Language-agnostic specification for testing VaultSandbox SDK implementations.
This document defines the minimum required tests for any VaultSandbox SDK implementation. Tests are categorized by their dependencies and purpose.
Category Server Required SMTP Required Purpose Unit No No Test isolated functions and classes Integration Yes No Test API interactions E2E Yes Yes Test complete email workflows
[REQUIRED] - Must be implemented[RECOMMENDED] - Should be implemented if feasible[OPTIONAL] - Nice to have
Tests that require no external dependencies. Use mocks where necessary.
Test Description Expected Round-trip Encode then decode arbitrary bytes Original bytes recovered No padding Encode data that would require padding No = characters in output URL-safe chars Encode data that produces + and / in standard base64 Uses - and _ instead
Test Description Expected Generate keypair Call keypair generation Returns public key (1184 bytes), secret key (2400 bytes), and base64 public key Unique keypairs Generate two keypairs Different public keys Correct sizes Check ML-KEM-768 key sizes Public: 1184 bytes, Secret: 2400 bytes
Test Description Expected Valid keypair Validate a correctly generated keypair Returns true Invalid sizes Validate keypair with wrong key sizes Returns false Mismatched base64 Validate keypair where base64 doesn’t match public key Returns false Missing fields Validate incomplete keypair object Returns false
Test Description Expected All pass SPF=pass, DKIM=pass, DMARC=pass passed=true, no failuresSPF fail SPF=fail, others pass passed=false, spfPassed=false, failure messageDKIM fail DKIM=fail, others pass passed=false, dkimPassed=false, failure messageDMARC fail DMARC=fail, others pass passed=false, dmarcPassed=false, failure messageDKIM partial pass Multiple DKIM results, at least one passes dkimPassed=trueNone status All statuses are “none” passed=false (requires explicit “pass”)Empty results No auth data present passed=false, all checks falseReverse DNS fail Reverse DNS fails, others pass passed=true (reverse DNS doesn’t affect overall)
Test Description Expected Default values Create client with only API key Uses default URL, timeout, retries, strategy Verify defaults Check specific default values Timeout=30000ms, retries=3, strategy=auto
Test Description Expected Custom URL Provide custom base URL Client uses provided URL Custom timeout Provide custom timeout Client uses provided timeout Custom retries Provide custom retry settings Client uses provided settings Custom strategy Specify polling/SSE/auto Client uses specified strategy Polling config Custom polling interval and backoff Strategy uses provided config SSE config Custom reconnect interval and max attempts Strategy uses provided config
Tests that require a running VaultSandbox server but no SMTP.
Skip condition : Skip all integration tests if API key is not configured or equals a placeholder value.
Test Description Expected Valid key Call checkKey with valid API key Returns true Invalid key Call checkKey with invalid API key Returns false or throws ApiError(401)
Test Description Expected Get server info Fetch server capabilities Returns server_sig_pk, algorithms, max_ttl, default_ttl, allowed_domains Algorithm values Check returned algorithms kem=ML-KEM-768, sig=ML-DSA-65, aead=AES-256-GCM, kdf=HKDF-SHA-512
Test Description Expected Graceful close Close client after operations No errors thrown Resource cleanup Close with active subscriptions Subscriptions cleaned up
Test Description Expected Basic creation Create inbox with defaults Returns email_address, inbox_hash, expires_at Email format Check created email address Contains @ symbol With custom TTL Create inbox with TTL parameter Inbox created with specified TTL
Test Description Expected Delete existing Delete a created inbox No error Access after delete Try to access deleted inbox Throws InboxNotFoundError or similar
Test Description Expected Delete all Create multiple inboxes, delete all Returns count >= created count
Test Description Expected Empty inbox Get sync status of new inbox emailCount=0, emailsHash defined Consistent hash Multiple calls without changes Same emailsHash returned
Test Description Expected Empty inbox List emails in new inbox Returns empty array
Test Description Expected Invalid ID Get email with fake ID Throws EmailNotFoundError
Test Description Expected Invalid host Connect to non-existent server Throws NetworkError
Test Description Expected Operations before init Call methods before initialization Throws RuntimeError or similar
Tests that require both a VaultSandbox server and SMTP access.
