@athsra/cli 1.0.4 → 1.1.0

package/src/lib/client.ts

@@ -17,6 +17,7 @@ export interface RegisterResponse {
   token: string;
   machineId: string;
   createdAt: string;
+  userId?: number;
 }
 
 /** Phase 4 Slice 3 — auth_user_keys row (GET/POST /auth/keys). worker 는 base64 형식만 저장. */
@@ -60,19 +61,31 @@ export interface DeviceCodeResponse {
   verification_uri_complete: string;
   expires_in: number;
   interval: number;
-  project: string;
-  perms: 'read' | 'write';
+  /** Phase 5 — kind:'user' 면 project/perms 는 null (identity 디바이스는 envelope-scope 없음). */
+  kind: 'service' | 'user';
+  project: string | null;
+  perms: 'read' | 'write' | null;
 }
 
-/** Phase 3 P3 — POST /auth/device/token (poll) 결과. */
+/** Phase 3 P3 / Phase 5 — POST /auth/device/token (poll) 결과 (service | user kind). */
 export type DevicePollResult =
   | {
       status: 'token';
+      tokenType: 'service';
       token: string;
       recipientId: string;
       project: string;
       perms: 'read' | 'write';
     }
+  | {
+      status: 'token';
+      tokenType: 'user';
+      token: string;
+      /** SealedBox JSON — 디바이스 privkey 로 unseal → identity privkey. */
+      sealedIdentityKey: string;
+      userId: number;
+      keyVersion: number;
+    }
   | { status: 'pending'; error: string; interval?: number };
 
 /**
@@ -240,7 +253,7 @@ export class AthsraClient {
 
   /**
    * Phase 3a — 자기 master pw proof bootstrap-or-verify (POST /auth/proof, Bearer).
-   * proof = Argon2id(masterPw + GLOBAL_SALT) 단방향 해시 (평문 master pw 송신 X).
+   * proof = deriveProof(masterPw, userId, GLOBAL_SALT) 단방향 해시 (평문 master pw 송신 X).
    * 첫 호출 = bootstrap, 이후 = verify (불일치 시 worker 409 → throw).
    */
   async setProof(
@@ -485,14 +498,21 @@ export class AthsraClient {
 
   /** Phase 3 P3 — device-login 시작 (unauth). device_code + user_code + verification_uri. */
   async deviceCode(args: {
-    project: string;
+    kind?: 'service' | 'user';
+    project?: string;
     perms?: 'read' | 'write';
     label: string;
+    /** kind:'user' — base64 32B 디바이스 X25519 public key. */
+    devicePublicKey?: string;
   }): Promise<DeviceCodeResponse> {
+    const body: Record<string, unknown> =
+      args.kind === 'user'
+        ? { kind: 'user', device_pub_key: args.devicePublicKey, label: args.label }
+        : { project: args.project, perms: args.perms, label: args.label };
     const res = await fetch(this.url('/auth/device/code'), {
       method: 'POST',
       headers: { 'content-type': 'application/json' },
-      body: JSON.stringify({ project: args.project, perms: args.perms, label: args.label }),
+      body: JSON.stringify(body),
     });
     if (!res.ok) throw new Error(`device code ${res.status}: ${await res.text()}`);
     return (await res.json()) as DeviceCodeResponse;
@@ -507,8 +527,20 @@ export class AthsraClient {
     });
     const body = (await res.json()) as Record<string, unknown>;
     if (res.ok) {
+      if (body.token_type === 'user') {
+        return {
+          status: 'token',
+          tokenType: 'user',
+          token: typeof body.token === 'string' ? body.token : '',
+          sealedIdentityKey:
+            typeof body.sealed_identity_key === 'string' ? body.sealed_identity_key : '',
+          userId: typeof body.user_id === 'number' ? body.user_id : 0,
+          keyVersion: typeof body.key_version === 'number' ? body.key_version : 1,
+        };
+      }
       return {
         status: 'token',
+        tokenType: 'service',
         token: typeof body.token === 'string' ? body.token : '',
         recipientId: typeof body.recipient_id === 'string' ? body.recipient_id : '',
         project: typeof body.project === 'string' ? body.project : '',
@@ -572,15 +604,33 @@ export class AthsraClient {
     };
   }
 
