@cogcoin/client 0.5.0

package/dist/wallet/read/project.js

@@ -0,0 +1,300 @@
+import { getLock, getBalance, getListing, getReputation, listActiveLocksByDomain, listDomainsByOwner, listFields, lookupDomain, resolveCanonical, } from "@cogcoin/indexer/queries";
+function bytesToHex(value) {
+    if (value === null || value === undefined) {
+        return null;
+    }
+    return Buffer.from(value).toString("hex");
+}
+function scriptHexToBytes(scriptPubKeyHex) {
+    return new Uint8Array(Buffer.from(scriptPubKeyHex, "hex"));
+}
+function tryDecodeUtf8(value) {
+    if (value === null || value === undefined) {
+        return null;
+    }
+    try {
+        return new TextDecoder("utf8", { fatal: true }).decode(value);
+    }
+    catch {
+        return null;
+    }
+}
+export function createWalletReadModel(walletState, snapshot) {
+    const snapshotState = snapshot?.state ?? null;
+    const localIdentityByScript = new Map();
+    const identities = walletState.identities
+        .slice()
+        .sort((left, right) => left.index - right.index)
+        .map((identity) => {
+        const scriptBytes = scriptHexToBytes(identity.scriptPubKeyHex);
+        const ownedDomains = snapshotState === null
+            ? []
+            : listDomainsByOwner(snapshotState, scriptBytes).sort((left, right) => left.name.localeCompare(right.name));
+        const anchoredOwnedDomains = ownedDomains.filter((domain) => domain.anchored);
+        const canonicalDomainId = snapshotState === null ? null : resolveCanonical(snapshotState, scriptBytes);
+        const canonicalDomainName = canonicalDomainId === null || snapshotState === null
+            ? null
+            : (snapshotState ? lookupDomainById(snapshotState, canonicalDomainId)?.name ?? null : null);
+        const readOnly = identity.status === "read-only" || anchoredOwnedDomains.length > 1;
+        const observedCogBalance = snapshotState === null ? null : getBalance(snapshotState, scriptBytes);
+        const view = {
+            index: identity.index,
+            scriptPubKeyHex: identity.scriptPubKeyHex,
+            address: identity.address,
+            selectors: [
+                `id:${identity.index}`,
+                ...ownedDomains.map((domain) => `domain:${domain.name}`),
+                ...(identity.address === null ? [] : [identity.address]),
+                `spk:${identity.scriptPubKeyHex}`,
+            ],
+            assignedDomainNames: identity.assignedDomainNames.slice().sort((left, right) => left.localeCompare(right)),
+            localStatus: identity.status,
+            effectiveStatus: readOnly ? "read-only" : identity.status,
+            canonicalDomainId,
+            canonicalDomainName,
+            ownedDomainNames: ownedDomains.map((domain) => domain.name),
+            anchoredOwnedDomainNames: anchoredOwnedDomains.map((domain) => domain.name),
+            observedCogBalance,
+            readOnly,
+        };
+        localIdentityByScript.set(identity.scriptPubKeyHex, view);
+        return view;
+    });
+    const domainNames = new Set();
+    for (const domain of walletState.domains) {
+        domainNames.add(domain.name);
+    }
+    if (snapshotState !== null) {
+        for (const identity of identities) {
+            for (const name of identity.ownedDomainNames) {
+                domainNames.add(name);
+            }
+        }
+    }
+    const domains = [...domainNames]
+        .sort((left, right) => left.localeCompare(right))
+        .map((name) => {
+        const localRecord = walletState.domains.find((domain) => domain.name === name) ?? null;
+        const chainRecord = snapshotState === null ? null : lookupDomain(snapshotState, name);
