@btc-vision/cli 1.0.0

package/src/commands/KeygenCommand.ts

@@ -0,0 +1,157 @@
+/**
+ * Keygen command - Generate MLDSA keypairs and mnemonics
+ *
+ * @module commands/KeygenCommand
+ */
+
+import { Command } from 'commander';
+import * as fs from 'fs';
+import { BaseCommand } from './BaseCommand.js';
+import { computePublicKeyHash, generateMLDSAKeypair, generateMnemonic } from '../lib/wallet.js';
+import { isValidMldsaLevel } from '../lib/credentials.js';
+
+export class KeygenCommand extends BaseCommand {
+    constructor() {
+        super('keygen', 'Generate cryptographic keys');
+    }
+
+    protected configure(): void {
+        this.command
+            .addCommand(this.createMnemonicCommand())
+            .addCommand(this.createMldsaCommand())
+            .addCommand(this.createInfoCommand());
+    }
+
+    private createMnemonicCommand(): Command {
+        return new Command('mnemonic')
+            .description('Generate a new BIP-39 mnemonic phrase')
+            .option('-o, --output <file>', 'Write mnemonic to file (secure permissions)')
+            .action((options: { output?: string }) => this.handleMnemonic(options));
+    }
+
+    private createMldsaCommand(): Command {
+        return new Command('mldsa')
+            .description('Generate a standalone MLDSA keypair')
+            .option('-l, --level <level>', 'MLDSA security level (44, 65, 87)', '44')
+            .option('-o, --output <prefix>', 'Write keys to files with prefix')
+            .option('--json', 'Output as JSON')
+            .action((options: { level: string; output?: string; json?: boolean }) => {
+                this.handleMldsa(options);
+            });
+    }
+
+    private createInfoCommand(): Command {
+        return new Command('info')
+            .description('Show information about MLDSA key sizes')
+            .action(() => this.handleInfo());
+    }
+
+    private handleMnemonic(options: { output?: string }): void {
+        try {
+            const mnemonic = generateMnemonic();
+
+            if (options.output) {
+                fs.writeFileSync(options.output, mnemonic + '\n', { mode: 0o600 });
+                this.logger.success(`Mnemonic saved to: ${options.output}`);
+                this.logger.warn('Keep this file secure and backed up!');
+            } else {
+                this.logger.info('\nNew BIP-39 Mnemonic Phrase:\n');
+                this.logger.log(mnemonic);
+                this.logger.log('');
+                this.logger.warn('IMPORTANT: Write down these words and store them securely.');
+                this.logger.warn('Anyone with this phrase can access your wallet.');
+                this.logger.warn('Never share this phrase with anyone.');
+            }
+        } catch (error) {
+            this.exitWithError(this.formatError(error));
+        }
+    }
+
+    private handleMldsa(options: { level: string; output?: string; json?: boolean }): void {
+        try {
+            const levelNum = parseInt(options.level, 10);
+            if (!isValidMldsaLevel(levelNum)) {
+                this.exitWithError(`Invalid MLDSA level: ${options.level}. Valid: 44, 65, 87`);
+                return; // Unreachable, but helps TypeScript
+            }
+
+            this.logger.info(`Generating MLDSA-${levelNum} keypair...`);
+
+            const keypair = generateMLDSAKeypair(levelNum);
+            const publicKeyHash = computePublicKeyHash(keypair.publicKey);
+
+            if (options.output) {
+                const privateKeyPath = `${options.output}.private.key`;
+                const publicKeyPath = `${options.output}.public.key`;
+
+                fs.writeFileSync(privateKeyPath, keypair.privateKey.toString('hex') + '\n', {
+                    mode: 0o600,
+                });
+                fs.writeFileSync(publicKeyPath, keypair.publicKey.toString('hex') + '\n', {
+                    mode: 0o644,
+                });
+
+                this.logger.success('Keys generated successfully!');
+                this.logger.info(`  Private key: ${privateKeyPath}`);
+                this.logger.info(`  Public key:  ${publicKeyPath}`);
+                this.logger.log('');
+                this.logger.log(`Public Key Hash: ${publicKeyHash}`);
+                this.logger.log('');
+                this.logger.warn('IMPORTANT: Keep the private key secure!');
+            } else if (options.json) {
+                const output = {
+                    level: levelNum,
+                    privateKey: keypair.privateKey.toString('hex'),
+                    publicKey: keypair.publicKey.toString('hex'),
+                    publicKeyHash,
+                    privateKeySize: keypair.privateKey.length,
