@cogcoin/client 1.1.5 → 1.1.7

package/dist/wallet/read/managed-services.js

@@ -0,0 +1,222 @@
+import { deserializeIndexerState, loadBundledGenesisParameters } from "@cogcoin/indexer";
+import { attachOrStartIndexerDaemon, INDEXER_DAEMON_BACKGROUND_FOLLOW_RECOVERY_FAILED, probeIndexerDaemon, readObservedIndexerDaemonStatus, readSnapshotWithRetry, } from "../../bitcoind/indexer-daemon.js";
+import { deriveManagedBitcoindWalletStatus, resolveManagedBitcoindProbeDecision, } from "../../bitcoind/managed-runtime/bitcoind-policy.js";
+import { deriveManagedIndexerWalletStatus, resolveIndexerDaemonProbeDecision, } from "../../bitcoind/managed-runtime/indexer-policy.js";
+import { createRpcClient } from "../../bitcoind/node.js";
+import { resolveCogcoinProcessingStartHeight } from "../../bitcoind/processing-start-height.js";
+import { attachOrStartManagedBitcoindService, probeManagedBitcoindService, } from "../../bitcoind/service.js";
+import { verifyManagedCoreWalletReplica } from "../lifecycle.js";
+const TOLERATED_NODE_HEADER_LEAD_BLOCKS = 2;
+const TOLERATED_NODE_HEADER_LEAD_MESSAGE = "Bitcoin headers can briefly lead validated blocks; a short 1-2 block lead is normal and is being tolerated.";
+const NODE_CATCHING_UP_MESSAGE = "Bitcoin Core is still catching up to headers.";
+const defaultManagedWalletReadServiceDeps = {
+    loadBundledGenesisParameters,
+    probeManagedBitcoindService,
+    attachOrStartManagedBitcoindService,
+    createRpcClient,
+    verifyManagedCoreWalletReplica,
+    probeIndexerDaemon,
+    attachOrStartIndexerDaemon,
+    readSnapshotWithRetry,
+    readObservedIndexerDaemonStatus,
+};
+function deriveNodeHealth(status, bitcoindHealth) {
+    if (bitcoindHealth !== "ready" || status === null || !status.ready) {
+        return {
+            health: "catching-up",
+            message: NODE_CATCHING_UP_MESSAGE,
+        };
+    }
+    const headerLead = status.nodeBestHeight !== null && status.nodeHeaderHeight !== null
+        ? status.nodeHeaderHeight - status.nodeBestHeight
+        : null;
+    if (headerLead !== null && headerLead > 0) {
+        if (headerLead <= TOLERATED_NODE_HEADER_LEAD_BLOCKS) {
+            return {
+                health: "synced",
+                message: TOLERATED_NODE_HEADER_LEAD_MESSAGE,
+            };
+        }
+        return {
+            health: "catching-up",
+            message: NODE_CATCHING_UP_MESSAGE,
+        };
+    }
+    return {
+        health: "synced",
+        message: null,
+    };
+}
+export function deriveNodeHealthForTesting(status, bitcoindHealth) {
+    return deriveNodeHealth(status, bitcoindHealth);
+}
+async function attachNodeStatus(options, dependencies) {
+    try {
+        const probe = await dependencies.probeManagedBitcoindService({
+            dataDir: options.dataDir,
+            chain: "main",
+            startHeight: 0,
+            walletRootId: options.walletRootId,
+            startupTimeoutMs: options.startupTimeoutMs,
+        });
+        const decision = resolveManagedBitcoindProbeDecision(probe);
+        if (decision.action === "reject") {
+            return {
+                handle: null,
+                rpc: null,
+                status: null,
+                observedStatus: probe.status,
+                error: decision.error,
+            };
+        }
+        const genesis = await dependencies.loadBundledGenesisParameters();
+        const handle = await dependencies.attachOrStartManagedBitcoindService({
+            dataDir: options.dataDir,
+            chain: "main",
+            startHeight: resolveCogcoinProcessingStartHeight(genesis),
+            walletRootId: options.walletRootId,
+            startupTimeoutMs: options.startupTimeoutMs,
+        });
+        const rpc = dependencies.createRpcClient(handle.rpc);
+        const [chainInfo, serviceStatus] = await Promise.all([
+            rpc.getBlockchainInfo(),
+            handle.refreshServiceStatus?.(),
+        ]);
+        const status = {
+            ready: true,
+            chain: chainInfo.chain,
+            pid: handle.pid,
+            walletRootId: handle.walletRootId ?? null,
+            nodeBestHeight: chainInfo.blocks,
+            nodeBestHashHex: chainInfo.bestblockhash,
+            nodeHeaderHeight: chainInfo.headers,
+            serviceUpdatedAtUnixMs: serviceStatus?.updatedAtUnixMs ?? null,
+            serviceStatus: serviceStatus ?? null,
+            walletReplica: serviceStatus?.walletReplica ?? null,
+            walletReplicaMessage: serviceStatus?.walletReplica?.message ?? null,
+        };
+        return {
+            handle,
+            rpc,
+            status,
