replit/timmy-tower
2
0
Fork 0
Code Issues 26 Pull Requests 5 Actions Packages Projects Releases Wiki Activity
Files
c7bb5de5e6181c5a4711362dae807001d062517a
timmy-tower/artifacts/api-server
History
alexpaynex c7bb5de5e6 task/35: Testkit T25–T36 — Nostr identity + trust engine coverage 
## 12 new tests added to artifacts/api-server/src/routes/testkit.ts
Inserted before the Summary block, after T24 (cost ledger).

T25 — POST /identity/challenge: HTTP 200, nonce=64-char hex, expiresAt=ISO
T26 — POST /identity/verify {}: HTTP 400, non-empty error
T27 — POST /identity/verify fake nonce: HTTP 401, error contains "Nonce not found"
       (uses a plausible-looking event structure to hit the nonce check, not the
       signature check — tests the right layer)
T28 — GET /identity/me no header: HTTP 401, error contains "Missing"
T29 — GET /identity/me invalid token: HTTP 401 (Invalid/expired wording)
T30 — POST /sessions bad X-Nostr-Token: HTTP 401, "Invalid or expired", no sessionId
T31 — POST /jobs bad X-Nostr-Token: HTTP 401, "Invalid or expired"
T32 — POST /sessions anonymous: HTTP 201, trust_tier="anonymous"; captures T32_SESSION_ID
T33 — POST /jobs anonymous: HTTP 201, trust_tier="anonymous"; captures T33_JOB_ID
T34 — GET /jobs/:id (using T33_JOB_ID): HTTP 200, trust_tier non-null and "anonymous"
T35 — GET /sessions/:id (using T32_SESSION_ID): HTTP 200, trust_tier="anonymous"
T36 — Full challenge→sign→verify E2E: inline node CJS script generates ephemeral secp256k1
      keypair via nostr-tools CJS bundle, POSTs challenge, signs kind=27235 event with
      finalizeEvent(), verifies → nostr_token, GETs /identity/me, asserts tier=new,
      interactionCount=0, pubkey matches. Guard: SKIP if node not in PATH or script fails.

## nostr-tools import strategy
nostr-tools v2 is ESM-only. CJS workaround: the package ships a CJS bundle at
lib/cjs/index.js. T36 uses require() with the absolute path to that bundle.
Falls back to bare require('nostr-tools') for portability, exits with code 1 if
neither works — bash guard catches this and marks T36 SKIP (not FAIL).

## Stubs T37–T40 added as bash block comments after T36
Format: `# FUTURE T3N: <description>` so they are grepped easily.
Covers: GET /api/estimate (cost preview), anonymous Lightning gate, trusted free tier,
Timmy-initiates-zap. Does not affect PASS/FAIL totals.

## TIMMY_TEST_PLAN.md updated
New "Nostr identity + trust engine (tests 25–36)" section added to the test table.

## TypeScript: 0 errors. All 12 tests smoke-tested individually against localhost:8080.
T25-T35: all correct HTTP status codes and JSON fields verified via curl.
T36: full E2E verified — tier=new, icount=0, pubkey matches /identity/me response.
2026-03-19 21:09:50 +00:00
..
.replit-artifact
fix: set artifact previewPath to / so landing page and /tower route in production
2026-03-19 14:15:13 +00:00
src
task/35: Testkit T25–T36 — Nostr identity + trust engine coverage
2026-03-19 21:09:50 +00:00
build.ts
Add more dependencies to the API server build process
2026-03-18 17:12:00 +00:00
package.json
feat(#26): Nostr identity + trust engine
2026-03-19 15:59:14 +00:00
tsconfig.json
Add AI agent capabilities and integrate with Anthropic and LNbits
2026-03-18 14:59:02 +00:00