Add session mode for pre-funded request processing

Implement session-based API endpoints for creating, managing, and interacting with pre-funded sessions, including deposit and top-up invoice generation, macaroon authentication, and per-request debiting of compute costs. Replit-Commit-Author: Agent Replit-Commit-Session-Id: 418bf6f8-212b-4bb0-a7a5-8231a061da4e Replit-Commit-Checkpoint-Type: full_checkpoint Replit-Commit-Event-Id: 2dc3847e-7186-4a22-9c7e-16cd31bca8d9 Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/9f85e954-647c-46a5-90a7-396e495a805a/418bf6f8-212b-4bb0-a7a5-8231a061da4e/sPDHkg8 Replit-Helium-Checkpoint-Created: true
2026-03-18 20:00:24 +00:00
parent dfc9ecdc7b
commit ab2cc06a79
29 changed files with 1075 additions and 978 deletions
--- a/artifacts/api-server/src/routes/testkit.ts
+++ b/artifacts/api-server/src/routes/testkit.ts
@@ -300,6 +300,146 @@ else
  fi
 fi

+# ---------------------------------------------------------------------------
+# Test 11 — Session: create session
+# ---------------------------------------------------------------------------
+sep "Test 11 — Session: create session (awaiting_payment)"
+T11_RES=$(curl -s -w "\\n%{http_code}" -X POST "$BASE/api/sessions" \\
+  -H "Content-Type: application/json" \\
+  -d '{"amount_sats": 200}')
+T11_BODY=$(echo "$T11_RES" | head -n-1)
+T11_CODE=$(echo "$T11_RES" | tail -n1)
+SESSION_ID=$(echo "$T11_BODY" | jq -r '.sessionId' 2>/dev/null || echo "")
+T11_STATE=$(echo "$T11_BODY" | jq -r '.state' 2>/dev/null || echo "")
+T11_AMT=$(echo "$T11_BODY" | jq -r '.invoice.amountSats' 2>/dev/null || echo "")
+DEPOSIT_HASH=$(echo "$T11_BODY" | jq -r '.invoice.paymentHash' 2>/dev/null || echo "")
+if [[ "$T11_CODE" == "201" && -n "$SESSION_ID" && "$T11_STATE" == "awaiting_payment" && "$T11_AMT" == "200" ]]; then
+  note PASS "HTTP 201, sessionId=$SESSION_ID, state=awaiting_payment, amount=200"
+  PASS=$((PASS+1))
+else
+  note FAIL "code=$T11_CODE body=$T11_BODY"
+  FAIL=$((FAIL+1))
+fi
+
+# ---------------------------------------------------------------------------
+# Test 12 — Session: poll before payment (stub hash present)
+# ---------------------------------------------------------------------------
+sep "Test 12 — Session: poll before payment"
+T12_RES=$(curl -s -w "\\n%{http_code}" "$BASE/api/sessions/$SESSION_ID")
+T12_BODY=$(echo "$T12_RES" | head -n-1)
+T12_CODE=$(echo "$T12_RES" | tail -n1)
+T12_STATE=$(echo "$T12_BODY" | jq -r '.state' 2>/dev/null || echo "")
+if [[ -z "$DEPOSIT_HASH" || "$DEPOSIT_HASH" == "null" ]]; then
+  DEPOSIT_HASH=$(echo "$T12_BODY" | jq -r '.invoice.paymentHash' 2>/dev/null || echo "")
+fi
+if [[ "$T12_CODE" == "200" && "$T12_STATE" == "awaiting_payment" ]]; then
+  note PASS "state=awaiting_payment before payment"
+  PASS=$((PASS+1))
+else
+  note FAIL "code=$T12_CODE body=$T12_BODY"
+  FAIL=$((FAIL+1))
+fi
+
+# ---------------------------------------------------------------------------
+# Test 13 — Session: pay deposit + activate
+# ---------------------------------------------------------------------------
+sep "Test 13 — Session: pay deposit (stub) + auto-advance to active"
+if [[ -n "$DEPOSIT_HASH" && "$DEPOSIT_HASH" != "null" ]]; then
+  curl -s -X POST "$BASE/api/dev/stub/pay/$DEPOSIT_HASH" >/dev/null
+  sleep 1
+  T13_RES=$(curl -s -w "\\n%{http_code}" "$BASE/api/sessions/$SESSION_ID")
+  T13_BODY=$(echo "$T13_RES" | head -n-1)
+  T13_CODE=$(echo "$T13_RES" | tail -n1)
+  T13_STATE=$(echo "$T13_BODY" | jq -r '.state' 2>/dev/null || echo "")
+  T13_BAL=$(echo "$T13_BODY" | jq -r '.balanceSats' 2>/dev/null || echo "")
+  SESSION_MACAROON=$(echo "$T13_BODY" | jq -r '.macaroon' 2>/dev/null || echo "")
+  if [[ "$T13_CODE" == "200" && "$T13_STATE" == "active" && "$T13_BAL" == "200" && -n "$SESSION_MACAROON" && "$SESSION_MACAROON" != "null" ]]; then
