@did-btcr2/cli 0.10.2 → 0.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/.tsbuildinfo +1 -1
- package/dist/cjs/index.js +889 -43
- package/dist/esm/src/cli.js +30 -12
- package/dist/esm/src/cli.js.map +1 -1
- package/dist/esm/src/commands/completion.js +36 -0
- package/dist/esm/src/commands/completion.js.map +1 -0
- package/dist/esm/src/commands/config.js +69 -0
- package/dist/esm/src/commands/config.js.map +1 -0
- package/dist/esm/src/commands/deactivate.js +21 -8
- package/dist/esm/src/commands/deactivate.js.map +1 -1
- package/dist/esm/src/commands/index.js +4 -0
- package/dist/esm/src/commands/index.js.map +1 -1
- package/dist/esm/src/commands/key.js +175 -0
- package/dist/esm/src/commands/key.js.map +1 -0
- package/dist/esm/src/commands/profile.js +63 -0
- package/dist/esm/src/commands/profile.js.map +1 -0
- package/dist/esm/src/commands/update.js +19 -9
- package/dist/esm/src/commands/update.js.map +1 -1
- package/dist/esm/src/config.js +100 -13
- package/dist/esm/src/config.js.map +1 -1
- package/dist/esm/src/keystore/atomic.js +64 -0
- package/dist/esm/src/keystore/atomic.js.map +1 -0
- package/dist/esm/src/keystore/envelope.js +123 -0
- package/dist/esm/src/keystore/envelope.js.map +1 -0
- package/dist/esm/src/keystore/error.js +16 -0
- package/dist/esm/src/keystore/error.js.map +1 -0
- package/dist/esm/src/keystore/file-backed-key-manager.js +78 -0
- package/dist/esm/src/keystore/file-backed-key-manager.js.map +1 -0
- package/dist/esm/src/keystore/file-key-store.js +184 -0
- package/dist/esm/src/keystore/file-key-store.js.map +1 -0
- package/dist/esm/src/keystore/passphrase.js +87 -0
- package/dist/esm/src/keystore/passphrase.js.map +1 -0
- package/dist/esm/src/keystore/paths.js +20 -0
- package/dist/esm/src/keystore/paths.js.map +1 -0
- package/dist/esm/src/keystore/resolve-key-ref.js +47 -0
- package/dist/esm/src/keystore/resolve-key-ref.js.map +1 -0
- package/dist/types/src/cli.d.ts +6 -2
- package/dist/types/src/cli.d.ts.map +1 -1
- package/dist/types/src/commands/completion.d.ts +5 -0
- package/dist/types/src/commands/completion.d.ts.map +1 -0
- package/dist/types/src/commands/config.d.ts +5 -0
- package/dist/types/src/commands/config.d.ts.map +1 -0
- package/dist/types/src/commands/deactivate.d.ts.map +1 -1
- package/dist/types/src/commands/index.d.ts +4 -0
- package/dist/types/src/commands/index.d.ts.map +1 -1
- package/dist/types/src/commands/key.d.ts +10 -0
- package/dist/types/src/commands/key.d.ts.map +1 -0
- package/dist/types/src/commands/profile.d.ts +5 -0
- package/dist/types/src/commands/profile.d.ts.map +1 -0
- package/dist/types/src/commands/update.d.ts.map +1 -1
- package/dist/types/src/config.d.ts +50 -7
- package/dist/types/src/config.d.ts.map +1 -1
- package/dist/types/src/keystore/atomic.d.ts +19 -0
- package/dist/types/src/keystore/atomic.d.ts.map +1 -0
- package/dist/types/src/keystore/envelope.d.ts +64 -0
- package/dist/types/src/keystore/envelope.d.ts.map +1 -0
- package/dist/types/src/keystore/error.d.ts +14 -0
- package/dist/types/src/keystore/error.d.ts.map +1 -0
- package/dist/types/src/keystore/file-backed-key-manager.d.ts +41 -0
- package/dist/types/src/keystore/file-backed-key-manager.d.ts.map +1 -0
- package/dist/types/src/keystore/file-key-store.d.ts +52 -0
- package/dist/types/src/keystore/file-key-store.d.ts.map +1 -0
- package/dist/types/src/keystore/passphrase.d.ts +20 -0
- package/dist/types/src/keystore/passphrase.d.ts.map +1 -0
- package/dist/types/src/keystore/paths.d.ts +13 -0
- package/dist/types/src/keystore/paths.d.ts.map +1 -0
- package/dist/types/src/keystore/resolve-key-ref.d.ts +19 -0
- package/dist/types/src/keystore/resolve-key-ref.d.ts.map +1 -0
- package/dist/types/src/types.d.ts +91 -0
- package/dist/types/src/types.d.ts.map +1 -1
- package/package.json +9 -4
- package/src/cli.ts +36 -11
- package/src/commands/completion.ts +40 -0
- package/src/commands/config.ts +84 -0
- package/src/commands/deactivate.ts +25 -12
- package/src/commands/index.ts +4 -0
- package/src/commands/key.ts +193 -0
- package/src/commands/profile.ts +65 -0
- package/src/commands/update.ts +23 -13
- package/src/config.ts +144 -22
- package/src/keystore/atomic.ts +73 -0
- package/src/keystore/envelope.ts +172 -0
- package/src/keystore/error.ts +16 -0
- package/src/keystore/file-backed-key-manager.ts +99 -0
- package/src/keystore/file-key-store.ts +242 -0
- package/src/keystore/passphrase.ts +99 -0
- package/src/keystore/paths.ts +20 -0
- package/src/keystore/resolve-key-ref.ts +62 -0
- package/src/types.ts +30 -11
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"file-key-store.js","sourceRoot":"","sources":["../../../../src/keystore/file-key-store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC5E,OAAO,EAAE,oBAAoB,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnF,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC3C,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAEjD,oDAAoD;AACpD,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAU,CAAC;AAkC3C;;;;;;;;;;GAUG;AACH,MAAM,OAAO,YAAY;IACd,KAAK,CAAS;IACd,cAAc,CAAe;IAC7B,YAAY,CAAc;IAC1B,MAAM,GAAmC,IAAI,GAAG,EAAE,CAAC;IAC5D,OAAO,CAAqB;IAE5B,YAAY,OAA4B;QACtC,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,IAAI,IAAI,mBAAmB,EAAE,CAAC;QACnD,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,aAAa,CAAC;QAC5C,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,WAAW,IAAI,oBAAoB,CAAC;QAChE,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,KAAK,CAAC,CAAC;QACtC,IAAI,CAAC,KAAK,EAAE,CAAC;IACf,CAAC;IAED,KAAK;QACH,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC;YAAE,OAAO;QACpC,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC9B,IAAI,MAAoB,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,CAAiB,CAAC;QACzE,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,aAAa,CACrB,eAAe,IAAI,CAAC,KAAK,4BAA4B,EACrD,wBAAwB,EACxB,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,EAAE,CACrB,CAAC;QACJ,CAAC;QACD,IAAI,MAAM,CAAC,CAAC,KAAK,gBAAgB,EAAE,CAAC;YAClC,MAAM,IAAI,aAAa,CACrB,iCAAiC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,EACpD,wBAAwB,EACxB,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,EAAE,CACtB,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC;QAC7B,KAAK,MAAM,CAAE,EAAE,EAAE,MAAM,CAAE,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,EAAE,CAAC;YAC/D,IAAI,SAAqB,CAAC;YAC1B,IAAI,CAAC;gBACH,IAAI,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ;oBAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;gBAC/E,SAAS,GAAG,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACtD,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,IAAI,aAAa,CACrB,kBAAkB,EAAE,8BAA8B,EAClD,wBAAwB,EACxB,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