Context
Commit 1f24845 (branch nip55-audit-chain-rust, #306) moved audit-chain hashing and verification into Rust (keep/keep-mobile/src/nip55_audit.rs). The Rust unit tests cover the algorithm in isolation, but nothing exercises the Kotlin side of the seam: the Nip55AuditLog.toRustAuditEntry() mapping, the real Room write path in PermissionStore.logOperation (which now calls nip55AuditEntryHash), and the Nip55ChainStatus -> ChainVerificationResult conversion.
Gap
No keep-android instrumented test round-trips:
logOperation(...) (writes a row hashed via Rust) followed by verifyAuditChain() asserting Valid.- A tamper case (mutate a persisted row) asserting
Tampered / Broken.
Existing infra to extend: app/src/androidTest/kotlin/io/privkey/keep/nip55/PermissionStoreIntegrationTest.kt.
Why
This is the one untested edge of the FFI boundary introduced by #306. A round-trip + tamper test guards against a future mapping/serialization drift between the Kotlin entry shape and the Rust verifier that the per-language unit tests would not catch.
Requires an emulator/device (androidTest), which is why it was filed rather than added inline with the refactor.
Context
Commit 1f24845 (branch
nip55-audit-chain-rust, #306) moved audit-chain hashing and verification into Rust (keep/keep-mobile/src/nip55_audit.rs). The Rust unit tests cover the algorithm in isolation, but nothing exercises the Kotlin side of the seam: theNip55AuditLog.toRustAuditEntry()mapping, the real Room write path inPermissionStore.logOperation(which now callsnip55AuditEntryHash), and theNip55ChainStatus -> ChainVerificationResultconversion.Gap
No keep-android instrumented test round-trips:
logOperation(...)(writes a row hashed via Rust) followed byverifyAuditChain()assertingValid.Tampered/Broken.Existing infra to extend:
app/src/androidTest/kotlin/io/privkey/keep/nip55/PermissionStoreIntegrationTest.kt.Why
This is the one untested edge of the FFI boundary introduced by #306. A round-trip + tamper test guards against a future mapping/serialization drift between the Kotlin entry shape and the Rust verifier that the per-language unit tests would not catch.
Requires an emulator/device (androidTest), which is why it was filed rather than added inline with the refactor.