-  async getEnvelope(project: string): Promise<SecretEnvelopeAny | null> {
-    const res = await this.authedFetch(`/v1/secrets/${encodeURIComponent(project)}`);
+  /** secret route URL — config!=='default' 시에만 ?config= 추가 (default 는 생략, 하위호환·무중단). */
+  private secretPath(
+    project: string,
+    config: string,
+    sub = '',
+    extra?: Record<string, string>,
+  ): string {
+    const params = new URLSearchParams();
+    if (config && config !== 'default') params.set('config', config);
+    if (extra) for (const [k, v] of Object.entries(extra)) params.set(k, v);
+    const q = params.toString();
+    return `/v1/secrets/${encodeURIComponent(project)}${sub}${q ? `?${q}` : ''}`;
+  }
+
+  async getEnvelope(project: string, config = 'default'): Promise<SecretEnvelopeAny | null> {
+    const res = await this.authedFetch(this.secretPath(project, config));
     if (res.status === 404) return null;
     if (!res.ok) throw new Error(`fetch ${res.status}: ${await res.text()}`);
     return (await res.json()) as SecretEnvelopeAny;
   }
 
-  async putEnvelope(project: string, envelope: SecretEnvelopeAny): Promise<void> {
-    const res = await this.authedFetch(`/v1/secrets/${encodeURIComponent(project)}`, {
+  async putEnvelope(
+    project: string,
+    envelope: SecretEnvelopeAny,
+    config = 'default',
+  ): Promise<void> {
+    const res = await this.authedFetch(this.secretPath(project, config), {
       method: 'PUT',
       headers: { 'content-type': 'application/json' },
       body: JSON.stringify(envelope),
@@ -597,14 +647,19 @@ export class AthsraClient {
 
   async deleteProject(
     project: string,
-    opts?: { hard?: boolean },
+    opts?: { hard?: boolean; config?: string },
   ): Promise<{
     soft?: boolean;
     hard?: boolean;
     recoverable_versions?: number;
     removed_versions?: number;
   }> {
-    const path = `/v1/secrets/${encodeURIComponent(project)}${opts?.hard ? '?hard=true' : ''}`;
+    const path = this.secretPath(
+      project,
+      opts?.config ?? 'default',
+      '',
+      opts?.hard ? { hard: 'true' } : undefined,
+    );
     const res = await this.authedFetch(path, { method: 'DELETE' });
     if (!res.ok) throw new Error(`delete ${res.status}: ${await res.text()}`);
     return (await res.json()) as {
@@ -615,14 +670,17 @@ export class AthsraClient {
     };
   }
 
-  async listVersions(project: string): Promise<{
+  async listVersions(
+    project: string,
+    config = 'default',
+  ): Promise<{
     project: string;
     current_version: string | null;
     tombstone: { deleted_at: string; deleted_by: string } | null;
     versions: { version_id: string; updated_at: string; size: number }[];
     count: number;
   }> {
-    const res = await this.authedFetch(`/v1/secrets/${encodeURIComponent(project)}/versions`);
+    const res = await this.authedFetch(this.secretPath(project, config, '/versions'));
     if (!res.ok) throw new Error(`versions ${res.status}: ${await res.text()}`);
     return (await res.json()) as {
       project: string;
@@ -636,8 +694,9 @@ export class AthsraClient {
   async rollbackProject(
     project: string,
     versionId: string,
+    config = 'default',
   ): Promise<{ ok: boolean; project: string; current_version: string }> {
-    const res = await this.authedFetch(`/v1/secrets/${encodeURIComponent(project)}/rollback`, {
+    const res = await this.authedFetch(this.secretPath(project, config, '/rollback'), {
       method: 'POST',
       headers: { 'content-type': 'application/json' },
       body: JSON.stringify({ version_id: versionId }),
@@ -646,14 +705,17 @@ export class AthsraClient {
     return (await res.json()) as { ok: boolean; project: string; current_version: string };
   }
 
-  async restoreProject(project: string): Promise<{
+  async restoreProject(
+    project: string,
+    config = 'default',
+  ): Promise<{
     ok: boolean;
     project: string;
     restored_version: string;
     deleted_at: string;
     deleted_by: string;
   }> {
-    const res = await this.authedFetch(`/v1/secrets/${encodeURIComponent(project)}/restore`, {
+    const res = await this.authedFetch(this.secretPath(project, config, '/restore'), {
       method: 'POST',
     });
     if (!res.ok) throw new Error(`restore ${res.status}: ${await res.text()}`);
@@ -666,6 +728,21 @@ export class AthsraClient {
     };
   }
 
