companion-token-custody-data-integrity.test.mjs
file-level
1
files
1
commits
0
hotspots
0
🧊 dead
0
💥 blast risk
| 1 | /** |
| 2 | * Tier 5 — DATA INTEGRITY: buildSessionMeta is pure/deterministic; what is stored is exactly what |
| 3 | * is loaded; metadata holds no secret; the module reads nothing from the environment. |
| 4 | */ |
| 5 | import { describe, it } from 'node:test'; |
| 6 | import assert from 'node:assert/strict'; |
| 7 | import { buildSessionMeta, createTokenCustody } from '../lib/companion-token-custody.mjs'; |
| 8 | import { makeSyncKeychain } from './helpers/companion-keychain-fake.mjs'; |
| 9 | |
| 10 | describe('Data integrity — buildSessionMeta is pure/deterministic', () => { |
| 11 | it('same inputs → identical metadata', () => { |
| 12 | const tr = { expiresIn: 3600, refreshToken: 'r', scope: 'vault:read', tokenType: 'Bearer' }; |
| 13 | const ctx = { now: 12345, refreshTtlMs: 1000, issuer: 'https://knowtation.store' }; |
| 14 | assert.deepEqual(buildSessionMeta(tr, ctx), buildSessionMeta(tr, ctx)); |
| 15 | }); |
| 16 | it('does not mutate its inputs', () => { |
| 17 | const tr = { expiresIn: 3600, refreshToken: 'r', scope: 'vault:read', tokenType: 'Bearer' }; |
| 18 | const ctx = { now: 1, refreshTtlMs: 1000 }; |
| 19 | const trSnap = JSON.stringify(tr); |
| 20 | const ctxSnap = JSON.stringify(ctx); |
| 21 | buildSessionMeta(tr, ctx); |
| 22 | assert.equal(JSON.stringify(tr), trSnap); |
| 23 | assert.equal(JSON.stringify(ctx), ctxSnap); |
| 24 | }); |
| 25 | }); |
| 26 | |
| 27 | describe('Data integrity — store/load fidelity', () => { |
| 28 | it('loaded session fields equal the stored values', async () => { |
| 29 | const custody = createTokenCustody(makeSyncKeychain()); |
| 30 | const meta = buildSessionMeta({ expiresIn: 7200, refreshToken: 'r', scope: 'vault:read vault:write', tokenType: 'Bearer' }, { now: 500, refreshTtlMs: 2000, issuer: 'https://knowtation.store' }); |
| 31 | await custody.storeSession({ accessToken: 'jwt', refreshToken: 'r', meta }); |
| 32 | const loaded = await custody.loadSession(); |
| 33 | assert.equal(loaded.expiresAt, meta.expiresAt); |
| 34 | assert.equal(loaded.refreshExpiresAt, meta.refreshExpiresAt); |
| 35 | assert.equal(loaded.scope, 'vault:read vault:write'); |
| 36 | assert.equal(loaded.issuer, 'https://knowtation.store'); |
| 37 | assert.equal(loaded.tokenType, 'Bearer'); |
| 38 | }); |
| 39 | }); |
| 40 | |
| 41 | describe('Data integrity — environment independence', () => { |
| 42 | it('metadata does not change with process.env', () => { |
| 43 | const tr = { expiresIn: 60, refreshToken: null, scope: null, tokenType: 'Bearer' }; |
| 44 | const before = buildSessionMeta(tr, { now: 0 }); |
| 45 | process.env.KNOWTATION_CUSTODY_TEST = 'x'; |
| 46 | const after = buildSessionMeta(tr, { now: 0 }); |
| 47 | delete process.env.KNOWTATION_CUSTODY_TEST; |
| 48 | assert.deepEqual(before, after); |
| 49 | }); |
| 50 | }); |