feat(cli): sessionbrokerclient + registry hooks (flag-gated)
daemon-side half of 1.30.0 per-session broker presence. behind CLAUDEMESH_SESSION_PRESENCE=1 (default OFF this cycle so the broker side bakes before the flag flips). - SessionBrokerClient (apps/cli/src/daemon/session-broker.ts) — slim WS that opens with session_hello, presence-only, no outbox drain. - session-hello-sig.ts — signParentAttestation (12h TTL, ≤24h cap) and signSessionHello, mirroring the broker canonical formats. - session-registry: optional presence field on SessionInfo; setRegistryHooks for onRegister/onDeregister callbacks. Hook errors are caught so they can never throttle registry mutations. - IPC POST /v1/sessions/register accepts the presence material under body.presence (session_pubkey, session_secret_key, parent_attestation). Older callers without it stay scoped + supported. - run.ts wires the registry hooks: on register, opens a SessionBrokerClient for the matching mesh; on deregister (explicit or reaper), closes it. Shutdown closes any remaining session WSes before the IPC server. 8 new unit tests cover registry lifecycle (replace/throw/presence roundtrip) and signature canonical-bytes verification against libsodium. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Alejandro Gutiérrez
88
apps/cli/tests/unit/session-hello-sig.test.ts
Normal file
88
apps/cli/tests/unit/session-hello-sig.test.ts
Normal file
@@ -0,0 +1,88 @@
|
||||
/**
|
||||
* CLI-side session-hello signing.
|
||||
*
|
||||
* Roundtrip: the signatures we mint with the CLI helpers must match the
|
||||
* canonical bytes the broker recomputes from the same fields. Drift here
|
||||
* shows up as `bad_signature` on the broker — easier to catch in unit
|
||||
* tests than in end-to-end flow.
|
||||
*/
|
||||
|
||||
import { describe, expect, test } from "vitest";
|
||||
import sodium from "libsodium-wrappers";
|
||||
import {
|
||||
signParentAttestation,
|
||||
signSessionHello,
|
||||
DEFAULT_ATTESTATION_TTL_MS,
|
||||
} from "../../src/services/broker/session-hello-sig.js";
|
||||
|
||||
async function makeKeypair(): Promise<{ publicKey: string; secretKey: string }> {
|
||||
await sodium.ready;
|
||||
const kp = sodium.crypto_sign_keypair();
|
||||
return {
|
||||
publicKey: sodium.to_hex(kp.publicKey),
|
||||
secretKey: sodium.to_hex(kp.privateKey),
|
||||
};
|
||||
}
|
||||
|
||||
describe("signParentAttestation", () => {
|
||||
test("produces canonical bytes that verify against parent pubkey", async () => {
|
||||
await sodium.ready;
|
||||
const parent = await makeKeypair();
|
||||
const session = await makeKeypair();
|
||||
|
||||
const att = await signParentAttestation({
|
||||
parentMemberPubkey: parent.publicKey,
|
||||
parentSecretKey: parent.secretKey,
|
||||
sessionPubkey: session.publicKey,
|
||||
});
|
||||
expect(att.parentMemberPubkey).toBe(parent.publicKey);
|
||||
expect(att.sessionPubkey).toBe(session.publicKey);
|
||||
expect(att.signature).toMatch(/^[0-9a-f]{128}$/);
|
||||
|
||||
const canonical =
|
||||
`claudemesh-session-attest|${parent.publicKey}|${session.publicKey}|${att.expiresAt}`;
|
||||
const ok = sodium.crypto_sign_verify_detached(
|
||||
sodium.from_hex(att.signature),
|
||||