+            observedStatus: serviceStatus ?? null,
+            error: null,
+        };
+    }
+    catch (error) {
+        return {
+            handle: null,
+            rpc: null,
+            status: null,
+            observedStatus: null,
+            error: error instanceof Error ? error.message : String(error),
+        };
+    }
+}
+export async function openManagedWalletReadServiceBundle(options, dependencies = defaultManagedWalletReadServiceDeps) {
+    const node = await attachNodeStatus({
+        dataDir: options.dataDir,
+        walletRootId: options.walletRootId,
+        startupTimeoutMs: options.startupTimeoutMs,
+    }, dependencies);
+    if (options.localState.state !== null && node.status !== null) {
+        const verifiedReplica = await dependencies.verifyManagedCoreWalletReplica(options.localState.state, options.dataDir, {
+            nodeHandle: node.handle ?? undefined,
+        });
+        node.status = {
+            ...node.status,
+            walletReplica: verifiedReplica,
+            walletReplicaMessage: verifiedReplica.message ?? null,
+        };
+    }
+    const bitcoind = deriveManagedBitcoindWalletStatus({
+        status: node.observedStatus,
+        nodeStatus: node.status,
+        startupError: node.error,
+    });
+    const nodeDerived = deriveNodeHealth(node.status, bitcoind.health);
+    let daemonClient = null;
+    let daemonStatus = null;
+    let observedDaemonStatus = null;
+    let snapshot = null;
+    let indexerSource = "none";
+    let daemonError = null;
+    try {
+        const probe = await dependencies.probeIndexerDaemon({
+            dataDir: options.dataDir,
+            walletRootId: options.walletRootId,
+        });
+        const probeDecision = resolveIndexerDaemonProbeDecision({
+            probe,
+            expectedBinaryVersion: options.expectedIndexerBinaryVersion,
+        });
+        if (probeDecision.action !== "reject") {
+            await probe.client?.close().catch(() => undefined);
+            daemonClient = await dependencies.attachOrStartIndexerDaemon({
+                dataDir: options.dataDir,
+                databasePath: options.databasePath,
+                walletRootId: options.walletRootId,
+                startupTimeoutMs: options.startupTimeoutMs,
+                ensureBackgroundFollow: true,
+                expectedBinaryVersion: options.expectedIndexerBinaryVersion,
+            });
+        }
+        else {
+            observedDaemonStatus = probe.status;
+            indexerSource = probe.status === null ? "none" : "probe";
+            daemonError = probeDecision.error;
+        }
+        if (daemonClient !== null) {
+            const lease = await dependencies.readSnapshotWithRetry(daemonClient, options.walletRootId);
+            daemonStatus = lease.status;
+            observedDaemonStatus = lease.status;
+            snapshot = {
+                tip: lease.payload.tip,
+                state: deserializeIndexerState(Buffer.from(lease.payload.stateBase64, "base64")),
+                source: "lease",
+                daemonInstanceId: lease.payload.daemonInstanceId,
+                snapshotSeq: lease.payload.snapshotSeq,
+                openedAtUnixMs: lease.payload.openedAtUnixMs,
+            };
+            indexerSource = "lease";
+        }
+    }
+    catch (error) {
+        daemonError = error instanceof Error ? error.message : String(error);
+        if (daemonError === INDEXER_DAEMON_BACKGROUND_FOLLOW_RECOVERY_FAILED) {
+            await daemonClient?.close().catch(() => undefined);
+            await node.handle?.stop().catch(() => undefined);
+            throw error;
+        }
+        if (observedDaemonStatus === null) {
+            observedDaemonStatus = await dependencies.readObservedIndexerDaemonStatus({
+                dataDir: options.dataDir,
+                walletRootId: options.walletRootId,
+            }).catch(() => null);
+            if (observedDaemonStatus !== null) {
+                indexerSource = "status-file";
+            }
+        }
+    }
+    const indexer = deriveManagedIndexerWalletStatus({
+        daemonStatus,
+        observedStatus: observedDaemonStatus,
+        snapshot,
+        source: indexerSource,
+        now: options.now,
+        startupError: daemonError,
+    });
+    return {
+        node,
+        bitcoind,
+        nodeHealth: nodeDerived.health,
+        nodeMessage: nodeDerived.message,
+        daemonClient,
+        indexer,
+        snapshot,
+        async close() {
+            await daemonClient?.close().catch(() => undefined);
+            await node.handle?.stop().catch(() => undefined);
+        },
+    };
+}

