@cello-protocol/daemon 0.0.8 → 0.0.10

package/dist/sqlcipher-db.js

@@ -0,0 +1,259 @@
+/**
+ * CELLO-M7-PERSIST-002 — the daemon's single encrypted store (DEC-1).
+ *
+ * The daemon DB is a SQLCipher database (whole-file AES-256 at rest). This module is the ONE
+ * engine site: it loads @signalapp/sqlcipher (prebuilt — DEC-1; no compile), opens the DB with a
+ * PRAGMA key, verifies the key, enables WAL, and presents a thin `DaemonDatabase` adapter so the
+ * rest of the daemon (SessionNodeManager, RetryQueue, NonceDedupStore) keeps its node:sqlite-style
+ * varargs call sites unchanged.
+ *
+ * Why an adapter: node:sqlite's `DatabaseSync` uses varargs (`stmt.run(a, b, c)`); @signalapp's
+ * better-sqlite3-style API takes an array (`stmt.run([a, b, c])`). The `DaemonDatabase` /
+ * `DaemonStatement` interfaces expose the varargs surface — node:sqlite's `DatabaseSync` structurally
+ * satisfies them too (used for in-memory test handles and for reading a legacy plaintext DB during
+ * migration), and `SqlcipherDatabase` implements them by forwarding varargs as an array.
+ *
+ * Key custody (DEC-2/DEC-4): the SQLCipher key is a standalone random 32-byte 0600 key file beside
+ * the DB. It is NOT derived from K_local (chicken-and-egg — K_local now lives inside the DB). It is
+ * the single plaintext key file and replaces the old `sessions.db.transcript-key`.
+ *
+ * Fail closed (SI-002/AC-011): there is no plaintext fallback anywhere. A wrong/missing key on an
+ * existing DB throws `db_encryption_key_mismatch`; the daemon never opens, creates, or migrates to a
+ * plaintext store as a fallback.
+ *
+ * Security invariants:
+ *   SI-001: the db key is NEVER logged, serialized, or placed in an error message — only the raw
+ *           `PRAGMA key` string uses the hex, and that string is never logged.
+ *   SI-003 (M6B-005 parity): WAL mode is enabled only AFTER key verification, so WAL files are
+ *           encrypted at rest.
+ */
+import { createRequire } from "node:module";
+import { existsSync, readFileSync, readSync, openSync, writeSync, fsyncSync, closeSync, renameSync, mkdirSync, unlinkSync, } from "node:fs";
+import { randomBytes } from "node:crypto";
+import { dirname, join } from "node:path";
+const DB_KEY_BYTES = 32; // AES-256
+export class DbEncryptionError extends Error {
+    code;
+    /** Actionable next step surfaced to the operator (never contains key material). */
+    guidance;
+    constructor(code, message, guidance) {
+        super(message);
+        this.name = "DbEncryptionError";
+        this.code = code;
+        this.guidance = guidance;
+    }
+}
+// ─── The varargs→array adapter ──────────────────────────────────────────────────
+class SqlcipherStatement {
+    #inner;
+    constructor(inner) {
+        this.#inner = inner;
+    }
+    run(...params) {
+        return this.#inner.run(params);
+    }
+    get(...params) {
+        return this.#inner.get(params);
+    }
+    all(...params) {
+        return this.#inner.all(params);
+    }
+}
+class SqlcipherDatabase {
+    #inner;
+    constructor(inner) {
+        this.#inner = inner;
+    }
+    exec(sql) {
+        this.#inner.exec(sql);
+    }
+    prepare(sql) {
+        return new SqlcipherStatement(this.#inner.prepare(sql));
+    }
+    pragma(source, options) {
+        return this.#inner.pragma(source, options);
+    }
+    close() {
+        this.#inner.close();
+    }
+}
+// ─── The raw SQLite magic — used to distinguish a plaintext DB from an encrypted one ──
+// A plaintext SQLite file begins with "SQLite format 3\0". A SQLCipher database encrypts the
+// header too, so its first bytes are ciphertext and never match. The migration path (PERSIST-002
+// Unit 6) uses this to detect a pre-story plaintext DB that must be migrated.
+const SQLITE_MAGIC = Buffer.concat([Buffer.from("SQLite format 3", "latin1"), Buffer.from([0x00])]);
