Skip to main content

Testing

ID Wispera has a comprehensive test suite covering all packages and all three SDKs. This page explains how to run tests and what’s covered — useful for contributors validating changes and for understanding the security properties verified by the suite.

Test summary

PackageTest FilesTestsKey Coverage
@id-wispera/core16667Vault, passport, detection, policy, audit, delegation, sharing, provisioning, integrations, exec, env mapping, passphrase provider, KDF migration, cross-SDK compat
@id-wispera/cli147Display utilities (credential masking, formatting, passport cards, audit entries, detection results)
@id-wispera/mcp-server424Policy enforcement, tool handler error wrapping, passport resource mapping, auth actor resolution
@id-wispera/browser-extension8171Storage, AES-256-GCM crypto, credential detection, patterns, security properties, API, service worker, vault client
Go SDK7~169Passphrase provider, delegation, providers, locations, policy, provisioning, sharing
Python SDK2~216Cross-SDK parity (201 tests), passphrase provider
Total: ~1,290+ tests across 38+ test files

Running tests

All packages

# Run all tests via Turborepo
npm test

Individual packages

npm test --workspace=@id-wispera/core

Watch mode and coverage

# Watch mode (re-runs on file changes)
npm test -- --watch

# With coverage report
npm test -- --coverage

Go SDK

cd packages/go && go test ./...

Python SDK

cd packages/python && pytest

Test categories

Unit tests

Pure function testing for masking, formatting, mapping, and parsing logic. These validate individual functions in isolation.

Integration tests

Multi-module workflows such as vault → passport → audit, delegation chains, and sharing flows. These verify that components work correctly together.

Security property tests

Cryptographic invariants, permission checks, and credential scrubbing. These ensure the platform’s security guarantees hold under test conditions.

Cross-SDK parity tests

Behavioral equivalence across TypeScript, Python, and Go. These verify that all three SDKs produce interoperable vault files and identical behavior for the same inputs.

CLI integration tests

End-to-end command workflows including exec, provisioning, and policy enforcement. These test the full CLI pipeline from command parsing to output.

Security-specific tests

The test suite includes dedicated tests that validate the security properties of the platform:
security.test.ts validates AES-256-GCM cryptographic invariants, ensures random IVs on every encryption, verifies credential masking, validates detection pattern quality, and tests sync-guard behavior.
eslint-plugin-security and eslint-plugin-no-unsanitized are configured for the browser extension to catch common security anti-patterns at lint time.
Verify the resolution chain order, world-readable .env file warnings, and that no deprecation warnings are emitted for IDW_PASSPHRASE.
Verify that IDW_PASSPHRASE and IDW_SESSION_TOKEN are stripped from child process environments, and that credential values never appear in error messages.
Verify enforcement of human owner requirements, validity period limits, delegation depth constraints, and visa type restrictions.
Verify that TypeScript, Python, and Go SDKs produce interoperable vault files and identical behavior for encryption, decryption, key derivation, and passphrase resolution.

Contributing tests

When contributing to ID Wispera, follow these guidelines:
  1. All PRs require passing tests. The CI pipeline runs the full test suite on every pull request.
  2. New features need tests. Add tests that cover both the happy path and edge cases.
  3. Security-sensitive changes need security tests. If your change touches encryption, auth, or credential handling, add tests that verify the security properties.
  4. Cross-SDK changes need parity tests. If you change behavior in one SDK, ensure the corresponding tests pass in all three SDKs.
Run npm test -- --coverage to check that your changes don’t reduce test coverage. The core package has the most comprehensive coverage — use it as a reference for test style and structure.

Next steps

Security architecture

Understand the encryption model and threat model that tests validate.

Policy engine

Learn about the policy rules verified by the test suite.

SDK usage

Full command reference and programmatic SDK usage.