+        const ownerScriptPubKeyHex = chainRecord ? bytesToHex(chainRecord.ownerScriptPubKey) : localRecord?.currentOwnerScriptPubKeyHex ?? null;
+        const ownerIdentity = ownerScriptPubKeyHex === null ? null : localIdentityByScript.get(ownerScriptPubKeyHex) ?? null;
+        const fields = chainRecord && snapshotState ? listFields(snapshotState, chainRecord.domainId) : null;
+        const listing = chainRecord && snapshotState ? getListing(snapshotState, chainRecord.domainId) : null;
+        const activeLocks = chainRecord && snapshotState ? listActiveLocksByDomain(snapshotState, chainRecord.domainId) : null;
+        const reputation = chainRecord && snapshotState ? getReputation(snapshotState, chainRecord.domainId) : null;
+        const readOnly = ownerIdentity?.readOnly ?? (localRecord?.currentOwnerLocalIndex !== null && localRecord?.currentOwnerLocalIndex !== undefined
+            ? identities.find((identity) => identity.index === localRecord.currentOwnerLocalIndex)?.readOnly ?? false
+            : false);
+        let localRelationship = "external";
+        if (ownerIdentity !== null) {
+            localRelationship = readOnly ? "read-only" : "owned";
+        }
+        else if (localRecord !== null) {
+            localRelationship = "tracked";
+        }
+        else if (ownerScriptPubKeyHex === null) {
+            localRelationship = "unknown";
+        }
+        return {
+            name,
+            domainId: chainRecord?.domainId ?? localRecord?.domainId ?? null,
+            anchored: chainRecord?.anchored ?? (localRecord?.canonicalChainStatus === "anchored" ? true : localRecord?.canonicalChainStatus === "registered-unanchored" ? false : null),
+            ownerScriptPubKeyHex,
+            ownerLocalIndex: ownerIdentity?.index ?? localRecord?.currentOwnerLocalIndex ?? null,
+            ownerAddress: ownerIdentity?.address ?? null,
+            localTracked: localRecord !== null,
+            localRecord,
+            chainFound: chainRecord !== null,
+            chainStatus: chainRecord === null
+                ? localRecord?.canonicalChainStatus ?? "unknown"
+                : chainRecord.anchored ? "anchored" : "registered-unanchored",
+            localAnchorIntent: localRecord?.localAnchorIntent ?? null,
+            foundingMessageText: chainRecord?.foundingMessage ?? localRecord?.foundingMessageText ?? null,
+            endpointText: tryDecodeUtf8(chainRecord?.endpoint),
+            delegateScriptPubKeyHex: bytesToHex(chainRecord?.delegate),
+            minerScriptPubKeyHex: bytesToHex(chainRecord?.miner),
+            fieldCount: fields?.length ?? null,
+            listingPriceCogtoshi: listing?.priceCogtoshi ?? null,
+            activeLockCount: activeLocks?.length ?? null,
+            selfStakeCogtoshi: reputation?.selfStake ?? null,
+            supportedStakeCogtoshi: reputation?.supportedStake ?? null,
+            totalSupportedCogtoshi: reputation?.totalSupported ?? null,
+            totalRevokedCogtoshi: reputation?.totalRevoked ?? null,
+            readOnly,
+            localRelationship,
+        };
+    });
+    return {
+        walletRootId: walletState.walletRootId,
+        fundingIdentity: identities.find((identity) => identity.index === walletState.fundingIndex) ?? null,
+        identities,
+        domains,
+        readOnlyIdentityCount: identities.filter((identity) => identity.readOnly).length,
+    };
+}
+function lookupDomainById(state, domainId) {
+    for (const record of state.consensus.domainsById.values()) {
+        if (record.domainId === domainId) {
+            return { name: record.name };
+        }
+    }
+    return null;
+}
+export function listWalletLocks(context) {