+/** True when the file at `dbPath` exists and is an UNENCRYPTED node:sqlite database. */
+export function isPlaintextSqliteFile(dbPath) {
+    if (!existsSync(dbPath))
+        return false;
+    const head = Buffer.alloc(SQLITE_MAGIC.length);
+    try {
+        const fd = openSync(dbPath, "r");
+        try {
+            // Read exactly the header bytes — never slurp the whole (possibly very large) DB into RAM.
+            const bytesRead = readSync(fd, head, 0, SQLITE_MAGIC.length, 0);
+            if (bytesRead < SQLITE_MAGIC.length)
+                return false;
+        }
+        finally {
+            closeSync(fd);
+        }
+    }
+    catch {
+        return false;
+    }
+    return head.equals(SQLITE_MAGIC);
+}
+// ─── Key custody (DEC-2/DEC-4) ───────────────────────────────────────────────────
+/**
+ * Resolve the SQLCipher key, generating it on a genuinely fresh install only.
+ *
+ * Fail-closed matrix (SI-002/AC-011):
+ *   key present                      → load it (must be 32 bytes).
+ *   key absent + DB absent           → generate + persist (0600), proceed (fresh install).
+ *   key absent + DB present          → THROW db_encryption_key_mismatch (never overwrite an
+ *                                      existing DB with a new key — that would be data loss; and
+ *                                      a pre-story PLAINTEXT DB must be migrated first, not opened).
+ */
+export function resolveDbKey(dbPath, keyPath) {
+    if (existsSync(keyPath)) {
+        const key = readFileSync(keyPath);
+        if (key.length !== DB_KEY_BYTES) {
+            throw new DbEncryptionError("db_encryption_key_mismatch", `SQLCipher key file is ${key.length} bytes, expected ${DB_KEY_BYTES}`, `The key file at ${keyPath} is malformed. Restore it from backup or remove it only if the database is also gone.`);
+        }
+        return new Uint8Array(key);
+    }
+    if (existsSync(dbPath)) {
+        throw new DbEncryptionError("db_encryption_key_mismatch", `database exists at ${dbPath} but its SQLCipher key file is missing`, `The encrypted database cannot be opened without its key file (${keyPath}). Restore the key file from backup. The daemon will not create a new plaintext store.`);
+    }
+    // Fresh install: generate and persist the key atomically with 0600.
+    const key = randomBytes(DB_KEY_BYTES);
+    const keyDir = dirname(keyPath);
+    mkdirSync(keyDir, { recursive: true, mode: 0o700 });
+    const tmp = join(keyDir, `.cello-dbkey-tmp-${process.pid}-${randomBytes(6).toString("hex")}`);
+    const fd = openSync(tmp, "wx", 0o600);
+    try {
+        writeSync(fd, key);
+        fsyncSync(fd);
+    }
+    catch (err) {
+        // Never leave a stray plaintext key fragment on disk if the write/fsync failed partway
+        // (SI-001: the only plaintext key on disk is the one sanctioned key file).
+        closeSync(fd);
+        try {
+            unlinkSync(tmp);
+        }
+        catch {
+            /* ignore */
+        }
+        throw err;
+    }
+    closeSync(fd);
+    try {
+        renameSync(tmp, keyPath);
+    }
+    catch (err) {
+        try {
+            unlinkSync(tmp);
+        }
+        catch {
+            /* ignore */
+        }
+        throw err;
+    }
+    // Durability of the rename itself (parent-dir fsync) so a crash right after a fresh install can't
+    // lose the key while the encrypted DB exists. Best-effort — some platforms reject dir fsync.
+    try {
+        const dfd = openSync(keyDir, "r");
+        try {
+            fsyncSync(dfd);
+        }
+        finally {
+            closeSync(dfd);
+        }
+    }
+    catch {
+        /* directory fsync is best-effort */
+    }
+    return new Uint8Array(key);
+}
+// ─── Open ────────────────────────────────────────────────────────────────────────
+function loadSignalModule() {
+    const require = createRequire(import.meta.url);
