npm - @aikdna/kdna-cli - Versions diffs - 0.14.0 → 0.15.0 - Mend

@aikdna/kdna-cli 0.14.0 → 0.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aikdna/kdna-cli",
-  "version": "0.14.0",
+  "version": "0.15.0",
   "description": "KDNA CLI — create, validate, install, and manage domain cognition packages for AI agents.",
   "type": "commonjs",
   "bin": {

package/src/cli.js CHANGED Viewed

@@ -24,7 +24,7 @@ const { cmdIdentity } = require('./cmds/identity');
 const { cmdSetup } = require('./cmds/setup');
 const { cmdDoctor } = require('./cmds/doctor');
 const { cmdTrace, cmdHistory } = require('./cmds/trace');
-const { cmdLicenseGenerate, cmdLicenseVerify, cmdLicenseBind, cmdLicenseShow } = require('./cmds/license');
+const { cmdLicenseGenerate, cmdLicenseVerify, cmdLicenseBind, cmdLicenseShow, cmdLicenseInstall } = require('./cmds/license');
 const { cmdPreview, cmdProject, cmdEval, cmdExport, cmdDemo } = require('./cmds/legacy');
 const { cmdStudioScaffold, cmdCardsValidate, cmdLockVerify, cmdStudioCompile, cmdStudioReadiness } = require('./cmds/studio');
 const { cmdTestRun, cmdTestImport } = require('./cmds/test');
@@ -138,6 +138,7 @@ Trace & Diagnostics:
 License & Authorization:
   license generate <domain> --to <email>   Generate signed license
+  license install <license.json>           Register license for auto-decrypt
   license verify <license.json>            Verify license signature
   license bind <license.json>              Bind license to this machine
   license show <license.json>              Display license details
@@ -436,10 +437,13 @@ switch (cmd) {
       cmdLicenseBind(rest);
     } else if (sub === 'show') {
       cmdLicenseShow(rest);
+    } else if (sub === 'install') {
+      cmdLicenseInstall(rest);
     } else {
       error(
         'Usage:\n' +
           '  kdna license generate <domain> --to <email> [--expires <date>]\n' +
+          '  kdna license install <license.json>\n' +
           '  kdna license verify <license.json>\n' +
           '  kdna license bind <license.json>\n' +
           '  kdna license show <license.json>',

package/src/cmds/license.js CHANGED Viewed

@@ -167,7 +167,6 @@ function cmdLicenseBind(args) {
 function cmdLicenseShow(args) {
   const licensePath = args[0];
   if (!licensePath) {
-    // Try to find license in current directory
     const local = path.join(process.cwd(), 'license.json');
     if (fs.existsSync(local)) return cmdLicenseVerify([local, ...args.slice(1)]);
     error('Usage: kdna license show <license.json>', EXIT.INPUT_ERROR);
@@ -175,4 +174,32 @@ function cmdLicenseShow(args) {
   cmdLicenseVerify(args);
 }
-module.exports = { cmdLicenseGenerate, cmdLicenseVerify, cmdLicenseBind, cmdLicenseShow };
+function cmdLicenseInstall(args) {
+  const licensePath = args[0];
+  if (!licensePath) error('Usage: kdna license install <license.json>', EXIT.INPUT_ERROR);
+  let license;
+  try {
+    license = JSON.parse(fs.readFileSync(licensePath, 'utf8'));
+  } catch {
+    error(`Cannot read license file: ${licensePath}`, EXIT.INPUT_ERROR);
+  }
+  if (!license.domain) error('License missing domain field', EXIT.INPUT_ERROR);
+  const licenseDir = path.join(process.env.HOME || process.env.USERPROFILE || '.', '.kdna', 'licenses');
+  fs.mkdirSync(licenseDir, { recursive: true });
+  const safeName = license.domain.replace(/^@/, '').replace('/', '-');
+  const dest = path.join(licenseDir, `${safeName}.json`);
+  fs.writeFileSync(dest, JSON.stringify(license, null, 2) + '\n');
+  console.log(`License installed for ${license.domain}`);
+  console.log(`  License ID: ${license.license_id || 'unknown'}`);
+  console.log(`  Saved to: ${dest}`);
+  console.log('');
+  console.log(`Now install the domain: kdna install ${license.domain}`);
+}
+module.exports = { cmdLicenseGenerate, cmdLicenseVerify, cmdLicenseBind, cmdLicenseShow, cmdLicenseInstall };

