packages/shade-streams/tests/sender-receiver.test.ts

import { describe, test, expect } from 'bun:test';
import { SubtleCryptoProvider } from '@shade/crypto-web';
import {
  StreamSender,
  StreamReceiver,
  StreamFinishedError,
  generateStreamId,
  generateStreamSecret,
} from '../src/index.js';

const crypto = new SubtleCryptoProvider();

function hex(b: Uint8Array): string {
  return Array.from(b, (x) => x.toString(16).padStart(2, '0')).join('');
}

async function makePair(opts?: { laneId?: number; startSeq?: number }) {
  const streamId = generateStreamId(crypto);
  const streamSecret = generateStreamSecret(crypto);
  const laneId = opts?.laneId ?? 0;
  const sender = await StreamSender.create({
    crypto,
    streamId,
    streamSecret,
    laneId,
    ...(opts?.startSeq !== undefined ? { startSeq: opts.startSeq } : {}),
  });
  const receiver = await StreamReceiver.create({
    crypto,
    streamId,
    streamSecret,
    laneId,
    ...(opts?.startSeq !== undefined ? { startSeq: opts.startSeq } : {}),
  });
  return { sender, receiver, streamId, streamSecret };
}

describe('Single-lane sender/receiver roundtrip', () => {
  test('basic single-chunk transfer', async () => {
    const { sender, receiver } = await makePair();
    const plaintext = new TextEncoder().encode('hello shade');
    const { bytes } = await sender.encryptChunk(plaintext, true);
    const decrypted = await receiver.decryptChunk(bytes);
    expect(new TextDecoder().decode(decrypted.plaintext)).toBe('hello shade');
    expect(decrypted.seq).toBe(0);
    expect(decrypted.isLast).toBe(true);
  });

  test('multi-chunk transfer with monotonic seq', async () => {
    const { sender, receiver } = await makePair();
    const chunks = ['alpha', 'beta', 'gamma', 'delta'];
    for (let i = 0; i < chunks.length; i++) {
      const isLast = i === chunks.length - 1;
      const { bytes, seq } = await sender.encryptChunk(
        new TextEncoder().encode(chunks[i]!),
        isLast,
      );
      expect(seq).toBe(i);
      const dec = await receiver.decryptChunk(bytes);
      expect(new TextDecoder().decode(dec.plaintext)).toBe(chunks[i]);
      expect(dec.seq).toBe(i);
      expect(dec.isLast).toBe(isLast);
    }
  });

  test('lane sha256 matches between sender and receiver', async () => {
    const { sender, receiver } = await makePair();
    const data = [
      crypto.randomBytes(1024),
      crypto.randomBytes(2048),
      crypto.randomBytes(512),
    ];
    for (let i = 0; i < data.length; i++) {
      const { bytes } = await sender.encryptChunk(data[i]!, i === data.length - 1);
      await receiver.decryptChunk(bytes);
    }
    expect(hex(sender.getLaneSha256Digest())).toBe(hex(receiver.getLaneSha256Digest()));
  });

  test('handles empty chunks', async () => {
    const { sender, receiver } = await makePair();
    const { bytes } = await sender.encryptChunk(new Uint8Array(0), true);
    const dec = await receiver.decryptChunk(bytes);
    expect(dec.plaintext.length).toBe(0);
    expect(dec.isLast).toBe(true);
  });

  test('ship-gate: ~10 MiB roundtrip preserves byte-for-byte content', async () => {
    const { sender, receiver } = await makePair();
    const total = 10 * 1024 * 1024;
    const chunkSize = 256 * 1024;
    const allBytes = crypto.randomBytes(total);

    const reconstructed: Uint8Array[] = [];
    for (let off = 0; off < total; off += chunkSize) {
      const slice = allBytes.subarray(off, Math.min(off + chunkSize, total));
      const isLast = off + chunkSize >= total;
      const { bytes } = await sender.encryptChunk(slice, isLast);
      const dec = await receiver.decryptChunk(bytes);
      reconstructed.push(dec.plaintext);
    }

    let off = 0;
    for (const piece of reconstructed) {
      for (let i = 0; i < piece.length; i++) {
        if (piece[i] !== allBytes[off + i]) {
          throw new Error(`mismatch at byte ${off + i}`);
        }
      }
      off += piece.length;
    }
    expect(off).toBe(total);
    expect(hex(sender.getLaneSha256Digest())).toBe(hex(receiver.getLaneSha256Digest()));
  });

  test('byte counters track encrypted/decrypted plaintext', async () => {
    const { sender, receiver } = await makePair();
    const a = crypto.randomBytes(100);
    const b = crypto.randomBytes(250);
    const { bytes: ab } = await sender.encryptChunk(a, false);
    const { bytes: bb } = await sender.encryptChunk(b, true);
    await receiver.decryptChunk(ab);
    await receiver.decryptChunk(bb);
    expect(sender.bytesSent).toBe(350n);
    expect(receiver.bytesReceived).toBe(350n);
  });

