release(v4.0.0): Shade GA — V3.x consolidation + audit prep
Some checks failed
Test / test (push) Has been cancelled
Cross-platform vectors / TypeScript vectors (bun) (push) Has been cancelled
Cross-platform vectors / Kotlin vectors (gradle) (push) Has been cancelled
Docker build and publish / docker (push) Has been cancelled
Publish / publish (push) Has been cancelled
Some checks failed
Test / test (push) Has been cancelled
Cross-platform vectors / TypeScript vectors (bun) (push) Has been cancelled
Cross-platform vectors / Kotlin vectors (gradle) (push) Has been cancelled
Docker build and publish / docker (push) Has been cancelled
Publish / publish (push) Has been cancelled
V3.1 → V3.12 consolidated and tagged for the first GA release. Wire format unchanged from 0.4.x — 4.0 peers interoperate with 0.4.x peers byte-for-byte. The version bump is semantic: audit-cycle complete, opt-in surface fully exposed, threat model refreshed for every new surface. Highlights: - All 24 @shade/* packages bumped to 4.0.0 in lockstep. - CHANGELOG 4.0.0 section is the canonical manifest of what landed. - THREAT-MODEL extended (§10 fingerprint gates, §11 WebRTC P2P, §12 Web-Worker boundary) + residual-risks table refreshed. - OpenAPI now covers all 27 routes: prekey, transfer, KT, inbox, bridge, observer, /metrics, /healthz, /ready. - MIGRATION 0.3.x → 4.0 documented + smoke-tested against shade migrate-storage on a real SQLite DB. - docs/audit/REVIEW-BUNDLE.md + SCOPE.md ready for external reviewer. - scripts/soak.ts harness for the GA-stable 2-week soak window. - All V*.md plans archived under docs/archive/ with Status: Done. - Voice/Video carved out into V5.0; 4.0 audit focuses on the frozen non-realtime stack. Tests: TS 1000/1000 + Kotlin 11/11 cross-platform vectors green. Docker: gt.zyon.no/stian/shade-prekey:4.0.0 builds and reports version 4.0.0 on /health. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
120
packages/shade-sdk/tests/kt.test.ts
Normal file
120
packages/shade-sdk/tests/kt.test.ts
Normal file
@@ -0,0 +1,120 @@
|
||||
import { describe, test, expect } from 'bun:test';
|
||||
import { createShade } from '../src/index.js';
|
||||
import {
|
||||
createPrekeyServerWithKT,
|
||||
MemoryPrekeyStore,
|
||||
} from '@shade/server';
|
||||
import { SubtleCryptoProvider } from '@shade/crypto-web';
|
||||
import { MemoryKTLogStore } from '@shade/key-transparency';
|
||||
|
||||
const crypto = new SubtleCryptoProvider();
|
||||
|
||||
async function startServerWithKT() {
|
||||
const logKp = await crypto.generateEd25519KeyPair();
|
||||
const { app, kt } = await createPrekeyServerWithKT({
|
||||
crypto,
|
||||
store: new MemoryPrekeyStore(),
|
||||
disableRateLimit: true,
|
||||
keyTransparency: {
|
||||
store: new MemoryKTLogStore(),
|
||||
signingPrivateKey: logKp.privateKey,
|
||||
signingPublicKey: logKp.publicKey,
|
||||
},
|
||||
});
|
||||
const port = 22000 + Math.floor(Math.random() * 1000);
|
||||
const handle = Bun.serve({ port, fetch: app.fetch });
|
||||
return { url: `http://localhost:${port}`, logKp, kt, stop: () => handle.stop() };
|
||||
}
|
||||
|
||||
describe('Shade.create() with keyTransparency config', () => {
|
||||
test('Alice and Bob exchange messages; SDK verifies KT proofs and observes STHs', async () => {
|
||||
const server = await startServerWithKT();
|
||||
try {
|
||||
const bob = await createShade({
|
||||
prekeyServer: server.url,
|
||||
address: 'bob',
|
||||
autoReplenish: false,
|
||||
keyTransparency: {
|
||||
mode: 'observe-strict',
|
||||
logPublicKey: server.logKp.publicKey,
|
||||
},
|
||||
});
|
||||
|
||||
const alice = await createShade({
|
||||
prekeyServer: server.url,
|
||||
address: 'alice',
|
||||
autoReplenish: false,
|
||||
keyTransparency: {
|
||||
mode: 'observe-strict',
|
||||
logPublicKey: server.logKp.publicKey,
|
||||
},
|
||||
});
|
||||
|
||||
const env = await alice.send('bob', 'Hello with KT proof!');
|
||||
const received = await bob.receive('alice', env);
|
||||
expect(received).toBe('Hello with KT proof!');
|
||||
|
||||
const witness = alice.getKTWitness();
|
||||
expect(witness).not.toBeNull();
|
||||
const latest = witness!.latestObserved();
|
||||
expect(latest).not.toBeNull();
|
||||
expect(latest!.treeSize).toBeGreaterThan(0);
|
||||
|
||||
await alice.shutdown();
|
||||
await bob.shutdown();
|
||||
} finally {
|
||||
server.stop();
|
||||
}
|
||||
});
|
||||
|
||||
test('observe-strict throws when server has KT off', async () => {
|
||||
const { createPrekeyServer, MemoryPrekeyStore } = await import('@shade/server');
|
||||
const app = createPrekeyServer({
|
||||
crypto,
|
||||
store: new MemoryPrekeyStore(),
|
||||
disableRateLimit: true,
|
||||
});
|
||||
const port = 22800 + Math.floor(Math.random() * 200);
|
||||
const handle = Bun.serve({ port, fetch: app.fetch });
|
||||
|
||||
try {
|
||||
const bob = await createShade({
|
||||
prekeyServer: `http://localhost:${port}`,
|
||||
address: 'bob',
|
||||
autoReplenish: false,
|
||||
});
|
||||
|
||||
const wrongKp = await crypto.generateEd25519KeyPair();
|
||||
const alice = await createShade({
|
||||
prekeyServer: `http://localhost:${port}`,
|
||||
address: 'alice',
|
||||
autoReplenish: false,
|
||||
keyTransparency: {
|
||||
mode: 'observe-strict',
|
||||
logPublicKey: wrongKp.publicKey,
|
||||
},
|
||||
});
|
||||
|
||||
// Sending requires fetching Bob's bundle, which has no proof — strict mode fails
|
||||
await expect(alice.send('bob', 'hi')).rejects.toThrow();
|
||||
await alice.shutdown();
|
||||
await bob.shutdown();
|
||||
} finally {
|
||||
handle.stop();
|
||||
}
|
||||
});
|
||||
|
||||
test('rejects logPublicKey of wrong length', async () => {
|
||||
await expect(
|
||||
createShade({
|
||||
prekeyServer: 'http://localhost:9999',
|
||||
address: 'x',
|
||||
autoReplenish: false,
|
||||
keyTransparency: {
|
||||
mode: 'observe',
|
||||
logPublicKey: new Uint8Array(31),
|
||||
},
|
||||
}),
|
||||
).rejects.toThrow(/32 bytes/);
|
||||
});
|
||||
});
|
||||
Reference in New Issue
Block a user