feat(sdk): [NET-1663] Signature validation in worker thread

packages/browser-test-runner/src/createKarmaConfig.ts

@@ -4,8 +4,16 @@ import type { Configuration, ExternalItem } from 'webpack'
 
 const DEBUG_MODE = process.env.BROWSER_TEST_DEBUG_MODE ?? false
 
+export interface KarmaConfigOptions {
+    // File patterns to serve but not include in the test bundle (e.g. worker files)
+    servedFiles?: string[]
+}
+
 export const createKarmaConfig = (
-    testPaths: string[], webpackConfig: () => Configuration, localDirectory?: string
+    testPaths: string[],
+    webpackConfig: () => Configuration,
+    localDirectory?: string,
+    options: KarmaConfigOptions = {}
 ): (config: any) => any => {
     const setupFiles = [fileURLToPath(new URL('./karma-setup.js', import.meta.url))]
 
@@ -57,7 +65,13 @@ export const createKarmaConfig = (
             reporters: ['spec'],
             files: [
                 ...setupFiles,
-                ...testPaths
+                ...testPaths,
+                ...(options.servedFiles ?? []).map((pattern) => ({
+                    pattern,
+                    included: false,
+                    served: true,
+                    watched: false
+                }))
             ],
             preprocessors,
             customLaunchers: {

packages/browser-test-runner/src/exports.ts

@@ -1,2 +1,3 @@
 export { createKarmaConfig } from './createKarmaConfig'
+export type { KarmaConfigOptions } from './createKarmaConfig'
 export { createWebpackConfig } from './createWebpackConfig'

packages/cli-tools/src/command.ts

@@ -53,6 +53,8 @@ export const createClientCommand = (
                         await client.destroy()
                     }
                 }
+                // Exit cleanly after command completes - worker threads may keep event loop alive
+                process.exit(0)
             } catch (e: any) {
                 console.error(e)
                 process.exit(1)

packages/cli-tools/src/resend.ts

@@ -19,16 +19,19 @@ export const resend = async (
     subscribe: boolean
 ): Promise<void> => {
     try {
-        const handler = (message: any) => {
-            console.info(JSON.stringify(message))
-        }
         if (subscribe) {
+            const handler = (message: any) => {
+                console.info(JSON.stringify(message))
+            }
             await client.subscribe({
                 stream: streamId,
                 resend: resendOpts
             }, handler)
         } else {
-            await client.resend(streamId, resendOpts, handler)
+            const messageStream = await client.resend(streamId, resendOpts)
+            for await (const message of messageStream) {
+                console.info(JSON.stringify(message.content))
+            }
         }
     } catch (err) {
         console.error(err.message ?? err)

packages/sdk/createKarmaConfig.ts

@@ -15,6 +15,7 @@ export function createKarmaConfig(testPaths: string[]): ReturnType<typeof create
                     'test/test-utils/jestGlobalsMock.ts'
                 ),
                 '@streamr/dht': resolve(__dirname, '../dht/dist/exports-browser.cjs'),
+                "@/createSignatureValidationWorker": resolve(__dirname, 'src/_karma/createSignatureValidationWorker.ts'),
                 '@': resolve(__dirname, 'src/_browser'),
             },
             fallback: {
@@ -30,6 +31,14 @@ export function createKarmaConfig(testPaths: string[]): ReturnType<typeof create
                 'node:timers/promises': 'timers/promises',
             },
         }),
-        __dirname
+        __dirname,
+        {
+            /**
+             * Karma's Webpack copies workers from dist/workers to dist and hashes their names.
+             * We need to serve these files so they're accessible during tests. Normally Karma
+             * only serves test and setup files.
+             */
+            servedFiles: ['dist/*.mjs']
+        }
     )
 }

packages/sdk/jest.config.ts

@@ -11,6 +11,7 @@ const config: Config.InitialOptions = {
         '@streamr/test-utils/setupCustomMatchers',
     ],
     moduleNameMapper: {
+        "^@/createSignatureValidationWorker$": "<rootDir>/src/_jest/createSignatureValidationWorker.ts",
         "^@/(.*)$": "<rootDir>/src/_nodejs/$1",
     },
     transform: {

packages/sdk/package.json

@@ -31,6 +31,7 @@
     "dist/exports-browser.*",
     "dist/exports-umd.*",
     "dist/encryption/migrations",
+    "dist/workers",
     "!*.tsbuildinfo",
     "LICENSE",
     "README.md",
@@ -94,6 +95,7 @@
     "@streamr/proto-rpc": "103.3.0",
     "@streamr/trackerless-network": "103.3.0",
     "@streamr/utils": "103.3.0",
+    "comlink": "^4.4.2",
     "env-paths": "^2.2.1",
     "ethers": "^6.13.0",
     "eventemitter3": "^5.0.0",
@@ -112,6 +114,7 @@
     "ts-toolbelt": "^9.6.0",
     "tsyringe": "^4.10.0",
     "uuid": "^11.1.0",
+    "web-worker": "^1.5.0",
     "zod": "^4.1.13"
   },
   "optionalDependencies": {

packages/sdk/rollup.config.mts

@@ -29,6 +29,8 @@ const browserAliases: Alias[] = [
 ]
 
