@elisym/sdk 0.3.1 → 0.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/node.cjs CHANGED
@@ -1,11 +1,7 @@
1
1
  'use strict';
2
2
 
3
- var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
4
- get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
5
- }) : x)(function(x) {
6
- if (typeof require !== "undefined") return require.apply(this, arguments);
7
- throw Error('Dynamic require of "' + x + '" is not supported');
8
- });
3
+ var buffer = require('buffer');
4
+ var crypto = require('crypto');
9
5
 
10
6
  // src/primitives/encryption.ts
11
7
  var PREFIX = "encrypted:v1:";
@@ -24,20 +20,18 @@ function encryptSecret(plaintext, passphrase) {
24
20
  if (!passphrase) {
25
21
  throw new Error("Passphrase must not be empty.");
26
22
  }
27
- const { scryptSync, randomBytes, createCipheriv } = __require("crypto");
28
- const { Buffer: Buffer2 } = __require("buffer");
29
- const salt = randomBytes(SALT_LENGTH);
30
- const key = scryptSync(passphrase, salt, KEY_LENGTH, {
23
+ const salt = crypto.randomBytes(SALT_LENGTH);
24
+ const key = crypto.scryptSync(passphrase, salt, KEY_LENGTH, {
31
25
  N: SCRYPT_N,
32
26
  r: SCRYPT_R,
33
27
  p: SCRYPT_P,
34
28
  maxmem: SCRYPT_MAXMEM
35
29
  });
36
- const iv = randomBytes(IV_LENGTH);
37
- const cipher = createCipheriv("aes-256-gcm", key, iv);
38
- const encrypted = Buffer2.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
30
+ const iv = crypto.randomBytes(IV_LENGTH);
31
+ const cipher = crypto.createCipheriv("aes-256-gcm", key, iv);
32
+ const encrypted = buffer.Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
39
33
  const tag = cipher.getAuthTag();
40
- const payload = Buffer2.concat([salt, iv, encrypted, tag]);
34
+ const payload = buffer.Buffer.concat([salt, iv, encrypted, tag]);
41
35
  return PREFIX + payload.toString("base64");
42
36
  }
43
37
  function decryptSecret(encrypted, passphrase) {
@@ -47,9 +41,7 @@ function decryptSecret(encrypted, passphrase) {
47
41
  if (!passphrase) {
48
42
  throw new Error("Passphrase must not be empty.");
49
43
  }
50
- const { scryptSync, createDecipheriv } = __require("crypto");
51
- const { Buffer: Buffer2 } = __require("buffer");
52
- const payload = Buffer2.from(encrypted.slice(PREFIX.length), "base64");
44
+ const payload = buffer.Buffer.from(encrypted.slice(PREFIX.length), "base64");
53
45
  if (payload.length < SALT_LENGTH + IV_LENGTH + TAG_LENGTH) {
54
46
  throw new Error("Encrypted payload is too short.");
55
47
  }
@@ -57,16 +49,16 @@ function decryptSecret(encrypted, passphrase) {
57
49
  const iv = payload.subarray(SALT_LENGTH, SALT_LENGTH + IV_LENGTH);
58
50
  const tag = payload.subarray(payload.length - TAG_LENGTH);
59
51
  const ciphertext = payload.subarray(SALT_LENGTH + IV_LENGTH, payload.length - TAG_LENGTH);
60
- const key = scryptSync(passphrase, salt, KEY_LENGTH, {
52
+ const key = crypto.scryptSync(passphrase, salt, KEY_LENGTH, {
61
53
  N: SCRYPT_N,
62
54
  r: SCRYPT_R,
63
55
  p: SCRYPT_P,
64
56
  maxmem: SCRYPT_MAXMEM
65
57
  });
66
- const decipher = createDecipheriv("aes-256-gcm", key, iv);
58
+ const decipher = crypto.createDecipheriv("aes-256-gcm", key, iv);
67
59
  decipher.setAuthTag(tag);
68
60
  try {
69
- const decrypted = Buffer2.concat([decipher.update(ciphertext), decipher.final()]);
61
+ const decrypted = buffer.Buffer.concat([decipher.update(ciphertext), decipher.final()]);
70
62
  return decrypted.toString("utf8");
71
63
  } catch {
72
64
  throw new Error("Decryption failed. Wrong passphrase or corrupted data.");
package/dist/node.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/primitives/encryption.ts","../src/primitives/config-node.ts"],"names":["Buffer"],"mappings":";;;;;;;;;;AAWA,IAAM,MAAA,GAAS,eAAA;AACf,IAAM,WAAA,GAAc,EAAA;AACpB,IAAM,SAAA,GAAY,EAAA;AAClB,IAAM,UAAA,GAAa,EAAA;AACnB,IAAM,UAAA,GAAa,EAAA;AAEnB,IAAM,WAAW,CAAA,IAAK,EAAA;AACtB,IAAM,QAAA,GAAW,CAAA;AACjB,IAAM,QAAA,GAAW,CAAA;AACjB,IAAM,aAAA,GAAgB,GAAA,GAAM,QAAA,GAAW,QAAA,GAAW,CAAA;AAG3C,SAAS,YAAY,KAAA,EAAwB;AAClD,EAAA,OAAO,KAAA,CAAM,WAAW,MAAM,CAAA;AAChC;AAGO,SAAS,aAAA,CAAc,WAAmB,UAAA,EAA4B;AAC3E,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAI,MAAM,+BAA+B,CAAA;AAAA,EACjD;AACA,EAAA,MAAM,EAAE,UAAA,EAAY,WAAA,EAAa,cAAA,EAAe,GAC9C,UAAQ,QAAa,CAAA;AACvB,EAAA,MAAM,EAAE,MAAA,EAAAA,OAAAA,EAAO,GAAI,UAAQ,QAAa,CAAA;AAExC,EAAA,MAAM,IAAA,GAAO,YAAY,WAAW,CAAA;AACpC,EAAA,MAAM,GAAA,GAAM,UAAA,CAAW,UAAA,EAAY,IAAA,EAAM,UAAA,EAAY;AAAA,IACnD,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,MAAA,EAAQ;AAAA,GACT,CAAA;AACD,EAAA,MAAM,EAAA,GAAK,YAAY,SAAS,CAAA;AAEhC,EAAA,MAAM,MAAA,GAAS,cAAA,CAAe,aAAA,EAAe,GAAA,EAAK,EAAE,CAAA;AACpD,EAAA,MAAM,SAAA,GAAYA,OAAAA,CAAO,MAAA,CAAO,CAAC,MAAA,CAAO,MAAA,CAAO,SAAA,EAAW,MAAM,CAAA,EAAG,MAAA,CAAO,KAAA,EAAO,CAAC,CAAA;AAClF,EAAA,MAAM,GAAA,GAAM,OAAO,UAAA,EAAW;AAE9B,EAAA,MAAM,OAAA,GAAUA,QAAO,MAAA,CAAO,CAAC,MAAM,EAAA,EAAI,SAAA,EAAW,GAAG,CAAC,CAAA;AACxD,EAAA,OAAO,MAAA,GAAS,OAAA,CAAQ,QAAA,CAAS,QAAQ,CAAA;AAC3C;AAGO,SAAS,aAAA,CAAc,WAAmB,UAAA,EAA4B;AAC3E,EAAA,IAAI,CAAC,WAAA,CAAY,SAAS,CAAA,EAAG;AAC3B,IAAA,MAAM,IAAI,MAAM,wDAAwD,CAAA;AAAA,EAC1E;AACA,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAI,MAAM,+BAA+B,CAAA;AAAA,EACjD;AAEA,EAAA,MAAM,EAAE,UAAA,EAAY,gBAAA,EAAiB,GAAI,UAAQ,QAAa,CAAA;AAC9D,EAAA,MAAM,EAAE,MAAA,EAAAA,OAAAA,EAAO,GAAI,UAAQ,QAAa,CAAA;AAExC,EAAA,MAAM,OAAA,GAAUA,QAAO,IAAA,CAAK,SAAA,CAAU,MAAM,MAAA,CAAO,MAAM,GAAG,QAAQ,CAAA;AACpE,EAAA,IAAI,OAAA,CAAQ,MAAA,GAAS,WAAA,GAAc,SAAA,GAAY,UAAA,EAAY;AACzD,IAAA,MAAM,IAAI,MAAM,iCAAiC,CAAA;AAAA,EACnD;AAEA,EAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,QAAA,CAAS,CAAA,EAAG,WAAW,CAAA;AAC5C,EAAA,MAAM,EAAA,GAAK,OAAA,CAAQ,QAAA,CAAS,WAAA,EAAa,cAAc,SAAS,CAAA;AAChE,EAAA,MAAM,GAAA,GAAM,OAAA,CAAQ,QAAA,CAAS,OAAA,CAAQ,SAAS,UAAU,CAAA;AACxD,EAAA,MAAM,aAAa,OAAA,CAAQ,QAAA,CAAS,cAAc,SAAA,EAAW,OAAA,CAAQ,SAAS,UAAU,CAAA;AAExF,EAAA,MAAM,GAAA,GAAM,UAAA,CAAW,UAAA,EAAY,IAAA,EAAM,UAAA,EAAY;AAAA,IACnD,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,MAAA,EAAQ;AAAA,GACT,CAAA;AAED,EAAA,MAAM,QAAA,GAAW,gBAAA,CAAiB,aAAA,EAAe,GAAA,EAAK,EAAE,CAAA;AACxD,EAAA,QAAA,CAAS,WAAW,GAAG,CAAA;AAEvB,EAAA,IAAI;AACF,IAAA,MAAM,SAAA,GAAYA,OAAAA,CAAO,MAAA,CAAO,CAAC,QAAA,CAAS,MAAA,CAAO,UAAU,CAAA,EAAG,QAAA,CAAS,KAAA,EAAO,CAAC,CAAA;AAC/E,IAAA,OAAO,SAAA,CAAU,SAAS,MAAM,CAAA;AAAA,EAClC,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,MAAM,wDAAwD,CAAA;AAAA,EAC1E;AACF;;;AC9EO,SAAS,WAAA,CAAY,MAAc,UAAA,EAAkC;AAC1E,EAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,IAAI,CAAA;AAE9B,EAAA,IAAI,CAAC,UAAU,OAAO,MAAA,KAAW,YAAY,KAAA,CAAM,OAAA,CAAQ,MAAM,CAAA,EAAG;AAClE,IAAA,MAAM,IAAI,MAAM,uCAAuC,CAAA;AAAA,EACzD;AACA,EAAA,IAAI,CAAC,OAAO,QAAA,EAAU,UAAA,IAAc,OAAO,MAAA,CAAO,QAAA,CAAS,eAAe,QAAA,EAAU;AAClF,IAAA,MAAM,IAAI,MAAM,4DAA4D,CAAA;AAAA,EAC9E;AACA,EAAA,IAAI,OAAO,OAAO,QAAA,CAAS,IAAA,KAAS,YAAY,CAAC,MAAA,CAAO,SAAS,IAAA,EAAM;AACrE,IAAA,MAAM,IAAI,MAAM,sDAAsD,CAAA;AAAA,EACxE;AACA,EAAA,IACE,CAAC,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,MAAM,CAAA,IAC5B,CAAC,MAAA,CAAO,MAAA,CAAO,MAAM,CAAC,CAAA,KAAe,OAAO,CAAA,KAAM,QAAQ,CAAA,EAC1D;AACA,IAAA,MAAM,IAAI,MAAM,qDAAqD,CAAA;AAAA,EACvE;AAEA,EAAA,IAAI,MAAA,CAAO,iBAAiB,MAAA,EAAW;AACrC,IAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,YAAY,CAAA,EAAG;AACvC,MAAA,MAAM,IAAI,MAAM,gDAAgD,CAAA;AAAA,IAClE;AACA,IAAA,KAAA,MAAW,GAAA,IAAO,OAAO,YAAA,EAAc;AACrC,MAAA,IACE,CAAC,GAAA,IACD,OAAO,GAAA,KAAQ,QAAA,IACf,OAAO,GAAA,CAAI,IAAA,KAAS,QAAA,IACpB,OAAO,IAAI,WAAA,KAAgB,QAAA,IAC3B,OAAO,GAAA,CAAI,UAAU,QAAA,EACrB;AACA,QAAA,MAAM,IAAI,KAAA;AAAA,UACR;AAAA,SACF;AAAA,MACF;AACA,MAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,GAAA,CAAI,IAAI,CAAA,IAAK,CAAC,GAAA,CAAI,IAAA,CAAK,MAAM,CAAC,CAAA,KAAe,OAAO,CAAA,KAAM,QAAQ,CAAA,EAAG;AACtF,QAAA,MAAM,IAAI,MAAM,oEAAoE,CAAA;AAAA,MACtF;AACA,MAAA,IAAI,CAAC,OAAO,SAAA,CAAU,GAAA,CAAI,KAAK,CAAA,IAAK,GAAA,CAAI,QAAQ,CAAA,EAAG;AACjD,QAAA,MAAM,IAAI,KAAA;AAAA,UACR;AAAA,SACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACA,EAAA,IAAI,MAAA,CAAO,aAAa,MAAA,EAAW;AACjC,IAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,QAAQ,CAAA,EAAG;AACnC,MAAA,MAAM,IAAI,MAAM,4CAA4C,CAAA;AAAA,IAC9D;AACA,IAAA,KAAA,MAAW,CAAA,IAAK,OAAO,QAAA,EAAU;AAC/B