packages/shade-server/tests/cleanup-api.test.ts

import { describe, test, expect } from 'bun:test';
import { MemoryPrekeyStore } from '../src/memory-store.js';

function rand(n: number): Uint8Array {
  const buf = new Uint8Array(n);
  globalThis.crypto.getRandomValues(buf);
  return buf;
}

describe('PrekeyStore cleanup API', () => {
  test('touchIdentity updates last activity', async () => {
    const store = new MemoryPrekeyStore();
    await store.saveIdentity('alice', rand(32), rand(32));
    await store.touchIdentity('alice');
    // Verify identity is still there
    expect(await store.getIdentity('alice')).not.toBeNull();
  });

  test('purgeStaleIdentities removes old addresses', async () => {
    const store = new MemoryPrekeyStore();

    // Alice was active long ago
    await store.saveIdentity('alice', rand(32), rand(32));
    await store.saveSignedPreKey('alice', 1, rand(32), rand(64));
    await store.saveOneTimePreKeys('alice', [{ keyId: 100, publicKey: rand(32) }]);
    // Manually set alice's activity to 1 day ago
    await store.touchIdentity('alice');
    (store as any).lastActivity.set('alice', Date.now() - 2 * 24 * 60 * 60 * 1000);

    // Bob is fresh
    await store.saveIdentity('bob', rand(32), rand(32));
    await store.touchIdentity('bob');

    // Purge anything older than 1 day
    const count = await store.purgeStaleIdentities(24 * 60 * 60 * 1000);
    expect(count).toBe(1);

    // Alice is gone
    expect(await store.getIdentity('alice')).toBeNull();
    expect(await store.getSignedPreKey('alice')).toBeNull();
    expect(await store.getOneTimePreKeyCount('alice')).toBe(0);

    // Bob is still there
    expect(await store.getIdentity('bob')).not.toBeNull();
  });

  test('purge returns 0 when nothing is stale', async () => {
    const store = new MemoryPrekeyStore();
    await store.saveIdentity('alice', rand(32), rand(32));
    await store.touchIdentity('alice');

    const count = await store.purgeStaleIdentities(60 * 60 * 1000); // 1 hour
    expect(count).toBe(0);
  });

  test('untouched identities are considered stale', async () => {
    const store = new MemoryPrekeyStore();
    // Save without touching — simulates an ancient identity from before cleanup API
    await store.saveIdentity('ancient', rand(32), rand(32));

    const count = await store.purgeStaleIdentities(1000);
    expect(count).toBe(1);
    expect(await store.getIdentity('ancient')).toBeNull();
  });
});
feat(container): M-Box 1-8 — stack-agnostic standalone Docker container Shade now ships as a self-contained Docker image. Deploy one container per project, any stack (Bun, Python, Go, Rust, Kotlin) can talk to it via plain HTTP. Zero coupling to consumer codebases. M-Box 1: Stale identity cleanup API - touchIdentity + purgeStaleIdentities on PrekeyStore interface - Implemented for Memory, SQLite, and Postgres backends - SQLite adds last_activity_at column with migration ALTER for existing DBs - Postgres adds the same via raw SQL with IF NOT EXISTS guards - Routes call touchIdentity on register, bundle fetch, replenish - 4 new tests for the cleanup API M-Box 2: Stale cleanup background task - StaleCleanupTask runs purge on startup + every 24h (configurable) - Reads SHADE_STALE_DAYS (default 30) and SHADE_CLEANUP_INTERVAL_HOURS - Wired into standalone.ts, stopped on graceful shutdown - 5 new tests for the task M-Box 3: Observer baked into the container - standalone.ts conditionally mounts @shade/observer at /shade-observer when SHADE_OBSERVER_TOKEN is set (and >= 16 chars) - Shared PrekeyServerEvents emitter feeds both routes and observer - @shade/observer added as optional dependency of @shade/server M-Box 4: Dockerfile with dashboard build - Multi-stage build: oven/bun:1 builder → oven/bun:1-alpine runtime - COPY packages/ wholesale so workspace lockfile resolves cleanly - RUN bun run build inside shade-dashboard → dist/ → observer/dist/ - Non-root shade user, /data volume, healthcheck, env defaults - Final image: 260 MB M-Box 5: OpenAPI spec for stack-agnostic clients - packages/shade-server/openapi.yaml documents all 9 endpoints with request/response schemas, security (Ed25519 signatures + bearer token) - createOpenApiRoutes serves /openapi.yaml and /docs (Redoc viewer) - Any language can generate a client with openapi-generator M-Box 6: Docker CI pipeline - .gitea/workflows/docker.yml builds + pushes on git tag v* - scripts/build-docker.ts for local builds, supports --push with GITEA_TOKEN - Root package.json: build:docker, publish:docker scripts M-Box 7: Deployment documentation - packages/shade-server/README rewritten: 5-line quickstart with the image - docs/DEPLOYMENT.md: full reference, env vars, backup, Dokploy, PG setup - examples/05-dokploy-deployment/docker-compose.yml updated to pull published image (gt.zyon.no/stian/shade-prekey:latest) - Root README deployment section rewritten M-Box 8: End-to-end verification - Image builds locally (bun run build:docker) - /health, /openapi.yaml, /docs, /metrics, /shade-observer all respond - 401 without observer token, 200 with - Real SDK client round-trip: Alice → container → Bob → reply → Alice - Persistence: identity + prekeys survive container restart (count 20→18 as expected from two bundle fetches) 285 tests passing, 0 failures. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-11 14:29:00 +02:00			`import { describe, test, expect } from 'bun:test';`
			`import { MemoryPrekeyStore } from '../src/memory-store.js';`

