up the blokcing tasks

ops/crypto/sim-crypto-smoke/Program.cs

@@ -0,0 +1,85 @@
+using System.Net.Http.Json;
+using System.Text.Json.Serialization;
+
+var baseUrl = Environment.GetEnvironmentVariable("STELLAOPS_CRYPTO_SIM_URL") ?? "http://localhost:8080";
+var algList = Environment.GetEnvironmentVariable("SIM_ALGORITHMS")?
+    .Split(',', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries)
+    : new[] { "SM2", "pq.sim", "ES256" };
+
+using var client = new HttpClient { BaseAddress = new Uri(baseUrl) };
+
+static async Task<(bool Ok, string Error)> SignAndVerify(HttpClient client, string algorithm, string message, CancellationToken ct)
+{
+    var signPayload = new SignRequest(message, algorithm);
+    var signResponse = await client.PostAsJsonAsync("/sign", signPayload, ct).ConfigureAwait(false);
+    if (!signResponse.IsSuccessStatusCode)
+    {
+        return (false, $"sign failed: {(int)signResponse.StatusCode} {signResponse.ReasonPhrase}");
+    }
+
+    var signResult = await signResponse.Content.ReadFromJsonAsync<SignResponse>(cancellationToken: ct).ConfigureAwait(false);
+    if (signResult is null || string.IsNullOrWhiteSpace(signResult.SignatureBase64))
+    {
+        return (false, "sign returned empty payload");
+    }
+
+    var verifyPayload = new VerifyRequest(message, signResult.SignatureBase64, algorithm);
+    var verifyResponse = await client.PostAsJsonAsync("/verify", verifyPayload, ct).ConfigureAwait(false);
+    if (!verifyResponse.IsSuccessStatusCode)
+    {
+        return (false, $"verify failed: {(int)verifyResponse.StatusCode} {verifyResponse.ReasonPhrase}");
+    }
+
+    var verifyResult = await verifyResponse.Content.ReadFromJsonAsync<VerifyResponse>(cancellationToken: ct).ConfigureAwait(false);
+    if (verifyResult?.Ok is not true)
+    {
+        return (false, "verify returned false");
+    }
+
+    return (true, "");
+}
+
+var cts = new CancellationTokenSource(TimeSpan.FromSeconds(20));
+var failures = new List<string>();
+
+foreach (var alg in algList)
+{
+    var (ok, error) = await SignAndVerify(client, alg, "stellaops-sim-smoke", cts.Token);
+    if (!ok)
+    {
+        failures.Add($"{alg}: {error}");
+        continue;
+    }
+
+    Console.WriteLine($"[ok] {alg} via {baseUrl}");
+}
+
+if (failures.Count > 0)
+{
+    Console.Error.WriteLine("Simulation smoke failed:");
+    foreach (var f in failures)
+    {
+        Console.Error.WriteLine($" - {f}");
+    }
+
+    Environment.Exit(1);
+}
+
+Console.WriteLine("Simulation smoke passed.");
+
+internal sealed record SignRequest(
+    [property: JsonPropertyName("message")] string Message,
+    [property: JsonPropertyName("algorithm")] string Algorithm);
+
+internal sealed record SignResponse(
+    [property: JsonPropertyName("signature_b64")] string SignatureBase64,
+    [property: JsonPropertyName("algorithm")] string Algorithm);
+
+internal sealed record VerifyRequest(
+    [property: JsonPropertyName("message")] string Message,
+    [property: JsonPropertyName("signature_b64")] string SignatureBase64,
+    [property: JsonPropertyName("algorithm")] string Algorithm);
+
+internal sealed record VerifyResponse(
+    [property: JsonPropertyName("ok")] bool Ok,
+    [property: JsonPropertyName("algorithm")] string Algorithm);