Add shared receipt fixtures and cross-SDK verification test suites

[GsCommand]

Motivation

• Provide a production-grade, cross-SDK test harness for receipt verification covering ENS resolution, signature/key parsing, canonicalization, and edge cases.
• Centralize deterministic test vectors (valid + invalid receipts, expected hash and public key) so TypeScript and Python SDKs exercise the same fixtures.
• Add runtime-style tests to validate ENS delegation and key rotation behavior end-to-end against mocked TXT records.

Description

• Added a shared test_vectors/ directory with fixtures: receipt_valid.json, receipt_invalid_sig.json, receipt_wrong_kid.json, receipt_malformed_pubkey.json, receipt_valid_v1.json, expected_hash.txt, and public_key_base64.txt.
• Introduced Node runtime tests under runtime/tests/ (ens-resolution.test.mjs, key-resolution.test.mjs, receipt-verification.test.mjs, key-rotation.test.mjs) that exercise ENS TXT resolution and receipt verification using the shared fixtures.
• Added TypeScript SDK tests and helpers under typescript-sdk/tests/ (helpers.mjs, ens-delegation.test.mjs, canonicalization.test.mjs, security-cases.test.mjs) and a small test runner typescript-sdk/scripts/template-tests.mjs to run runtime + SDK template suites via node --test.
• Added a Python verification test suite python-sdk/tests/test_verification.py that consumes the shared fixtures and checks parsing, ENS lookup failure modes, malformed keys, and wrong-kid policy checks.
• Updated typescript-sdk/package.json scripts so unit tests build first and include the new template test runner (test:unit now runs build + unit + template suites) and added test:template.

Testing

• Ran npm test in typescript-sdk/ which builds the package, runs unit assertions and the template runner (runtime + TS template suites) and completed successfully with all template and unit checks passing.
• Ran pytest in python-sdk/ with the new test_verification.py file and the suite passed (17 passed, 1 warning).
• The Node runtime tests were executed via the template runner (node --test) and passed against the mocked ENS helper resolver.

---

Codex Task

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f0e9867b04

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Exercise key rotation in key-rotation test

This test never simulates a rotated key: it only loads a v1 receipt and verifies it with a fixed v1 public key, without ENS lookup or any v2 key state. As a result, regressions in key-rotation behavior (for example, resolver behavior when a newer key/kid is present) would still pass while this test claims to validate the post-rotation path, which gives false confidence for a security-sensitive flow.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Trigger CI when shared fixture files change

The new test helpers now depend on repo-root test_vectors, but the current workflow path filters I checked (.github/workflows/typescript-sdk-cli-smoke.yml and .github/workflows/python-sdk-tests.yml) only trigger on typescript-sdk/** and python-sdk/**. A change that touches only test_vectors/* will skip both SDK test jobs, so broken shared fixtures can merge without validation and fail later on unrelated PRs.

Useful? React with 👍 / 👎.