# Salvium-JS Testnet Testing Plan **Status:** Pending - to be executed near project completion --- ## Security: No Secrets in Git **Pre-commit hook installed:** `.githooks/pre-commit` scans for potential secrets before commit. **Setup:** Run `git config core.hooksPath .githooks` to enable. **Protected patterns:** - 25-word mnemonic phrases - 64-character hex strings (potential keys) - Files matching `*.env`, `*.key`, `wallet*.json`, etc. **Git history audit (2026-01-25):** No real wallet credentials found in history. Only test patterns (`bacon bacon...`, `abbey abbey...`) which are recognizable fake mnemonics. --- ## Prerequisites ### Testnet Setup - [ ] Testnet daemon URL (or run local testnet node) - [ ] Testnet wallet with funds (need testnet SAL faucet or mining) - [ ] Second wallet for receiving transactions ### Environment Variables **CRITICAL: All wallet secrets MUST come from environment variables. Never hardcode mnemonics, master keys, view keys, or spend keys in test files.** ```bash # Primary wallet (choose one method) export WALLET_SEED="testnet wallet 25 word mnemonic" # OR export MASTER_KEY="64-character-hex-master-key" # OR (for view-only testing) export VIEW_SECRET_KEY="64-char-hex" export SPEND_PUBLIC_KEY="64-char-hex" # Secondary wallet for receiving export WALLET_SEED_2="second wallet mnemonic for receiving" # Daemon export DAEMON_URL="http://localhost:28081" # Testnet port ``` ### Supported Key Formats | Variable | Format | Description | |----------|--------|-------------| | `WALLET_SEED` | 25 words | Full wallet from mnemonic | | `MASTER_KEY` | 64 hex chars | Raw 32-byte seed | | `VIEW_SECRET_KEY` | 64 hex chars | View-only: view secret | | `SPEND_PUBLIC_KEY` | 64 hex chars | View-only: spend pubkey | | `SPEND_SECRET_KEY` | 64 hex chars | Optional: spend secret | --- ## Test Categories ### 1. Wallet Sync & Balance Detection **Test:** Full sync from genesis ```bash WALLET_SEED="..." bun test/integration-sync.test.js ``` **Verify:** - [ ] CN outputs detected correctly - [ ] CARROT outputs detected correctly - [ ] Subaddress outputs detected (both CN and CARROT) - [ ] Integrated address outputs detected - [ ] Key images computed correctly - [ ] Spent outputs marked as spent - [ ] Balance matches expected value - [ ] Stake/yield outputs identified **Test:** Partial sync (resume from height) ```bash START_HEIGHT=10000 WALLET_SEED="..." bun test/integration-sync.test.js ``` --- ### 2. TRANSFER Transaction **Test:** Send SAL to standard address ```bash WALLET_SEED="..." \ RECIPIENT="SLVx..." \ AMOUNT=1.0 \ DRY_RUN=false \ bun test/transfer-integration.test.js ``` **Verify:** - [ ] Transaction builds without error - [ ] CLSAG signatures valid - [ ] Bulletproofs+ range proofs valid - [ ] Transaction accepted by daemon - [ ] Transaction appears in mempool - [ ] Transaction confirmed in block - [ ] Recipient wallet detects the output - [ ] Change output returns to sender **Test:** Send to subaddress - [ ] CN subaddress recipient - [ ] CARROT subaddress recipient **Test:** Send to integrated address - [ ] Payment ID embedded correctly - [ ] Recipient detects with payment ID --- ### 3. STAKE Transaction **Test:** Create stake ```bash WALLET_SEED="..." \ STAKE_AMOUNT=100.0 \ DRY_RUN=false \ bun test/stake-integration.test.js ``` **Verify:** - [ ] txType = 6 (STAKE) - [ ] unlock_time = current_height + STAKE_LOCK_PERIOD - [ ] source_asset_type = "SAL" - [ ] destination_asset_type = "SAL" - [ ] Transaction accepted by daemon - [ ] Stake output locked until unlock_time - [ ] After unlock, RETURN transaction received - [ ] Yield amount correct per consensus rules **Test:** Verify lock period - [ ] Mainnet: 21600 blocks (~30 days) - [ ] Testnet: 20 blocks (for quick testing) --- ### 4. BURN Transaction **Test:** Burn SAL ```bash WALLET_SEED="..." \ BURN_AMOUNT=0.1 \ DRY_RUN=false \ bun test/burn-integration.test.js ``` **Verify:** - [ ] txType = 5 (BURN) - [ ] destination_asset_type = "BURN" - [ ] amount_burnt