packages/shade-files/tests/integration/std-ops.test.ts

import { describe, test, expect, beforeAll, afterAll } from 'bun:test';
import {
  ConflictError,
  IdempotencyConflictError,
  NotFoundError,
  PermissionDeniedError,
  type FileEntry,
} from '../../src/index.js';
import { setupFileRig, type FileTestRig } from './helpers/rig.js';

describe('Standard ops — list/stat/mkdir/delete/move E2E', () => {
  let rig: FileTestRig;
  // Simple in-memory backing store on Bob.
  const tree = new Map<string, FileEntry>();

  beforeAll(async () => {
    tree.clear();
    tree.set('/', { name: '', kind: 'dir', size: 0, mtime: 0, metadata: {} });
    tree.set('/foo', { name: 'foo', kind: 'dir', size: 0, mtime: 100, metadata: {} });
    tree.set('/foo/bar.txt', {
      name: 'bar.txt',
      kind: 'file',
      size: 12,
      mtime: 200,
      contentType: 'text/plain',
      metadata: {},
    });
    tree.set('/foo/baz.txt', {
      name: 'baz.txt',
      kind: 'file',
      size: 5,
      mtime: 300,
      metadata: {},
    });

    rig = await setupFileRig({
      list: async (ctx) => {
        const dir = ctx.path;
        const entries: FileEntry[] = [];
        for (const [path, entry] of tree) {
          if (path === dir) continue;
          if (!path.startsWith(dir === '/' ? '/' : dir + '/')) continue;
          const rest = path.slice(dir === '/' ? 1 : dir.length + 1);
          if (rest.includes('/')) continue;
          entries.push(entry);
        }
        return { entries, hasMore: false };
      },
      stat: async (ctx) => {
        const e = tree.get(ctx.path);
        if (e === undefined) throw new NotFoundError(`${ctx.path} not found`);
        return e;
      },
      mkdir: async (ctx) => {
        if (tree.has(ctx.path)) throw new ConflictError(`${ctx.path} exists`);
        const name = ctx.path.split('/').filter(Boolean).pop() ?? '';
        const entry: FileEntry = {
          name,
          kind: 'dir',
          size: 0,
          mtime: Date.now(),
          metadata: {},
        };
        tree.set(ctx.path, entry);
        return { entry };
      },
      delete: async (ctx) => {
        if (!tree.has(ctx.path)) throw new NotFoundError(ctx.path);
        let count = 0;
        if (ctx.args.recursive) {
          for (const path of [...tree.keys()]) {
            if (path === ctx.path || path.startsWith(ctx.path + '/')) {
              tree.delete(path);
              count++;
            }
          }
        } else {
          tree.delete(ctx.path);
          count = 1;
        }
        return { deletedCount: count };
      },
      move: async (ctx) => {
        const src = ctx.args.src;
        const dst = ctx.args.dst;
        const e = tree.get(src);
        if (e === undefined) throw new NotFoundError(src);
        if (tree.has(dst) && !ctx.args.overwrite) {
          throw new ConflictError(`${dst} exists`);
        }
        const newName = dst.split('/').filter(Boolean).pop() ?? e.name;
        tree.delete(src);
        tree.set(dst, { ...e, name: newName });
        return { entry: tree.get(dst)! };
      },
    });
  });

  afterAll(async () => {
    await rig.teardown();
  });

  test('list /', async () => {
    const page = await rig.fs.list('/');
    expect(page.hasMore).toBe(false);
    const names = page.entries.map((e) => e.name).sort();
    expect(names).toEqual(['foo']);
  });

  test('list /foo', async () => {
    const page = await rig.fs.list('/foo');
    const names = page.entries.map((e) => e.name).sort();
    expect(names).toEqual(['bar.txt', 'baz.txt']);
  });

  test('stat existing file', async () => {
    const e = await rig.fs.stat('/foo/bar.txt');
    expect(e.size).toBe(12);
    expect(e.contentType).toBe('text/plain');
  });

