Core concepts
Primitives shared across all five deep clones.
Tenant isolation (runId)
All vendor API traffic is scoped under {cloneUrl}/t/{runId}/.... Two runs never share state. In the dashboard this is a Session (/sessions).
| Port | Role |
|---|---|
:8000 | Vendor-shaped API |
:9000 | Admin — clock, snapshots, chaos (never public ingress) |
Deterministic IDs
IDs derive from seed + runId via HKDF-SHA256 → ChaCha20:
seed="checkout-v1" + runId="run-42" → always cus_AbCdEf123... first
Re-runs with the same seed produce byte-identical IDs and webhook references.
Virtual clock
| Admin endpoint | Action |
|---|---|
POST /_clone/clock/advance | { duration: "30d" } |
POST /_clone/clock/set | Absolute time |
POST /_clone/clock/pause / resume | Freeze / resume |
await clone.advanceClock("30d"); // trial expiry, dunning, OTP TTL
World snapshots pause all clones before saving.
Snapshot and restore
const blob = await clone.snapshot();
await clone.restore(blob);
- Format: gzip JSON, schema-versioned (
molar/clones-stripe@v1) - Chaos rules persist in snapshot state
- World snapshot: Molar API PAUSE → snapshot each → RESUME
import { world } from "@molar/clones";
const registry = world.localRegistry([stripeClone, emailClone]);
await world.snapshot(registry, runId, "checkpoint");
Destructive-call refusal
The SDK blocks live vendor hosts + live key patterns before network I/O:
- Hosts:
api.stripe.com,api.twilio.com,amazonaws.com, … - Keys:
sk_live_, production Twilio SIDs, …
Escape hatch (intentional only): MOLAR_DESTRUCTIVE_ALLOW=1
Chaos injection
await clone.injectError({ path: "/v1/charges", method: "POST", status: 402, rate: 1.0 });
await clone.injectLatency({ path: "*", p50: 100, p99: 2000 });
Webhooks
Vendor-correct signing: Stripe HMAC-SHA256, Twilio HMAC-SHA1, Svix for Clerk/Resend. Keys: HKDF(seed, "webhook-secret").
await clone.expectWebhookFired("checkout.session.completed", 30_000);