,MAAA,IACE,CAAC,CAAA,IACD,OAAO,CAAA,KAAM,QAAA,IACb,OAAO,CAAA,CAAE,KAAA,KAAU,QAAA,IACnB,OAAO,EAAE,OAAA,KAAY,QAAA,IACrB,OAAO,CAAA,CAAE,YAAY,QAAA,EACrB;AACA,QAAA,MAAM,IAAI,KAAA;AAAA,UACR;AAAA,SACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACA,EAAA,IAAI,MAAA,CAAO,WAAW,MAAA,EAAW;AAC/B,IAAA,IACE,CAAC,OAAO,MAAA,IACR,OAAO,OAAO,MAAA,KAAW,QAAA,IACzB,OAAO,MAAA,CAAO,MAAA,CAAO,UAAU,QAAA,IAC/B,OAAO,OAAO,MAAA,CAAO,OAAA,KAAY,YACjC,OAAO,MAAA,CAAO,MAAA,CAAO,UAAA,KAAe,QAAA,EACpC;AACA,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AACA,EAAA,IAAI,MAAA,CAAO,QAAQ,MAAA,EAAW;AAC5B,IAAA,IACE,CAAC,MAAA,CAAO,GAAA,IACR,OAAO,MAAA,CAAO,QAAQ,QAAA,IACtB,OAAO,MAAA,CAAO,GAAA,CAAI,aAAa,QAAA,IAC/B,OAAO,MAAA,CAAO,GAAA,CAAI,UAAU,QAAA,IAC5B,OAAO,MAAA,CAAO,GAAA,CAAI,YAAY,QAAA,IAC9B,OAAO,MAAA,CAAO,GAAA,CAAI,eAAe,QAAA,IACjC,CAAC,MAAA,CAAO,SAAA,CAAU,OAAO,GAAA,CAAI,UAAU,KACvC,MAAA,CAAO,GAAA,CAAI,cAAc,CAAA,EACzB;AACA,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,YAAsB,EAAC;AAC7B,IAAA,IAAI,OAAO,QAAA,EAAU,UAAA,IAAc,YAAY,MAAA,CAAO,QAAA,CAAS,UAAU,CAAA,EAAG;AAC1E,MAAA,SAAA,CAAU,KAAK,qBAAqB,CAAA;AAAA,IACtC;AACA,IAAA,IAAI,OAAO,MAAA,EAAQ,UAAA,IAAc,YAAY,MAAA,CAAO,MAAA,CAAO,UAAU,CAAA,EAAG;AACtE,MAAA,SAAA,CAAU,KAAK,mBAAmB,CAAA;AAAA,IACpC;AACA,IAAA,IAAI,OAAO,GAAA,EAAK,OAAA,IAAW,YAAY,MAAA,CAAO,GAAA,CAAI,OAAO,CAAA,EAAG;AAC1D,MAAA,SAAA,CAAU,KAAK,aAAa,CAAA;AAAA,IAC9B;AACA,IAAA,IAAI,SAAA,CAAU,SAAS,CAAA,EAAG;AACxB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,QAAA,EAAW,SAAA,CAAU,IAAA,CAAK,IAAI,CAAC,CAAA,0EAAA;AAAA,OACjC;AAAA,IACF;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,IAAI,OAAO,QAAA,EAAU,UAAA,IAAc,YAAY,MAAA,CAAO,QAAA,CAAS,UAAU,CAAA,EAAG;AAC1E,IAAA,MAAA,CAAO,SAAS,UAAA,GAAa,aAAA,CAAc,MAAA,CAAO,QAAA,CAAS,YAAY,UAAU,CAAA;AAAA,EACnF;AACA,EAAA,IAAI,OAAO,MAAA,EAAQ,UAAA,IAAc,YAAY,MAAA,CAAO,MAAA,CAAO,UAAU,CAAA,EAAG;AACtE,IAAA,MAAA,CAAO,OAAO,UAAA,GAAa,aAAA,CAAc,MAAA,CAAO,MAAA,CAAO,YAAY,UAAU,CAAA;AAAA,EAC/E;AACA,EAAA,IAAI,OAAO,GAAA,EAAK,OAAA,IAAW,YAAY,MAAA,CAAO,GAAA,CAAI,OAAO,CAAA,EAAG;AAC1D,IAAA,MAAA,CAAO,IAAI,OAAA,GAAU,aAAA,CAAc,MAAA,CAAO,GAAA,CAAI,SAAS,UAAU,CAAA;AAAA,EACnE;AAEA,EAAA,OAAO,MAAA;AACT","file":"node.cjs","sourcesContent":["/**\n * Secret encryption/decryption for agent config files.\n * Uses scrypt (KDF) + AES-256-GCM (cipher).\n * Format: \"encrypted:v1:\" + base64(salt[16] + iv[12] + ciphertext + tag[16])\n *\n * scrypt params: N=2^17, r=8, p=1 (~128 MB RAM per derivation).\n *\n * Node.js/Bun only - not available in browsers.\n * All Node.js APIs are lazy-imported to avoid polluting browser bundles.\n */\n\nconst PREFIX = 'encrypted:v1:';\nconst SALT_LENGTH = 16;\nconst IV_LENGTH = 12;\nconst TAG_LENGTH = 16;\nconst KEY_LENGTH = 32; // AES-256\n// v1: N=2^17 (OWASP minimum). v2 will use N=2^20 with format migration.\nconst SCRYPT_N = 2 ** 17;\nconst SCRYPT_R = 8;\nconst SCRYPT_P = 1;\nconst SCRYPT_MAXMEM = 128 * SCRYPT_N * SCRYPT_R * 2; // 2x the minimum required memory\n\n/** Check if a value is encrypted (has the encrypted:v1: prefix). */\nexport function isEncrypted(value: string): boolean {\n return value.startsWith(PREFIX);\n}\n\n/** Encrypt a plaintext secret with a passphrase. Returns \"encrypted:v1:base64...\". Node.js/Bun only. */\nexport function encryptSecret(plaintext: string, passphrase: string): string {\n if (!passphrase) {\n throw new Error('Passphrase must not be empty.');\n }\n const { scryptSync, randomBytes, createCipheriv } =\n require('node:crypto') as typeof import('node:crypto');\n const { Buffer } = require('node:buffer') as typeof import('node:buffer');\n\n const salt = randomBytes(SALT_LENGTH);\n const key = scryptSync(passphrase, salt, KEY_LENGTH, {\n N: SCRYPT_N,\n r: SCRYPT_R,\n p: SCRYPT_P,\n maxmem: SCRYPT_MAXMEM,\n });\n const iv = randomBytes(IV_LENGTH);\n\n const cipher = createCipheriv('aes-256-gcm', key, iv);\n const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);\n const tag = cipher.getAuthTag();\n\n const payload = Buffer.concat([salt, iv, encrypted, tag]);\n return PREFIX + payload.toString('base64');\n}\n\n/** Decrypt an encrypted secret with a passphrase. Throws on wrong passphrase or corrupted data. Node.js/Bun only. */\nexport function decryptSecret(encrypted: string, passphrase: string): string {\n if (!isEncrypted(encrypted)) {\n throw new Error('Value is not encrypted (missing encrypted:v1: prefix).');\n }\n if (!passphrase) {\n throw new Error('Passphrase must not be empty.');\n }\n\n const { scryptSync, createDecipheriv } = require('node:crypto') as typeof import('node:crypto');\n const { Buffer } = require('node:buffer') as typeof import('node:buffer');\n\n const payload = Buffer.from(encrypted.slice(PREFIX.length), 'base64');\n if (payload.length < SALT_LENGTH + IV_LENGTH + TAG_LENGTH) {\n throw new Error('Encrypted payload is too short.');\n }\n\n const salt = payload.subarray(0, SALT_LENGTH);\n const iv = payload.subarray(SALT_LENGTH, SALT_LENGTH + IV_LENGTH);\n const tag = payload.subarray(payload.length - TAG_LENGTH);\n const ciphertext = payload.subarray(SALT_LENGTH + IV_LENGTH, payload.length - TAG_LENGTH);\n\n const key = scryptSync(passphrase, salt, KEY_LENGTH, {\n N: SCRYPT_N,\n r: SCRYPT_R,\n p: SCRYPT_P,\n maxmem: SCRYPT_MAXMEM,\n });\n\n const decipher = createDecipheriv('aes-256-gcm', key, iv);\n decipher.setAuthTag(tag);\n\n try {\n const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);\n return decrypted.toString('utf8');\n } catch {\n throw new Error('Decryption failed. Wrong passphrase or corrupted data.');\n }\n}\n","/**\n * Node.js-only config parsing with secret decryption.\n * Exported from '@elisym/sdk/node'.\n */\n\nimport type { AgentConfig } from '../types';\nimport { isEncrypted, decryptSecret } from './encryption';\n\n/**\n * Parse a JSON string into an AgentConfig.\n * If passphrase is provided, decrypts all encrypted fields (requires Node.js/Bun).\n * If passphrase is not provided and encrypted fields exist, throws.\n */\nexport function parseConfig(json: string, passphrase?: string): AgentConfig {\n const config = JSON.parse(json) as AgentConfig;\n\n if (!config || typeof config !== 'object' || Array.isArray(config)) {\n throw new Error('Invalid config: expected JSON object.');\n }\n if (!config.identity?.secret_key || typeof config.identity.secret_key !== 'string') {\n throw new Error('Invalid config: missing or non-string identity.secret_key.');\n }\n if (typeof config.identity.name !== 'string' || !config.identity.name) {\n throw new Error('Invalid config: missing or non-string identity.name.');\n }\n if (\n !Array.isArray(config.relays) ||\n !config.relays.every((r: unknown) => typeof r === 'string')\n ) {\n throw new Error('Invalid config: relays must be an array of strings.');\n }\n\n if (config.capabilities !== undefined) {\n if (!Array.isArray(config.capabilities)) {\n throw new Error('Invalid config: capabilities must be an array.');\n }\n for (const cap of config.capabilities) {\n if (\n !cap ||\n typeof cap !== 'object' ||\n typeof cap.name !== 'string' ||\n typeof cap.description !== 'string' ||\n typeof cap.price !== 'number'\n ) {\n throw new Error(\n 'Invalid config: each capability must have name (string), description (string), and price (number).',\n );\n }\n if (!Array.isArray(cap.tags) || !cap.tags.every((t: unknown) => typeof t === 'string')) {\n throw new Error('Invalid config: each capability must have tags (array of strings).');\n }\n if (!Number.isInteger(cap.price) || cap.price < 0) {\n throw new Error(\n 'Invalid config: capability price must be a non-negative integer (lamports).',\n );\n }\n }\n }\n if (config.payments !== undefined) {\n if (!Array.isArray(config.payments)) {\n throw new Error('Invalid config: payments must be an array.');\n }\n for (const p of config.payments) {\n if (\n !p ||\n typeof p !== 'object' ||\n typeof p.chain !== 'string' ||\n typeof p.network !== 'string' ||\n typeof p.address !== 'string'\n ) {\n throw new Error(\n 'Invalid config: each payment entry must have chain, network, and address (all strings).',\n );\n }\n }\n }\n if (config.wallet !