  test('stat missing → NotFoundError', async () => {
    let caught: unknown = null;
    try {
      await rig.fs.stat('/no/such/file');
    } catch (err) {
      caught = err;
    }
    expect(caught instanceof NotFoundError).toBe(true);
    expect((caught as NotFoundError).payload.code).toBe('NOT_FOUND');
  });

  test('mkdir creates a new directory', async () => {
    const result = await rig.fs.mkdir('/created');
    expect(result.entry.kind).toBe('dir');
    expect(tree.has('/created')).toBe(true);
  });

  test('mkdir on existing path → ConflictError', async () => {
    await expect(rig.fs.mkdir('/foo')).rejects.toBeInstanceOf(ConflictError);
  });

  test('delete file', async () => {
    tree.set('/temp.txt', { name: 'temp.txt', kind: 'file', size: 0, mtime: 0, metadata: {} });
    const r = await rig.fs.delete('/temp.txt');
    expect(r.deletedCount).toBe(1);
    expect(tree.has('/temp.txt')).toBe(false);
  });

  test('delete missing → NotFoundError', async () => {
    await expect(rig.fs.delete('/doesnt-exist')).rejects.toBeInstanceOf(NotFoundError);
  });

  test('move file', async () => {
    tree.set('/x.txt', { name: 'x.txt', kind: 'file', size: 0, mtime: 0, metadata: {} });
    const r = await rig.fs.move('/x.txt', '/y.txt');
    expect(r.entry.name).toBe('y.txt');
    expect(tree.has('/x.txt')).toBe(false);
    expect(tree.has('/y.txt')).toBe(true);
  });

  test('move overwrite=false → ConflictError on collision', async () => {
    tree.set('/a.txt', { name: 'a.txt', kind: 'file', size: 0, mtime: 0, metadata: {} });
    tree.set('/b.txt', { name: 'b.txt', kind: 'file', size: 0, mtime: 0, metadata: {} });
    await expect(rig.fs.move('/a.txt', '/b.txt')).rejects.toBeInstanceOf(ConflictError);
  });

  test('idempotent retry: same key + same args → cached response', async () => {
    tree.set('/idem.txt', { name: 'idem.txt', kind: 'file', size: 0, mtime: 0, metadata: {} });
    const key = 'IdemKey1AaBbCcDdEeFfGg'; // 22 chars
    const r1 = await rig.fs.delete('/idem.txt', { idempotencyKey: key });
    expect(r1.deletedCount).toBe(1);
    // 2nd call with same key → same result without throwing NotFound
    const r2 = await rig.fs.delete('/idem.txt', { idempotencyKey: key });
    expect(r2.deletedCount).toBe(1);
  });

  test('idempotency conflict: same key + different args', async () => {
    tree.set('/c1.txt', { name: 'c1.txt', kind: 'file', size: 0, mtime: 0, metadata: {} });
    tree.set('/c2.txt', { name: 'c2.txt', kind: 'file', size: 0, mtime: 0, metadata: {} });
    const key = 'ConflictKeyAaBbCcDdEeF'; // 22 chars
    await rig.fs.delete('/c1.txt', { idempotencyKey: key });
    await expect(
      rig.fs.delete('/c2.txt', { idempotencyKey: key }),
    ).rejects.toBeInstanceOf(IdempotencyConflictError);
  });

  test('path validation: traversal rejected by server', async () => {
    await expect(rig.fs.list('/foo')).resolves.toBeDefined();
    // Client-side schema rejects traversal too — bypass via direct bad path:
    await expect(rig.fs.stat('/foo/../etc')).rejects.toThrow();
  });

