Files
wehub-resource-sync 23f7624596
ADR-166 MCP Bridge Security Lock / Static-source security lock (push) Failing after 0s
ADR-166 MCP Bridge Security Lock / Compose default binds loopback + Mongo has auth (push) Failing after 2s
CodeQL Advanced / Analyze (rust) (push) Failing after 0s
ADR-166 MCP Bridge Security Lock / plugin-agent-federation bindHost default (push) Failing after 1s
ADR-166 MCP Bridge Security Lock / Runtime behavior — 401 + terminal gate + fail-closed (push) Failing after 4s
business-pods-smoke / smoke (push) Failing after 1s
all-plugins-smoke / smoke-all (push) Failing after 2s
CI/CD Pipeline / Security & Code Quality (push) Failing after 1s
CI/CD Pipeline / Test Suite (ubuntu-latest) (push) Failing after 1s
CI/CD Pipeline / Build & Package (macos-latest) (push) Has been skipped
CI/CD Pipeline / Build & Package (ubuntu-latest) (push) Has been skipped
CI/CD Pipeline / Build & Package (windows-latest) (push) Has been skipped
CI/CD Pipeline / Documentation & Examples (push) Failing after 1s
Clone Tracker (14-day rolling) / Snapshot clones for ruflo ecosystem (push) Failing after 1s
CodeQL Advanced / Analyze (actions) (push) Failing after 1s
CodeQL Advanced / Analyze (javascript-typescript) (push) Failing after 1s
federation-peer-rust / stable-noop (push) Failing after 1s
metaharness-ci / score (push) Failing after 1s
metaharness-ci / router-compat (push) Failing after 0s
metaharness-ci / similarity-tests (push) Failing after 0s
no-agentbbs-smoke / smoke-without-agentbbs (push) Failing after 1s
V3 CI/CD Pipeline / Build V3 (windows-latest) (push) Has been skipped
codex-integration-audit / Codex integration audit (push) Failing after 1s
helpers-manifest-guard / guard (push) Failing after 1s
🔗 Cross-Agent Integration Tests / 🤝 Agent Coordination Tests (push) Has been skipped
🔗 Cross-Agent Integration Tests / 🧠 Memory Sharing Integration (push) Has been skipped
🔗 Cross-Agent Integration Tests / 🛡️ Fault Tolerance Tests (push) Has been skipped
🔗 Cross-Agent Integration Tests / ⚡ Performance Integration Tests (push) Has been skipped
metaharness-ci / mcp-scan (push) Failing after 1s
metaharness-ci / eject-dryrun (push) Failing after 1s
metaharness-ci / metaharness-real-data (push) Failing after 0s
no-cli-optdep-bloat-2561 / guard (push) Failing after 1s
no-metaharness-smoke / smoke-without-metaharness (push) Failing after 1s
no-phantom-agentic-flow-subpath / guard (push) Failing after 1s
🔄 Automated Rollback Manager / 🚨 Failure Detection (push) Failing after 1s
V3 CI/CD Pipeline / Plugin hooks smoke / ubuntu-latest / Node 22 (push) Failing after 1s
V3 CI/CD Pipeline / ruflo-graph-intelligence build + test smoke (#2044, ADR-123) (push) Failing after 1s
CVE Audit Gate / Audit root (critical-blocking) (push) Failing after 2s
cost-tracker-smoke / smoke (push) Failing after 3s
oia-audit-weekly / audit (push) Failing after 2s
ruflo-agent-smoke / ruflo-agent structural smoke (push) Failing after 1s
📊 Status Badges Update / 📊 Update Status Badges (push) Failing after 1s
V3 CI/CD Pipeline / Static regression guards (#2267 YAML + (push) Failing after 1s
V3 CI/CD Pipeline / Test V3 Packages (push) Failing after 0s
V3 CI/CD Pipeline / agent_execute provider routing smoke (#2042) (push) Failing after 0s
CVE Audit Gate / Audit v3 (critical-blocking) (push) Failing after 1s
federation-peer-rust / stable-native (push) Failing after 2s