== undefined) {\n if (\n !config.wallet ||\n typeof config.wallet !== 'object' ||\n typeof config.wallet.chain !== 'string' ||\n typeof config.wallet.network !== 'string' ||\n typeof config.wallet.secret_key !== 'string'\n ) {\n throw new Error(\n 'Invalid config: wallet must have chain, network, and secret_key (all strings).',\n );\n }\n }\n if (config.llm !== undefined) {\n if (\n !config.llm ||\n typeof config.llm !== 'object' ||\n typeof config.llm.provider !== 'string' ||\n typeof config.llm.model !== 'string' ||\n typeof config.llm.api_key !== 'string' ||\n typeof config.llm.max_tokens !== 'number' ||\n !Number.isInteger(config.llm.max_tokens) ||\n config.llm.max_tokens <= 0\n ) {\n throw new Error(\n 'Invalid config: llm must have provider, model, api_key (strings) and max_tokens (positive integer).',\n );\n }\n }\n\n if (!passphrase) {\n const encrypted: string[] = [];\n if (config.identity?.secret_key && isEncrypted(config.identity.secret_key)) {\n encrypted.push('identity.secret_key');\n }\n if (config.wallet?.secret_key && isEncrypted(config.wallet.secret_key)) {\n encrypted.push('wallet.secret_key');\n }\n if (config.llm?.api_key && isEncrypted(config.llm.api_key)) {\n encrypted.push('llm.api_key');\n }\n if (encrypted.length > 0) {\n throw new Error(\n `Fields [${encrypted.join(', ')}] are encrypted but no passphrase provided. Set ELISYM_PASSPHRASE env var.`,\n );\n }\n return config;\n }\n\n if (config.identity?.secret_key && isEncrypted(config.identity.secret_key)) {\n config.identity.secret_key = decryptSecret(config.identity.secret_key, passphrase);\n }\n if (config.wallet?.secret_key && isEncrypted(config.wallet.secret_key)) {\n config.wallet.secret_key = decryptSecret(config.wallet.secret_key, passphrase);\n }\n if (config.llm?.api_key && isEncrypted(config.llm.api_key)) {\n config.llm.api_key = decryptSecret(config.llm.api_key, passphrase);\n }\n\n return config;\n}\n"]}
1
+ {"version":3,"sources":["../src/primitives/encryption.ts","../src/primitives/config-node.ts"],"names":["randomBytes","scryptSync","createCipheriv","Buffer","createDecipheriv"],"mappings":";;;;;;AAcA,IAAM,MAAA,GAAS,eAAA;AACf,IAAM,WAAA,GAAc,EAAA;AACpB,IAAM,SAAA,GAAY,EAAA;AAClB,IAAM,UAAA,GAAa,EAAA;AACnB,IAAM,UAAA,GAAa,EAAA;AAEnB,IAAM,WAAW,CAAA,IAAK,EAAA;AACtB,IAAM,QAAA,GAAW,CAAA;AACjB,IAAM,QAAA,GAAW,CAAA;AACjB,IAAM,aAAA,GAAgB,GAAA,GAAM,QAAA,GAAW,QAAA,GAAW,CAAA;AAG3C,SAAS,YAAY,KAAA,EAAwB;AAClD,EAAA,OAAO,KAAA,CAAM,WAAW,MAAM,CAAA;AAChC;AAGO,SAAS,aAAA,CAAc,WAAmB,UAAA,EAA4B;AAC3E,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAI,MAAM,+BAA+B,CAAA;AAAA,EACjD;AAEA,EAAA,MAAM,IAAA,GAAOA,mBAAY,WAAW,CAAA;AACpC,EAAA,MAAM,GAAA,GAAMC,iBAAA,CAAW,UAAA,EAAY,IAAA,EAAM,UAAA,EAAY;AAAA,IACnD,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,MAAA,EAAQ;AAAA,GACT,CAAA;AACD,EAAA,MAAM,EAAA,GAAKD,mBAAY,SAAS,CAAA;AAEhC,EAAA,MAAM,MAAA,GAASE,qBAAA,CAAe,aAAA,EAAe,GAAA,EAAK,EAAE,CAAA;AACpD,EAAA,MAAM,SAAA,GAAYC,aAAA,CAAO,MAAA,CAAO,CAAC,MAAA,CAAO,MAAA,CAAO,SAAA,EAAW,MAAM,CAAA,EAAG,MAAA,CAAO,KAAA,EAAO,CAAC,CAAA;AAClF,EAAA,MAAM,GAAA,GAAM,OAAO,UAAA,EAAW;AAE9B,EAAA,MAAM,OAAA,GAAUA,cAAO,MAAA,CAAO,CAAC,MAAM,EAAA,EAAI,SAAA,EAAW,GAAG,CAAC,CAAA;AACxD,EAAA,OAAO,MAAA,GAAS,OAAA,CAAQ,QAAA,CAAS,QAAQ,CAAA;AAC3C;AAGO,SAAS,aAAA,CAAc,WAAmB,UAAA,EAA4B;AAC3E,EAAA,IAAI,CAAC,WAAA,CAAY,SAAS,CAAA,EAAG;AAC3B,IAAA,MAAM,IAAI,MAAM,wDAAwD,CAAA;AAAA,EAC1E;AACA,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAI,MAAM,+BAA+B,CAAA;AAAA,EACjD;AAEA,EAAA,MAAM,OAAA,GAAUA,cAAO,IAAA,CAAK,SAAA,CAAU,MAAM,MAAA,CAAO,MAAM,GAAG,QAAQ,CAAA;AACpE,EAAA,IAAI,OAAA,CAAQ,MAAA,GAAS,WAAA,GAAc,SAAA,GAAY,UAAA,EAAY;AACzD,IAAA,MAAM,IAAI,MAAM,iCAAiC,CAAA;AAAA,EACnD;AAEA,EAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,QAAA,CAAS,CAAA,EAAG,WAAW,CAAA;AAC5C,EAAA,MAAM,EAAA,GAAK,OAAA,CAAQ,QAAA,CAAS,WAAA,EAAa,cAAc,SAAS,CAAA;AAChE,EAAA,MAAM,GAAA,GAAM,OAAA,CAAQ,QAAA,CAAS,OAAA,CAAQ,SAAS,UAAU,CAAA;AACxD,EAAA,MAAM,aAAa,OAAA,CAAQ,QAAA,CAAS,cAAc,SAAA,EAAW,OAAA,CAAQ,SAAS,UAAU,CAAA;AAExF,EAAA,MAAM,GAAA,GAAMF,iBAAA,CAAW,UAAA,EAAY,IAAA,EAAM,UAAA,EAAY;AAAA,IACnD,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,MAAA,EAAQ;AAAA,GACT,CAAA;AAED,EAAA,MAAM,QAAA,GAAWG,uBAAA,CAAiB,aAAA,EAAe,GAAA,EAAK,EAAE,CAAA;AACxD,EAAA,QAAA,CAAS,WAAW,GAAG,CAAA;AAEvB,EAAA,IAAI;AACF,IAAA,MAAM,SAAA,GAAYD,aAAA,CAAO,MAAA,CAAO,CAAC,QAAA,CAAS,MAAA,CAAO,UAAU,CAAA,EAAG,QAAA,CAAS,KAAA,EAAO,CAAC,CAAA;AAC/E,IAAA,OAAO,SAAA,CAAU,SAAS,MAAM,CAAA;AAAA,EAClC,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,MAAM,wDAAwD,CAAA;AAAA,EAC1E;AACF;;;AC3EO,SAAS,WAAA,CAAY,MAAc,UAAA,EAAkC;AAC1E,EAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,IAAI,CAAA;AAE9B,EAAA,IAAI,CAAC,UAAU,OAAO,MAAA,KAAW,YAAY,KAAA,CAAM,OAAA,CAAQ,MAAM,CAAA,EAAG;AAClE,IAAA,MAAM,IAAI,MAAM,uCAAuC,CAAA;AAAA,EACzD;AACA,EAAA,IAAI,CAAC,OAAO,QAAA,EAAU,UAAA,IAAc,OAAO,MAAA,CAAO,QAAA,CAAS,eAAe,QAAA,EAAU;AAClF,IAAA,MAAM,IAAI,MAAM,4DAA4D,CAAA;AAAA,EAC9E;AACA,EAAA,IAAI,OAAO,OAAO,QAAA,CAAS,IAAA,KAAS,YAAY,CAAC,MAAA,CAAO,SAAS,IAAA,EAAM;AACrE,IAAA,MAAM,IAAI,MAAM,sDAAsD,CAAA;AAAA,EACxE;AACA,EAAA,IACE,CAAC,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,MAAM,CAAA,IAC5B,CAAC,MAAA,CAAO,MAAA,CAAO,MAAM,CAAC,CAAA,KAAe,OAAO,CAAA,KAAM,QAAQ,CAAA,EAC1D;AACA,IAAA,MAAM,IAAI,MAAM,qDAAqD,CAAA;AAAA,EACvE;AAEA,EAAA,IAAI,MAAA,CAAO,iBAAiB,MAAA,EAAW;AACrC,IAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,YAAY,CAAA,EAAG;AACvC,MAAA,MAAM,IAAI,MAAM,gDAAgD,CAAA;AAAA,IAClE;AACA,IAAA,KAAA,MAAW,GAAA,IAAO,OAAO,YAAA,EAAc;AACrC,MAAA,IACE,CAAC,GAAA,IACD,OAAO,GAAA,KAAQ,QAAA,IACf,OAAO,GAAA,CAAI,IAAA,KAAS,QAAA,IACpB,OAAO,IAAI,WAAA,KAAgB,QAAA,IAC3B,OAAO,GAAA,CAAI,UAAU,QAAA,EACrB;AACA,QAAA,MAAM,IAAI,KAAA;AAAA,UACR;AAAA,SACF;AAAA,MACF;AACA,MAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,GAAA,CAAI,IAAI,CAAA,IAAK,CAAC,GAAA,CAAI,IAAA,CAAK,MAAM,CAAC,CAAA,KAAe,OAAO,CAAA,KAAM,QAAQ,CAAA,EAAG;AACtF,QAAA,MAAM,IAAI,MAAM,oEAAoE,CAAA;AAAA,MACtF;AACA,MAAA,IAAI,CAAC,OAAO,SAAA,CAAU,GAAA,CAAI,KAAK,CAAA,IAAK,GAAA,CAAI,QAAQ,CAAA,EAAG;AACjD,QAAA,MAAM,IAAI,KAAA;AAAA,UACR;AAAA,SACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACA,EAAA,IAAI,MAAA,CAAO,aAAa,MAAA,EAAW;AACjC,IAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,QAAQ,CAAA,EAAG;AACnC,MAAA,MAAM,IAAI,MAAM,4CAA4C,CAAA;AAAA,IAC9D;AACA,IAAA,KAAA,MAAW,CAAA,IAAK,OAAO,QAAA,EAAU;AAC/B,MAAA,IACE,CAAC,CAAA,IACD,OAAO,CAAA,KAAM,QAAA,IACb,OAAO,CAAA,CAAE,KAAA,KAAU,QAAA,IACnB,OAAO,EAAE,OAAA,KAAY,QAAA,IACrB,OAAO,CAAA,CAAE,YAAY,QAAA,EACrB;AACA,QAAA,MAAM,IAAI,KAAA;AAAA,UACR;AAAA,SACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACA,EAAA,IAAI,MAAA,CAAO,WAAW,MAAA,EAAW;AAC/B,IAAA,IACE,CAAC,OAAO,MAAA,IACR,OAAO,OAAO,MAAA,KAAW,QAAA,IACzB,OAAO,MAAA,CAAO,MAAA,CAAO,UAAU,QAAA,IAC/B,OAAO,OAAO,MAAA,CAAO,OAAA,KAAY,YACjC,OAAO,MAAA,CAAO,MAAA,CAAO,UAAA,KAAe,QAAA,EACpC;AACA,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AACA,EAAA,IAAI,MAAA,CAAO,QAAQ,MAAA,EAAW;AAC5B,IAAA,IACE,CAAC,MAAA,CAAO,GAAA,IACR,OAAO,MAAA,CAAO,QAAQ,QAAA,IACtB,OAAO,MAAA,CAAO,GAAA,CAAI,aAAa,QAAA,IAC/B,OAAO,MAAA,CAAO,GAAA,CAAI,UAAU,QAAA,IAC5B,OAAO,MAAA,CAAO,GAAA,CAAI,YAAY,QAAA,IAC9B,OAAO,MAAA,CAAO,GAAA,CAAI,eAAe,QAAA,IACjC,CAAC,MAAA,CAAO,SAAA,CAAU,OAAO,GAAA,CAAI,UAAU,KACvC,MAAA,CAAO,GAAA,CAAI,cAAc,CAAA,EACzB;AACA,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,YAAsB,EAAC;AAC7B,IAAA,IAAI,OAAO,QAAA,EAAU,UAAA,IAAc,YAAY,MAAA,CAAO,QAAA,CAAS,UAAU,CAAA,EAAG;AAC1E,MAAA,SAAA,CAAU,KAAK,qBAAqB,CAAA;AAAA,IACtC;AACA,IAAA,IAAI,OAAO,MAAA,EAAQ,UAAA,IAAc,YAAY,MAAA,CAAO,MAAA,CAAO,UAAU,CAAA,EAAG;AACtE,MAAA,SAAA,CAAU,KAAK,mBAAmB,CAAA;AAAA,IACpC;AACA,IAAA,IAAI,OAAO,GAAA,EAAK,OAAA,IAAW,YAAY,MAAA,CAAO,GAAA,CAAI,OAAO,CAAA,EAAG;AAC1D,MAAA,SAAA,CAAU,KAAK,aAAa,CAAA;AAAA,IAC9B;AACA,IAAA,IAAI,SAAA,CAAU,SAAS,CAAA,EAAG;AACxB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,QAAA,EAAW,SAAA,CAAU,IAAA,CAAK,IAAI,CAAC,CAAA,0EAAA;AAAA,OACjC;AAAA,IACF;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,IAAI,OAAO,QAAA,EAAU,UAAA,IAAc,YAAY,MAAA,CAAO,QAAA,CAAS,UAAU,CAAA,EAAG;AAC1E,IAAA,MAAA,CAAO,SAAS,UAAA,GAAa,aAAA,CAAc,MAAA,CAAO,QAAA,CAAS,YAAY,UAAU,CAAA;AAAA,EACnF;AACA,EAAA,IAAI,OAAO,MAAA,EAAQ,UAAA,IAAc,YAAY,MAAA,CAAO,MAAA,CAAO,UAAU,CAAA,EAAG;AACtE,IAAA,MAAA,CAAO,OAAO,UAAA,GAAa,aAAA,CAAc,MAAA,CAAO,MAAA,CAAO,YAAY,UAAU,CAAA;AAAA,EAC/E;AACA,EAAA,IAAI,OAAO,GAAA,EAAK,OAAA,IAAW,YAAY,MAAA,CAAO,GAAA,CAAI,OAAO,CAAA,EAAG;AAC1D,IAAA,MAAA,CAAO,IAAI,OAAA,GAAU,aAAA,CAAc,MAAA,CAAO,GAAA,CAAI,SAAS,UAAU,CAAA;AAAA,EACnE;AAEA,EAAA,OAAO,MAAA;AACT","file":"node.cjs","sourcesContent":["/**\n * Secret encryption/decryption for agent config files.