  // We don't test PermissionDenied here (no beforeOp gate configured),
  // but the type is referenced to ensure it's exported properly.
  test('PermissionDeniedError is exported', () => {
    expect(PermissionDeniedError).toBeDefined();
  });
});
feat(files): @shade/files 0.3.0 — E2EE filesystem RPC primitive M-Files-1..6 land the full files-RPC layer + everything 0.3.0 needs to ship. Apps keep their own UI; this layer ships the typed RPC, the streams bridge for content I/O, and production hooks (rate limit, retention, fingerprint gate, metrics). @shade/files (NEW) - Standard ops: list/stat/mkdir/delete/move/read/write/getThumbnail with Zod-validated wire schemas + clean user-handler types. - Custom ops: typed via TypeScript declaration merging on CustomOpsMap + per-op Zod schemas; client.custom('app.foo', {...}) is fully typed. - Content I/O: inline (≤ 256 KiB plaintext) base64-in-RPC; streams (> 256 KiB) ride @shade/transfer via userMetadata.shadeFilesWriteId / shadeFilesReadStreamId correlation. Server-side TransformStream bridges accept inbound transfers immediately (engine rejects chunks that arrive before accept) and park the readable for the matching RPC. - Directory ops: walk(path, opts) async-iterable depth-first walker; uploadDirectory()/downloadDirectory() with bounded concurrency pool (default 4, cap 16), aggregated progress, abort. - Production hooks (callback-based, vendor-neutral): rate-limit (op + byte), idempotency cache (LRU + TTL + in-flight de-dupe), path policy (traversal + percent-decode hardening), fingerprint gate (required/optional/reject), pluggable Ed25519 sig verification with ±5 min replay window, onMetric sink (standard names). - React hooks (subpath @shade/files/react): ShadeFilesProvider, useShadeFiles, useFileList, useFileTransfer/Upload/Download. - Shade.files.serve(handler) + Shade.files.client(peer) high-level entrypoint in @shade/sdk; lazy + memoized; one handler per Shade. Wire format bump - @shade/proto wire VERSION 0x01 → 0x02. Length prefixes changed from u16 to u32. The previous u16 silently truncated payloads above 64 KiB — a hard correctness ceiling that blocked inline file ops up to 256 KiB. Wire-incompatible with 0.2.x peers; new sessions only. Cross-platform Kotlin port (android/shade-android) updated to match; test-vectors/wire-format.json regenerated. Concurrency safety - ShadeSessionManager.encrypt/.decrypt now run under per-peer mutex. Concurrent decryptions of the same peer raced ratchet state (manifested as sporadic "Failed to decrypt — wrong key or tampered data" under load — surfaced once concurrent uploadDirectory pumped many writes in flight). Encrypt was already serialized via Shade.send's encryptChains; decrypt is now serialized at the manager layer too. @shade/streams extension - StreamMetadata.userMetadata?: Record<string, string> for application-level key/value pairs that round-trip verbatim through stream-init plaintext. Used by @shade/files for write/read correlation; available to any consumer. @shade/sdk extension - Shade.files getter (lazy + memoized). - BackgroundHooks.onPruneFiles + periodic timer (default 5 min) + BackgroundTasks.setHook(name, fn) for runtime hook registration. Bundles in-flight 0.2.0 work - packages/shade-streams/, packages/shade-transfer/, related shade-sdk streams-bridge + shade-widgets transfer hooks were uncommitted prior to this session. Including them keeps the workspace consistent at 0.3.0 since @shade/files depends on them. Tests - 74 new tests in @shade/files (572 → 646 workspace pass; 0 fail; 3× stable). Coverage spans unit (inline-threshold + concurrency), integration (read-write inline + streams up to 1 MiB, walk + upload/download directory, custom-op, metrics, SDK namespace end-to-end), and security (tampered-envelope sig verification, replay window, fingerprint gate, rate-limit + quota). Release artifacts - All packages bumped to 0.3.0 via scripts/bump-version.ts. - scripts/publish-all.ts PACKAGES updated with shade-files in topological order (after shade-transfer, before shade-sdk). - bun run publish:dry clean (14 packed, 0 failed). - examples/08-files-browser/ — three-process CLI demo (prekey + Bob server + Alice CLI) covering list/stat/mkdir/delete/upload/download. - docs/files.md — full API + design doc. - CHANGELOG.md 0.3.0 entry. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-02 14:00:01 +02:00			`import { describe, test, expect, beforeAll, afterAll } from 'bun:test';`
			`import {`
			`ConflictError,`
			`IdempotencyConflictError,`
			`NotFoundError,`
			`PermissionDeniedError,`
			`type FileEntry,`
			`} from '../../src/index.js';`
			`import { setupFileRig, type FileTestRig } from './helpers/rig.js';`