,CAChC,CAAC;YACJ,CAAC;YACD,IAAI,SAAS,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;gBAC5B,MAAM,IAAI,aAAa,CACrB,kBAAkB,EAAE,UAAU,SAAS,CAAC,MAAM,gCAAgC,EAC9E,wBAAwB,EACxB,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,CAChC,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE;gBAClB,SAAS;gBACT,GAAG,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;gBACzC,GAAG,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;aAChD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM;QACJ,MAAM,IAAI,GAA8B,EAAE,CAAC;QAC3C,KAAK,MAAM,CAAE,EAAE,EAAE,KAAK,CAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YACxC,IAAI,CAAC,EAAE,CAAC,GAAG;gBACT,SAAS,EAAG,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC;gBAClD,GAAG,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC;gBACvC,GAAG,CAAC,KAAK,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC;aAC9C,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAiB;YACzB,CAAC,EAAG,gBAAgB;YACpB,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC;YAC7C,IAAI;SACL,CAAC;QACF,eAAe,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC3E,CAAC;IAED,GAAG,CAAC,EAAiB;QACnB,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClC,IAAI,CAAC,KAAK;YAAE,OAAO,SAAS,CAAC;QAC7B,MAAM,MAAM,GAAa;YACvB,SAAS,EAAG,KAAK,CAAC,SAAS;YAC3B,GAAG,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC;SACxC,CAAC;QACF,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YACjB,uEAAuE;YACvE,uEAAuE;YACvE,0EAA0E;YAC1E,0EAA0E;YAC1E,sBAAsB;YACtB,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;YAC5B,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,WAAW,EAAE;gBACzC,YAAY,EAAG,IAAI;gBACnB,UAAU,EAAK,KAAK;gBACpB,GAAG,EAAY,GAAe,EAAE;oBAC9B,KAAK,CAAC,SAAS,KAAK,aAAa,CAAC,MAAM,EAAE,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;oBACjE,OAAO,KAAK,CAAC,SAAS,CAAC;gBACzB,CAAC;aACF,CAAC,CAAC;QACL,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,GAAG,CAAC,EAAiB;QACnB,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC7B,CAAC;IAED,GAAG,CAAC,EAAiB,EAAE,KAAe;QACpC,MAAM,MAAM,GAAG,KAAK,CAAC,SAAS;YAC5B,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,SAAS,EAAE,IAAI,CAAC,cAAc,EAAE,EAAE,IAAI,CAAC,YAAY,CAAC;YAC1E,CAAC,CAAC,SAAS,CAAC;QACd,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE;YAClB,SAAS,EAAG,KAAK,CAAC,SAAS;YAC3B,GAAG,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC;YACvC,GAAG,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC;YACzB,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC;SACvD,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,EAAE,CAAC;IAChB,CAAC;IAED,MAAM,CAAC,EAAiB;QACtB,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACvC,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,IAAI,CAAC,OAAO,KAAK,EAAE;gBAAE,IAAI,CAAC,OAAO,GAAG,SAAS,CAAC;YAClD,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK;QACH,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QACpB,IAAI,CAAC,OAAO,GAAG,SAAS,CAAC;QACzB,IAAI,CAAC,MAAM,EAAE,CAAC;IAChB,CAAC;IAED,iFAAiF;IACjF,IAAI;QACF,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,CAAC,CAAE,AAAD,EAAG,KAAK,CAAE,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC;IACpD,CAAC;IAED;;;;;;OAMG;IACH,OAAO;QACL,MAAM,GAAG,GAAqC,EAAE,CAAC;QACjD,KAAK,MAAM,CAAE,EAAE,EAAE,KAAK,CAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YACxC,GAAG,CAAC,IAAI,CAAC,CAAE,EAAE,EAAE;oBACb,SAAS,EAAG,KAAK,CAAC,SAAS;oBAC3B,GAAG,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC;iBACxC,CAAE,CAAC,CAAC;QACP,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,KAAK;QACH,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC;YACzC,KAAK,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;YACzB,KAAK,CAAC,SAAS,GAAG,SAAS,CAAC;QAC9B,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;IACtB,CAAC;IAED,wEAAwE;IACxE,SAAS;QACP,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;;OAGG;IACH,SAAS,CAAC,EAA6B;QACrC,IAAI,EAAE,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;YAC7C,MAAM,IAAI,aAAa,CAAC,qCAAqC,EAAE,GAAG,EAAE,qBAAqB,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;QAC5G,CAAC;QACD,IAAI,CAAC,OAAO,GAAG,EAAE,CAAC;QAClB,IAAI,CAAC,MAAM,EAAE,CAAC;IAChB,CAAC;CACF"}
|
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
import { readFileSync, readSync } from 'node:fs';
|
|
2
|
+
import { KeyStoreError } from './error.js';
|
|
3
|
+
/** Environment variable that supplies the keystore passphrase for unattended use. */
|
|
4
|
+
export const ENV_KEYSTORE_PASSPHRASE = 'BTCR2_KEYSTORE_PASSPHRASE';
|
|
5
|
+
/**
|
|
6
|
+
* Acquires a passphrase without ever reading it from a command-line flag value
|
|
7
|
+
* (which would leak into process listings and shell history). Resolution order:
|
|
8
|
+
* the {@link ENV_KEYSTORE_PASSPHRASE} environment variable, a passphrase file,
|
|
9
|
+
* then a non-echoing terminal prompt. Throws if none is available and standard
|
|
10
|
+
* input is not a terminal.
|
|
11
|
+
*/
|
|
12
|
+
export function acquirePassphrase(options = {}) {
|
|
13
|
+
// All sources are normalized identically (at most one trailing newline
|
|
14
|
+
// removed) so the KDF input is source-independent.
|
|
15
|
+
const fromEnv = process.env[ENV_KEYSTORE_PASSPHRASE];
|
|
16
|
+
if (fromEnv)
|
|
17
|
+
return assertNonEmpty(fromEnv.replace(/\r?\n$/, ''));
|
|
18
|
+
if (options.passphraseFile) {
|
|
19
|
+
return assertNonEmpty(readFileSync(options.passphraseFile, 'utf-8').replace(/\r?\n$/, ''));
|
|
20
|
+
}
|
|
21
|
+
if (!process.stdin.isTTY) {
|
|
22
|
+
throw new KeyStoreError(`No passphrase available. Set ${ENV_KEYSTORE_PASSPHRASE}, pass --passphrase-file, or run in a terminal.`, 'PASSPHRASE_REQUIRED_ERROR');
|
|
23
|
+
}
|
|
24
|
+
const passphrase = promptHidden(options.prompt ?? 'Keystore passphrase: ');
|
|
25
|
+
if (options.confirm) {
|
|
26
|
+
const again = promptHidden('Confirm passphrase: ');
|
|
27
|
+
if (passphrase !== again) {
|
|
28
|
+
throw new KeyStoreError('Passphrases did not match.', 'PASSPHRASE_MISMATCH_ERROR');
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
return assertNonEmpty(passphrase);
|
|
32
|
+
}
|
|
33
|
+
/** Rejects an empty or whitespace-only passphrase, which would seal the keystore with no protection. */
|
|
34
|
+
function assertNonEmpty(passphrase) {
|
|
35
|
+
if (passphrase.trim() === '') {
|
|
36
|
+
throw new KeyStoreError('A non-empty keystore passphrase is required.', 'PASSPHRASE_REQUIRED_ERROR');
|
|
37
|
+
}
|
|
38
|
+
return passphrase;
|
|
39
|
+
}
|
|
40
|
+
/**
|
|
41
|
+
* Reads a line from the terminal synchronously without echoing keystrokes.
|
|
42
|
+
* Bytes are accumulated and decoded as UTF-8 so multibyte passphrases survive.
|
|
43
|
+
* This path runs only when standard input is a terminal.