+    try {
+        return require("@signalapp/sqlcipher");
+    }
+    catch (err) {
+        const reason = err instanceof Error ? err.message : String(err);
+        throw new DbEncryptionError("db_sqlcipher_unavailable", `SQLCipher native module unavailable: ${reason}`, "The @signalapp/sqlcipher prebuilt binary failed to load for this platform. Reinstall the CELLO client.");
+    }
+}
+/**
+ * Open `dbPath` as a SQLCipher database keyed by `dbKey`. Verifies the key (reads sqlite_master)
+ * and enables WAL after verification. Throws DbEncryptionError on any failure — never returns a
+ * plaintext handle (SI-002).
+ */
+export function openEncryptedDatabase(dbPath, dbKey, logger) {
+    const mod = loadSignalModule();
+    const Ctor = mod.Database ?? mod.default;
+    let inner;
+    try {
+        inner = new Ctor(dbPath);
+    }
+    catch (err) {
+        const reason = err instanceof Error ? err.message : String(err);
+        throw new DbEncryptionError("db_open_failed", reason, `Could not open the database file at ${dbPath}.`);
+    }
+    // SI-001: set the key OUTSIDE the message-bearing try below, so the key hex can never reach a
+    // thrown/logged error string even if a future SQLCipher build echoed the pragma source on error.
+    // A well-formed `key` pragma does not throw; a wrong key surfaces at the verify read instead.
+    const keyHex = Buffer.from(dbKey).toString("hex");
+    inner.pragma(`key = "x'${keyHex}'"`);
+    try {
+        // Verify: reading sqlite_master decrypts the header. Wrong key / plaintext file → throws.
+        inner.prepare("SELECT count(*) AS c FROM sqlite_master").get([]);
+    }
+    catch (err) {
+        try {
+            inner.close();
+        }
+        catch {
+            /* ignore */
+        }
+        // Deliberately do NOT echo the underlying SQLITE message into guidance verbatim — but DO log
+        // nothing here (the caller logs). SI-001: no key material in the message.
+        const reason = err instanceof Error ? err.message : String(err);
+        throw new DbEncryptionError("db_encryption_key_mismatch", `database did not decrypt with the supplied key (${reason})`, "The SQLCipher key does not match this database. Restore the correct key file; the daemon will not fall back to a plaintext store.");
+    }
+    // SI-003 (M6B-005 parity): WAL only AFTER key verification, so WAL/SHM files are encrypted.
+    try {
+        const mode = inner.pragma("journal_mode=WAL", { simple: true });
+        if (mode !== "wal") {
+            // Not fatal — SQLCipher encrypts the rollback journal too, so at-rest integrity holds — but
+            // surface it so a permanent non-WAL degradation (e.g. a network filesystem) is not silent.
+            logger?.warn("persist.db.wal.unavailable", { mode: String(mode) });
+        }
+    }
+    catch (err) {
+        logger?.warn("persist.db.wal.unavailable", { error: err instanceof Error ? err.message : String(err) });
+    }
+    return new SqlcipherDatabase(inner);
+}
+/**
+ * Convenience used by tests and tooling: resolve the key file beside `dbPath` and open. Throws if
+ * the key file is absent (it does NOT generate one) — callers inspecting an existing DB always have
+ * the key.
+ */
+export function openEncryptedDatabaseAtPath(dbPath, keyPath) {
+    const kp = keyPath ?? `${dbPath}.key`;
+    if (!existsSync(kp)) {
+        throw new DbEncryptionError("db_encryption_key_mismatch", `SQLCipher key file not found at ${kp}`, "Provide the key file path that was generated beside the database.");
+    }
+    const key = readFileSync(kp);
+    return openEncryptedDatabase(dbPath, new Uint8Array(key));
+}
+/** The key file path the daemon uses for a given DB path (DEC-2: one plaintext key file). */
+export function dbKeyPathFor(dbPath) {
+    return `${dbPath}.key`;
+}
+//# sourceMappingURL=sqlcipher-db.js.map