			`describe('Standard ops — list/stat/mkdir/delete/move E2E', () => {`
			`let rig: FileTestRig;`
			`// Simple in-memory backing store on Bob.`
			`const tree = new Map<string, FileEntry>();`

			`beforeAll(async () => {`
			`tree.clear();`
			`tree.set('/', { name: '', kind: 'dir', size: 0, mtime: 0, metadata: {} });`
			`tree.set('/foo', { name: 'foo', kind: 'dir', size: 0, mtime: 100, metadata: {} });`
			`tree.set('/foo/bar.txt', {`
			`name: 'bar.txt',`
			`kind: 'file',`
			`size: 12,`
			`mtime: 200,`
			`contentType: 'text/plain',`
			`metadata: {},`
			`});`
			`tree.set('/foo/baz.txt', {`
			`name: 'baz.txt',`
			`kind: 'file',`
			`size: 5,`
			`mtime: 300,`
			`metadata: {},`
			`});`

			`rig = await setupFileRig({`
			`list: async (ctx) => {`
			`const dir = ctx.path;`
			`const entries: FileEntry[] = [];`
			`for (const [path, entry] of tree) {`
			`if (path === dir) continue;`
			`if (!path.startsWith(dir === '/' ? '/' : dir + '/')) continue;`
			`const rest = path.slice(dir === '/' ? 1 : dir.length + 1);`
			`if (rest.includes('/')) continue;`
			`entries.push(entry);`
			`}`
			`return { entries, hasMore: false };`
			`},`
			`stat: async (ctx) => {`
			`const e = tree.get(ctx.path);`
			if (e === undefined) throw new NotFoundError(`${ctx.path} not found`);
			`return e;`
			`},`
			`mkdir: async (ctx) => {`
			if (tree.has(ctx.path)) throw new ConflictError(`${ctx.path} exists`);
			`const name = ctx.path.split('/').filter(Boolean).pop() ?? '';`
			`const entry: FileEntry = {`
			`name,`
			`kind: 'dir',`
			`size: 0,`
			`mtime: Date.now(),`
			`metadata: {},`
			`};`
			`tree.set(ctx.path, entry);`
			`return { entry };`
			`},`
			`delete: async (ctx) => {`
			`if (!tree.has(ctx.path)) throw new NotFoundError(ctx.path);`
			`let count = 0;`
			`if (ctx.args.recursive) {`
			`for (const path of [...tree.keys()]) {`
			`if (path === ctx.path \|\| path.startsWith(ctx.path + '/')) {`
			`tree.delete(path);`
			`count++;`
			`}`
			`}`
			`} else {`
			`tree.delete(ctx.path);`
			`count = 1;`
			`}`
			`return { deletedCount: count };`
			`},`
			`move: async (ctx) => {`
			`const src = ctx.args.src;`
			`const dst = ctx.args.dst;`
			`const e = tree.get(src);`
			`if (e === undefined) throw new NotFoundError(src);`
			`if (tree.has(dst) && !ctx.args.overwrite) {`
			throw new ConflictError(`${dst} exists`);
			`}`
			`const newName = dst.split('/').filter(Boolean).pop() ?? e.name;`
			`tree.delete(src);`
			`tree.set(dst, { ...e, name: newName });`
			`return { entry: tree.get(dst)! };`
			`},`
			`});`
			`});`

			`afterAll(async () => {`
			`await rig.teardown();`
			`});`

			`test('list /', async () => {`
			`const page = await rig.fs.list('/');`
			`expect(page.hasMore).toBe(false);`
			`const names = page.entries.map((e) => e.name).sort();`
			`expect(names).toEqual(['foo']);`
			`});`

			`test('list /foo', async () => {`
			`const page = await rig.fs.list('/foo');`
			`const names = page.entries.map((e) => e.name).sort();`
			`expect(names).toEqual(['bar.txt', 'baz.txt']);`
			`});`

			`test('stat existing file', async () => {`
			`const e = await rig.fs.stat('/foo/bar.txt');`
			`expect(e.size).toBe(12);`
			`expect(e.contentType).toBe('text/plain');`
			`});`

