Harden NEG session handling and gate feature wiring

test/parrhesia/application_test.exs

@@ -18,6 +18,15 @@ defmodule Parrhesia.ApplicationTest do
            end)
 
     assert is_pid(Process.whereis(Parrhesia.Auth.Challenges))
-    assert is_pid(Process.whereis(Parrhesia.Negentropy.Sessions))
+
+    if negentropy_enabled?() do
+      assert is_pid(Process.whereis(Parrhesia.Negentropy.Sessions))
+    end
+  end
+
+  defp negentropy_enabled? do
+    :parrhesia
+    |> Application.get_env(:features, [])
+    |> Keyword.get(:nip_77_negentropy, true)
   end
 end

test/parrhesia/negentropy/sessions_test.exs

@@ -15,4 +15,39 @@ defmodule Parrhesia.Negentropy.SessionsTest do
     assert :ok = Sessions.close(server, self(), "sub-neg")
     assert {:error, :unknown_session} = Sessions.message(server, self(), "sub-neg", %{})
   end
+
+  test "rejects oversized NEG payloads" do
+    server =
+      start_supervised!(
+        {Sessions,
+         name: nil,
+         max_payload_bytes: 32,
+         max_sessions_per_owner: 8,
+         max_total_sessions: 16,
+         max_idle_seconds: 60,
+         sweep_interval_seconds: 60}
+      )
+
+    assert {:error, :payload_too_large} =
+             Sessions.open(server, self(), "sub-neg", %{"delta" => String.duplicate("a", 256)})
+  end
+
+  test "enforces per-owner session limits" do
+    server =
+      start_supervised!(
+        {Sessions,
+         name: nil,
+         max_payload_bytes: 1024,
+         max_sessions_per_owner: 1,
+         max_total_sessions: 16,
+         max_idle_seconds: 60,
+         sweep_interval_seconds: 60}
+      )
+
+    assert {:ok, %{"status" => "open", "cursor" => 0}} =
+             Sessions.open(server, self(), "sub-1", %{})
+
+    assert {:error, :owner_session_limit_reached} =
+             Sessions.open(server, self(), "sub-2", %{})
+  end
 end