@didcid/keymaster 0.4.0 → 0.4.2

package/dist/cjs/keymaster.cjs

@@ -4,6 +4,7 @@ Object.defineProperty(exports, '__esModule', { value: true });
 
 var imageSize = require('image-size');
 var fileType = require('file-type');
+var lightBolt11Decoder = require('light-bolt11-decoder');
 var db_typeGuards = require('./db/typeGuards.cjs');
 require('crypto');
 
@@ -466,6 +467,18 @@ class UnknownIDError extends ArchonError {
         super(UnknownIDError.type, detail);
     }
 }
+class LightningNotConfiguredError extends ArchonError {
+    static type = 'Lightning not configured';
+    constructor(detail) {
+        super(LightningNotConfiguredError.type, detail);
+    }
+}
+class LightningUnavailableError extends ArchonError {
+    static type = 'Lightning service unavailable';
+    constructor(detail) {
+        super(LightningUnavailableError.type, detail);
+    }
+}
 
 const base32 = rfc4648({
     prefix: 'b',
@@ -2806,6 +2819,23 @@ class Keymaster {
     async getMnemonicForDerivation(wallet) {
         return decryptWithPassphrase(wallet.seed.mnemonicEnc, this.passphrase);
     }
+    async changePassphrase(newPassphrase) {
+        if (!newPassphrase) {
+            throw new InvalidParameterError('newPassphrase');
+        }
+        const wallet = await this.loadWallet();
+        const mnemonic = await decryptWithPassphrase(wallet.seed.mnemonicEnc, this.passphrase);
+        const mnemonicEnc = await encryptWithPassphrase(mnemonic, newPassphrase);
+        wallet.seed.mnemonicEnc = mnemonicEnc;
+        this.passphrase = newPassphrase;
+        this._walletCache = wallet;
+        const encrypted = await this.encryptWalletForStorage(wallet);
+        const ok = await this.db.saveWallet(encrypted, true);
+        if (!ok) {
+            throw new KeymasterError('Failed to save wallet with new passphrase');
+        }
+        return true;
+    }
     async checkWallet() {
         const wallet = await this.loadWallet();
         let checked = 0;
@@ -3907,6 +3937,262 @@ class Keymaster {
         });
         return true;
     }
+    async addNostr(name) {
+        const keypair = await this.fetchKeyPair(name);
+        if (!keypair) {
+            throw new InvalidParameterError('id');
+        }
+        const nostr = this.cipher.jwkToNostr(keypair.publicJwk);
+        const id = await this.fetchIdInfo(name);
+        await this.mergeData(id.did, { nostr });
+        return nostr;
+    }
+    async removeNostr(name) {
+        const id = await this.fetchIdInfo(name);
+        return this.mergeData(id.did, { nostr: null });
+    }
+    async exportNsec(name) {
+        const keypair = await this.fetchKeyPair(name);
+        if (!keypair) {
+            throw new InvalidParameterError('id');
+        }
+        return this.cipher.jwkToNsec(keypair.privateJwk);
+    }
+    async signNostrEvent(event) {
+        const keypair = await this.fetchKeyPair();
+        if (!keypair) {
+            throw new InvalidParameterError('id');
+        }
+        const nostr = this.cipher.jwkToNostr(keypair.publicJwk);
+        const serialized = JSON.stringify([
+            0,
+            nostr.pubkey,
+            event.created_at,
+            event.kind,
+            event.tags,
+            event.content,
+        ]);
+        const id = this.cipher.hashMessage(serialized);
+        const sig = this.cipher.signSchnorr(id, keypair.privateJwk);
+        return {
+            ...event,
+            id,
+            pubkey: nostr.pubkey,
+            sig,
+        };
+    }
+    // Lightning helpers
+    requireDrawbridge() {
+        const drawbridge = this.gatekeeper;
+        if (typeof drawbridge.createLightningWallet !== 'function') {
+            throw new LightningUnavailableError('Gateway does not support Lightning');
+        }
+        return drawbridge;
+    }
+    async getLightningConfig(name) {
+        const drawbridge = this.requireDrawbridge();
+        const url = drawbridge.url;
+        let wallet = await this.loadWallet();
+        let idInfo = await this.fetchIdInfo(name, wallet);
+        if (!idInfo.lightning) {
+            throw new LightningNotConfiguredError(`No Lightning wallet configured for ${idInfo.did}`);
+        }
+        // Migrate old flat format to per-URL dictionary
+        if ('walletId' in idInfo.lightning) {
+            await this.mutateWallet(async (wallet) => {
+                const idInfo = await this.fetchIdInfo(name, wallet);
+                if (idInfo.lightning && 'walletId' in idInfo.lightning) {
+                    idInfo.lightning = { [url]: idInfo.lightning };
+                }
+            });
+            wallet = await this.loadWallet();
+            idInfo = await this.fetchIdInfo(name, wallet);
+        }
+        const config = idInfo.lightning[url];
+        if (!config) {
+            throw new LightningNotConfiguredError(`No Lightning wallet configured for ${idInfo.did} on ${url}`);