🔗 Cross-Agent Integration Tests / 🚀 Integration Test Setup (push) Failing after 2s
neural-trader-smoke / runtime-smoke (push) Failing after 1s
V3 CI/CD Pipeline / Build V3 (macos-latest) (push) Has been skipped
V3 CI/CD Pipeline / Build V3 (ubuntu-latest) (push) Has been skipped
V3 CI/CD Pipeline / Type Check V3 (push) Failing after 1s
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / ubuntu-latest / Node 24 (push) Failing after 1s
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / ubuntu-latest / Node 22 (push) Failing after 2s
V3 CI/CD Pipeline / browser rvf create flag smoke (#2015) (push) Failing after 0s
V3 CI/CD Pipeline / Dependency review (#2046) (push) Has been skipped
V3 CI/CD Pipeline / Supply-chain audit (#2046) (push) Failing after 0s
V3 CI/CD Pipeline / witness marker drift smoke (#2021) (push) Failing after 1s
V3 CI/CD Pipeline / neural-trader portfolio CG smoke (#2068, ADR-126 Phase 3) (push) Failing after 1s
V3 CI/CD Pipeline / neural-trader backtest signing smoke (#2068, ADR-126 Phase 4) (push) Failing after 1s
V3 CI/CD Pipeline / kg-extract type-import classification smoke (#2049) (push) Failing after 0s
V3 CI/CD Pipeline / witness verify precondition smoke (#1880) (push) Failing after 2s
V3 CI/CD Pipeline / neural-trader pipeline risk-gate smoke (#2068, ADR-126 Phase 5) (push) Failing after 0s
V3 CI/CD Pipeline / neural-trader feature attribution smoke (#2068, ADR-126 Phase 6) (push) Failing after 0s
V3 CI/CD Pipeline / plugin-registry signature verification smoke (#1922, CWE-347) (push) Failing after 4s
V3 CI/CD Pipeline / memory stats legacy-DB smoke (#2120) (push) Failing after 4s
V3 CI/CD Pipeline / github deprecated actions smoke (#2089, ADR-127 Phase 3) (push) Failing after 1s
V3 CI/CD Pipeline / graph query + pathfinder smoke (ADR-130 P2+P5) (push) Has been skipped
V3 CI/CD Pipeline / graph trajectory hooks smoke (ADR-130 P3) (push) Has been skipped
V3 CI/CD Pipeline / graph plugin adapter smoke (ADR-130 P4) (push) Has been skipped
V3 CI/CD Pipeline / graph benchmark (ADR-130 P6) (push) Has been skipped
V3 CI/CD Pipeline / statusline generator delegation smoke (#2195) (push) Failing after 1s
V3 CI/CD Pipeline / wizard init regression guard (#2206 (push) Failing after 1s
V3 CI/CD Pipeline / memory no-stray-db smoke (ADR-125 P7) (push) Failing after 1s
V3 CI/CD Pipeline / github-safe injection smoke (#2089, ADR-127 Phase 1) (push) Failing after 1s
V3 CI/CD Pipeline / github actions pin smoke (#2089, ADR-127 Phase 1) (push) Failing after 1s
V3 CI/CD Pipeline / github attribution opt-in smoke (#2089, ADR-127 Phase 4) (push) Failing after 1s
V3 CI/CD Pipeline / pre-bash hook safety smoke (#2017) (push) Failing after 1s
V3 CI/CD Pipeline / Memory import smoke / ubuntu-latest (push) Failing after 0s
V3 CI/CD Pipeline / MCP protocol smoke / ubuntu-latest (push) Failing after 2s
V3 CI/CD Pipeline / ruvllm WASM auto-init smoke (#2086) (push) Failing after 4s
V3 CI/CD Pipeline / MCP paired-tool round-trip smoke (#1889) (push) Failing after 1s
V3 CI/CD Pipeline / Plugin package install-safety (#1902/#1903/#1904) (push) Failing after 1s
V3 CI/CD Pipeline / Tool description discoverability (ADR-112) (push) Failing after 3s
V3 CI/CD Pipeline / CLI npx-install smoke (#1147 / (22) (push) Failing after 1s
V3 CI/CD Pipeline / CLI npx-install smoke (#1147 / (24) (push) Failing after 1s
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / ubuntu-latest (push) Failing after 2s
