mirror of
https://github.com/BigBodyCobain/Shadowbroker.git
synced 2026-06-09 07:43:59 +02:00
anoracleofra-code
668ce16dc7
Gate messages now propagate via the Infonet hashchain as encrypted blobs — every node syncs them through normal chain sync while only Gate members with MLS keys can decrypt. Added mesh reputation system, peer push workers, voluntary Wormhole opt-in for node participation, fork recovery, killwormhole scripts, obfuscated terminology, and hardened the self-updater to protect encryption keys and chain state during updates. New features: Shodan search, train tracking, Sentinel Hub imagery, 8 new intelligence layers, CCTV expansion to 11,000+ cameras across 6 countries, Mesh Terminal CLI, prediction markets, desktop-shell scaffold, and comprehensive mesh test suite (215 frontend + backend tests passing). Community contributors: @wa1id, @AlborzNazari, @adust09, @Xpirix, @imqdcr, @csysp, @suranyami, @chr0n1x, @johan-martensson, @singularfailure, @smithbh, @OrfeoTerkuci, @deuza, @tm-const, @Elhard1, @ttulttul
164 lines
4.6 KiB
TypeScript
164 lines
4.6 KiB
TypeScript
import { afterEach, describe, expect, it, vi } from 'vitest';
|
|
|
|
import { createRuntimeBridge } from '../../../../desktop-shell/src/runtimeBridge';
|
|
|
|
describe('runtimeBridge session profile routing', () => {
|
|
afterEach(() => {
|
|
vi.restoreAllMocks();
|
|
});
|
|
|
|
it('uses the invocation session profile hint when the runtime context is unscoped', async () => {
|
|
const auditControlUse = vi.fn();
|
|
vi.stubGlobal(
|
|
'fetch',
|
|
vi.fn(async () =>
|
|
new Response(JSON.stringify({ ok: true }), {
|
|
status: 200,
|
|
headers: { 'Content-Type': 'application/json' },
|
|
}),
|
|
),
|
|
);
|
|
|
|
const runtime = createRuntimeBridge({
|
|
backendBaseUrl: 'http://127.0.0.1:8000',
|
|
wormholeBaseUrl: 'http://127.0.0.1:8787',
|
|
auditControlUse,
|
|
});
|
|
|
|
await runtime.invokeLocalControl(
|
|
'wormhole.gate.key.rotate',
|
|
{ gate_id: 'infonet', reason: 'operator_reset' },
|
|
{
|
|
capability: 'wormhole_gate_key',
|
|
sessionProfileHint: 'gate_operator',
|
|
enforceProfileHint: true,
|
|
},
|
|
);
|
|
|
|
expect(auditControlUse).toHaveBeenCalledWith(
|
|
expect.objectContaining({
|
|
command: 'wormhole.gate.key.rotate',
|
|
targetRef: 'infonet',
|
|
sessionProfile: 'gate_operator',
|
|
sessionProfileHint: 'gate_operator',
|
|
enforceProfileHint: true,
|
|
profileAllows: true,
|
|
outcome: 'allowed',
|
|
}),
|
|
);
|
|
|
|
const report = runtime.getNativeControlAuditReport?.(5);
|
|
expect(report).toEqual(
|
|
expect.objectContaining({
|
|
totalEvents: 1,
|
|
totalRecorded: 1,
|
|
byOutcome: expect.objectContaining({ allowed: 1 }),
|
|
}),
|
|
);
|
|
expect(report?.recent[0]).toEqual(
|
|
expect.objectContaining({
|
|
command: 'wormhole.gate.key.rotate',
|
|
targetRef: 'infonet',
|
|
sessionProfile: 'gate_operator',
|
|
outcome: 'allowed',
|
|
}),
|
|
);
|
|
});
|
|
|
|
it('preserves an explicitly scoped runtime session profile over the invocation hint', async () => {
|
|
const auditControlUse = vi.fn();
|
|
vi.stubGlobal(
|
|
'fetch',
|
|
vi.fn(async () =>
|
|
new Response(JSON.stringify({ ok: true }), {
|
|
status: 200,
|
|
headers: { 'Content-Type': 'application/json' },
|
|
}),
|
|
),
|
|
);
|
|
|
|
const runtime = createRuntimeBridge({
|
|
backendBaseUrl: 'http://127.0.0.1:8000',
|
|
wormholeBaseUrl: 'http://127.0.0.1:8787',
|
|
sessionProfile: 'settings_only',
|
|
auditControlUse,
|
|
});
|
|
|
|
await runtime.invokeLocalControl(
|
|
'wormhole.gate.key.rotate',
|
|
{ gate_id: 'infonet', reason: 'operator_reset' },
|
|
{
|
|
capability: 'wormhole_gate_key',
|
|
sessionProfileHint: 'gate_operator',
|
|
},
|
|
);
|
|
|
|
expect(auditControlUse).toHaveBeenCalledWith(
|
|
expect.objectContaining({
|
|
command: 'wormhole.gate.key.rotate',
|
|
sessionProfile: 'settings_only',
|
|
sessionProfileHint: 'gate_operator',
|
|
profileAllows: false,
|
|
outcome: 'profile_warn',
|
|
}),
|
|
);
|
|
|
|
const report = runtime.getNativeControlAuditReport?.(5);
|
|
expect(report).toEqual(
|
|
expect.objectContaining({
|
|
totalEvents: 1,
|
|
totalRecorded: 1,
|
|
byOutcome: expect.objectContaining({ profile_warn: 1 }),
|
|
lastProfileMismatch: expect.objectContaining({
|
|
command: 'wormhole.gate.key.rotate',
|
|
sessionProfile: 'settings_only',
|
|
outcome: 'profile_warn',
|
|
}),
|
|
}),
|
|
);
|
|
});
|
|
|
|
it('denies a strictly hinted gate-key command when the runtime is pinned to another profile', async () => {
|
|
vi.stubGlobal(
|
|
'fetch',
|
|
vi.fn(async () =>
|
|
new Response(JSON.stringify({ ok: true }), {
|
|
status: 200,
|
|
headers: { 'Content-Type': 'application/json' },
|
|
}),
|
|
),
|
|
);
|
|
|
|
const runtime = createRuntimeBridge({
|
|
backendBaseUrl: 'http://127.0.0.1:8000',
|
|
wormholeBaseUrl: 'http://127.0.0.1:8787',
|
|
sessionProfile: 'settings_only',
|
|
});
|
|
|
|
await expect(
|
|
runtime.invokeLocalControl(
|
|
'wormhole.gate.key.rotate',
|
|
{ gate_id: 'infonet', reason: 'operator_reset' },
|
|
{
|
|
capability: 'wormhole_gate_key',
|
|
sessionProfileHint: 'gate_operator',
|
|
enforceProfileHint: true,
|
|
},
|
|
),
|
|
).rejects.toThrow('native_control_profile_mismatch');
|
|
|
|
const report = runtime.getNativeControlAuditReport?.(5);
|
|
expect(report).toEqual(
|
|
expect.objectContaining({
|
|
totalEvents: 1,
|
|
totalRecorded: 1,
|
|
byOutcome: expect.objectContaining({ profile_denied: 1 }),
|
|
lastDenied: expect.objectContaining({
|
|
command: 'wormhole.gate.key.rotate',
|
|
outcome: 'profile_denied',
|
|
}),
|
|
}),
|
|
);
|
|
});
|
|
});
|