0nmcp 2.0.0 → 2.2.0

package/vault/deed-importer.js

@@ -0,0 +1,277 @@
+// ============================================================
+// 0nMCP — Vault: Deed Importer
+// ============================================================
+// Writes decrypted deed contents back to live system config.
+// Generates .0n connection files, .env files, MCP platform
+// configs, and restores workflows and AI brain data.
+//
+// Patent Pending: US Provisional Patent Application #63/990,046
+// ============================================================
+
+import { existsSync, mkdirSync, writeFileSync, readdirSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+
+const DOT_ON = join(homedir(), ".0n");
+const CONNECTIONS_DIR = join(DOT_ON, "connections");
+const WORKFLOWS_DIR = join(DOT_ON, "workflows");
+const BRAIN_DIR = join(DOT_ON, "brain");
+
+function ensureDir(dir) {
+  if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
+}
+
+// ── Write .0n Connection Files ──────────────────────────────
+
+/**
+ * Write service credentials as .0n connection files.
+ *
+ * @param {Object} credentials - { service: { field: value } }
+ * @param {string} dir - Target connections directory
+ * @returns {{ written: string[], skipped: string[] }}
+ */
+function writeConnectionFiles(credentials, dir) {
+  ensureDir(dir);
+  const written = [];
+  const skipped = [];
+
+  for (const [service, creds] of Object.entries(credentials)) {
+    try {
+      const connection = {
+        $0n: {
+          type: "connection",
+          version: "1.0.0",
+          service,
+          created: new Date().toISOString(),
+          source: "business_deed_import",
+        },
+        credentials: creds,
+      };
+
+      const filePath = join(dir, `${service}.0n`);
+      writeFileSync(filePath, JSON.stringify(connection, null, 2));
+      written.push(service);
+    } catch (err) {
+      skipped.push(`${service}: ${err.message}`);
+    }
+  }
+
+  return { written, skipped };
+}
+
+// ── Generate .env File ──────────────────────────────────────
+
+/**
+ * Write environment variables to a .env file.
+ *
+ * @param {Object} envVars - { KEY: value }
+ * @param {string} filePath - Output .env path
+ * @returns {{ written: number, file: string }}
+ */
+function writeEnvFile(envVars, filePath) {
+  const lines = [
+    `# Generated by 0nMCP Business Deed Import`,
+    `# ${new Date().toISOString()}`,
+    "",
+  ];
+
+  for (const [key, value] of Object.entries(envVars)) {
+    // Quote values that contain spaces or special chars
+    const needsQuotes = /[\s#"'\\]/.test(value);
+    lines.push(`${key}=${needsQuotes ? `"${value}"` : value}`);
+  }
+
+  writeFileSync(filePath, lines.join("\n") + "\n");
+  return { written: Object.keys(envVars).length, file: filePath };
+}
+
+// ── Write Workflow Files ────────────────────────────────────
+
+/**
+ * Write workflow definitions to ~/.0n/workflows/.
+ *
+ * @param {Array|Object} workflows - Workflow definitions
+ * @param {string} dir - Target workflows directory
+ * @returns {{ written: string[], count: number }}
+ */
+function writeWorkflowFiles(workflows, dir) {
+  ensureDir(dir);
+  const written = [];
+
+  const items = Array.isArray(workflows) ? workflows : [workflows];
+
+  for (const workflow of items) {
+    try {
+      const name = workflow?.$0n?.name || workflow?.name || `workflow-${Date.now()}`;
+      const safeName = name.replace(/[^a-zA-Z0-9_-]/g, "_");
+      const filePath = join(dir, `${safeName}.0n`);
+      writeFileSync(filePath, JSON.stringify(workflow, null, 2));
+      written.push(safeName);
+    } catch {
+      // Skip invalid workflows
+    }
+  }
+
+  return { written, count: written.length };
+}
+
+// ── Write MCP Configs ───────────────────────────────────────
+
+/**
+ * Write MCP platform configurations.
