@coinfello/agent-cli 0.1.11 → 0.1.13

package/README.md

@@ -101,6 +101,23 @@ Transaction submitted successfully.
 Transaction ID: <txn_hash_>
 ```
 
+### 6. signer-daemon
+
+Manages the Secure Enclave signing daemon. Without the daemon, each signing operation (account creation, sign-in, delegation signing) triggers a separate Touch ID / password prompt. Starting the daemon authenticates once and caches the authorization for subsequent operations.
+
+```bash
+# Start the daemon (prompts Touch ID / password once)
+node dist/index.js signer-daemon start
+
+# Check if the daemon is running
+node dist/index.js signer-daemon status
+
+# Stop the daemon
+node dist/index.js signer-daemon stop
+```
+
+If the daemon is not running, all signing operations fall back to direct Secure Enclave binary execution (which prompts Touch ID each time).
+
 ### Help
 
 View all commands and options:
@@ -109,4 +126,5 @@ View all commands and options:
 node dist/index.js --help
 node dist/index.js create_account --help
 node dist/index.js send_prompt --help
+node dist/index.js signer-daemon --help
 ```

package/dist/index.js

@@ -3,26 +3,143 @@ import { Command } from "commander";
 import { toMetaMaskSmartAccount, Implementation, createDelegation } from "@metamask/smart-accounts-kit";
 import { privateKeyToAccount, generatePrivateKey } from "viem/accounts";
 import { toWebAuthnAccount } from "viem/account-abstraction";
-import { createPublicClient, http, serializeErc6492Signature } from "viem";
 import * as chains from "viem/chains";
 import { createHash, randomBytes } from "node:crypto";
-import { execFile } from "node:child_process";
+import { execFile, spawn } from "node:child_process";
 import { promisify } from "node:util";
 import { dirname, join } from "node:path";
 import { fileURLToPath } from "node:url";
-import { platform, homedir } from "node:os";
-import { readFile, mkdir, writeFile } from "node:fs/promises";
+import { userInfo, platform, homedir } from "node:os";
+import { readFile, unlink, mkdir, writeFile } from "node:fs/promises";
+import { createConnection } from "node:net";
+import { http, createPublicClient as createPublicClient$1, serializeErc6492Signature } from "viem";
 import { createSiweMessage } from "viem/siwe";
 const execFileAsync = promisify(execFile);
 const __filename$1 = fileURLToPath(import.meta.url);
 const __dirname$1 = dirname(__filename$1);
 function getBinaryPath() {
-  return join(__dirname$1, "secure-enclave-signer.app", "Contents", "MacOS", "secure-enclave-signer");
+  const bundlePath = join(
+    __dirname$1,
+    "secure-enclave-signer.app",
+    "Contents",
+    "MacOS",
+    "secure-enclave-signer"
+  );
+  if (__dirname$1.includes("/src/")) {
+    const projectRoot = __dirname$1.split("/src/")[0];
+    return join(
+      projectRoot,
+      "dist",
+      "secure-enclave-signer.app",
+      "Contents",
+      "MacOS",
+      "secure-enclave-signer"
+    );
+  }
+  return bundlePath;
 }
+const SOCKET_PATH = `/tmp/coinfello-se-signer-${userInfo().username}.sock`;
+const PID_PATH = `/tmp/coinfello-se-signer-${userInfo().username}.pid`;
 function isSecureEnclaveAvailable() {
   return platform() === "darwin";
 }
-async function runCommand(args) {
+async function sendDaemonRequest(request) {
+  return new Promise((resolve, reject) => {
+    const client = createConnection({ path: SOCKET_PATH }, () => {
+      const data = JSON.stringify(request);
+      client.end(data);
+    });
+    let response = "";
+    client.on("data", (chunk) => {
+      response += chunk.toString();
+    });
+    client.on("end", () => {
+      try {
+        const parsed = JSON.parse(response.trim());
+        if (parsed.success) {
+          resolve(parsed.result);
+        } else {
+          reject(new Error(`SecureEnclave [${parsed.error}]: ${parsed.message}`));
+        }
+      } catch {
+        reject(new Error(`Invalid daemon response: ${response}`));
+      }
+    });
+    client.on("error", (err) => {
+      reject(err);
+    });
+    client.setTimeout(3e4, () => {
+      client.destroy();
+      reject(new Error("Daemon request timed out"));
+    });
+  });
+}
+async function isDaemonRunning() {
+  try {
+    await sendDaemonRequest({ command: "ping" });
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function startDaemon() {
+  const binaryPath = getBinaryPath();
+  const child = spawn(binaryPath, ["daemon"], {
+    detached: true,
+    stdio: ["ignore", "pipe", "pipe"]
+  });
+  child.unref();
+  return new Promise((resolve, reject) => {
+    let stdout = "";
+    let stderr = "";
+    child.stdout.on("data", (chunk) => {