|
|
44
|
+
*/
|
|
45
|
+
function promptHidden(label) {
|
|
46
|
+
process.stderr.write(label);
|
|
47
|
+
const stdin = process.stdin;
|
|
48
|
+
const wasRaw = stdin.isRaw ?? false;
|
|
49
|
+
stdin.setRawMode(true);
|
|
50
|
+
const byte = Buffer.alloc(1);
|
|
51
|
+
const bytes = [];
|
|
52
|
+
try {
|
|
53
|
+
for (;;) {
|
|
54
|
+
let read = 0;
|
|
55
|
+
try {
|
|
56
|
+
read = readSync(stdin.fd, byte, 0, 1, null);
|
|
57
|
+
}
|
|
58
|
+
catch (error) {
|
|
59
|
+
const code = error.code;
|
|
60
|
+
if (code === 'EAGAIN')
|
|
61
|
+
continue; // no byte ready yet on a non-blocking TTY
|
|
62
|
+
if (code === 'EOF')
|
|
63
|
+
break;
|
|
64
|
+
throw error;
|
|
65
|
+
}
|
|
66
|
+
if (read === 0)
|
|
67
|
+
break;
|
|
68
|
+
const ch = byte[0];
|
|
69
|
+
if (ch === 0x0a || ch === 0x0d)
|
|
70
|
+
break; // LF or CR ends the line
|
|
71
|
+
if (ch === 0x03) { // Ctrl-C aborts
|
|
72
|
+
throw new KeyStoreError('Passphrase entry aborted.', 'PASSPHRASE_REQUIRED_ERROR');
|
|
73
|
+
}
|
|
74
|
+
if (ch === 0x7f || ch === 0x08) { // DEL or backspace
|
|
75
|
+
bytes.pop();
|
|
76
|
+
continue;
|
|
77
|
+
}
|
|
78
|
+
bytes.push(ch);
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
finally {
|
|
82
|
+
stdin.setRawMode(wasRaw);
|
|
83
|
+
process.stderr.write('\n');
|
|
84
|
+
}
|
|
85
|
+
return Buffer.from(bytes).toString('utf-8');
|
|
86
|
+
}
|
|
87
|
+
//# sourceMappingURL=passphrase.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"passphrase.js","sourceRoot":"","sources":["../../../../src/keystore/passphrase.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE3C,qFAAqF;AACrF,MAAM,CAAC,MAAM,uBAAuB,GAAG,2BAA2B,CAAC;AAYnE;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB,CAAC,UAA6B,EAAE;IAC/D,uEAAuE;IACvE,mDAAmD;IACnD,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;IACrD,IAAI,OAAO;QAAE,OAAO,cAAc,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC;IAElE,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;QAC3B,OAAO,cAAc,CAAC,YAAY,CAAC,OAAO,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC;IAC7F,CAAC;IAED,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACzB,MAAM,IAAI,aAAa,CACrB,gCAAgC,uBAAuB,iDAAiD,EACxG,2BAA2B,CAC5B,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,YAAY,CAAC,OAAO,CAAC,MAAM,IAAI,uBAAuB,CAAC,CAAC;IAC3E,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,KAAK,GAAG,YAAY,CAAC,sBAAsB,CAAC,CAAC;QACnD,IAAI,UAAU,KAAK,KAAK,EAAE,CAAC;YACzB,MAAM,IAAI,aAAa,CAAC,4BAA4B,EAAE,2BAA2B,CAAC,CAAC;QACrF,CAAC;IACH,CAAC;IACD,OAAO,cAAc,CAAC,UAAU,CAAC,CAAC;AACpC,CAAC;AAED,wGAAwG;AACxG,SAAS,cAAc,CAAC,UAAkB;IACxC,IAAI,UAAU,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QAC7B,MAAM,IAAI,aAAa,CAAC,8CAA8C,EAAE,2BAA2B,CAAC,CAAC;IACvG,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;;GAIG;AACH,SAAS,YAAY,CAAC,KAAa;IACjC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC5B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAC5B,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC;IACpC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACvB,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC7B,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,CAAC;QACH,SAAS,CAAC;YACR,IAAI,IAAI,GAAG,CAAC,CAAC;YACb,IAAI,CAAC;gBACH,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;YAC9C,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,IAAI,GAAI,KAA2B,CAAC,IAAI,CAAC;gBAC/C,IAAI,IAAI,KAAK,QAAQ;oBAAE,SAAS,CAAC,0CAA0C;gBAC3E,IAAI,IAAI,KAAK,KAAK;oBAAE,MAAM;gBAC1B,MAAM,KAAK,CAAC;YACd,CAAC;YACD,IAAI,IAAI,KAAK,CAAC;gBAAE,MAAM;YACtB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YACnB,IAAI,EAAE,KAAK,IAAI,IAAI,EAAE,KAAK,IAAI;gBAAE,MAAM,CAAC,yBAAyB;YAChE,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,gBAAgB;gBACjC,MAAM,IAAI,aAAa,CAAC,2BAA2B,EAAE,2BAA2B,CAAC,CAAC;YACpF,CAAC;YACD,IAAI,EAAE,KAAK,IAAI,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,mBAAmB;gBACnD,KAAK,CAAC,GAAG,EAAE,CAAC;gBACZ,SAAS;YACX,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;YAAS,CAAC;QACT,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AAC9C,CAAC"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import { homedir } from 'node:os';
|
|
2
|
+
import { join } from 'node:path';
|
|
3
|
+
/**
|
|
4
|
+
* Default keystore file path, following the XDG Base Directory Specification's
|
|
5
|
+
* data directory. Secret key material is data a user accumulates, so it lives
|
|
6
|
+
* under the data directory, kept separate from the configuration directory used
|
|
7
|
+
* for portable settings.
|
|
8
|
+
*
|
|
9
|
+
* Resolution order:
|
|
10
|
+
* 1. `$XDG_DATA_HOME/btcr2/keystore.json`
|
|
11
|
+
* 2. `%LOCALAPPDATA%/btcr2/keystore.json` (Windows)
|
|
12
|
+
* 3. `~/.local/share/btcr2/keystore.json` (fallback)
|
|
13
|
+
*/
|
|
14
|
+
export function defaultKeystorePath() {
|
|
15
|
+
const base = process.env.XDG_DATA_HOME
|
|
16
|
+
?? process.env.LOCALAPPDATA
|
|
17
|
+
?? join(homedir(), '.local', 'share');
|
|
18
|
+
return join(base, 'btcr2', 'keystore.json');
|
|
19
|
+
}
|
|
20
|
+
//# sourceMappingURL=paths.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"paths.js","sourceRoot":"","sources":["../../../../src/keystore/paths.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC;;;;;;;;;;GAUG;AACH,MAAM,UAAU,mBAAmB;IACjC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa;WACjC,OAAO,CAAC,GAAG,CAAC,YAAY;WACxB,IAAI,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IACxC,OAAO,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,eAAe,CAAC,CAAC;AAC9C,CAAC"}
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
import { CLIError } from '../error.js';
|
|
2
|
+
/** Extracts the 32-hex fingerprint from a `urn:kms:secp256k1:<hex>` identifier. */
|
|
3
|
+
function fingerprintOf(id) {
|
|
4
|
+
return /^urn:kms:secp256k1:([0-9a-f]{32})$/.exec(id)?.[1];
|
|
5
|
+
}
|
|
6
|
+
/**
|
|
7
|
+
* Resolves a user-supplied key reference to a key identifier. Resolution order:
|
|
8
|
+
* 1. No reference: the active key (errors if none is set).
|
|
9
|
+
* 2. Exact URN identifier match.
|
|
10
|
+
* 3. Unique fingerprint-prefix match (against the hex tail of the URN).
|
|
11
|
+
* 4. Unique `name` tag match.
|
|
12
|
+
*
|
|
13
|
+
* Reads only public material (listKeys + getEntry), so resolving a reference
|
|
14
|
+
* never decrypts a secret or prompts for a passphrase.
|
|
15
|
+
*
|
|
16
|
+
* @param kms The key manager to resolve against.
|
|
17
|
+
* @param ref The reference to resolve. When omitted, the active key is used.
|
|
18
|
+
* @returns The resolved key identifier.
|
|
19
|
+
* @throws {CLIError} If no key matches, the reference is ambiguous, or no
|
|
20
|
+
* reference is given and no active key is set.