			`test('stat missing → NotFoundError', async () => {`
			`let caught: unknown = null;`
			`try {`
			`await rig.fs.stat('/no/such/file');`
			`} catch (err) {`
			`caught = err;`
			`}`
			`expect(caught instanceof NotFoundError).toBe(true);`
			`expect((caught as NotFoundError).payload.code).toBe('NOT_FOUND');`
			`});`

			`test('mkdir creates a new directory', async () => {`
			`const result = await rig.fs.mkdir('/created');`
			`expect(result.entry.kind).toBe('dir');`
			`expect(tree.has('/created')).toBe(true);`
			`});`

			`test('mkdir on existing path → ConflictError', async () => {`
			`await expect(rig.fs.mkdir('/foo')).rejects.toBeInstanceOf(ConflictError);`
			`});`

			`test('delete file', async () => {`
			`tree.set('/temp.txt', { name: 'temp.txt', kind: 'file', size: 0, mtime: 0, metadata: {} });`
			`const r = await rig.fs.delete('/temp.txt');`
			`expect(r.deletedCount).toBe(1);`
			`expect(tree.has('/temp.txt')).toBe(false);`
			`});`

			`test('delete missing → NotFoundError', async () => {`
			`await expect(rig.fs.delete('/doesnt-exist')).rejects.toBeInstanceOf(NotFoundError);`
			`});`

			`test('move file', async () => {`
			`tree.set('/x.txt', { name: 'x.txt', kind: 'file', size: 0, mtime: 0, metadata: {} });`
			`const r = await rig.fs.move('/x.txt', '/y.txt');`
			`expect(r.entry.name).toBe('y.txt');`
			`expect(tree.has('/x.txt')).toBe(false);`
			`expect(tree.has('/y.txt')).toBe(true);`
			`});`

			`test('move overwrite=false → ConflictError on collision', async () => {`
			`tree.set('/a.txt', { name: 'a.txt', kind: 'file', size: 0, mtime: 0, metadata: {} });`
			`tree.set('/b.txt', { name: 'b.txt', kind: 'file', size: 0, mtime: 0, metadata: {} });`
			`await expect(rig.fs.move('/a.txt', '/b.txt')).rejects.toBeInstanceOf(ConflictError);`
			`});`

			`test('idempotent retry: same key + same args → cached response', async () => {`
			`tree.set('/idem.txt', { name: 'idem.txt', kind: 'file', size: 0, mtime: 0, metadata: {} });`
			`const key = 'IdemKey1AaBbCcDdEeFfGg'; // 22 chars`
			`const r1 = await rig.fs.delete('/idem.txt', { idempotencyKey: key });`
			`expect(r1.deletedCount).toBe(1);`
			`// 2nd call with same key → same result without throwing NotFound`
			`const r2 = await rig.fs.delete('/idem.txt', { idempotencyKey: key });`
			`expect(r2.deletedCount).toBe(1);`
			`});`

			`test('idempotency conflict: same key + different args', async () => {`
			`tree.set('/c1.txt', { name: 'c1.txt', kind: 'file', size: 0, mtime: 0, metadata: {} });`
			`tree.set('/c2.txt', { name: 'c2.txt', kind: 'file', size: 0, mtime: 0, metadata: {} });`
			`const key = 'ConflictKeyAaBbCcDdEeF'; // 22 chars`
			`await rig.fs.delete('/c1.txt', { idempotencyKey: key });`
			`await expect(`
			`rig.fs.delete('/c2.txt', { idempotencyKey: key }),`
			`).rejects.toBeInstanceOf(IdempotencyConflictError);`
			`});`

			`test('path validation: traversal rejected by server', async () => {`
			`await expect(rig.fs.list('/foo')).resolves.toBeDefined();`
			`// Client-side schema rejects traversal too — bypass via direct bad path:`
			`await expect(rig.fs.stat('/foo/../etc')).rejects.toThrow();`
			`});`

			`// We don't test PermissionDenied here (no beforeOp gate configured),`
			`// but the type is referenced to ensure it's exported properly.`
			`test('PermissionDeniedError is exported', () => {`
			`expect(PermissionDeniedError).toBeDefined();`
			`});`
			`});`