\n * Uses scrypt (KDF) + AES-256-GCM (cipher).\n * Format: \"encrypted:v1:\" + base64(salt[16] + iv[12] + ciphertext + tag[16])\n *\n * scrypt params: N=2^17, r=8, p=1 (~128 MB RAM per derivation).\n *\n * Node.js/Bun only - not available in browsers. Reachable only via the\n * '@elisym/sdk/node' subpath, which browser bundlers will not resolve.\n */\n\nimport { Buffer } from 'node:buffer';\nimport { createCipheriv, createDecipheriv, randomBytes, scryptSync } from 'node:crypto';\n\nconst PREFIX = 'encrypted:v1:';\nconst SALT_LENGTH = 16;\nconst IV_LENGTH = 12;\nconst TAG_LENGTH = 16;\nconst KEY_LENGTH = 32; // AES-256\n// v1: N=2^17 (OWASP minimum). v2 will use N=2^20 with format migration.\nconst SCRYPT_N = 2 ** 17;\nconst SCRYPT_R = 8;\nconst SCRYPT_P = 1;\nconst SCRYPT_MAXMEM = 128 * SCRYPT_N * SCRYPT_R * 2; // 2x the minimum required memory\n\n/** Check if a value is encrypted (has the encrypted:v1: prefix). */\nexport function isEncrypted(value: string): boolean {\n return value.startsWith(PREFIX);\n}\n\n/** Encrypt a plaintext secret with a passphrase. Returns \"encrypted:v1:base64...\". Node.js/Bun only. */\nexport function encryptSecret(plaintext: string, passphrase: string): string {\n if (!passphrase) {\n throw new Error('Passphrase must not be empty.');\n }\n\n const salt = randomBytes(SALT_LENGTH);\n const key = scryptSync(passphrase, salt, KEY_LENGTH, {\n N: SCRYPT_N,\n r: SCRYPT_R,\n p: SCRYPT_P,\n maxmem: SCRYPT_MAXMEM,\n });\n const iv = randomBytes(IV_LENGTH);\n\n const cipher = createCipheriv('aes-256-gcm', key, iv);\n const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);\n const tag = cipher.getAuthTag();\n\n const payload = Buffer.concat([salt, iv, encrypted, tag]);\n return PREFIX + payload.toString('base64');\n}\n\n/** Decrypt an encrypted secret with a passphrase. Throws on wrong passphrase or corrupted data. Node.js/Bun only. */\nexport function decryptSecret(encrypted: string, passphrase: string): string {\n if (!isEncrypted(encrypted)) {\n throw new Error('Value is not encrypted (missing encrypted:v1: prefix).');\n }\n if (!passphrase) {\n throw new Error('Passphrase must not be empty.');\n }\n\n const payload = Buffer.from(encrypted.slice(PREFIX.length), 'base64');\n if (payload.length < SALT_LENGTH + IV_LENGTH + TAG_LENGTH) {\n throw new Error('Encrypted payload is too short.');\n }\n\n const salt = payload.subarray(0, SALT_LENGTH);\n const iv = payload.subarray(SALT_LENGTH, SALT_LENGTH + IV_LENGTH);\n const tag = payload.subarray(payload.length - TAG_LENGTH);\n const ciphertext = payload.subarray(SALT_LENGTH + IV_LENGTH, payload.length - TAG_LENGTH);\n\n const key = scryptSync(passphrase, salt, KEY_LENGTH, {\n N: SCRYPT_N,\n r: SCRYPT_R,\n p: SCRYPT_P,\n maxmem: SCRYPT_MAXMEM,\n });\n\n const decipher = createDecipheriv('aes-256-gcm', key, iv);\n decipher.setAuthTag(tag);\n\n try {\n const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);\n return decrypted.toString('utf8');\n } catch {\n throw new Error('Decryption failed. Wrong passphrase or corrupted data.');\n }\n}\n","/**\n * Node.js-only config parsing with secret decryption.\n * Exported from '@elisym/sdk/node'.\n */\n\nimport type { AgentConfig } from '../types';\nimport { isEncrypted, decryptSecret } from './encryption';\n\n/**\n * Parse a JSON string into an AgentConfig.\n * If passphrase is provided, decrypts all encrypted fields (requires Node.js/Bun).\n * If passphrase is not provided and encrypted fields exist, throws.\n */\nexport function parseConfig(json: string, passphrase?: string): AgentConfig {\n const config = JSON.parse(json) as AgentConfig;\n\n if (!config || typeof config !== 'object' || Array.isArray(config)) {\n throw new Error('Invalid config: expected JSON object.');\n }\n if (!config.identity?.secret_key || typeof config.identity.secret_key !== 'string') {\n throw new Error('Invalid config: missing or non-string identity.secret_key.');\n }\n if (typeof config.identity.name !== 'string' || !config.identity.name) {\n throw new Error('Invalid config: missing or non-string identity.name.');\n }\n if (\n !Array.isArray(config.relays) ||\n !config.relays.every((r: unknown) => typeof r === 'string')\n ) {\n throw new Error('Invalid config: relays must be an array of strings.');\n }\n\n if (config.capabilities !== undefined) {\n if (!Array.isArray(config.capabilities)) {\n throw new Error('Invalid config: capabilities must be an array.');\n }\n for (const cap of config.capabilities) {\n if (\n !cap ||\n typeof cap !== 'object' ||\n typeof cap.name !== 'string' ||\n typeof cap.description !== 'string' ||\n typeof cap.price !== 'number'\n ) {\n throw new Error(\n 'Invalid config: each capability must have name (string), description (string), and price (number).',\n );\n }\n if (!Array.isArray(cap.tags) || !cap.tags.every((t: unknown) => typeof t === 'string')) {\n throw new Error('Invalid config: each capability must have tags (array of strings).');\n }\n if (!Number.isInteger(cap.price) || cap.price < 0) {\n throw new Error(\n 'Invalid config: capability price must be a non-negative integer (lamports).',\n );\n }\n }\n }\n if (config.payments !== undefined) {\n if (!Array.isArray(config.payments)) {\n throw new Error('Invalid config: payments must be an array.');\n }\n for (const p of config.payments) {\n if (\n !p ||\n typeof p !== 'object' ||\n typeof p.chain !== 'string' ||\n typeof p.network !== 'string' ||\n typeof p.address !== 'string'\n ) {\n throw new Error(\n 'Invalid config: each payment entry must have chain, network, and address (all strings).',\n );\n }\n }\n }\n if (config.wallet !== undefined) {\n if (\n !config.wallet ||\n typeof config.wallet !== 'object' ||\n typeof config.wallet.chain !== 'string' ||\n typeof config.wallet.network !== 'string' ||\n typeof config.wallet.secret_key !== 'string'\n ) {\n throw new Error(\n 'Invalid config: wallet must have chain, network, and secret_key (all strings).',\n );\n }\n }\n if (config.llm !== undefined) {\n if (\n !config.llm ||\n typeof config.llm !== 'object' ||\n typeof config.llm.provider !== 'string' ||\n typeof config.llm.model !== 'string' ||\n typeof config.llm.api_key !== 'string' ||\n typeof config.llm.max_tokens !== 'number' ||\n !Number.isInteger(config.llm.max_tokens) ||\n config.llm.max_tokens <= 0\n ) {\n throw new Error(\n 'Invalid config: llm must have provider, model, api_key (strings) and max_tokens (positive integer).',\n );\n }\n }\n\n if (!passphrase) {\n const encrypted: string[] = [];\n if (config.identity?.secret_key && isEncrypted(config.identity.secret_key)) {\n encrypted.push('identity.secret_key');\n }\n if (config.wallet?.secret_key && isEncrypted(config.wallet.secret_key)) {\n encrypted.push('wallet.secret_key');\n }\n if (config.llm?.api_key && isEncrypted(config.llm.api_key)) {\n encrypted.push('llm.api_key');\n }\n if (encrypted.length > 0) {\n throw new Error(\n `Fields [${encrypted.join(', ')}] are encrypted but no passphrase provided. Set ELISYM_PASSPHRASE env var.`,\n );\n }\n return config;\n }\n\n if (config.identity?.secret_key && isEncrypted(config.identity.secret_key)) {\n config.identity.secret_key = decryptSecret(config.identity.secret_key, passphrase);\n }\n if (config.wallet?.secret_key && isEncrypted(config.wallet.secret_key)) {\n config.wallet.secret_key = decryptSecret(config.wallet.secret_key, passphrase);\n }\n if (config.llm?.api_key && isEncrypted(config.llm.api_key)) {\n config.llm.api_key = decryptSecret(config.llm.api_key, passphrase);\n }\n\n return config;\n}\n"]}
package/dist/node.d.cts CHANGED
@@ -7,8 +7,8 @@ import { g as AgentConfig } from './types-CII4k_8d.cjs';
7
7
  *
8
8
  * scrypt params: N=2^17, r=8, p=1 (~128 MB RAM per derivation).
