mcp tests

Hendler · Hendler · commit 5f0c91dc4eec · 2026-02-24T20:11:28.000-08:00
diff --git a/jacs/src/agent/payloads.rs b/jacs/src/agent/payloads.rs
@@ -84,13 +84,8 @@ impl PayloadTraits for Agent {
 
         // Default payload freshness window: 5 minutes.
         // Can be overridden per call, or globally with JACS_PAYLOAD_MAX_REPLAY_SECONDS.
-        let max_replay_seconds = max_replay_time_delta_seconds
-            .or_else(|| {
-                std::env::var("JACS_PAYLOAD_MAX_REPLAY_SECONDS")
-                    .ok()
-                    .and_then(|v| v.parse::<u64>().ok())
-            })
-            .unwrap_or(300);
+        let max_replay_seconds =
+            max_replay_time_delta_seconds.unwrap_or_else(replay::payload_replay_window_seconds);
         let current_time = std::time::SystemTime::now()
             .duration_since(std::time::UNIX_EPOCH)?
             .as_secs();
diff --git a/jacs/src/replay.rs b/jacs/src/replay.rs
@@ -4,19 +4,35 @@ use moka::sync::Cache;
 use std::sync::LazyLock;
 use std::time::Duration;
 
-const MIN_REPLAY_TTL_SECONDS: i64 = 1;
+pub const DEFAULT_PAYLOAD_MAX_REPLAY_SECONDS: u64 = 300;
+const MIN_REPLAY_TTL_SECONDS: i64 = DEFAULT_PAYLOAD_MAX_REPLAY_SECONDS as i64;
+
+/// Returns the payload replay window used by payload verification.
+///
+/// `JACS_PAYLOAD_MAX_REPLAY_SECONDS` overrides the default.
+pub fn payload_replay_window_seconds() -> u64 {
+    std::env::var("JACS_PAYLOAD_MAX_REPLAY_SECONDS")
+        .ok()
+        .and_then(|v| v.parse::<u64>().ok())
+        .unwrap_or(DEFAULT_PAYLOAD_MAX_REPLAY_SECONDS)
+}
+
+fn effective_replay_window_seconds() -> i64 {
+    let payload_window = i64::try_from(payload_replay_window_seconds()).unwrap_or(i64::MAX);
+    time_utils::max_iat_skew_seconds().max(payload_window)
+}
 
 // Cache seen (scope, nonce) pairs for the active replay window.
 static SEEN_NONCES: LazyLock<Cache<String, ()>> = LazyLock::new(|| {
-    let ttl = time_utils::max_iat_skew_seconds().max(MIN_REPLAY_TTL_SECONDS) as u64;
+    let ttl = effective_replay_window_seconds().max(MIN_REPLAY_TTL_SECONDS) as u64;
     Cache::builder()
         .time_to_live(Duration::from_secs(ttl))
         .max_capacity(200_000)
         .build()
 });
 
 fn replay_window_enabled() -> bool {
-    time_utils::max_iat_skew_seconds() > 0
+    effective_replay_window_seconds() > 0
 }
 
 /// Rejects duplicate nonces observed within the replay window.
diff --git a/jacs/tests/payload_security_tests.rs b/jacs/tests/payload_security_tests.rs
@@ -98,3 +98,29 @@ fn verify_payload_explicit_argument_overrides_env_window() {
         .expect("explicit replay window should override strict env setting");
     assert_eq!(payload["test"], "explicit-override");
 }
+
+#[test]
+#[serial]
+fn verify_payload_replay_nonce_retention_tracks_payload_window() {
+    let _guard_payload = EnvVarGuard::set("JACS_PAYLOAD_MAX_REPLAY_SECONDS", "5");
+    let _guard_iat = EnvVarGuard::set("JACS_MAX_IAT_SKEW_SECONDS", "1");
+    let mut agent = load_test_agent_one();
+    let signed = agent
+        .sign_payload(json!({ "test": "replay-window-alignment" }))
+        .expect("payload signing should succeed");
+
+    agent
+        .verify_payload(signed.clone(), None)
+        .expect("first verification should succeed");
+
+    std::thread::sleep(Duration::from_secs(2));
+
+    let err = agent
+        .verify_payload(signed, None)
+        .expect_err("replay nonce should remain blocked for the full payload window");
+    assert!(
+        err.to_string().contains("Replay attack detected"),
+        "unexpected error: {}",
+        err
+    );
+}
diff --git a/jacsnpm/scripts/install-cli.js b/jacsnpm/scripts/install-cli.js
@@ -12,6 +12,7 @@ const http = require('http');
 const fs = require('fs');
 const path = require('path');
 const os = require('os');
+const crypto = require('crypto');
 const { execSync } = require('child_process');
 
 const VERSION = require('../package.json').version;
@@ -65,6 +66,50 @@ async function download(url, dest) {
   });
 }
 