 export default defineConfig([
+    workerNodejs(),
+    workerBrowser(),
     nodejs(),
     nodejsTypes(),
     browser(),
@@ -204,3 +206,58 @@ function umdMinified(): RollupOptions {
         onwarn,
     }
 }
+
+/**
+ * Worker bundle for Node.js - ESM format for use with web-worker {type: 'module'}
+ */
+function workerNodejs(): RollupOptions {
+    return {
+        input: './dist/nodejs/src/signature/SignatureValidationWorker.js',
+        context: 'globalThis',
+        output: {
+            format: 'es',
+            file: './dist/workers/SignatureValidationWorker.node.mjs',
+            sourcemap: true,
+        },
+        plugins: [
+            json(),
+            alias({
+                entries: nodejsAliases,
+            }),
+            nodeResolve({
+                preferBuiltins: true,
+            }),
+            cjs(),
+        ],
+        external: [/node_modules/, /@streamr\//],
+        onwarn,
+    }
+}
+
+/**
+ * Worker bundle for browser - ESM format for use with web-worker {type: 'module'}
+ */
+function workerBrowser(): RollupOptions {
+    return {
+        input: './dist/browser/src/signature/SignatureValidationWorker.js',
+        context: 'self',
+        output: {
+            format: 'es',
+            file: './dist/workers/SignatureValidationWorker.browser.mjs',
+            sourcemap: true,
+        },
+        plugins: [
+            json(),
+            alias({
+                entries: browserAliases,
+            }),
+            nodeResolve({
+                browser: true,
+                preferBuiltins: false,
+            }),
+            cjs(),
+        ],
+        external: [],
+        onwarn,
+    }
+}

packages/sdk/src/_browser/createSignatureValidationWorker.ts

@@ -0,0 +1,11 @@
+/**
+ * Browser-specific signature validation worker factory.
+ */
+import Worker from 'web-worker'
+
+export function createSignatureValidationWorker(): InstanceType<typeof Worker> {
+    return new Worker(
+        new URL('./workers/SignatureValidationWorker.browser.mjs', import.meta.url),
+        { type: 'module' }
+    )
+}

packages/sdk/src/_jest/createSignatureValidationWorker.ts

@@ -0,0 +1,11 @@
+/**
+ * Jest-specific signature validation worker factory.
+ */
+import Worker from 'web-worker'
+
+export function createSignatureValidationWorker(): InstanceType<typeof Worker> {
+    return new Worker(
+        new URL('../../dist/workers/SignatureValidationWorker.node.mjs', import.meta.url),
+        { type: 'module' }
+    )
+}

packages/sdk/src/_karma/createSignatureValidationWorker.ts

@@ -0,0 +1,11 @@
+/**
+ * Browser-specific signature validation worker factory.
+ */
+import Worker from 'web-worker'
+
+export function createSignatureValidationWorker(): InstanceType<typeof Worker> {
+    return new Worker(
+        new URL('../../dist/workers/SignatureValidationWorker.browser.mjs', import.meta.url),
+        { type: 'module' }
+    )
+}

packages/sdk/src/_nodejs/createSignatureValidationWorker.ts

@@ -0,0 +1,11 @@
+/**
+ * Node.js-specific signature validation worker factory.
+ */
+import Worker from 'web-worker'
+
+export function createSignatureValidationWorker(): InstanceType<typeof Worker> {
+    return new Worker(
+        new URL('./workers/SignatureValidationWorker.node.mjs', import.meta.url),
+        { type: 'module' }
+    )
+}

packages/sdk/src/signature/SignatureValidation.ts

@@ -0,0 +1,31 @@
+/**
+ * Unified signature validation using Web Worker.
+ * This offloads CPU-intensive cryptographic operations to a separate thread.
+ * Works in both browser and Node.js environments via platform-specific config.
+ */
+import { wrap, releaseProxy, type Remote } from 'comlink'
+import { createSignatureValidationWorker } from '@/createSignatureValidationWorker'
+import { SignatureValidationResult, toSignatureValidationData } from './signatureValidationUtils'
+import type { SignatureValidationWorkerApi } from './SignatureValidationWorker'
+import { StreamMessage } from '../protocol/StreamMessage'
+
+export class SignatureValidation {
+    private worker: ReturnType<typeof createSignatureValidationWorker>
+    private workerApi: Remote<SignatureValidationWorkerApi>
+
+    constructor() {
+        this.worker = createSignatureValidationWorker()
+        this.workerApi = wrap<SignatureValidationWorkerApi>(this.worker)
+    }
+
+    async validateSignature(message: StreamMessage): Promise<SignatureValidationResult> {
+        // Convert class instance to plain serializable data before sending to worker
+        const data = toSignatureValidationData(message)
+        return this.workerApi.validateSignature(data)
+    }
+
+    destroy(): void {
+        this.workerApi[releaseProxy]()
+        this.worker.terminate()
+    }
+}

packages/sdk/src/signature/SignatureValidationWorker.ts

@@ -0,0 +1,18 @@
+import { expose } from 'comlink'
+import {
+    validateSignatureData,
+    SignatureValidationResult,
+    SignatureValidationData,
+} from './signatureValidationUtils'
+
+const workerApi = {
+    validateSignature: async (
+        data: SignatureValidationData
+    ): Promise<SignatureValidationResult> => {
+        return validateSignatureData(data)
+    },
+}
+
+export type SignatureValidationWorkerApi = typeof workerApi
+
+expose(workerApi)