Skip condition : Skip if SMTP host is not configured.
Test Description Expected Simple text email Send text email via SMTP, wait for it Email received with correct subject, body, from Timeout on receive Wait for email without sending Throws TimeoutError after specified timeout
Test Description Expected HTML content Send email with HTML body Email has both text and html fields populated
Test Description Expected Single attachment Send email with one attachment Attachment accessible with filename, content_type, size, content Multiple attachments Send email with multiple attachments All attachments accessible
Test Description Expected String match Wait for email with subject containing string Correct email returned Regex match Wait for email with subject matching pattern Correct email returned No match timeout Wait for subject that doesn’t exist Throws TimeoutError
Test Description Expected String match Wait for email from specific address Correct email returned Regex match Wait for email from address matching pattern Correct email returned
Test Description Expected Predicate function Wait with custom filter function Returns email matching predicate
Test Description Expected Multiple emails Send N emails, list all Returns all N emails decrypted
Test Description Expected By ID Get email by its ID Returns same email as wait_for_email
Test Description Expected Via inbox method Mark email as read via inbox is_read changes to true Via email method Mark email as read via email object is_read changes to true
Test Description Expected Via inbox method Delete email via inbox Email no longer in list Via email method Delete email via email object Email no longer in list
Test Description Expected Get raw content Fetch raw MIME source Returns raw string containing headers and subject
Test Description Expected Links in HTML Send email with links in HTML links array contains URLs
Test Description Expected Standard headers Access email headers from, subject, date headers accessible
Test Description Expected Results present Receive email, check authResults authResults object exists Validate method Call authResults.validate() Returns validation object with passed, failures Direct send fails SPF Send directly without authorization SPF status is NOT “pass” Direct send fails DKIM Send without signing DKIM status is NOT “pass”
Test Description Expected Wait for N Send N emails, wait for count N Returns when count reached Timeout on count Wait for more emails than sent Throws TimeoutError
Test Description Expected Default config Create strategy without config Uses default interval, backoff, jitter Custom config Create strategy with custom config Uses provided values
Test Description Expected Timeout with backoff Wait without email Times out near specified timeout Custom interval Specify poll interval Respects provided interval Concurrent polling Poll multiple inboxes concurrently All eventually timeout
Test Description Expected Subscribe Subscribe to inbox Returns subscription object Unsubscribe Unsubscribe from inbox Stops polling for that inbox Close Close strategy All polling tasks cancelled
Test Description Expected Default config Create strategy without config Uses default reconnect settings Custom config Create strategy with custom config Uses provided values
Test Description Expected Subscribe Subscribe to inbox Returns subscription object Unsubscribe Unsubscribe from inbox Removes subscription Multiple unsubscribe Call unsubscribe multiple times No error (idempotent) Close Close strategy All subscriptions cleaned up
Test Description Expected Connection error Connect to invalid URL Handles error gracefully No connect when closing Subscribe after close Does not attempt connection
Test Description Expected Receive via callback Subscribe, send email Callback invoked with email Unsubscribe stops callback Unsubscribe, send email Callback not invoked
Test Description Expected Multiple inboxes Monitor 2+ inboxes Events received for all Unsubscribe all Unsubscribe from monitor All subscriptions stopped
Test Description Expected Export to object Export inbox Returns all required fields Required fields Check exported data Has email_address, inbox_hash, expires_at, server_sig_pk, public_key_b64, secret_key_b64, exported_at Valid timestamps Check timestamp fields Valid ISO 8601 format Valid base64 keys Check key fields Valid base64 encoding Export by address Export using email address string Works same as inbox object Not found error Export non-existent inbox Throws InboxNotFoundError
Test Description Expected Import valid data Import previously exported inbox Returns functional inbox Access emails List emails from imported inbox Returns emails that were sent before export Missing fields Import with missing required fields Throws InvalidImportDataError Empty fields Import with empty required fields Throws InvalidImportDataError Invalid timestamp Import with invalid timestamp Throws InvalidImportDataError Invalid base64 Import with invalid base64 keys Throws InvalidImportDataError Wrong key length Import with incorrect key sizes Throws InvalidImportDataError Server mismatch Import with different server_sig_pk Throws InvalidImportDataError Already exists Import inbox that’s already loaded Throws InboxAlreadyExistsError
Test Description Expected Export to file Export inbox to JSON file File created with valid JSON Import from file Import inbox from JSON file Returns functional inbox Invalid JSON file Import from file with invalid JSON Throws InvalidImportDataError Non-existent file Import from missing file Throws error Formatted JSON Check exported file format JSON is indented/formatted
Test Description Expected Timeout value 0 Wait with timeout=0 Returns immediately with timeout error Deleted inbox during wait Delete inbox while waiting Throws appropriate error Empty inbox array Monitor empty array No crash, returns valid monitor
Test Description Expected Retry on 5xx Server returns 500, then 200 Eventually succeeds Max retries exceeded Server always returns 500 Throws error after max retries No retry on 4xx Server returns 400 Fails immediately (no retry)
Test Description Expected 404 inbox Access non-existent inbox Throws InboxNotFoundError 404 email Access non-existent email Throws EmailNotFoundError
Ensure all code examples in README documentation work correctly.
