created POC grasp-auditor

8 files changed, 1026 insertions, 0 deletions

diff --git a/grasp-audit/src/audit.rs b/grasp-audit/src/audit.rs
new file mode 100644
index 0000000..0ca8737
--- /dev/null
+++ b/grasp-audit/src/audit.rs
@@ -0,0 +1,188 @@
+//! Audit configuration and event tagging
+
+use nostr_sdk::prelude::*;
+use std::time::Duration;
+
+/// Audit configuration
+#[derive(Debug, Clone)]
+pub struct AuditConfig {
+    /// Unique ID for this audit run
+    pub run_id: String,
+    
+    /// Mode: CI (isolated) or Production (live)
+    pub mode: AuditMode,
+    
+    /// Cleanup timestamp (events can be cleaned after this)
+    pub cleanup_after: Timestamp,
+    
+    /// Whether to actually create events or just query
+    pub read_only: bool,
+}
+
+/// Audit mode
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub enum AuditMode {
+    /// Isolated CI/CD tests - only see own events
+    CI,
+    
+    /// Production audit - see all events, minimal writes
+    Production,
+}
+
+impl AuditConfig {
+    /// Create config for CI/CD testing
+    pub fn ci() -> Self {
+        let run_id = format!("ci-{}", uuid::Uuid::new_v4());
+        Self {
+            run_id,
+            mode: AuditMode::CI,
+            cleanup_after: Timestamp::now() + 3600, // 1 hour from now
+            read_only: false,
+        }
+    }
+    
+    /// Create config for production audit
+    pub fn production() -> Self {
+        let run_id = format!("prod-audit-{}", Timestamp::now().as_u64());
+        Self {
+            run_id,
+            mode: AuditMode::Production,
+            cleanup_after: Timestamp::now() + 300, // 5 minutes from now
+            read_only: true, // Default to read-only for production
+        }
+    }
+    
+    /// Create config with custom run ID
+    pub fn with_run_id(run_id: String, mode: AuditMode) -> Self {
+        Self {
+            run_id,
+            mode,
+            cleanup_after: Timestamp::now() + 3600,
+            read_only: mode == AuditMode::Production,
+        }
+    }
+    
+    /// Get audit tags for an event
+    pub fn audit_tags(&self) -> Vec<Tag> {
+        vec![
+            Tag::custom(
+                TagKind::Custom(std::borrow::Cow::Borrowed("grasp-audit")),
+                vec!["true"]
+            ),
+            Tag::custom(
+                TagKind::Custom(std::borrow::Cow::Borrowed("audit-run-id")),
+                vec![self.run_id.clone()]
+            ),
+            Tag::custom(
+                TagKind::Custom(std::borrow::Cow::Borrowed("audit-cleanup")),
+                vec![self.cleanup_after.to_string()]
+            ),
+        ]
+    }
+}
+
+/// Builder for audit events
+pub struct AuditEventBuilder {
+    kind: Kind,
+    content: String,
+    tags: Vec<Tag>,
+    config: AuditConfig,
+}
+
+impl AuditEventBuilder {
+    /// Create a new audit event builder
+    pub fn new(kind: Kind, content: impl Into<String>, config: AuditConfig) -> Self {
+        Self {
+            kind,
+            content: content.into(),
+            tags: Vec::new(),
+            config,
+        }
+    }
+    
+    /// Add a tag
+    pub fn tag(mut self, tag: Tag) -> Self {
+        self.tags.push(tag);
+        self
+    }
+    
+    /// Add multiple tags
+    pub fn tags(mut self, tags: Vec<Tag>) -> Self {
+        self.tags.extend(tags);
+        self
+    }
+    
+    /// Build the event with audit tags
+    pub async fn build(self, keys: &Keys) -> anyhow::Result<Event> {
+        let mut all_tags = self.tags;
+        all_tags.extend(self.config.audit_tags());
+        
+        let event = EventBuilder::new(self.kind, self.content, all_tags)
+            .to_event(keys)
+            .await?;
+        
+        Ok(event)
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    
+    #[test]
+    fn test_ci_config() {
+        let config = AuditConfig::ci();
+        assert_eq!(config.mode, AuditMode::CI);
+        assert!(!config.read_only);