9
9
  *
10
- * Node.js/Bun only - not available in browsers.
11
- * All Node.js APIs are lazy-imported to avoid polluting browser bundles.
10
+ * Node.js/Bun only - not available in browsers. Reachable only via the
11
+ * '@elisym/sdk/node' subpath, which browser bundlers will not resolve.
12
12
  */
13
13
  /** Check if a value is encrypted (has the encrypted:v1: prefix). */
14
14
  declare function isEncrypted(value: string): boolean;
package/dist/node.d.ts CHANGED
@@ -7,8 +7,8 @@ import { g as AgentConfig } from './types-CII4k_8d.js';
7
7
  *
8
8
  * scrypt params: N=2^17, r=8, p=1 (~128 MB RAM per derivation).
9
9
  *
10
- * Node.js/Bun only - not available in browsers.
11
- * All Node.js APIs are lazy-imported to avoid polluting browser bundles.
10
+ * Node.js/Bun only - not available in browsers. Reachable only via the
11
+ * '@elisym/sdk/node' subpath, which browser bundlers will not resolve.
12
12
  */
13
13
  /** Check if a value is encrypted (has the encrypted:v1: prefix). */
14
14
  declare function isEncrypted(value: string): boolean;
package/dist/node.js CHANGED
@@ -1,9 +1,5 @@
1
- var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
2
- get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
3
- }) : x)(function(x) {
4
- if (typeof require !== "undefined") return require.apply(this, arguments);
5
- throw Error('Dynamic require of "' + x + '" is not supported');
6
- });
1
+ import { Buffer } from 'node:buffer';
2
+ import { randomBytes, scryptSync, createCipheriv, createDecipheriv } from 'node:crypto';
7
3
 
8
4
  // src/primitives/encryption.ts
9
5
  var PREFIX = "encrypted:v1:";
@@ -22,8 +18,6 @@ function encryptSecret(plaintext, passphrase) {
22
18
  if (!passphrase) {
23
19
  throw new Error("Passphrase must not be empty.");
24
20
  }
25
- const { scryptSync, randomBytes, createCipheriv } = __require("node:crypto");
26
- const { Buffer: Buffer2 } = __require("node:buffer");
27
21
  const salt = randomBytes(SALT_LENGTH);
28
22
  const key = scryptSync(passphrase, salt, KEY_LENGTH, {
29
23
  N: SCRYPT_N,
@@ -33,9 +27,9 @@ function encryptSecret(plaintext, passphrase) {
33
27
  });
34
28
  const iv = randomBytes(IV_LENGTH);
35
29
  const cipher = createCipheriv("aes-256-gcm", key, iv);
36
- const encrypted = Buffer2.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
30
+ const encrypted = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
37
31
  const tag = cipher.getAuthTag();
38
- const payload = Buffer2.concat([salt, iv, encrypted, tag]);
32
+ const payload = Buffer.concat([salt, iv, encrypted, tag]);
39
33
  return PREFIX + payload.toString("base64");
40
34
  }
41
35
  function decryptSecret(encrypted, passphrase) {
@@ -45,9 +39,7 @@ function decryptSecret(encrypted, passphrase) {
45
39
  if (!passphrase) {
46
40
  throw new Error("Passphrase must not be empty.");
47
41
  }
48
- const { scryptSync, createDecipheriv } = __require("node:crypto");
49
- const { Buffer: Buffer2 } = __require("node:buffer");
50
- const payload = Buffer2.from(encrypted.slice(PREFIX.length), "base64");
42
+ const payload = Buffer.from(encrypted.slice(PREFIX.length), "base64");
51
43
  if (payload.length < SALT_LENGTH + IV_LENGTH + TAG_LENGTH) {
52
44
  throw new Error("Encrypted payload is too short.");
53
45
  }
@@ -64,7 +56,7 @@ function decryptSecret(encrypted, passphrase) {
64
56
  const decipher = createDecipheriv("aes-256-gcm", key, iv);
65
57
  decipher.setAuthTag(tag);
66
58
  try {
67
- const decrypted = Buffer2.concat([decipher.update(ciphertext), decipher.final()]);
59
+ const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
68
60
  return decrypted.toString("utf8");
69
61
  } catch {
70
62
  throw new Error("Decryption failed. Wrong passphrase or corrupted data.");
package/dist/node.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/primitives/encryption.ts","../src/primitives/config-node.ts"],"names":["Buffer"],"mappings":";;;;;;;;AAWA,IAAM,MAAA,GAAS,eAAA;AACf,IAAM,WAAA,GAAc,EAAA;AACpB,IAAM,SAAA,GAAY,EAAA;AAClB,IAAM,UAAA,GAAa,EAAA;AACnB,IAAM,UAAA,GAAa,EAAA;AAEnB,IAAM,WAAW,CAAA,IAAK,EAAA;AACtB,IAAM,QAAA,GAAW,CAAA;AACjB,IAAM,QAAA,GAAW,CAAA;AACjB,IAAM,aAAA,GAAgB,GAAA,GAAM,QAAA,GAAW,QAAA,GAAW,CAAA;AAG3C,SAAS,YAAY,KAAA,EAAwB;AAClD,EAAA,OAAO,KAAA,CAAM,WAAW,MAAM,CAAA;AAChC;AAGO,SAAS,aAAA,CAAc,WAAmB,UAAA,EAA4B;AAC3E,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAI,MAAM,+BAA+B,CAAA;AAAA,EACjD;AACA,EAAA,MAAM,EAAE,UAAA,EAAY,WAAA,EAAa,cAAA,EAAe,GAC9C,UAAQ,aAAa,CAAA;AACvB,EAAA,MAAM,EAAE,MAAA,EAAAA,OAAAA,EAAO,GAAI,UAAQ,aAAa,CAAA;AAExC,EAAA,MAAM,IAAA,GAAO,YAAY,WAAW,CAAA;AACpC,EAAA,MAAM,GAAA,GAAM,UAAA,CAAW,UAAA,EAAY,IAAA,EAAM,UAAA,EAAY;AAAA,IACnD,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,MAAA,EAAQ;AAAA,GACT,CAAA;AACD,EAAA,MAAM,EAAA,GAAK,YAAY,SAAS,CAAA;AAEhC,EAAA,MAAM,MAAA,GAAS,cAAA,CAAe,aAAA,EAAe,GAAA,EAAK,EAAE,CAAA;AACpD,EAAA,MAAM,SAAA,GAAYA,OAAAA,CAAO,MAAA,CAAO,CAAC,MAAA,CAAO,MAAA,CAAO,SAAA,EAAW,MAAM,CAAA,EAAG,MAAA,CAAO,KAAA,EAAO,CAAC,CAAA;AAClF,EAAA,MAAM,GAAA,GAAM,OAAO,UAAA,EAAW;AAE9B,EAAA,MAAM,OAAA,GAAUA,QAAO,MAAA,CAAO,CAAC,MAAM,EAAA,EAAI,SAAA,EAAW,GAAG,CAAC,CAAA;AACxD,EAAA,OAAO,MAAA,GAAS,OAAA,CAAQ,QAAA,CAAS,QAAQ,CAAA;AAC3C;AAGO,SAAS,aAAA,CAAc,WAAmB,UAAA,EAA4B;AAC3E,EAAA,IAAI,CAAC,WAAA,CAAY,SAAS,CAAA,EAAG;AAC3B,IAAA,MAAM,IAAI,MAAM,wDAAwD,CAAA;AAAA,EAC1E;AACA,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAI,MAAM,+BAA+B,CAAA;AAAA,EACjD;AAEA,EAAA,MAAM,EAAE,UAAA,EAAY,gBAAA,EAAiB,GAAI,UAAQ,aAAa,CAAA;AAC9D,EAAA,MAAM,EAAE,MAAA,EAAAA,OAAAA,EAAO,GAAI,UAAQ,aAAa,CAAA;AAExC,EAAA,MAAM,OAAA,GAAUA,QAAO,IAAA,CAAK,SAAA,CAAU,MAAM,MAAA,CAAO,MAAM,GAAG,QAAQ,CAAA;AACpE,EAAA,IAAI,OAAA,CAAQ,MAAA,GAAS,WAAA,GAAc,SAAA,GAAY,UAAA,EAAY;AACzD,IAAA,MAAM,IAAI,MAAM,iCAAiC,CAAA;AAAA,EACnD;AAEA,EAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,QAAA,CAAS,CAAA,EAAG,WAAW,CAAA;AAC5C,EAAA,MAAM,EAAA,GAAK,OAAA,CAAQ,QAAA,CAAS,WAAA,EAAa,cAAc,SAAS,CAAA;AAChE,EAAA,MAAM,GAAA,GAAM,OAAA,CAAQ,QAAA,CAAS,OAAA,CAAQ,SAAS,UAAU,CAAA;AACxD,EAAA,MAAM,aAAa,OAAA,CAAQ,QAAA,CAAS,cAAc,SAAA,EAAW,OAAA,CAAQ,SAAS,UAAU,CAAA;AAExF,EAAA,MAAM,GAAA,GAAM,UAAA,CAAW,UAAA,EAAY,IAAA,EAAM,UAAA,EAAY;AAAA,IACnD,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,MAAA,EAAQ;AAAA,GACT,CAAA;AAED,EAAA,MAAM,QAAA,GAAW,gBAAA,CAAiB,aAAA,EAAe,GAAA,EAAK,EAAE,CAAA;AACxD,EAAA,QAAA,CAAS,WAAW,GAAG,CAAA;AAEvB,EAAA,IAAI;AACF,IAAA,MAAM,SAAA,GAAYA,OAAAA,CAAO,MAAA,CAAO,CAAC,QAAA,CAAS,MAAA,CAAO,UAAU,CAAA,EAAG,QAAA,CAAS,KAAA,EAAO,CAAC,CAAA;AAC/E,IAAA,OAAO,SAAA,CAAU,SAAS,MAAM,CAAA;AAAA,EAClC,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,MAAM,wDAAwD,CAAA;AAAA,EAC1E;AACF;;;AC9EO,SAAS,WAAA,CAAY,MAAc,UAAA,EAAkC;AAC1E,EAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,IAAI,CAAA;AAE9B,EAAA,IAAI,CAAC,UAAU,OAAO,MAAA,KAAW,YAAY,KAAA,CAAM,OAAA,CAAQ,MAAM,CAAA,EAAG;AAClE,IAAA,MAAM,IAAI,MAAM,uCAAuC,CAAA;AAAA,EACzD;AACA,EAAA,IAAI,CAAC,OAAO,QAAA,EAAU,UAAA,IAAc,OAAO,MAAA,CAAO,QAAA,CAAS,eAAe,QAAA,EAAU;AAClF,IAAA,MAAM,IAAI,MAAM,4DAA4D,CAAA;AAAA,EAC9E;AACA,EAAA,IAAI,OAAO,OAAO,QAAA,CAAS,IAAA,KAAS,YAAY,CAAC,MAAA,CAAO,SAAS,IAAA,EAAM;AACrE,IAAA,MAAM,IAAI,MAAM,sDAAsD,CAAA;AAAA,EACxE;AACA,EAAA,IACE,CAAC,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,MAAM,CAAA,IAC5B,CAAC,MAAA,CAAO,MAAA,CAAO,MAAM,CAAC,CAAA,KAAe,OAAO,CAAA,KAAM,QAAQ,CAAA,EAC1D;AACA,IAAA,MAAM,IAAI,MAAM,qDAAqD,CAAA;AAAA,EACvE;AAEA,EAAA,IAAI,MAAA,CAAO,iBAAiB,MAAA,EAAW;AACrC,IAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,YAAY,CAAA,EAAG;AACvC,MAAA,MAAM,IAAI,MAAM,gDAAgD,CAAA;AAAA,IAClE;AACA,IAAA,KAAA,MAAW,GAAA,IAAO,OAAO,YAAA,EAAc;AACrC,MAAA,IACE,CAAC,GAAA,IACD,OAAO,GAAA,KAAQ,QAAA,IACf,OAAO,GAAA,CAAI,IAAA,KAAS,QAAA,IACpB,OAAO,IAAI,WAAA,KAAgB,QAAA,IAC3B,OAAO,GAAA,CAAI,UAAU,QAAA,EACrB;AACA,QAAA,MAAM,IAAI,KAAA;AAAA,UACR;AAAA,SACF;AAAA,MACF;AACA,MAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,GAAA,CAAI,IAAI,CAAA,IAAK,CAAC,GAAA,CAAI,IAAA,CAAK,MAAM,CAAC,CAAA,KAAe,OAAO,CAAA,KAAM,QAAQ,CAAA,EAAG;AACtF,QAAA,MAAM,IAAI,MAAM,oEAAoE,CAAA;AAAA,MACtF;AACA,MAAA,IAAI,CAAC,OAAO,SAAA,CAAU,GAAA,CAAI,KAAK,CAAA,IAAK,GAAA,CAAI,QAAQ,CAAA,EAAG;AACjD,QAAA,MAAM,IAAI,KAAA;AAAA,UACR;AAAA,SACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACA,EAAA,IAAI,MAAA,CAAO,aAAa,MAAA,EAAW;AACjC,IAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,QAAQ,CAAA,EAAG;AACnC,MAAA,MAAM,IAAI,MAAM,4CAA4C,CAAA;AAAA,IAC9D;AACA,IAAA,KAAA,MAAW,CAAA,IAAK,OAAO,QAAA,EAAU;AAC/B,MAAA,IACE,CAAC,CAAA,IACD,OAAO,CAAA,KAAM,QAAA,IACb,OAAO,CAAA,CAAE,KAAA,KAAU,QAAA,IACnB,OAAO,EAAE,OAAA,KAAY,QAAA,IACrB,OAAO,CAAA,CAAE,YAAY,QAAA,EACrB;AACA,QAAA,MAAM,IAAI,KAAA;AAAA,UACR;AAAA,SACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACA,EAAA,IAAI,MAAA,CAAO,WAAW,MAAA,EAAW;AAC/B,IAAA,IACE,CAAC,OAAO,MAAA,IACR,OAAO,OAAO,MAAA,KAAW,QAAA,IACzB,OAAO,MAAA,CAAO,MAAA,CAAO,UAAU,QAAA,IAC/B,OAAO,OAAO,MAAA,CAAO,OAAA,KAAY,YACjC,OAAO,MAAA,CAAO,MAAA,CAAO,UAAA,KAAe,QAAA,EACpC;AACA,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AACA,EAAA,IAAI,MAAA,CAAO,QAAQ,MAAA,EAAW;AAC5B,IAAA,IACE,CAAC,MAAA,CAAO,GAAA,IACR,OAAO,MAAA,CAAO,QAAQ,QAAA,IACtB,OAAO,MAAA,CAAO,GAAA,CAAI,aAAa,QAAA,IAC/B,OAAO,MAAA,CAAO,GAAA,CAAI,UAAU,QAAA,IAC5B,OAAO,MAAA,CAAO,GAAA,CAAI,YAAY,QAAA,IAC9B,OAAO,MAAA,CAAO,GAAA,CAAI,eAAe,QAAA,IACjC,CAAC,MAAA,CAAO,SAAA,CAAU,OAAO,GAAA,CAAI,UAAU,KACvC,MAAA,CAAO,GAAA,CAAI,cAAc,CAAA,EACzB;AACA,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,YAAsB,EAAC;AAC7B,IAAA,IAAI,OAAO,QAAA,EAAU,UAAA,IAAc,YAAY,MAAA,CAAO,QAAA,CAAS,UAAU,CAAA,EAAG;AAC1E,MAAA,SAAA,CAAU,KAAK,qBAAqB,CAAA;AAAA,IACtC;AACA,IAAA,IAAI,OAAO,MAAA,EAAQ,UAAA,IAAc,YAAY,MAAA,CAAO,MAAA,CAAO,UAAU,CAAA,EAAG;AACtE,MAAA,SAAA,CAAU,KAAK,mBAAmB,CAAA;AAAA,IACpC;AACA,IAAA,IAAI,OAAO,GAAA,EAAK,OAAA,IAAW,YAAY,MAAA,CAAO,GAAA,CAAI,OAAO,CAAA,EAAG;AAC1D,MAAA,SAAA,CAAU,KAAK,aAAa,CAAA;AAAA,IAC9B;AACA,IAAA,IAAI,SAAA,CAAU,SAAS,CAAA,EAAG;AACxB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,QAAA,EAAW,SAAA,CAAU,IAAA,CAAK,IAAI,CAAC,CAAA,0EAAA;AAAA,OACjC;AAAA,IACF;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,IAAI,OAAO,QAAA,EAAU,UAAA,IAAc,YAAY,MAAA,CAAO,QAAA,CAAS,UAAU,CAAA,EAAG;AAC1E,IAAA,MAAA,CAAO,SAAS,UAAA,GAAa,aAAA,CAAc,MAAA,CAAO,QAAA,CAAS,YAAY,UAAU,CAAA;AAAA,EACnF;AACA,EAAA,IAAI,OAAO,MAAA,EAAQ,UAAA,IAAc,YAAY,MAAA,CAAO,MAAA,CAAO,UAAU,CAAA,EAAG;AACtE,IAAA,MAAA,CAAO,OAAO,UAAA,GAAa,aAAA,CAAc,MAAA,CAAO,MAAA,CAAO,YAAY,UAAU,CAAA;AAAA,EAC/E;AACA,EAAA,IAAI,OAAO,GAAA,EAAK,OAAA,IAAW,YAAY,MAAA,CAAO,GAAA,CAAI,OAAO,CAAA,EAAG;AAC1D,IAAA,MAAA,CAAO,IAAI,OAAA,GAAU,aAAA,CAAc,MAAA,CAAO,GAAA,CAAI,SAAS,UAAU,CAAA;AAAA,EACnE;AAEA,EAAA,OAAO,MAAA;AACT","file":"node.js","sourcesContent":["/**\n * Secret encryption/decryption for agent config files.\n * Uses scrypt (KDF) + AES-256-GCM (cipher).\n * Format: \"encrypted:v1:\" + base64(salt[16] + iv[12] + ciphertext + tag[16])\n *\n * scrypt params: N=2^17, r=8, p=1 (~128 MB RAM per derivation).\n *\n * Node.js/Bun only - not available in browsers.\n * All Node.js APIs are lazy-imported to avoid polluting browser bundles.\n */\n\nconst PREFIX = 'encrypted:v1:';\nconst SALT_LENGTH = 16;\nconst IV_LENGTH = 12;\nconst TAG_LENGTH = 16;\nconst KEY_LENGTH = 32; // AES-256\n// v1: N=2^17 (OWASP minimum). v2 will use N=2^20 with format migration.\nconst SCRYPT_N = 2 ** 17;\nconst SCRYPT_R = 8;\nconst SCRYPT_P = 1;\nconst SCRYPT_MAXMEM = 128 * SCRYPT_N * SCRYPT_R * 2; // 2x the minimum required memory\n\n/** Check if a value is encrypted (has the encrypted:v1: prefix). */\nexport function isEncrypted(value: string): boolean {\n return value.startsWith(PREFIX);\n}\n\n/** Encrypt a plaintext secret with a passphrase. Returns \"encrypted:v1:base64...\". Node.js/Bun only. */\nexport function encryptSecret(plaintext: string, passphrase: string): string {\n if (!passphrase) {\n throw new Error('Passphrase must not be empty.');\n }\n const { scryptSync, randomBytes, createCipheriv } =\n require('node:crypto') as typeof import('node:crypto');\n const { Buffer } = require('node:buffer') as typeof import('node:buffer');\n\n const salt = randomBytes(SALT_LENGTH);\n const key = scryptSync(passphrase, salt, KEY_LENGTH, {\n N: SCRYPT_N,\n r: SCRYPT_R,\n p: SCRYPT_P,\n maxmem: SCRYPT_MAXMEM,\n });\n const iv = randomBytes(IV_LENGTH);\n\n const cipher = createCipheriv('aes-256-gcm', key, iv);\n const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);\n const tag = cipher.getAuthTag();\n\n const payload = Buffer.concat([salt, iv, encrypted, tag]);\n return PREFIX + payload.toString('base64');\n}\n\n/** Decrypt an encrypted secret with a passphrase. Throws on wrong passphrase or corrupted data. Node.js/Bun only. */\nexport function decryptSecret(encrypted: string, passphrase: string): string {\n if (!isEncrypted(encrypted)) {\n throw new Error('Value is not encrypted (missing encrypted:v1: prefix).');\n }\n if (!passphrase) {\n throw new Error('Passphrase must not be empty.');\n }\n\n const { scryptSync, createDecipheriv } = require('node:crypto') as typeof import('node:crypto');\n const { Buffer } = require('node:buffer') as typeof import('node:buffer');\n\n const payload = Buffer.from(encrypted.slice(PREFIX.length), 'base64');\n if (payload.length < SALT_LENGTH + IV_LENGTH + TAG_LENGTH) {\n throw new Error('Encrypted payload is too short.');\n }\n\n const salt = payload.subarray(0, SALT_LENGTH);\n const iv = payload.subarray(SALT_LENGTH, SALT_LENGTH + IV_LENGTH);\n const tag = payload.subarray(payload.length - TAG_LENGTH);\n const ciphertext = payload.subarray(SALT_LENGTH + IV_LENGTH, payload.length - TAG_LENGTH);\n\n const key = scryptSync(passphrase, salt, KEY_LENGTH, {\n N: SCRYPT_N,\n r: SCRYPT_R,\n p: SCRYPT_P,\n maxmem: SCRYPT_MAXMEM,\n });\n\n const decipher = createDecipheriv('aes-256-gcm', key, iv);\n decipher.setAuthTag(tag);\n\n try {\n const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);\n return decrypted.toString('utf8');\n } catch {\n throw new Error('Decryption failed. Wrong passphrase or corrupted data.');\n }\n}\n","/**\n * Node.js-only config parsing with secret decryption.\n * Exported from '@elisym/sdk/node'.\n */\n\nimport type { AgentConfig } from '../types';\nimport { isEncrypted, decryptSecret } from './encryption';\n\n/**\n * Parse a JSON string into an AgentConfig.\n * If passphrase is provided, decrypts all encrypted fields (requires Node.js/Bun).\n * If passphrase is not provided and encrypted fields exist, throws.\n */\nexport function parseConfig(json: string, passphrase?: string): AgentConfig {\n const config = JSON.parse(json) as AgentConfig;\n\n if (!config || typeof config !== 'object' || Array.isArray(config)) {\n throw new Error('Invalid config: expected JSON object.');\n }\n if (!config.identity?.secret_key || typeof config.identity.secret_key !== 'string') {\n throw new Error('Invalid config: missing or non-string identity.secret_key.');\n }\n if (typeof config.identity.name !== 'string' || !config.identity.name) {\n throw new Error('Invalid config: missing or non-string identity.name.');\n }\n if (\n !Array.isArray(config.relays) ||\n !config.relays.every((r: unknown) => typeof r === 'string')\n ) {\n throw new Error('Invalid config: relays must be an array of strings.');\n }\n\n if (config.capabilities !== undefined) {\n if (!Array.isArray(config.capabilities)) {\n throw new Error('Invalid config: capabilities must be an array.');\n }\n for (const cap of config.capabilities) {\n if (\n !cap ||\n typeof cap !== 'object' ||\n typeof cap.name !== 'string' ||\n typeof cap.description !== 'string' ||\n typeof cap.price !== 'number'\n ) {\n throw new Error(\n 'Invalid config: each capability must have name (string), description (string), and price (number).',\n );\n }\n if (!Array.isArray(cap.tags) || !cap.tags.every((t: unknown) => typeof t === 'string')) {\n throw new Error('Invalid config: each capability must have tags (array of strings).');\n }\n if (!Number.isInteger(cap.price) || cap.price < 0) {\n throw new Error(\n 'Invalid config: capability price must be a non-negative integer (lamports).',\n );\n }\n }\n }\n if (config.payments !== undefined) {\n if (!Array.isArray(config.payments)) {\n throw new Error('Invalid config: payments must be an array.');\n }\n for (const p of config.payments) {\n if (\n !p ||\n typeof p !== 'object' ||\n typeof p.chain !== 'string' ||\n typeof p.network !== 'string' ||\n typeof p.address !