@cello-protocol/daemon 0.0.8 → 0.0.9

package/dist/db-identity-store.js

@@ -0,0 +1,235 @@
+/**
+ * CELLO-M7-PERSIST-002 — DB-backed identity store (the `agents` table).
+ *
+ * Every piece of an agent's persisted identity — the K_local Ed25519 seed, the ML-DSA keypair, the
+ * FROST signing share, the registration record, and the agent↔user link — lives as ONE row of the
+ * `agents` table in the SQLCipher-encrypted daemon DB. This replaces the per-agent plaintext flat
+ * files (`agents/<name>/key`, `frost-share.json`, `ml-dsa-keypair.json`, `registration-state.json`,
+ * `agent-user-link.json`).
+ *
+ * `DbRegistrationPersistence` implements the SAME `DaemonRegistrationPersistence` interface the
+ * daemon's RegistrationManager and the ceremony/seal signer-reconstruction already consume — so the
+ * call sites change only their construction (a DB handle + agent name instead of an `agentDir`), not
+ * their behaviour. Writes are AWAITED single-row UPSERTs (SI-003: a register-success implies a
+ * durably committed row — fixing the old fire-and-forget at registration-manager.ts:229).
+ *
+ * The K_local seed and FROST/ML-DSA secrets are stored as BLOB columns inside the encrypted DB; they
+ * are NEVER written to a flat file and NEVER logged (SI-001). The row is the only home.
+ */
+const ML_DSA_ALGORITHM = "ML-DSA-44";
+/**
+ * Idempotent schema for the identity store. Called once at daemon init AND defensively by each
+ * DbRegistrationPersistence constructor (CREATE TABLE IF NOT EXISTS is idempotent), so the store
+ * works whether or not the composition root has run its own ensure.
+ */
+export function ensureIdentitySchema(db) {
+    db.exec(`
+    CREATE TABLE IF NOT EXISTS agents (
+      agent_name             TEXT PRIMARY KEY,
+      -- K_local Ed25519 identity (PERSIST-002: seed moves from agents/<name>/key into this BLOB).
+      k_local_seed           BLOB NOT NULL,
+      k_local_pubkey         TEXT NOT NULL,
+      -- lifecycle: 'created' (K_local exists, not yet registered) | 'registered'.
+      state                  TEXT NOT NULL DEFAULT 'created',
+      -- ML-DSA keypair (was ml-dsa-keypair.json).
+      ml_dsa_pubkey          TEXT,
+      ml_dsa_secret          BLOB,
+      ml_dsa_algorithm       TEXT,
+      -- FROST signing share (was frost-share.json).
+      frost_epoch_id         TEXT,
+      frost_primary_pubkey   TEXT,
+      frost_identifier       TEXT,
+      frost_signing_share    BLOB,
+      frost_threshold        INTEGER,
+      frost_participants     INTEGER,
+      frost_commitments      BLOB,
+      frost_verifying_shares BLOB,
+      frost_dkg_method       TEXT,
+      -- registration record (was registration-state.json).
+      reg_agent_id           TEXT,
+      reg_primary_pubkey     TEXT,
+      reg_ml_dsa_pubkey      TEXT,
+      reg_registered_at      INTEGER,
+      reg_status             TEXT,
+      -- agent↔user link captured at registration (was agent-user-link.json).
+      link_agent_id          TEXT,
+      link_pre_auth_token    TEXT,
+      link_linked_at         INTEGER,
+      created_at             INTEGER NOT NULL,
+      updated_at             INTEGER NOT NULL
+    )
+  `);
+}
+const toBuf = (b) => Buffer.from(b);
+const toBytes = (v) => v instanceof Uint8Array ? new Uint8Array(v) : Buffer.isBuffer(v) ? new Uint8Array(v) : new Uint8Array(0);
+export class DbIdentityStore {
+    #db;
+    #logger;
+    constructor(db, logger) {
+        this.#db = db;
+        this.#logger = logger;
+        ensureIdentitySchema(db);
+    }
+    /** True if an agent row with this name already exists. */
+    hasAgent(agentName) {
+        const row = this.#db.prepare("SELECT 1 AS one FROM agents WHERE agent_name = ?").get(agentName);
+        return row !== undefined;
+    }
+    /**
+     * Create a new agent row holding a fresh K_local seed (AC-004). Explicit only — callers generate
+     * the seed (crypto) and pass it in. Throws if the name already exists (no silent overwrite of an
+     * identity).