|
|
21
|
+
*/
|
|
22
|
+
export function resolveKeyRef(kms, ref) {
|
|
23
|
+
if (!ref) {
|
|
24
|
+
if (!kms.activeKeyId) {
|
|
25
|
+
throw new CLIError('No key specified and no active key is set. Use --key <ref> or set one with `btcr2 key use <ref>`.', 'INVALID_ARGUMENT_ERROR');
|
|
26
|
+
}
|
|
27
|
+
return kms.activeKeyId;
|
|
28
|
+
}
|
|
29
|
+
const ids = kms.listKeys();
|
|
30
|
+
if (ids.includes(ref))
|
|
31
|
+
return ref;
|
|
32
|
+
const prefix = ref.toLowerCase();
|
|
33
|
+
const byPrefix = ids.filter(id => fingerprintOf(id)?.startsWith(prefix));
|
|
34
|
+
if (byPrefix.length === 1)
|
|
35
|
+
return byPrefix[0];
|
|
36
|
+
if (byPrefix.length > 1) {
|
|
37
|
+
throw new CLIError(`Ambiguous key reference "${ref}" matches ${byPrefix.length} keys by fingerprint.`, 'KEY_REF_AMBIGUOUS_ERROR', { ref });
|
|
38
|
+
}
|
|
39
|
+
const byName = ids.filter(id => kms.getEntry(id).tags?.name === ref);
|
|
40
|
+
if (byName.length === 1)
|
|
41
|
+
return byName[0];
|
|
42
|
+
if (byName.length > 1) {
|
|
43
|
+
throw new CLIError(`Ambiguous key name "${ref}" matches ${byName.length} keys.`, 'KEY_REF_AMBIGUOUS_ERROR', { ref });
|
|
44
|
+
}
|
|
45
|
+
throw new CLIError(`No key matches reference "${ref}".`, 'KEY_NOT_FOUND_ERROR', { ref });
|
|
46
|
+
}
|
|
47
|
+
//# sourceMappingURL=resolve-key-ref.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resolve-key-ref.js","sourceRoot":"","sources":["../../../../src/keystore/resolve-key-ref.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEvC,mFAAmF;AACnF,SAAS,aAAa,CAAC,EAAiB;IACtC,OAAO,oCAAoC,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;AAC5D,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,aAAa,CAAC,GAAe,EAAE,GAAY;IACzD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YACrB,MAAM,IAAI,QAAQ,CAChB,mGAAmG,EACnG,wBAAwB,CACzB,CAAC;QACJ,CAAC;QACD,OAAO,GAAG,CAAC,WAAW,CAAC;IACzB,CAAC;IAED,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;IAE3B,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IAElC,MAAM,MAAM,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IACjC,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,aAAa,CAAC,EAAE,CAAC,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;IACzE,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC9C,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,QAAQ,CAChB,4BAA4B,GAAG,aAAa,QAAQ,CAAC,MAAM,uBAAuB,EAClF,yBAAyB,EACzB,EAAE,GAAG,EAAE,CACR,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,KAAK,GAAG,CAAC,CAAC;IACrE,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;IAC1C,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,IAAI,QAAQ,CAChB,uBAAuB,GAAG,aAAa,MAAM,CAAC,MAAM,QAAQ,EAC5D,yBAAyB,EACzB,EAAE,GAAG,EAAE,CACR,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,QAAQ,CAAC,6BAA6B,GAAG,IAAI,EAAE,qBAAqB,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;AAC3F,CAAC"}
|
package/dist/types/src/cli.d.ts
CHANGED
|
@@ -13,9 +13,13 @@ export declare class DidBtcr2Cli {
|
|
|
13
13
|
* {@link defaultApiFactory} which uses public endpoints (mempool.space)
|
|
14
14
|
* for known networks and localhost Polar for regtest.
|
|
15
15
|
*
|
|
16
|
-
* @param factory - Optional API factory
|
|
16
|
+
* @param factory - Optional API factory for keystore-free commands (create,
|
|
17
|
+
* resolve). Defaults to {@link defaultApiFactory}.
|
|
18
|
+
* @param keystoreFactory - Optional keystore-aware API factory for commands
|
|
19
|
+
* that need a signing identity (key, update, deactivate). Defaults to
|
|
20
|
+
* {@link keystoreApiFactory}.
|
|
17
21
|
*/
|
|
18
|
-
constructor(factory?: ApiFactory);
|
|
22
|
+
constructor(factory?: ApiFactory, keystoreFactory?: ApiFactory);
|
|
19
23
|
/**
|
|
20
24
|
* Runs the CLI with the provided argv or process.argv.
|
|
21
25
|
* @param {string[]} [argv] - Optional array of command-line arguments.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../../../src/cli.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../../../src/cli.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAkB,MAAM,WAAW,CAAC;AAWpD,OAAO,EAAyC,KAAK,UAAU,EAAE,MAAM,aAAa,CAAC;AAIrF;;GAEG;AACH,qBAAa,WAAW;IACtB,SAAgB,OAAO,EAAE,OAAO,CAAC;IAEjC;;;;;;;;;;;;;OAaG;gBAED,OAAO,GAAE,UAA8B,EACvC,eAAe,GAAE,UAA+B;IA+BlD;;;;OAIG;IACU,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;CASjD"}
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
import type { Command } from 'commander';
|
|
2
|
+
import type { GlobalOptions } from '../types.js';
|
|
3
|
+
/** Registers the `completion` command, which prints a shell completion script to stdout. */
|
|
4
|
+
export declare function registerCompletionCommand(program: Command, _globals: () => GlobalOptions): void;
|
|
5
|
+
//# sourceMappingURL=completion.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"completion.d.ts","sourceRoot":"","sources":["../../../../src/commands/completion.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEzC,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAIjD,4FAA4F;AAC5F,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,GAAG,IAAI,CAO/F"}
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
import type { Command } from 'commander';
|
|
2
|
+
import type { GlobalOptions } from '../types.js';
|
|
3
|
+
/** Registers the `config` command group for reading and writing CLI configuration. */
|
|
4
|
+
export declare function registerConfigCommand(program: Command, globals: () => GlobalOptions): void;
|
|
5
|
+
//# sourceMappingURL=config.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../../src/commands/config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAezC,OAAO,KAAK,EAAiB,aAAa,EAAE,MAAM,aAAa,CAAC;AAGhE,sFAAsF;AACtF,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,GAAG,IAAI,CAuD1F"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"deactivate.d.ts","sourceRoot":"","sources":["../../../../src/commands/deactivate.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"deactivate.d.ts","sourceRoot":"","sources":["../../../../src/commands/deactivate.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,EAAiB,KAAK,UAAU,EAAE,MAAM,cAAc,CAAC;AAI9D,OAAO,KAAK,EAAE,aAAa,EAAwB,MAAM,aAAa,CAAC;AAKvE,wBAAgB,yBAAyB,CACvC,OAAO,EAAG,OAAO,EACjB,OAAO,EAAG,UAAU,EACpB,OAAO,EAAG,MAAM,aAAa,GAC5B,IAAI,CAmEN"}
|
|
@@ -2,4 +2,8 @@ export { registerCreateCommand } from './create.js';
|
|
|
2
2
|
export { registerResolveCommand } from './resolve.js';
|
|
3
3
|
export { registerUpdateCommand } from './update.js';
|
|
4
4
|
export { registerDeactivateCommand } from './deactivate.js';
|
|
5
|
+
export { registerKeyCommand } from './key.js';
|
|
6
|
+
export { registerConfigCommand } from './config.js';
|
|
7
|
+
export { registerProfileCommand } from './profile.js';
|
|
8
|
+
export { registerCompletionCommand } from './completion.js';
|
|
5
9
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/commands/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AACtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EAAE,yBAAyB,EAAE,MAAM,iBAAiB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/commands/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AACtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EAAE,yBAAyB,EAAE,MAAM,iBAAiB,CAAC;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AACtD,OAAO,EAAE,yBAAyB,EAAE,MAAM,iBAAiB,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import type { Command } from 'commander';
|
|
2
|
+
import type { ApiFactory } from '../config.js';
|
|
3
|
+
import type { GlobalOptions } from '../types.js';
|
|
4
|
+
/**
|
|
5
|
+
* Registers the `key` command group for managing keypairs in the encrypted
|
|
6
|
+
* keystore. All subcommands operate offline (no Bitcoin connection) through the
|
|
7
|
+
* keystore-backed KeyManager injected by the factory.