+      stdout += chunk.toString();
+      try {
+        const ready = JSON.parse(stdout.trim());
+        if (ready.status === "ready") {
+          child.stdout.removeAllListeners();
+          child.stderr.removeAllListeners();
+          resolve({ pid: ready.pid, socket: ready.socket });
+        }
+      } catch {
+      }
+    });
+    child.stderr.on("data", (chunk) => {
+      stderr += chunk.toString();
+    });
+    child.on("error", (err) => {
+      reject(new Error(`Failed to start daemon: ${err.message}`));
+    });
+    child.on("exit", (code) => {
+      if (code !== 0) {
+        try {
+          const parsed = JSON.parse(stderr.trim());
+          reject(new Error(`Daemon exited: [${parsed.error}] ${parsed.message}`));
+        } catch {
+          reject(new Error(`Daemon exited with code ${code}: ${stderr}`));
+        }
+      }
+    });
+    setTimeout(() => reject(new Error("Daemon startup timed out")), 15e3);
+  });
+}
+async function stopDaemon() {
+  try {
+    const pidStr = await readFile(PID_PATH, "utf-8");
+    const pid = parseInt(pidStr.trim(), 10);
+    process.kill(pid, "SIGTERM");
+  } catch {
+    try {
+      await unlink(SOCKET_PATH);
+    } catch {
+    }
+    try {
+      await unlink(PID_PATH);
+    } catch {
+    }
+  }
+}
+async function runCommandDirect(args) {
   const binaryPath = getBinaryPath();
   try {
     const { stdout } = await execFileAsync(binaryPath, args, {
@@ -45,6 +162,24 @@ async function runCommand(args) {
     throw new Error(`SecureEnclave command failed: ${error.message ?? "Unknown error"}`);
   }
 }
+async function runCommand(args) {
+  try {
+    const command = args[0];
+    const request = { command };
+    if (command === "sign") {
+      const tagIdx = args.indexOf("--tag");
+      const payloadIdx = args.indexOf("--payload");
+      if (tagIdx >= 0 && tagIdx + 1 < args.length) request.tag = args[tagIdx + 1];
+      if (payloadIdx >= 0 && payloadIdx + 1 < args.length) request.payload = args[payloadIdx + 1];
+    } else if (command === "get-public-key") {
+      const tagIdx = args.indexOf("--tag");
+      if (tagIdx >= 0 && tagIdx + 1 < args.length) request.tag = args[tagIdx + 1];
+    }
+    return await sendDaemonRequest(request);
+  } catch {
+    return await runCommandDirect(args);
+  }
+}
 async function generateKey() {
   const result = await runCommand(["generate"]);
   return {
@@ -115,6 +250,30 @@ function toArrayBuffer(buf) {
   view.set(new Uint8Array(buf.buffer, buf.byteOffset, buf.byteLength));
   return ab;
 }
+const INFURA_API_KEY = process.env.INFURA_API_KEY ?? "b6bf7d3508c941499b10025c0776eaf8";
+const INFURA_CHAIN_NAMES = {
+  1: "mainnet",
+  11155111: "sepolia",
+  137: "polygon-mainnet",
+  80002: "polygon-amoy",
+  42161: "arbitrum-mainnet",
+  421614: "arbitrum-sepolia",
+  10: "optimism-mainnet",
+  11155420: "optimism-sepolia",
+  8453: "base-mainnet",
+  84532: "base-sepolia",
+  59144: "linea-mainnet",
+  59141: "linea-sepolia",
+  43114: "avalanche-mainnet",
+  43113: "avalanche-fuji",
+  56: "bsc-mainnet",
+  97: "bsc-testnet"
+};
+function createPublicClient(chain) {
+  const infuraName = INFURA_CHAIN_NAMES[chain.id];
+  const transport = infuraName ? http(`https://${infuraName}.infura.io/v3/${INFURA_API_KEY}`) : http();
+  return createPublicClient$1({ chain, transport });
+}
 function resolveChain(chainName) {
   const chain = chains[chainName];
   if (!chain) {
@@ -141,10 +300,7 @@ function resolveChainInput(chainInput) {
 }
 async function createSmartAccount(privateKey, chainInput) {
   const chain = resolveChainInput(chainInput);
-  const publicClient = createPublicClient({
-    chain,
-    transport: http()
-  });
+  const publicClient = createPublicClient(chain);
   const owner = privateKeyToAccount(privateKey);
   const smartAccount = await toMetaMaskSmartAccount({
     client: publicClient,
@@ -177,7 +333,7 @@ function createSubdelegation({
 }
 async function createSmartAccountWithSecureEnclave(chainInput) {
   const chain = resolveChainInput(chainInput);
-  const publicClient = createPublicClient({ chain, transport: http() });
+  const publicClient = createPublicClient(chain);
   const keyPair = await generateKey();
   const keyId = `0x${randomBytes(32).toString("hex")}`;
   const xHex = keyPair.x.toString(16).padStart(64, "0");
@@ -217,7 +373,7 @@ async function createSmartAccountWithSecureEnclave(chainInput) {
 }
 async function getSmartAccountFromSecureEnclave(keyTag, publicKeyX, publicKeyY, keyId, chainInput) {
   const chain = resolveChainInput(chainInput);