  test('finished flag set after isLast', async () => {
    const { sender, receiver } = await makePair();
    const { bytes } = await sender.encryptChunk(new Uint8Array(8), true);
    expect(sender.isFinished).toBe(true);
    await receiver.decryptChunk(bytes);
    expect(receiver.isFinished).toBe(true);
  });

  test('encryptChunk after finish throws StreamFinishedError', async () => {
    const { sender } = await makePair();
    await sender.encryptChunk(new Uint8Array(0), true);
    await expect(sender.encryptChunk(new Uint8Array(0), false)).rejects.toThrow(
      StreamFinishedError,
    );
  });

  test('decryptChunk after finish throws StreamFinishedError', async () => {
    const { sender, receiver } = await makePair();
    const { bytes: a } = await sender.encryptChunk(new Uint8Array(8), true);
    await receiver.decryptChunk(a);
    // Try to feed another chunk — sender wouldn't normally produce one, but
    // simulate an attacker sending bytes after the legitimate isLast.
    const sender2 = await StreamSender.create({
      crypto,
      streamId: (sender as unknown as { streamId: Uint8Array }).streamId,
      streamSecret: new Uint8Array(32),
      laneId: 0,
    });
    const { bytes: extra } = await sender2.encryptChunk(new Uint8Array(8), false);
    await expect(receiver.decryptChunk(extra)).rejects.toThrow(StreamFinishedError);
  });

  test('destroy zeroes the lane key (subsequent calls throw)', async () => {
    const { sender, receiver } = await makePair();
    sender.destroy();
    receiver.destroy();
    await expect(sender.encryptChunk(new Uint8Array(0), false)).rejects.toThrow(
      StreamFinishedError,
    );
  });

  test('startSeq enables resume from arbitrary offset', async () => {
    const { sender, receiver } = await makePair({ startSeq: 100 });
    const { bytes, seq } = await sender.encryptChunk(new TextEncoder().encode('mid'), false);
    expect(seq).toBe(100);
    const dec = await receiver.decryptChunk(bytes);
    expect(dec.seq).toBe(100);
  });
});
feat(files): @shade/files 0.3.0 — E2EE filesystem RPC primitive M-Files-1..6 land the full files-RPC layer + everything 0.3.0 needs to ship. Apps keep their own UI; this layer ships the typed RPC, the streams bridge for content I/O, and production hooks (rate limit, retention, fingerprint gate, metrics). @shade/files (NEW) - Standard ops: list/stat/mkdir/delete/move/read/write/getThumbnail with Zod-validated wire schemas + clean user-handler types. - Custom ops: typed via TypeScript declaration merging on CustomOpsMap + per-op Zod schemas; client.custom('app.foo', {...}) is fully typed. - Content I/O: inline (≤ 256 KiB plaintext) base64-in-RPC; streams (> 256 KiB) ride @shade/transfer via userMetadata.shadeFilesWriteId / shadeFilesReadStreamId correlation. Server-side TransformStream bridges accept inbound transfers immediately (engine rejects chunks that arrive before accept) and park the readable for the matching RPC. - Directory ops: walk(path, opts) async-iterable depth-first walker; uploadDirectory()/downloadDirectory() with bounded concurrency pool (default 4, cap 16), aggregated progress, abort. - Production hooks (callback-based, vendor-neutral): rate-limit (op + byte), idempotency cache (LRU + TTL + in-flight de-dupe), path policy (traversal + percent-decode hardening), fingerprint gate (required/optional/reject), pluggable Ed25519 sig verification with ±5 min replay window, onMetric sink (standard names). - React hooks (subpath @shade/files/react): ShadeFilesProvider, useShadeFiles, useFileList, useFileTransfer/Upload/Download. - Shade.files.serve(handler) + Shade.files.client(peer) high-level entrypoint in @shade/sdk; lazy + memoized; one handler per Shade. Wire format bump - @shade/proto wire VERSION 0x01 → 0x02. Length prefixes changed from u16 to u32. The previous u16 silently truncated payloads above 64 KiB — a hard correctness ceiling that blocked inline file ops up to 256 KiB. Wire-incompatible with 0.2.x peers; new sessions only. Cross-platform Kotlin port (android/shade-android) updated to match; test-vectors/wire-format.json regenerated. Concurrency safety - ShadeSessionManager.encrypt/.decrypt now run under per-peer mutex. Concurrent decryptions of the same peer raced ratchet state (manifested as sporadic "Failed to decrypt — wrong key or tampered data" under load — surfaced once concurrent uploadDirectory pumped many writes in flight). Encrypt was already serialized via Shade.send's encryptChains; decrypt is now serialized at the manager layer too. @shade/streams extension - StreamMetadata.userMetadata?: Record<string, string> for application-level key/value pairs that round-trip verbatim through stream-init plaintext. Used by @shade/files for write/read correlation; available to any consumer. @shade/sdk extension - Shade.files getter (lazy + memoized). - BackgroundHooks.onPruneFiles + periodic timer (default 5 min) + BackgroundTasks.setHook(name, fn) for runtime hook registration. Bundles in-flight 0.2.0 work - packages/shade-streams/, packages/shade-transfer/, related shade-sdk streams-bridge + shade-widgets transfer hooks were uncommitted prior to this session. Including them keeps the workspace consistent at 0.3.0 since @shade/files depends on them. Tests - 74 new tests in @shade/files (572 → 646 workspace pass; 0 fail; 3× stable). Coverage spans unit (inline-threshold + concurrency), integration (read-write inline + streams up to 1 MiB, walk + upload/download directory, custom-op, metrics, SDK namespace end-to-end), and security (tampered-envelope sig verification, replay window, fingerprint gate, rate-limit + quota). Release artifacts - All packages bumped to 0.3.0 via scripts/bump-version.ts. - scripts/publish-all.ts PACKAGES updated with shade-files in topological order (after shade-transfer, before shade-sdk). - bun run publish:dry clean (14 packed, 0 failed). - examples/08-files-browser/ — three-process CLI demo (prekey + Bob server + Alice CLI) covering list/stat/mkdir/delete/upload/download. - docs/files.md — full API + design doc. - CHANGELOG.md 0.3.0 entry. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-02 14:00:01 +02:00			`import { describe, test, expect } from 'bun:test';`
			`import { SubtleCryptoProvider } from '@shade/crypto-web';`
			`import {`
			`StreamSender,`
			`StreamReceiver,`
			`StreamFinishedError,`
			`generateStreamId,`
			`generateStreamSecret,`
			`} from '../src/index.js';`

