@elisym/sdk 0.4.1 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agent-store.cjs +545 -0
- package/dist/agent-store.cjs.map +1 -0
- package/dist/agent-store.d.cts +334 -0
- package/dist/agent-store.d.ts +334 -0
- package/dist/agent-store.js +505 -0
- package/dist/agent-store.js.map +1 -0
- package/dist/index.cjs +0 -4
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +140 -8
- package/dist/index.d.ts +140 -8
- package/dist/index.js +1 -4
- package/dist/index.js.map +1 -1
- package/dist/node.cjs +0 -92
- package/dist/node.cjs.map +1 -1
- package/dist/node.d.cts +1 -15
- package/dist/node.d.ts +1 -15
- package/dist/node.js +1 -92
- package/dist/node.js.map +1 -1
- package/package.json +15 -1
- package/dist/types-CII4k_8d.d.cts +0 -181
- package/dist/types-CII4k_8d.d.ts +0 -181
package/dist/node.cjs
CHANGED
|
@@ -65,100 +65,8 @@ function decryptSecret(encrypted, passphrase) {
|
|
|
65
65
|
}
|
|
66
66
|
}
|
|
67
67
|
|
|
68
|
-
// src/primitives/config-node.ts
|
|
69
|
-
function parseConfig(json, passphrase) {
|
|
70
|
-
const config = JSON.parse(json);
|
|
71
|
-
if (!config || typeof config !== "object" || Array.isArray(config)) {
|
|
72
|
-
throw new Error("Invalid config: expected JSON object.");
|
|
73
|
-
}
|
|
74
|
-
if (!config.identity?.secret_key || typeof config.identity.secret_key !== "string") {
|
|
75
|
-
throw new Error("Invalid config: missing or non-string identity.secret_key.");
|
|
76
|
-
}
|
|
77
|
-
if (typeof config.identity.name !== "string" || !config.identity.name) {
|
|
78
|
-
throw new Error("Invalid config: missing or non-string identity.name.");
|
|
79
|
-
}
|
|
80
|
-
if (!Array.isArray(config.relays) || !config.relays.every((r) => typeof r === "string")) {
|
|
81
|
-
throw new Error("Invalid config: relays must be an array of strings.");
|
|
82
|
-
}
|
|
83
|
-
if (config.capabilities !== void 0) {
|
|
84
|
-
if (!Array.isArray(config.capabilities)) {
|
|
85
|
-
throw new Error("Invalid config: capabilities must be an array.");
|
|
86
|
-
}
|
|
87
|
-
for (const cap of config.capabilities) {
|
|
88
|
-
if (!cap || typeof cap !== "object" || typeof cap.name !== "string" || typeof cap.description !== "string" || typeof cap.price !== "number") {
|
|
89
|
-
throw new Error(
|
|
90
|
-
"Invalid config: each capability must have name (string), description (string), and price (number)."
|
|
91
|
-
);
|
|
92
|
-
}
|
|
93
|
-
if (!Array.isArray(cap.tags) || !cap.tags.every((t) => typeof t === "string")) {
|
|
94
|
-
throw new Error("Invalid config: each capability must have tags (array of strings).");
|
|
95
|
-
}
|
|
96
|
-
if (!Number.isInteger(cap.price) || cap.price < 0) {
|
|
97
|
-
throw new Error(
|
|
98
|
-
"Invalid config: capability price must be a non-negative integer (lamports)."
|
|
99
|
-
);
|
|
100
|
-
}
|
|
101
|
-
}
|
|
102
|
-
}
|
|
103
|
-
if (config.payments !== void 0) {
|
|
104
|
-
if (!Array.isArray(config.payments)) {
|
|
105
|
-
throw new Error("Invalid config: payments must be an array.");
|
|
106
|
-
}
|
|
107
|
-
for (const p of config.payments) {
|
|
108
|
-
if (!p || typeof p !== "object" || typeof p.chain !== "string" || typeof p.network !== "string" || typeof p.address !== "string") {
|
|
109
|
-
throw new Error(
|
|
110
|
-
"Invalid config: each payment entry must have chain, network, and address (all strings)."