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / ubuntu-latest (push) Failing after 1s
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / ubuntu-latest (push) Failing after 1s
V3 CI/CD Pipeline / Vector-index dimension audit (#1947) (push) Failing after 0s
V3 CI/CD Pipeline / Hook-command install safety (#1921) (push) Failing after 1s
V3 CI/CD Pipeline / ToolOutputGuardrail smoke (ADR-131, (push) Failing after 1s
V3 CI/CD Pipeline / init-bundle invariants smoke (#2095, ADR-128 Phase 5) (push) Failing after 1s
V3 CI/CD Pipeline / wasm provider bridge smoke (ADR-129 P1) (push) Failing after 2s
V3 CI/CD Pipeline / wasm gallery CRUD smoke (ADR-129 P3) (push) Failing after 1s
V3 CI/CD Pipeline / wasm plugin bridge smoke (ADR-129 P4) (push) Failing after 0s
V3 CI/CD Pipeline / wasm compose smoke (ADR-129 P2) (push) Failing after 4s
V3 CI/CD Pipeline / graph schema smoke (ADR-130 P1) (push) Failing after 0s
Validate Marketplace / validate (push) Failing after 1s
🔍 Verification Pipeline / 🚀 Setup Verification (push) Failing after 1s
🔍 Verification Pipeline / 🛡️ Security Verification (push) Has been skipped
🔍 Verification Pipeline / 📝 Code Quality (push) Has been skipped
🔍 Verification Pipeline / 🧪 Test Verification (${{ matrix.os }}, Node ${{ matrix.node }}) (push) Has been skipped
🔍 Verification Pipeline / 🏗️ Build Verification (push) Has been skipped
🔍 Verification Pipeline / 📚 Documentation Verification (push) Has been skipped
CVE Audit Gate / High-severity report (warn only) (push) Has been cancelled
🔄 Automated Rollback Manager / 🔄 Execute Rollback (push) Has been cancelled
🔄 Automated Rollback Manager / ✅ Post-Rollback Verification (push) Has been cancelled
🔄 Automated Rollback Manager / 📊 Rollback Monitoring (push) Has been cancelled
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / windows-latest (push) Has been cancelled
🔄 Automated Rollback Manager / ⏳ Manual Rollback Approval (push) Has been cancelled
V3 CI/CD Pipeline / MCP protocol smoke / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Memory import smoke / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / ubuntu-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Publish to npm (alpha) (push) Has been cancelled
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / macos-latest / Node 22 (push) Has been cancelled
V3 CI/CD Pipeline / Plugin hooks smoke / macos-latest / Node 22 (push) Has been cancelled
CI/CD Pipeline / Deploy & Release (push) Has been cancelled
CI/CD Pipeline / CI Status (push) Has been cancelled
🔗 Cross-Agent Integration Tests / 📊 Integration Test Report (push) Has been cancelled
🔄 Automated Rollback Manager / 🔍 Pre-Rollback Validation (push) Has been cancelled
🔍 Verification Pipeline / ⚡ Performance Verification (push) Has been cancelled
🔍 Verification Pipeline / 📊 Verification Report (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:02:19 +08:00

474 lines
18 KiB
TypeScript

/**
* TrustEvaluator Tests
*
* Validates trust score computation using the formula:
* score = 0.4*successRate + 0.2*uptime + 0.2*(1-threatPenalty) + 0.2*dataIntegrityScore
*
* Where:
* successRate = (sent + received - hmacFailures) / (sent + received)
* threatPenalty = min(1, (threatDetections / totalMessages) * 10)
* dataIntegrityScore = 1 - (hmacFailures / totalMessages)
*
* Also tests trust level transitions with hysteresis, minimum interaction
* requirements, and automatic downgrades on security events.