+ *
+ * @param {Object} mcpConfigs - MCP configuration data
+ * @param {string} targetDir - Target directory
+ * @returns {{ written: string[] }}
+ */
+function writeMcpConfigs(mcpConfigs, targetDir) {
+  const written = [];
+
+  if (mcpConfigs.platforms && typeof mcpConfigs.platforms === "object") {
+    for (const [platform, config] of Object.entries(mcpConfigs.platforms)) {
+      try {
+        const filePath = join(targetDir, `mcp-${platform}.json`);
+        writeFileSync(filePath, JSON.stringify(config, null, 2));
+        written.push(platform);
+      } catch {
+        // Skip
+      }
+    }
+  }
+
+  // Write raw config if present
+  if (mcpConfigs.servers) {
+    try {
+      const filePath = join(targetDir, "mcp-config.json");
+      writeFileSync(filePath, JSON.stringify(mcpConfigs, null, 2));
+      written.push("mcp-config");
+    } catch {
+      // Skip
+    }
+  }
+
+  return { written };
+}
+
+// ── Write AI Brain Data ─────────────────────────────────────
+
+/**
+ * Write AI brain data to ~/.0n/brain/.
+ *
+ * @param {Object} aiBrain - AI brain data
+ * @param {string} dir - Target brain directory
+ * @returns {{ written: string[] }}
+ */
+function writeBrainData(aiBrain, dir) {
+  ensureDir(dir);
+  const written = [];
+
+  // Write each brain section as a separate file
+  for (const [section, data] of Object.entries(aiBrain)) {
+    try {
+      const filePath = join(dir, `${section}.json`);
+      writeFileSync(filePath, JSON.stringify(data, null, 2));
+      written.push(section);
+    } catch {
+      // Skip
+    }
+  }
+
+  return { written };
+}
+
+// ── Master Import Function ──────────────────────────────────
+
+/**
+ * Import all deed layers into the live system.
+ *
+ * @param {Object} layers - Decrypted layer data
+ * @param {string} [targetDir] - Base target directory (default: ~/.0n/)
+ * @returns {Object} Import report
+ */
+export function importDeedToSystem(layers, targetDir = null) {
+  const baseDir = targetDir || DOT_ON;
+  const connectionsDir = join(baseDir, "connections");
+  const workflowsDir = join(baseDir, "workflows");
+  const brainDir = join(baseDir, "brain");
+
+  ensureDir(baseDir);
+
+  const report = {
+    success: true,
+    timestamp: new Date().toISOString(),
+    connections: { written: [], skipped: [] },
+    envFile: null,
+    workflows: { written: [], count: 0 },
+    mcpConfigs: { written: [] },
+    brain: { written: [] },
+    siteProfiles: null,
+    deed: null,
+    errors: [],
+  };
+
+  // 1. Import credentials as .0n connection files
+  if (layers.credentials && typeof layers.credentials === "object" && !layers.credentials.error) {
+    try {
+      report.connections = writeConnectionFiles(layers.credentials, connectionsDir);
+    } catch (err) {
+      report.errors.push(`credentials: ${err.message}`);
+    }
+  }
+
+  // 2. Generate .env file from env_vars
+  if (layers.env_vars && typeof layers.env_vars === "object" && !layers.env_vars.error) {
+    try {
+      const envPath = join(baseDir, ".env.deed");
+      report.envFile = writeEnvFile(layers.env_vars, envPath);
+    } catch (err) {
+      report.errors.push(`env_vars: ${err.message}`);
+    }
+  }
+
+  // 3. Write workflows
+  if (layers.workflows && !layers.workflows.error) {
+    try {
+      report.workflows = writeWorkflowFiles(layers.workflows, workflowsDir);
+    } catch (err) {
+      report.errors.push(`workflows: ${err.message}`);
+    }
+  }
+
+  // 4. Write MCP configs
+  if (layers.mcp_configs && typeof layers.mcp_configs === "object" && !layers.mcp_configs.error) {
+    try {
+      report.mcpConfigs = writeMcpConfigs(layers.mcp_configs, baseDir);
+    } catch (err) {
+      report.errors.push(`mcp_configs: ${err.message}`);
+    }
+  }
+
+  // 5. Write site profiles
+  if (layers.site_profiles && typeof layers.site_profiles === "object" && !layers.site_profiles.error) {
+    try {
+      const profilePath = join(baseDir, "site-profiles.json");
+      writeFileSync(profilePath, JSON.stringify(layers.site_profiles, null, 2));
+      report.siteProfiles = { file: profilePath };
+    } catch (err) {
+      report.errors.push(`site_profiles: ${err.message}`);
+    }
+  }
+
+  // 6. Write AI brain data
+  if (layers.ai_brain && typeof layers.ai_brain === "object" && !layers.ai_brain.error) {
+    try {
+      report.brain = writeBrainData(layers.ai_brain, brainDir);
+    } catch (err) {
+      report.errors.push(`ai_brain: ${err.message}`);
+    }
+  }
+
+  // 7. Extract deed metadata from audit_trail
+  if (layers.audit_trail?.deed) {
+    report.deed = layers.audit_trail.deed;
+  }
+
+  report.success = report.errors.length === 0;
+  return report;
+}

package/vault/deed.js

@@ -0,0 +1,319 @@
+// ============================================================
+// 0nMCP — Vault: Business Deed
+// ============================================================
+// Digital Business Asset Transfer System.
