@commit451/salamander 1.1.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +42 -55
- package/bin/salamander.js +1 -1
- package/dist/commands/create-runner.d.ts.map +1 -1
- package/dist/commands/create-runner.js +18 -3
- package/dist/commands/create-runner.js.map +1 -1
- package/dist/commands/delete-runner.d.ts.map +1 -1
- package/dist/commands/delete-runner.js +6 -0
- package/dist/commands/delete-runner.js.map +1 -1
- package/dist/commands/runner-selection.d.ts.map +1 -1
- package/dist/commands/runner-selection.js +2 -2
- package/dist/commands/runner-selection.js.map +1 -1
- package/dist/services/api.d.ts +3 -0
- package/dist/services/api.d.ts.map +1 -1
- package/dist/services/api.js.map +1 -1
- package/dist/services/auth.js +36 -36
- package/dist/services/command-listener.d.ts +5 -0
- package/dist/services/command-listener.d.ts.map +1 -1
- package/dist/services/command-listener.js +89 -3
- package/dist/services/command-listener.js.map +1 -1
- package/dist/services/executor.d.ts +2 -0
- package/dist/services/executor.d.ts.map +1 -1
- package/dist/services/executor.js +45 -3
- package/dist/services/executor.js.map +1 -1
- package/dist/services/runner.d.ts +2 -1
- package/dist/services/runner.d.ts.map +1 -1
- package/dist/services/runner.js +22 -3
- package/dist/services/runner.js.map +1 -1
- package/dist/types/runner.d.ts +1 -0
- package/dist/types/runner.d.ts.map +1 -1
- package/package.json +52 -52
- package/dist/services/crypto.d.ts +0 -52
- package/dist/services/crypto.d.ts.map +0 -1
- package/dist/services/crypto.js +0 -104
- package/dist/services/crypto.js.map +0 -1
- package/dist/services/key-manager.d.ts +0 -45
- package/dist/services/key-manager.d.ts.map +0 -1
- package/dist/services/key-manager.js +0 -123
- package/dist/services/key-manager.js.map +0 -1
- package/dist/services/multi-device-key-manager.d.ts +0 -56
- package/dist/services/multi-device-key-manager.d.ts.map +0 -1
- package/dist/services/multi-device-key-manager.js +0 -159
- package/dist/services/multi-device-key-manager.js.map +0 -1
|
@@ -1,159 +0,0 @@
|
|
|
1
|
-
import { CryptoService } from './crypto.js';
|
|
2
|
-
import { StorageService } from '../utils/storage.js';
|
|
3
|
-
export class MultiDeviceKeyManagerService {
|
|
4
|
-
static KEYS_STORAGE_KEY = 'salamander_multi_device_keys';
|
|
5
|
-
static KEY_EXPIRY_DAYS = 30;
|
|
6
|
-
/**
|
|
7
|
-
* Initialize keys for a new runner (CLI side)
|
|
8
|
-
*/
|
|
9
|
-
static async initializeRunnerKeys(runnerId) {
|
|
10
|
-
const ecdhKeyPair = CryptoService.generateECDHKeyPair();
|
|
11
|
-
const keyData = {
|
|
12
|
-
ecdhKeyPair,
|
|
13
|
-
sharedSecrets: {},
|
|
14
|
-
keyHashes: {},
|
|
15
|
-
createdAt: Date.now()
|
|
16
|
-
};
|
|
17
|
-
await this.storeRunnerKeys(runnerId, keyData);
|
|
18
|
-
return ecdhKeyPair;
|
|
19
|
-
}
|
|
20
|
-
/**
|
|
21
|
-
* Register a new device and derive shared secret
|
|
22
|
-
*/
|
|
23
|
-
static async registerDevice(runnerId, deviceKey) {
|
|
24
|
-
const keyData = await this.getRunnerKeys(runnerId);
|
|
25
|
-
if (!keyData) {
|
|
26
|
-
throw new Error(`No keys found for runner ${runnerId}`);
|
|
27
|
-
}
|
|
28
|
-
// Derive shared secret with this device
|
|
29
|
-
const sharedSecret = CryptoService.deriveSharedSecret(keyData.ecdhKeyPair.privateKey, deviceKey.publicKey);
|
|
30
|
-
const keyHash = CryptoService.createKeyHash(sharedSecret);
|
|
31
|
-
// Verify the key hash matches what the device expects
|
|
32
|
-
if (keyHash !== deviceKey.keyHash) {
|
|
33
|
-
throw new Error('Key hash mismatch during device registration');