package/dist/wallet/state/client-password/bootstrap.d.ts

@@ -0,0 +1,2 @@
+import type { ClientPasswordAgentBootstrapState } from "./types.js";
+export declare function createAgentBootstrapState(state: ClientPasswordAgentBootstrapState): ClientPasswordAgentBootstrapState;

package/dist/wallet/state/client-password/bootstrap.js

@@ -0,0 +1,3 @@
+export function createAgentBootstrapState(state) {
+    return state;
+}

package/dist/wallet/state/client-password/context.d.ts

@@ -0,0 +1,10 @@
+import type { WalletRuntimePaths } from "../../runtime.js";
+import type { ClientPasswordResolvedContext, ClientPasswordStorageOptions } from "./types.js";
+export declare function resolveLocalSecretFilePath(directoryPath: string, keyId: string): string;
+export declare function resolveClientPasswordStatePath(directoryPath: string): string;
+export declare function resolveClientPasswordRotationJournalPath(directoryPath: string): string;
+export declare function isMissingFileError(error: unknown): boolean;
+export declare function createRuntimeError(code: string, cause?: unknown): Error;
+export declare function resolveClientPasswordContext(options: ClientPasswordStorageOptions): ClientPasswordResolvedContext;
+export declare function resolveClientPasswordStorageOptionsForWalletPaths(paths: Pick<WalletRuntimePaths, "stateRoot" | "runtimeRoot">, platform?: NodeJS.Platform): ClientPasswordStorageOptions;
+export declare function createLegacyKeychainServiceName(): string;

package/dist/wallet/state/client-password/context.js

@@ -0,0 +1,46 @@
+import { join } from "node:path";
+function sanitizeSecretKeyId(keyId) {
+    return keyId.replace(/[^a-zA-Z0-9._-]+/g, "-");
+}
+export function resolveLocalSecretFilePath(directoryPath, keyId) {
+    return join(directoryPath, `${sanitizeSecretKeyId(keyId)}.secret`);
+}
+export function resolveClientPasswordStatePath(directoryPath) {
+    return join(directoryPath, "client-password.json");
+}
+export function resolveClientPasswordRotationJournalPath(directoryPath) {
+    return join(directoryPath, "client-password-rotation.json");
+}
+export function isMissingFileError(error) {
+    return error instanceof Error
+        && "code" in error
+        && error.code === "ENOENT";
+}
+export function createRuntimeError(code, cause) {
+    return cause === undefined ? new Error(code) : new Error(code, { cause });
+}
+export function resolveClientPasswordContext(options) {
+    return {
+        ...options,
+        legacyMacKeychainReader: options.legacyMacKeychainReader ?? null,
+        passwordStatePath: resolveClientPasswordStatePath(options.directoryPath),
+        rotationJournalPath: resolveClientPasswordRotationJournalPath(options.directoryPath),
+    };
+}
+export function resolveClientPasswordStorageOptionsForWalletPaths(paths, platform = process.platform) {
+    return {
+        platform,
+        stateRoot: paths.stateRoot,
+        runtimeRoot: paths.runtimeRoot,
+        directoryPath: join(paths.stateRoot, "secrets"),
+        runtimeErrorCode: platform === "win32"
+            ? "wallet_secret_provider_windows_runtime_error"
+            : platform === "darwin"
+                ? "wallet_secret_provider_macos_runtime_error"
+                : "wallet_secret_provider_linux_runtime_error",
+        legacyMacKeychainReader: null,
+    };
+}
+export function createLegacyKeychainServiceName() {
+    return "org.cogcoin.wallet";
+}