package/dist/sqlcipher-db.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sqlcipher-db.js","sourceRoot":"","sources":["../src/sqlcipher-db.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EACL,UAAU,EACV,YAAY,EACZ,QAAQ,EACR,QAAQ,EACR,SAAS,EACT,SAAS,EACT,SAAS,EACT,UAAU,EACV,SAAS,EACT,UAAU,GACX,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAE1C,MAAM,YAAY,GAAG,EAAE,CAAC,CAAC,UAAU;AA0BnC,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IACjC,IAAI,CAAc;IAC3B,mFAAmF;IAC1E,QAAQ,CAAS;IAC1B,YAAY,IAAiB,EAAE,OAAe,EAAE,QAAgB;QAC9D,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;QAChC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;CACF;AAwBD,mFAAmF;AAEnF,MAAM,kBAAkB;IACb,MAAM,CAAkB;IACjC,YAAY,KAAsB;QAChC,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;IACtB,CAAC;IACD,GAAG,CAAC,GAAG,MAAiB;QACtB,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;IACD,GAAG,CAAC,GAAG,MAAiB;QACtB,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;IACD,GAAG,CAAC,GAAG,MAAiB;QACtB,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF;AAED,MAAM,iBAAiB;IACZ,MAAM,CAAiB;IAChC,YAAY,KAAqB;QAC/B,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;IACtB,CAAC;IACD,IAAI,CAAC,GAAW;QACd,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACxB,CAAC;IACD,OAAO,CAAC,GAAW;QACjB,OAAO,IAAI,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1D,CAAC;IACD,MAAM,CAAC,MAAc,EAAE,OAA8B;QACnD,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC7C,CAAC;IACD,KAAK;QACH,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;IACtB,CAAC;CACF;AAED,yFAAyF;AACzF,6FAA6F;AAC7F,iGAAiG;AACjG,8EAA8E;AAC9E,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,QAAQ,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;AAEpG,wFAAwF;AACxF,MAAM,UAAU,qBAAqB,CAAC,MAAc;IAClD,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IACtC,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IAC/C,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,QAAQ,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QACjC,IAAI,CAAC;YACH,2FAA2F;YAC3F,MAAM,SAAS,GAAG,QAAQ,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YAChE,IAAI,SAAS,GAAG,YAAY,CAAC,MAAM;gBAAE,OAAO,KAAK,CAAC;QACpD,CAAC;gBAAS,CAAC;YACT,SAAS,CAAC,EAAE,CAAC,CAAC;QAChB,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;AACnC,CAAC;AAED,oFAAoF;AAEpF;;;;;;;;;GASG;AACH,MAAM,UAAU,YAAY,CAAC,MAAc,EAAE,OAAe;IAC1D,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACxB,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;QAClC,IAAI,GAAG,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;YAChC,MAAM,IAAI,iBAAiB,CACzB,4BAA4B,EAC5B,yBAAyB,GAAG,CAAC,MAAM,oBAAoB,YAAY,EAAE,EACrE,mBAAmB,OAAO,uFAAuF,CAClH,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,iBAAiB,CACzB,4BAA4B,EAC5B,sBAAsB,MAAM,wCAAwC,EACpE,iEAAiE,OAAO,wFAAwF,CACjK,CAAC;IACJ,CAAC;IAED,oEAAoE;IACpE,MAAM,GAAG,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;IACtC,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAChC,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACpD,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,oBAAoB,OAAO,CAAC,GAAG,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC9F,MAAM,EAAE,GAAG,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IACtC,IAAI,CAAC;QACH,SAAS,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QACnB,SAAS,CAAC,EAAE,CAAC,CAAC;IAChB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,uFAAuF;QACvF,2EAA2E;QAC3E,SAAS,CAAC,EAAE,CAAC,CAAC;QACd,IAAI,CAAC;YACH,UAAU,CAAC,GAAG,CAAC,CAAC;QAClB,CAAC;QAAC,MAAM,CAAC;YACP,YAAY;QACd,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IACD,SAAS,CAAC,EAAE,CAAC,CAAC;IACd,IAAI,CAAC;QACH,UAAU,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,CAAC;YACH,UAAU,CAAC,GAAG,CAAC,CAAC;QAClB,CAAC;QAAC,MAAM,CAAC;YACP,YAAY;QACd,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IACD,kGAAkG;IAClG,6FAA6F;IAC7F,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAClC,IAAI,CAAC;YACH,SAAS,CAAC,GAAG,CAAC,CAAC;QACjB,CAAC;gBAAS,CAAC;YACT,SAAS,CAAC,GAAG,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,oCAAoC;IACtC,CAAC;IACD,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,oFAAoF;AAEpF,SAAS,gBAAgB;IACvB,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/C,IAAI,CAAC;QACH,OAAO,OAAO,CAAC,sBAAsB,CAAiB,CAAC;IACzD,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,MAAM,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAChE,MAAM,IAAI,iBAAiB,CACzB,0BAA0B,EAC1B,wCAAwC,MAAM,EAAE,EAChD,wGAAwG,CACzG,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,qBAAqB,CACnC,MAAc,EACd,KAAiB,EACjB,MAAyE;IAEzE,MAAM,GAAG,GAAG,gBAAgB,EAAE,CAAC;IAC/B,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,OAAO,CAAC;IAEzC,IAAI,KAAqB,CAAC;IAC1B,IAAI,CAAC;QACH,KAAK,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,MAAM,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAChE,MAAM,IAAI,iBAAiB,CAAC,gBAAgB,EAAE,MAAM,EAAE,uCAAuC,MAAM,GAAG,CAAC,CAAC;IAC1G,CAAC;IAED,8FAA8F;IAC9F,iGAAiG;IACjG,8FAA8F;IAC9F,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAClD,KAAK,CAAC,MAAM,CAAC,YAAY,MAAM,IAAI,CAAC,CAAC;IAErC,IAAI,CAAC;QACH,0FAA0F;QAC1F,KAAK,CAAC,OAAO,CAAC,yCAAyC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACnE,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,IAAI,CAAC;YACH,KAAK,CAAC,KAAK,EAAE,CAAC;QAChB,CAAC;QAAC,MAAM,CAAC;YACP,YAAY;QACd,CAAC;QACD,6FAA6F;QAC7F,0EAA0E;QAC1E,MAAM,MAAM,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAChE,MAAM,IAAI,iBAAiB,CACzB,4BAA4B,EAC5B,mDAAmD,MAAM,GAAG,EAC5D,mIAAmI,CACpI,CAAC;IACJ,CAAC;IAED,4FAA4F;IAC5F,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC,kBAAkB,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;QAChE,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;YACnB,4FAA4F;YAC5F,2FAA2F;YAC3F,MAAM,EAAE,IAAI,CAAC,4BAA4B,EAAE,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,EAAE,IAAI,CAAC,4BAA4B,EAAE,EAAE,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC1G,CAAC;IAED,OAAO,IAAI,iBAAiB,CAAC,KAAK,CAAC,CAAC;AACtC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,2BAA2B,CAAC,MAAc,EAAE,OAAgB;IAC1E,MAAM,EAAE,GAAG,OAAO,IAAI,GAAG,MAAM,MAAM,CAAC;IACtC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,EAAE,CAAC;QACpB,MAAM,IAAI,iBAAiB,CACzB,4BAA4B,EAC5B,mCAAmC,EAAE,EAAE,EACvC,mEAAmE,CACpE,CAAC;IACJ,CAAC;IACD,MAAM,GAAG,GAAG,YAAY,CAAC,EAAE,CAAC,CAAC;IAC7B,OAAO,qBAAqB,CAAC,MAAM,EAAE,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;AAC5D,CAAC;AAED,6FAA6F;AAC7F,MAAM,UAAU,YAAY,CAAC,MAAc;IACzC,OAAO,GAAG,MAAM,MAAM,CAAC;AACzB,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cello-protocol/daemon",
-  "version": "0.0.8",
+  "version": "0.0.10",
   "private": false,
   "type": "module",
   "engines": {
@@ -27,11 +27,12 @@
   ],
   "dependencies": {
     "@libp2p/interface": "^3.0.0",
+    "@signalapp/sqlcipher": "^3.3.5",
     "cbor-x": "^1.6.0",
     "it-length-prefixed": "^10.0.1",
-    "@cello-protocol/crypto": "0.0.9",
-    "@cello-protocol/transport": "0.0.6",
-    "@cello-protocol/protocol-types": "0.0.6"
+    "@cello-protocol/crypto": "0.0.10",
+    "@cello-protocol/transport": "0.0.7",
+    "@cello-protocol/protocol-types": "0.0.7"
   },
   "devDependencies": {
     "@types/node": "^25.6.2",

