koi-embedded 0.5.0

Embed local network discovery, DNS, health, and TLS directly in your Rust application
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137

//! Spin a real embedded Koi in a known posture for tests — **no Docker** (ADR-020 §13).
//!
//! Shipped as a normal module (not a `cfg(feature)` — the additive-feature trap):
//! a consumer's integration tests get real-daemon fidelity by depending only on
//! `koi-embedded`. [`open`] yields an Open node (no identity); [`secured`] yields
//! an Authenticated node (a CA is created so it holds a real leaf).
//!
//! ## The "same code, both postures" acceptance gate (ADR-020 §2)
//!
//! The mode-transparency contract is: *one* consumer code path must work whether or
//! not the node has an identity. The gate is simply to run that path against both:
//!
//! ```no_run
//! # async fn gate() {
//! use koi_embedded::testkit;
//! for node in [testkit::open().await, testkit::secured().await] {
//!     let cm = node.certmesh().unwrap();
//!     let env = cm.sign(b"hello").await.unwrap();          // identical in both
//!     assert!(!cm.verify(&env).await.unwrap().is_rejected());
//!     node.shutdown().await;
//! }
//! # }
//! ```
//!
//! If the body ever needs `if secure { … } else { … }`, a primitive is missing or
//! wrong — that is exactly what this gate catches.
//!
//! Note: testkit nodes run with mDNS off (no multicast in CI); they exercise the
//! trust primitives (sign/verify, seal/open, posture, diagnose), not LAN discovery.

use std::path::PathBuf;
use std::sync::atomic::{AtomicU64, Ordering};

use crate::{Builder, KoiHandle, ServiceMode};

/// A running embedded Koi node for a test, with its data dir cleaned up on
/// [`shutdown`](TestNode::shutdown). Derefs to [`KoiHandle`], so call any handle
/// method (`certmesh()`, `mdns()`, …) directly on it.
pub struct TestNode {
    handle: KoiHandle,
    data_dir: PathBuf,
}

impl std::ops::Deref for TestNode {
    type Target = KoiHandle;
    fn deref(&self) -> &KoiHandle {
        &self.handle
    }
}

impl TestNode {
    /// Shut the node down and remove its (isolated) data dir.
    pub async fn shutdown(self) {
        let _ = self.handle.shutdown().await;
        let _ = std::fs::remove_dir_all(&self.data_dir);
    }
}

/// A fresh, isolated, wiped data dir (unique per process + call).
fn unique_dir(tag: &str) -> PathBuf {
    static COUNTER: AtomicU64 = AtomicU64::new(0);
    let n = COUNTER.fetch_add(1, Ordering::Relaxed);
    let dir = std::env::temp_dir().join(format!("koi-testkit-{tag}-{}-{n}", std::process::id()));
    let _ = std::fs::remove_dir_all(&dir);
    dir
}

/// Build a lean embedded node (certmesh on, everything else off) in its own dir.
async fn build(tag: &str) -> TestNode {
    let data_dir = unique_dir(tag);
    let koi = Builder::new()
        .data_dir(&data_dir)
        .service_mode(ServiceMode::EmbeddedOnly)
        .mdns(false)
        .dns_enabled(false)
        .health(false)
        .certmesh(true)
        .proxy(false)
        .build()
        .expect("testkit: build embedded");
    let handle = koi.start().await.expect("testkit: start embedded");
    TestNode { handle, data_dir }
}

/// An **Open** node — certmesh enabled but no CA, so it holds no identity. `sign`
/// produces a freshness-stamped passthrough; `posture()` is `Open`.
pub async fn open() -> TestNode {
    build("open").await
}

/// A **secured (Authenticated)** node — a CA is created so the node self-enrolls a
/// real leaf. `sign` produces an ES256-signed envelope; `posture()` is
/// `Authenticated`. The CA is created with `auto_unlock: false` (no vault write).
pub async fn secured() -> TestNode {
    // testkit is a test harness; keep CA creation off the OS keyring deterministically.
    std::env::set_var("KOI_NO_CREDENTIAL_STORE", "1");
    let node = build("secured").await;
    let core = node
        .certmesh()
        .expect("testkit: certmesh enabled")
        .core()
        .expect("testkit: embedded certmesh core");
    core.create(koi_certmesh::protocol::CreateCaRequest {
        passphrase: "testkit-passphrase".to_string(),
        entropy_hex: "2a".repeat(32), // 32 bytes
        operator: None,
        enrollment_open: false,
        requires_approval: false,
        auto_unlock: false,
        totp_secret_hex: None,
    })
    .await
    .expect("testkit: create CA");
    node
}

#[cfg(test)]
mod tests {
    use super::*;

    #[tokio::test]
    async fn open_node_is_open_and_secured_node_is_authenticated() {
        let open = open().await;
        assert!(
            !open.certmesh().unwrap().posture().unwrap().signed,
            "open() must yield an Open node"
        );
        open.shutdown().await;

        let secured = secured().await;
        assert!(
            secured.certmesh().unwrap().posture().unwrap().signed,
            "secured() must yield an Authenticated node"
        );
        secured.shutdown().await;
    }
}