package/dist/wallet/state/client-password/crypto.d.ts

@@ -0,0 +1,34 @@
+import type { ClientPasswordStateV1, WrappedSecretEnvelopeV1 } from "./types.js";
+export declare const CLIENT_PASSWORD_DEFAULT_UNLOCK_SECONDS = 3600;
+export declare const CLIENT_PASSWORD_SETUP_AUTO_UNLOCK_SECONDS = 86400;
+export declare function zeroizeBuffer(buffer: Uint8Array | null | undefined): void;
+export declare function derivePasswordKey(passwordBytes: Uint8Array, saltBytes: Uint8Array): Promise<Buffer>;
+export declare function createClientPasswordState(options: {
+    passwordBytes: Uint8Array;
+    passwordHint: string;
+}): Promise<{
+    state: ClientPasswordStateV1;
+    derivedKey: Buffer;
+}>;
+export declare function createWrappedSecretEnvelope(secret: Uint8Array, derivedKey: Uint8Array): WrappedSecretEnvelopeV1;
+export declare function verifyPassword(options: {
+    state: ClientPasswordStateV1;
+    passwordBytes: Uint8Array;
+}): Promise<Buffer | null>;
+export declare function decryptWrappedSecretEnvelope(envelope: WrappedSecretEnvelopeV1, derivedKey: Uint8Array): Uint8Array;
+export declare function encryptSessionSecretBase64(options: {
+    key: Uint8Array;
+    secretBase64: string;
+}): {
+    nonce: string;
+    tag: string;
+    ciphertext: string;
+};
+export declare function decryptSessionSecretBase64(options: {
+    key: Uint8Array;
+    envelope: {
+        nonce: string;
+        tag: string;
+        ciphertext: string;
+    };
+}): string;