			`const crypto = new SubtleCryptoProvider();`

			`function hex(b: Uint8Array): string {`
			`return Array.from(b, (x) => x.toString(16).padStart(2, '0')).join('');`
			`}`

			`async function makePair(opts?: { laneId?: number; startSeq?: number }) {`
			`const streamId = generateStreamId(crypto);`
			`const streamSecret = generateStreamSecret(crypto);`
			`const laneId = opts?.laneId ?? 0;`
			`const sender = await StreamSender.create({`
			`crypto,`
			`streamId,`
			`streamSecret,`
			`laneId,`
			`...(opts?.startSeq !== undefined ? { startSeq: opts.startSeq } : {}),`
			`});`
			`const receiver = await StreamReceiver.create({`
			`crypto,`
			`streamId,`
			`streamSecret,`
			`laneId,`
			`...(opts?.startSeq !== undefined ? { startSeq: opts.startSeq } : {}),`
			`});`
			`return { sender, receiver, streamId, streamSecret };`
			`}`

			`describe('Single-lane sender/receiver roundtrip', () => {`
			`test('basic single-chunk transfer', async () => {`
			`const { sender, receiver } = await makePair();`
			`const plaintext = new TextEncoder().encode('hello shade');`
			`const { bytes } = await sender.encryptChunk(plaintext, true);`
			`const decrypted = await receiver.decryptChunk(bytes);`
			`expect(new TextDecoder().decode(decrypted.plaintext)).toBe('hello shade');`
			`expect(decrypted.seq).toBe(0);`
			`expect(decrypted.isLast).toBe(true);`
			`});`

			`test('multi-chunk transfer with monotonic seq', async () => {`
			`const { sender, receiver } = await makePair();`
			`const chunks = ['alpha', 'beta', 'gamma', 'delta'];`
			`for (let i = 0; i < chunks.length; i++) {`
			`const isLast = i === chunks.length - 1;`
			`const { bytes, seq } = await sender.encryptChunk(`
			`new TextEncoder().encode(chunks[i]!),`
			`isLast,`
			`);`
			`expect(seq).toBe(i);`
			`const dec = await receiver.decryptChunk(bytes);`
			`expect(new TextDecoder().decode(dec.plaintext)).toBe(chunks[i]);`
			`expect(dec.seq).toBe(i);`
			`expect(dec.isLast).toBe(isLast);`
			`}`
			`});`

			`test('lane sha256 matches between sender and receiver', async () => {`
			`const { sender, receiver } = await makePair();`
			`const data = [`
			`crypto.randomBytes(1024),`
			`crypto.randomBytes(2048),`
			`crypto.randomBytes(512),`
			`];`
			`for (let i = 0; i < data.length; i++) {`
			`const { bytes } = await sender.encryptChunk(data[i]!, i === data.length - 1);`
			`await receiver.decryptChunk(bytes);`
			`}`
			`expect(hex(sender.getLaneSha256Digest())).toBe(hex(receiver.getLaneSha256Digest()));`
			`});`

