@badgerclaw/connect 1.1.2 → 1.1.3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@badgerclaw/connect",
-  "version": "1.1.2",
+  "version": "1.1.3",
   "description": "BadgerClaw channel plugin for OpenClaw",
   "type": "module",
   "dependencies": {

package/src/matrix/client/backup.ts

@@ -1,7 +1,8 @@
 import type { MatrixClient } from "@vector-im/matrix-bot-sdk";
-import { appendFileSync, mkdirSync } from "node:fs";
+import { appendFileSync, writeFileSync, mkdirSync } from "node:fs";
 import { homedir } from "node:os";
 import { join } from "node:path";
+import { generateKeyPairSync } from "node:crypto";
 import { getMatrixLogService } from "../sdk-runtime.js";
 
 export type KeyBackupStatus = {
@@ -10,19 +11,12 @@ export type KeyBackupStatus = {
   deviceId: string | null;
 };
 
-export async function getEncryptionKeyBackupStatus(
-  client: MatrixClient,
-): Promise<KeyBackupStatus> {
+export async function getEncryptionKeyBackupStatus(client: MatrixClient): Promise<KeyBackupStatus> {
   const LogService = getMatrixLogService();
   try {
     const backupInfo = await client.getKeyBackupVersion();
     const whoami = await client.getWhoAmI();
-    const deviceId = whoami.device_id ?? null;
-    return {
-      enabled: backupInfo !== null,
-      version: backupInfo?.version ?? null,
-      deviceId,
-    };
+    return { enabled: backupInfo !== null, version: backupInfo?.version ?? null, deviceId: whoami.device_id ?? null };
   } catch (err) {
     LogService.warn("MatrixKeyBackup", "Failed to check key backup status:", err);
     return { enabled: false, version: null, deviceId: null };
@@ -33,17 +27,12 @@ export async function setupKeyBackup(client: MatrixClient): Promise<void> {
   const LogService = getMatrixLogService();
 
   let deviceId = "(unknown)";
-  try {
-    const whoami = await client.getWhoAmI();
-    deviceId = whoami.device_id ?? deviceId;
-  } catch {
-    // Non-fatal
-  }
+  try { deviceId = (await client.getWhoAmI()).device_id ?? deviceId; } catch { /* non-fatal */ }
 
   LogService.info("MatrixKeyBackup", `Crypto ready — device ID: ${deviceId}`);
 
   if (!client.crypto) {
-    LogService.info("MatrixKeyBackup", "Crypto client not available, skipping key backup setup");
+    LogService.info("MatrixKeyBackup", "Crypto not available, skipping backup setup");
     return;
   }
 
@@ -51,45 +40,52 @@ export async function setupKeyBackup(client: MatrixClient): Promise<void> {
     let backupInfo = await client.getKeyBackupVersion();
 
     if (!backupInfo) {
-      // No backup exists — create one now
-      LogService.info("MatrixKeyBackup", "No key backup found — creating server-side key backup");
-      try {
-        backupInfo = await (client as any).signAndCreateKeyBackupVersion({
-          algorithm: "m.megolm_backup.v1.curve25519-aes-sha2",
-          auth_data: {},
-        });
-        LogService.info("MatrixKeyBackup", `Created new key backup version ${backupInfo?.version}`);
-      } catch (createErr) {
-        LogService.warn("MatrixKeyBackup", "Failed to create key backup version:", createErr);
-        return;
-      }
+      LogService.info("MatrixKeyBackup", "No backup found — generating Curve25519 key pair and creating backup version");
+
+      // Generate X25519 (Curve25519) key pair using Node crypto
+      const { publicKey: pubKeyObj, privateKey: privKeyObj } = generateKeyPairSync("x25519");
+      const pubKeyRaw = pubKeyObj.export({ type: "spki", format: "der" }).slice(-32);
+      const privKeyRaw = privKeyObj.export({ type: "pkcs8", format: "der" }).slice(-32);
+      const publicKeyBase64 = pubKeyRaw.toString("base64");
+      const privateKeyBase64 = privKeyRaw.toString("base64");
+
+      // Create the backup version on the server
+      await client.signAndCreateKeyBackupVersion({
+        algorithm: "m.megolm_backup.v1.curve25519-aes-sha2",
+        auth_data: { public_key: publicKeyBase64 },
+      } as any);
+
+      // Save private key for cross-device restore
+      const backupDir = join(homedir(), ".openclaw", "backup");
+      mkdirSync(backupDir, { recursive: true });
+      writeFileSync(
+        join(backupDir, `private-key-${deviceId}.json`),
+        JSON.stringify({ privateKey: privateKeyBase64, deviceId, created: new Date().toISOString() }),
+        { mode: 0o600 }
+      );
+
+      backupInfo = await client.getKeyBackupVersion();
+      LogService.info("MatrixKeyBackup", `Created backup version ${backupInfo?.version}`);
     }
 
     if (!backupInfo) {
-      LogService.warn("MatrixKeyBackup", "Key backup info unavailable after creation attempt");
+      LogService.warn("MatrixKeyBackup", "No backup info after creation attempt");
       return;
     }
 
     await client.crypto.enableKeyBackup(backupInfo);
-    LogService.info(
-      "MatrixKeyBackup",
-      `Key backup enabled (version ${backupInfo.version}) on device ${deviceId} — keys will upload automatically`,
-    );
-    _persistBackupRecord(backupInfo.version, deviceId);
+    LogService.info("MatrixKeyBackup", `Backup enabled v${backupInfo.version} on ${deviceId} — uploading room keys`);
+    _persistRecord(backupInfo.version, deviceId);
   } catch (err) {
-    LogService.warn("MatrixKeyBackup", "Key backup setup failed:", err);
+    LogService.warn("MatrixKeyBackup", "Backup setup failed:", err);
   }
 }
 
-function _persistBackupRecord(version: string, deviceId: string): void {
+function _persistRecord(version: string, deviceId: string): void {
   try {
     const dir = join(homedir(), ".openclaw", "backup");
     mkdirSync(dir, { recursive: true });
-    const path = join(dir, "key-backup-record.log");
-    const entry =
-      JSON.stringify({ version, deviceId, timestamp: new Date().toISOString() }) + "\n";
-    appendFileSync(path, entry, "utf8");
-  } catch {
-    // Non-fatal — backup is enabled, record persistence is best-effort
-  }
+    appendFileSync(join(dir, "key-backup-record.log"),
+      JSON.stringify({ version, deviceId, timestamp: new Date().toISOString() }) + "\n");
+  } catch { /* non-fatal */ }
 }