+                    publicKeySize: keypair.publicKey.length,
+                };
+                this.logger.log(JSON.stringify(output, null, 2));
+            } else {
+                this.logger.info(`\nMLDSA-${levelNum} Keypair:\n`);
+                this.logger.log(`Public Key Hash: ${publicKeyHash}`);
+                this.logger.log(`Public Key Size: ${keypair.publicKey.length} bytes`);
+                this.logger.log(`Private Key Size: ${keypair.privateKey.length} bytes`);
+                this.logger.log('');
+                this.logger.log('Public Key (hex):');
+                this.logger.log(keypair.publicKey.toString('hex'));
+                this.logger.log('');
+                this.logger.log('Private Key (hex):');
+                this.logger.log(keypair.privateKey.toString('hex'));
+                this.logger.log('');
+                this.logger.warn('IMPORTANT: Store the private key securely!');
+                this.logger.warn('Use --output <prefix> to save to files.');
+            }
+        } catch (error) {
+            this.exitWithError(this.formatError(error));
+        }
+    }
+
+    private handleInfo(): void {
+        this.logger.info('\nMLDSA Key Sizes:\n');
+        this.logger.log('─'.repeat(60));
+        this.logger.log(
+            `${'Level'.padEnd(12)}${'Public Key'.padEnd(15)}${'Private Key'.padEnd(15)}${'Signature'.padEnd(15)}`,
+        );
+        this.logger.log('─'.repeat(60));
+        this.logger.log(
+            `${'MLDSA-44'.padEnd(12)}${'1,312 bytes'.padEnd(15)}${'2,560 bytes'.padEnd(15)}${'2,420 bytes'.padEnd(15)}`,
+        );
+        this.logger.log(
+            `${'MLDSA-65'.padEnd(12)}${'1,952 bytes'.padEnd(15)}${'4,032 bytes'.padEnd(15)}${'3,309 bytes'.padEnd(15)}`,
+        );
+        this.logger.log(
+            `${'MLDSA-87'.padEnd(12)}${'2,592 bytes'.padEnd(15)}${'4,896 bytes'.padEnd(15)}${'4,627 bytes'.padEnd(15)}`,
+        );
+        this.logger.log('─'.repeat(60));
+        this.logger.log('');
+        this.logger.log('Security levels:');
+        this.logger.log('  MLDSA-44: ~128-bit security (fastest, smallest)');
+        this.logger.log('  MLDSA-65: ~192-bit security (balanced)');
+        this.logger.log('  MLDSA-87: ~256-bit security (highest security)');
+        this.logger.log('');
+    }
+}
+
+export const keygenCommand = new KeygenCommand().getCommand();

package/src/commands/ListCommand.ts

@@ -0,0 +1,169 @@
+/**
+ * List command - List installed plugins
+ *
+ * @module commands/ListCommand
+ */
+
+import * as fs from 'fs';
+import * as path from 'path';
+import { BaseCommand } from './BaseCommand.js';
+import { formatFileSize, parseOpnetBinary } from '../lib/binary.js';
+import { CLIMldsaLevel } from '../types/index.js';
+
+interface ListOptions {
+    dir?: string;
+    json?: boolean;
+    verbose?: boolean;
+}
+
+interface PluginInfo {
+    file: string;
+    name: string;
+    version: string;
+    type: string;
+    size: number;
+    signed: boolean;
+    mldsaLevel: CLIMldsaLevel;
+    author: string;
+    description?: string;
+}
+
+export class ListCommand extends BaseCommand {
+    constructor() {
+        super('list', 'List installed plugins');
+    }
+
+    protected configure(): void {
+        this.command
+            .alias('ls')
+            .option('-d, --dir <path>', 'Plugins directory (default: ./plugins/)')
+            .option('--json', 'Output as JSON')
+            .option('-v, --verbose', 'Show detailed information')
+            .action((options?: ListOptions) => this.execute(options));
+    }
+
+    private execute(options?: ListOptions): void {
+        try {
+            const pluginsDir = options?.dir || path.join(process.cwd(), 'plugins');
+
+            if (!fs.existsSync(pluginsDir)) {
+                if (options?.json) {
+                    this.logger.log(JSON.stringify({ plugins: [], directory: pluginsDir }));
+                } else {
+                    this.logger.warn('No plugins directory found.');
+                    this.logger.info(`Expected: ${pluginsDir}`);
+                }
+                return;
+            }
+
+            // Find all .opnet files
+            const files = fs.readdirSync(pluginsDir).filter((f) => f.endsWith('.opnet'));
+
+            if (files.length === 0) {
+                if (options?.json) {
+                    this.logger.log(JSON.stringify({ plugins: [], directory: pluginsDir }));
+                } else {
+                    this.logger.warn('No plugins installed.');
+                }
+                return;
+            }
+
+            const plugins: PluginInfo[] = [];
+
+            // Parse each plugin
+            for (const file of files) {
