50c 1.5.0 → 2.0.1

package/lib/vault.js

@@ -0,0 +1,354 @@
+/**
+ * 50c Vault - Secure Credential Storage
+ * Local encryption, cloud storage of encrypted blobs
+ */
+
+const crypto = require('crypto');
+const fs = require('fs');
+const path = require('path');
+const { MODE, VAULT_DIR, ensureLocalDir, apiRequest } = require('./config');
+
+// Crypto constants
+const ALGORITHM = 'aes-256-gcm';
+const PBKDF2_ITERATIONS = 100000;
+const SALT_LENGTH = 32;
+const IV_LENGTH = 16;
+const AUTH_TAG_LENGTH = 16;
+
+// Local file paths
+const MASTER_KEY_FILE = path.join(VAULT_DIR, 'master.key.enc');
+const VAULT_DB_FILE = path.join(VAULT_DIR, 'vault.db');
+const SESSION_FILE = path.join(VAULT_DIR, 'session.json');
+
+// In-memory session for cloud mode
+let cloudSession = null;
+
+// Derive key from passphrase
+function deriveKey(passphrase, salt) {
+  return crypto.pbkdf2Sync(passphrase, salt, PBKDF2_ITERATIONS, 32, 'sha256');
+}
+
+// Encrypt data
+function encrypt(plaintext, key) {
+  const iv = crypto.randomBytes(IV_LENGTH);
+  const cipher = crypto.createCipheriv(ALGORITHM, key, iv);
+  const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);
+  const authTag = cipher.getAuthTag();
+  return Buffer.concat([iv, authTag, encrypted]).toString('base64');
+}
+
+// Decrypt data
+function decrypt(encryptedBase64, key) {
+  const data = Buffer.from(encryptedBase64, 'base64');
+  const iv = data.subarray(0, IV_LENGTH);
+  const authTag = data.subarray(IV_LENGTH, IV_LENGTH + AUTH_TAG_LENGTH);
+  const encrypted = data.subarray(IV_LENGTH + AUTH_TAG_LENGTH);
+  const decipher = crypto.createDecipheriv(ALGORITHM, key, iv);
+  decipher.setAuthTag(authTag);
+  return decipher.update(encrypted) + decipher.final('utf8');
+}
+
+// ==================== LOCAL MODE ====================
+
+function loadLocalSession() {
+  try {
+    if (fs.existsSync(SESSION_FILE)) {
+      const session = JSON.parse(fs.readFileSync(SESSION_FILE, 'utf8'));
+      if (session.expires_at > Date.now()) {
+        return session;
+      }
+      fs.unlinkSync(SESSION_FILE);
+    }
+  } catch {}
+  return null;
+}
+
+function saveLocalSession(masterKey, ttl) {
+  ensureLocalDir();
+  const session = {
+    master_key: masterKey.toString('base64'),
+    expires_at: Date.now() + (ttl * 1000),
+    last_access: Date.now()
+  };
+  fs.writeFileSync(SESSION_FILE, JSON.stringify(session), { mode: 0o600 });
+}
+
+function clearLocalSession() {
+  try {
+    if (fs.existsSync(SESSION_FILE)) fs.unlinkSync(SESSION_FILE);
+  } catch {}
+}
+
+function loadLocalDB() {
+  try {
+    if (fs.existsSync(VAULT_DB_FILE)) {
+      return JSON.parse(fs.readFileSync(VAULT_DB_FILE, 'utf8'));
+    }
+  } catch {}
+  return { credentials: {} };
+}
+
+function saveLocalDB(db) {
+  ensureLocalDir();
+  fs.writeFileSync(VAULT_DB_FILE, JSON.stringify(db, null, 2), { mode: 0o600 });
+}
+
+// ==================== CLOUD MODE ====================
+
+async function loadCloudSession() {
+  if (cloudSession && cloudSession.expires_at > Date.now()) {
+    return cloudSession;
+  }
+  return null;
+}
+
+function saveCloudSession(masterKey, ttl) {
+  cloudSession = {
+    master_key: masterKey.toString('base64'),
+    expires_at: Date.now() + (ttl * 1000)
+  };
+}
+
+function clearCloudSession() {
+  cloudSession = null;
+}
+
+// ==================== UNIFIED API ====================
+
+async function isInitialized() {
+  if (MODE === 'local') {
+    return fs.existsSync(MASTER_KEY_FILE);
+  } else {
+    const response = await apiRequest('GET', '/vault/status');