+  /** GET /:project/configs — 환경(config) 목록 + active/deleted. */
+  async listConfigs(project: string): Promise<{
+    project: string;
+    configs: { config: string; active: boolean; deleted: boolean }[];
+    count: number;
+  }> {
+    const res = await this.authedFetch(this.secretPath(project, 'default', '/configs'));
+    if (!res.ok) throw new Error(`configs ${res.status}: ${await res.text()}`);
+    return (await res.json()) as {
+      project: string;
+      configs: { config: string; active: boolean; deleted: boolean }[];
+      count: number;
+    };
+  }
+
   async listProjectsExtended(opts?: {
     includeDeleted?: boolean;
   }): Promise<

package/src/lib/config.ts

@@ -16,6 +16,8 @@ export interface Config {
    */
   orgId?: number;
   orgSlug?: string;
+  /** Phase 5 — identity 디바이스 모드 로그인 시 기록 (member 경로 복호의 per-user salt·recipient 매칭). */
+  userId?: number;
 }
 
 export function ensureConfigDir(): void {

package/src/lib/device-login.ts

@@ -0,0 +1,157 @@
+/**
+ * device-login.ts — Phase 5 B5. RFC 8628 device flow 의 공용 코어.
+ *
+ * `commands/login.ts` 의 identityLoginCmd/deviceLoginCmd poll 루프에서 추출 — CLI(블로킹 루프)와
+ * MCP in-chat 로그인(athsra_login_start/status 의 단발 step)이 같은 기계 부분을 소비한다.
+ *
+ * 보안 불변식: `IdentityFlow.deviceCode` 는 **프로세스 메모리 전용** — MCP 응답·로그·콘솔 어디에도
+ * 출력 금지 (탈취 시 토큰 가로채기 가능). user 에게 보여줄 것은 user_code/URL/fingerprint 뿐.
+ */
+import { hostname } from 'node:os';
+import { toBase64 } from '@athsra/crypto';
+import { deviceKeyFingerprint, generateDeviceKeypair } from '@athsra/crypto/device';
+import { AthsraClient, type DevicePollResult } from './client.ts';
+import { loadConfig, saveConfig } from './config.ts';
+import { unsealIdentityKey } from './identity-key.ts';
+import { probeKeyring, setIdentityKey, setToken } from './keyring.ts';
+
+/** 비-인터랙티브 agent 기본 worker (config/env 없을 때). production athsra worker. */
+export const DEFAULT_WORKER_URL = 'https://athsra-worker.winterermod.workers.dev';
+
+export type UserTokenResult = Extract<DevicePollResult, { status: 'token'; tokenType: 'user' }>;
+
+export interface IdentityFlow {
+  client: AthsraClient;
+  workerUrl: string;
+  machineId: string;
+  existingCreatedAt?: string;
+  /** 디바이스 X25519 privkey — sealed identity key unseal 용 (이 머신에만). */
+  devicePrivateKey: Uint8Array;
+  /** 디바이스 pubkey 지문 — 브라우저 화면과 대조 (phishing 가드). 공개 정보. */
+  fingerprint: string;
+  /** RFC 8628 device_code — 메모리 전용. 어떤 응답에도 미포함. */
+  deviceCode: string;
+  userCode: string;
+  verificationUriComplete: string;
+  expiresAt: number; // epoch ms
+  intervalMs: number;
+}
+
+/**
+ * identity device flow 시작: keyring probe → config/worker 해석 → 디바이스 키쌍 생성 →
+ * deviceCode(kind:user). 실패는 actionable Error throw (호출자가 ✗/MCP error 로 환원).
+ */
+export async function startIdentityFlow(): Promise<IdentityFlow> {
+  const probe = probeKeyring();
+  if (!probe.ok) {
+    throw new Error(
+      `keyring backend unavailable: ${probe.error ?? 'unknown'} — run \`athsra doctor\` for setup instructions (apt install + dbus).`,
+    );
+  }
+  const existing = loadConfig();
+  const workerUrl = process.env.ATHSRA_WORKER_URL ?? existing?.workerUrl ?? DEFAULT_WORKER_URL;
+  const machineId = existing?.machineId ?? `${hostname()}-${Date.now().toString(36)}`;
+
+  const client = new AthsraClient(workerUrl);
+  if (!(await client.health())) {