+        assert!(config.run_id.starts_with("ci-"));
+    }
+    
+    #[test]
+    fn test_production_config() {
+        let config = AuditConfig::production();
+        assert_eq!(config.mode, AuditMode::Production);
+        assert!(config.read_only);
+        assert!(config.run_id.starts_with("prod-audit-"));
+    }
+    
+    #[test]
+    fn test_audit_tags() {
+        let config = AuditConfig::ci();
+        let tags = config.audit_tags();
+        
+        assert_eq!(tags.len(), 3);
+        
+        // Check grasp-audit tag
+        assert!(tags.iter().any(|t| {
+            matches!(t.kind(), TagKind::Custom(k) if k == "grasp-audit")
+        }));
+        
+        // Check audit-run-id tag
+        assert!(tags.iter().any(|t| {
+            matches!(t.kind(), TagKind::Custom(k) if k == "audit-run-id")
+        }));
+        
+        // Check audit-cleanup tag
+        assert!(tags.iter().any(|t| {
+            matches!(t.kind(), TagKind::Custom(k) if k == "audit-cleanup")
+        }));
+    }
+    
+    #[tokio::test]
+    async fn test_audit_event_builder() {
+        let config = AuditConfig::ci();
+        let keys = Keys::generate();
+        
+        let event = AuditEventBuilder::new(Kind::TextNote, "test", config.clone())
+            .tag(Tag::custom(TagKind::Custom("test".into()), vec!["value"]))
+            .build(&keys)
+            .await
+            .unwrap();
+        
+        // Should have our custom tag + 3 audit tags
+        assert!(event.tags.len() >= 4);
+        
+        // Verify event is valid
+        assert!(event.verify().is_ok());
+    }
+}
diff --git a/grasp-audit/src/bin/grasp-audit.rs b/grasp-audit/src/bin/grasp-audit.rs
new file mode 100644
index 0000000..6c063db
--- /dev/null
+++ b/grasp-audit/src/bin/grasp-audit.rs
@@ -0,0 +1,95 @@
+//! GRASP Audit CLI Tool
+
+use clap::{Parser, Subcommand};
+use grasp_audit::*;
+
+#[derive(Parser)]
+#[command(name = "grasp-audit")]
+#[command(about = "GRASP audit and compliance testing tool", long_about = None)]
+struct Cli {
+    #[command(subcommand)]
+    command: Commands,
+}
+
+#[derive(Subcommand)]
+enum Commands {
+    /// Run audit tests against a server
+    Audit {
+        /// Relay URL (e.g., ws://localhost:7000)
+        #[arg(short, long)]
+        relay: String,
+        
+        /// Mode: ci or production
+        #[arg(short, long, default_value = "ci")]
+        mode: String,
+        
+        /// Spec to test (nip01-smoke, all)
+        #[arg(short, long, default_value = "nip01-smoke")]
+        spec: String,
+    },
+}
+
+#[tokio::main]
+async fn main() -> Result<()> {
+    // Initialize logging
+    tracing_subscriber::fmt()
+        .with_env_filter(
+            tracing_subscriber::EnvFilter::from_default_env()
+                .add_directive(tracing::Level::INFO.into())
+        )
+        .init();
+    
+    let cli = Cli::parse();
+    
+    match cli.command {
+        Commands::Audit { relay, mode, spec } => {
+            let config = match mode.as_str() {
+                "ci" => AuditConfig::ci(),
+                "production" => AuditConfig::production(),
+                _ => return Err(anyhow!("Invalid mode: {}. Use 'ci' or 'production'", mode)),
+            };
+            
+            println!("🔍 GRASP Audit Tool");
+            println!("━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━");
+            println!("Relay:   {}", relay);
+            println!("Mode:    {}", mode);
+            println!("Spec:    {}", spec);
+            println!("Run ID:  {}", config.run_id);
+            println!("━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━");
+            println!();
+            
+            println!("Connecting to relay...");
+            let client = AuditClient::new(&relay, config).await
+                .map_err(|e| anyhow!("Failed to connect to relay: {}", e))?;
+            
+            if !client.is_connected().await {
+                return Err(anyhow!("Could not establish connection to relay"));