+    return response?.initialized || false;
+  }
+}
+
+async function isUnlocked() {
+  if (MODE === 'local') {
+    return !!loadLocalSession();
+  } else {
+    return !!(await loadCloudSession());
+  }
+}
+
+async function init(passphrase) {
+  if (passphrase.length < 8) {
+    throw new Error('Passphrase must be at least 8 characters');
+  }
+  
+  const masterKey = crypto.randomBytes(32);
+  const salt = crypto.randomBytes(SALT_LENGTH);
+  const derivedKey = deriveKey(passphrase, salt);
+  const encryptedMasterKey = encrypt(masterKey.toString('hex'), derivedKey);
+  
+  if (MODE === 'local') {
+    ensureLocalDir();
+    const stored = Buffer.concat([salt, Buffer.from(encryptedMasterKey, 'base64')]);
+    fs.writeFileSync(MASTER_KEY_FILE, stored.toString('base64'), { mode: 0o600 });
+    saveLocalDB({ credentials: {} });
+    return { success: true, mode: 'local', path: VAULT_DIR };
+  } else {
+    // Store encrypted master key in cloud
+    await apiRequest('POST', '/vault/init', {
+      encrypted_master_key: Buffer.concat([salt, Buffer.from(encryptedMasterKey, 'base64')]).toString('base64')
+    });
+    return { success: true, mode: 'cloud' };
+  }
+}
+
+async function unlock(passphrase, ttl = 3600) {
+  if (MODE === 'local') {
+    if (!fs.existsSync(MASTER_KEY_FILE)) {
+      throw new Error('Vault not initialized. Run vault_init first.');
+    }
+    
+    const data = Buffer.from(fs.readFileSync(MASTER_KEY_FILE, 'utf8'), 'base64');
+    const salt = data.subarray(0, SALT_LENGTH);
+    const encryptedKey = data.subarray(SALT_LENGTH);
+    const derivedKey = deriveKey(passphrase, salt);
+    
+    try {
+      const masterKeyHex = decrypt(encryptedKey.toString('base64'), derivedKey);
+      const masterKey = Buffer.from(masterKeyHex, 'hex');
+      saveLocalSession(masterKey, ttl);
+      return { success: true, ttl };
+    } catch {
+      throw new Error('Invalid passphrase');
+    }
+  } else {
+    // Cloud mode - get encrypted master key, decrypt locally
+    const response = await apiRequest('GET', '/vault/key');
+    if (!response?.encrypted_master_key) {
+      throw new Error('Vault not initialized');
+    }
+    
+    const data = Buffer.from(response.encrypted_master_key, 'base64');
+    const salt = data.subarray(0, SALT_LENGTH);
+    const encryptedKey = data.subarray(SALT_LENGTH);
+    const derivedKey = deriveKey(passphrase, salt);
+    
+    try {
+      const masterKeyHex = decrypt(encryptedKey.toString('base64'), derivedKey);
+      const masterKey = Buffer.from(masterKeyHex, 'hex');
+      saveCloudSession(masterKey, ttl);
+      return { success: true, ttl };
+    } catch {
+      throw new Error('Invalid passphrase');
+    }
+  }
+}
+
+function lock() {
+  if (MODE === 'local') {
+    clearLocalSession();
+  } else {
+    clearCloudSession();
+  }
+  return { success: true };
+}
+
+async function getMasterKey() {
+  if (MODE === 'local') {
+    const session = loadLocalSession();
+    if (!session) return null;
+    return Buffer.from(session.master_key, 'base64');
+  } else {
+    const session = await loadCloudSession();
+    if (!session) return null;
+    return Buffer.from(session.master_key, 'base64');
+  }
+}
+
+async function add(name, value) {
+  const masterKey = await getMasterKey();
+  if (!masterKey) throw new Error('Vault locked. Unlock first.');
+  
+  const encrypted = encrypt(value, masterKey);
+  
+  if (MODE === 'local') {
+    const db = loadLocalDB();
+    db.credentials[name] = { encrypted, updated_at: Date.now() };