+    throw new Error(`worker unreachable: ${workerUrl}`);
+  }
+
+  const deviceKp = generateDeviceKeypair();
+  const fingerprint = deviceKeyFingerprint(deviceKp.publicKey);
+  const dc = await client.deviceCode({
+    kind: 'user',
+    devicePublicKey: toBase64(deviceKp.publicKey),
+    label: machineId,
+  });
+
+  return {
+    client,
+    workerUrl,
+    machineId,
+    existingCreatedAt: existing?.createdAt,
+    devicePrivateKey: deviceKp.privateKey,
+    fingerprint,
+    deviceCode: dc.device_code,
+    userCode: dc.user_code,
+    verificationUriComplete: dc.verification_uri_complete,
+    expiresAt: Date.now() + dc.expires_in * 1000,
+    intervalMs: Math.max(1, dc.interval) * 1000,
+  };
+}
+
+export type PollStep =
+  | { step: 'token'; result: Extract<DevicePollResult, { status: 'token' }> }
+  | { step: 'pending' }
+  | { step: 'slow_down' }
+  | { step: 'denied' }
+  | { step: 'expired' }
+  /** 네트워크/일시 오류 — pending 취급 (다음 tick 재시도). */
+  | { step: 'network' };
+
+/** poll 1회 — MCP login_status 의 단발 step. 블로킹 루프는 runDevicePollLoop. */
+export async function pollDeviceTokenOnce(
+  client: AthsraClient,
+  deviceCode: string,
+): Promise<PollStep> {
+  let result: DevicePollResult;
+  try {
+    result = await client.devicePollToken(deviceCode);
+  } catch {
+    return { step: 'network' };
+  }
+  if (result.status === 'token') return { step: 'token', result };
+  if (result.error === 'access_denied') return { step: 'denied' };
+  if (result.error === 'expired_token') return { step: 'expired' };
+  if (result.error === 'slow_down') return { step: 'slow_down' };
+  return { step: 'pending' };
+}
+
+const sleep = (ms: number): Promise<void> => new Promise((r) => setTimeout(r, ms));
+
+/**
+ * 블로킹 poll 루프 (CLI) — token/denied/expired 또는 deadline 까지 반복.
+ * slow_down 시 interval +5s (RFC 8628). onTick 은 진행 표시('.') 용.
+ */
+export async function runDevicePollLoop(
+  client: AthsraClient,
+  deviceCode: string,
+  opts: { intervalMs: number; expiresAt: number; onTick?: () => void },
+): Promise<Extract<PollStep, { step: 'token' | 'denied' | 'expired' }> | { step: 'timeout' }> {
+  let interval = opts.intervalMs;
+  while (Date.now() < opts.expiresAt) {
+    await sleep(interval);
+    const r = await pollDeviceTokenOnce(client, deviceCode);
+    if (r.step === 'token' || r.step === 'denied' || r.step === 'expired') return r;
+    if (r.step === 'slow_down') interval += 5000;
+    opts.onTick?.();
+  }
+  return { step: 'timeout' };
+}
+
+/**
+ * identity 승인 완료 처리: sealed unseal(user_id 대조 — 키 혼선 차단) → keyring
+ * identity-priv + token → config.userId. master pw 는 이 기기에 절대 없음 (D-2).
+ */
+export async function completeIdentityLogin(args: {
+  result: UserTokenResult;
+  devicePrivateKey: Uint8Array;
+  machineId: string;
+  workerUrl: string;
+  existingCreatedAt?: string;
+}): Promise<{ userId: number }> {
+  const identityPrivB64 = await unsealIdentityKey(
+    args.result.sealedIdentityKey,
+    args.devicePrivateKey,
+    args.result.userId,
+  );
+  setIdentityKey(args.machineId, identityPrivB64);
+  setToken(args.machineId, args.result.token);
+  saveConfig({
+    workerUrl: args.workerUrl,
+    machineId: args.machineId,
+    createdAt: args.existingCreatedAt ?? new Date().toISOString(),
+    userId: args.result.userId,
+  });
+  return { userId: args.result.userId };
+}