sodium.from_string(canonical),
|
||||
sodium.from_hex(parent.publicKey),
|
||||
);
|
||||
expect(ok).toBe(true);
|
||||
});
|
||||
|
||||
test("default TTL ≤24h cap", async () => {
|
||||
const parent = await makeKeypair();
|
||||
const session = await makeKeypair();
|
||||
const now = 1_700_000_000_000;
|
||||
const att = await signParentAttestation({
|
||||
parentMemberPubkey: parent.publicKey,
|
||||
parentSecretKey: parent.secretKey,
|
||||
sessionPubkey: session.publicKey,
|
||||
now,
|
||||
});
|
||||
expect(att.expiresAt).toBe(now + DEFAULT_ATTESTATION_TTL_MS);
|
||||
expect(att.expiresAt - now).toBeLessThanOrEqual(24 * 60 * 60 * 1000);
|
||||
});
|
||||
});
|
||||
|
||||
describe("signSessionHello", () => {
|
||||
test("signature verifies against session pubkey", async () => {
|
||||
await sodium.ready;
|
||||
const session = await makeKeypair();
|
||||
const result = await signSessionHello({
|
||||
meshId: "mesh-x",
|
||||
parentMemberPubkey: "c".repeat(64),
|
||||
sessionPubkey: session.publicKey,
|
||||
sessionSecretKey: session.secretKey,
|
||||
});
|
||||
expect(result.signature).toMatch(/^[0-9a-f]{128}$/);
|
||||
|
||||
const canonical =
|
||||
`claudemesh-session-hello|mesh-x|${"c".repeat(64)}|${session.publicKey}|${result.timestamp}`;
|
||||
const ok = sodium.crypto_sign_verify_detached(
|
||||
sodium.from_hex(result.signature),
|
||||
sodium.from_string(canonical),
|
||||
sodium.from_hex(session.publicKey),
|
||||
);
|
||||
expect(ok).toBe(true);
|
||||
});
|
||||
});
|
||||
135
apps/cli/tests/unit/session-registry-hooks.test.ts
Normal file
135
apps/cli/tests/unit/session-registry-hooks.test.ts
Normal file
@@ -0,0 +1,135 @@
|
||||
/**
|
||||
* Session-registry lifecycle hooks (1.30.0+).
|
||||
*
|
||||
* The daemon's session-broker subsystem subscribes to register/deregister
|
||||
* events to open and close per-session WSes. Verifies:
|
||||
* - hooks fire on register + deregister
|
||||
* - replacing an entry under the same sessionId fires deregister(prior)
|
||||
* followed by register(new)
|
||||
* - reaper-triggered deregister fires the hook for dead pids
|
||||
* - presence material round-trips through the registry
|
||||
*/
|
||||
|
||||
import { afterEach, describe, expect, test, vi } from "vitest";
|
||||
import {
|
||||
_resetRegistry,
|
||||
deregisterByToken,
|
||||
registerSession,
|
||||
resolveToken,
|
||||
setRegistryHooks,
|
||||
type SessionInfo,
|
||||
} from "../../src/daemon/session-registry.js";
|
||||
|
||||
const PRESENCE = {
|
||||
sessionPubkey: "a".repeat(64),
|
||||
sessionSecretKey: "b".repeat(128),
|
||||
parentAttestation: {
|
||||
sessionPubkey: "a".repeat(64),
|
||||
parentMemberPubkey: "c".repeat(64),
|
||||
expiresAt: Date.now() + 60 * 60 * 1000,
|
||||
signature: "d".repeat(128),
|
||||
},
|
||||
};
|
||||
|
||||
afterEach(() => {
|
||||
_resetRegistry();
|
||||
});
|
||||
|
||||
describe("session-registry hooks", () => {
|
||||
test("onRegister fires on register", () => {
|
||||
const onRegister = vi.fn();
|
||||
const onDeregister = vi.fn();
|
||||
setRegistryHooks({ onRegister, onDeregister });
|
||||
|
||||
registerSession({
|
||||
token: "t".repeat(64),
|
||||
sessionId: "sess-1",
|
||||
mesh: "alpha",
|
||||
displayName: "Alex",