|
|
8
|
+
*/
|
|
9
|
+
export declare function registerKeyCommand(program: Command, factory: ApiFactory, globals: () => GlobalOptions): void;
|
|
10
|
+
//# sourceMappingURL=key.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"key.d.ts","sourceRoot":"","sources":["../../../../src/commands/key.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEzC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAI/C,OAAO,KAAK,EAAiB,aAAa,EAAE,MAAM,aAAa,CAAC;AAEhE;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAG,OAAO,EACjB,OAAO,EAAG,UAAU,EACpB,OAAO,EAAG,MAAM,aAAa,GAC5B,IAAI,CAgHN"}
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
import type { Command } from 'commander';
|
|
2
|
+
import type { GlobalOptions } from '../types.js';
|
|
3
|
+
/** Registers the `profile` command group for managing configuration profiles. */
|
|
4
|
+
export declare function registerProfileCommand(program: Command, globals: () => GlobalOptions): void;
|
|
5
|
+
//# sourceMappingURL=profile.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"profile.d.ts","sourceRoot":"","sources":["../../../../src/commands/profile.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAIzC,OAAO,KAAK,EAAiB,aAAa,EAAE,MAAM,aAAa,CAAC;AAEhE,iFAAiF;AACjF,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,GAAG,IAAI,CAyD3F"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"update.d.ts","sourceRoot":"","sources":["../../../../src/commands/update.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"update.d.ts","sourceRoot":"","sources":["../../../../src/commands/update.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,EAAiB,KAAK,UAAU,EAAE,MAAM,cAAc,CAAC;AAI9D,OAAO,KAAK,EAAE,aAAa,EAAwB,MAAM,aAAa,CAAC;AAEvE,wBAAgB,qBAAqB,CACnC,OAAO,EAAG,OAAO,EACjB,OAAO,EAAG,UAAU,EACpB,OAAO,EAAG,MAAM,aAAa,GAC5B,IAAI,CAsEN"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { type DidBtcr2Api } from '@did-btcr2/api';
|
|
2
|
-
import { type NetworkOption } from './types.js';
|
|
2
|
+
import { type NetworkOption, type OutputFormat } from './types.js';
|
|
3
3
|
/**
|
|
4
4
|
* Endpoint overrides provided via CLI flags, env vars, or config file.
|
|
5
5
|
* These override the per-network defaults from
|
|
@@ -16,6 +16,10 @@ export type ConnectionOverrides = {
|
|
|
16
16
|
casGateway?: string;
|
|
17
17
|
config?: string;
|
|
18
18
|
profile?: string;
|
|
19
|
+
/** Keystore file path. Overrides the default `$XDG_DATA_HOME/btcr2/keystore.json`. */
|
|
20
|
+
keystore?: string;
|
|
21
|
+
/** Path to a file holding the keystore passphrase (for unattended use). */
|
|
22
|
+
passphraseFile?: string;
|
|
19
23
|
};
|
|
20
24
|
/**
|
|
21
25
|
* On-disk config file schema.
|
|
@@ -41,6 +45,14 @@ export type ConnectionOverrides = {
|
|
|
41
45
|
* ```
|
|
42
46
|
*/
|
|
43
47
|
export type ConfigFile = {
|
|
48
|
+
/** Schema version, stamped on every write for forward compatibility. */
|
|
49
|
+
schemaVersion?: number;
|
|
50
|
+
/** Tool-wide defaults applied when not overridden by a flag or environment variable. */
|
|
51
|
+
defaults?: {
|
|
52
|
+
profile?: string;
|
|
53
|
+
network?: NetworkOption;
|
|
54
|
+
output?: OutputFormat;
|
|
55
|
+
};
|
|
44
56
|
profiles?: Record<string, {
|
|
45
57
|
btc?: {
|
|
46
58
|
rest?: string;
|
|
@@ -51,8 +63,34 @@ export type ConfigFile = {
|
|
|
51
63
|
cas?: {
|
|
52
64
|
gateway?: string;
|
|
53
65
|
};
|
|
66
|
+
/** Signing identity references. Never embeds key material; the secret lives in the keystore. */
|
|
67
|
+
identity?: {
|
|
68
|
+
keystore?: string;
|
|
69
|
+
default?: string;
|
|
70
|
+
};
|
|
71
|
+
/** Aggregation transport and cohort defaults, mirroring the aggregation runner inputs. */
|
|
72
|
+
aggregation?: {
|
|
73
|
+
transport?: 'nostr' | 'http' | 'didcomm';
|
|
74
|
+
relays?: string[];
|
|
75
|
+
httpBaseUrl?: string;
|
|
76
|
+
cohort?: Record<string, unknown>;
|
|
77
|
+
};
|
|
54
78
|
}>;
|
|
55
79
|
};
|
|
80
|
+
/** Current config-file schema version, stamped on every write. */
|
|
81
|
+
export declare const CONFIG_SCHEMA_VERSION = 1;
|
|
82
|
+
/**
|
|
83
|
+
* Read-modify-write a config file, preserving unknown keys. Reads the raw JSON
|
|
84
|
+
* (so keys outside {@link ConfigFile} survive a rewrite), applies `mutate`,
|
|
85
|
+
* stamps the schema version, and writes atomically (file 0600, dir 0700).
|
|
86
|
+
*/
|
|
87
|
+
export declare function writeConfigFile(path: string, mutate: (raw: Record<string, unknown>) => void): void;
|
|
88
|
+
/** Reads the value at a dotted path (e.g. `profiles.regtest.btc.rest`). */
|
|
89
|
+
export declare function getConfigPath(config: Record<string, unknown>, path: string): unknown;
|
|
90
|
+
/** Sets the value at a dotted path, creating intermediate objects. */
|
|
91
|
+
export declare function setConfigPath(config: Record<string, unknown>, path: string, value: unknown): void;
|
|
92
|
+
/** Deletes the value at a dotted path. No-op if the path does not exist. */
|
|
93
|
+
export declare function unsetConfigPath(config: Record<string, unknown>, path: string): void;
|
|
56
94
|
/**
|
|
57
95
|
* Factory function that creates a configured {@link DidBtcr2Api} instance.
|
|
58
96
|
*
|
|
@@ -60,7 +98,7 @@ export type ConfigFile = {
|
|
|
60
98
|
* default Bitcoin endpoints (mempool.space for public networks, localhost
|
|
61
99
|
* Polar for regtest). Optional `overrides` let callers replace individual
|
|
62
100
|
* endpoints on top of the defaults. When `network` is omitted, no Bitcoin
|
|
63
|
-
* or CAS is configured
|
|
101
|
+
* or CAS is configured - suitable for offline operations like `create`.
|
|
64
102
|
*/
|
|
65
103
|
export type ApiFactory = (network?: NetworkOption, overrides?: ConnectionOverrides) => DidBtcr2Api;
|
|
66
104
|
/**
|
|
@@ -108,15 +146,20 @@ export declare function profileToOverrides(config: ConfigFile, profileName: stri
|
|
|
108
146
|
/**
|
|
109
147
|
* Default {@link ApiFactory} backed by network defaults from
|
|
110
148
|
* `@did-btcr2/bitcoin` (mempool.space for public networks, localhost for
|
|
111
|
-
* regtest).
|
|
149
|
+
* regtest). Keystore-free: suitable for offline `create` and read-only
|
|
150
|
+
* `resolve`, which never need a signing identity.
|
|
112
151
|
*
|
|
113
152
|
* Override precedence (highest wins):
|
|
114
|
-
* CLI flags
|
|
115
|
-
*
|
|
116
|
-
* When no `--profile` is given, the network name is used as the profile
|
|
117
|
-
* key (e.g. a regtest DID auto-selects the `"regtest"` profile).
|
|
153
|
+
* CLI flags -> env vars -> config file profile -> network defaults.