package/src/lib/env-format.ts

@@ -5,4 +5,4 @@
  * crypto 패키지가 정본. 이 파일은 CLI 내부 사용처 (get/ls/doctor/run/set/envelope) 의
  * 기존 import 경로 호환을 위한 re-export.
  */
-export { parseEnv, partitionEnv, serializeEnv } from '@athsra/crypto';
+export { buildChildEnv, parseEnv, partitionEnv, serializeEnv } from '@athsra/crypto';

package/src/lib/envelope.ts

@@ -22,6 +22,9 @@ import {
   type SecretEnvelopeV2,
 } from '@athsra/crypto';
 import {
+  addMemberRecipient,
+  createEnvelopeAsMember,
+  createEnvelopeWithSelf,
   decryptEnvelopeAsMember,
   reEncryptAsMember,
   unwrapPrivateKey,
@@ -62,7 +65,54 @@ async function memberRecipientUserId(
   return env.recipients.some((r) => r.id === `member:${me.userId}`) ? me.userId : null;
 }
 
+/**
+ * Phase 5 — master(owner) write 의 member:self 재료 (whoami + getKeys). best-effort: 키 미
+ * provisioning/오프라인이면 null → master-only 폴백(기존 동작 보존, migrate --self 가 다음 기회).
+ */
+async function selfMember(
+  ctx: UserAuthContext,
+): Promise<{ publicKey: Uint8Array; userId: number } | null> {
+  try {
+    const me = await ctx.client.whoami();
+    if (me.userId === undefined) return null;
+    const keyRow = await ctx.client.getKeys();
+    if (!keyRow) return null;
+    return { publicKey: fromBase64(keyRow.public_key), userId: me.userId };
+  } catch {
+    return null;
+  }
+}
+
+/** routine master write 시 member:self 부재면 1회 추가. 403/실패면 env 그대로(body-only 폴백). */
+async function ensureSelfRecipient(
+  ctx: UserAuthContext,
+  env: SecretEnvelopeV2,
+  self: { publicKey: Uint8Array; userId: number } | null,
+): Promise<SecretEnvelopeV2> {
+  if (!self) return env;
+  if (env.recipients.some((r) => r.id === `member:${self.userId}`)) return env;
+  try {
+    return await addMemberRecipient(env, ctx.masterPw, self.publicKey, self.userId);
+  } catch {
+    return env;
+  }
+}
+
 async function decryptEnvelope(env: SecretEnvelopeAny, ctx: AuthContext): Promise<string> {
+  // Phase 5 — identity 모드: master pw 없이 내 X25519 키로 멤버 경로 복호 (member:me recipient).
+  if (ctx.kind === 'identity') {
+    if (env.version !== 2) {
+      throw new Error(
+        'identity 로그인은 envelope v2 만 복호 가능 — master pw 머신에서 `athsra set` 1회로 v1→v2 마이그레이션 필요.',
+      );
+    }
+    if (!env.recipients.some((r) => r.id === `member:${ctx.userId}`)) {
+      throw new Error(
+        '이 시크릿에 내 멤버 recipient 가 없습니다 — master pw 머신에서 `athsra migrate-envelopes --self` 1회 실행 후 재시도.',
+      );
+    }
+    return decryptEnvelopeAsMember(env, ctx.identityPrivateKey, ctx.userId);
+  }
   if (ctx.kind === 'user') {
     if (env.version === 2) {
       try {
@@ -100,8 +150,9 @@ async function decryptEnvelope(env: SecretEnvelopeAny, ctx: AuthContext): Promis
 export async function readPlain(
   ctx: AuthContext,
   project: string,
+  config = 'default',
 ): Promise<Record<string, string> | null> {
-  const env = await ctx.client.getEnvelope(project);
+  const env = await ctx.client.getEnvelope(project, config);
   if (!env) return null;
   const text = await decryptEnvelope(env, ctx);
   return parseEnv(text);
@@ -116,30 +167,67 @@ export async function writePlain(
   ctx: AuthContext,
   project: string,
   plain: Record<string, string>,
-  opts?: { kdfParams?: KDFParams },
+  opts?: { kdfParams?: KDFParams; config?: string },
 ): Promise<SecretEnvelopeV2> {
-  if (ctx.kind !== 'user') {
+  if (ctx.kind === 'service') {
     throw new Error('service token cannot write envelopes — use a user token (master pw)');
   }
+  const config = opts?.config ?? 'default';
   const serialized = serializeEnv(plain);
 