			`test('handles empty chunks', async () => {`
			`const { sender, receiver } = await makePair();`
			`const { bytes } = await sender.encryptChunk(new Uint8Array(0), true);`
			`const dec = await receiver.decryptChunk(bytes);`
			`expect(dec.plaintext.length).toBe(0);`
			`expect(dec.isLast).toBe(true);`
			`});`

			`test('ship-gate: ~10 MiB roundtrip preserves byte-for-byte content', async () => {`
			`const { sender, receiver } = await makePair();`
			`const total = 10 * 1024 * 1024;`
			`const chunkSize = 256 * 1024;`
			`const allBytes = crypto.randomBytes(total);`

			`const reconstructed: Uint8Array[] = [];`
			`for (let off = 0; off < total; off += chunkSize) {`
			`const slice = allBytes.subarray(off, Math.min(off + chunkSize, total));`
			`const isLast = off + chunkSize >= total;`
			`const { bytes } = await sender.encryptChunk(slice, isLast);`
			`const dec = await receiver.decryptChunk(bytes);`
			`reconstructed.push(dec.plaintext);`
			`}`

			`let off = 0;`
			`for (const piece of reconstructed) {`
			`for (let i = 0; i < piece.length; i++) {`
			`if (piece[i] !== allBytes[off + i]) {`
			throw new Error(`mismatch at byte ${off + i}`);
			`}`
			`}`
			`off += piece.length;`
			`}`
			`expect(off).toBe(total);`
			`expect(hex(sender.getLaneSha256Digest())).toBe(hex(receiver.getLaneSha256Digest()));`
			`});`

			`test('byte counters track encrypted/decrypted plaintext', async () => {`
			`const { sender, receiver } = await makePair();`
			`const a = crypto.randomBytes(100);`
			`const b = crypto.randomBytes(250);`
			`const { bytes: ab } = await sender.encryptChunk(a, false);`
			`const { bytes: bb } = await sender.encryptChunk(b, true);`
			`await receiver.decryptChunk(ab);`
			`await receiver.decryptChunk(bb);`
			`expect(sender.bytesSent).toBe(350n);`
			`expect(receiver.bytesReceived).toBe(350n);`
			`});`

			`test('finished flag set after isLast', async () => {`
			`const { sender, receiver } = await makePair();`
			`const { bytes } = await sender.encryptChunk(new Uint8Array(8), true);`
			`expect(sender.isFinished).toBe(true);`
			`await receiver.decryptChunk(bytes);`
			`expect(receiver.isFinished).toBe(true);`
			`});`

			`test('encryptChunk after finish throws StreamFinishedError', async () => {`
			`const { sender } = await makePair();`
			`await sender.encryptChunk(new Uint8Array(0), true);`
			`await expect(sender.encryptChunk(new Uint8Array(0), false)).rejects.toThrow(`
			`StreamFinishedError,`
			`);`
			`});`

			`test('decryptChunk after finish throws StreamFinishedError', async () => {`
			`const { sender, receiver } = await makePair();`
			`const { bytes: a } = await sender.encryptChunk(new Uint8Array(8), true);`
			`await receiver.decryptChunk(a);`
			`// Try to feed another chunk — sender wouldn't normally produce one, but`
			`// simulate an attacker sending bytes after the legitimate isLast.`
			`const sender2 = await StreamSender.create({`
			`crypto,`
			`streamId: (sender as unknown as { streamId: Uint8Array }).streamId,`
			`streamSecret: new Uint8Array(32),`
			`laneId: 0,`
			`});`
			`const { bytes: extra } = await sender2.encryptChunk(new Uint8Array(8), false);`
			`await expect(receiver.decryptChunk(extra)).rejects.toThrow(StreamFinishedError);`
			`});`

			`test('destroy zeroes the lane key (subsequent calls throw)', async () => {`
			`const { sender, receiver } = await makePair();`
			`sender.destroy();`
			`receiver.destroy();`
			`await expect(sender.encryptChunk(new Uint8Array(0), false)).rejects.toThrow(`
			`StreamFinishedError,`
			`);`
			`});`

			`test('startSeq enables resume from arbitrary offset', async () => {`
			`const { sender, receiver } = await makePair({ startSeq: 100 });`
			`const { bytes, seq } = await sender.encryptChunk(new TextEncoder().encode('mid'), false);`
			`expect(seq).toBe(100);`
			`const dec = await receiver.decryptChunk(bytes);`
			`expect(dec.seq).toBe(100);`
			`});`
			`});`