feat: move to x-ename header and add tests

Author: coodos

infrastructure/evault-core/src/core/protocol/graphql-server.ts

@@ -196,6 +196,12 @@ export class GraphQLServer {
                             context.eName
                         );
 
+                        // Add parsed field to metaEnvelope for GraphQL response
+                        const metaEnvelopeWithParsed = {
+                            ...result.metaEnvelope,
+                            parsed: input.payload,
+                        };
+
                         // Deliver webhooks for create operation
                         const requestingPlatform =
                             context.tokenPayload?.platform || null;
@@ -224,7 +230,10 @@ export class GraphQLServer {
                             );
                         }, 3_000);
 
-                        return result;
+                        return {
+                            ...result,
+                            metaEnvelope: metaEnvelopeWithParsed,
+                        };
                     }
                 ),
                 updateMetaEnvelopeById: this.accessGuard.middleware(

infrastructure/evault-core/src/core/protocol/vault-access-guard.ts

@@ -147,8 +147,14 @@ export class VaultAccessGuard {
             if (!args.id && !args.envelopeId) {
                 const result = await resolver(parent, args, context);
 
-                // If the result is an array of meta envelopes, filter based on access
+                // If the result is an array
                 if (Array.isArray(result)) {
+                    // Check if it's an array of Envelopes (no ACL) or MetaEnvelopes (has ACL)
+                    if (result.length > 0 && result[0] && !('acl' in result[0])) {
+                        // It's an array of Envelopes - already filtered by eName, just return as-is
+                        return result;
+                    }
+                    // It's an array of MetaEnvelopes - filter based on access
                     return this.filterEnvelopesByAccess(result, context);
                 }
 

infrastructure/evault-core/src/test-utils/mock-registry-server.ts

@@ -1,15 +1,14 @@
 import fastify, { FastifyInstance } from "fastify";
-// Mock getJWK - we don't need to import from registry in tests
+import { getSharedTestPublicJWK } from "./shared-test-keys";
+
+// In-memory store for registered eVaults
+const registeredEVaults = new Map<string, { uri: string; evault: string }>();
+
+// Mock getJWK - returns the public key from the shared test key pair
 async function mockGetJWK() {
+    const publicKeyOnly = await getSharedTestPublicJWK();
     return {
-        keys: [{
-            kty: "EC",
-            crv: "P-256",
-            x: "test-x",
-            y: "test-y",
-            kid: "entropy-key-1",
-            alg: "ES256",
-        }],
+        keys: [publicKeyOnly],
     };
 }
 
@@ -31,16 +30,55 @@ export async function createMockRegistryServer(port: number = 4322): Promise<Fas
         if (!ename || !uri || !evault) {
             return reply.status(400).send({ error: "Missing required fields" });
         }
+        
+        // Store the registered eVault for resolution
+        registeredEVaults.set(ename, { uri, evault });
+        
         return reply.status(201).send({ ename, uri, evault });
     });
 
+    server.get("/resolve", async (request, reply) => {
+        const { w3id } = request.query as { w3id?: string };
+        
+        if (!w3id) {
+            return reply.status(400).send({ error: "Missing w3id parameter" });
+        }
+
+        // Normalize w3id (remove @ prefix if present for lookup)
+        const normalizedW3id = w3id.startsWith("@") ? w3id.substring(1) : w3id;
+        const registered = registeredEVaults.get(normalizedW3id) || registeredEVaults.get(w3id);
+        
+        if (!registered) {
+            return reply.status(404).send({ error: "eVault not found" });
+        }
+
+        return reply.status(200).send({ uri: registered.uri });
+    });
+
     server.get("/platforms", async () => {
         return [
             "http://localhost:1111",
             "http://localhost:3000",
         ];
     });
 
+    server.post("/platforms/certification", async (request, reply) => {
+        const { platform } = request.body as { platform?: string };
+        
+        if (!platform) {
+            return reply.status(400).send({ error: "Missing platform parameter" });
+        }
+
+        // Return a mock JWT token for the platform
+        // In a real scenario, this would be a proper JWT signed by the registry
+        const mockToken = `mock.jwt.token.${platform}.${Date.now()}`;
+        
+        return reply.status(200).send({
+            token: mockToken,
+            expiresAt: Date.now() + 3600000, // 1 hour from now
+        });
+    });
+
     await server.listen({ port, host: "0.0.0.0" });
 
     return server;

infrastructure/web3-adapter/src/evault/evault.ts

@@ -304,11 +304,12 @@ export class EVaultClient {
 		const endpoint = await this.resolveEndpoint(w3id).catch(() => null);
 		if (!endpoint) throw new Error("Failed to resolve endpoint");
 
-		// Get platform token and create client with authorization header
+		// Get platform token and create client with authorization and X-ENAME headers
 		const token = await this.ensurePlatformToken();
 		const client = new GraphQLClient(endpoint, {
 			headers: {
 				authorization: `Bearer ${token}`,
+				"X-ENAME": w3id,
 			},
 		});