+  // Phase 5 — identity 모드: master pw 없이 멤버 경로로 본문 재암호(recipients 보존)/신규 생성.
+  if (ctx.kind === 'identity') {
+    if (opts?.kdfParams) {
+      throw new Error('rotate-master 는 master pw 가 필요합니다 (identity 로그인 머신에선 불가).');
+    }
+    const existing = await ctx.client.getEnvelope(project, config);
+    if (existing && existing.version === 2) {
+      if (!existing.recipients.some((r) => r.id === `member:${ctx.userId}`)) {
+        throw new Error(
+          '이 시크릿에 내 멤버 recipient 가 없습니다 — `athsra migrate-envelopes --self` 1회 후 재시도.',
+        );
+      }
+      const env = await reEncryptAsMember(existing, ctx.identityPrivateKey, ctx.userId, serialized);
+      await ctx.client.putEnvelope(project, env, config);
+      return env;
+    }
+    // 신규 프로젝트 — member:self 단독 envelope 생성 (server 의 내 public key 로 wrap).
+    const keyRow = await ctx.client.getKeys();
+    if (!keyRow) {
+      throw new Error('identity key 없음 — `athsra login` 으로 재온보딩 필요.');
+    }
+    const env = await createEnvelopeAsMember(serialized, fromBase64(keyRow.public_key), ctx.userId);
+    await ctx.client.putEnvelope(project, env, config);
+    return env;
+  }
+
+  // Phase 5 — master write 는 가능하면 member:self 동반(identity 로그인 머신이 멤버 경로로 복호하는
+  // substrate). whoami/getKeys best-effort — 실패(키 미provisioning/오프라인)면 master-only 폴백.
+  const self = await selfMember(ctx);
+
   // opts.kdfParams 명시 = rotate-master 의 의도적 reset (ENTERPRISE_KDF 마이그레이션):
-  // 새 envelope 를 만들어 모든 service recipient 를 의도적으로 폐기 (master pw 재확립
-  // = scoped 신뢰 reset). routine write 와 구분되는 유일한 신호.
+  // 새 envelope 를 만들어 모든 service recipient 를 의도적으로 폐기. master(+self) recipient 만.
   if (opts?.kdfParams) {
-    const env = await createEnvelopeV2(serialized, ctx.masterPw, { kdfParams: opts.kdfParams });
-    await ctx.client.putEnvelope(project, env);
+    const env = self
+      ? await createEnvelopeWithSelf(serialized, ctx.masterPw, self.publicKey, self.userId, {
+          kdfParams: opts.kdfParams,
+        })
+      : await createEnvelopeV2(serialized, ctx.masterPw, { kdfParams: opts.kdfParams });
+    await ctx.client.putEnvelope(project, env, config);
     return env;
   }
 
   // routine write (set/unset/mcp/sync): 기존 v2 envelope 가 있으면 본문만 재암호화해
   // kdf_params 와 모든 recipient (service token 포함) 를 보존한다. createEnvelopeV2 로
   // 새로 만들면 service recipient 가 silent 삭제되고 kdf 가 DEFAULT(64MB) 로 downgrade 됨.
-  const existing = await ctx.client.getEnvelope(project);
+  // config 전파 필수 — 생략 시 default envelope 를 읽어 다른 환경의 recipient 로 덮어쓰는 버그.
+  const existing = await ctx.client.getEnvelope(project, config);
   if (existing && existing.version === 2) {
     try {
-      const env = await reEncryptEnvelopeBody(existing, ctx.masterPw, serialized);
-      await ctx.client.putEnvelope(project, env);
+      const reenc = await reEncryptEnvelopeBody(existing, ctx.masterPw, serialized);
+      // lazy self-grant: member:self 부재 시 1회 추가 (identity 복호 substrate). 실패=body-only.
+      const env = await ensureSelfRecipient(ctx, reenc, self);
+      await ctx.client.putEnvelope(project, env, config);
       return env;
     } catch (masterErr) {
       // Slice 6c — master(owner) 가 아니면 member 경로: 내 X25519 키로 DEK 얻어 본문만 재암호
@@ -149,14 +237,16 @@ export async function writePlain(
       const priv = await memberPrivateKey(ctx);
       if (!priv) throw masterErr;
       const env = await reEncryptAsMember(existing, priv, memberUserId, serialized);
-      await ctx.client.putEnvelope(project, env);
+      await ctx.client.putEnvelope(project, env, config);
       return env;
     }
   }
 
