
+    expect(res.verified).toBe(false);
+    expect(res.errors[0]).toContain('not allowed by policy');
+  });
+});

package/tests/unit/registry-signing.test.js

@@ -0,0 +1,193 @@
+import { describe, it, expect, beforeAll, afterAll } from 'vitest';
+import { existsSync, mkdirSync, rmSync, writeFileSync } from 'fs';
+import { join } from 'path';
+import {
+  loadSigningKey,
+  generateSigningKey,
+  saveSigningKey,
+  signPayload,
+  verifySignature,
+  getSigningKeyPath
+} from '../../src/registry/signing.js';
+
+const tempDir = join(process.cwd(), 'temp-signing-test');
+
+describe('Registry Signing — loadSigningKey', () => {
+  beforeAll(() => {
+    mkdirSync(join(tempDir, '.ai'), { recursive: true });
+  });
+
+  afterAll(() => {
+    if (existsSync(tempDir)) {
+      rmSync(tempDir, { recursive: true, force: true });
+    }
+  });
+
+  it('returns null when no signing key file exists', () => {
+    const noKeyDir = join(tempDir, 'no-key-dir');
+    mkdirSync(noKeyDir, { recursive: true });
+    const result = loadSigningKey(noKeyDir);
+    expect(result).toBeNull();
+  });
+
+  it('returns the key string when a valid key file exists', () => {
+    const validKey = 'a'.repeat(64);
+    writeFileSync(join(tempDir, '.ai', 'registry-signing-key'), validKey + '\n', 'utf8');
+    const result = loadSigningKey(tempDir);
+    expect(result).toBe(validKey);
+  });
+
+  it('throws if the key file contains a malformed key', () => {
+    const badKeyDir = join(tempDir, 'bad-key-dir');
+    mkdirSync(join(badKeyDir, '.ai'), { recursive: true });
+    writeFileSync(join(badKeyDir, '.ai', 'registry-signing-key'), 'too-short', 'utf8');
+    expect(() => loadSigningKey(badKeyDir)).toThrow('malformed');
+  });
+
+  it('throws if the key file contains wrong-length hex', () => {
+    const badKeyDir2 = join(tempDir, 'bad-key-dir2');
+    mkdirSync(join(badKeyDir2, '.ai'), { recursive: true });
+    // 63 hex chars — one short
+    writeFileSync(join(badKeyDir2, '.ai', 'registry-signing-key'), 'a'.repeat(63), 'utf8');
+    expect(() => loadSigningKey(badKeyDir2)).toThrow('malformed');
+  });
+
+  it('getSigningKeyPath returns expected path', () => {
+    const expected = join(tempDir, '.ai', 'registry-signing-key');
+    expect(getSigningKeyPath(tempDir)).toBe(expected);
+  });
+});
+
+describe('Registry Signing — generateSigningKey + saveSigningKey', () => {
+  const genDir = join(process.cwd(), 'temp-signing-gen');
+
+  beforeAll(() => {
+    mkdirSync(join(genDir, '.ai'), { recursive: true });
+  });
+
+  afterAll(() => {
+    if (existsSync(genDir)) {
+      rmSync(genDir, { recursive: true, force: true });
+    }
+  });
+
+  it('generateSigningKey returns a 64-char lowercase hex string', () => {
+    const key = generateSigningKey();
+    expect(key).toMatch(/^[0-9a-f]{64}$/);
+  });
+
+  it('generateSigningKey returns different values each call (random)', () => {
+    const key1 = generateSigningKey();
+    const key2 = generateSigningKey();
+    expect(key1).not.toBe(key2);
+  });
+
+  it('saveSigningKey writes a valid key that loadSigningKey can read back', () => {
+    const key = generateSigningKey();
+    saveSigningKey(genDir, key);
+    const loaded = loadSigningKey(genDir);
+    expect(loaded).toBe(key);
+  });
+
+  it('saveSigningKey creates .ai/ directory if it does not exist', () => {
+    const freshDir = join(process.cwd(), 'temp-signing-fresh');
+    try {
+      const key = generateSigningKey();
+      saveSigningKey(freshDir, key);
+      expect(existsSync(join(freshDir, '.ai', 'registry-signing-key'))).toBe(true);