== 'string'\n ) {\n throw new Error(\n 'Invalid config: each payment entry must have chain, network, and address (all strings).',\n );\n }\n }\n }\n if (config.wallet !== undefined) {\n if (\n !config.wallet ||\n typeof config.wallet !== 'object' ||\n typeof config.wallet.chain !== 'string' ||\n typeof config.wallet.network !== 'string' ||\n typeof config.wallet.secret_key !== 'string'\n ) {\n throw new Error(\n 'Invalid config: wallet must have chain, network, and secret_key (all strings).',\n );\n }\n }\n if (config.llm !== undefined) {\n if (\n !config.llm ||\n typeof config.llm !== 'object' ||\n typeof config.llm.provider !== 'string' ||\n typeof config.llm.model !== 'string' ||\n typeof config.llm.api_key !== 'string' ||\n typeof config.llm.max_tokens !== 'number' ||\n !Number.isInteger(config.llm.max_tokens) ||\n config.llm.max_tokens <= 0\n ) {\n throw new Error(\n 'Invalid config: llm must have provider, model, api_key (strings) and max_tokens (positive integer).',\n );\n }\n }\n\n if (!passphrase) {\n const encrypted: string[] = [];\n if (config.identity?.secret_key && isEncrypted(config.identity.secret_key)) {\n encrypted.push('identity.secret_key');\n }\n if (config.wallet?.secret_key && isEncrypted(config.wallet.secret_key)) {\n encrypted.push('wallet.secret_key');\n }\n if (config.llm?.api_key && isEncrypted(config.llm.api_key)) {\n encrypted.push('llm.api_key');\n }\n if (encrypted.length > 0) {\n throw new Error(\n `Fields [${encrypted.join(', ')}] are encrypted but no passphrase provided. Set ELISYM_PASSPHRASE env var.`,\n );\n }\n return config;\n }\n\n if (config.identity?.secret_key && isEncrypted(config.identity.secret_key)) {\n config.identity.secret_key = decryptSecret(config.identity.secret_key, passphrase);\n }\n if (config.wallet?.secret_key && isEncrypted(config.wallet.secret_key)) {\n config.wallet.secret_key = decryptSecret(config.wallet.secret_key, passphrase);\n }\n if (config.llm?.api_key && isEncrypted(config.llm.api_key)) {\n config.llm.api_key = decryptSecret(config.llm.api_key, passphrase);\n }\n\n return config;\n}\n"]}
1
+ {"version":3,"sources":["../src/primitives/encryption.ts","../src/primitives/config-node.ts"],"names":[],"mappings":";;;;AAcA,IAAM,MAAA,GAAS,eAAA;AACf,IAAM,WAAA,GAAc,EAAA;AACpB,IAAM,SAAA,GAAY,EAAA;AAClB,IAAM,UAAA,GAAa,EAAA;AACnB,IAAM,UAAA,GAAa,EAAA;AAEnB,IAAM,WAAW,CAAA,IAAK,EAAA;AACtB,IAAM,QAAA,GAAW,CAAA;AACjB,IAAM,QAAA,GAAW,CAAA;AACjB,IAAM,aAAA,GAAgB,GAAA,GAAM,QAAA,GAAW,QAAA,GAAW,CAAA;AAG3C,SAAS,YAAY,KAAA,EAAwB;AAClD,EAAA,OAAO,KAAA,CAAM,WAAW,MAAM,CAAA;AAChC;AAGO,SAAS,aAAA,CAAc,WAAmB,UAAA,EAA4B;AAC3E,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAI,MAAM,+BAA+B,CAAA;AAAA,EACjD;AAEA,EAAA,MAAM,IAAA,GAAO,YAAY,WAAW,CAAA;AACpC,EAAA,MAAM,GAAA,GAAM,UAAA,CAAW,UAAA,EAAY,IAAA,EAAM,UAAA,EAAY;AAAA,IACnD,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,MAAA,EAAQ;AAAA,GACT,CAAA;AACD,EAAA,MAAM,EAAA,GAAK,YAAY,SAAS,CAAA;AAEhC,EAAA,MAAM,MAAA,GAAS,cAAA,CAAe,aAAA,EAAe,GAAA,EAAK,EAAE,CAAA;AACpD,EAAA,MAAM,SAAA,GAAY,MAAA,CAAO,MAAA,CAAO,CAAC,MAAA,CAAO,MAAA,CAAO,SAAA,EAAW,MAAM,CAAA,EAAG,MAAA,CAAO,KAAA,EAAO,CAAC,CAAA;AAClF,EAAA,MAAM,GAAA,GAAM,OAAO,UAAA,EAAW;AAE9B,EAAA,MAAM,OAAA,GAAU,OAAO,MAAA,CAAO,CAAC,MAAM,EAAA,EAAI,SAAA,EAAW,GAAG,CAAC,CAAA;AACxD,EAAA,OAAO,MAAA,GAAS,OAAA,CAAQ,QAAA,CAAS,QAAQ,CAAA;AAC3C;AAGO,SAAS,aAAA,CAAc,WAAmB,UAAA,EAA4B;AAC3E,EAAA,IAAI,CAAC,WAAA,CAAY,SAAS,CAAA,EAAG;AAC3B,IAAA,MAAM,IAAI,MAAM,wDAAwD,CAAA;AAAA,EAC1E;AACA,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAI,MAAM,+BAA+B,CAAA;AAAA,EACjD;AAEA,EAAA,MAAM,OAAA,GAAU,OAAO,IAAA,CAAK,SAAA,CAAU,MAAM,MAAA,CAAO,MAAM,GAAG,QAAQ,CAAA;AACpE,EAAA,IAAI,OAAA,CAAQ,MAAA,GAAS,WAAA,GAAc,SAAA,GAAY,UAAA,EAAY;AACzD,IAAA,MAAM,IAAI,MAAM,iCAAiC,CAAA;AAAA,EACnD;AAEA,EAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,QAAA,CAAS,CAAA,EAAG,WAAW,CAAA;AAC5C,EAAA,MAAM,EAAA,GAAK,OAAA,CAAQ,QAAA,CAAS,WAAA,EAAa,cAAc,SAAS,CAAA;AAChE,EAAA,MAAM,GAAA,GAAM,OAAA,CAAQ,QAAA,CAAS,OAAA,CAAQ,SAAS,UAAU,CAAA;AACxD,EAAA,MAAM,aAAa,OAAA,CAAQ,QAAA,CAAS,cAAc,SAAA,EAAW,OAAA,CAAQ,SAAS,UAAU,CAAA;AAExF,EAAA,MAAM,GAAA,GAAM,UAAA,CAAW,UAAA,EAAY,IAAA,EAAM,UAAA,EAAY;AAAA,IACnD,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,MAAA,EAAQ;AAAA,GACT,CAAA;AAED,EAAA,MAAM,QAAA,GAAW,gBAAA,CAAiB,aAAA,EAAe,GAAA,EAAK,EAAE,CAAA;AACxD,EAAA,QAAA,CAAS,WAAW,GAAG,CAAA;AAEvB,EAAA,IAAI;AACF,IAAA,MAAM,SAAA,GAAY,MAAA,CAAO,MAAA,CAAO,CAAC,QAAA,CAAS,MAAA,CAAO,UAAU,CAAA,EAAG,QAAA,CAAS,KAAA,EAAO,CAAC,CAAA;AAC/E,IAAA,OAAO,SAAA,CAAU,SAAS,MAAM,CAAA;AAAA,EAClC,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,MAAM,wDAAwD,CAAA;AAAA,EAC1E;AACF;;;AC3EO,SAAS,WAAA,CAAY,MAAc,UAAA,EAAkC;AAC1E,EAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,IAAI,CAAA;AAE9B,EAAA,IAAI,CAAC,UAAU,OAAO,MAAA,KAAW,YAAY,KAAA,CAAM,OAAA,CAAQ,MAAM,CAAA,EAAG;AAClE,IAAA,MAAM,IAAI,MAAM,uCAAuC,CAAA;AAAA,EACzD;AACA,EAAA,IAAI,CAAC,OAAO,QAAA,EAAU,UAAA,IAAc,OAAO,MAAA,CAAO,QAAA,CAAS,eAAe,QAAA,EAAU;AAClF,IAAA,MAAM,IAAI,MAAM,4DAA4D,CAAA;AAAA,EAC9E;AACA,EAAA,IAAI,OAAO,OAAO,QAAA,CAAS,IAAA,KAAS,YAAY,CAAC,MAAA,CAAO,SAAS,IAAA,EAAM;AACrE,IAAA,MAAM,IAAI,MAAM,sDAAsD,CAAA;AAAA,EACxE;AACA,EAAA,IACE,CAAC,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,MAAM,CAAA,IAC5B,CAAC,MAAA,CAAO,MAAA,CAAO,MAAM,CAAC,CAAA,KAAe,OAAO,CAAA,KAAM,QAAQ,CAAA,EAC1D;AACA,IAAA,MAAM,IAAI,MAAM,qDAAqD,CAAA;AAAA,EACvE;AAEA,EAAA,IAAI,MAAA,CAAO,iBAAiB,MAAA,EAAW;AACrC,IAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,YAAY,CAAA,EAAG;AACvC,MAAA,MAAM,IAAI,MAAM,gDAAgD,CAAA;AAAA,IAClE;AACA,IAAA,KAAA,MAAW,GAAA,IAAO,OAAO,YAAA,EAAc;AACrC,MAAA,IACE,CAAC,GAAA,IACD,OAAO,GAAA,KAAQ,QAAA,IACf,OAAO,GAAA,CAAI,IAAA,KAAS,QAAA,IACpB,OAAO,IAAI,WAAA,KAAgB,QAAA,IAC3B,OAAO,GAAA,CAAI,UAAU,QAAA,EACrB;AACA,QAAA,MAAM,IAAI,KAAA;AAAA,UACR;AAAA,SACF;AAAA,MACF;AACA,MAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,GAAA,CAAI,IAAI,CAAA,IAAK,CAAC,GAAA,CAAI,IAAA,CAAK,MAAM,CAAC,CAAA,KAAe,OAAO,CAAA,KAAM,QAAQ,CAAA,EAAG;AACtF,QAAA,MAAM,IAAI,MAAM,oEAAoE,CAAA;AAAA,MACtF;AACA,MAAA,IAAI,CAAC,OAAO,SAAA,CAAU,GAAA,CAAI,KAAK,CAAA,IAAK,GAAA,CAAI,QAAQ,CAAA,EAAG;AACjD,QAAA,MAAM,IAAI,KAAA;AAAA,UACR;AAAA,SACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACA,EAAA,IAAI,MAAA,CAAO,aAAa,MAAA,EAAW;AACjC,IAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,QAAQ,CAAA,EAAG;AACnC,MAAA,MAAM,IAAI,MAAM,4CAA4C,CAAA;AAAA,IAC9D;AACA,IAAA,KAAA,MAAW,CAAA,IAAK,OAAO,QAAA,EAAU;AAC/B,MAAA,IACE,CAAC,CAAA,IACD,OAAO,CAAA,KAAM,QAAA,IACb,OAAO,CAAA,CAAE,KAAA,KAAU,QAAA,IACnB,OAAO,EAAE,OAAA,KAAY,QAAA,IACrB,OAAO,CAAA,CAAE,YAAY,QAAA,EACrB;AACA,QAAA,MAAM,IAAI,KAAA;AAAA,UACR;AAAA,SACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACA,EAAA,IAAI,MAAA,CAAO,WAAW,MAAA,EAAW;AAC/B,IAAA,IACE,CAAC,OAAO,MAAA,IACR,OAAO,OAAO,MAAA,KAAW,QAAA,IACzB,OAAO,MAAA,CAAO,MAAA,CAAO,UAAU,QAAA,IAC/B,OAAO,OAAO,MAAA,CAAO,OAAA,KAAY,YACjC,OAAO,MAAA,CAAO,MAAA,CAAO,UAAA,KAAe,QAAA,EACpC;AACA,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AACA,EAAA,IAAI,MAAA,CAAO,QAAQ,MAAA,EAAW;AAC5B,IAAA,IACE,CAAC,MAAA,CAAO,GAAA,IACR,OAAO,MAAA,CAAO,QAAQ,QAAA,IACtB,OAAO,MAAA,CAAO,GAAA,CAAI,aAAa,QAAA,IAC/B,OAAO,MAAA,CAAO,GAAA,CAAI,UAAU,QAAA,IAC5B,OAAO,MAAA,CAAO,GAAA,CAAI,YAAY,QAAA,IAC9B,OAAO,MAAA,CAAO,GAAA,CAAI,eAAe,QAAA,IACjC,CAAC,MAAA,CAAO,SAAA,CAAU,OAAO,GAAA,CAAI,UAAU,KACvC,MAAA,CAAO,GAAA,CAAI,cAAc,CAAA,EACzB;AACA,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,YAAsB,EAAC;AAC7B,IAAA,IAAI,OAAO,QAAA,EAAU,UAAA,IAAc,YAAY,MAAA,CAAO,QAAA,CAAS,UAAU,CAAA,EAAG;AAC1E,MAAA,SAAA,CAAU,KAAK,qBAAqB,CAAA;AAAA,IACtC;AACA,IAAA,IAAI,OAAO,MAAA,EAAQ,UAAA,IAAc,YAAY,MAAA,CAAO,MAAA,CAAO,UAAU,CAAA,EAAG;AACtE,MAAA,SAAA,CAAU,KAAK,mBAAmB,CAAA;AAAA,IACpC;AACA,IAAA,IAAI,OAAO,GAAA,EAAK,OAAA,IAAW,YAAY,MAAA,CAAO,GAAA,CAAI,OAAO,CAAA,EAAG;AAC1D,MAAA,SAAA,CAAU,KAAK,aAAa,CAAA;AAAA,IAC9B;AACA,IAAA,IAAI,SAAA,CAAU,SAAS,CAAA,EAAG;AACxB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,QAAA,EAAW,SAAA,CAAU,IAAA,CAAK,IAAI,CAAC,CAAA,0EAAA;AAAA,OACjC;AAAA,IACF;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,IAAI,OAAO,QAAA,EAAU,UAAA,IAAc,YAAY,MAAA,CAAO,QAAA,CAAS,UAAU,CAAA,EAAG;AAC1E,IAAA,MAAA,CAAO,SAAS,UAAA,GAAa,aAAA,CAAc,MAAA,CAAO,QAAA,CAAS,YAAY,UAAU,CAAA;AAAA,EACnF;AACA,EAAA,IAAI,OAAO,MAAA,EAAQ,UAAA,IAAc,YAAY,MAAA,CAAO,MAAA,CAAO,UAAU,CAAA,EAAG;AACtE,IAAA,MAAA,CAAO,OAAO,UAAA,GAAa,aAAA,CAAc,MAAA,CAAO,MAAA,CAAO,YAAY,UAAU,CAAA;AAAA,EAC/E;AACA,EAAA,IAAI,OAAO,GAAA,EAAK,OAAA,IAAW,YAAY,MAAA,CAAO,GAAA,CAAI,OAAO,CAAA,EAAG;AAC1D,IAAA,MAAA,CAAO,IAAI,OAAA,GAAU,aAAA,CAAc,MAAA,CAAO,GAAA,CAAI,SAAS,UAAU,CAAA;AAAA,EACnE;AAEA,EAAA,OAAO,MAAA;AACT","file":"node.js","sourcesContent":["/**\n * Secret encryption/decryption for agent config files.