+// Packages an entire business's digital assets (API keys, logins,
+// credentials, configurations, workflows, AI prompts) into a
+// single verifiable, transferable, encrypted .0nv container.
+//
+// Lifecycle: CREATE > PACKAGE > ESCROW > ACCEPT > IMPORT > FLIP
+//
+// Patent Pending: US Provisional Patent Application #63/990,046
+// ============================================================
+
+import { join } from "path";
+import { homedir } from "os";
+import { existsSync, mkdirSync } from "fs";
+import { assembleContainer, disassembleContainer, inspectContainer, saveContainer, loadContainer } from "./container.js";
+import { LAYER_NAMES } from "./layers.js";
+import { createSeal } from "./seal.js";
+import { generateSigningKeyPair, sign, sha3Hex } from "./crypto-container.js";
+import { registerTransfer, lookupTransfer } from "./registry.js";
+import { collectCredentials } from "./deed-collector.js";
+import { importDeedToSystem } from "./deed-importer.js";
+
+const VAULT_DIR = join(homedir(), ".0n", "vault");
+const DEED_VERSION = "1.0.0";
+
+function ensureVaultDir() {
+  if (!existsSync(VAULT_DIR)) mkdirSync(VAULT_DIR, { recursive: true });
+}
+
+// ── Deed Metadata Builder ───────────────────────────────────
+
+function buildDeedMetadata(options, services, credentialCount) {
+  return {
+    deed: {
+      version: DEED_VERSION,
+      type: "business_deed",
+      business: {
+        name: options.name || "Unnamed Business",
+        domain: options.domain || null,
+        description: options.description || null,
+        valuation: options.valuation || null,
+        currency: options.currency || "USD",
+      },
+      creator: {
+        name: options.creatorName || null,
+        email: options.creatorEmail || null,
+      },
+      services,
+      credential_count: credentialCount,
+      transfer_history: [],
+      created: new Date().toISOString(),
+    },
+  };
+}
+
+// ── BusinessDeed Class ──────────────────────────────────────
+
+export class BusinessDeed {
+
+  /**
+   * Create a new Business Deed — package credentials into a .0nv file.