+            }
+            
+            println!("✓ Connected\n");
+            
+            let results = match spec.as_str() {
+                "nip01-smoke" => {
+                    println!("Running NIP-01 smoke tests...\n");
+                    specs::Nip01SmokeTests::run_all(&client).await
+                }
+                "all" => {
+                    println!("Running all tests...\n");
+                    specs::Nip01SmokeTests::run_all(&client).await
+                }
+                _ => return Err(anyhow!("Unknown spec: {}. Use 'nip01-smoke' or 'all'", spec)),
+            };
+            
+            results.print_report();
+            
+            if !results.all_passed() {
+                println!("❌ Some tests failed");
+                std::process::exit(1);
+            } else {
+                println!("✅ All tests passed!");
+            }
+        }
+    }
+    
+    Ok(())
+}
diff --git a/grasp-audit/src/client.rs b/grasp-audit/src/client.rs
new file mode 100644
index 0000000..934aef2
--- /dev/null
+++ b/grasp-audit/src/client.rs
@@ -0,0 +1,146 @@
+//! Audit client for testing GRASP implementations
+
+use crate::audit::{AuditConfig, AuditEventBuilder, AuditMode};
+use anyhow::{anyhow, Result};
+use nostr_sdk::prelude::*;
+use std::time::Duration;
+
+/// Client for auditing GRASP implementations
+pub struct AuditClient {
+    client: Client,
+    pub config: AuditConfig,
+    keys: Keys,
+}
+
+impl AuditClient {
+    /// Create a new audit client
+    pub async fn new(relay_url: &str, config: AuditConfig) -> Result<Self> {
+        let keys = Keys::generate();
+        let client = Client::new(&keys);
+        
+        client.add_relay(relay_url).await?;
+        client.connect().await;
+        
+        // Wait a bit for connection to establish
+        tokio::time::sleep(Duration::from_millis(500)).await;
+        
+        Ok(Self {
+            client,
+            config,
+            keys,
+        })
+    }
+    
+    /// Get the public key for this audit client
+    pub fn public_key(&self) -> PublicKey {
+        self.keys.public_key()
+    }
+    
+    /// Check if connected to relay
+    pub async fn is_connected(&self) -> bool {
+        // Check if we have any connected relays
+        let relays = self.client.relays().await;
+        relays.values().any(|r| r.is_connected())
+    }
+    
+    /// Send an event (with audit tags automatically added)
+    pub async fn send_event(&self, event: Event) -> Result<EventId> {
+        if self.config.read_only {
+            return Err(anyhow!("Client is in read-only mode"));
+        }
+        
+        let event_id = self.client.send_event(event).await?;
+        
+        // Wait a bit for event to propagate
+        tokio::time::sleep(Duration::from_millis(100)).await;
+        
+        Ok(event_id)
+    }
+    
+    /// Create an event builder with audit tags
+    pub fn event_builder(&self, kind: Kind, content: impl Into<String>) -> AuditEventBuilder {
+        AuditEventBuilder::new(kind, content, self.config.clone())
+    }
+    
+    /// Query events, optionally filtered to this audit run
+    pub async fn query(&self, mut filter: Filter) -> Result<Vec<Event>> {
+        if self.config.mode == AuditMode::CI {
+            // In CI mode, only see our own audit events
+            filter = filter
+                .custom_tag(
+                    SingleLetterTag::lowercase(Alphabet::G), 
+                    ["true"]  // grasp-audit tag
+                )
+                .custom_tag(
+                    SingleLetterTag::lowercase(Alphabet::R), 
+                    [&self.config.run_id]  // audit-run-id tag
+                );
+        }
+        // In Production mode, see all events (no filter modification)
+        
+        let events = self.client
+            .get_events_of(vec![filter], Some(Duration::from_secs(5)))
+            .await?;
+        