+    if (context.snapshot === null || context.model === null) {
+        return null;
+    }
+    const localScriptToIndex = new Map(context.model.identities.map((identity) => [identity.scriptPubKeyHex, identity.index]));
+    const localDomainIds = new Set(context.model.domains
+        .map((domain) => domain.domainId)
+        .filter((domainId) => domainId !== null));
+    const currentHeight = context.snapshot.state.history.currentHeight;
+    const domainsById = new Map(context.model.domains
+        .map((domain) => domain.domainId === null ? null : [domain.domainId, domain.name])
+        .filter((entry) => entry !== null));
+    const locks = [...context.snapshot.state.consensus.locks.values()]
+        .filter((lock) => {
+        const lockerHex = bytesToHex(lock.lockerScriptPubKey);
+        return (lockerHex !== null && localScriptToIndex.has(lockerHex)) || localDomainIds.has(lock.recipientDomainId);
+    })
+        .sort((left, right) => left.timeoutHeight - right.timeoutHeight || left.lockId - right.lockId);
+    return locks.map((lock) => {
+        const lockerScriptPubKeyHex = bytesToHex(lock.lockerScriptPubKey);
+        const lockerLocalIndex = lockerScriptPubKeyHex === null ? null : localScriptToIndex.get(lockerScriptPubKeyHex) ?? null;
+        const recipientDomain = context.snapshot.state.consensus.domainsById.get(lock.recipientDomainId) ?? null;
+        const recipientOwnerHex = recipientDomain === null ? null : bytesToHex(recipientDomain.ownerScriptPubKey);
+        const claimableNow = currentHeight !== null
+            && currentHeight < lock.timeoutHeight
+            && recipientOwnerHex !== null
+            && localScriptToIndex.has(recipientOwnerHex);
+        return {
+            lockId: lock.lockId,
+            status: "active",
+            amountCogtoshi: lock.amount,
+            timeoutHeight: lock.timeoutHeight,
+            lockerScriptPubKeyHex: lockerScriptPubKeyHex ?? "",
+            lockerLocalIndex,
+            recipientDomainId: lock.recipientDomainId,
+            recipientDomainName: domainsById.get(lock.recipientDomainId) ?? null,
+            recipientLocal: localDomainIds.has(lock.recipientDomainId),
+            claimableNow,
+            reclaimableNow: currentHeight !== null && currentHeight >= lock.timeoutHeight && lockerLocalIndex !== null,
+        };
+    });
+}
+export function findWalletLock(context, lockId) {
+    if (context.snapshot === null) {
+        return null;
+    }
+    return getLock(context.snapshot.state, lockId);
+}
+export function findWalletDomain(context, name) {
+    const domain = context.model?.domains.find((entry) => entry.name === name)
+        ?? (context.snapshot
+            ? (() => {
+                const chainDomain = lookupDomain(context.snapshot.state, name);
+                if (chainDomain === null) {
+                    return null;
+                }
+                return {
+                    name: chainDomain.name,
+                    domainId: chainDomain.domainId,
+                    anchored: chainDomain.anchored,
+                    ownerScriptPubKeyHex: bytesToHex(chainDomain.ownerScriptPubKey),
+                    ownerLocalIndex: null,
+                    ownerAddress: null,
+                    localTracked: false,
+                    localRecord: null,
+                    chainFound: true,
+                    chainStatus: chainDomain.anchored ? "anchored" : "registered-unanchored",
+                    localAnchorIntent: null,
+                    foundingMessageText: chainDomain.foundingMessage,
+                    endpointText: tryDecodeUtf8(chainDomain.endpoint),
+                    delegateScriptPubKeyHex: bytesToHex(chainDomain.delegate),
