npm - @dp-pcs/ogp - Versions diffs - 0.2.12 → 0.2.13 - Mend

@dp-pcs/ogp 0.2.12 → 0.2.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/daemon/keypair.d.ts.map +1 -1
package/dist/daemon/keypair.js +74 -4
package/dist/daemon/keypair.js.map +1 -1
package/package.json +1 -1

package/dist/daemon/keypair.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"keypair.d.ts","sourceRoot":"","sources":["../../src/daemon/keypair.ts"],"names":[],"mappings":"~~AAEA~~,OAAO,EAAmB,KAAK,OAAO,EAAE,MAAM,sBAAsB,CAAC;~~AAKrE~~,wBAAgB,qBAAqB,IAAI,OAAO,~~CAY~~/C;AAED,wBAAgB,YAAY,IAAI,MAAM,CAGrC;AAED,wBAAgB,aAAa,IAAI,MAAM,CAGtC"}
1	+ {"version":3,"file":"keypair.d.ts","sourceRoot":"","sources":["../../src/daemon/keypair.ts"],"names":[],"mappings":"AAGA,OAAO,EAAmB,KAAK,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAiDrE,wBAAgB,qBAAqB,IAAI,OAAO,CAoD/C;AAED,wBAAgB,YAAY,IAAI,MAAM,CAGrC;AAED,wBAAgB,aAAa,IAAI,MAAM,CAGtC"}

package/dist/daemon/keypair.js CHANGED Viewed

@@ -1,17 +1,87 @@
 import fs from 'node:fs';
 import path from 'node:path';
+import { execSync } from 'node:child_process';
 import { generateKeyPair } from '../shared/signing.js';
 import { getConfigDir, ensureConfigDir } from '../shared/config.js';
 const KEYPAIR_FILE = path.join(getConfigDir(), 'keypair.json');
+const KEYCHAIN_SERVICE = 'ogp-federation';
+const KEYCHAIN_ACCOUNT = 'private-key';
+// --- macOS Keychain helpers ---
+function isMacOS() {
+    return process.platform === 'darwin';
+}
+function keychainStore(privateKey) {
+    try {
+        execSync(`security add-generic-password -U -s ${KEYCHAIN_SERVICE} -a ${KEYCHAIN_ACCOUNT} -w ${JSON.stringify(privateKey)}`, { stdio: 'pipe' });
+    }
+    catch {
+        // ignore — falls back to file
+    }
+}
+function keychainLoad() {
+    try {
+        const result = execSync(`security find-generic-password -s ${KEYCHAIN_SERVICE} -a ${KEYCHAIN_ACCOUNT} -w`, { stdio: 'pipe' }).toString().trim();
+        return result || null;
+    }
+    catch {
+        return null;
+    }
+}
+function keychainDelete() {
+    try {
+        execSync(`security delete-generic-password -s ${KEYCHAIN_SERVICE} -a ${KEYCHAIN_ACCOUNT}`, { stdio: 'pipe' });
+    }
+    catch {
+        // ignore — may not exist
+    }
+}
+// --- Keypair management ---
 export function loadOrGenerateKeyPair() {
     ensureConfigDir();
     if (fs.existsSync(KEYPAIR_FILE)) {
-        const data = fs.readFileSync(KEYPAIR_FILE, 'utf-8');
-        return JSON.parse(data);
+        const data = JSON.parse(fs.readFileSync(KEYPAIR_FILE, 'utf-8'));
+        // Migration: if private key is in file and we're on macOS, move it to Keychain
+        if (data.privateKey && isMacOS()) {
+            const existing = keychainLoad();
+            if (!existing) {
+                keychainStore(data.privateKey);
+                console.log('[OGP] Migrated private key to macOS Keychain');
+            }
+            // Scrub private key from file
+            const safe = { publicKey: data.publicKey };
+            fs.writeFileSync(KEYPAIR_FILE, JSON.stringify(safe, null, 2), 'utf-8');
+        }
+        // Load private key from Keychain (macOS) or file (other)
+        let privateKey;
+        if (isMacOS()) {
+            const fromKeychain = keychainLoad();
+            if (!fromKeychain) {
+                throw new Error('[OGP] Private key not found in Keychain. Run `ogp setup --reset-keypair` to regenerate.');
+            }
+            privateKey = fromKeychain;
+        }
+        else {
+            if (!data.privateKey) {
+                throw new Error('[OGP] Private key missing from keypair.json on non-macOS platform.');
+            }
+            privateKey = data.privateKey;
+        }
+        return { publicKey: data.publicKey, privateKey };
     }
+    // Generate fresh keypair
     const keypair = generateKeyPair();
-    fs.writeFileSync(KEYPAIR_FILE, JSON.stringify(keypair, null, 2), 'utf-8');
-    console.log('[OGP] Generated new Ed25519 keypair');
+    if (isMacOS()) {
+        // Store private key in Keychain, public key in file only
+        keychainStore(keypair.privateKey);
+        fs.writeFileSync(KEYPAIR_FILE, JSON.stringify({ publicKey: keypair.publicKey }, null, 2), 'utf-8');
+        console.log('[OGP] Generated new Ed25519 keypair (private key stored in macOS Keychain)');
+    }
+    else {
+        // Non-macOS: store full keypair in file (restrict permissions)
+        fs.writeFileSync(KEYPAIR_FILE, JSON.stringify(keypair, null, 2), 'utf-8');
+        fs.chmodSync(KEYPAIR_FILE, 0o600);
+        console.log('[OGP] Generated new Ed25519 keypair (private key stored in keypair.json, mode 600)');
+    }
     return keypair;
 }
 export function getPublicKey() {