|
|
118
154
|
*/
|
|
119
155
|
export declare function defaultApiFactory(network?: NetworkOption, overrides?: ConnectionOverrides): DidBtcr2Api;
|
|
156
|
+
/**
|
|
157
|
+
* Keystore-aware {@link ApiFactory} for commands that need a signing identity
|
|
158
|
+
* (key management, update, deactivate). Identical to {@link defaultApiFactory}
|
|
159
|
+
* for Bitcoin and CAS, plus an injected keystore-backed KeyManager. Offline key
|
|
160
|
+
* commands (no network) still get the keystore.
|
|
161
|
+
*/
|
|
162
|
+
export declare function keystoreApiFactory(network?: NetworkOption, overrides?: ConnectionOverrides): DidBtcr2Api;
|
|
120
163
|
/**
|
|
121
164
|
* Extracts and validates the Bitcoin network from a DID string.
|
|
122
165
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAgD,KAAK,WAAW,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAgD,KAAK,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAUhG,OAAO,EAAsB,KAAK,aAAa,EAAE,KAAK,YAAY,EAAE,MAAM,YAAY,CAAC;AAEvF;;;;;;;GAOG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,CAAC,EAAU,MAAM,CAAC;IACzB,SAAS,CAAC,EAAQ,MAAM,CAAC;IACzB,UAAU,CAAC,EAAO,MAAM,CAAC;IACzB,UAAU,CAAC,EAAO,MAAM,CAAC;IACzB,UAAU,CAAC,EAAO,MAAM,CAAC;IACzB,MAAM,CAAC,EAAW,MAAM,CAAC;IACzB,OAAO,CAAC,EAAU,MAAM,CAAC;IACzB,sFAAsF;IACtF,QAAQ,CAAC,EAAS,MAAM,CAAC;IACzB,2EAA2E;IAC3E,cAAc,CAAC,EAAG,MAAM,CAAC;CAC1B,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,MAAM,UAAU,GAAG;IACvB,wEAAwE;IACxE,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,wFAAwF;IACxF,QAAQ,CAAC,EAAE;QACT,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,aAAa,CAAC;QACxB,MAAM,CAAC,EAAE,YAAY,CAAC;KACvB,CAAC;IACF,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE;QACxB,GAAG,CAAC,EAAE;YACJ,IAAI,CAAC,EAAM,MAAM,CAAC;YAClB,MAAM,CAAC,EAAI,MAAM,CAAC;YAClB,OAAO,CAAC,EAAG,MAAM,CAAC;YAClB,OAAO,CAAC,EAAG,MAAM,CAAC;SACnB,CAAC;QACF,GAAG,CAAC,EAAE;YACJ,OAAO,CAAC,EAAE,MAAM,CAAC;SAClB,CAAC;QACF,gGAAgG;QAChG,QAAQ,CAAC,EAAE;YACT,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,OAAO,CAAC,EAAE,MAAM,CAAC;SAClB,CAAC;QACF,0FAA0F;QAC1F,WAAW,CAAC,EAAE;YACZ,SAAS,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,CAAC;YACzC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;YAClB,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;SAClC,CAAC;KACH,CAAC,CAAC;CACJ,CAAC;AAEF,kEAAkE;AAClE,eAAO,MAAM,qBAAqB,IAAI,CAAC;AAEvC;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,GAAG,IAAI,CAMlG;AAED,2EAA2E;AAC3E,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAKpF;AAED,sEAAsE;AACtE,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,GAAG,IAAI,CAUjG;AAED,4EAA4E;AAC5E,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,IAAI,EAAE,MAAM,GAAG,IAAI,CAUnF;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,CAAC,EAAE,aAAa,EAAE,SAAS,CAAC,EAAE,mBAAmB,KAAK,WAAW,CAAC;AAEnG;;;;;;;;;;GAUG;AACH,eAAO,MAAM,QAAQ;;;;;;CAMX,CAAC;AAEX;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,mBAAmB,CAStD;AAED;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,CAK1C;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS,CAOnE;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAChC,MAAM,EAAQ,UAAU,EACxB,WAAW,EAAG,MAAM,GACnB,mBAAmB,CAUrB;AAwDD;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,CAAC,EAAE,aAAa,EAAE,SAAS,CAAC,EAAE,mBAAmB,GAAG,WAAW,CAEvG;AAgBD;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,CAAC,EAAE,aAAa,EAAE,SAAS,CAAC,EAAE,mBAAmB,GAAG,WAAW,CAKxG;AAED;;;;;;;;;GASG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,aAAa,CAUxD"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Creates a directory (recursively) and, on POSIX systems, tightens it to the
|
|
3
|
+
* requested mode. `mkdir`'s mode is subject to the umask, so it is reapplied
|
|
4
|
+
* with an explicit `chmod`.
|
|
5
|
+
*/
|
|
6
|
+
export declare function ensureDir(dir: string, mode: number): void;
|
|
7
|
+
/**
|
|
8
|
+
* Writes a file atomically: serialize to a sibling temporary file, tighten its
|
|
9
|
+
* permissions, then rename over the target so a crash mid-write cannot leave a
|
|
10
|
+
* truncated or partially-written file. The temporary file is removed on failure.
|
|
11
|
+
*/
|
|
12
|
+
export declare function writeFileAtomic(path: string, data: string, mode: number): void;
|
|
13
|
+
/**
|
|
14
|
+
* Fails closed if a keystore file is readable or writable by group or other.
|
|
15
|
+
* On Windows, where POSIX mode bits are not enforced, this is a no-op that
|
|
16
|
+
* warns once on standard error.
|
|
17
|
+
*/
|
|
18
|
+
export declare function assertSecurePerms(path: string): void;
|
|
19
|
+
//# sourceMappingURL=atomic.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"atomic.d.ts","sourceRoot":"","sources":["../../../../src/keystore/atomic.ts"],"names":[],"mappings":"AAQA;;;;GAIG;AACH,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,IAAI,CASzD;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,IAAI,CAkB9E;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAkBpD"}
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
/** Current keystore secret-envelope format version. */
|
|
2
|
+
export declare const ENVELOPE_VERSION: 1;
|
|
3
|
+
/**
|
|
4
|
+
* argon2id cost parameters. Field names follow RFC 9106: `t` time cost
|
|
5
|
+
* (passes), `m` memory cost in KiB, `p` parallelism (lanes), `dkLen` derived
|
|
6
|
+
* key length in bytes.
|
|
7
|
+
*/
|
|
8
|
+
export type ArgonParams = {
|
|
9
|
+
t: number;
|
|
10
|
+
m: number;
|
|
11
|
+
p: number;
|
|
12
|
+
dkLen: number;
|
|
13
|
+
};
|
|
14
|
+
/**
|
|
15
|
+
* Production argon2id parameters: 3 passes over 64 MiB across 4 lanes, deriving
|
|
16
|
+
* a 32-byte key. Recorded in every envelope so the cost can be raised later
|
|
17
|
+
* without making previously sealed envelopes undecryptable.
|
|
18
|
+
*/
|
|
19
|
+
export declare const DEFAULT_ARGON_PARAMS: ArgonParams;
|
|
20
|
+
/**
|
|
21
|
+
* A self-describing, versioned envelope sealing one secret at rest. The header
|
|
22
|
+
* (version, key-derivation parameters, cipher) is bound as the AEAD additional
|
|
23
|
+
* data, so a tampered header fails authentication. All byte fields are
|
|
24
|
+
* base64url with no padding.
|
|
25
|
+
*/
|
|
26
|
+
export type SecretEnvelope = {
|
|
27
|
+
v: typeof ENVELOPE_VERSION;
|
|
28
|
+
kdf: {
|
|
29
|
+
alg: 'argon2id';
|
|
30
|
+
salt: string;
|
|
31
|
+
t: number;
|
|
32
|
+
m: number;
|
|
33
|
+
p: number;
|
|
34
|
+
dkLen: number;
|
|
35
|
+
};
|
|
36
|
+
cipher: 'xchacha20poly1305';
|
|
37
|
+
nonce: string;
|
|
38
|
+
ciphertext: string;
|
|
39
|
+
};
|
|
40
|
+
/**
|
|
41
|
+
* Seals a secret under a passphrase into a {@link SecretEnvelope}. A fresh
|
|
42
|
+
* random salt and nonce are generated per call, so encrypting the same secret
|
|
43
|
+
* twice yields different envelopes.