package/src/install.js CHANGED Viewed

@@ -20,6 +20,7 @@ const crypto = require('crypto');
 const { execSync, execFileSync } = require('child_process');
 const { RegistryResolver, parseName } = require('./registry');
 const { EXIT, error } = require('./cmds/_common');
+const { decrypt, deriveKey, machineFingerprint, isEncryptedContainer, ENCRYPTED_FILES } = require('./cmds/encrypt');
 const USER_KDNA_DIR = path.join(process.env.HOME || process.env.USERPROFILE || '.', '.kdna');
 const INSTALL_DIR = path.join(USER_KDNA_DIR, 'domains');
@@ -199,9 +200,9 @@ function warnLegacy() {
 // ─── Source parsing ─────────────────────────────────────────────────────
 function parseSource(input) {
-  // Local file
+  // Local file (.kdna or .kdnae)
   if (
-    input.endsWith('.kdna') &&
+    (input.endsWith('.kdna') || input.endsWith('.kdnae')) &&
     (input.startsWith('./') || input.startsWith('/') || input.startsWith('~/'))
   ) {
     const resolved = path.resolve(input.replace(/^~/, process.env.HOME || ''));
@@ -283,6 +284,53 @@ print('ok')
   }
 }
+function extractAndDecrypt(kdnaPath, destDir, licenseKey) {
+  extractKdna(kdnaPath, destDir);
+  const fp = machineFingerprint();
+  const key = deriveKey(licenseKey, fp);
+  for (const f of fs.readdirSync(destDir)) {
+    if (ENCRYPTED_FILES.includes(f)) {
+      try {
+        const fullPath = path.join(destDir, f);
+        const encrypted = fs.readFileSync(fullPath);
+        const decrypted = decrypt(encrypted, key);
+        fs.writeFileSync(fullPath, decrypted);
+      } catch (err) {
+        fs.rmSync(destDir, { recursive: true, force: true });
+        error(`Failed to decrypt ${f}: ${err.message}. Wrong license key?`);
+      }
+    }
+  }
+}
+function findLicense(domainName) {
+  const licenseDir = path.join(USER_KDNA_DIR, 'licenses');
+  const licensePath = path.join(licenseDir, `${domainName.replace(/^@/, '').replace('/', '-')}.json`);
+  if (fs.existsSync(licensePath)) {
+    try {
+      return JSON.parse(fs.readFileSync(licensePath, 'utf8'));
+    } catch { /* invalid license */ }
+  }
+  return null;
+}
+function findLicenseForDomain(domainFull) {
+  const licenseDir = path.join(USER_KDNA_DIR, 'licenses');
+  if (!fs.existsSync(licenseDir)) return null;
+  // Try exact match: @aikdna/writing → @aikdna-writing.json
+  const candidates = [domainFull.replace(/^@/, '').replace('/', '-')];
+  // Also try just the domain name
+  candidates.push(domainFull.split('/').pop());
+  for (const c of candidates) {
+    const p = path.join(licenseDir, `${c}.json`);
+    if (fs.existsSync(p)) {
+      try { return JSON.parse(fs.readFileSync(p, 'utf8')); } catch { /* skip */ }
+    }
+  }
+  return null;
+}
 // ─── Signature verification ────────────────────────────────────────────
 function verifySignature({ destDir, scope, entry, lenient = true }) {
@@ -613,9 +661,53 @@ function installFromLocalFile(filePath, _yes, jsonMode = false) {
   const abs = path.resolve(filePath);
   if (!fs.existsSync(abs) || !fs.statSync(abs).isFile()) error(`Not a file: ${abs}`);
+  const isEncrypted = isEncryptedContainer(abs);
   const tmpDir = path.join(INSTALL_DIR, '.local-tmp-' + Date.now());
   ensureDir(tmpDir);
-  extractKdna(abs, tmpDir);
+  if (isEncrypted) {
+    // Find license for this .kdnae file
+    // First check the license directory, then ask for --license flag from args
+    const licenseFromArgs = process.argv.includes('--license')
+      ? process.argv[process.argv.indexOf('--license') + 1]
+      : null;
+    let licenseKey = null;
+    if (licenseFromArgs && fs.existsSync(licenseFromArgs)) {
+      try {
+        const lic = JSON.parse(fs.readFileSync(licenseFromArgs, 'utf8'));
+        licenseKey = lic.license_id;
+      } catch { /* invalid license file */ }
+    }
+    if (!licenseKey) {
+      // Try to auto-discover from ~/.kdna/licenses/
+      const manifest = readJson(path.join(tmpDir, 'kdna.json'));
+      // We need to extract just the manifest first to get the domain name
+      extractKdna(abs, tmpDir);
+      const mf = readJson(path.join(tmpDir, 'kdna.json'));
+      if (mf?.name) {
+        const lic = findLicenseForDomain(mf.name);
+        if (lic) licenseKey = lic.license_id;
+      }
+      if (!licenseKey) {
+        fs.rmSync(tmpDir, { recursive: true, force: true });
+        error(
+          `Cannot install encrypted .kdnae without a license.\n` +
+            `Save the license to ~/.kdna/licenses/ or use --license <file>.`,
+          EXIT.TRUST_FAILED,
+        );
+      }
+      // Re-extract for decryption
+      fs.rmSync(tmpDir, { recursive: true, force: true });
+      ensureDir(tmpDir);
+    }
+    console.log('  Decrypting .kdnae container...');
+    extractAndDecrypt(abs, tmpDir, licenseKey);
+  } else {
+    extractKdna(abs, tmpDir);
+  }
   const manifest = readJson(path.join(tmpDir, 'kdna.json'));
   const declared = manifest?.name;
@@ -636,6 +728,7 @@ function installFromLocalFile(filePath, _yes, jsonMode = false) {
   destManifest._source = {
     type: 'local-file',
     path: abs,
+    encrypted: isEncrypted,
     installed_at: new Date().toISOString(),
   };
   fs.writeFileSync(path.join(dest, 'kdna.json'), JSON.stringify(destManifest, null, 2) + '\n');
@@ -647,9 +740,10 @@ function installFromLocalFile(filePath, _yes, jsonMode = false) {
       path: dest,
       source: 'local-file',
       source_path: abs,
+      encrypted: isEncrypted,
     }));
   } else {
-    console.log(`✓ Installed ${declared} from local file`);
+    console.log(`✓ Installed ${declared} from ${isEncrypted ? 'encrypted' : 'local'} file`);
     console.log(`  Location: ${dest}`);
   }
 }