matches requested amount - [ ] unlock_time = 0 (no lock) - [ ] Transaction accepted by daemon - [ ] Burned coins permanently removed from supply - [ ] Change output returns correctly **Test:** Burn SAL1 (if available) ```bash ASSET_TYPE=SAL1 WALLET_SEED="..." BURN_AMOUNT=0.1 bun test/burn-integration.test.js ``` --- ### 5. CONVERT Transaction (When Implemented) **Test:** Convert SAL to SAL1 ```bash WALLET_SEED="..." \ FROM_ASSET=SAL \ TO_ASSET=SAL1 \ AMOUNT=10.0 \ DRY_RUN=false \ bun test/convert-integration.test.js ``` **Verify:** - [ ] txType = 4 (CONVERT) - [ ] source_asset_type correct - [ ] destination_asset_type correct - [ ] Oracle price used correctly - [ ] Slippage limit enforced - [ ] Transaction accepted by daemon - [ ] Converted amount received --- ### 6. AUDIT Transaction (When Implemented) **Test:** Create audit disclosure ```bash WALLET_SEED="..." \ AUDIT_TYPE=full \ DRY_RUN=false \ bun test/audit-integration.test.js ``` **Verify:** - [ ] txType = 8 (AUDIT) - [ ] Disclosure data correct - [ ] Transaction accepted by daemon --- ### 7. Address Generation **Test:** All address types generate correctly ```bash bun test/address-integration.test.js ``` **Verify:** - [ ] Legacy (CN) main address - starts with SLVx - [ ] Legacy subaddress - starts with SLVs - [ ] Legacy integrated address - starts with SLVi - [ ] CARROT main address - starts with salv - [ ] CARROT subaddress - starts with salvs - [ ] CARROT integrated address - starts with salvi - [ ] All addresses decode back to correct keys --- ### 8. Signature Verification **Test:** Verify our signatures against daemon ```bash bun test/signature-verification.test.js ``` **Verify:** - [ ] CLSAG signatures we create pass daemon verification - [ ] Bulletproofs+ we create pass daemon verification - [ ] Message signatures verify correctly --- ### 9. RPC Methods **Test:** All daemon RPC methods work ```bash bun test/rpc.integration.js $DAEMON_URL ``` **Verify:** - [ ] getInfo - [ ] getBlockCount - [ ] getBlock / getBlockByHeight - [ ] getTransactions - [ ] sendRawTransaction - [ ] getOuts (for ring member selection) - [ ] getOutputDistribution - [ ] Salvium-specific: getSupplyInfo, getYieldInfo --- ### 10. Edge Cases **Multi-input transactions:** - [ ] Transaction with 2+ inputs - [ ] Mixed CN and CARROT inputs (if applicable) **Dust handling:** - [ ] Very small outputs - [ ] sweepDust function (when implemented) **Error handling:** - [ ] Insufficient funds error - [ ] Invalid address error - [ ] Network errors (daemon unreachable) - [ ] Invalid transaction rejection --- ## Test Execution Order 1. **Wallet Sync** - Verify we can scan blockchain correctly 2. **Address Generation** - Verify addresses work 3. **TRANSFER** - Basic send/receive 4. **STAKE** - Staking functionality 5. **BURN** - Burning functionality 6. **CONVERT** - Asset conversion (when ready) 7. **AUDIT** - Compliance features (when ready) 8. **Edge Cases** - Stress testing --- ## Integration Test Scripts Needed | Script | Status | Description | |--------|--------|-------------| | `integration-sync.test.js` | ✅ Exists | Wallet sync | | `transfer-integration.test.js` | ❌ TODO | Send transactions | | `stake-integration.test.js` | ❌ TODO | Stake creation | | `burn-integration.test.js` | ✅ Exists | Burn transactions | | `convert-integration.test.js` | ❌ TODO | Asset conversion | | `audit-integration.test.js` | ❌ TODO | Audit transactions | | `address-integration.test.js` | ❌ TODO | Address roundtrip | | `signature-verification.test.js` | ❌ TODO | Sig verification | --- ## Success Criteria All tests pass with: - [ ] Zero transaction rejections - [ ] Zero balance discrepancies - [ ] Zero parsing errors - [ ] All transaction types confirmed on-chain - [ ] Recipient wallets detect all sent outputs --- ## Notes - Always use testnet first - never test with real mainnet funds - Keep test amounts small (0.01-1 SAL) - Document any daemon version requirements - Record block heights of test transactions for debugging