+     */
+    createAgent(agentName, kLocalSeed, kLocalPubkeyHex) {
+        if (this.hasAgent(agentName)) {
+            throw new Error(`agent '${agentName}' already exists`);
+        }
+        const now = Date.now();
+        this.#db
+            .prepare(`INSERT INTO agents (agent_name, k_local_seed, k_local_pubkey, state, created_at, updated_at)
+         VALUES (?, ?, ?, 'created', ?, ?)`)
+            .run(agentName, toBuf(kLocalSeed), kLocalPubkeyHex, now, now);
+        // SI-001: the seed is NEVER logged — only the agent name and PUBLIC key.
+        this.#logger.info("persist.identity.created", { agentName, agentPubkey: kLocalPubkeyHex });
+    }
+    /** Enumerate all agents (name + seed + pubkey + state) for the daemon's startup loader. */
+    listAgents() {
+        const rows = this.#db
+            .prepare("SELECT agent_name, k_local_seed, k_local_pubkey, state FROM agents ORDER BY agent_name ASC")
+            .all();
+        return rows.map((r) => ({
+            agentName: r.agent_name,
+            kLocalSeed: toBytes(r.k_local_seed),
+            kLocalPubkey: r.k_local_pubkey,
+            state: r.state,
+        }));
+    }
+}
+/**
+ * DB-backed `DaemonRegistrationPersistence`. Scoped to a single agent's row. All persist operations
+ * are single-row UPSERTs that update the named agent's row; a register-success therefore implies the
+ * material is durably committed (SI-003). A persist against a non-existent agent throws — the row is
+ * created by the agent-creation path (AC-004) before registration runs.
+ */
+export class DbRegistrationPersistence {
+    #db;
+    #agentName;
+    #logger;
+    constructor(opts) {
+        this.#db = opts.db;
+        this.#agentName = opts.agentName;
+        this.#logger = opts.logger;
+        ensureIdentitySchema(opts.db);
+    }
+    #updateRow(setClause, params) {
+        const now = Date.now();
+        const res = this.#db
+            .prepare(`UPDATE agents SET ${setClause}, updated_at = ? WHERE agent_name = ?`)
+            .run(...params, now, this.#agentName);
+        if (Number(res.changes) === 0) {
+            // The agent row must exist (created by the agent-creation path before registration). A missing
+            // row is a real fault, not something to paper over — fail loud so registration fails (AC-012).
+            throw new Error(`identity_persist_failed: no agent row for '${this.#agentName}'`);
+        }
+    }
+    async persistMlDsaKeypair(opts) {
+        // SI-001: secretKeyBlob is written to the encrypted DB only — never logged.
+        this.#updateRow("ml_dsa_pubkey = ?, ml_dsa_secret = ?, ml_dsa_algorithm = ?", [
+            opts.mlDsaPubkey,
+            toBuf(opts.secretKeyBlob),
+            ML_DSA_ALGORITHM,
+        ]);
+        this.#logger.info("registration.mldsa.persisted", { mlDsaPubkey: opts.mlDsaPubkey });
+    }
+    async persistRegistrationState(opts) {
+        this.#updateRow("reg_agent_id = ?, reg_primary_pubkey = ?, reg_ml_dsa_pubkey = ?, reg_registered_at = ?, reg_status = 'active', state = 'registered'", [opts.agentId, opts.primaryPubkey, opts.mlDsaPubkey, opts.registeredAt]);
+        this.#logger.info("registration.state.persisted", {
+            agentId: opts.agentId,
+            primaryPubkey: opts.primaryPubkey,
+        });
+    }
+    async persistFrostKeyShare(opts) {
+        // SI-001: signingShare is written to the encrypted DB only — never logged.