*/
import { describe, it, expect, beforeEach } from 'vitest';
import { TrustEvaluator } from '../../src/application/trust-evaluator.js';
import { FederationNode } from '../../src/domain/entities/federation-node.js';
import { TrustLevel } from '../../src/domain/entities/trust-level.js';
import { type SessionMetrics } from '../../src/domain/entities/federation-session.js';
// ---------------------------------------------------------------------------
// Helpers
// ---------------------------------------------------------------------------
function makeMetrics(overrides: Partial<SessionMetrics> = {}): SessionMetrics {
return {
messagesSent: 0,
messagesReceived: 0,
piiRedactions: 0,
threatDetections: 0,
hmacFailures: 0,
totalInteractions: 0,
...overrides,
};
}
function makeNode(trustLevel: TrustLevel = TrustLevel.VERIFIED, nodeId = 'node-1'): FederationNode {
return FederationNode.create({
nodeId,
publicKey: 'test-key',
endpoint: 'ws://test',
capabilities: {
agentTypes: [],
maxConcurrentSessions: 1,
supportedProtocols: [],
complianceModes: [],
},
metadata: {},
trustLevel,
});
}
// ---------------------------------------------------------------------------
// Tests
// ---------------------------------------------------------------------------
describe('TrustEvaluator', () => {
let evaluator: TrustEvaluator;
beforeEach(() => {
evaluator = new TrustEvaluator();
});
describe('computeScore', () => {
it('should return 1.0 for perfect metrics', () => {
const metrics = makeMetrics({
messagesSent: 50,
messagesReceived: 50,
threatDetections: 0,
hmacFailures: 0,
totalInteractions: 100,
});
const { score } = evaluator.computeScore(metrics, 1.0);
expect(score).toBeCloseTo(1.0, 5);
});
it('should return 0.0 for worst-case metrics', () => {
// All messages are HMAC failures, threat penalty maxed out, uptime 0
const metrics = makeMetrics({
messagesSent: 50,
messagesReceived: 50,
threatDetections: 100,
hmacFailures: 100,
totalInteractions: 100,
});
const { score } = evaluator.computeScore(metrics, 0);
expect(score).toBeCloseTo(0.0, 5);
});
it('should compute expected score for mixed metrics', () => {
// sent=60, received=40 => total=100
// successRate = (100 - 5) / 100 = 0.95
// uptime = 0.8
// threatPenalty = min(1, (2/100)*10) = 0.2
// dataIntegrity = 1 - (5/100) = 0.95
// score = 0.4*0.95 + 0.2*0.8 + 0.2*(1-0.2) + 0.2*0.95
// = 0.38 + 0.16 + 0.16 + 0.19 = 0.89
const metrics = makeMetrics({
messagesSent: 60,
messagesReceived: 40,
threatDetections: 2,
hmacFailures: 5,
totalInteractions: 100,
});
const { score } = evaluator.computeScore(metrics, 0.8);
expect(score).toBeCloseTo(0.89, 2);
});
it('should weight successRate most heavily at 40%', () => {
// Two scenarios identical except successRate differs by adding hmacFailures
const metricsGood = makeMetrics({
messagesSent: 50,
messagesReceived: 50,
hmacFailures: 0,
totalInteractions: 100,
});
const metricsBad = makeMetrics({
messagesSent: 50,
messagesReceived: 50,
hmacFailures: 50, // 50% failure -> successRate drops by 0.5
totalInteractions: 100,
});
const { score: good } = evaluator.computeScore(metricsGood, 0.5);
const { score: bad } = evaluator.computeScore(metricsBad, 0.5);
// successRate change: 1.0 -> 0.5, contributes 0.4 * 0.5 = 0.2 difference
// but dataIntegrity also drops from 1.0 -> 0.5, contributing 0.2 * 0.5 = 0.1
// total diff ~0.3
expect(good).toBeGreaterThan(bad);
});
it('should inversely weight threatPenalty', () => {
const noThreat = makeMetrics({
messagesSent: 50,
messagesReceived: 50,
threatDetections: 0,
totalInteractions: 100,
});
const fullThreat = makeMetrics({
messagesSent: 50,
messagesReceived: 50,
threatDetections: 10, // penalty = min(1, (10/100)*10) = 1.0
totalInteractions: 100,
});
const { score: clean } = evaluator.computeScore(noThreat, 0.5);
const { score: dirty } = evaluator.computeScore(fullThreat, 0.5);
expect(clean).toBeGreaterThan(dirty);
// Threat penalty difference: 0.2 * (1-0) - 0.2 * (1-1) = 0.2