|
|
34
|
-
}
|
|
35
|
-
// Store the shared secret for this device
|
|
36
|
-
keyData.sharedSecrets[deviceKey.deviceId] = sharedSecret;
|
|
37
|
-
keyData.keyHashes[deviceKey.deviceId] = keyHash;
|
|
38
|
-
await this.storeRunnerKeys(runnerId, keyData);
|
|
39
|
-
console.log(`✓ Device ${deviceKey.deviceId} registered for runner ${runnerId}`);
|
|
40
|
-
return sharedSecret;
|
|
41
|
-
}
|
|
42
|
-
/**
|
|
43
|
-
* Remove a device from the runner
|
|
44
|
-
*/
|
|
45
|
-
static async removeDevice(runnerId, deviceId) {
|
|
46
|
-
const keyData = await this.getRunnerKeys(runnerId);
|
|
47
|
-
if (!keyData) {
|
|
48
|
-
return; // No keys to clean up
|
|
49
|
-
}
|
|
50
|
-
delete keyData.sharedSecrets[deviceId];
|
|
51
|
-
delete keyData.keyHashes[deviceId];
|
|
52
|
-
await this.storeRunnerKeys(runnerId, keyData);
|
|
53
|
-
console.log(`Device ${deviceId} removed from runner ${runnerId}`);
|
|
54
|
-
}
|
|
55
|
-
/**
|
|
56
|
-
* Get shared secret for specific device
|
|
57
|
-
*/
|
|
58
|
-
static async getSharedSecret(runnerId, deviceId) {
|
|
59
|
-
const keyData = await this.getRunnerKeys(runnerId);
|
|
60
|
-
if (!keyData) {
|
|
61
|
-
return null;
|
|
62
|
-
}
|
|
63
|
-
// Check if keys are expired
|
|
64
|
-
const daysSinceCreation = (Date.now() - keyData.createdAt) / (1000 * 60 * 60 * 24);
|
|
65
|
-
if (daysSinceCreation > this.KEY_EXPIRY_DAYS) {
|
|
66
|
-
console.warn(`Keys for runner ${runnerId} have expired. Consider key rotation.`);
|
|
67
|
-
}
|
|
68
|
-
return keyData.sharedSecrets[deviceId] || null;
|
|
69
|
-
}
|
|
70
|
-
/**
|
|
71
|
-
* Get all registered device IDs for a runner
|
|
72
|
-
*/
|
|
73
|
-
static async getRegisteredDevices(runnerId) {
|
|
74
|
-
const keyData = await this.getRunnerKeys(runnerId);
|
|
75
|
-
if (!keyData) {
|
|
76
|
-
return [];
|
|
77
|
-
}
|
|
78
|
-
return Object.keys(keyData.sharedSecrets);
|
|
79
|
-
}
|
|
80
|
-
/**
|
|
81
|
-
* Encrypt command for specific device
|
|
82
|
-
*/
|
|
83
|
-
static async encryptForDevice(runnerId, deviceId, command) {
|
|
84
|
-
const sharedSecret = await this.getSharedSecret(runnerId, deviceId);
|
|
85
|
-
if (!sharedSecret) {
|
|
86
|
-
throw new Error(`No shared secret found for device ${deviceId} on runner ${runnerId}`);
|
|
87
|
-
}
|
|
88
|
-
return CryptoService.safeEncrypt(command, sharedSecret);
|
|
89
|
-
}
|
|
90
|
-
/**
|
|
91
|
-
* Encrypt command for all registered devices
|
|
92
|
-
*/
|
|
93
|
-
static async encryptForAllDevices(runnerId, command) {
|
|
94
|
-
const keyData = await this.getRunnerKeys(runnerId);
|
|
95
|
-
if (!keyData) {
|
|
96
|
-
throw new Error(`No keys found for runner ${runnerId}`);
|
|
97
|
-
}
|
|
98
|
-
const encryptedCommands = {};
|
|
99
|
-
for (const [deviceId, sharedSecret] of Object.entries(keyData.sharedSecrets)) {
|
|
100
|
-
try {
|
|
101
|
-
encryptedCommands[deviceId] = CryptoService.safeEncrypt(command, sharedSecret);
|
|
102
|
-
}
|
|
103
|
-
catch (error) {
|
|
104
|
-
console.warn(`Failed to encrypt command for device ${deviceId}: ${error}`);
|
|
105
|
-
}
|
|
106
|
-
}
|
|
107
|
-
if (Object.keys(encryptedCommands).length === 0) {
|
|
108
|
-
throw new Error(`No devices registered for runner ${runnerId}`);
|
|
109
|
-
}
|
|
110
|
-
return encryptedCommands;
|
|
111
|
-
}
|
|
112
|
-
/**
|
|
113
|
-
* Decrypt command from specific device
|
|
114
|
-
*/
|
|
115
|
-
static async decryptFromDevice(runnerId, deviceId, encryptedCommand) {
|
|
116
|
-
const sharedSecret = await this.getSharedSecret(runnerId, deviceId);
|
|
117
|
-