+        Ok(events)
+    }
+    
+    /// Subscribe to events with a callback
+    pub async fn subscribe(
+        &self,
+        filters: Vec<Filter>,
+        timeout: Option<Duration>,
+    ) -> Result<Vec<Event>> {
+        let events = self.client
+            .get_events_of(filters, timeout)
+            .await?;
+        
+        Ok(events)
+    }
+    
+    /// Get the underlying nostr client (for advanced usage)
+    pub fn client(&self) -> &Client {
+        &self.client
+    }
+    
+    /// Get the keys (for signing custom events)
+    pub fn keys(&self) -> &Keys {
+        &self.keys
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    
+    #[tokio::test]
+    async fn test_client_creation() {
+        let config = AuditConfig::ci();
+        
+        // This will fail if no relay is running, which is expected in tests
+        // In real usage, there should be a relay at the URL
+        let result = AuditClient::new("ws://localhost:7000", config).await;
+        
+        // We can't test connection without a running relay
+        // But we can test that the client is created
+        if let Ok(client) = result {
+            assert_eq!(client.config.mode, AuditMode::CI);
+        }
+    }
+    
+    #[test]
+    fn test_event_builder() {
+        let config = AuditConfig::ci();
+        let keys = Keys::generate();
+        let client = AuditClient {
+            client: Client::new(&keys),
+            config: config.clone(),
+            keys: keys.clone(),
+        };
+        
+        let builder = client.event_builder(Kind::TextNote, "test content");
+        
+        // Builder should have the config
+        assert_eq!(builder.config.run_id, config.run_id);
+    }
+}
diff --git a/grasp-audit/src/isolation.rs b/grasp-audit/src/isolation.rs
new file mode 100644
index 0000000..298781a
--- /dev/null
+++ b/grasp-audit/src/isolation.rs
@@ -0,0 +1,57 @@
+//! Test isolation utilities
+
+use std::sync::atomic::{AtomicU64, Ordering};
+
+static TEST_COUNTER: AtomicU64 = AtomicU64::new(0);
+
+/// Generate a unique test ID
+pub fn generate_test_id() -> String {
+    let counter = TEST_COUNTER.fetch_add(1, Ordering::SeqCst);
+    let timestamp = std::time::SystemTime::now()
+        .duration_since(std::time::UNIX_EPOCH)
+        .unwrap()
+        .as_secs();
+    
+    format!("test-{}-{}", timestamp, counter)
+}
+
+/// Generate a unique audit run ID for CI
+pub fn generate_ci_run_id() -> String {
+    format!("ci-{}", uuid::Uuid::new_v4())
+}
+
+/// Generate a unique audit run ID for production
+pub fn generate_prod_run_id() -> String {
+    let timestamp = std::time::SystemTime::now()
+        .duration_since(std::time::UNIX_EPOCH)
+        .unwrap()
+        .as_secs();
+    
+    format!("prod-audit-{}", timestamp)
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    
+    #[test]
+    fn test_generate_test_id() {
+        let id1 = generate_test_id();
+        let id2 = generate_test_id();
+        
+        assert_ne!(id1, id2);
+        assert!(id1.starts_with("test-"));
+    }
+    
+    #[test]
+    fn test_generate_ci_run_id() {
+        let id = generate_ci_run_id();
+        assert!(id.starts_with("ci-"));
+    }
+    
+    #[test]
+    fn test_generate_prod_run_id() {
+        let id = generate_prod_run_id();
+        assert!(id.starts_with("prod-audit-"));
+    }
+}
diff --git a/grasp-audit/src/lib.rs b/grasp-audit/src/lib.rs
new file mode 100644
index 0000000..3a6404f
--- /dev/null
+++ b/grasp-audit/src/lib.rs
@@ -0,0 +1,43 @@
+//! GRASP Audit Tool
+//!
+//! A reusable compliance and audit testing tool for GRASP protocol implementations.
+//!
+//! # Features
+//!
+//! - **Isolated Testing**: Tests run in parallel with unique audit IDs
+//! - **Production Audit**: Test live services with minimal impact
+//! - **Clean Audit Events**: Special tags for easy cleanup without deletion trails
+//! - **Spec-Mirrored Tests**: Test structure matches GRASP protocol exactly
+//!