+                const filePath = path.join(pluginsDir, file);
+
+                try {
+                    const data = fs.readFileSync(filePath);
+                    const parsed = parseOpnetBinary(data);
+                    const isUnsigned = parsed.publicKey.every((b) => b === 0);
+                    const mldsaLevel = ([44, 65, 87] as const)[parsed.mldsaLevel];
+
+                    plugins.push({
+                        file,
+                        name: parsed.metadata.name,
+                        version: parsed.metadata.version,
+                        type: parsed.metadata.pluginType,
+                        size: data.length,
+                        signed: !isUnsigned,
+                        mldsaLevel,
+                        author: parsed.metadata.author.name,
+                        description: parsed.metadata.description,
+                    });
+                } catch {
+                    plugins.push({
+                        file,
+                        name: '(invalid)',
+                        version: '-',
+                        type: '-',
+                        size: fs.statSync(filePath).size,
+                        signed: false,
+                        mldsaLevel: 44,
+                        author: '-',
+                    });
+                }
+            }
+
+            // Sort by name
+            plugins.sort((a, b) => a.name.localeCompare(b.name));
+
+            if (options?.json) {
+                this.logger.log(JSON.stringify({ plugins, directory: pluginsDir }, null, 2));
+                return;
+            }
+
+            // Display
+            this.logger.info('\nInstalled Plugins\n');
+            this.logger.info(`Directory: ${pluginsDir}`);
+            this.logger.log('');
+
+            if (options?.verbose) {
+                // Detailed list
+                for (const plugin of plugins) {
+                    this.logger.info('─'.repeat(60));
+                    this.logger.info(`${plugin.name} @ ${plugin.version}`);
+                    this.logger.info(`  Type:      ${plugin.type}`);
+                    this.logger.info(`  Size:      ${formatFileSize(plugin.size)}`);
+                    this.logger.info(`  Signed:    ${plugin.signed ? 'Yes' : 'No'}`);
+                    this.logger.info(`  MLDSA:     ${plugin.mldsaLevel}`);
+                    this.logger.info(`  Author:    ${plugin.author}`);
+                    if (plugin.description) {
+                        this.logger.info(`  Desc:      ${plugin.description}`);
+                    }
+                    this.logger.info(`  File:      ${plugin.file}`);
+                }
+            } else {
+                // Simple table
+                const nameWidth = Math.max(20, ...plugins.map((p) => p.name.length)) + 2;
+                const versionWidth = 12;
+                const typeWidth = 12;
+                const sizeWidth = 10;
+
+                this.logger.info(
+                    'Name'.padEnd(nameWidth) +
+                        'Version'.padEnd(versionWidth) +
+                        'Type'.padEnd(typeWidth) +
+                        'Size'.padEnd(sizeWidth) +
+                        'Signed',
+                );
+                this.logger.info('─'.repeat(nameWidth + versionWidth + typeWidth + sizeWidth + 8));
+
+                for (const plugin of plugins) {
+                    const signedText = plugin.signed ? 'Yes' : 'No';
+                    this.logger.info(
+                        `${plugin.name.padEnd(nameWidth)}${plugin.version.padEnd(versionWidth)}${plugin.type.padEnd(typeWidth)}${formatFileSize(plugin.size).padEnd(sizeWidth)}${signedText}`,
+                    );
+                }
+            }
+
+            this.logger.log('');
+            this.logger.info(`Total: ${plugins.length} plugin${plugins.length === 1 ? '' : 's'}`);
+            this.logger.log('');
+        } catch (error) {
+            this.exitWithError(this.formatError(error));
+        }
+    }
+}
+
+export const listCommand = new ListCommand().getCommand();

package/src/commands/LoginCommand.ts

@@ -0,0 +1,197 @@
+/**
+ * Login command - Configure wallet credentials
+ *
+ * @module commands/LoginCommand
+ */
+
+import { confirm, password, select } from '@inquirer/prompts';
+import { BaseCommand } from './BaseCommand.js';
+import { isValidMldsaLevel, isValidNetwork, saveCredentials } from '../lib/credentials.js';
+import { CLIWallet, validateMnemonic } from '../lib/wallet.js';
+import { CLICredentials, CLIMldsaLevel, NetworkName } from '../types/index.js';
+
+interface LoginOptions {
+    mnemonic?: string;
+    wif?: string;
+    mldsa?: string;
+    mldsaLevel: string;
+    network: string;