expect(clean - dirty).toBeCloseTo(0.2, 2);
});
it('should handle zero-message metrics gracefully', () => {
const metrics = makeMetrics(); // all zeros
const { score } = evaluator.computeScore(metrics, 0);
// successRate=0, uptime=0, threatPenalty=0, dataIntegrity=1
// 0 + 0 + 0.2*(1-0) + 0.2*1 = 0.4
expect(score).toBeCloseTo(0.4, 5);
});
it('should clamp uptime to [0, 1]', () => {
const metrics = makeMetrics({
messagesSent: 50,
messagesReceived: 50,
totalInteractions: 100,
});
const { score: over } = evaluator.computeScore(metrics, 1.5);
const { score: normal } = evaluator.computeScore(metrics, 1.0);
expect(over).toBeCloseTo(normal, 5);
});
it('should produce values in [0, 1] range for valid inputs', () => {
for (let i = 0; i <= 10; i++) {
const total = 100;
const failures = Math.floor((i / 10) * total);
const threats = Math.floor((i / 10) * total);
const metrics = makeMetrics({
messagesSent: total / 2,
messagesReceived: total / 2,
hmacFailures: failures,
threatDetections: threats,
totalInteractions: total,
});
const { score } = evaluator.computeScore(metrics, i / 10);
expect(score).toBeGreaterThanOrEqual(0);
expect(score).toBeLessThanOrEqual(1);
}
});
it('should return score components alongside the score', () => {
const metrics = makeMetrics({
messagesSent: 80,
messagesReceived: 20,
hmacFailures: 10,
threatDetections: 5,
totalInteractions: 100,
});
const { components } = evaluator.computeScore(metrics, 0.9);
expect(components.successRate).toBeCloseTo(0.9, 2);
expect(components.uptime).toBeCloseTo(0.9, 2);
expect(components.threatPenalty).toBeCloseTo(0.5, 2);
expect(components.dataIntegrityScore).toBeCloseTo(0.9, 2);
});
});
describe('evaluateTransition', () => {
it('should upgrade from VERIFIED to ATTESTED when score >= 0.7 and interactions >= 50', () => {
const node = makeNode(TrustLevel.VERIFIED);
const metrics = makeMetrics({
messagesSent: 40,
messagesReceived: 40,
totalInteractions: 80,
});
// Perfect metrics, high uptime -> score ~1.0, well above 0.7
const result = evaluator.evaluateTransition(node, metrics, 1.0);
expect(result).not.toBeNull();
expect(result!.newLevel).toBe(TrustLevel.ATTESTED);
expect(node.trustLevel).toBe(TrustLevel.ATTESTED);
});
it('should not upgrade when interaction count is below minimum', () => {
const node = makeNode(TrustLevel.VERIFIED);
const metrics = makeMetrics({
messagesSent: 20,
messagesReceived: 20,
totalInteractions: 40, // below the 50 threshold for 1->2
});
const result = evaluator.evaluateTransition(node, metrics, 1.0);
expect(result).toBeNull();
expect(node.trustLevel).toBe(TrustLevel.VERIFIED);
});
it('should not upgrade when score is below upgrade threshold', () => {
const node = makeNode(TrustLevel.VERIFIED);
// Produce a score below 0.7
const metrics = makeMetrics({
messagesSent: 50,
messagesReceived: 50,
hmacFailures: 50,
threatDetections: 20,
totalInteractions: 100,
});
const result = evaluator.evaluateTransition(node, metrics, 0.2);
// Score will be low due to failures
expect(node.trustLevel).toBe(TrustLevel.VERIFIED);
});
it('should downgrade from ATTESTED to VERIFIED when score < 0.5', () => {
const node = makeNode(TrustLevel.ATTESTED);
// Produce a very low score: many failures
const metrics = makeMetrics({
messagesSent: 50,
messagesReceived: 50,
hmacFailures: 80,
threatDetections: 30,
totalInteractions: 100,
});
const result = evaluator.evaluateTransition(node, metrics, 0.0);
expect(result).not.toBeNull();
expect(result!.newLevel).toBe(TrustLevel.VERIFIED);
expect(node.trustLevel).toBe(TrustLevel.VERIFIED);
});
it('should keep level when score is between downgrade and upgrade thresholds (hysteresis)', () => {
const node = makeNode(TrustLevel.ATTESTED);
// Need score >= 0.5 (above downgrade for 1->2) but < 0.85 (below upgrade for 2->3)
// Also need < 500 interactions to ensure no upgrade to TRUSTED even if score were high
const metrics = makeMetrics({
messagesSent: 40,