+//! # Usage
+//!
+//! ```no_run
+//! use grasp_audit::*;
+//!
+//! #[tokio::main]
+//! async fn main() -> Result<(), Box<dyn std::error::Error>> {
+//!     // Create audit client for CI testing
+//!     let config = AuditConfig::ci();
+//!     let client = AuditClient::new("ws://localhost:7000", config).await?;
+//!     
+//!     // Run smoke tests
+//!     let results = specs::nip01_smoke::Nip01SmokeTests::run_all(&client).await;
+//!     results.print_report();
+//!     
+//!     Ok(())
+//! }
+//! ```
+
+pub mod audit;
+pub mod client;
+pub mod isolation;
+pub mod result;
+pub mod specs;
+
+pub use audit::{AuditConfig, AuditMode};
+pub use client::AuditClient;
+pub use result::{AuditResult, TestResult};
+
+// Re-export commonly used types
+pub use anyhow::{anyhow, Result};
+pub use nostr_sdk::prelude::*;
diff --git a/grasp-audit/src/result.rs b/grasp-audit/src/result.rs
new file mode 100644
index 0000000..f591304
--- /dev/null
+++ b/grasp-audit/src/result.rs
@@ -0,0 +1,189 @@
+//! Test result types
+
+use std::time::{Duration, Instant};
+
+/// Result of a single test
+#[derive(Debug, Clone)]
+pub struct TestResult {
+    pub name: String,
+    pub spec_ref: String,
+    pub requirement: String,
+    pub passed: bool,
+    pub error: Option<String>,
+    pub duration: Duration,
+}
+
+impl TestResult {
+    /// Create a new test result
+    pub fn new(name: &str, spec_ref: &str, requirement: &str) -> Self {
+        TestResult {
+            name: name.to_string(),
+            spec_ref: spec_ref.to_string(),
+            requirement: requirement.to_string(),
+            passed: false,
+            error: None,
+            duration: Duration::default(),
+        }
+    }
+    
+    /// Run a test function and capture the result
+    pub async fn run<F, Fut>(mut self, test_fn: F) -> Self
+    where
+        F: FnOnce() -> Fut,
+        Fut: std::future::Future<Output = Result<(), String>>,
+    {
+        let start = Instant::now();
+        
+        match test_fn().await {
+            Ok(()) => {
+                self.passed = true;
+            }
+            Err(e) => {
+                self.passed = false;
+                self.error = Some(e);
+            }
+        }
+        
+        self.duration = start.elapsed();
+        self
+    }
+    
+    /// Mark test as passed
+    pub fn pass(mut self) -> Self {
+        self.passed = true;
+        self
+    }
+    
+    /// Mark test as failed with error
+    pub fn fail(mut self, error: impl Into<String>) -> Self {
+        self.passed = false;
+        self.error = Some(error.into());
+        self
+    }
+}
+
+/// Collection of test results for a spec
+#[derive(Debug, Clone)]
+pub struct AuditResult {
+    pub spec: String,
+    pub results: Vec<TestResult>,
+}
+
+impl AuditResult {
+    /// Create a new audit result
+    pub fn new(spec: impl Into<String>) -> Self {
+        Self {
+            spec: spec.into(),
+            results: Vec::new(),
+        }
+    }
+    
+    /// Add a test result
+    pub fn add(&mut self, result: TestResult) {
+        self.results.push(result);
+    }
+    
+    /// Merge another audit result
+    pub fn merge(&mut self, other: AuditResult) {
+        self.results.extend(other.results);
+    }
+    
+    /// Check if all tests passed
+    pub fn all_passed(&self) -> bool {
+        self.results.iter().all(|r| r.passed)
+    }
+    
+    /// Get count of passed tests
