webylib 0.2.6

Webcash HD wallet library — bearer e-cash with BIP32-style key derivation, SQLite storage, AES-256-GCM encryption, and full C FFI for cross-platform SDKs
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389

# Testing Guide for Webcash Rust Library

## Overview

This document provides comprehensive instructions for testing the Webcash Rust library. All tests are designed with **money preservation** as a critical requirement - tests must never lose webcash during execution.

## Test Organization

Tests are organized into two main categories:

### Unit Tests (`tests/unit_tests.rs`)
- Fast, isolated tests for individual components
- No network dependencies
- No real webcash required
- Covers: amount, webcash parsing, HD derivation, crypto, error handling

### Integration Tests (`tests/integration_tests.rs`)
- Full wallet operations with real webcash
- Requires `TEST_WEBCASH_SECRET` environment variable
- Tests against live Webcash server
- Covers: setup, insert, pay, list, recover, merge, CLI operations

## Prerequisites

### Required Environment Variable

**CRITICAL**: Set `TEST_WEBCASH_SECRET` with a valid, unspent webcash secret:

```bash
export TEST_WEBCASH_SECRET='e0.0001:secret:your_64_hex_character_secret_here'
```

### Validating Your Test Secret

Before running tests, verify your secret is valid and unspent:

```bash
# Using Python (requires requests library)
python3 << 'EOF'
import requests
import hashlib

secret = "your_64_hex_character_secret_here"
hash_val = hashlib.sha256(bytes(secret, "ascii")).hexdigest()
public = f"e0.0001:public:{hash_val}"

response = requests.post('https://webcash.org/api/v1/health_check', json=[public])
result = response.json()
spent = result.get("results", {}).get(public, {}).get("spent")
amount = result.get("results", {}).get(public, {}).get("amount")

print(f"Secret: e0.0001:secret:{secret}")
print(f"Spent: {spent}")
print(f"Amount: {amount}")
print(f"Status: {'✅ VALID UNSPENT' if spent == False else '❌ INVALID OR SPENT'}")
EOF
```

## Running Tests

### Run All Tests

```bash
cargo test
```

### Run Only Unit Tests

```bash
cargo test --lib
```

### Run Only Integration Tests

```bash
# Unit tests
cargo test --test unit_tests

# Integration tests (requires TEST_WEBCASH_SECRET)
export TEST_WEBCASH_SECRET='e0.0001:secret:your_secret_here'
cargo test --test integration_tests

# CLI manual workflow test (most comprehensive)
cargo test --test integration_tests test_cli_manual_workflow -- --nocapture
```

### Run Specific Test

```bash
cargo test --test integration_tests test_full_wallet_integration -- --nocapture
```

## Core Test Workflows

### 1. Full Wallet Integration Test

Tests complete wallet functionality:
- ✅ Wallet setup
- ✅ Webcash insertion
- ✅ Balance and statistics
- ✅ Server health check
- ✅ Server API (target endpoint)
- ✅ Payment flow
- ✅ Post-payment verification

**Command:**
```bash
export TEST_WEBCASH_SECRET='e0.0001:secret:your_secret_here'
cargo test --test integration_tests test_full_wallet_integration -- --nocapture
```

### 2. CLI Manual Workflow Test (RECOMMENDED)

Most comprehensive test that simulates real user workflow:
- ✅ Wallet setup with master secret
- ✅ Webcash insertion via CLI
- ✅ Balance check via CLI
- ✅ Webcash listing
- ✅ Master secret preservation
- ✅ Wallet deletion (simulating loss)
- ✅ Wallet recreation from master secret
- ✅ HD recovery via CLI
- ✅ Payment to generate output secret
-**CRITICAL**: Returns output secret with same amount as input

**Features:**
- Tracks all operations in `cli_test_history.txt`
- Saves master secret to `cli_test_master_secret.txt`
- Outputs final secret to `FINAL_OUTPUT_SECRET.txt`
- **NEVER LOSES MONEY** - always returns valid output secret