messagesReceived: 40,
hmacFailures: 5,
threatDetections: 1,
totalInteractions: 80,
});
const result = evaluator.evaluateTransition(node, metrics, 0.7);
expect(result).toBeNull();
expect(node.trustLevel).toBe(TrustLevel.ATTESTED);
});
it('should upgrade from ATTESTED to TRUSTED when score >= 0.85 and interactions >= 500', () => {
const node = makeNode(TrustLevel.ATTESTED);
const metrics = makeMetrics({
messagesSent: 300,
messagesReceived: 300,
totalInteractions: 600,
});
const result = evaluator.evaluateTransition(node, metrics, 1.0);
expect(result).not.toBeNull();
expect(result!.newLevel).toBe(TrustLevel.TRUSTED);
expect(node.trustLevel).toBe(TrustLevel.TRUSTED);
});
it('should require institutional attestation for upgrade to PRIVILEGED', () => {
const node = makeNode(TrustLevel.TRUSTED);
const metrics = makeMetrics({
messagesSent: 3000,
messagesReceived: 3000,
totalInteractions: 6000,
});
// Without institutional attestation, upgrade to PRIVILEGED is blocked
const resultWithout = evaluator.evaluateTransition(node, metrics, 1.0, false);
expect(resultWithout).toBeNull();
expect(node.trustLevel).toBe(TrustLevel.TRUSTED);
// With institutional attestation, upgrade to PRIVILEGED succeeds
// But requiresHumanApproval should be true, so node is NOT auto-updated
const resultWith = evaluator.evaluateTransition(node, metrics, 1.0, true);
expect(resultWith).not.toBeNull();
expect(resultWith!.newLevel).toBe(TrustLevel.PRIVILEGED);
expect(resultWith!.requiresHumanApproval).toBe(true);
// Node trust level should NOT change because human approval is required
expect(node.trustLevel).toBe(TrustLevel.TRUSTED);
});
it('should not upgrade past PRIVILEGED', () => {
const node = makeNode(TrustLevel.PRIVILEGED);
const metrics = makeMetrics({
messagesSent: 50000,
messagesReceived: 50000,
totalInteractions: 100000,
});
const result = evaluator.evaluateTransition(node, metrics, 1.0, true);
expect(result).toBeNull();
expect(node.trustLevel).toBe(TrustLevel.PRIVILEGED);
});
it('should invoke onTrustChange callback on transition', () => {
let callbackNodeId: string | undefined;
let callbackResult: unknown;
const evaluatorWithCb = new TrustEvaluator({
onTrustChange: (nodeId, result) => {
callbackNodeId = nodeId;
callbackResult = result;
},
});
const node = makeNode(TrustLevel.VERIFIED, 'cb-node');
const metrics = makeMetrics({
messagesSent: 40,
messagesReceived: 40,
totalInteractions: 80,
});
evaluatorWithCb.evaluateTransition(node, metrics, 1.0);
expect(callbackNodeId).toBe('cb-node');
expect(callbackResult).toBeDefined();
});
});
describe('recordThreatDetection', () => {
it('should return false after a single threat detection', () => {
const result = evaluator.recordThreatDetection('node-1');
expect(result).toBe(false);
});
it('should return true when 2+ threats are detected within the 1-hour window', () => {
evaluator.recordThreatDetection('node-1');
const result = evaluator.recordThreatDetection('node-1');
expect(result).toBe(true);
});
it('should track threat windows per node independently', () => {
evaluator.recordThreatDetection('node-a');
evaluator.recordThreatDetection('node-b');
// Each node only has 1 detection, so neither should trigger
const a = evaluator.recordThreatDetection('node-a');
expect(a).toBe(true); // node-a now has 2
const b = evaluator.recordThreatDetection('node-b');
expect(b).toBe(true); // node-b now has 2
});
});
describe('downgrade (immediate)', () => {
it('should downgrade to UNTRUSTED on HMAC verification failure', () => {
const node = makeNode(TrustLevel.PRIVILEGED);
const result = evaluator.downgrade(node, 'hmac-verification-failure');
expect(result.newLevel).toBe(TrustLevel.UNTRUSTED);
expect(result.previousLevel).toBe(TrustLevel.PRIVILEGED);
expect(node.trustLevel).toBe(TrustLevel.UNTRUSTED);
expect(node.trustScore).toBe(0);
});
it('should downgrade to UNTRUSTED on repeated threat detection', () => {
const node = makeNode(TrustLevel.TRUSTED);