+                    minerScriptPubKeyHex: bytesToHex(chainDomain.miner),
+                    fieldCount: listFields(context.snapshot.state, chainDomain.domainId).length,
+                    listingPriceCogtoshi: getListing(context.snapshot.state, chainDomain.domainId)?.priceCogtoshi ?? null,
+                    activeLockCount: listActiveLocksByDomain(context.snapshot.state, chainDomain.domainId).length,
+                    selfStakeCogtoshi: getReputation(context.snapshot.state, chainDomain.domainId)?.selfStake ?? null,
+                    supportedStakeCogtoshi: getReputation(context.snapshot.state, chainDomain.domainId)?.supportedStake ?? null,
+                    totalSupportedCogtoshi: getReputation(context.snapshot.state, chainDomain.domainId)?.totalSupported ?? null,
+                    totalRevokedCogtoshi: getReputation(context.snapshot.state, chainDomain.domainId)?.totalRevoked ?? null,
+                    readOnly: false,
+                    localRelationship: "external",
+                };
+            })()
+            : null);
+    if (domain === null) {
+        return null;
+    }
+    return {
+        domain,
+        localRelationship: domain.localRelationship,
+    };
+}
+export function listDomainFields(context, name) {
+    if (context.snapshot === null) {
+        return null;
+    }
+    const domain = lookupDomain(context.snapshot.state, name);
+    if (domain === null) {
+        return null;
+    }
+    return listFields(context.snapshot.state, domain.domainId)
+        .slice()
+        .sort((left, right) => left.fieldId - right.fieldId)
+        .map((field) => {
+        const value = readDomainDataByName(context.snapshot.state, domain.domainId, field.name);
+        return {
+            domainName: name,
+            domainId: domain.domainId,
+            fieldId: field.fieldId,
+            name: field.name,
+            permanent: field.permanent,
+            hasValue: value !== null,
+            format: value?.format ?? null,
+            preview: value === null ? null : createFieldPreview(value.value, value.format),
+            rawValueHex: value === null ? null : Buffer.from(value.value).toString("hex"),
+        };
+    });
+}
+export function findDomainField(context, domainName, fieldName) {
+    return listDomainFields(context, domainName)?.find((field) => field.name === fieldName) ?? null;
+}
+export function createFieldPreview(value, format) {
+    if (value.length === 0) {
+        return "(empty)";
+    }
+    const decoded = tryDecodeUtf8(value);
+    if ((format === 0x02 || format === 0x09) && decoded !== null) {
+        return decoded.length <= 80 ? decoded : `${decoded.slice(0, 77)}...`;
+    }
+    const hex = Buffer.from(value).toString("hex");
+    return hex.length <= 64 ? `hex:${hex}` : `hex:${hex.slice(0, 61)}...`;
+}
+export function formatFieldFormat(format) {
+    if (format === null) {
+        return "none";
+    }
+    if (format === 0x00) {
+        return "clear (0x00)";
+    }
+    if (format === 0x01) {
+        return "bytes (0x01)";
+    }
+    if (format === 0x02) {
+        return "text (0x02)";
+    }
+    if (format === 0x09) {
+        return "json (0x09)";
+    }
+    return `raw (0x${format.toString(16).padStart(2, "0")})`;
+}
+function readDomainDataByName(state, domainId, fieldName) {
+    const key = `${domainId}:${fieldName}`;
+    const fieldId = state.consensus.fieldIdsByName.get(key);
+    if (fieldId === undefined) {
+        return null;
+    }
+    return state.consensus.domainData.get(`${domainId}:${fieldId}`) ?? null;
+}

package/dist/wallet/read/types.d.ts

@@ -0,0 +1,144 @@
+import type { IndexerState } from "@cogcoin/indexer/types";