+}
+
+export class LoginCommand extends BaseCommand {
+    constructor() {
+        super('login', 'Configure wallet credentials for signing and publishing');
+    }
+
+    protected configure(): void {
+        this.command
+            .option('-m, --mnemonic <phrase>', 'BIP-39 mnemonic phrase (12 or 24 words)')
+            .option('--wif <key>', 'Bitcoin WIF private key (advanced)')
+            .option('--mldsa <key>', 'MLDSA private key hex (advanced, requires --wif)')
+            .option('-l, --mldsa-level <level>', 'MLDSA security level (44, 65, 87)', '44')
+            .option('-n, --network <network>', 'Network (mainnet, testnet, regtest)', 'mainnet')
+            .action((options: LoginOptions) => this.execute(options));
+    }
+
+    private async execute(options: LoginOptions): Promise<void> {
+        try {
+            const credentials = await this.buildCredentials(options);
+
+            // Load wallet to display identity info
+            this.logger.info('Deriving wallet...');
+            const wallet = CLIWallet.fromCredentials(credentials);
+
+            // Display wallet identity for user verification
+            this.logger.log('');
+            this.logger.info('Wallet Identity');
+            this.logger.log('─'.repeat(50));
+            this.logger.log(`Network:           ${credentials.network}`);
+            this.logger.log(`MLDSA Level:       MLDSA-${credentials.mldsaLevel}`);
+            this.logger.log(`P2TR Address:      ${wallet.p2trAddress}`);
+            this.logger.log(`MLDSA PubKey Hash: ${wallet.mldsaPublicKeyHash.substring(0, 32)}...`);
+            this.logger.log('─'.repeat(50));
+            this.logger.log('');
+
+            // Always require confirmation
+            this.logger.warn('Credentials will be stored at ~/.opnet/credentials.json');
+            this.logger.warn('with restricted permissions (owner read/write only).');
+            this.logger.log('');
+
+            const confirmed = await confirm({
+                message: 'Is this the correct wallet? Save credentials?',
+                default: true,
+            });
+
+            if (!confirmed) {
+                this.logger.warn('Login cancelled.');
+                return;
+            }
+
+            saveCredentials(credentials);
+
+            this.logger.log('');
+            this.logger.success('Credentials saved successfully!');
+        } catch (error) {
+            if (this.isUserCancelled(error)) {
+                this.logger.warn('Login cancelled.');
+                process.exit(0);
+            }
+            this.exitWithError(this.formatError(error));
+        }
+    }
+
+    private async buildCredentials(options: LoginOptions): Promise<CLICredentials> {
+        if (!isValidNetwork(options.network)) {
+            this.exitWithError(
+                `Invalid network: ${options.network}. Valid: mainnet, testnet, regtest`,
+            );
+            throw new Error('Unreachable'); // Helps TypeScript
+        }
+
+        const mldsaLevelNum = parseInt(options.mldsaLevel, 10);
+        if (!isValidMldsaLevel(mldsaLevelNum)) {
+            this.exitWithError(`Invalid MLDSA level: ${options.mldsaLevel}. Valid: 44, 65, 87`);
+        }
+        const mldsaLevel: CLIMldsaLevel = mldsaLevelNum;
+
+        if (options.mnemonic) {
+            if (!validateMnemonic(options.mnemonic)) {
+                this.exitWithError('Invalid mnemonic phrase');
+            }
+            return { mnemonic: options.mnemonic, mldsaLevel, network: options.network };
+        }
+
+        if (options.wif && options.mldsa) {
+            return {
+                wif: options.wif,
+                mldsaPrivateKey: options.mldsa,
+                mldsaLevel,
+                network: options.network,
+            };
+        }
+
+        return this.interactiveLogin(options.network, mldsaLevel);
+    }
+
+    private async interactiveLogin(
+        defaultNetwork: NetworkName,
+        defaultLevel: CLIMldsaLevel,
+    ): Promise<CLICredentials> {
+        this.logger.info('OPNet Wallet Configuration\n');
+
+        const loginMethod = await select({
+            message: 'How would you like to authenticate?',
+            choices: [
+                {
+                    name: 'Mnemonic phrase (recommended)',
+                    value: 'mnemonic',
+                    description: '12 or 24-word BIP-39 phrase for full key derivation',
+                },
+                {
+                    name: 'WIF + MLDSA keys (advanced)',
+                    value: 'advanced',
+                    description: 'Separate Bitcoin WIF and MLDSA private keys',
+                },
+            ],
+        });
+