+        }
+        return config;
+    }
+    // Lightning methods
+    async addLightning(name) {
+        try {
+            return await this.getLightningConfig(name);
+        }
+        catch (e) {
+            if (e.type !== LightningNotConfiguredError.type)
+                throw e;
+        }
+        const drawbridge = this.requireDrawbridge();
+        const url = drawbridge.url;
+        let result;
+        await this.mutateWallet(async (wallet) => {
+            const idInfo = await this.fetchIdInfo(name, wallet);
+            const store = (idInfo.lightning || {});
+            const walletName = `archon-${idInfo.did.split(':').pop()?.substring(0, 12)}`;
+            const created = await drawbridge.createLightningWallet(walletName);
+            store[url] = {
+                walletId: created.walletId,
+                adminKey: created.adminKey,
+                invoiceKey: created.invoiceKey,
+            };
+            idInfo.lightning = store;
+            result = store[url];
+        });
+        return result;
+    }
+    async removeLightning(name) {
+        // Migrate old format if possible (ignore errors)
+        try {
+            await this.getLightningConfig(name);
+        }
+        catch { /* ok */ }
+        // Try to get URL for targeted removal; fall back to removing all
+        const gk = this.gatekeeper;
+        const url = gk.url ? new URL(gk.url).origin : null;
+        await this.mutateWallet(async (wallet) => {
+            const idInfo = await this.fetchIdInfo(name, wallet);
+            if (!idInfo.lightning)
+                return;
+            if (url) {
+                const store = idInfo.lightning;
+                delete store[url];
+                if (Object.keys(store).length === 0) {
+                    delete idInfo.lightning;
+                }
+            }
+            else {
+                delete idInfo.lightning;
+            }
+        });
+        return true;
+    }
+    async getLightningBalance(name) {
+        const drawbridge = this.requireDrawbridge();
+        const config = await this.getLightningConfig(name);
+        return drawbridge.getLightningBalance(config.invoiceKey);
+    }
+    async createLightningInvoice(amount, memo = '', name) {
+        if (!amount || amount <= 0) {
+            throw new InvalidParameterError('amount');
+        }
+        const drawbridge = this.requireDrawbridge();
+        const config = await this.getLightningConfig(name);
+        return drawbridge.createLightningInvoice(config.invoiceKey, amount, memo);
+    }
+    async payLightningInvoice(bolt11, name) {
+        if (!bolt11) {
+            throw new InvalidParameterError('bolt11');
+        }
+        const drawbridge = this.requireDrawbridge();
+        const config = await this.getLightningConfig(name);
+        return drawbridge.payLightningInvoice(config.adminKey, bolt11);
+    }
+    async checkLightningPayment(paymentHash, name) {
+        if (!paymentHash) {
+            throw new InvalidParameterError('paymentHash');
+        }
+        const drawbridge = this.requireDrawbridge();
+        const config = await this.getLightningConfig(name);
+        const data = await drawbridge.checkLightningPayment(config.invoiceKey, paymentHash);
+        return {
+            paid: data.paid,
+            preimage: data.preimage,
+            paymentHash,
+        };
+    }
+    async decodeLightningInvoice(bolt11) {
+        if (!bolt11) {
+            throw new InvalidParameterError('bolt11');
+        }
+        const decoded = lightBolt11Decoder.decode(bolt11);
+        const info = {};
+        let timestamp;
+        for (const section of decoded.sections) {
+            switch (section.name) {
+                case 'amount':
+                    info.amount = `${parseInt(section.value) / 1000} sats`;
+                    break;
+                case 'description':
+                    info.description = section.value;
+                    break;
+                case 'timestamp':
+                    timestamp = section.value;
+                    info.created = new Date(section.value * 1000).toISOString();
+                    break;
+                case 'expiry':
+                    info.expiry = `${section.value} seconds`;
+                    break;
+                case 'payment_hash':
+                    info.payment_hash = section.value;
+                    break;
+                case 'coin_network':
+                    info.network = section.value?.bech32;
+                    break;
+            }
+        }
+        if (timestamp !== undefined && decoded.expiry !== undefined) {
+            info.expires = new Date((timestamp + decoded.expiry) * 1000).toISOString();
+        }
+        return info;
+    }
+    async publishLightning(name) {
+        const drawbridge = this.requireDrawbridge();
+        const config = await this.getLightningConfig(name);
+        const id = await this.fetchIdInfo(name);
+        const did = id.did;
+        // Register invoiceKey on Drawbridge using DID suffix as key
+        const didSuffix = did.split(':').pop();
+        const result = await drawbridge.publishLightning(didSuffix, config.invoiceKey);
+        // Add service endpoint to DID document
+        const doc = await this.resolveDID(did);
+        const services = doc.didDocument?.service || [];
+        const serviceId = `${did}#lightning`;
+        // Remove existing lightning service if present
+        const filtered = services.filter(s => s.id !== serviceId);
+        const publicHost = result.publicHost || drawbridge.url;
+        filtered.push({
+            id: serviceId,
+            type: 'Lightning',
+            serviceEndpoint: `${publicHost}/invoice/${didSuffix}`,
+        });
+        doc.didDocument.service = filtered;
+        await this.updateDID(did, doc);
+        return true;
+    }
+    async unpublishLightning(name) {
+        const drawbridge = this.requireDrawbridge();
+        const id = await this.fetchIdInfo(name);
+        const did = id.did;
+        // Unregister from Drawbridge using DID suffix as key
+        const didSuffix = did.split(':').pop();
+        await drawbridge.unpublishLightning(didSuffix);
+        // Remove service endpoint from DID document
+        const doc = await this.resolveDID(did);
+        const services = doc.didDocument?.service || [];
+        const serviceId = `${did}#lightning`;
+        const filtered = services.filter(s => s.id !== serviceId);
+        if (filtered.length > 0) {
+            doc.didDocument.service = filtered;
+        }
+        else {
+            delete doc.didDocument.service;
+        }
+        await this.updateDID(did, doc);
+        return true;
+    }
+    async zapLightning(id, amount, memo, name) {
+        const did = await this.lookupDID(id);
+        if (!did) {
+            throw new InvalidParameterError('did');
+        }
+        if (!amount || amount <= 0) {
+            throw new InvalidParameterError('amount');
+        }
+        const drawbridge = this.requireDrawbridge();
+        const config = await this.getLightningConfig(name);
+        return drawbridge.zapLightning(config.adminKey, did, amount, memo);
+    }
     async testAgent(id) {
         const doc = await this.resolveDID(id);
         return doc.didDocumentRegistration?.type === 'agent';
@@ -4331,26 +4617,27 @@ class Keymaster {
     }
     async createGroup(name, options = {}) {
         const group = {
-            name: name,
-            members: []
+            version: 2,
+            members: [],
         };
-        return this.createAsset({ group }, options);
+        return this.createAsset({ name, group }, options);
     }
     async getGroup(id) {
         const asset = await this.resolveAsset(id);
         if (!asset) {
             return null;
         }
-        // TEMP during did:cid, return old version groups
-        const castOldAsset = asset;
-        if (castOldAsset.members) {
-            return castOldAsset;
+        // V2: { name, group: { version: 2, members } }
+        if (asset.group?.version === 2) {
+            return { name: asset.name, members: asset.group.members };
         }
-        const castAsset = asset;
-        if (!castAsset.group) {
-            return null;
+        // V1: { group: { name, members } }
+        if (asset.group?.name && Array.isArray(asset.group?.members)) {
+            const group = asset.group;
+            await this.mergeData(id, { name: group.name, group: { version: 2, members: group.members } });
+            return group;
         }
-        return castAsset.group;
+        return null;
     }
     async addGroupMember(groupId, memberId) {
         const groupDID = await this.lookupDID(groupId);
@@ -4381,8 +4668,8 @@ class Keymaster {
         }
         const members = new Set(group.members);
         members.add(memberDID);
-        group.members = Array.from(members);
-        return this.mergeData(groupDID, { group });
+        const updatedMembers = Array.from(members);
+        return this.mergeData(groupDID, { group: { version: 2, members: updatedMembers } });
     }
     async removeGroupMember(groupId, memberId) {
         const groupDID = await this.lookupDID(groupId);
@@ -4404,8 +4691,8 @@ class Keymaster {
         }
         const members = new Set(group.members);
         members.delete(memberDID);
-        group.members = Array.from(members);
-        return this.mergeData(groupDID, { group });
+        const updatedMembers = Array.from(members);
+        return this.mergeData(groupDID, { group: { version: 2, members: updatedMembers } });
     }
     async testGroup(groupId, memberId) {
         try {