+import type { ManagedBitcoindHealth, ManagedBitcoindObservedStatus, ManagedCoreWalletReplicaStatus, ManagedIndexerDaemonObservedStatus, ManagedIndexerTruthSource } from "../../bitcoind/types.js";
+import type { ClientTip } from "../../types.js";
+import type { MiningControlPlaneView } from "../mining/index.js";
+import type { DomainRecord as LocalDomainRecord, LocalIdentityRecord, WalletStateV1 } from "../types.js";
+export type WalletStateAvailability = "uninitialized" | "locked" | "ready" | "local-state-corrupt";
+export type WalletServiceHealth = "synced" | "catching-up" | "reorging" | "starting" | "stale-heartbeat" | "failed" | "schema-mismatch" | "service-version-mismatch" | "wallet-root-mismatch" | "unavailable";
+export interface WalletLocalStateStatus {
+    availability: WalletStateAvailability;
+    walletRootId: string | null;
+    state: WalletStateV1 | null;
+    source: "primary" | "backup" | null;
+    unlockUntilUnixMs: number | null;
+    hasPrimaryStateFile: boolean;
+    hasBackupStateFile: boolean;
+    hasUnlockSessionFile: boolean;
+    message: string | null;
+}
+export interface WalletNodeStatus {
+    ready: boolean;
+    chain: string;
+    pid: number | null;
+    walletRootId: string | null;
+    nodeBestHeight: number | null;
+    nodeBestHashHex: string | null;
+    nodeHeaderHeight: number | null;
+    serviceUpdatedAtUnixMs: number | null;
+    serviceStatus: ManagedBitcoindObservedStatus | null;
+    walletReplica: ManagedCoreWalletReplicaStatus | null;
+    walletReplicaMessage?: string | null;
+}
+export interface WalletBitcoindStatus {
+    health: ManagedBitcoindHealth;
+    status: ManagedBitcoindObservedStatus | null;
+    message: string | null;
+}
+export interface WalletIndexerStatus {
+    health: WalletServiceHealth;
+    status: ManagedIndexerDaemonObservedStatus | null;
+    message: string | null;
+    snapshotTip: ClientTip | null;
+    source?: ManagedIndexerTruthSource;
+    daemonInstanceId?: string | null;
+    snapshotSeq?: string | null;
+    openedAtUnixMs?: number | null;
+}
+export interface WalletSnapshotView {
+    state: IndexerState;
+    tip: ClientTip | null;
+    source?: "lease";
+    daemonInstanceId?: string | null;
+    snapshotSeq?: string | null;
+    openedAtUnixMs?: number | null;
+}
+export interface WalletIdentityView {
+    index: number;
+    scriptPubKeyHex: string;
+    address: string | null;
+    selectors: string[];
+    assignedDomainNames: string[];
+    localStatus: LocalIdentityRecord["status"];
+    effectiveStatus: LocalIdentityRecord["status"];
+    canonicalDomainId: number | null;
+    canonicalDomainName: string | null;
+    ownedDomainNames: string[];
+    anchoredOwnedDomainNames: string[];
+    observedCogBalance: bigint | null;
+    readOnly: boolean;
+}
+export interface WalletDomainView {
+    name: string;
+    domainId: number | null;
+    anchored: boolean | null;
+    ownerScriptPubKeyHex: string | null;
+    ownerLocalIndex: number | null;
+    ownerAddress: string | null;
+    localTracked: boolean;
+    localRecord: LocalDomainRecord | null;
+    chainFound: boolean;
+    chainStatus: LocalDomainRecord["canonicalChainStatus"];
+    localAnchorIntent: LocalDomainRecord["localAnchorIntent"] | null;
+    foundingMessageText: string | null;
+    endpointText: string | null;
+    delegateScriptPubKeyHex: string | null;
+    minerScriptPubKeyHex: string | null;
+    fieldCount: number | null;
+    listingPriceCogtoshi: bigint | null;
+    activeLockCount: number | null;
+    selfStakeCogtoshi: bigint | null;
+    supportedStakeCogtoshi: bigint | null;
+    totalSupportedCogtoshi: bigint | null;
+    totalRevokedCogtoshi: bigint | null;