+   *
+   * @param {Object} options
+   * @param {string} options.name - Business name
+   * @param {string} [options.domain] - Business domain
+   * @param {string} [options.description] - Business description
+   * @param {number} [options.valuation] - Business valuation
+   * @param {string} [options.currency] - Currency code (default: USD)
+   * @param {string} [options.creatorName] - Creator's name
+   * @param {string} [options.creatorEmail] - Creator's email
+   * @param {Object} [options.credentials] - Pre-structured credentials { service: { field: value } }
+   * @param {Array}  [options.workflows] - Workflow definitions
+   * @param {Object} [options.envVars] - Environment variables
+   * @param {Object} [options.mcpConfigs] - MCP server configurations
+   * @param {Object} [options.siteProfiles] - Site/CRO profiles
+   * @param {Object} [options.aiBrain] - AI agent data, prompts, memory
+   * @param {string} options.passphrase - Encryption passphrase
+   * @param {string} [options.output] - Output file path
+   * @param {Array}  [options.escrowParties] - Escrow party definitions
+   * @param {Object} [options.accessMatrix] - Per-party layer access
+   * @returns {Promise<Object>} Created deed info
+   */
+  async create(options) {
+    const {
+      credentials = {},
+      workflows = [],
+      envVars = {},
+      mcpConfigs = {},
+      siteProfiles = {},
+      aiBrain = {},
+      passphrase,
+      output,
+      escrowParties = [],
+      accessMatrix = {},
+    } = options;
+
+    if (!passphrase) throw new Error("Passphrase is required");
+
+    // Determine services from credentials
+    const services = Object.keys(credentials);
+    const credentialCount = services.reduce((sum, svc) => sum + Object.keys(credentials[svc]).length, 0);
+
+    // Build deed metadata
+    const deedMeta = buildDeedMetadata(options, services, credentialCount);
+
+    // Assemble all 7 layers
+    const layers = {};
+    if (workflows.length > 0) layers.workflows = workflows;
+    if (Object.keys(credentials).length > 0) layers.credentials = credentials;
+    if (Object.keys(envVars).length > 0) layers.env_vars = envVars;
+    if (Object.keys(mcpConfigs).length > 0) layers.mcp_configs = mcpConfigs;
+    if (Object.keys(siteProfiles).length > 0) layers.site_profiles = siteProfiles;
+    if (Object.keys(aiBrain).length > 0) layers.ai_brain = aiBrain;
+
+    // Audit trail always includes deed metadata
+    layers.audit_trail = deedMeta;
+
+    // Ensure at least credentials or some layer has data
+    if (Object.keys(layers).length <= 1) {
+      throw new Error("Deed must contain at least one data layer (credentials, workflows, env_vars, etc.)");
+    }
+
+    const result = await assembleContainer({
+      layers,
+      passphrase,
+      escrowParties,
+      accessMatrix,
+      metadata: { type: "business_deed", business: options.name },
+    });
+
+    // Save to file
+    ensureVaultDir();
+    const filePath = output || join(VAULT_DIR, `deed-${result.transferId}.0nv`);
+    const savedPath = saveContainer(result.buffer, filePath);
+
+    return {
+      file: savedPath,
+      transferId: result.transferId,
+      sealHex: result.sealHex,
+      publicKey: result.publicKey.toString("hex"),
+      services,
+      credentialCount,
+      layerCount: result.layerCount,
+      layers: result.layers,
+      containerSize: result.buffer.length,
+      business: deedMeta.deed.business,
+      timestamp: new Date(result.timestamp).toISOString(),
+    };
+  }
+
+  /**
+   * Open a deed — decrypt and return all layer data.
+   *
+   * @param {string} filePath - Path to .0nv file
+   * @param {string} passphrase - Decryption passphrase
+   * @param {string[]} [onlyLayers] - Only decrypt these layers
+   * @returns {Promise<Object>}
+   */
+  async open(filePath, passphrase, onlyLayers = null) {
+    const buffer = loadContainer(filePath);
+    const result = await disassembleContainer(buffer, passphrase, onlyLayers);
+
+    // Extract deed metadata from audit_trail
+    const deedMeta = result.layers.audit_trail?.deed || null;
+
+    return {
+      ...result,
+      deed: deedMeta,
+    };
+  }
+
+  /**
+   * Inspect a deed without decrypting — metadata + seal only.
+   *
+   * @param {string} filePath
+   * @returns {Object}
+   */
+  inspect(filePath) {
+    const buffer = loadContainer(filePath);
+    const info = inspectContainer(buffer);
+
+    // Check registry for transfer history
+    const transfer = lookupTransfer(info.metadata.transferId);
+
+    return {
+      ...info,
+      type: "business_deed",
+      transfer: transfer.found ? transfer.transfer : null,
+    };
+  }
+
+  /**
+   * Verify deed integrity — Seal of Truth + Ed25519 signature.