**Command:**
```bash
export TEST_WEBCASH_SECRET='e0.0001:secret:your_secret_here'
cargo test --test integration_tests test_cli_manual_workflow -- --nocapture
```

**Output Files:**
- `cli_test_history.txt` - Complete operation history
- `cli_test_master_secret.txt` - Master secret for recovery
- `FINAL_OUTPUT_SECRET.txt` - Output secret (reuse for next test)

### 3. Complete Money Preservation Test

Library-based test with full money preservation:
- ✅ Library operations (insert, pay, list)
- ✅ CLI operations (setup, insert, pay, recover)
- ✅ Complete tracking and history
- ✅ Master secret preservation
- ✅ Recovery testing
- ✅ Output secret generation

**Command:**
```bash
export TEST_WEBCASH_SECRET='e0.0001:secret:your_secret_here'
cargo test --test integration_tests test_complete_money_preservation -- --nocapture
```

### 4. Cross-Wallet HD Recovery Test

Tests HD wallet recovery across multiple wallets:
- ✅ Primary wallet setup
- ✅ Webcash insertion into primary
- ✅ Payment generation (HD derivation)
- ✅ Secondary wallet creation
- ✅ Payment insertion into secondary
- ✅ HD recovery from master secret
- ✅ Return payment workflow

**Command:**
```bash
export TEST_WEBCASH_SECRET='e0.0001:secret:your_secret_here'
cargo test --test integration_tests test_cross_wallet_hd_recovery_integration -- --nocapture
```

## Money Preservation Mechanism

### How Tests Preserve Money

1. **Input Tracking**: All input webcash secrets are logged in history files
2. **Master Secret Preservation**: Master secrets are saved to files for recovery
3. **Operation Logging**: Every operation (insert, pay, recover) is logged
4. **Output Secret Generation**: Tests always generate an output secret with the same amount
5. **Recovery Capability**: Master secrets allow wallet recovery even if wallet is deleted

### Using Output Secrets for Next Test

After running a test, the output secret is saved to `FINAL_OUTPUT_SECRET.txt`. Use this for the next test:

```bash
# After running a test
export TEST_WEBCASH_SECRET=$(cat FINAL_OUTPUT_SECRET.txt)

# Run next test
cargo test --test integration_tests test_cli_manual_workflow -- --nocapture
```

### Recovering Lost Money

If a test fails or you lose track of webcash:

1. **Check Master Secret Files**:
   ```bash
   cat cli_test_master_secret.txt
   ```

2. **Check History Files**:
   ```bash
   cat cli_test_history.txt
   ```

3. **Recover Wallet from Master Secret**:
   ```bash
   # Using CLI
   webyc --wallet recovery_wallet.db setup -p "$(cat cli_test_master_secret.txt)"
   webyc --wallet recovery_wallet.db recover --gap-limit 20
   ```

4. **List Recovered Webcash**:
   ```bash
   webyc --wallet recovery_wallet.db info
   ```

## Test File Locations

### Generated Test Files

- `*_test_wallet.db` - SQLite wallet databases
- `*_test_history.txt` - Operation history logs
- `*_test_master_secret.txt` - Master secrets for recovery
- `FINAL_OUTPUT_SECRET.txt` - Output webcash secret for next test

### Cleaning Up Test Files

```bash
# Remove all test files
rm -f *_test_wallet.db *_test_history.txt *_test_master_secret.txt FINAL_OUTPUT_SECRET.txt
```

## CLI Binary Testing

The CLI binary (`webyc`) must be built before running CLI tests:

```bash
# Build CLI binary
cargo build --release --bin webyc

# CLI binary location
./target/release/webyc
```

### Manual CLI Testing

You can also test the CLI manually:

```bash
# Setup wallet with master secret
./target/release/webyc --wallet test.db setup

# Insert webcash
./target/release/webyc --wallet test.db insert "$TEST_WEBCASH_SECRET"

# Check balance
./target/release/webyc --wallet test.db info

# Recover webcash
./target/release/webyc --wallet test.db recover --gap-limit 20

# Pay amount
./target/release/webyc --wallet test.db pay 0.0001 -m "Test payment"
```