|
|
111
|
-
);
|
|
112
|
-
}
|
|
113
|
-
}
|
|
114
|
-
}
|
|
115
|
-
if (config.wallet !== void 0) {
|
|
116
|
-
if (!config.wallet || typeof config.wallet !== "object" || typeof config.wallet.chain !== "string" || typeof config.wallet.network !== "string" || typeof config.wallet.secret_key !== "string") {
|
|
117
|
-
throw new Error(
|
|
118
|
-
"Invalid config: wallet must have chain, network, and secret_key (all strings)."
|
|
119
|
-
);
|
|
120
|
-
}
|
|
121
|
-
}
|
|
122
|
-
if (config.llm !== void 0) {
|
|
123
|
-
if (!config.llm || typeof config.llm !== "object" || typeof config.llm.provider !== "string" || typeof config.llm.model !== "string" || typeof config.llm.api_key !== "string" || typeof config.llm.max_tokens !== "number" || !Number.isInteger(config.llm.max_tokens) || config.llm.max_tokens <= 0) {
|
|
124
|
-
throw new Error(
|
|
125
|
-
"Invalid config: llm must have provider, model, api_key (strings) and max_tokens (positive integer)."
|
|
126
|
-
);
|
|
127
|
-
}
|
|
128
|
-
}
|
|
129
|
-
if (!passphrase) {
|
|
130
|
-
const encrypted = [];
|
|
131
|
-
if (config.identity?.secret_key && isEncrypted(config.identity.secret_key)) {
|
|
132
|
-
encrypted.push("identity.secret_key");
|
|
133
|
-
}
|
|
134
|
-
if (config.wallet?.secret_key && isEncrypted(config.wallet.secret_key)) {
|
|
135
|
-
encrypted.push("wallet.secret_key");
|
|
136
|
-
}
|
|
137
|
-
if (config.llm?.api_key && isEncrypted(config.llm.api_key)) {
|
|
138
|
-
encrypted.push("llm.api_key");
|
|
139
|
-
}
|
|
140
|
-
if (encrypted.length > 0) {
|
|
141
|
-
throw new Error(
|
|
142
|
-
`Fields [${encrypted.join(", ")}] are encrypted but no passphrase provided. Set ELISYM_PASSPHRASE env var.`
|
|
143
|
-
);
|
|
144
|
-
}
|
|
145
|
-
return config;
|
|
146
|
-
}
|
|
147
|
-
if (config.identity?.secret_key && isEncrypted(config.identity.secret_key)) {
|
|
148
|
-
config.identity.secret_key = decryptSecret(config.identity.secret_key, passphrase);
|
|
149
|
-
}
|
|
150
|
-
if (config.wallet?.secret_key && isEncrypted(config.wallet.secret_key)) {
|
|
151
|
-
config.wallet.secret_key = decryptSecret(config.wallet.secret_key, passphrase);
|
|
152
|
-
}
|
|
153
|
-
if (config.llm?.api_key && isEncrypted(config.llm.api_key)) {
|
|
154
|
-
config.llm.api_key = decryptSecret(config.llm.api_key, passphrase);
|
|
155
|
-