+        this.#updateRow(`frost_epoch_id = ?, frost_primary_pubkey = ?, frost_identifier = ?, frost_signing_share = ?,
+       frost_threshold = ?, frost_participants = ?, frost_commitments = ?, frost_verifying_shares = ?,
+       frost_dkg_method = ?`, [
+            opts.epochId,
+            opts.primaryPubkey,
+            opts.identifier,
+            toBuf(opts.signingShare),
+            opts.threshold,
+            opts.participants,
+            toBuf(opts.commitmentsCbor),
+            toBuf(opts.verifyingSharesCbor),
+            opts.dkgMethod,
+        ]);
+        this.#logger.info("registration.frost.share.persisted", {
+            epochId: opts.epochId,
+            threshold: opts.threshold,
+            participants: opts.participants,
+            dkgMethod: opts.dkgMethod,
+        });
+    }
+    async persistAgentUserLink(opts) {
+        // SI: the preAuthToken is a bearer ticket — written to the encrypted DB only, never logged.
+        this.#updateRow("link_agent_id = ?, link_pre_auth_token = ?, link_linked_at = ?", [
+            opts.agentId,
+            opts.preAuthToken,
+            opts.linkedAt,
+        ]);
+        this.#logger.info("registration.user_link.persisted", { agentId: opts.agentId });
+    }
+    // ─── Load (restart rehydration) ──────────────────────────────────────────────
+    #row() {
+        return this.#db.prepare("SELECT * FROM agents WHERE agent_name = ?").get(this.#agentName);
+    }
+    async loadRegistrationState() {
+        const r = this.#row();
+        if (!r || r["reg_agent_id"] == null)
+            return null;
+        return {
+            agentId: String(r["reg_agent_id"]),
+            primaryPubkey: String(r["reg_primary_pubkey"]),
+            mlDsaPubkey: String(r["reg_ml_dsa_pubkey"]),
+            registeredAt: Number(r["reg_registered_at"]),
+            status: String(r["reg_status"]),
+        };
+    }
+    async loadMlDsaKeypair() {
+        const r = this.#row();
+        if (!r || r["ml_dsa_secret"] == null)
+            return null;
+        return {
+            mlDsaPubkey: String(r["ml_dsa_pubkey"]),
+            secretKeyBlob: toBytes(r["ml_dsa_secret"]),
+            algorithm: String(r["ml_dsa_algorithm"]),
+        };
+    }
+    async loadActiveFrostKeyShare() {
+        const r = this.#row();
+        if (!r || r["frost_signing_share"] == null)
+            return null;
+        return {
+            epochId: String(r["frost_epoch_id"]),
+            primaryPubkey: String(r["frost_primary_pubkey"]),
+            identifier: String(r["frost_identifier"]),
+            signingShare: toBytes(r["frost_signing_share"]),
+            threshold: Number(r["frost_threshold"]),
+            participants: Number(r["frost_participants"]),
+            commitmentsCbor: toBytes(r["frost_commitments"]),
+            verifyingSharesCbor: toBytes(r["frost_verifying_shares"]),
+            dkgMethod: String(r["frost_dkg_method"]),
+        };
+    }
+    async loadAgentUserLink() {
+        const r = this.#row();
+        if (!r || r["link_agent_id"] == null)
+            return null;
+        return {
+            agentId: String(r["link_agent_id"]),
+            preAuthToken: String(r["link_pre_auth_token"]),
+            linkedAt: Number(r["link_linked_at"]),
+        };
+    }
+}
+//# sourceMappingURL=db-identity-store.js.map

package/dist/db-identity-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"db-identity-store.js","sourceRoot":"","sources":["../src/db-identity-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAYH,MAAM,gBAAgB,GAAG,WAAW,CAAC;AAErC;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CAAC,EAAkB;IACrD,EAAE,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCP,CAAC,CAAC;AACL,CAAC;AAED,MAAM,KAAK,GAAG,CAAC,CAAa,EAAU,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACxD,MAAM,OAAO,GAAG,CAAC,CAAU,EAAc,EAAE,CACzC,CAAC,YAAY,UAAU,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;AAc3G,MAAM,OAAO,eAAe;IACjB,GAAG,CAAiB;IACpB,OAAO,CAAS;IAEzB,YAAY,EAAkB,EAAE,MAAc;QAC5C,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC;QACd,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,oBAAoB,CAAC,EAAE,CAAC,CAAC;IAC3B,CAAC;IAED,0DAA0D;IAC1D,QAAQ,CAAC,SAAiB;QACxB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,kDAAkD,CAAC,CAAC,GAAG,CAAC,SAAS,CAEjF,CAAC;QACd,OAAO,GAAG,KAAK