+    saveLocalDB(db);
+  } else {
+    await apiRequest('POST', '/vault/credentials', { name, encrypted });
+  }
+  
+  return { success: true, name };
+}
+
+async function get(name) {
+  const masterKey = await getMasterKey();
+  if (!masterKey) throw new Error('Vault locked. Unlock first.');
+  
+  let encrypted;
+  
+  if (MODE === 'local') {
+    const db = loadLocalDB();
+    if (!db.credentials[name]) throw new Error(`Not found: ${name}`);
+    encrypted = db.credentials[name].encrypted;
+  } else {
+    const response = await apiRequest('GET', `/vault/credentials/${encodeURIComponent(name)}`);
+    if (!response?.encrypted) throw new Error(`Not found: ${name}`);
+    encrypted = response.encrypted;
+  }
+  
+  return decrypt(encrypted, masterKey);
+}
+
+async function list(namespace = null) {
+  if (MODE === 'local') {
+    const db = loadLocalDB();
+    let names = Object.keys(db.credentials);
+    if (namespace) {
+      names = names.filter(n => n.startsWith(namespace + '/'));
+    }
+    return names.sort();
+  } else {
+    const response = await apiRequest('GET', '/vault/credentials');
+    let names = response?.names || [];
+    if (namespace) {
+      names = names.filter(n => n.startsWith(namespace + '/'));
+    }
+    return names.sort();
+  }
+}
+
+async function remove(name) {
+  const masterKey = await getMasterKey();
+  if (!masterKey) throw new Error('Vault locked. Unlock first.');
+  
+  if (MODE === 'local') {
+    const db = loadLocalDB();
+    if (!db.credentials[name]) throw new Error(`Not found: ${name}`);
+    delete db.credentials[name];
+    saveLocalDB(db);
+  } else {
+    await apiRequest('DELETE', `/vault/credentials/${encodeURIComponent(name)}`);
+  }
+  
+  return { success: true, name };
+}
+
+async function status() {
+  return {
+    mode: MODE,
+    initialized: await isInitialized(),
+    locked: !(await isUnlocked()),
+    path: MODE === 'local' ? VAULT_DIR : 'cloud'
+  };
+}
+
+// YOLO mode - long session
+async function yolo(passphrase) {
+  return unlock(passphrase, 365 * 24 * 3600);
+}
+
+// Tool definitions for MCP
+const VAULT_TOOLS = [
+  { name: 'vault_status', description: 'Check vault status. FREE.', inputSchema: { type: 'object', properties: {} } },
+  { name: 'vault_init', description: 'Initialize vault with passphrase. FREE.', inputSchema: { type: 'object', properties: { passphrase: { type: 'string', minLength: 8 } }, required: ['passphrase'] } },
+  { name: 'vault_unlock', description: 'Unlock vault for session. FREE.', inputSchema: { type: 'object', properties: { passphrase: { type: 'string' }, ttl: { type: 'number', default: 3600 } }, required: ['passphrase'] } },
+  { name: 'vault_lock', description: 'Lock vault immediately. FREE.', inputSchema: { type: 'object', properties: {} } },
+  { name: 'vault_yolo', description: 'YOLO mode - stay unlocked until lock/reboot. FREE.', inputSchema: { type: 'object', properties: { passphrase: { type: 'string' } }, required: ['passphrase'] } },
+  { name: 'vault_add', description: 'Add credential to vault. FREE.', inputSchema: { type: 'object', properties: { name: { type: 'string' }, value: { type: 'string' } }, required: ['name', 'value'] } },
+  { name: 'vault_get', description: 'Get credential from vault. FREE.', inputSchema: { type: 'object', properties: { name: { type: 'string' } }, required: ['name'] } },
+  { name: 'vault_list', description: 'List credentials in vault. FREE.', inputSchema: { type: 'object', properties: { namespace: { type: 'string' } } } },