\n * Uses scrypt (KDF) + AES-256-GCM (cipher).\n * Format: \"encrypted:v1:\" + base64(salt[16] + iv[12] + ciphertext + tag[16])\n *\n * scrypt params: N=2^17, r=8, p=1 (~128 MB RAM per derivation).\n *\n * Node.js/Bun only - not available in browsers. Reachable only via the\n * '@elisym/sdk/node' subpath, which browser bundlers will not resolve.\n */\n\nimport { Buffer } from 'node:buffer';\nimport { createCipheriv, createDecipheriv, randomBytes, scryptSync } from 'node:crypto';\n\nconst PREFIX = 'encrypted:v1:';\nconst SALT_LENGTH = 16;\nconst IV_LENGTH = 12;\nconst TAG_LENGTH = 16;\nconst KEY_LENGTH = 32; // AES-256\n// v1: N=2^17 (OWASP minimum). v2 will use N=2^20 with format migration.\nconst SCRYPT_N = 2 ** 17;\nconst SCRYPT_R = 8;\nconst SCRYPT_P = 1;\nconst SCRYPT_MAXMEM = 128 * SCRYPT_N * SCRYPT_R * 2; // 2x the minimum required memory\n\n/** Check if a value is encrypted (has the encrypted:v1: prefix). */\nexport function isEncrypted(value: string): boolean {\n return value.startsWith(PREFIX);\n}\n\n/** Encrypt a plaintext secret with a passphrase. Returns \"encrypted:v1:base64...\". Node.js/Bun only. */\nexport function encryptSecret(plaintext: string, passphrase: string): string {\n if (!passphrase) {\n throw new Error('Passphrase must not be empty.');\n }\n\n const salt = randomBytes(SALT_LENGTH);\n const key = scryptSync(passphrase, salt, KEY_LENGTH, {\n N: SCRYPT_N,\n r: SCRYPT_R,\n p: SCRYPT_P,\n maxmem: SCRYPT_MAXMEM,\n });\n const iv = randomBytes(IV_LENGTH);\n\n const cipher = createCipheriv('aes-256-gcm', key, iv);\n const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);\n const tag = cipher.getAuthTag();\n\n const payload = Buffer.concat([salt, iv, encrypted, tag]);\n return PREFIX + payload.toString('base64');\n}\n\n/** Decrypt an encrypted secret with a passphrase. Throws on wrong passphrase or corrupted data. Node.js/Bun only. */\nexport function decryptSecret(encrypted: string, passphrase: string): string {\n if (!isEncrypted(encrypted)) {\n throw new Error('Value is not encrypted (missing encrypted:v1: prefix).');\n }\n if (!passphrase) {\n throw new Error('Passphrase must not be empty.');\n }\n\n const payload = Buffer.from(encrypted.slice(PREFIX.length), 'base64');\n if (payload.length < SALT_LENGTH + IV_LENGTH + TAG_LENGTH) {\n throw new Error('Encrypted payload is too short.');\n }\n\n const salt = payload.subarray(0, SALT_LENGTH);\n const iv = payload.subarray(SALT_LENGTH, SALT_LENGTH + IV_LENGTH);\n const tag = payload.subarray(payload.length - TAG_LENGTH);\n const ciphertext = payload.subarray(SALT_LENGTH + IV_LENGTH, payload.length - TAG_LENGTH);\n\n const key = scryptSync(passphrase, salt, KEY_LENGTH, {\n N: SCRYPT_N,\n r: SCRYPT_R,\n p: SCRYPT_P,\n maxmem: SCRYPT_MAXMEM,\n });\n\n const decipher = createDecipheriv('aes-256-gcm', key, iv);\n decipher.setAuthTag(tag);\n\n try {\n const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);\n return decrypted.toString('utf8');\n } catch {\n throw new Error('Decryption failed. Wrong passphrase or corrupted data.');\n }\n}\n","/**\n * Node.js-only config parsing with secret decryption.\n * Exported from '@elisym/sdk/node'.\n */\n\nimport type { AgentConfig } from '../types';\nimport { isEncrypted, decryptSecret } from './encryption';\n\n/**\n * Parse a JSON string into an AgentConfig.\n * If passphrase is provided, decrypts all encrypted fields (requires Node.js/Bun).\n * If passphrase is not provided and encrypted fields exist, throws.\n */\nexport function parseConfig(json: string, passphrase?: string): AgentConfig {\n const config = JSON.parse(json) as AgentConfig;\n\n if (!config || typeof config !== 'object' || Array.isArray(config)) {\n throw new Error('Invalid config: expected JSON object.');\n }\n if (!config.identity?.secret_key || typeof config.identity.secret_key !== 'string') {\n throw new Error('Invalid config: missing or non-string identity.secret_key.');\n }\n if (typeof config.identity.name !== 'string' || !config.identity.name) {\n throw new Error('Invalid config: missing or non-string identity.name.');\n }\n if (\n !Array.isArray(config.relays) ||\n !config.relays.every((r: unknown) => typeof r === 'string')\n ) {\n throw new Error('Invalid config: relays must be an array of strings.');\n }\n\n if (config.capabilities !== undefined) {\n if (!Array.isArray(config.capabilities)) {\n throw new Error('Invalid config: capabilities must be an array.');\n }\n for (const cap of config.capabilities) {\n if (\n !cap ||\n typeof cap !== 'object' ||\n typeof cap.name !== 'string' ||\n typeof cap.description !== 'string' ||\n typeof cap.price !== 'number'\n ) {\n throw new Error(\n 'Invalid config: each capability must have name (string), description (string), and price (number).',\n );\n }\n if (!Array.isArray(cap.tags) || !cap.tags.every((t: unknown) => typeof t === 'string')) {\n throw new Error('Invalid config: each capability must have tags (array of strings).');\n }\n if (!Number.isInteger(cap.price) || cap.price < 0) {\n throw new Error(\n 'Invalid config: capability price must be a non-negative integer (lamports).',\n );\n }\n }\n }\n if (config.payments !== undefined) {\n if (!Array.isArray(config.payments)) {\n throw new Error('Invalid config: payments must be an array.');\n }\n for (const p of config.payments) {\n if (\n !p ||\n typeof p !== 'object' ||\n typeof p.chain !== 'string' ||\n typeof p.network !== 'string' ||\n typeof p.address !== 'string'\n ) {\n throw new Error(\n 'Invalid config: each payment entry must have chain, network, and address (all strings).',\n );\n }\n }\n }\n if (config.wallet !== undefined) {\n if (\n !config.wallet ||\n typeof config.wallet !== 'object' ||\n typeof config.wallet.chain !== 'string' ||\n typeof config.wallet.network !== 'string' ||\n typeof config.wallet.secret_key !== 'string'\n ) {\n throw new Error(\n 'Invalid config: wallet must have chain, network, and secret_key (all strings).',\n );\n }\n }\n if (config.llm !== undefined) {\n if (\n !config.llm ||\n typeof config.llm !== 'object' ||\n typeof config.llm.provider !== 'string' ||\n typeof config.llm.model !== 'string' ||\n typeof config.llm.api_key !== 'string' ||\n typeof config.llm.max_tokens !== 'number' ||\n !Number.isInteger(config.llm.max_tokens) ||\n config.llm.max_tokens <= 0\n ) {\n throw new Error(\n 'Invalid config: llm must have provider, model, api_key (strings) and max_tokens (positive integer).',\n );\n }\n }\n\n if (!passphrase) {\n const encrypted: string[] = [];\n if (config.identity?.secret_key && isEncrypted(config.identity.secret_key)) {\n encrypted.push('identity.secret_key');\n }\n if (config.wallet?.secret_key && isEncrypted(config.wallet.secret_key)) {\n encrypted.push('wallet.secret_key');\n }\n if (config.llm?.api_key && isEncrypted(config.llm.api_key)) {\n encrypted.push('llm.api_key');\n }\n if (encrypted.length > 0) {\n throw new Error(\n `Fields [${encrypted.join(', ')}] are encrypted but no passphrase provided. Set ELISYM_PASSPHRASE env var.`,\n );\n }\n return config;\n }\n\n if (config.identity?.secret_key && isEncrypted(config.identity.secret_key)) {\n config.identity.secret_key = decryptSecret(config.identity.secret_key, passphrase);\n }\n if (config.wallet?.secret_key && isEncrypted(config.wallet.secret_key)) {\n config.wallet.secret_key = decryptSecret(config.wallet.secret_key, passphrase);\n }\n if (config.llm?.api_key && isEncrypted(config.llm.api_key)) {\n config.llm.api_key = decryptSecret(config.llm.api_key, passphrase);\n }\n\n return config;\n}\n"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@elisym/sdk",
3
- "version": "0.3.1",
3
+ "version": "0.3.2",
4
4
  "description": "TypeScript SDK for elisym - AI agent discovery, marketplace, and payments on Nostr",
5
5
  "keywords": [
6
6
  "ai-agents",