,SAAS,CAAC;IAC3B,CAAC;IAED;;;;OAIG;IACH,WAAW,CAAC,SAAiB,EAAE,UAAsB,EAAE,eAAuB;QAC5E,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,UAAU,SAAS,kBAAkB,CAAC,CAAC;QACzD,CAAC;QACD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,CAAC,GAAG;aACL,OAAO,CACN;2CACmC,CACpC;aACA,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,UAAU,CAAC,EAAE,eAAe,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;QAChE,yEAAyE;QACzE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,0BAA0B,EAAE,EAAE,SAAS,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC,CAAC;IAC7F,CAAC;IAED,2FAA2F;IAC3F,UAAU;QACR,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG;aAClB,OAAO,CAAC,4FAA4F,CAAC;aACrG,GAAG,EAAiG,CAAC;QACxG,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACtB,SAAS,EAAE,CAAC,CAAC,UAAU;YACvB,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC;YACnC,YAAY,EAAE,CAAC,CAAC,cAAc;YAC9B,KAAK,EAAE,CAAC,CAAC,KAAK;SACf,CAAC,CAAC,CAAC;IACN,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,OAAO,yBAAyB;IAC3B,GAAG,CAAiB;IACpB,UAAU,CAAS;IACnB,OAAO,CAAS;IAEzB,YAAY,IAA+D;QACzE,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,EAAE,CAAC;QACnB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC;QACjC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC;QAC3B,oBAAoB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAChC,CAAC;IAED,UAAU,CAAC,SAAiB,EAAE,MAAiB;QAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG;aACjB,OAAO,CAAC,qBAAqB,SAAS,uCAAuC,CAAC;aAC9E,GAAG,CAAC,GAAG,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QACxC,IAAI,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9B,+FAA+F;YAC/F,+FAA+F;YAC/F,MAAM,IAAI,KAAK,CAAC,8CAA8C,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC;QACpF,CAAC;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,IAAwD;QAChF,4EAA4E;QAC5E,IAAI,CAAC,UAAU,CAAC,4DAA4D,EAAE;YAC5E,IAAI,CAAC,WAAW;YAChB,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC;YACzB,gBAAgB;SACjB,CAAC,CAAC;QACH,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,8BAA8B,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IACvF,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,IAK9B;QACC,IAAI,CAAC,UAAU,CACb,qIAAqI,EACrI,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,YAAY,CAAC,CACxE,CAAC;QACF,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,8BAA8B,EAAE;YAChD,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,aAAa,EAAE,IAAI,CAAC,aAAa;SAClC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,IAU1B;QACC,2EAA2E;QAC3E,IAAI,CAAC,UAAU,CACb;;4BAEsB,EACtB;YACE,IAAI,CAAC,OAAO;YACZ,IAAI,CAAC,aAAa;YAClB,IAAI,CAAC,UAAU;YACf,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC;YACxB,IAAI,CAAC,SAAS;YACd,IAAI,CAAC,YAAY;YACjB,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC;YAC3B,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC;YAC/B,IAAI,CAAC,SAAS;SACf,CACF,CAAC;QACF,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,oCAAoC,EAAE;YACtD,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,SAAS,EAAE,IAAI,CAAC,SAAS;SAC1B,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,IAAiE;QAC1F,4FAA4F;QAC5F,IAAI,CAAC,UAAU,CAAC,gEAAgE,EAAE;YAChF,IAAI,CAAC,OAAO;YACZ,IAAI,CAAC,YAAY;YACjB,IAAI,CAAC,QAAQ;SACd,CAAC,CAAC;QACH,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,kCAAkC,EAAE,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IACnF,CAAC;IAED,gFAAgF;IAEhF,IAAI;QACF,OAAO,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,2CAA2C,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAE3E,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACtB,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,cAAc,CAAC,IAAI,IAAI;YAAE,OAAO,IAAI,CAAC;QACjD,OAAO;YACL,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC;YAClC,aAAa,EAAE,MAAM,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC;YAC9C,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAC3C,YAAY,EAAE,MAAM,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAC5C,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;SAChC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,gBAAgB;QACpB,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACtB,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,eAAe,CAAC,IAAI,IAAI;YAAE,OAAO,IAAI,CAAC;QAClD,OAAO;YACL,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;YACvC,aAAa,EAAE,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;YAC1C,