package/dist/wallet/state/client-password/crypto.js

@@ -0,0 +1,117 @@
+import { createCipheriv, createDecipheriv, randomBytes, } from "node:crypto";
+import { argon2idAsync } from "@noble/hashes/argon2.js";
+import { decryptBytesWithKey, encryptBytesWithKey } from "../crypto.js";
+import { CLIENT_PASSWORD_STATE_FORMAT, CLIENT_PASSWORD_VERIFIER_FORMAT, CLIENT_PASSWORD_VERIFIER_TEXT, LOCAL_SECRET_ENVELOPE_FORMAT, } from "./types.js";
+const CLIENT_PASSWORD_DERIVED_KEY_BYTES = 32;
+const CLIENT_PASSWORD_KDF = {
+    memoryKib: 65_536,
+    iterations: 3,
+    parallelism: 1,
+};
+export const CLIENT_PASSWORD_DEFAULT_UNLOCK_SECONDS = 3_600;
+export const CLIENT_PASSWORD_SETUP_AUTO_UNLOCK_SECONDS = 86_400;
+export function zeroizeBuffer(buffer) {
+    if (buffer != null) {
+        buffer.fill(0);
+    }
+}
+export async function derivePasswordKey(passwordBytes, saltBytes) {
+    return Buffer.from(await argon2idAsync(passwordBytes, saltBytes, {
+        m: CLIENT_PASSWORD_KDF.memoryKib,
+        t: CLIENT_PASSWORD_KDF.iterations,
+        p: CLIENT_PASSWORD_KDF.parallelism,
+        dkLen: CLIENT_PASSWORD_DERIVED_KEY_BYTES,
+    }));
+}
+export async function createClientPasswordState(options) {
+    const salt = randomBytes(16);
+    const derivedKey = await derivePasswordKey(options.passwordBytes, salt);
+    const verifier = encryptBytesWithKey(Buffer.from(CLIENT_PASSWORD_VERIFIER_TEXT, "utf8"), derivedKey, {
+        format: CLIENT_PASSWORD_VERIFIER_FORMAT,
+        wrappedBy: "client-password-verifier",
+    });
+    return {
+        state: {
+            format: CLIENT_PASSWORD_STATE_FORMAT,
+            version: 1,
+            passwordHint: options.passwordHint,
+            kdf: {
+                name: "argon2id",
+                memoryKib: CLIENT_PASSWORD_KDF.memoryKib,
+                iterations: CLIENT_PASSWORD_KDF.iterations,
+                parallelism: CLIENT_PASSWORD_KDF.parallelism,
+                salt: salt.toString("base64"),
+            },
+            verifier: {
+                cipher: "aes-256-gcm",
+                nonce: verifier.nonce,
+                tag: verifier.tag,
+                ciphertext: verifier.ciphertext,
+            },
+        },
+        derivedKey,
+    };
+}
+export function createWrappedSecretEnvelope(secret, derivedKey) {
+    const envelope = encryptBytesWithKey(secret, derivedKey, {
+        format: LOCAL_SECRET_ENVELOPE_FORMAT,
+        wrappedBy: "client-password",
+    });
+    return {
+        format: LOCAL_SECRET_ENVELOPE_FORMAT,
+        version: 1,
+        cipher: "aes-256-gcm",
+        wrappedBy: "client-password",
+        nonce: envelope.nonce,
+        tag: envelope.tag,
+        ciphertext: envelope.ciphertext,
+    };
+}
+export async function verifyPassword(options) {
+    const derivedKey = await derivePasswordKey(options.passwordBytes, Buffer.from(options.state.kdf.salt, "base64"));
+    try {
+        const plaintext = decryptBytesWithKey({
+            format: CLIENT_PASSWORD_VERIFIER_FORMAT,
+            version: 1,
+            cipher: "aes-256-gcm",
+            wrappedBy: "client-password-verifier",
+            nonce: options.state.verifier.nonce,
+            tag: options.state.verifier.tag,
+            ciphertext: options.state.verifier.ciphertext,
+        }, derivedKey);
+        if (plaintext.toString("utf8") !== CLIENT_PASSWORD_VERIFIER_TEXT) {
+            zeroizeBuffer(derivedKey);
+            return null;
+        }
+        return derivedKey;
+    }
+    catch {
+        zeroizeBuffer(derivedKey);
+        return null;
+    }
+}
+export function decryptWrappedSecretEnvelope(envelope, derivedKey) {
+    return decryptBytesWithKey(envelope, derivedKey);
+}
+export function encryptSessionSecretBase64(options) {
+    const nonce = randomBytes(12);
+    const cipher = createCipheriv("aes-256-gcm", options.key, nonce);
+    const ciphertext = Buffer.concat([
+        cipher.update(Buffer.from(options.secretBase64, "base64")),
+        cipher.final(),
+    ]);
+    const tag = cipher.getAuthTag();
+    return {
+        nonce: nonce.toString("base64"),
+        tag: tag.toString("base64"),
+        ciphertext: ciphertext.toString("base64"),
+    };
+}
+export function decryptSessionSecretBase64(options) {
+    const decipher = createDecipheriv("aes-256-gcm", options.key, Buffer.from(options.envelope.nonce, "base64"));
+    decipher.setAuthTag(Buffer.from(options.envelope.tag, "base64"));
+    return Buffer.concat([
+        decipher.update(Buffer.from(options.envelope.ciphertext, "base64")),
+        decipher.final(),
+    ]).toString("base64");
+}

package/dist/wallet/state/client-password/files.d.ts

@@ -0,0 +1,10 @@
+import type { ClientPasswordRotationJournalV1, ClientPasswordStateV1, LocalSecretFile, WrappedSecretEnvelopeV1 } from "./types.js";
+export declare function readLocalSecretFile(path: string): Promise<LocalSecretFile>;
+export declare function loadClientPasswordStateOrNull(path: string): Promise<ClientPasswordStateV1 | null>;
+export declare function loadClientPasswordRotationJournalOrNull(path: string): Promise<ClientPasswordRotationJournalV1 | null>;
+export declare function writeClientPasswordState(path: string, state: ClientPasswordStateV1): Promise<void>;
+export declare function writeClientPasswordRotationJournal(path: string, journal: ClientPasswordRotationJournalV1): Promise<void>;
+export declare function writeWrappedSecretEnvelope(path: string, envelope: WrappedSecretEnvelopeV1): Promise<void>;
+export declare function listLocalSecretFilesForTesting(options: {
+    directoryPath: string;
+}): Promise<string[]>;