package/dist/cjs/node.cjs

@@ -16,6 +16,7 @@ var db_mongo = require('./db/mongo.cjs');
 var db_sqlite = require('./db/sqlite.cjs');
 require('image-size');
 require('file-type');
+require('light-bolt11-decoder');
 require('crypto');
 require('buffer');
 require('axios');

package/dist/esm/cli.js

@@ -5,7 +5,7 @@ import path from 'path';
 import { fileURLToPath } from 'url';
 import dotenv from 'dotenv';
 import Keymaster from './keymaster.js';
-import GatekeeperClient from '@didcid/gatekeeper/client';
+import DrawbridgeClient from '@didcid/gatekeeper/drawbridge';
 import CipherNode from '@didcid/cipher/node';
 import WalletJson from './db/json.js';
 import WalletSQLite from './db/sqlite.js';
@@ -46,6 +46,18 @@ program
         console.error(error.error || error.message || error);
     }
 });
+program
+    .command('change-passphrase <new-passphrase>')
+    .description('Re-encrypt wallet with a new passphrase')
+    .action(async (newPassphrase) => {
+    try {
+        const ok = await keymaster.changePassphrase(newPassphrase);
+        console.log(ok ? 'OK' : 'Failed');
+    }
+    catch (error) {
+        console.error(error.error || error.message || error);
+    }
+});
 program
     .command('check-wallet')
     .description('Validate DIDs in wallet')
@@ -689,6 +701,152 @@ program
         console.error(error.error || error.message || error);
     }
 });
+// Nostr commands
+program
+    .command('add-nostr [id]')
+    .description('Derive and add nostr keys to an agent DID')
+    .action(async (id) => {
+    try {
+        const nostr = await keymaster.addNostr(id);
+        console.log(JSON.stringify(nostr, null, 4));
+    }
+    catch (error) {
+        console.error(error.error || error.message || error);
+    }
+});
+program
+    .command('remove-nostr [id]')
+    .description('Remove nostr keys from an agent DID')
+    .action(async (id) => {
+    try {
+        await keymaster.removeNostr(id);
+        console.log(UPDATE_OK);
+    }
+    catch (error) {
+        console.error(error.error || error.message || error);
+    }
+});
+// Lightning commands
+program
+    .command('add-lightning [id]')
+    .description('Create a Lightning wallet for a DID')
+    .action(async (id) => {
+    try {
+        const config = await keymaster.addLightning(id);
+        console.log(JSON.stringify(config, null, 4));
+    }
+    catch (error) {
+        console.error(error.error || error.message || error);
+    }
+});
+program
+    .command('remove-lightning [id]')
+    .description('Remove Lightning wallet from a DID')
+    .action(async (id) => {
+    try {
+        await keymaster.removeLightning(id);
+        console.log(UPDATE_OK);
+    }
+    catch (error) {
+        console.error(error.error || error.message || error);
+    }
+});
+program
+    .command('lightning-balance [id]')
+    .description('Check Lightning wallet balance')
+    .action(async (id) => {
+    try {
+        const balance = await keymaster.getLightningBalance(id);
+        console.log(`${balance.balance} sats`);
+    }
+    catch (error) {
+        console.error(error.error || error.message || error);