+        const selectedNetwork = (await select({
+            message: 'Select network:',
+            choices: [
+                { name: 'Mainnet', value: 'mainnet' },
+                { name: 'Testnet', value: 'testnet' },
+                { name: 'Regtest', value: 'regtest' },
+            ],
+            default: defaultNetwork,
+        })) as NetworkName;
+
+        const selectedLevel = (await select({
+            message: 'Select MLDSA security level:',
+            choices: [
+                {
+                    name: 'MLDSA-44 (Level 2, fastest)',
+                    value: 44,
+                    description: '1312 byte public key',
+                },
+                {
+                    name: 'MLDSA-65 (Level 3, balanced)',
+                    value: 65,
+                    description: '1952 byte public key',
+                },
+                {
+                    name: 'MLDSA-87 (Level 5, most secure)',
+                    value: 87,
+                    description: '2592 byte public key',
+                },
+            ],
+            default: defaultLevel,
+        })) as CLIMldsaLevel;
+
+        if (loginMethod === 'mnemonic') {
+            const mnemonic = await password({
+                message: 'Enter your mnemonic phrase (12 or 24 words):',
+                mask: '*',
+                validate: (value) => {
+                    if (!validateMnemonic(value)) {
+                        return 'Invalid mnemonic phrase. Please enter a valid 12 or 24-word BIP-39 phrase.';
+                    }
+                    return true;
+                },
+            });
+
+            return { mnemonic, mldsaLevel: selectedLevel, network: selectedNetwork };
+        }
+
+        const wif = await password({ message: 'Enter Bitcoin WIF private key:', mask: '*' });
+        const mldsaKey = await password({ message: 'Enter MLDSA private key (hex):', mask: '*' });
+
+        return {
+            wif,
+            mldsaPrivateKey: mldsaKey,
+            mldsaLevel: selectedLevel,
+            network: selectedNetwork,
+        };
+    }
+}
+
+export const loginCommand = new LoginCommand().getCommand();

package/src/commands/LogoutCommand.ts

@@ -0,0 +1,76 @@
+/**
+ * Logout command - Remove stored credentials
+ *
+ * @module commands/LogoutCommand
+ */
+
+import { confirm } from '@inquirer/prompts';
+import { BaseCommand } from './BaseCommand.js';
+import { deleteCredentials, getCredentialSource, hasCredentials } from '../lib/credentials.js';
+
+interface LogoutOptions {
+    yes?: boolean;
+}
+
+export class LogoutCommand extends BaseCommand {
+    constructor() {
+        super('logout', 'Remove stored wallet credentials');
+    }
+
+    protected configure(): void {
+        this.command
+            .option('-y, --yes', 'Skip confirmation prompt')
+            .action((options: LogoutOptions) => this.execute(options));
+    }
+
+    private async execute(options: LogoutOptions): Promise<void> {
+        try {
+            if (!hasCredentials()) {
+                this.logger.warn('No credentials found.');
+                return;
+            }
+
+            const source = getCredentialSource();
+
+            if (source.startsWith('environment')) {
+                this.logger.warn(`Credentials are set via ${source}.`);
+                this.logger.info('To remove them, unset the environment variables:');
+                this.logger.info('  unset OPNET_MNEMONIC');
+                this.logger.info('  unset OPNET_PRIVATE_KEY');
+                this.logger.info('  unset OPNET_MLDSA_KEY');
+                return;
+            }
+
+            if (!options.yes) {
+                this.logger.warn('This will remove your stored credentials from:');
+                this.logger.info(`  ${source}`);
+
+                const confirmed = await confirm({
+                    message: 'Are you sure you want to logout?',
+                    default: false,
+                });
+
+                if (!confirmed) {
+                    this.logger.warn('Logout cancelled.');
+                    return;
+                }
+            }
+
+            const deleted = deleteCredentials();
+
+            if (deleted) {
+                this.logger.success('Credentials removed successfully.');
+            } else {
+                this.logger.warn('No credentials file found to remove.');
+            }
+        } catch (error) {
+            if (this.isUserCancelled(error)) {
+                this.logger.warn('Logout cancelled.');
+                process.exit(0);
+            }
+            this.exitWithError(this.formatError(error));
+        }
+    }
+}
+
+export const logoutCommand = new LogoutCommand().getCommand();