+      const loaded = loadSigningKey(freshDir);
+      expect(loaded).toBe(key);
+    } finally {
+      if (existsSync(freshDir)) {
+        rmSync(freshDir, { recursive: true, force: true });
+      }
+    }
+  });
+});
+
+describe('Registry Signing — signPayload', () => {
+  const validKey = 'f'.repeat(64);
+
+  it('returns a 64-char lowercase hex HMAC-SHA256 digest', () => {
+    const sig = signPayload(validKey, 'test-payload');
+    expect(sig).toMatch(/^[0-9a-f]{64}$/);
+  });
+
+  it('produces the same output for the same key and payload (deterministic)', () => {
+    const sig1 = signPayload(validKey, 'same-payload');
+    const sig2 = signPayload(validKey, 'same-payload');
+    expect(sig1).toBe(sig2);
+  });
+
+  it('produces different output for different payloads', () => {
+    const sig1 = signPayload(validKey, 'payload-A');
+    const sig2 = signPayload(validKey, 'payload-B');
+    expect(sig1).not.toBe(sig2);
+  });
+
+  it('produces different output for different keys', () => {
+    const key1 = 'a'.repeat(64);
+    const key2 = 'b'.repeat(64);
+    const sig1 = signPayload(key1, 'same-payload');
+    const sig2 = signPayload(key2, 'same-payload');
+    expect(sig1).not.toBe(sig2);
+  });
+
+  it('throws for an invalid key (non-hex)', () => {
+    expect(() => signPayload('not-a-valid-key'.padEnd(64, 'z'), 'payload')).toThrow('Invalid signing key');
+  });
+
+  it('throws for an invalid key (wrong length)', () => {
+    expect(() => signPayload('abc', 'payload')).toThrow('Invalid signing key');
+  });
+
+  it('throws if payload is not a string', () => {
+    expect(() => signPayload(validKey, 12345)).toThrow('Payload to sign must be a string');
+  });
+});
+
+describe('Registry Signing — verifySignature', () => {
+  const key = 'c'.repeat(64);
+  const payload = 'catalog-sha256-hash-string';
+
+  it('returns true for a valid signature', () => {
+    const sig = signPayload(key, payload);
+    expect(verifySignature(key, payload, sig)).toBe(true);
+  });
+
+  it('returns false for a tampered payload', () => {
+    const sig = signPayload(key, payload);
+    expect(verifySignature(key, 'tampered-payload', sig)).toBe(false);
+  });
+
+  it('returns false for a wrong key', () => {
+    const sig = signPayload(key, payload);
+    const wrongKey = 'd'.repeat(64);
+    expect(verifySignature(wrongKey, payload, sig)).toBe(false);
+  });
+
+  it('returns false for a corrupted signature', () => {
+    const sig = signPayload(key, payload);
+    // Flip first char
+    const corruptedSig = (sig[0] === 'a' ? 'b' : 'a') + sig.slice(1);
+    expect(verifySignature(key, payload, corruptedSig)).toBe(false);
+  });
+
+  it('returns false for non-string arguments', () => {
+    expect(verifySignature(null, payload, 'sig')).toBe(false);
+    expect(verifySignature(key, null, 'sig')).toBe(false);
+    expect(verifySignature(key, payload, null)).toBe(false);
+  });
+
+  it('returns false for mismatched-length signature', () => {
+    expect(verifySignature(key, payload, 'abc')).toBe(false);
+  });
+
+  it('uses timing-safe comparison — does not short-circuit on length match', () => {
+    // We can't test timing directly, but we verify the correctness of the logic:
+    // two sigs of equal length but different values must still return false
+    const sig = signPayload(key, payload);
+    const fakeMatchLength = 'e'.repeat(64); // Same 64-char hex length, wrong value
+    expect(verifySignature(key, payload, fakeMatchLength)).toBe(false);
+  });
+});