}
|
|
156
|
-
return config;
|
|
157
|
-
}
|
|
158
|
-
|
|
159
68
|
exports.decryptSecret = decryptSecret;
|
|
160
69
|
exports.encryptSecret = encryptSecret;
|
|
161
70
|
exports.isEncrypted = isEncrypted;
|
|
162
|
-
exports.parseConfig = parseConfig;
|
|
163
71
|
//# sourceMappingURL=node.cjs.map
|
|
164
72
|
//# sourceMappingURL=node.cjs.map
|
package/dist/node.cjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/primitives/encryption.ts","../src/primitives/config-node.ts"],"names":["randomBytes","scryptSync","createCipheriv","Buffer","createDecipheriv"],"mappings":";;;;;;AAcA,IAAM,MAAA,GAAS,eAAA;AACf,IAAM,WAAA,GAAc,EAAA;AACpB,IAAM,SAAA,GAAY,EAAA;AAClB,IAAM,UAAA,GAAa,EAAA;AACnB,IAAM,UAAA,GAAa,EAAA;AAEnB,IAAM,WAAW,CAAA,IAAK,EAAA;AACtB,IAAM,QAAA,GAAW,CAAA;AACjB,IAAM,QAAA,GAAW,CAAA;AACjB,IAAM,aAAA,GAAgB,GAAA,GAAM,QAAA,GAAW,QAAA,GAAW,CAAA;AAG3C,SAAS,YAAY,KAAA,EAAwB;AAClD,EAAA,OAAO,KAAA,CAAM,WAAW,MAAM,CAAA;AAChC;AAGO,SAAS,aAAA,CAAc,WAAmB,UAAA,EAA4B;AAC3E,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAI,MAAM,+BAA+B,CAAA;AAAA,EACjD;AAEA,EAAA,MAAM,IAAA,GAAOA,mBAAY,WAAW,CAAA;AACpC,EAAA,MAAM,GAAA,GAAMC,iBAAA,CAAW,UAAA,EAAY,IAAA,EAAM,UAAA,EAAY;AAAA,IACnD,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,MAAA,EAAQ;AAAA,GACT,CAAA;AACD,EAAA,MAAM,EAAA,GAAKD,mBAAY,SAAS,CAAA;AAEhC,EAAA,MAAM,MAAA,GAASE,qBAAA,CAAe,aAAA,EAAe,GAAA,EAAK,EAAE,CAAA;AACpD,EAAA,MAAM,SAAA,GAAYC,aAAA,CAAO,MAAA,CAAO,CAAC,MAAA,CAAO,MAAA,CAAO,SAAA,EAAW,MAAM,CAAA,EAAG,MAAA,CAAO,KAAA,EAAO,CAAC,CAAA;AAClF,EAAA,MAAM,GAAA,GAAM,OAAO,UAAA,EAAW;AAE9B,EAAA,MAAM,OAAA,GAAUA,cAAO,MAAA,CAAO,CAAC,MAAM,EAAA,EAAI,SAAA,EAAW,GAAG,CAAC,CAAA;AACxD,EAAA,OAAO,MAAA,GAAS,OAAA,CAAQ,QAAA,CAAS,QAAQ,CAAA;AAC3C;AAGO,SAAS,aAAA,CAAc,WAAmB,UAAA,EAA4B;AAC3E,EAAA,IAAI,CAAC,WAAA,CAAY,SAAS,CAAA,EAAG;AAC3B,IAAA,MAAM,IAAI,MAAM,wDAAwD,CAAA;AAAA,EAC1E;AACA,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAI,MAAM,+BAA+B,CAAA;AAAA,EACjD;AAEA,EAAA,MAAM,OAAA,GAAUA,cAAO,IAAA,CAAK,SAAA,CAAU,MAAM,MAAA,CAAO,MAAM,GAAG,QAAQ,CAAA;AACpE,EAAA,IAAI,OAAA,CAAQ,MAAA,GAAS,WAAA,GAAc,SAAA,GAAY,UAAA,EAAY;AACzD,IAAA,MAAM,IAAI,MAAM,iCAAiC,CAAA;AAAA,EACnD;AAEA,EAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,QAAA,CAAS,CAAA,EAAG,WAAW,CAAA;AAC5C,EAAA,MAAM,EAAA,GAAK,OAAA,CAAQ,QAAA,CAAS,WAAA,EAAa,cAAc,SAAS,CAAA;AAChE,EAAA,MAAM,GAAA,GAAM,OAAA,CAAQ,QAAA,CAAS,OAAA,CAAQ,SAAS,UAAU,CAAA;AACxD,EAAA,MAAM,aAAa,OAAA,CAAQ,QAAA,CAAS,cAAc,SAAA,EAAW,OAAA,CAAQ,SAAS,UAAU,CAAA;AAExF,EAAA,MAAM,GAAA,GAAMF,iBAAA,CAAW,UAAA,EAAY,IAAA,EAAM,UAAA,EAAY;AAAA,IACnD,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,MAAA,EAAQ;AAAA,GACT,CAAA;AAED,EAAA,MAAM,QAAA,GAAWG,uBAAA,CAAiB,aAAA,EAAe,GAAA,EAAK,EAAE,CAAA;AACxD,EAAA,QAAA,CAAS,WAAW,GAAG,CAAA;AAEvB,EAAA,IAAI;AACF,IAAA,MAAM,SAAA,GAAYD,aAAA,CAAO,MAAA,CAAO,CAAC,QAAA,CAAS,MAAA,CAAO,UAAU,CAAA,EAAG,QAAA,CAAS,KAAA,EAAO,CAAC,CAAA;AAC/E,IAAA,OAAO,SAAA,CAAU,SAAS,MAAM,CAAA;AAAA,EAClC,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,MAAM,wDAAwD,CAAA;AAAA,EAC1E;AACF;;;AC3EO,SAAS,WAAA,CAAY,MAAc,UAAA,EAAkC;AAC1E,EAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,IAAI,CAAA;AAE9B,EAAA,IAAI,CAAC,UAAU,OAAO,MAAA,KAAW,YAAY,KAAA,CAAM,OAAA,CAAQ,MAAM,CAAA,EAAG;AAClE,IAAA,MAAM,IAAI,MAAM,uCAAuC,CAAA;AAAA,EACzD;AACA,EAAA,IAAI,CAAC,OAAO,QAAA,EAAU,UAAA,IAAc,OAAO,MAAA,CAAO,QAAA,CAAS,eAAe,QAAA,EAAU;AAClF,IAAA,MAAM,IAAI,MAAM,4DAA4D,CAAA;AAAA,EAC9E;AACA,EAAA,IAAI,OAAO,OAAO,QAAA,CAAS,IAAA,KAAS,YAAY,CAAC,MAAA,CAAO,SAAS,IAAA,EAAM;AACrE,IAAA,MAAM,IAAI,MAAM,sDAAsD,CAAA;AAAA,EACxE;AACA,EAAA,IACE,CAAC,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,MAAM,CAAA,IAC5B,CAAC,MAAA,CAAO,MAAA,CAAO,MAAM,CAAC,CAAA,KAAe,OAAO,CAAA,KAAM,QAAQ,CAAA,EAC1D;AACA,IAAA,MAAM,IAAI,MAAM,qDAAqD,CAAA;AAAA,EACvE;AAEA,EAAA,IAAI,MAAA,CAAO,iBAAiB,MAAA,EAAW;AACrC,IAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,YAAY,CAAA,EAAG;AACvC,MAAA,MAAM,IAAI,MAAM,gDAAgD,CAAA;AAAA,IAClE;AACA,IAAA,KAAA,MAAW,GAAA,IAAO,OAAO,YAAA,EAAc;AACrC,MAAA,IACE,CAAC,GAAA,IACD,OAAO,GAAA,KAAQ,QAAA,IACf,OAAO,GAAA,CAAI,IAAA,KAAS,QAAA,IACpB,OAAO,IAAI,WAAA,KAAgB,QAAA,IAC3B,OAAO,GAAA,CAAI,UAAU,QAAA,EACrB;AACA,QAAA,MAAM,IAAI,KAAA;AAAA,UACR;AAAA,SACF;AAAA,MACF;AACA,MAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,GAAA,CAAI,IAAI,CAAA,IAAK,CAAC,GAAA,CAAI,IAAA,CAAK,MAAM,CAAC,CAAA,KAAe,OAAO,CAAA,KAAM,QAAQ,CAAA,EAAG;AACtF,QAAA,MAAM,IAAI,MAAM,oEAAoE,CAAA;AAAA,MACtF;AACA,MAAA,IAAI,CAAC,OAAO,SAAA,CAAU,GAAA,CAAI,KAAK,CAAA,IAAK,GAAA,CAAI,QAAQ,CAAA,EAAG;AACjD,QAAA,MAAM,IAAI,KAAA;AAAA,UACR;AAAA,SACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACA,EAAA,IAAI,MAAA,CAAO,aAAa,MAAA,EAAW;AACjC,IAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,QAAQ,CAAA,EAAG;AACnC,MAAA,MAAM,IAAI,MAAM,4CAA4C,CAAA;AAAA,IAC9D;AACA,IAAA,KAAA,MAAW,CAAA,IAAK,OAAO,QAAA,EAAU;AAC/B,MAAA,IACE,CAAC,CAAA,IACD,OAAO,CAAA,KAAM,QAAA,IACb,OAAO,CAAA,CAAE,KAAA,KAAU,QAAA,IACnB,OAAO,EAAE,OAAA,KAAY,QAAA,IACrB,OAAO,CAAA,CAAE,YAAY,QAAA,EACrB;AACA,QAAA,MAAM,IAAI,KAAA;AAAA,UACR;AAAA,SACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACA,EAAA,IAAI,MAAA,CAAO,WAAW,MAAA,EAAW;AAC/B,IAAA,IACE,CAAC,OAAO,MAAA,IACR,OAAO,OAAO,MAAA,KAAW,QAAA,IACzB,OAAO,MAAA,CAAO,MAAA,CAAO,UAAU,QAAA,IAC/B,OAAO,OAAO,MAAA,CAAO,OAAA,KAAY,YACjC,OAAO,MAAA,CAAO,MAAA,CAAO,UAAA,KAAe,QAAA,EACpC;AACA,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AACA,EAAA,IAAI,MAAA,CAAO,QAAQ,MAAA,EAAW;AAC5B,IAAA,IACE,CAAC,MAAA,CAAO,GAAA,IACR,OAAO,MAAA,CAAO,QAAQ,QAAA,IACtB,OAAO,MAAA,CAAO,GAAA,CAAI,aAAa,QAAA,IAC/B,OAAO,MAAA,CAAO,GAAA,CAAI,UAAU,QAAA,IAC5B,OAAO,MAAA,CAAO,GAAA,CAAI,YAAY,QAAA,IAC9B,OAAO,MAAA,CAAO,GAAA,CAAI,eAAe,QAAA,IACjC,CAAC,MAAA,CAAO,SAAA,CAAU,OAAO,GAAA,CAAI,UAAU,KACvC,MAAA,CAAO,GAAA,CAAI,cAAc,CAAA,EACzB;AACA,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,YAAsB,EAAC;AAC7B,IAAA,IAAI,OAAO,QAAA,EAAU,UAAA,IAAc,YAAY,MAAA,CAAO,QAAA,CAAS,UAAU,CAAA,EAAG;AAC1E,MAAA,SAAA,CAAU,KAAK,qBAAqB,CAAA;AAAA,IACtC;AACA,IAAA,IAAI,OAAO,MAAA,EAAQ,UAAA,IAAc,YAAY,MAAA,CAAO,MAAA,CAAO,UAAU,CAAA,EAAG;AACtE,MAAA,SAAA,CAAU,KAAK,mBAAmB,CAAA;AAAA,IACpC;AACA,IAAA,IAAI,OAAO,GAAA,EAAK,OAAA,IAAW,YAAY,MAAA,CAAO,GAAA,CAAI,OAAO,CAAA,EAAG;AAC1D,MAAA,SAAA,CAAU,KAAK,aAAa,CAAA;AAAA,IAC9B;AACA,IAAA,IAAI,SAAA,CAAU,SAAS,CAAA,EAAG;AACxB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,QAAA,EAAW,SAAA,CAAU,IAAA,CAAK,IAAI,CAAC,CAAA,0EAAA;AAAA,OACjC;AAAA,IACF;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,IAAI,OAAO,QAAA,EAAU,UAAA,IAAc,YAAY,MAAA,CAAO,QAAA,CAAS,UAAU,CAAA,EAAG;AAC1E,IAAA,MAAA,CAAO,SAAS,UAAA,GAAa,aAAA,CAAc,MAAA,CAAO,QAAA,CAAS,YAAY,UAAU,CAAA;AAAA,EACnF;AACA,EAAA,IAAI,OAAO,MAAA,EAAQ,UAAA,IAAc,YAAY,MAAA,CAAO,MAAA,CAAO,UAAU,CAAA,EAAG;AACtE,IAAA,MAAA,CAAO,OAAO,UAAA,GAAa,aAAA,CAAc,MAAA,CAAO,MAAA,CAAO,YAAY,UAAU,CAAA;AAAA,EAC/E;AACA,EAAA,IAAI,OAAO,GAAA,EAAK,OAAA,IAAW,YAAY,MAAA,CAAO,GAAA,CAAI,OAAO,CAAA,EAAG;AAC1D,IAAA,MAAA,CAAO,IAAI,OAAA,GAAU,aAAA,CAAc,MAAA,CAAO,GAAA,CAAI,SAAS,UAAU,CAAA;AAAA,EACnE;AAEA,EAAA,OAAO,MAAA;AACT","file":"node.cjs","sourcesContent":["/**\n * Secret encryption/decryption for agent config files.\n * Uses scrypt (KDF) + AES-256-GCM (cipher).