+    note PASS "state=active, balanceSats=200, macaroon present"
+    PASS=$((PASS+1))
+  else
+    note FAIL "code=$T13_CODE state=$T13_STATE bal=$T13_BAL body=$T13_BODY"
+    FAIL=$((FAIL+1))
+  fi
+else
+  note SKIP "No deposit hash (stub mode not active)"
+  SKIP=$((SKIP+1))
+fi
+
+# ---------------------------------------------------------------------------
+# Test 14 — Session: submit request (accepted path)
+# ---------------------------------------------------------------------------
+sep "Test 14 — Session: submit request (accepted)"
+if [[ -n "$SESSION_MACAROON" && "$SESSION_MACAROON" != "null" ]]; then
+  START_T14=$(date +%s)
+  T14_RES=$(curl -s -w "\\n%{http_code}" -X POST "$BASE/api/sessions/$SESSION_ID/request" \\
+    -H "Content-Type: application/json" \\
+    -H "Authorization: Bearer $SESSION_MACAROON" \\
+    -d '{"request":"What is Bitcoin in one sentence?"}')
+  T14_BODY=$(echo "$T14_RES" | head -n-1)
+  T14_CODE=$(echo "$T14_RES" | tail -n1)
+  T14_STATE=$(echo "$T14_BODY" | jq -r '.state' 2>/dev/null || echo "")
+  T14_DEBITED=$(echo "$T14_BODY" | jq -r '.debitedSats' 2>/dev/null || echo "")
+  T14_BAL=$(echo "$T14_BODY" | jq -r '.balanceRemaining' 2>/dev/null || echo "")
+  END_T14=$(date +%s)
+  ELAPSED_T14=$((END_T14 - START_T14))
+  if [[ "$T14_CODE" == "200" && ("$T14_STATE" == "complete" || "$T14_STATE" == "rejected") && -n "$T14_DEBITED" && "$T14_DEBITED" != "null" && -n "$T14_BAL" ]]; then
+    note PASS "state=$T14_STATE in ${ELAPSED_T14}s, debitedSats=$T14_DEBITED, balanceRemaining=$T14_BAL"
+    PASS=$((PASS+1))
+  else
+    note FAIL "code=$T14_CODE body=$T14_BODY"
+    FAIL=$((FAIL+1))
+  fi
+else
+  note SKIP "No macaroon — skipping"
+  SKIP=$((SKIP+1))
+fi
+
+# ---------------------------------------------------------------------------
+# Test 15 — Session: missing/invalid macaroon → 401
+# ---------------------------------------------------------------------------
+sep "Test 15 — Session: reject request without valid macaroon"
+if [[ -n "$SESSION_ID" ]]; then
+  T15_RES=$(curl -s -w "\\n%{http_code}" -X POST "$BASE/api/sessions/$SESSION_ID/request" \\
+    -H "Content-Type: application/json" \\
+    -d '{"request":"What is Bitcoin?"}')
+  T15_CODE=$(echo "$T15_RES" | tail -n1)
+  if [[ "$T15_CODE" == "401" ]]; then
+    note PASS "HTTP 401 without macaroon"
+    PASS=$((PASS+1))
+  else
+    note FAIL "Expected 401, got code=$T15_CODE"
+    FAIL=$((FAIL+1))
+  fi
+else
+  note SKIP "No session ID — skipping"
+  SKIP=$((SKIP+1))
+fi
+
+# ---------------------------------------------------------------------------
+# Test 16 — Session: topup invoice creation
+# ---------------------------------------------------------------------------
+sep "Test 16 — Session: topup invoice creation"
+if [[ -n "$SESSION_MACAROON" && "$SESSION_MACAROON" != "null" ]]; then
+  T16_RES=$(curl -s -w "\\n%{http_code}" -X POST "$BASE/api/sessions/$SESSION_ID/topup" \\
+    -H "Content-Type: application/json" \\
+    -H "Authorization: Bearer $SESSION_MACAROON" \\
+    -d '{"amount_sats": 500}')
+  T16_BODY=$(echo "$T16_RES" | head -n-1)
+  T16_CODE=$(echo "$T16_RES" | tail -n1)
+  T16_PR=$(echo "$T16_BODY" | jq -r '.topup.paymentRequest' 2>/dev/null || echo "")
+  T16_AMT=$(echo "$T16_BODY" | jq -r '.topup.amountSats' 2>/dev/null || echo "")
+  if [[ "$T16_CODE" == "200" && -n "$T16_PR" && "$T16_PR" != "null" && "$T16_AMT" == "500" ]]; then
+    note PASS "Topup invoice created, amountSats=500"
+    PASS=$((PASS+1))
+  else
+    note FAIL "code=$T16_CODE body=$T16_BODY"
+    FAIL=$((FAIL+1))
+  fi
+else
+  note SKIP "No macaroon — skipping"
+  SKIP=$((SKIP+1))
+fi
+
 # ---------------------------------------------------------------------------
 # Summary
 # ---------------------------------------------------------------------------