+    readOnly: boolean;
+    localRelationship: "owned" | "read-only" | "tracked" | "external" | "unknown";
+}
+export interface WalletReadModel {
+    walletRootId: string;
+    fundingIdentity: WalletIdentityView | null;
+    identities: WalletIdentityView[];
+    domains: WalletDomainView[];
+    readOnlyIdentityCount: number;
+}
+export interface WalletReadContext {
+    dataDir: string;
+    databasePath: string;
+    localState: WalletLocalStateStatus;
+    bitcoind: WalletBitcoindStatus;
+    nodeStatus: WalletNodeStatus | null;
+    nodeHealth: WalletServiceHealth;
+    nodeMessage: string | null;
+    indexer: WalletIndexerStatus;
+    snapshot: WalletSnapshotView | null;
+    model: WalletReadModel | null;
+    mining?: MiningControlPlaneView;
+    close(): Promise<void>;
+}
+export interface WalletLockView {
+    lockId: number;
+    status: "active" | "claimed" | "reclaimed";
+    amountCogtoshi: bigint;
+    timeoutHeight: number;
+    lockerScriptPubKeyHex: string;
+    lockerLocalIndex: number | null;
+    recipientDomainId: number;
+    recipientDomainName: string | null;
+    recipientLocal: boolean;
+    claimableNow: boolean;
+    reclaimableNow: boolean;
+}
+export interface WalletFieldView {
+    domainName: string;
+    domainId: number;
+    fieldId: number;
+    name: string;
+    permanent: boolean;
+    hasValue: boolean;
+    format: number | null;
+    preview: string | null;
+    rawValueHex: string | null;
+}
+export interface WalletDomainDetailsView {
+    domain: WalletDomainView;
+    localRelationship: WalletDomainView["localRelationship"];
+}

package/dist/wallet/read/types.js

@@ -0,0 +1 @@
+export {};

package/dist/wallet/runtime.d.ts

@@ -0,0 +1,26 @@
+import type { CogcoinPathResolution } from "../app-paths.js";
+export interface WalletRuntimePaths {
+    dataRoot: string;
+    clientConfigPath: string;
+    runtimeRoot: string;
+    hooksRoot: string;
+    stateRoot: string;
+    bitcoinDataDir: string;
+    indexerRoot: string;
+    walletStatePath: string;
+    walletStateBackupPath: string;
+    walletUnlockSessionPath: string;
+    walletControlLockPath: string;
+    bitcoindLockPath: string;
+    bitcoindStatusPath: string;
+    indexerDaemonLockPath: string;
+    indexerStatusPath: string;
+    hooksMiningDir: string;
+    hooksMiningEntrypointPath: string;
+    hooksMiningPackageJsonPath: string;
+    miningRoot: string;
+    miningStatusPath: string;
+    miningEventsPath: string;
+    miningControlLockPath: string;
+}
+export declare function resolveWalletRuntimePathsForTesting(resolution?: CogcoinPathResolution): WalletRuntimePaths;

package/dist/wallet/runtime.js

@@ -0,0 +1,28 @@
+import { resolveCogcoinPathsForTesting } from "../app-paths.js";
+export function resolveWalletRuntimePathsForTesting(resolution = {}) {
+    const paths = resolveCogcoinPathsForTesting(resolution);
+    return {
+        dataRoot: paths.dataRoot,
+        clientConfigPath: paths.clientConfigPath,
+        runtimeRoot: paths.runtimeRoot,
+        hooksRoot: paths.hooksRoot,
+        stateRoot: paths.stateRoot,
+        bitcoinDataDir: paths.bitcoinDataDir,
+        indexerRoot: paths.indexerRoot,
+        walletStatePath: paths.walletStatePath,
+        walletStateBackupPath: paths.walletStateBackupPath,
+        walletUnlockSessionPath: paths.walletUnlockSessionPath,
+        walletControlLockPath: paths.walletControlLockPath,
+        bitcoindLockPath: paths.bitcoindLockPath,
+        bitcoindStatusPath: paths.bitcoindStatusPath,
+        indexerDaemonLockPath: paths.indexerDaemonLockPath,
+        indexerStatusPath: paths.indexerStatusPath,
+        hooksMiningDir: paths.hooksMiningDir,