-  // 신규 프로젝트 또는 v1 (recipients[] 없음) → 새 v2 (DEFAULT_KDF). v1 의 enterprise
-  // 마이그레이션은 rotate-master / service-token create (migrateV1ToV2) 경로가 담당.
-  const env = await createEnvelopeV2(serialized, ctx.masterPw);
-  await ctx.client.putEnvelope(project, env);
+  // 신규 프로젝트 또는 v1 (recipients[] 없음) → 새 v2 (DEFAULT_KDF). master(+self) recipient.
+  // v1 의 enterprise 마이그레이션은 rotate-master / service-token create (migrateV1ToV2) 가 담당.
+  const env = self
+    ? await createEnvelopeWithSelf(serialized, ctx.masterPw, self.publicKey, self.userId)
+    : await createEnvelopeV2(serialized, ctx.masterPw);
+  await ctx.client.putEnvelope(project, env, config);
   return env;
 }

package/src/lib/identity-key.ts

@@ -6,6 +6,7 @@
  * crypto 는 @athsra/crypto/member (subpath — worker 번들 격리).
  */
 import { toBase64 } from '@athsra/crypto';
+import { parseSealedBox, unseal } from '@athsra/crypto/device';
 import { generateIdentityKeypair, unwrapPrivateKey, wrapPrivateKey } from '@athsra/crypto/member';
 import type { AthsraClient, IdentityKeyRewrap } from './client.ts';
 
@@ -57,3 +58,23 @@ export async function rewrapForRotation(
     kdf_params: rewrapped.kdfParams,
   };
 }
+
+/**
+ * Phase 5 — device-login(identity) poll 의 sealed_identity_key(SealedBox JSON)를 디바이스 privkey
+ * 로 unseal → identity private key (base64). payload.user_id 를 poll 응답 user_id 와 대조해 키
+ * 혼선/스왑을 수령 시점에 차단한다. 변조·타 디바이스 키·user_id 불일치는 전부 throw.
+ */
+export async function unsealIdentityKey(
+  sealedJson: string,
+  devicePrivateKey: Uint8Array,
+  expectedUserId: number,
+): Promise<string> {
+  const box = parseSealedBox(sealedJson);
+  const payload = await unseal(box, devicePrivateKey);
+  if (payload.user_id !== expectedUserId) {
+    throw new Error(
+      `sealed identity user_id 불일치 (${payload.user_id} ≠ ${expectedUserId}) — 재시도 또는 \`athsra login\`.`,
+    );
+  }
+  return payload.identity_private_key;
+}

package/src/lib/keyring.ts

@@ -72,6 +72,31 @@ export function clearDeviceToken(project: string): void {
   }
 }
 
+/**
+ * Phase 5 (2026-06-12) — identity 디바이스 모드. `athsra login`(identity) 이 device flow 로
+ * 수령·unseal 한 identity X25519 private key (base64 32B) 를 머신 전역 slot 에 저장. master pw 가
+ * 이 머신에 없어도 멤버 경로로 envelope 복호. loadAuthContext 의 identity 모드가 조회.
+ */
+export function setIdentityKey(machineId: string, privateKeyB64: string): void {
+  entry(`identity-priv:${machineId}`).setPassword(privateKeyB64);
+}
+
+export function getIdentityKey(machineId: string): string | null {
+  try {
+    return entry(`identity-priv:${machineId}`).getPassword();
+  } catch {
+    return null;
+  }
+}
+
+export function clearIdentityKey(machineId: string): void {
+  try {
+    entry(`identity-priv:${machineId}`).deletePassword();
+  } catch {
+    /* ignore */
+  }
+}
+
 export interface ProbeResult {
   ok: boolean;
   error?: string;