package/dist/manifest-version-store-file.d.ts

@@ -1,18 +0,0 @@
-/**
- * FileManifestVersionStore — file-backed IManifestVersionStore.
- *
- * Persists the last-seen manifest version to a JSON file on disk, enabling
- * version monotonicity enforcement across daemon restarts.
- *
- * Crypto reference: RFC 8032 (this module stores the manifest version number
- * that backs the monotonicity invariant; the version itself is not cryptographic,
- * but its correct persistence is load-bearing for anti-rollback security).
- */
-import type { IManifestVersionStore } from "@cello-protocol/transport";
-export declare class FileManifestVersionStore implements IManifestVersionStore {
-    #private;
-    constructor(filePath: string);
-    getLastSeenVersion(): Promise<number | null>;
-    persistVersion(version: number): Promise<void>;
-}
-//# sourceMappingURL=manifest-version-store-file.d.ts.map

package/dist/manifest-version-store-file.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"manifest-version-store-file.d.ts","sourceRoot":"","sources":["../src/manifest-version-store-file.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAMvE,qBAAa,wBAAyB,YAAW,qBAAqB;;gBAGxD,QAAQ,EAAE,MAAM;IAItB,kBAAkB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAU5C,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAWrD"}

package/dist/manifest-version-store-file.js

@@ -1,40 +0,0 @@
-/**
- * FileManifestVersionStore — file-backed IManifestVersionStore.
- *
- * Persists the last-seen manifest version to a JSON file on disk, enabling
- * version monotonicity enforcement across daemon restarts.
- *
- * Crypto reference: RFC 8032 (this module stores the manifest version number
- * that backs the monotonicity invariant; the version itself is not cryptographic,
- * but its correct persistence is load-bearing for anti-rollback security).
- */
-import { readFile, writeFile, rename, mkdir } from "node:fs/promises";
-import { dirname } from "node:path";
-export class FileManifestVersionStore {
-    #filePath;
-    constructor(filePath) {
-        this.#filePath = filePath;
-    }
-    async getLastSeenVersion() {
-        try {
-            const raw = await readFile(this.#filePath, "utf-8");
-            const parsed = JSON.parse(raw);
-            return typeof parsed.lastSeenVersion === "number" ? parsed.lastSeenVersion : null;
-        }
-        catch {
-            return null;
-        }
-    }
-    async persistVersion(version) {
-        await mkdir(dirname(this.#filePath), { recursive: true });
-        const content = { lastSeenVersion: version };
-        // ADV-005: Atomic write using write-to-temp-then-rename pattern.
-        // rename() is atomic on POSIX (same filesystem). This prevents a crash
-        // during write from corrupting the version file and resetting the
-        // monotonicity check (which would enable a rollback attack on next start).
-        const tmpPath = this.#filePath + ".tmp";
-        await writeFile(tmpPath, JSON.stringify(content), "utf-8");
-        await rename(tmpPath, this.#filePath);
-    }
-}
-//# sourceMappingURL=manifest-version-store-file.js.map

package/dist/manifest-version-store-file.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"manifest-version-store-file.js","sourceRoot":"","sources":["../src/manifest-version-store-file.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACtE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAOpC,MAAM,OAAO,wBAAwB;IAC1B,SAAS,CAAS;IAE3B,YAAY,QAAgB;QAC1B,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,kBAAkB;QACtB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACpD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAqB,CAAC;YACnD,OAAO,OAAO,MAAM,CAAC,eAAe,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC;QACpF,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,OAAe;QAClC,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1D,MAAM,OAAO,GAAqB,EAAE,eAAe,EAAE,OAAO,EAAE,CAAC;QAC/D,iEAAiE;QACjE,uEAAuE;QACvE,kEAAkE;QAClE,2EAA2E;QAC3E,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC;QACxC,MAAM,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC,CAAC;QAC3D,MAAM,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IACxC,CAAC;CACF"}