package/dist/daemon/keypair.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"keypair.js","sourceRoot":"","sources":["../../src/daemon/keypair.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,eAAe,EAAgB,MAAM,sBAAsB,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAEpE,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,cAAc,CAAC,CAAC;~~AAE~~/D,MAAM,UAAU,qBAAqB;IACnC,eAAe,EAAE,CAAC;IAElB,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;~~QACpD~~,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,~~CAAY~~,CAAC;~~IACrC~~,CAAC;IAED,MAAM,OAAO,GAAG,eAAe,EAAE,CAAC;~~IAClC~~,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;~~IAC1E~~,OAAO,CAAC,GAAG,CAAC,~~qCAAqC~~,CAAC,CAAC;~~IACnD~~,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,MAAM,OAAO,GAAG,qBAAqB,EAAE,CAAC;IACxC,OAAO,OAAO,CAAC,SAAS,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,aAAa;IAC3B,MAAM,OAAO,GAAG,qBAAqB,EAAE,CAAC;IACxC,OAAO,OAAO,CAAC,UAAU,CAAC;AAC5B,CAAC"}
1	+ {"version":3,"file":"keypair.js","sourceRoot":"","sources":["../../src/daemon/keypair.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAgB,MAAM,sBAAsB,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAEpE,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,cAAc,CAAC,CAAC;AAC/D,MAAM,gBAAgB,GAAG,gBAAgB,CAAC;AAC1C,MAAM,gBAAgB,GAAG,aAAa,CAAC;AAEvC,iCAAiC;AAEjC,SAAS,OAAO;IACd,OAAO,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC;AACvC,CAAC;AAED,SAAS,aAAa,CAAC,UAAkB;IACvC,IAAI,CAAC;QACH,QAAQ,CACN,uCAAuC,gBAAgB,OAAO,gBAAgB,OAAO,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,EACjH,EAAE,KAAK,EAAE,MAAM,EAAE,CAClB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,8BAA8B;IAChC,CAAC;AACH,CAAC;AAED,SAAS,YAAY;IACnB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,QAAQ,CACrB,qCAAqC,gBAAgB,OAAO,gBAAgB,KAAK,EACjF,EAAE,KAAK,EAAE,MAAM,EAAE,CAClB,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,CAAC;QACpB,OAAO,MAAM,IAAI,IAAI,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,cAAc;IACrB,IAAI,CAAC;QACH,QAAQ,CACN,uCAAuC,gBAAgB,OAAO,gBAAgB,EAAE,EAChF,EAAE,KAAK,EAAE,MAAM,EAAE,CAClB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,yBAAyB;IAC3B,CAAC;AACH,CAAC;AAED,6BAA6B;AAE7B,MAAM,UAAU,qBAAqB;IACnC,eAAe,EAAE,CAAC;IAElB,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;QAEhE,+EAA+E;QAC/E,IAAI,IAAI,CAAC,UAAU,IAAI,OAAO,EAAE,EAAE,CAAC;YACjC,MAAM,QAAQ,GAAG,YAAY,EAAE,CAAC;YAChC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;gBAC/B,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;YAC9D,CAAC;YACD,8BAA8B;YAC9B,MAAM,IAAI,GAAG,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC;YAC3C,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QACzE,CAAC;QAED,yDAAyD;QACzD,IAAI,UAAkB,CAAC;QACvB,IAAI,OAAO,EAAE,EAAE,CAAC;YACd,MAAM,YAAY,GAAG,YAAY,EAAE,CAAC;YACpC,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,MAAM,IAAI,KAAK,CAAC,yFAAyF,CAAC,CAAC;YAC7G,CAAC;YACD,UAAU,GAAG,YAAY,CAAC;QAC5B,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;gBACrB,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;YACxF,CAAC;YACD,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;QAC/B,CAAC;QAED,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,UAAU,EAAE,CAAC;IACnD,CAAC;IAED,yBAAyB;IACzB,MAAM,OAAO,GAAG,eAAe,EAAE,CAAC;IAElC,IAAI,OAAO,EAAE,EAAE,CAAC;QACd,yDAAyD;QACzD,aAAa,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAClC,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QACnG,OAAO,CAAC,GAAG,CAAC,4EAA4E,CAAC,CAAC;IAC5F,CAAC;SAAM,CAAC;QACN,+DAA+D;QAC/D,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QAC1E,EAAE,CAAC,SAAS,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;QAClC,OAAO,CAAC,GAAG,CAAC,oFAAoF,CAAC,CAAC;IACpG,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,MAAM,OAAO,GAAG,qBAAqB,EAAE,CAAC;IACxC,OAAO,OAAO,CAAC,SAAS,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,aAAa;IAC3B,MAAM,OAAO,GAAG,qBAAqB,EAAE,CAAC;IACxC,OAAO,OAAO,CAAC,UAAU,CAAC;AAC5B,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@dp-pcs/ogp",
-  "version": "0.2.12",
+  "version": "0.2.13",
   "description": "Open Gateway Protocol (OGP) - Peer-to-peer federation daemon for OpenClaw AI gateways with cryptographic signatures",
   "type": "module",
   "main": "./dist/index.js",