+    pub fn passed_count(&self) -> usize {
+        self.results.iter().filter(|r| r.passed).count()
+    }
+    
+    /// Get count of failed tests
+    pub fn failed_count(&self) -> usize {
+        self.results.iter().filter(|r| !r.passed).count()
+    }
+    
+    /// Get total count of tests
+    pub fn total_count(&self) -> usize {
+        self.results.len()
+    }
+    
+    /// Print a detailed report
+    pub fn print_report(&self) {
+        println!("\n{}", self.spec);
+        println!("{}", "═".repeat(60));
+        println!();
+        
+        let passed = self.passed_count();
+        let total = self.total_count();
+        
+        for result in &self.results {
+            let status = if result.passed { "✓" } else { "✗" };
+            
+            println!("{} {} ({})", status, result.name, result.spec_ref);
+            println!("  Requirement: {}", result.requirement);
+            
+            if let Some(error) = &result.error {
+                println!("  Error: {}", error);
+            }
+            
+            println!("  Duration: {:?}", result.duration);
+            println!();
+        }
+        
+        println!("Results: {}/{} passed ({:.1}%)", 
+            passed, 
+            total,
+            (passed as f64 / total as f64) * 100.0
+        );
+        println!();
+    }
+    
+    /// Get a summary string
+    pub fn summary(&self) -> String {
+        format!(
+            "{}: {}/{} passed",
+            self.spec,
+            self.passed_count(),
+            self.total_count()
+        )
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    
+    #[tokio::test]
+    async fn test_result_pass() {
+        let result = TestResult::new("test", "SPEC:1", "Must work")
+            .run(|| async { Ok(()) })
+            .await;
+        
+        assert!(result.passed);
+        assert!(result.error.is_none());
+    }
+    
+    #[tokio::test]
+    async fn test_result_fail() {
+        let result = TestResult::new("test", "SPEC:1", "Must work")
+            .run(|| async { Err("Failed".to_string()) })
+            .await;
+        
+        assert!(!result.passed);
+        assert_eq!(result.error, Some("Failed".to_string()));
+    }
+    
+    #[test]
+    fn test_audit_result() {
+        let mut audit = AuditResult::new("Test Spec");
+        
+        audit.add(TestResult::new("test1", "SPEC:1", "Req1").pass());
+        audit.add(TestResult::new("test2", "SPEC:2", "Req2").fail("Error"));
+        
+        assert_eq!(audit.total_count(), 2);
+        assert_eq!(audit.passed_count(), 1);
+        assert_eq!(audit.failed_count(), 1);
+        assert!(!audit.all_passed());
+    }
+}
diff --git a/grasp-audit/src/specs/mod.rs b/grasp-audit/src/specs/mod.rs
new file mode 100644
index 0000000..451ea1f
--- /dev/null
+++ b/grasp-audit/src/specs/mod.rs
@@ -0,0 +1,5 @@
+//! Test specifications
+
+pub mod nip01_smoke;
+
+pub use nip01_smoke::Nip01SmokeTests;
diff --git a/grasp-audit/src/specs/nip01_smoke.rs b/grasp-audit/src/specs/nip01_smoke.rs
new file mode 100644
index 0000000..fc3ec29
--- /dev/null
+++ b/grasp-audit/src/specs/nip01_smoke.rs
@@ -0,0 +1,303 @@
+//! NIP-01 Smoke Tests
+//!
+//! These tests verify basic Nostr relay functionality.
+//! We don't comprehensively test NIP-01 because rust-nostr already has 1000+ tests.
+//! These are just smoke tests to ensure the relay is working at all.