package/dist/transcript-cipher.d.ts

@@ -1,31 +0,0 @@
-/**
- * DOD-LOG-1 (PERSIST-LOG-001) — at-rest encryption for the durable transcript store.
- *
- * The daemon uses plain node:sqlite (no whole-DB encryption — SQLCipher is a native dep that
- * compiles from source and is intentionally not dragged into the daemon). So the readable
- * transcript plaintext is envelope-encrypted at the column level before it touches disk: each
- * message blob is AES-256-GCM sealed with a dedicated per-DB transcript key.
- *
- * Key separation by design: the agent's Ed25519 identity key SIGNS (the KeyProvider interface is
- * sign-only and never exposes the seed — good hygiene); a SEPARATE 32-byte symmetric key encrypts
- * the transcript at rest. The key lives in a 0600 file beside the daemon DB and is generated once.
- *
- * Blob layout: iv(12) || ciphertext || authTag(16). GCM authenticates, so a tampered or truncated
- * blob fails to decrypt (returns null) rather than yielding garbage plaintext.
- */
-export declare class TranscriptCipher {
-    #private;
-    private constructor();
-    /**
-     * Load the transcript key from `keyPath`, or generate + persist a fresh one (0600) on first use.
-     * Atomic-ish create: write then the file is the durable key for this DB for all time.
-     */
-    static loadOrCreate(keyPath: string): TranscriptCipher;
-    /** For tests: an in-memory cipher with a supplied (or random) key. */
-    static fromKey(key?: Buffer): TranscriptCipher;
-    /** Encrypt plaintext → iv || ciphertext || tag. */
-    encrypt(plaintext: Uint8Array): Uint8Array;
-    /** Decrypt an iv||ciphertext||tag blob. Returns null on any tamper / wrong key / malformed input. */
-    decrypt(blob: Uint8Array): Uint8Array | null;
-}
-//# sourceMappingURL=transcript-cipher.d.ts.map

package/dist/transcript-cipher.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"transcript-cipher.d.ts","sourceRoot":"","sources":["../src/transcript-cipher.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAUH,qBAAa,gBAAgB;;IAG3B,OAAO;IAIP;;;OAGG;IACH,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,gBAAgB;IActD,sEAAsE;IACtE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,gBAAgB;IAI9C,mDAAmD;IACnD,OAAO,CAAC,SAAS,EAAE,UAAU,GAAG,UAAU;IAQ1C,qGAAqG;IACrG,OAAO,CAAC,IAAI,EAAE,UAAU,GAAG,UAAU,GAAG,IAAI;CAc7C"}