const result = evaluator.downgrade(node, 'repeated-threat-detection');
expect(result.newLevel).toBe(TrustLevel.UNTRUSTED);
expect(result.previousLevel).toBe(TrustLevel.TRUSTED);
expect(node.trustLevel).toBe(TrustLevel.UNTRUSTED);
});
it('should downgrade to UNTRUSTED on session hijack attempt', () => {
const node = makeNode(TrustLevel.ATTESTED);
const result = evaluator.downgrade(node, 'session-hijack-attempt');
expect(result.newLevel).toBe(TrustLevel.UNTRUSTED);
expect(result.previousLevel).toBe(TrustLevel.ATTESTED);
expect(node.trustLevel).toBe(TrustLevel.UNTRUSTED);
});
it('should set score to 0 and threat penalty to 1 in components', () => {
const node = makeNode(TrustLevel.TRUSTED);
const result = evaluator.downgrade(node, 'hmac-verification-failure');
expect(result.score).toBe(0);
expect(result.components.threatPenalty).toBe(1);
expect(result.components.successRate).toBe(0);
expect(result.components.dataIntegrityScore).toBe(0);
});
it('should invoke onTrustChange callback on downgrade', () => {
let called = false;
const evaluatorWithCb = new TrustEvaluator({
onTrustChange: () => { called = true; },
});
const node = makeNode(TrustLevel.TRUSTED, 'dg-node');
evaluatorWithCb.downgrade(node, 'hmac-verification-failure');
expect(called).toBe(true);
});
});
// -------------------------------------------------------------------------
// bootstrapElevate — ADR-164 §3.5.4 founder-bootstrap escape hatch
// -------------------------------------------------------------------------
describe('bootstrapElevate', () => {
it('throws on empty reason', () => {
const node = makeNode(TrustLevel.VERIFIED);
expect(() => evaluator.bootstrapElevate(node, TrustLevel.TRUSTED, '')).toThrow(/non-empty reason/);
expect(() => evaluator.bootstrapElevate(node, TrustLevel.TRUSTED, ' ')).toThrow(/non-empty reason/);
});
it('bypasses minInteractions to jump VERIFIED → TRUSTED in a single call', () => {
const node = makeNode(TrustLevel.VERIFIED, 'fresh-peer');
// Organic upgrade VERIFIED→ATTESTED requires score≥0.7 AND minInteractions=50.
// ATTESTED→TRUSTED requires score≥0.85 AND minInteractions=500. The
// bootstrap path must skip both thresholds.
const entry = evaluator.bootstrapElevate(node, TrustLevel.TRUSTED, 'Day-1 #exec autopilot bring-up');
expect(entry.tag).toBe('bootstrap_elevation');
expect(entry.nodeId).toBe('fresh-peer');
expect(entry.previousLevel).toBe(TrustLevel.VERIFIED);
expect(entry.newLevel).toBe(TrustLevel.TRUSTED);
expect(entry.reason).toBe('Day-1 #exec autopilot bring-up');
expect(entry.operatorBypass).toBe(true);
expect(node.trustLevel).toBe(TrustLevel.TRUSTED);
});
it('emits onTrustChange callback so downstream code can react', () => {
let observed: { nodeId: string; previous: TrustLevel; next: TrustLevel } | null = null;
const evaluatorWithCb = new TrustEvaluator({
onTrustChange: (nodeId, result) => {
observed = {
nodeId,
previous: result.previousLevel,
next: result.newLevel,
};
},
});
const node = makeNode(TrustLevel.UNTRUSTED, 'cb-node');
const entry = evaluatorWithCb.bootstrapElevate(node, TrustLevel.TRUSTED, 'manual elevate for smoke test');
expect(entry).toBeDefined();
expect(observed).not.toBeNull();
expect(observed!.nodeId).toBe('cb-node');
expect(observed!.previous).toBe(TrustLevel.UNTRUSTED);
expect(observed!.next).toBe(TrustLevel.TRUSTED);
});
it('rejects out-of-range trust levels', () => {
const node = makeNode(TrustLevel.VERIFIED);
expect(() => evaluator.bootstrapElevate(node, TrustLevel.UNTRUSTED, 'x')).toThrow(/VERIFIED..PRIVILEGED/);
expect(() => evaluator.bootstrapElevate(node, 99 as TrustLevel, 'x')).toThrow(/VERIFIED..PRIVILEGED/);
});
it('audit entry timestamp is an ISO-8601 string', () => {
const node = makeNode(TrustLevel.VERIFIED);
const entry = evaluator.bootstrapElevate(node, TrustLevel.ATTESTED, 'iso check');
expect(entry.timestamp).toMatch(/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3}Z$/);
});
});
});