+
+use crate::{AuditClient, AuditResult, TestResult};
+use nostr_sdk::prelude::*;
+
+pub struct Nip01SmokeTests;
+
+impl Nip01SmokeTests {
+    /// Run all NIP-01 smoke tests
+    pub async fn run_all(client: &AuditClient) -> AuditResult {
+        let mut results = AuditResult::new("NIP-01 Smoke Tests");
+        
+        // Run tests in parallel
+        let tests = vec![
+            Self::test_websocket_connection(client),
+            Self::test_send_receive_event(client),
+            Self::test_create_subscription(client),
+            Self::test_close_subscription(client),
+            Self::test_reject_invalid_signature(client),
+            Self::test_reject_invalid_event_id(client),
+        ];
+        
+        let test_results = futures::future::join_all(tests).await;
+        
+        for result in test_results {
+            results.add(result);
+        }
+        
+        results
+    }
+    
+    /// Test 1: Can establish WebSocket connection
+    ///
+    /// Spec: NIP-01 basic requirement
+    /// Requirement: MUST serve a relay at / via WebSocket
+    async fn test_websocket_connection(client: &AuditClient) -> TestResult {
+        TestResult::new(
+            "websocket_connection",
+            "NIP-01:basic",
+            "Can establish WebSocket connection to /",
+        )
+        .run(|| async {
+            if !client.is_connected().await {
+                return Err("Failed to connect to relay".to_string());
+            }
+            
+            Ok(())
+        })
+        .await
+    }
+    
+    /// Test 2: Can send EVENT and receive OK response
+    ///
+    /// Spec: NIP-01 EVENT message
+    /// Requirement: Relay MUST accept valid EVENT messages
+    async fn test_send_receive_event(client: &AuditClient) -> TestResult {
+        TestResult::new(
+            "send_receive_event",
+            "NIP-01:event-message",
+            "Can send EVENT and receive OK response",
+        )
+        .run(|| async {
+            // Create audit event
+            let event = client
+                .event_builder(Kind::TextNote, "NIP-01 smoke test event")
+                .build(client.keys())
+                .await
+                .map_err(|e| format!("Failed to build event: {}", e))?;
+            
+            // Send event
+            let event_id = client
+                .send_event(event.clone())
+                .await
+                .map_err(|e| format!("Failed to send event: {}", e))?;
+            
+            // Verify we got an event ID back
+            if event_id != event.id {
+                return Err(format!(
+                    "Event ID mismatch: sent {}, got {}",
+                    event.id, event_id
+                ));
+            }
+            
+            // Try to query it back
+            let filter = Filter::new()
+                .kind(Kind::TextNote)
+                .id(event_id);
+            
+            let events = client
+                .query(filter)
+                .await
+                .map_err(|e| format!("Failed to query event: {}", e))?;
+            
+            if events.is_empty() {
+                return Err("Event not found after sending".to_string());
+            }
+            
+            if events[0].id != event_id {
+                return Err("Retrieved event has different ID".to_string());
+            }
+            
+            Ok(())
+        })
+        .await
+    }
+    
+    /// Test 3: Can create subscription with REQ
+    ///
+    /// Spec: NIP-01 REQ message
+    /// Requirement: Relay MUST support REQ subscriptions
+    async fn test_create_subscription(client: &AuditClient) -> TestResult {
+        TestResult::new(
+            "create_subscription",
+            "NIP-01:req-message",
+            "Can create subscription with REQ and receive EOSE",
+        )
+        .run(|| async {
+            // Create a test event first
+            let event = client
+                .event_builder(Kind::TextNote, "Subscription test event")
+                .build(client.keys())
+                .await
+                .map_err(|e| format!("Failed to build event: {}", e))?;
+            
+            client
+                .send_event(event.clone())
+                .await
+                .map_err(|e| format!("Failed to send event: {}", e))?;
+            
+            // Subscribe to events
+            let filter = Filter::new()
+                .kind(Kind::TextNote)
+                .author(client.public_key());
+            
+            let events = client
+                .subscribe(vec![filter], Some(std::time::Duration::from_secs(5)))
+                .await
+                .map_err(|e| format!("Failed to subscribe: {}", e))?;
+            
+            // Should have at least our event
+            if events.is_empty() {
+                return Err("No events received from subscription".to_string());
+            }
+            
+            Ok(())
+        })
+        .await
+    }
+    
+    /// Test 4: Can close subscription with CLOSE
+    ///
+    /// Spec: NIP-01 CLOSE message
+    /// Requirement: Relay MUST support CLOSE to end subscriptions