+        hooksMiningEntrypointPath: paths.hooksMiningEntrypointPath,
+        hooksMiningPackageJsonPath: paths.hooksMiningPackageJsonPath,
+        miningRoot: paths.miningRoot,
+        miningStatusPath: paths.miningStatusPath,
+        miningEventsPath: paths.miningEventsPath,
+        miningControlLockPath: paths.miningControlLockPath,
+    };
+}

package/dist/wallet/state/crypto.d.ts

@@ -0,0 +1,31 @@
+import type { Argon2EnvelopeParams, EncryptedEnvelopeV1 } from "../types.js";
+import type { WalletSecretProvider, WalletSecretReference } from "./provider.js";
+export interface DeriveKeyOptions {
+    memoryKib?: number;
+    iterations?: number;
+    parallelism?: number;
+    salt?: Uint8Array;
+}
+export interface DerivedKeyMaterial {
+    readonly key: Buffer;
+    readonly params: Argon2EnvelopeParams;
+}
+export declare function deriveKeyFromPassphrase(passphrase: Uint8Array | string, options?: DeriveKeyOptions): Promise<DerivedKeyMaterial>;
+export declare function rederiveKeyFromEnvelope(passphrase: Uint8Array | string, envelope: EncryptedEnvelopeV1): Promise<Buffer>;
+export declare function encryptBytesWithKey(plaintext: Uint8Array, key: Uint8Array, metadata: {
+    format: string;
+    wrappedBy: string;
+    argon2id?: Argon2EnvelopeParams | null;
+    secretProvider?: WalletSecretReference | null;
+}): EncryptedEnvelopeV1;
+export declare function decryptBytesWithKey(envelope: EncryptedEnvelopeV1, key: Uint8Array): Buffer;
+export declare function encryptJsonWithPassphrase<T>(value: T, passphrase: Uint8Array | string, metadata: {
+    format: string;
+    wrappedBy?: string;
+}): Promise<EncryptedEnvelopeV1>;
+export declare function encryptJsonWithSecretProvider<T>(value: T, provider: WalletSecretProvider, secretReference: WalletSecretReference, metadata: {
+    format: string;
+    wrappedBy?: string;
+}): Promise<EncryptedEnvelopeV1>;
+export declare function decryptJsonWithPassphrase<T>(envelope: EncryptedEnvelopeV1, passphrase: Uint8Array | string): Promise<T>;
+export declare function decryptJsonWithSecretProvider<T>(envelope: EncryptedEnvelopeV1, provider: WalletSecretProvider): Promise<T>;

package/dist/wallet/state/crypto.js

@@ -0,0 +1,127 @@
+import { argon2, createCipheriv, createDecipheriv, randomBytes, } from "node:crypto";
+const DEFAULT_ARGON2_MEMORY_KIB = 65_536;
+const DEFAULT_ARGON2_ITERATIONS = 3;
+const DEFAULT_ARGON2_PARALLELISM = 1;
+const DERIVED_KEY_LENGTH = 32;
+const GCM_NONCE_BYTES = 12;
+const ARGON2_SALT_BYTES = 16;
+const BIGINT_JSON_TAG = "$cogcoinBigInt";
+function jsonReplacer(_key, value) {
+    if (typeof value === "bigint") {
+        return {
+            [BIGINT_JSON_TAG]: value.toString(),
+        };
+    }
+    return value;
+}
+function jsonReviver(_key, value) {
+    if (value !== null
+        && typeof value === "object"
+        && BIGINT_JSON_TAG in value
+        && typeof value[BIGINT_JSON_TAG] === "string") {
+        return BigInt(value[BIGINT_JSON_TAG]);
+    }
+    return value;
+}
+function deriveArgon2Key(message, nonce, memoryKib, iterations, parallelism) {
+    return new Promise((resolve, reject) => {
+        argon2("argon2id", {
+            message,
+            nonce,
+            memory: memoryKib,
+            passes: iterations,
+            parallelism,
+            tagLength: DERIVED_KEY_LENGTH,
+        }, (error, derivedKey) => {
+            if (error) {
+                reject(error);
+                return;
+            }
+            resolve(Buffer.from(derivedKey));
+        });
+    });
+}
+export async function deriveKeyFromPassphrase(passphrase, options = {}) {
+    const salt = Buffer.from(options.salt ?? randomBytes(ARGON2_SALT_BYTES));