+    }
+});
+program
+    .command('lightning-decode <bolt11>')
+    .description('Decode a Lightning BOLT11 invoice')
+    .action(async (bolt11) => {
+    try {
+        const info = await keymaster.decodeLightningInvoice(bolt11);
+        console.log(JSON.stringify(info, null, 4));
+    }
+    catch (error) {
+        console.error(error.error || error.message || error);
+    }
+});
+program
+    .command('lightning-invoice <amount> <memo> [id]')
+    .description('Create a Lightning invoice to receive sats')
+    .action(async (amount, memo, id) => {
+    try {
+        const invoice = await keymaster.createLightningInvoice(parseInt(amount), memo, id);
+        console.log(JSON.stringify(invoice, null, 4));
+    }
+    catch (error) {
+        console.error(error.error || error.message || error);
+    }
+});
+program
+    .command('lightning-pay <bolt11> [id]')
+    .description('Pay a Lightning invoice')
+    .action(async (bolt11, id) => {
+    try {
+        const payment = await keymaster.payLightningInvoice(bolt11, id);
+        console.log(JSON.stringify(payment, null, 4));
+    }
+    catch (error) {
+        console.error(error.error || error.message || error);
+    }
+});
+program
+    .command('lightning-check <paymentHash> [id]')
+    .description('Check status of a Lightning payment')
+    .action(async (paymentHash, id) => {
+    try {
+        const status = await keymaster.checkLightningPayment(paymentHash, id);
+        console.log(JSON.stringify(status, null, 4));
+    }
+    catch (error) {
+        console.error(error.error || error.message || error);
+    }
+});
+program
+    .command('publish-lightning [id]')
+    .description('Publish Lightning service endpoint for a DID')
+    .action(async (id) => {
+    try {
+        await keymaster.publishLightning(id);
+        console.log(UPDATE_OK);
+    }
+    catch (error) {
+        console.error(error.error || error.message || error);
+    }
+});
+program
+    .command('unpublish-lightning [id]')
+    .description('Remove Lightning service endpoint from a DID')
+    .action(async (id) => {
+    try {
+        await keymaster.unpublishLightning(id);
+        console.log(UPDATE_OK);
+    }
+    catch (error) {
+        console.error(error.error || error.message || error);
+    }
+});
+program
+    .command('lightning-zap <did> <amount> [memo]')
+    .description('Send sats to a DID via Lightning')
+    .action(async (did, amount, memo) => {
+    try {
+        const result = await keymaster.zapLightning(did, parseInt(amount), memo);
+        console.log(JSON.stringify(result, null, 4));
+    }
+    catch (error) {
+        console.error(error.error || error.message || error);
+    }
+});
 // Group commands
 program
     .command('create-group <groupName>')
@@ -1545,7 +1703,7 @@ async function run() {
     }
     try {
         // Initialize gatekeeper client
-        const gatekeeper = new GatekeeperClient();
+        const gatekeeper = new DrawbridgeClient();
         await gatekeeper.connect({
             url: gatekeeperURL,
             waitUntilReady: true,