+    async fn test_close_subscription(client: &AuditClient) -> TestResult {
+        TestResult::new(
+            "close_subscription",
+            "NIP-01:close-message",
+            "Can close subscriptions",
+        )
+        .run(|| async {
+            // For now, we just verify we can query events
+            // Full subscription management with CLOSE would require
+            // lower-level WebSocket access
+            
+            let filter = Filter::new()
+                .kind(Kind::TextNote)
+                .limit(1);
+            
+            let _events = client
+                .subscribe(vec![filter], Some(std::time::Duration::from_secs(2)))
+                .await
+                .map_err(|e| format!("Failed to subscribe: {}", e))?;
+            
+            // If we got here, subscription worked
+            Ok(())
+        })
+        .await
+    }
+    
+    /// Test 5: Rejects events with invalid signatures
+    ///
+    /// Spec: NIP-01 event validation
+    /// Requirement: Relay MUST reject events with invalid signatures
+    async fn test_reject_invalid_signature(client: &AuditClient) -> TestResult {
+        TestResult::new(
+            "reject_invalid_signature",
+            "NIP-01:validation",
+            "Rejects events with invalid signatures",
+        )
+        .run(|| async {
+            // Create a valid event
+            let mut event = client
+                .event_builder(Kind::TextNote, "Invalid signature test")
+                .build(client.keys())
+                .await
+                .map_err(|e| format!("Failed to build event: {}", e))?;
+            
+            // Corrupt the signature by creating a new event with wrong sig
+            // We'll use a different key to sign, creating an invalid signature
+            let wrong_keys = Keys::generate();
+            let wrong_event = EventBuilder::new(
+                event.kind,
+                event.content.clone(),
+                event.tags.clone(),
+            )
+            .to_event(&wrong_keys)
+            .await
+            .map_err(|e| format!("Failed to build wrong event: {}", e))?;
+            
+            // Create event with mismatched pubkey and signature
+            // This should be rejected by the relay
+            event = Event {
+                id: event.id,
+                pubkey: event.pubkey,
+                created_at: event.created_at,
+                kind: event.kind,
+                tags: event.tags,
+                content: event.content,
+                sig: wrong_event.sig, // Wrong signature!
+            };
+            
+            // Try to send the invalid event
+            let result = client.send_event(event).await;
+            
+            // We expect this to fail
+            if result.is_ok() {
+                return Err("Relay accepted event with invalid signature".to_string());
+            }
+            
+            Ok(())
+        })
+        .await
+    }
+    
+    /// Test 6: Rejects events with invalid event IDs
+    ///
+    /// Spec: NIP-01 event ID validation
+    /// Requirement: Relay MUST reject events where ID doesn't match hash
+    async fn test_reject_invalid_event_id(client: &AuditClient) -> TestResult {
+        TestResult::new(
+            "reject_invalid_event_id",
+            "NIP-01:validation",
+            "Rejects events with invalid event IDs",
+        )
+        .run(|| async {
+            // Create a valid event
+            let mut event = client
+                .event_builder(Kind::TextNote, "Invalid ID test")
+                .build(client.keys())
+                .await
+                .map_err(|e| format!("Failed to build event: {}", e))?;
+            
+            // Corrupt the ID
+            event = Event {
+                id: EventId::all_zeros(), // Wrong ID!
+                pubkey: event.pubkey,
+                created_at: event.created_at,
+                kind: event.kind,
+                tags: event.tags,
+                content: event.content,
+                sig: event.sig,
+            };
+            
+            // Try to send the invalid event
+            let result = client.send_event(event).await;
+            
+            // We expect this to fail
+            if result.is_ok() {
+                return Err("Relay accepted event with invalid ID".to_string());
+            }
+            
+            Ok(())
+        })
+        .await
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::AuditConfig;
+    
+    // Note: These tests require a running relay
+    // They are integration tests, not unit tests
+    
+    #[tokio::test]
+    #[ignore] // Ignore by default since it needs a running relay
+    async fn test_smoke_tests_against_relay() {
+        let config = AuditConfig::ci();
+        let client = AuditClient::new("ws://localhost:7000", config)
+            .await
+            .expect("Failed to connect to relay");
+        
+        let results = Nip01SmokeTests::run_all(&client).await;
+        results.print_report();
+        
+        assert!(results.all_passed(), "Some smoke tests failed");
+    }
+}