			`function rand(n: number): Uint8Array {`
			`const buf = new Uint8Array(n);`
			`globalThis.crypto.getRandomValues(buf);`
			`return buf;`
			`}`

			`describe('PrekeyStore cleanup API', () => {`
			`test('touchIdentity updates last activity', async () => {`
			`const store = new MemoryPrekeyStore();`
			`await store.saveIdentity('alice', rand(32), rand(32));`
			`await store.touchIdentity('alice');`
			`// Verify identity is still there`
			`expect(await store.getIdentity('alice')).not.toBeNull();`
			`});`

			`test('purgeStaleIdentities removes old addresses', async () => {`
			`const store = new MemoryPrekeyStore();`

			`// Alice was active long ago`
			`await store.saveIdentity('alice', rand(32), rand(32));`
			`await store.saveSignedPreKey('alice', 1, rand(32), rand(64));`
			`await store.saveOneTimePreKeys('alice', [{ keyId: 100, publicKey: rand(32) }]);`
			`// Manually set alice's activity to 1 day ago`
			`await store.touchIdentity('alice');`
			`(store as any).lastActivity.set('alice', Date.now() - 2 * 24 * 60 * 60 * 1000);`

			`// Bob is fresh`
			`await store.saveIdentity('bob', rand(32), rand(32));`
			`await store.touchIdentity('bob');`

			`// Purge anything older than 1 day`
			`const count = await store.purgeStaleIdentities(24 * 60 * 60 * 1000);`
			`expect(count).toBe(1);`

			`// Alice is gone`
			`expect(await store.getIdentity('alice')).toBeNull();`
			`expect(await store.getSignedPreKey('alice')).toBeNull();`
			`expect(await store.getOneTimePreKeyCount('alice')).toBe(0);`

			`// Bob is still there`
			`expect(await store.getIdentity('bob')).not.toBeNull();`
			`});`

			`test('purge returns 0 when nothing is stale', async () => {`
			`const store = new MemoryPrekeyStore();`
			`await store.saveIdentity('alice', rand(32), rand(32));`
			`await store.touchIdentity('alice');`

			`const count = await store.purgeStaleIdentities(60 * 60 * 1000); // 1 hour`
			`expect(count).toBe(0);`
			`});`

			`test('untouched identities are considered stale', async () => {`
			`const store = new MemoryPrekeyStore();`
			`// Save without touching — simulates an ancient identity from before cleanup API`
			`await store.saveIdentity('ancient', rand(32), rand(32));`

			`const count = await store.purgeStaleIdentities(1000);`
			`expect(count).toBe(1);`
			`expect(await store.getIdentity('ancient')).toBeNull();`
			`});`
			`});`