if (!sharedSecret) {
|
|
118
|
-
throw new Error(`No shared secret found for device ${deviceId} on runner ${runnerId}`);
|
|
119
|
-
}
|
|
120
|
-
return CryptoService.safeDecrypt(encryptedCommand, sharedSecret);
|
|
121
|
-
}
|
|
122
|
-
/**
|
|
123
|
-
* Check if runner has any registered devices
|
|
124
|
-
*/
|
|
125
|
-
static async hasRegisteredDevices(runnerId) {
|
|
126
|
-
const devices = await this.getRegisteredDevices(runnerId);
|
|
127
|
-
return devices.length > 0;
|
|
128
|
-
}
|
|
129
|
-
/**
|
|
130
|
-
* Clean up all keys for a runner
|
|
131
|
-
*/
|
|
132
|
-
static async removeRunnerKeys(runnerId) {
|
|
133
|
-
const allKeys = await this.getAllStoredKeys();
|
|
134
|
-
delete allKeys[runnerId];
|
|
135
|
-
await StorageService.set(this.KEYS_STORAGE_KEY, allKeys);
|
|
136
|
-
console.log(`Cleaned up all keys for runner ${runnerId}`);
|
|
137
|
-
}
|
|
138
|
-
/**
|
|
139
|
-
* Get CLI's public key for a runner
|
|
140
|
-
*/
|
|
141
|
-
static async getCliPublicKey(runnerId) {
|
|
142
|
-
const keyData = await this.getRunnerKeys(runnerId);
|
|
143
|
-
return keyData?.ecdhKeyPair.publicKey || null;
|
|
144
|
-
}
|
|
145
|
-
// Private helper methods
|
|
146
|
-
static async getRunnerKeys(runnerId) {
|
|
147
|
-
const allKeys = await this.getAllStoredKeys();
|
|
148
|
-
return allKeys[runnerId] || null;
|
|
149
|
-
}
|
|
150
|
-
static async storeRunnerKeys(runnerId, keys) {
|
|
151
|
-
const allKeys = await this.getAllStoredKeys();
|
|
152
|
-
allKeys[runnerId] = keys;
|
|
153
|
-
await StorageService.set(this.KEYS_STORAGE_KEY, allKeys);
|
|
154
|
-
}
|
|
155
|
-
static async getAllStoredKeys() {
|
|
156
|
-
return (await StorageService.get(this.KEYS_STORAGE_KEY)) ?? {};
|
|
157
|
-
}
|
|
158
|
-
}
|
|
159
|
-
//# sourceMappingURL=multi-device-key-manager.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"multi-device-key-manager.js","sourceRoot":"","sources":["../../src/services/multi-device-key-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,aAAa,EAAC,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAC,cAAc,EAAC,MAAM,qBAAqB,CAAC;AAUnD,MAAM,OAAO,4BAA4B;IAC7B,MAAM,CAAU,gBAAgB,GAAG,8BAA8B,CAAC;IAClE,MAAM,CAAU,eAAe,GAAG,EAAE,CAAC;IAE7C;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,QAAgB;QAC9C,MAAM,WAAW,GAAG,aAAa,CAAC,mBAAmB,EAAE,CAAC;QAExD,MAAM,OAAO,GAAkB;YAC3B,WAAW;YACX,aAAa,EAAE,EAAE;YACjB,SAAS,EAAE,EAAE;YACb,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACxB,CAAC;QAEF,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9C,OAAO,WAAW,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,QAAgB,EAAE,SAAoB;QAC9D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACnD,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,4BAA4B,QAAQ,EAAE,CAAC,CAAC;QAC5D,CAAC;QAED,wCAAwC;QACxC,MAAM,YAAY,GAAG,aAAa,CAAC,kBAAkB,CACjD,OAAO,CAAC,WAAW,CAAC,UAAU,EAC9B,SAAS,CAAC,SAAS,CACtB,CAAC;QAEF,MAAM,OAAO,GAAG,aAAa,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;QAE1D,sDAAsD;QACtD,IAAI,OAAO,KAAK,SAAS,CAAC,OAAO,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;QACpE,CAAC;QAED,0CAA0C;QAC1C,OAAO,CAAC,aAAa,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,YAAY,CAAC;QACzD,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,OAAO,CAAC;QAEhD,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAE9C,OAAO,CAAC,GAAG,CAAC,YAAY,SAAS,CAAC,QAAQ,0BAA0B,QAAQ,EAAE,CAAC,CAAC;QAChF,OAAO,YAAY,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,QAAgB;QACxD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACnD,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,OAAO,CAAC,sBAAsB;QAClC,CAAC;QAED,OAAO,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACvC,OAAO,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAEnC,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,UAAU,QAAQ,wBAAwB,QAAQ,EAAE,CAAC,CAAC;IACtE,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,QAAgB,EAAE,QAAgB;QAC3D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACnD,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,4BAA4B;QAC5B,MAAM,iBAAiB,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;QACnF,IAAI,iBAAiB,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;YAC3C,OAAO,CAAC,IAAI,CAAC,mBAAmB,QAAQ,uCAAuC,CAAC,CAAC;QACrF,CAAC;QAED,OAAO,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;IACnD,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,QAAgB;QAC9C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACnD,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,OAAO,EAAE,CAAC;QACd,CAAC;QAED,OAAO,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC,QAAgB,EAAE,QAAgB,EAAE,OAAe;QAC7E,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACpE,IAAI,CAAC,YAAY,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,qCAAqC,QAAQ,cAAc,QAAQ,EAAE,CAAC,CAAC;QAC3F,CAAC;QAED,OAAO,aAAa,CAAC,WAAW,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IAC5D,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,QAAgB,EAAE,OAAe;QAC/D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACnD,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,4BAA4B,QAAQ,EAAE,CAAC,CAAC;QAC5D,CAAC;QAED,MAAM,iBAAiB,GAA2B,EAAE,CAAC;QAErD,KAAK,MAAM,CAAC,QAAQ,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;YAC3E,IAAI,CAAC;gBACD,iBAAiB,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,WAAW,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;YACnF,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,OAAO,CAAC,IAAI,CAAC,wCAAwC,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAC;YAC/E,CAAC;QACL,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,oCAAoC,QAAQ,EAAE,CAAC,CAAC;QACpE,CAAC;QAED,OAAO,iBAAiB,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,QAAgB,EAAE,QAAgB,EAAE,gBAAwB;QACvF,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACpE,IAAI,CAAC,YAAY,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,qCAAqC,QAAQ,cAAc,QAAQ,EAAE,CAAC,CAAC;QAC3F,CAAC;QAED,OAAO,aAAa,CAAC,WAAW,CAAC,gBAAgB,EAAE,YAAY,CAAC,CAAC;IACrE,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,QAAgB;QAC9C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAC;QAC1D,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC,QAAgB;QAC1C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9C,OAAO,OAAO,CAAC,QAAQ,CAAC,CAAC;QACzB,MAAM,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;QACzD,OAAO,CAAC,GAAG,CAAC,kCAAkC,QAAQ,EAAE,CAAC,CAAC;IAC9D,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,QAAgB;QACzC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACnD,OAAO,OAAO,EAAE,WAAW,CAAC,SAAS,IAAI,IAAI,CAAC;IAClD,CAAC;IAED,yBAAyB;IAEjB,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,QAAgB;QAC/C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9C,OAAO,OAAO,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;IACrC,CAAC;IAEO,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,QAAgB,EAAE,IAAmB;QACtE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9C,OAAO,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC;QACzB,MAAM,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;IAC7D,CAAC;IAEO,MAAM,CAAC,KAAK,CAAC,gBAAgB;QACjC,OAAO,CAAC,MAAM,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,EAAE,CAAC;IACnE,CAAC"}
|