## Biometric Tests

Biometric tests are included in integration tests and require platform-specific implementations:

```bash
# Run biometric tests
cargo test --test integration_tests test_biometric_wallet_encryption -- --nocapture
```

**Note**: Some biometric tests may fail on non-mobile platforms as they require iOS/Android specific APIs.

## Troubleshooting

### Test Secret Already Spent

**Error**: "This webcash cannot be replaced because it was already spent"

**Solution**: Use a fresh, unspent webcash secret. Generate a new one or use the output from a previous successful test.

### Recovery Finds 0 Webcash

**Possible Causes**:
1. Master secret doesn't match the one used during insertion
2. Webcash wasn't created with HD derivation
3. Recovery gap limit is too small

**Solution**: 
- Ensure master secret is correct
- Check that webcash was inserted (not just stored directly)
- Increase gap limit: `--gap-limit 50`

### Payment Fails

**Error**: "Insufficient funds"

**Solution**: 
- Check balance: `webyc --wallet test.db info`
- Ensure webcash is unspent and recovered
- Verify amount to pay is less than balance

### CLI Binary Not Found

**Error**: "Failed to execute webyc command"

**Solution**:
```bash
# Build CLI
cargo build --release --bin webyc

# Verify binary exists
ls -lh ./target/release/webyc
```

## Best Practices

1. **Always Use Fresh Secrets**: Never reuse spent secrets
2. **Save Master Secrets**: Always save master secrets before deleting wallets
3. **Track Operations**: Keep history files for audit trails
4. **Verify Output Secrets**: Always verify output secrets are valid and unspent
5. **Clean Up**: Remove test files between runs to avoid confusion
6. **Check Server Status**: Verify server is accessible before running online tests

## Continuous Testing Workflow

Recommended workflow for continuous testing:

```bash
# 1. Set initial secret
export TEST_WEBCASH_SECRET='e0.0001:secret:initial_secret_here'

# 2. Run comprehensive test
cargo test --test integration_tests test_cli_manual_workflow -- --nocapture

# 3. Use output for next test
export TEST_WEBCASH_SECRET=$(cat FINAL_OUTPUT_SECRET.txt)

# 4. Verify output secret
python3 << 'EOF'
import requests, hashlib, sys
secret = sys.stdin.read().strip().split(':secret:')[1]
hash_val = hashlib.sha256(bytes(secret, "ascii")).hexdigest()
public = f"e0.0001:public:{hash_val}"
response = requests.post('https://webcash.org/api/v1/health_check', json=[public])
result = response.json()
spent = result.get("results", {}).get(public, {}).get("spent")
print(f"Status: {'✅ VALID' if spent == False else '❌ SPENT'}")
EOF

# 5. Repeat from step 2
```

## Test Coverage

Current test coverage includes:

- **Wallet Operations**: Setup, insert, pay, balance, list, stats, recover, merge
-**CLI Operations**: All CLI commands with real webcash
-**HD Wallet**: Key derivation, recovery, cross-wallet operations
-**Server Integration**: Health check, replace, target API
-**Money Preservation**: Complete tracking and output secret generation
-**Biometric Encryption**: Wallet encryption/decryption workflows
-**Error Handling**: Invalid secrets, spent webcash, network errors
-**Recovery Scenarios**: Lost wallets, master secret recovery

## Reporting Issues

When reporting test failures:

1. Include the full test output
2. Provide the `TEST_WEBCASH_SECRET` status (spent/unspent, but not the actual secret)
3. Include relevant history files (with secrets redacted)
4. Specify which test failed and at which step
5. Include system information (OS, Rust version)

---

**Remember**: These tests use **real webcash**. Always use small amounts (0.0001 WEBCASH or less) for testing, and never lose your master secrets!