Test Description Expected Basic flow Create inbox, send email, receive, verify All steps succeed
Test Description Expected All client options Use all documented options Client initializes correctly Environment variables Load config from env vars Works as documented
Test Description Expected Filter examples All documented filter patterns Work as documented Attachment example Documented attachment access Works as documented Auth results example Documented auth checking Works as documented Monitor example Documented monitoring pattern Works as documented Export/import example Documented import/export Works as documented Error handling example Documented error catching Catches expected errors
Each implementation should provide:
Utility Purpose SMTP client Send test emails to inboxes Cleanup hooks Delete created inboxes after tests Skip conditions Skip integration tests when server unavailable Timeout helpers Reasonable timeouts for async operations
Tests should respect these environment variables:
Variable Purpose Default VAULTSANDBOX_URLServer URL Implementation default VAULTSANDBOX_API_KEYAPI key for testing None (skip if missing) SMTP_HOSTSMTP server hostname localhost SMTP_PORTSMTP server port 25
When VSB_DEVELOPMENT=true is set on the gateway, a test endpoint becomes available that allows creating emails with controlled authentication results. This eliminates the need for a real SMTP server when testing email authentication flows in SDK implementations.
Property Value Endpoint POST /api/test/emailsAuthentication API Key (X-API-Key header) Availability Only when VSB_DEVELOPMENT=true
"subject" : " Test Subject " , // Optional, default: "Test Email"
"text" : " Plain text body " , // Optional, default: "Test email body"
"html" : " <p>HTML body</p> " , // Optional
"spf" : " pass " , // "pass" | "fail" | "softfail" | "neutral" | "none" | "temperror" | "permerror"
"dkim" : " pass " , // "pass" | "fail" | "none"
"dmarc" : " pass " , // "pass" | "fail" | "none"
"reverseDns" : true // boolean
"emailId" : " uuid-of-created-email "
This endpoint is useful for:
Testing authentication validation logic without configuring SPF/DKIM/DMARCSimulating authentication failures to verify SDK error handlingRunning E2E tests in CI/CD without SMTP infrastructureRapid local development of email-dependent features
# Create an email with failing SPF
url = f " {base_url} /api/test/emails" ,
" Content-Type " : " application/json " ,
" to " : inbox.email_address,
# Now fetch the email and verify authResults
email = inbox. waitForEmail ( timeout = 5000 )
validation = email.authResults. validate ()
assert validation.passed == False
assert validation.spfPassed == False
assert validation.dmarcPassed == False
Minimum required tests by category:
Category Required Tests Unit - Crypto 9 Unit - Types 8 Unit - Config 6 Integration - Client 6 Integration - Inbox 7 Integration - Errors 2 E2E - Basic Flow 4 E2E - Filtering 6 E2E - Operations 8 E2E - Content 6 E2E - Multiple 2 Strategy - Polling 6 Strategy - SSE 6 Strategy - Monitoring 4 Import/Export 15 Edge Cases 5 README Examples 8 Total ~108
Version Date Changes 1.0 2025-12-17 Initial specification based on Node.js and Python implementations