|
|
44
|
+
*
|
|
45
|
+
* @param secret - The secret bytes to encrypt. Must be non-empty.
|
|
46
|
+
* @param passphrase - The passphrase the encryption key is derived from.
|
|
47
|
+
* @param params - argon2id cost parameters. Defaults to {@link DEFAULT_ARGON_PARAMS}.
|
|
48
|
+
* @returns The versioned, authenticated envelope.
|
|
49
|
+
* @throws {KeyStoreError} `ENVELOPE_ENCRYPT_ERROR` when `secret` is empty.
|
|
50
|
+
*/
|
|
51
|
+
export declare function encryptSecret(secret: Uint8Array, passphrase: string, params?: ArgonParams): SecretEnvelope;
|
|
52
|
+
/**
|
|
53
|
+
* Opens a {@link SecretEnvelope} sealed by {@link encryptSecret} and returns the
|
|
54
|
+
* plaintext secret. A wrong passphrase, corrupted ciphertext, or a tampered
|
|
55
|
+
* header all fail authentication and raise `DECRYPT_ERROR`.
|
|
56
|
+
*
|
|
57
|
+
* @param env - The envelope to open.
|
|
58
|
+
* @param passphrase - The passphrase the envelope was sealed with.
|
|
59
|
+
* @returns The decrypted secret bytes.
|
|
60
|
+
* @throws {KeyStoreError} `ENVELOPE_VERSION_ERROR` for an unknown version or
|
|
61
|
+
* algorithm; `DECRYPT_ERROR` for failed authentication.
|
|
62
|
+
*/
|
|
63
|
+
export declare function decryptSecret(env: SecretEnvelope, passphrase: string): Uint8Array;
|
|
64
|
+
//# sourceMappingURL=envelope.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"envelope.d.ts","sourceRoot":"","sources":["../../../../src/keystore/envelope.ts"],"names":[],"mappings":"AAMA,uDAAuD;AACvD,eAAO,MAAM,gBAAgB,EAAG,CAAU,CAAC;AAS3C;;;;GAIG;AACH,MAAM,MAAM,WAAW,GAAG;IACxB,CAAC,EAAO,MAAM,CAAC;IACf,CAAC,EAAO,MAAM,CAAC;IACf,CAAC,EAAO,MAAM,CAAC;IACf,KAAK,EAAG,MAAM,CAAC;CAChB,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,oBAAoB,EAAE,WAAwD,CAAC;AAE5F;;;;;GAKG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B,CAAC,EAAK,OAAO,gBAAgB,CAAC;IAC9B,GAAG,EAAG;QACJ,GAAG,EAAK,UAAU,CAAC;QACnB,IAAI,EAAI,MAAM,CAAC;QACf,CAAC,EAAO,MAAM,CAAC;QACf,CAAC,EAAO,MAAM,CAAC;QACf,CAAC,EAAO,MAAM,CAAC;QACf,KAAK,EAAG,MAAM,CAAC;KAChB,CAAC;IACF,MAAM,EAAO,mBAAmB,CAAC;IACjC,KAAK,EAAQ,MAAM,CAAC;IACpB,UAAU,EAAG,MAAM,CAAC;CACrB,CAAC;AA2CF;;;;;;;;;;GAUG;AACH,wBAAgB,aAAa,CAC3B,MAAM,EAAO,UAAU,EACvB,UAAU,EAAG,MAAM,EACnB,MAAM,GAAO,WAAkC,GAC9C,cAAc,CAkBhB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,GAAG,UAAU,CA4BjF"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import { DidMethodError } from '@did-btcr2/common';
|
|
2
|
+
/**
|
|
3
|
+
* Error raised by the CLI keystore layer: secret-envelope encryption and
|
|
4
|
+
* decryption, on-disk file permission enforcement, and passphrase acquisition.
|
|
5
|
+
*
|
|
6
|
+
* Unlike {@link CLIError} (whose `name` is fixed to `'CLIError'`), this follows
|
|
7
|
+
* the {@link DidMethodError} sibling convention where `name` mirrors the `type`
|
|
8
|
+
* code, so a thrown error's `name` reflects the specific failure category
|
|
9
|
+
* (for example `DECRYPT_ERROR` or `KEYSTORE_PERMISSION_ERROR`).
|
|
10
|
+
*/
|
|
11
|
+
export declare class KeyStoreError extends DidMethodError {
|
|
12
|
+
constructor(message: string, type?: string, data?: Record<string, any>);
|
|
13
|
+
}
|
|
14
|
+
//# sourceMappingURL=error.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"error.d.ts","sourceRoot":"","sources":["../../../../src/keystore/error.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAEnD;;;;;;;;GAQG;AACH,qBAAa,aAAc,SAAQ,cAAc;gBACnC,OAAO,EAAE,MAAM,EAAE,IAAI,GAAE,MAAwB,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;CAGxF"}
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
import type { Bytes, HashBytes, KeyBytes, SignatureBytes } from '@did-btcr2/common';
|
|
2
|
+
import { type GenerateKeyOptions, type ImportKeyOptions, type KeyIdentifier, type KeyManager, type SignOptions, type VerifyOptions } from '@did-btcr2/key-manager';
|
|
3
|
+
import type { SchnorrKeyPair } from '@did-btcr2/keypair';
|
|
4
|
+
import { type FileKeyStoreOptions } from './file-key-store.js';
|
|
5
|
+
/**
|
|
6
|
+
* A {@link KeyManager} backed by the encrypted on-disk {@link FileKeyStore}.
|
|
7
|
+
*
|
|
8
|
+
* It composes a {@link LocalKeyManager} over a {@link FileKeyStore} and adds the
|
|
9
|
+
* one thing the store interface cannot express: persisting the active-key
|
|
10
|
+
* pointer. `LocalKeyManager` tracks the active key only in process memory, so
|
|
11
|
+
* this wrapper mirrors every active-key change to the keystore file and
|
|
12
|
+
* re-applies the persisted pointer at construction. Read and signing
|
|
13
|
+
* operations delegate straight through.
|
|
14
|
+
*
|
|
15
|
+
* Injected as the api's KeyManager so every command reaches it uniformly via
|
|
16
|
+
* `api.kms`, and "the active key" survives across CLI invocations.