+function sha256File(filePath) {
+  const hasher = crypto.createHash('sha256');
+  hasher.update(fs.readFileSync(filePath));
+  return hasher.digest('hex');
+}
+
+function readExpectedSha256(checksumPath, assetName) {
+  const checksumText = fs.readFileSync(checksumPath, 'utf8').trim();
+  if (!checksumText) {
+    throw new Error(`Checksum file was empty: ${checksumPath}`);
+  }
+
+  const lines = checksumText.split(/\r?\n/).map((line) => line.trim()).filter(Boolean);
+  for (const line of lines) {
+    // Format: "<sha256>  <filename>" (or optional "*" marker)
+    let match = line.match(/^([a-fA-F0-9]{64})\s+\*?(.+)$/);
+    if (match) {
+      const digest = match[1].toLowerCase();
+      const fileName = path.basename(match[2].trim());
+      if (fileName === assetName) {
+        return digest;
+      }
+    }
+
+    // Format: "SHA256(<filename>)=<sha256>"
+    match = line.match(/^SHA256\s*\((.+)\)\s*=\s*([a-fA-F0-9]{64})$/i);
+    if (match) {
+      const fileName = path.basename(match[1].trim());
+      const digest = match[2].toLowerCase();
+      if (fileName === assetName) {
+        return digest;
+      }
+    }
+
+    // Format: "<sha256>" (single-line digest file)
+    match = line.match(/^([a-fA-F0-9]{64})$/);
+    if (match && lines.length === 1) {
+      return match[1].toLowerCase();
+    }
+  }
+
+  throw new Error(`Checksum for ${assetName} not found in ${checksumPath}`);
+}
+
 async function main() {
   const key = getPlatformKey();
   if (!key) {
@@ -76,6 +121,7 @@ async function main() {
   const ext = isWindows ? 'zip' : 'tar.gz';
   const assetName = `jacs-cli-${VERSION}-${key}.${ext}`;
   const url = `https://github.com/${REPO}/releases/download/cli/v${VERSION}/${assetName}`;
+  const checksumUrl = `${url}.sha256`;
 
   const binDir = getBinDir();
   const binPath = path.join(binDir, getBinName());
@@ -90,9 +136,19 @@ async function main() {
 
   const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'jacs-cli-'));
   const archivePath = path.join(tmpDir, assetName);
+  const checksumPath = path.join(tmpDir, `${assetName}.sha256`);
 
   try {
+    console.log(`[jacs] Downloading checksum for pinned version ${VERSION} from ${checksumUrl}`);
+    await download(checksumUrl, checksumPath);
     await download(url, archivePath);
+    const expectedSha256 = readExpectedSha256(checksumPath, assetName);
+    const actualSha256 = sha256File(archivePath);
+    if (expectedSha256 !== actualSha256) {
+      throw new Error(
+        `Checksum mismatch for ${assetName}: expected ${expectedSha256}, got ${actualSha256}`
+      );
+    }
 
     fs.mkdirSync(binDir, { recursive: true });
 
diff --git a/jacspy/python/jacs/mcp.py b/jacspy/python/jacs/mcp.py
@@ -607,8 +607,14 @@ async def connect_session(self, **session_kwargs):
             original_send = original_write_stream.send
             async def intercepted_send(message, **send_kwargs):
                 if agent_ready and isinstance(message.root, dict):
-                    signed = sign_mcp_message(message.root)
-                    message.root = json.loads(signed)
+                    try:
+                        signed = sign_mcp_message(message.root)
+                        message.root = json.loads(signed)
+                    except Exception as e:
+                        LOGGER.warning(
+                            "JACS signing on send failed; forwarding unsigned message: %s",
+                            e,
+                        )
                 return await original_send(message, **send_kwargs)
 
             original_write_stream.send = intercepted_send
diff --git a/jacspy/tests/test_mcp.py b/jacspy/tests/test_mcp.py
@@ -1,6 +1,7 @@
 """Tests for the JACS MCP integration wrappers."""
 
 import asyncio
+import contextlib
 import pytest
 from unittest.mock import Mock, AsyncMock, patch, MagicMock
 import json
@@ -219,3 +220,62 @@ def test_json_serialization_compatibility(self):
             serialized = json.dumps(payload)
             deserialized = json.loads(serialized)
             assert deserialized == payload
+
+
+class TestJacsSSETransportBehavior:
+    """Behavior checks for JacsSSETransport interceptors."""
+
+    def test_send_does_not_fail_when_signing_errors(self, monkeypatch):
+        from jacs import mcp
+
+        sent_payloads = []
+
+        class FakeSSETransport:
+            def __init__(self, url, headers=None):
+                self.url = url
+                self.headers = headers
+
+        class FakeReadStream:
+            async def receive(self, **_kwargs):
+                return SimpleNamespace(root={"jsonrpc": "2.0", "id": 1})
+
+        class FakeWriteStream:
+            async def send(self, message, **_kwargs):
+                sent_payloads.append(message.root)
+
+        read_stream = FakeReadStream()
+        write_stream = FakeWriteStream()
+
+        @contextlib.asynccontextmanager
+        async def fake_sse_client(_url, headers=None):
+            yield (read_stream, write_stream)
+
+        class FakeClientSession:
+            def __init__(self, _read_stream, _write_stream, **_kwargs):
+                pass
+
+            async def __aenter__(self):
+                return self
+
+            async def __aexit__(self, _exc_type, _exc, _tb):
+                return False
+
+            async def initialize(self):
+                return None
+
+        monkeypatch.setattr(mcp, "SSETransport", FakeSSETransport)
+        monkeypatch.setattr(mcp, "sse_client", fake_sse_client)
+        monkeypatch.setattr(mcp, "ClientSession", FakeClientSession)
+        monkeypatch.setattr(mcp.simple, "is_loaded", lambda: True)
+        monkeypatch.setattr(mcp, "sign_mcp_message", Mock(side_effect=RuntimeError("sign failure")))
+
+        transport = mcp.JacsSSETransport("http://127.0.0.1:9000/sse")
+        message = SimpleNamespace(root={"jsonrpc": "2.0", "id": 7, "method": "ping"})
+
+        async def run_send():
+            async with transport.connect_session():
+                await write_stream.send(message)
+
+        asyncio.run(run_send())
+
+        assert sent_payloads == [{"jsonrpc": "2.0", "id": 7, "method": "ping"}]