+   *
+   * @param {string} filePath
+   * @returns {Object}
+   */
+  verify(filePath) {
+    const buffer = loadContainer(filePath);
+    const info = inspectContainer(buffer);
+    const transfer = lookupTransfer(info.metadata.transferId);
+
+    return {
+      verified: info.seal.valid && info.signature.valid,
+      seal: info.seal,
+      signature: info.signature,
+      transferId: info.metadata.transferId,
+      created: info.metadata.created,
+      transfer: transfer.found ? transfer.transfer : null,
+      patent: info.patent,
+    };
+  }
+
+  /**
+   * Accept a deed transfer — buyer signs acceptance with chain of custody.
+   * Opens the deed, records the acceptance in the audit trail,
+   * and creates a new container with updated transfer history.
+   *
+   * @param {string} filePath - Path to .0nv deed
+   * @param {string} passphrase - Deed passphrase
+   * @param {Object} buyer - { name, email }
+   * @param {string} [newPassphrase] - Optional new passphrase for re-encrypted deed
+   * @param {string} [outputPath] - Optional output path for accepted deed
+   * @returns {Promise<Object>}
+   */
+  async accept(filePath, passphrase, buyer, newPassphrase = null, outputPath = null) {
+    // Open existing deed
+    const buffer = loadContainer(filePath);
+    const result = await disassembleContainer(buffer, passphrase);
+
+    if (!result.seal.valid || !result.signature.valid) {
+      throw new Error("Cannot accept deed — seal or signature verification failed");
+    }
+
+    const deedMeta = result.layers.audit_trail?.deed;
+    if (!deedMeta) {
+      throw new Error("Not a valid business deed — no deed metadata found in audit_trail");
+    }
+
+    // Record acceptance in transfer history
+    const acceptanceRecord = {
+      action: "accept",
+      from: deedMeta.creator,
+      to: { name: buyer.name, email: buyer.email },
+      timestamp: new Date().toISOString(),
+      originalSeal: result.seal.hash,
+      originalTransferId: result.metadata.transferId,
+    };
+
+    deedMeta.transfer_history.push(acceptanceRecord);
+    deedMeta.creator = { name: buyer.name, email: buyer.email };
+    result.layers.audit_trail.deed = deedMeta;
+
+    // Re-create container with updated audit trail (optionally with new passphrase)
+    const usePassphrase = newPassphrase || passphrase;
+    const newResult = await assembleContainer({
+      layers: result.layers,
+      passphrase: usePassphrase,
+      metadata: { type: "business_deed_accepted", buyer: buyer.name },
+    });
+
+    ensureVaultDir();
+    const outPath = outputPath || join(VAULT_DIR, `deed-accepted-${newResult.transferId}.0nv`);
+    const savedPath = saveContainer(newResult.buffer, outPath);
+
+    return {
+      file: savedPath,
+      transferId: newResult.transferId,
+      sealHex: newResult.sealHex,
+      previousTransferId: result.metadata.transferId,
+      previousSeal: result.seal.hash,
+      buyer,
+      services: deedMeta.services,
+      credentialCount: deedMeta.credential_count,
+      transferHistory: deedMeta.transfer_history,
+    };
+  }
+
+  /**
+   * Import a deed — decrypt and write to live system configuration.
+   *
+   * @param {string} filePath - Path to .0nv deed
+   * @param {string} passphrase - Decryption passphrase
+   * @param {string} [targetDir] - Target ~/.0n/ directory
+   * @returns {Promise<Object>} Import report
+   */
+  async importDeed(filePath, passphrase, targetDir = null) {
+    const buffer = loadContainer(filePath);
+    const result = await disassembleContainer(buffer, passphrase);
+
+    if (!result.seal.valid || !result.signature.valid) {
+      throw new Error("Cannot import deed — seal or signature verification failed");
+    }
+
+    return importDeedToSystem(result.layers, targetDir);
+  }
+
+  /**
+   * Export — collect credentials from sources and package as deed in one step.
+   *
+   * @param {Object} sources - { envFile, jsonFile, csvFile, connectionsDir, manual }
+   * @param {Object} options - Same as create() options
+   * @returns {Promise<Object>}
+   */
+  async export(sources, options) {
+    const collected = await collectCredentials(sources);
+
+    return this.create({
+      ...options,
+      credentials: collected.credentials,
+      envVars: collected.envVars,
+      services: collected.services,
+    });
+  }
+}
+
+export const DEED_VERSION_STR = DEED_VERSION;