|
|
17
|
+
*/
|
|
18
|
+
export declare class FileBackedKeyManager implements KeyManager {
|
|
19
|
+
#private;
|
|
20
|
+
/** Capability probe: the local store supports exporting secret material. */
|
|
21
|
+
readonly canExport = true;
|
|
22
|
+
constructor(options: FileKeyStoreOptions);
|
|
23
|
+
get activeKeyId(): KeyIdentifier | undefined;
|
|
24
|
+
setActiveKey(id: KeyIdentifier): void;
|
|
25
|
+
importKey(keyPair: SchnorrKeyPair, options?: ImportKeyOptions): KeyIdentifier;
|
|
26
|
+
generateKey(options?: GenerateKeyOptions): KeyIdentifier;
|
|
27
|
+
removeKey(id: KeyIdentifier, options?: {
|
|
28
|
+
force?: boolean;
|
|
29
|
+
}): void;
|
|
30
|
+
listKeys(): KeyIdentifier[];
|
|
31
|
+
getPublicKey(id?: KeyIdentifier): KeyBytes;
|
|
32
|
+
getEntry(id?: KeyIdentifier): {
|
|
33
|
+
publicKey: KeyBytes;
|
|
34
|
+
tags?: Record<string, string>;
|
|
35
|
+
};
|
|
36
|
+
sign(data: Bytes, id?: KeyIdentifier, options?: SignOptions): SignatureBytes;
|
|
37
|
+
verify(signature: SignatureBytes, data: Bytes, id?: KeyIdentifier, options?: VerifyOptions): boolean;
|
|
38
|
+
digest(data: Uint8Array): HashBytes;
|
|
39
|
+
exportKey(id: KeyIdentifier): SchnorrKeyPair;
|
|
40
|
+
}
|
|
41
|
+
//# sourceMappingURL=file-backed-key-manager.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"file-backed-key-manager.d.ts","sourceRoot":"","sources":["../../../../src/keystore/file-backed-key-manager.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACpF,OAAO,EAEL,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,aAAa,EAClB,KAAK,UAAU,EACf,KAAK,WAAW,EAChB,KAAK,aAAa,EACnB,MAAM,wBAAwB,CAAC;AAChC,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,EAAgB,KAAK,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAE7E;;;;;;;;;;;;GAYG;AACH,qBAAa,oBAAqB,YAAW,UAAU;;IACrD,4EAA4E;IAC5E,QAAQ,CAAC,SAAS,QAAQ;gBAKd,OAAO,EAAE,mBAAmB;IAWxC,IAAI,WAAW,IAAI,aAAa,GAAG,SAAS,CAE3C;IAED,YAAY,CAAC,EAAE,EAAE,aAAa,GAAG,IAAI;IAKrC,SAAS,CAAC,OAAO,EAAE,cAAc,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,aAAa;IAM7E,WAAW,CAAC,OAAO,CAAC,EAAE,kBAAkB,GAAG,aAAa;IAMxD,SAAS,CAAC,EAAE,EAAE,aAAa,EAAE,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,IAAI;IAMjE,QAAQ,IAAI,aAAa,EAAE;IAI3B,YAAY,CAAC,EAAE,CAAC,EAAE,aAAa,GAAG,QAAQ;IAI1C,QAAQ,CAAC,EAAE,CAAC,EAAE,aAAa,GAAG;QAAE,SAAS,EAAE,QAAQ,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAAE;IAIpF,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,EAAE,aAAa,EAAE,OAAO,CAAC,EAAE,WAAW,GAAG,cAAc;IAI5E,MAAM,CAAC,SAAS,EAAE,cAAc,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,EAAE,aAAa,EAAE,OAAO,CAAC,EAAE,aAAa,GAAG,OAAO;IAIpG,MAAM,CAAC,IAAI,EAAE,UAAU,GAAG,SAAS;IAInC,SAAS,CAAC,EAAE,EAAE,aAAa,GAAG,cAAc;CAG7C"}
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
import type { KeyEntry, KeyIdentifier, KeyValueStore } from '@did-btcr2/key-manager';
|
|
2
|
+
import type { ArgonParams } from './envelope.js';
|
|
3
|
+
/** Current on-disk keystore file format version. */
|
|
4
|
+
export declare const KEYSTORE_VERSION: 1;
|
|
5
|
+
/** Options for constructing a {@link FileKeyStore}. */
|
|
6
|
+
export type FileKeyStoreOptions = {
|
|
7
|
+
/** Keystore file path. Defaults to {@link defaultKeystorePath}. */
|
|
8
|
+
path?: string;
|
|
9
|
+
/** Supplies the passphrase lazily, called only when a secret must be sealed or opened. */
|
|
10
|
+
getPassphrase: () => string;
|
|
11
|
+
/** argon2id cost parameters used when sealing new secrets. Defaults to {@link DEFAULT_ARGON_PARAMS}. */
|
|
12
|
+
argonParams?: ArgonParams;
|
|
13
|
+
};
|
|
14
|
+
/**
|
|
15
|
+
* A Node-only, file-backed {@link KeyValueStore} that encrypts secret keys at
|
|
16
|
+
* rest. It satisfies the synchronous store contract by caching the parsed file
|
|
17
|
+
* in memory at construction and flushing the whole file atomically on every
|
|
18
|
+
* mutation.
|
|
19
|
+
*
|
|
20
|
+
* Secrets are materialized only through {@link FileKeyStore.get}. The
|
|
21
|
+
* {@link FileKeyStore.list} and {@link FileKeyStore.entries} projections omit
|
|
22
|
+
* secret keys and never decrypt, so enumerating the store never triggers a
|
|
23
|
+
* passphrase prompt.
|
|
24
|
+
*/
|
|
25
|
+
export declare class FileKeyStore implements KeyValueStore<KeyIdentifier, KeyEntry> {
|
|
26
|
+
#private;
|
|
27
|
+
constructor(options: FileKeyStoreOptions);
|
|
28
|
+
get(id: KeyIdentifier): KeyEntry | undefined;
|
|
29
|
+
has(id: KeyIdentifier): boolean;
|
|
30
|
+
set(id: KeyIdentifier, value: KeyEntry): void;
|
|
31
|
+
delete(id: KeyIdentifier): boolean;
|
|
32
|
+
clear(): void;
|
|
33
|
+
/** All stored values with secret keys omitted. Never decrypts, never prompts. */
|
|
34
|
+
list(): Array<KeyEntry>;
|
|
35
|
+
/**
|
|
36
|
+
* All entries as id-value tuples with secret keys omitted. Never decrypts,
|
|
37
|
+
* never prompts: {@link FileKeyStore.get} is the only secret-materializing
|
|
38
|
+
* path, so callers that only need identifiers (such as `listKeys`) do not
|
|
39
|
+
* force a passphrase prompt. This deviates intentionally from the in-memory
|
|
40
|
+
* store, which returns stored values verbatim.
|
|
41
|
+
*/
|
|
42
|
+
entries(): Array<[KeyIdentifier, KeyEntry]>;
|
|
43
|
+
close(): void;
|
|
44
|
+
/** The persisted active-key identifier, or undefined if none is set. */
|
|
45
|
+
getActive(): string | undefined;
|
|
46
|
+
/**
|
|
47
|
+
* Persists the active-key pointer in the keystore file. Passing undefined
|
|
48
|
+
* clears it. Throws if the identifier is not a known key.
|
|
49
|
+
*/
|
|
50
|
+
setActive(id: KeyIdentifier | undefined): void;
|
|
51
|
+
}
|
|
52
|
+
//# sourceMappingURL=file-key-store.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"file-key-store.d.ts","sourceRoot":"","sources":["../../../../src/keystore/file-key-store.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,QAAQ,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAIrF,OAAO,KAAK,EAAE,WAAW,EAAkB,MAAM,eAAe,CAAC;AAIjE,oDAAoD;AACpD,eAAO,MAAM,gBAAgB,EAAG,CAAU,CAAC;AAwB3C,uDAAuD;AACvD,MAAM,MAAM,mBAAmB,GAAG;IAChC,mEAAmE;IACnE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,0FAA0F;IAC1F,aAAa,EAAE,MAAM,MAAM,CAAC;IAC5B,wGAAwG;IACxG,WAAW,CAAC,EAAE,WAAW,CAAC;CAC3B,CAAC;AAEF;;;;;;;;;;GAUG;AACH,qBAAa,YAAa,YAAW,aAAa,CAAC,aAAa,EAAE,QAAQ,CAAC;;gBAO7D,OAAO,EAAE,mBAAmB;IAyExC,GAAG,CAAC,EAAE,EAAE,aAAa,GAAG,QAAQ,GAAG,SAAS;IA0B5C,GAAG,CAAC,EAAE,EAAE,aAAa,GAAG,OAAO;IAI/B,GAAG,CAAC,EAAE,EAAE,aAAa,EAAE,KAAK,EAAE,QAAQ,GAAG,IAAI;IAa7C,MAAM,CAAC,EAAE,EAAE,aAAa,GAAG,OAAO;IASlC,KAAK,IAAI,IAAI;IAMb,iFAAiF;IACjF,IAAI,IAAI,KAAK,CAAC,QAAQ,CAAC;IAIvB;;;;;;OAMG;IACH,OAAO,IAAI,KAAK,CAAC,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;IAW3C,KAAK,IAAI,IAAI;IAQb,wEAAwE;IACxE,SAAS,IAAI,MAAM,GAAG,SAAS;IAI/B;;;OAGG;IACH,SAAS,CAAC,EAAE,EAAE,aAAa,GAAG,SAAS,GAAG,IAAI;CAO/C"}
|