-  const publicClient = createPublicClient({ chain, transport: http() });
+  const publicClient = createPublicClient(chain);
   const xBigInt = BigInt(publicKeyX);
   const yBigInt = BigInt(publicKeyY);
   const xHex = xBigInt.toString(16).padStart(64, "0");
@@ -3050,18 +3206,17 @@ program.command("create_account").description("Create a MetaMask smart account a
       if (useHardwareKey) {
         console.log(`Creating Secure Enclave-backed smart account on ${chain}...`);
         const { address, keyTag, publicKeyX, publicKeyY, keyId } = await createSmartAccountWithSecureEnclave(chain);
-        const config2 = await loadConfig();
-        config2.signer_type = "secureEnclave";
-        config2.smart_account_address = address;
-        config2.chain = chain;
-        config2.secure_enclave = {
+        config.signer_type = "secureEnclave";
+        config.smart_account_address = address;
+        config.chain = chain;
+        config.secure_enclave = {
           key_tag: keyTag,
           public_key_x: publicKeyX,
           public_key_y: publicKeyY,
           key_id: keyId
         };
-        delete config2.private_key;
-        await saveConfig(config2);
+        delete config.private_key;
+        await saveConfig(config);
         console.log("Secure Enclave smart account created successfully.");
         console.log(`Address: ${address}`);
         console.log(`Key tag: ${keyTag}`);
@@ -3075,12 +3230,11 @@ program.command("create_account").description("Create a MetaMask smart account a
         console.log(`Creating smart account on ${chain}...`);
         const privateKey = generatePrivateKey();
         const { address } = await createSmartAccount(privateKey, chain);
-        const config2 = await loadConfig();
-        config2.private_key = privateKey;
-        config2.signer_type = "privateKey";
-        config2.smart_account_address = address;
-        config2.chain = chain;
-        await saveConfig(config2);
+        config.private_key = privateKey;
+        config.signer_type = "privateKey";
+        config.smart_account_address = address;
+        config.chain = chain;
+        await saveConfig(config);
         console.log("Smart account created successfully.");
         console.log(`Address: ${address}`);
         console.log(`Config saved to: ${CONFIG_PATH}`);
@@ -3207,10 +3361,7 @@ program.command("send_prompt").description("Send a prompt to CoinFello, creating
     });
     let sig = signature;
     const chain = resolveChainInput(config.chain);
-    const publicClient = createPublicClient({
-      chain,
-      transport: http()
-    });
+    const publicClient = createPublicClient(chain);
     const code = await publicClient.getCode({ address: smartAccount.address });
     const isDeployed = !!(code && code !== "0x");
     if (!isDeployed) {
@@ -3241,4 +3392,44 @@ program.command("send_prompt").description("Send a prompt to CoinFello, creating
     process.exit(1);
   }
 });
+const signerDaemon = program.command("signer-daemon").description("Manage the Secure Enclave signing daemon");
+signerDaemon.command("start").description("Start the signing daemon (authenticates via Touch ID / password once)").action(async () => {
+  try {
+    const running = await isDaemonRunning();
+    if (running) {
+      console.log("Signing daemon is already running.");
+      return;
+    }
+    console.log("Starting signing daemon (authenticate when prompted)...");
+    const { pid, socket } = await startDaemon();
+    console.log(`Signing daemon started.`);
+    console.log(`PID: ${pid}`);
+    console.log(`Socket: ${socket}`);
+  } catch (err) {
+    console.error(`Failed to start daemon: ${err.message}`);
+    process.exit(1);
+  }
+});
+signerDaemon.command("stop").description("Stop the signing daemon").action(async () => {
+  try {
+    const running = await isDaemonRunning();
+    if (!running) {
+      console.log("Signing daemon is not running.");
+      return;
+    }
+    await stopDaemon();
+    console.log("Signing daemon stopped.");
+  } catch (err) {
+    console.error(`Failed to stop daemon: ${err.message}`);
+    process.exit(1);
+  }
+});
+signerDaemon.command("status").description("Check if the signing daemon is running").action(async () => {
+  const running = await isDaemonRunning();
+  if (running) {
+    console.log("Signing daemon is running.");
+  } else {
+    console.log("Signing daemon is not running.");
+  }
+});
 program.parse();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coinfello/agent-cli",
-  "version": "0.1.11",
+  "version": "0.1.13",
   "description": "",
   "type": "module",
   "main": "dist/index.js",