9d380f5013
WebSocket client + CLI harness + pytest suite that exercises each axis of a CKBunker + Coldcard Mk4 policy and asserts the expected outcomes, including the critical negative test that a large PSBT without TOTP is rejected with a specific 'rule #1: need user(s) confirmation' reason. Configuration via .env / YAML / CLI flags, two pre-crafted test PSBTs as fixtures (generation guide in fixtures/README.md), dashboard counter scraper as sanity check, design rationale in docs/.
19 lines
673 B
Python
19 lines
673 B
Python
"""Rule #2 equivalent: a sub-threshold PSBT must sign without any 2FA."""
|
|
|
|
import pytest
|
|
|
|
from ckbunker_hsm_sign import Client, SignStatus
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_small_psbt_signs_without_totp(client: Client, small_psbt: bytes):
|
|
async with client.session() as session:
|
|
res = await session.sign_psbt(small_psbt, use_totp=False)
|
|
|
|
assert res.status == SignStatus.SIGNED, (
|
|
f"expected SIGNED, got {res.status.value}: {res.reason or res.error}"
|
|
)
|
|
assert res.signed_bytes, "no signed bytes returned"
|
|
# The returned bytes should still be a valid PSBT envelope.
|
|
assert res.signed_bytes[:5] == b"psbt\xff", res.signed_bytes[:5]
|