package/dist/wallet/state/client-password/files.js

@@ -0,0 +1,109 @@
+import { readdir, readFile } from "node:fs/promises";
+import { writeJsonFileAtomic } from "../../fs/atomic.js";
+import { isMissingFileError, } from "./context.js";
+import { CLIENT_PASSWORD_ROTATION_JOURNAL_FORMAT, CLIENT_PASSWORD_STATE_FORMAT, LOCAL_SECRET_ENVELOPE_FORMAT, } from "./types.js";
+function isClientPasswordStateV1(value) {
+    return value !== null
+        && typeof value === "object"
+        && value.format === CLIENT_PASSWORD_STATE_FORMAT
+        && value.version === 1
+        && typeof value.passwordHint === "string"
+        && value.kdf?.name === "argon2id"
+        && typeof value.verifier?.nonce === "string"
+        && typeof value.verifier?.tag === "string"
+        && typeof value.verifier?.ciphertext === "string";
+}
+function isWrappedSecretEnvelope(value) {
+    return value !== null
+        && typeof value === "object"
+        && value.format === LOCAL_SECRET_ENVELOPE_FORMAT
+        && value.version === 1
+        && value.cipher === "aes-256-gcm"
+        && value.wrappedBy === "client-password"
+        && typeof value.nonce === "string"
+        && typeof value.tag === "string"
+        && typeof value.ciphertext === "string";
+}
+function isClientPasswordRotationJournalV1(value) {
+    return value !== null
+        && typeof value === "object"
+        && value.format === CLIENT_PASSWORD_ROTATION_JOURNAL_FORMAT
+        && value.version === 1
+        && isClientPasswordStateV1(value.nextState)
+        && Array.isArray(value.secrets)
+        && (value.secrets).every((entry) => (entry !== null
+            && typeof entry === "object"
+            && typeof entry.keyId === "string"
+            && entry.keyId.trim().length > 0
+            && isWrappedSecretEnvelope(entry.envelope)));
+}
+export async function readLocalSecretFile(path) {
+    try {
+        const raw = await readFile(path, "utf8");
+        const trimmed = raw.trim();
+        try {
+            const parsed = JSON.parse(trimmed);
+            if (isWrappedSecretEnvelope(parsed)) {
+                return {
+                    state: "wrapped",
+                    envelope: parsed,
+                };
+            }
+        }
+        catch {
+            // Legacy local secrets were raw base64 bytes.
+        }
+        return {
+            state: "raw",
+            secret: new Uint8Array(Buffer.from(trimmed, "base64")),
+        };
+    }
+    catch (error) {
+        if (isMissingFileError(error)) {
+            return { state: "missing" };
+        }
+        throw error;
+    }
+}
+export async function loadClientPasswordStateOrNull(path) {
+    try {
+        const parsed = JSON.parse(await readFile(path, "utf8"));
+        if (!isClientPasswordStateV1(parsed)) {
+            return null;
+        }
+        return parsed;
+    }
+    catch (error) {
+        if (isMissingFileError(error)) {
+            return null;
+        }
+        return null;
+    }
+}
+export async function loadClientPasswordRotationJournalOrNull(path) {
+    try {
+        const parsed = JSON.parse(await readFile(path, "utf8"));
+        if (!isClientPasswordRotationJournalV1(parsed)) {
+            return null;
+        }
+        return parsed;
+    }
+    catch (error) {
+        if (isMissingFileError(error)) {
+            return null;
+        }
+        return null;
+    }
+}
+export async function writeClientPasswordState(path, state) {
+    await writeJsonFileAtomic(path, state, { mode: 0o600 });
+}
+export async function writeClientPasswordRotationJournal(path, journal) {
+    await writeJsonFileAtomic(path, journal, { mode: 0o600 });
+}
+export async function writeWrappedSecretEnvelope(path, envelope) {
+    await writeJsonFileAtomic(path, envelope, { mode: 0o600 });
+}
+export function listLocalSecretFilesForTesting(options) {
+    return readdir(options.directoryPath).catch(() => []);
+}

package/dist/wallet/state/client-password/legacy-cleanup.d.ts

@@ -0,0 +1,11 @@
+import type { ClientPasswordResolvedContext } from "./types.js";
+export interface LegacyClientPasswordCleanupDependencies {
+    runCleanupPass?(context: ClientPasswordResolvedContext): Promise<void>;
+}
+export declare function resolveLegacyClientPasswordAgentEndpointForTesting(stateRoot: string, hostPlatform?: NodeJS.Platform): string;
+export declare function extractLegacyClientPasswordAgentProcessIdsForTesting(options: {
+    endpoint: string;
+    hostPlatform: NodeJS.Platform;
+    stdout: string;
+}): number[];
+export declare function cleanupLegacyClientPasswordArtifactsResolved(context: ClientPasswordResolvedContext, deps?: LegacyClientPasswordCleanupDependencies): Promise<void>;