+  { name: 'vault_delete', description: 'Delete credential from vault. FREE.', inputSchema: { type: 'object', properties: { name: { type: 'string' } }, required: ['name'] } }
+];
+
+// Handle vault tool calls
+async function handleTool(name, args) {
+  try {
+    switch (name) {
+      case 'vault_status': return await status();
+      case 'vault_init': return await init(args.passphrase);
+      case 'vault_unlock': return await unlock(args.passphrase, args.ttl);
+      case 'vault_lock': return lock();
+      case 'vault_yolo': return await yolo(args.passphrase);
+      case 'vault_add': return await add(args.name, args.value);
+      case 'vault_get': return { value: await get(args.name) };
+      case 'vault_list': return { credentials: await list(args.namespace) };
+      case 'vault_delete': return await remove(args.name);
+      default: return { error: `Unknown vault tool: ${name}` };
+    }
+  } catch (e) {
+    return { error: e.message };
+  }
+}
+
+module.exports = {
+  VAULT_TOOLS,
+  handleTool,
+  status,
+  init,
+  unlock,
+  lock,
+  yolo,
+  add,
+  get,
+  list,
+  remove,
+  isUnlocked,
+  getMasterKey
+};

package/package.json

@@ -1,23 +1,37 @@
 {
   "name": "50c",
-  "version": "1.5.0",
-  "description": "AI augmentation CLI & MCP server. genius, hints, roast, one-liner, name-it, price-it + more.",
+  "version": "2.0.1",
+  "description": "AI toolkit. One install, 100+ tools. Works everywhere.",
+  "main": "lib/index.js",
   "bin": {
     "50c": "./bin/50c.js"
   },
-  "scripts": {
-    "postinstall": "node -e \"console.log('\\n50c installed. Set FIFTYC_API_KEY env var.\\n')\""
-  },
-  "keywords": ["mcp", "ai", "llm", "cli", "agent", "genxis", "50c", "intelligence", "problem-solving", "hints", "genius", "compute"],
-  "author": "genxis",
-  "license": "SEE LICENSE IN LICENSE",
+  "keywords": [
+    "mcp",
+    "ai",
+    "llm",
+    "tools",
+    "genius",
+    "bcalc",
+    "vault",
+    "cloudflare",
+    "whm",
+    "cpanel",
+    "wordpress"
+  ],
+  "author": "genxis.com",
+  "license": "MIT",
   "homepage": "https://50c.ai",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/genxis/50c"
+  },
   "engines": {
-    "node": ">=18.0.0"
+    "node": ">=18"
   },
   "files": [
     "bin/",
-    "README.md",
-    "LICENSE"
+    "lib/",
+    "README.md"
   ]
 }

package/LICENSE

@@ -1,31 +0,0 @@
-PROPRIETARY SOFTWARE LICENSE
-
-Copyright (c) 2026 genxis. All Rights Reserved.
-
-This software and associated documentation files (the "Software") are the 
-proprietary property of genxis.
-
-USAGE TERMS:
-1. You may install and use this Software only with a valid API key.
-2. Each use of the Software requires credits at published rates.
-3. You may NOT copy, modify, merge, publish, distribute, sublicense, or sell 
-   copies of the Software.
-4. You may NOT reverse engineer, decompile, or disassemble the Software.
-5. You may NOT remove or bypass the payment/credit system.
-6. You may NOT create derivative works based on the Software.
-
-RESTRICTIONS:
-- This is a commercial product. No free usage rights are granted.
-- Source code is provided for transparency only, not for modification.
-- Unauthorized use, reproduction, or distribution is strictly prohibited.
-
-WARRANTY DISCLAIMER:
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-
-LIMITATION OF LIABILITY:
-IN NO EVENT SHALL GENXIS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY ARISING FROM THE USE OF THE SOFTWARE.
-
-Contact: https://genxis.one