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC;SACzC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,uBAAuB;QAC3B,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACtB,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,qBAAqB,CAAC,IAAI,IAAI;YAAE,OAAO,IAAI,CAAC;QACxD,OAAO;YACL,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC;YACpC,aAAa,EAAE,MAAM,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC;YAChD,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACzC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC;YAC/C,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC;YACvC,YAAY,EAAE,MAAM,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC;YAC7C,eAAe,EAAE,OAAO,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChD,mBAAmB,EAAE,OAAO,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC;YACzD,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC;SACzC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,iBAAiB;QACrB,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACtB,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,eAAe,CAAC,IAAI,IAAI;YAAE,OAAO,IAAI,CAAC;QAClD,OAAO;YACL,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;YACnC,YAAY,EAAE,MAAM,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC;YAC9C,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC;SACtC,CAAC;IACJ,CAAC;CACF"}

package/dist/identity-migration.d.ts

@@ -0,0 +1,40 @@
+/**
+ * CELLO-M7-PERSIST-002 — Unit 4/6: one-time migration of pre-story flat-file state and a plaintext
+ * node:sqlite DB into the single SQLCipher-encrypted daemon DB (AC-006, DB-002).
+ *
+ * Before this story the daemon kept:
+ *   - identity as plaintext flat files: `agents/<name>/key` (37-byte CELLO seed), `frost-share.json`,
+ *     `ml-dsa-keypair.json`, `registration-state.json`, `agent-user-link.json`, and the legacy
+ *     single-file `~/.cello/key` (loaded as agent "default");
+ *   - sessions/transcript/etc. in a PLAINTEXT `sessions.db` (node:sqlite), with two columns
+ *     (transcript.blob, retry_queue.content_blob) envelope-encrypted by a sibling
+ *     `sessions.db.transcript-key`.
+ *
+ * This migration runs at daemon startup BEFORE the encrypted DB is opened. If it detects either a
+ * plaintext DB or any flat-file identity, it builds a fresh SQLCipher DB (at `<dbPath>.migrating`),
+ * imports every row of the old DB (decrypting the two column-ciphered blobs to plaintext) AND every
+ * flat-file identity item into `agents` rows, verifies, then atomically swaps it into place — backing
+ * up the old plaintext DB to `<dbPath>.pre-sqlcipher.bak` and deleting the flat files. It is
+ * idempotent: once the DB is encrypted and the flat files are gone, it is a no-op.
+ *
+ * Fail-closed (SI-002/DB-002): on ANY error it aborts cleanly — the original flat files / plaintext
+ * DB are left in place, the partial `.migrating` DB is discarded, and the caller surfaces
+ * `identity_migration_failed`. No identity is lost and no plaintext is left half-migrated.
+ */
+import type { Logger } from "./types.js";
+export interface MigrationResult {
+    migrated: boolean;
+    agentsMigrated: number;
+    rowsMigrated: number;
+}
+export declare class IdentityMigrationError extends Error {
+    readonly code: "identity_migration_failed";
+    readonly guidance: string;
+    constructor(message: string, guidance: string);
+}
+/**
+ * Run the one-time migration if needed. Returns { migrated:false } when there is nothing to do
+ * (fresh install or an already-encrypted DB with no flat files).
+ */
+export declare function migrateToEncryptedIfNeeded(dbPath: string, logger: Logger): MigrationResult;
+//# sourceMappingURL=identity-migration.d.ts.map

package/dist/identity-migration.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity-migration.d.ts","sourceRoot":"","sources":["../src/identity-migration.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAuBH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AAEzC,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,OAAO,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,qBAAa,sBAAuB,SAAQ,KAAK;IAC/C,QAAQ,CAAC,IAAI,EAAG,2BAA2B,CAAU;IACrD,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;gBACd,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM;CAK9C;AA+ED;;;GAGG;AACH,wBAAgB,0BAA0B,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,eAAe,CAqJ1F"}