|
||||
pid: 12345,
|
||||
presence: PRESENCE,
|
||||
});
|
||||
|
||||
expect(onRegister).toHaveBeenCalledTimes(1);
|
||||
expect(onDeregister).not.toHaveBeenCalled();
|
||||
const arg = onRegister.mock.calls[0]![0] as SessionInfo;
|
||||
expect(arg.sessionId).toBe("sess-1");
|
||||
expect(arg.presence).toEqual(PRESENCE);
|
||||
});
|
||||
|
||||
test("onDeregister fires on explicit deregister", () => {
|
||||
const onRegister = vi.fn();
|
||||
const onDeregister = vi.fn();
|
||||
setRegistryHooks({ onRegister, onDeregister });
|
||||
|
||||
const token = "e".repeat(64);
|
||||
registerSession({
|
||||
token, sessionId: "sess-2", mesh: "alpha", displayName: "Alex",
|
||||
pid: 12345,
|
||||
});
|
||||
onRegister.mockClear();
|
||||
|
||||
const ok = deregisterByToken(token);
|
||||
expect(ok).toBe(true);
|
||||
expect(onDeregister).toHaveBeenCalledTimes(1);
|
||||
const arg = onDeregister.mock.calls[0]![0] as SessionInfo;
|
||||
expect(arg.sessionId).toBe("sess-2");
|
||||
});
|
||||
|
||||
test("re-registering same sessionId deregisters prior entry first", () => {
|
||||
const onRegister = vi.fn();
|
||||
const onDeregister = vi.fn();
|
||||
setRegistryHooks({ onRegister, onDeregister });
|
||||
|
||||
const oldToken = "1".repeat(64);
|
||||
const newToken = "2".repeat(64);
|
||||
registerSession({
|
||||
token: oldToken, sessionId: "sess-3", mesh: "alpha",
|
||||
displayName: "Alex", pid: 12345,
|
||||
});
|
||||
expect(onRegister).toHaveBeenCalledTimes(1);
|
||||
|
||||
// Replace under same sessionId — prior must be torn down before new one.
|
||||
registerSession({
|
||||
token: newToken, sessionId: "sess-3", mesh: "alpha",
|
||||
displayName: "Alex", pid: 12345,
|
||||
});
|
||||
|
||||
expect(onDeregister).toHaveBeenCalledTimes(1);
|
||||
expect(onRegister).toHaveBeenCalledTimes(2);
|
||||
expect((onDeregister.mock.calls[0]![0] as SessionInfo).token).toBe(oldToken);
|
||||
expect((onRegister.mock.calls[1]![0] as SessionInfo).token).toBe(newToken);
|
||||
// Old token is unresolvable now.
|
||||
expect(resolveToken(oldToken)).toBeNull();
|
||||
expect(resolveToken(newToken)).toBeTruthy();
|
||||
});
|
||||
|
||||
test("hooks tolerate throws (registry mutation still succeeds)", () => {
|
||||
setRegistryHooks({
|
||||
onRegister: () => { throw new Error("boom"); },
|
||||
onDeregister: () => { throw new Error("boom"); },
|
||||
});
|
||||
const token = "f".repeat(64);
|
||||
expect(() =>
|
||||
registerSession({
|
||||
token, sessionId: "sess-4", mesh: "alpha",
|
||||
displayName: "Alex", pid: 12345,
|
||||
}),
|
||||
).not.toThrow();
|
||||
expect(resolveToken(token)).toBeTruthy();
|
||||
expect(() => deregisterByToken(token)).not.toThrow();
|
||||
expect(resolveToken(token)).toBeNull();
|
||||
});
|
||||
|
||||
test("presence is preserved through resolveToken", () => {
|
||||
setRegistryHooks({});
|
||||
const token = "9".repeat(64);
|
||||
registerSession({
|
||||
token, sessionId: "sess-5", mesh: "alpha",
|
||||
displayName: "Alex", pid: 12345, presence: PRESENCE,
|
||||
});
|
||||
const got = resolveToken(token);
|
||||
expect(got).not.toBeNull();
|
||||
expect(got!.presence).toEqual(PRESENCE);
|
||||
});
|
||||
});
|
||||
Reference in New Issue
Block a user