+    const passphraseBytes = typeof passphrase === "string"
+        ? Buffer.from(passphrase, "utf8")
+        : Buffer.from(passphrase);
+    const memoryKib = options.memoryKib ?? DEFAULT_ARGON2_MEMORY_KIB;
+    const iterations = options.iterations ?? DEFAULT_ARGON2_ITERATIONS;
+    const parallelism = options.parallelism ?? DEFAULT_ARGON2_PARALLELISM;
+    const key = await deriveArgon2Key(passphraseBytes, salt, memoryKib, iterations, parallelism);
+    return {
+        key,
+        params: {
+            name: "argon2id",
+            memoryKib,
+            iterations,
+            parallelism,
+            salt: salt.toString("base64"),
+        },
+    };
+}
+export async function rederiveKeyFromEnvelope(passphrase, envelope) {
+    if (envelope.argon2id == null) {
+        throw new Error("wallet_envelope_not_passphrase_wrapped");
+    }
+    const passphraseBytes = typeof passphrase === "string"
+        ? Buffer.from(passphrase, "utf8")
+        : Buffer.from(passphrase);
+    const salt = Buffer.from(envelope.argon2id.salt, "base64");
+    return deriveArgon2Key(passphraseBytes, salt, envelope.argon2id.memoryKib, envelope.argon2id.iterations, envelope.argon2id.parallelism);
+}
+export function encryptBytesWithKey(plaintext, key, metadata) {
+    const nonce = randomBytes(GCM_NONCE_BYTES);
+    const cipher = createCipheriv("aes-256-gcm", Buffer.from(key), nonce);
+    const ciphertext = Buffer.concat([cipher.update(Buffer.from(plaintext)), cipher.final()]);
+    const tag = cipher.getAuthTag();
+    return {
+        format: metadata.format,
+        version: 1,
+        cipher: "aes-256-gcm",
+        wrappedBy: metadata.wrappedBy,
+        argon2id: metadata.argon2id ?? null,
+        secretProvider: metadata.secretProvider ?? null,
+        nonce: nonce.toString("base64"),
+        tag: tag.toString("base64"),
+        ciphertext: ciphertext.toString("base64"),
+    };
+}
+export function decryptBytesWithKey(envelope, key) {
+    const decipher = createDecipheriv("aes-256-gcm", Buffer.from(key), Buffer.from(envelope.nonce, "base64"));
+    decipher.setAuthTag(Buffer.from(envelope.tag, "base64"));
+    return Buffer.concat([
+        decipher.update(Buffer.from(envelope.ciphertext, "base64")),
+        decipher.final(),
+    ]);
+}
+export async function encryptJsonWithPassphrase(value, passphrase, metadata) {
+    const derived = await deriveKeyFromPassphrase(passphrase);
+    return encryptBytesWithKey(Buffer.from(JSON.stringify(value, jsonReplacer)), derived.key, {
+        format: metadata.format,
+        wrappedBy: metadata.wrappedBy ?? "passphrase",
+        argon2id: derived.params,
+    });
+}
+export async function encryptJsonWithSecretProvider(value, provider, secretReference, metadata) {
+    const key = await provider.loadSecret(secretReference.keyId);
+    return encryptBytesWithKey(Buffer.from(JSON.stringify(value, jsonReplacer)), key, {
+        format: metadata.format,
+        wrappedBy: metadata.wrappedBy ?? "secret-provider",
+        secretProvider: secretReference,
+    });
+}
+export async function decryptJsonWithPassphrase(envelope, passphrase) {
+    const key = await rederiveKeyFromEnvelope(passphrase, envelope);
+    const plaintext = decryptBytesWithKey(envelope, key);
+    return JSON.parse(plaintext.toString("utf8"), jsonReviver);
+}
+export async function decryptJsonWithSecretProvider(envelope, provider) {
+    if (envelope.secretProvider == null) {
+        throw new Error("wallet_envelope_missing_secret_provider");
+    }
+    const key = await provider.loadSecret(envelope.secretProvider.keyId);
+    const plaintext = decryptBytesWithKey(envelope, key);
+    return JSON.parse(plaintext.toString("utf8"), jsonReviver);
+}