package/dist/transcript-cipher.js

@@ -1,74 +0,0 @@
-/**
- * DOD-LOG-1 (PERSIST-LOG-001) — at-rest encryption for the durable transcript store.
- *
- * The daemon uses plain node:sqlite (no whole-DB encryption — SQLCipher is a native dep that
- * compiles from source and is intentionally not dragged into the daemon). So the readable
- * transcript plaintext is envelope-encrypted at the column level before it touches disk: each
- * message blob is AES-256-GCM sealed with a dedicated per-DB transcript key.
- *
- * Key separation by design: the agent's Ed25519 identity key SIGNS (the KeyProvider interface is
- * sign-only and never exposes the seed — good hygiene); a SEPARATE 32-byte symmetric key encrypts
- * the transcript at rest. The key lives in a 0600 file beside the daemon DB and is generated once.
- *
- * Blob layout: iv(12) || ciphertext || authTag(16). GCM authenticates, so a tampered or truncated
- * blob fails to decrypt (returns null) rather than yielding garbage plaintext.
- */
-import { createCipheriv, createDecipheriv, randomBytes } from "node:crypto";
-import { readFileSync, writeFileSync, existsSync, mkdirSync } from "node:fs";
-import { dirname } from "node:path";
-const KEY_LEN = 32; // AES-256
-const IV_LEN = 12; // GCM standard nonce
-const TAG_LEN = 16;
-export class TranscriptCipher {
-    #key;
-    constructor(key) {
-        this.#key = key;
-    }
-    /**
-     * Load the transcript key from `keyPath`, or generate + persist a fresh one (0600) on first use.
-     * Atomic-ish create: write then the file is the durable key for this DB for all time.
-     */
-    static loadOrCreate(keyPath) {
-        if (existsSync(keyPath)) {
-            const key = readFileSync(keyPath);
-            if (key.length !== KEY_LEN) {
-                throw new Error(`transcript key at ${keyPath} is ${key.length} bytes, expected ${KEY_LEN}`);
-            }
-            return new TranscriptCipher(key);
-        }
-        const key = randomBytes(KEY_LEN);
-        mkdirSync(dirname(keyPath), { recursive: true });
-        writeFileSync(keyPath, key, { mode: 0o600 });
-        return new TranscriptCipher(key);
-    }
-    /** For tests: an in-memory cipher with a supplied (or random) key. */
-    static fromKey(key) {
-        return new TranscriptCipher(key ?? randomBytes(KEY_LEN));
-    }
-    /** Encrypt plaintext → iv || ciphertext || tag. */
-    encrypt(plaintext) {
-        const iv = randomBytes(IV_LEN);
-        const cipher = createCipheriv("aes-256-gcm", this.#key, iv);
-        const ct = Buffer.concat([cipher.update(plaintext), cipher.final()]);
-        const tag = cipher.getAuthTag();
-        return Buffer.concat([iv, ct, tag]);
-    }
-    /** Decrypt an iv||ciphertext||tag blob. Returns null on any tamper / wrong key / malformed input. */
-    decrypt(blob) {
-        if (blob.length < IV_LEN + TAG_LEN)
-            return null;
-        const buf = Buffer.from(blob);
-        const iv = buf.subarray(0, IV_LEN);
-        const tag = buf.subarray(buf.length - TAG_LEN);
-        const ct = buf.subarray(IV_LEN, buf.length - TAG_LEN);
-        try {
-            const decipher = createDecipheriv("aes-256-gcm", this.#key, iv);
-            decipher.setAuthTag(tag);
-            return Uint8Array.from(Buffer.concat([decipher.update(ct), decipher.final()]));
-        }
-        catch {
-            return null;
-        }
-    }
-}
-//# sourceMappingURL=transcript-cipher.js.map

package/dist/transcript-cipher.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"transcript-cipher.js","sourceRoot":"","sources":["../src/transcript-cipher.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC5E,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,MAAM,OAAO,GAAG,EAAE,CAAC,CAAC,UAAU;AAC9B,MAAM,MAAM,GAAG,EAAE,CAAC,CAAC,qBAAqB;AACxC,MAAM,OAAO,GAAG,EAAE,CAAC;AAEnB,MAAM,OAAO,gBAAgB;IAClB,IAAI,CAAS;IAEtB,YAAoB,GAAW;QAC7B,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;IAClB,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,YAAY,CAAC,OAAe;QACjC,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YACxB,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;YAClC,IAAI,GAAG,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,OAAO,GAAG,CAAC,MAAM,oBAAoB,OAAO,EAAE,CAAC,CAAC;YAC9F,CAAC;YACD,OAAO,IAAI,gBAAgB,CAAC,GAAG,CAAC,CAAC;QACnC,CAAC;QACD,MAAM,GAAG,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;QACjC,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACjD,aAAa,CAAC,OAAO,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC7C,OAAO,IAAI,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACnC,CAAC;IAED,sEAAsE;IACtE,MAAM,CAAC,OAAO,CAAC,GAAY;QACzB,OAAO,IAAI,gBAAgB,CAAC,GAAG,IAAI,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC;IAC3D,CAAC;IAED,mDAAmD;IACnD,OAAO,CAAC,SAAqB;QAC3B,MAAM,EAAE,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;QAC/B,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC5D,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACrE,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAChC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC;IACtC,CAAC;IAED,qGAAqG;IACrG,OAAO,CAAC,IAAgB;QACtB,IAAI,IAAI,CAAC,MAAM,GAAG,MAAM,GAAG,OAAO;YAAE,OAAO,IAAI,CAAC;QAChD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9B,MAAM,EAAE,GAAG,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;QACnC,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,GAAG,OAAO,CAAC,CAAC;QAC/C,MAAM,EAAE,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,GAAG,OAAO,CAAC,CAAC;QACtD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,gBAAgB,CAAC,aAAa,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAChE,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YACzB,OAAO,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;QACjF,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;CACF"}