\n * Format: \"encrypted:v1:\" + base64(salt[16] + iv[12] + ciphertext + tag[16])\n *\n * scrypt params: N=2^17, r=8, p=1 (~128 MB RAM per derivation).\n *\n * Node.js/Bun only - not available in browsers. Reachable only via the\n * '@elisym/sdk/node' subpath, which browser bundlers will not resolve.\n */\n\nimport { Buffer } from 'node:buffer';\nimport { createCipheriv, createDecipheriv, randomBytes, scryptSync } from 'node:crypto';\n\nconst PREFIX = 'encrypted:v1:';\nconst SALT_LENGTH = 16;\nconst IV_LENGTH = 12;\nconst TAG_LENGTH = 16;\nconst KEY_LENGTH = 32; // AES-256\n// v1: N=2^17 (OWASP minimum). v2 will use N=2^20 with format migration.\nconst SCRYPT_N = 2 ** 17;\nconst SCRYPT_R = 8;\nconst SCRYPT_P = 1;\nconst SCRYPT_MAXMEM = 128 * SCRYPT_N * SCRYPT_R * 2; // 2x the minimum required memory\n\n/** Check if a value is encrypted (has the encrypted:v1: prefix). */\nexport function isEncrypted(value: string): boolean {\n return value.startsWith(PREFIX);\n}\n\n/** Encrypt a plaintext secret with a passphrase. Returns \"encrypted:v1:base64...\". Node.js/Bun only. */\nexport function encryptSecret(plaintext: string, passphrase: string): string {\n if (!passphrase) {\n throw new Error('Passphrase must not be empty.');\n }\n\n const salt = randomBytes(SALT_LENGTH);\n const key = scryptSync(passphrase, salt, KEY_LENGTH, {\n N: SCRYPT_N,\n r: SCRYPT_R,\n p: SCRYPT_P,\n maxmem: SCRYPT_MAXMEM,\n });\n const iv = randomBytes(IV_LENGTH);\n\n const cipher = createCipheriv('aes-256-gcm', key, iv);\n const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);\n const tag = cipher.getAuthTag();\n\n const payload = Buffer.concat([salt, iv, encrypted, tag]);\n return PREFIX + payload.toString('base64');\n}\n\n/** Decrypt an encrypted secret with a passphrase. Throws on wrong passphrase or corrupted data. Node.js/Bun only. */\nexport function decryptSecret(encrypted: string, passphrase: string): string {\n if (!isEncrypted(encrypted)) {\n throw new Error('Value is not encrypted (missing encrypted:v1: prefix).');\n }\n if (!passphrase) {\n throw new Error('Passphrase must not be empty.');\n }\n\n const payload = Buffer.from(encrypted.slice(PREFIX.length), 'base64');\n if (payload.length < SALT_LENGTH + IV_LENGTH + TAG_LENGTH) {\n throw new Error('Encrypted payload is too short.');\n }\n\n const salt = payload.subarray(0, SALT_LENGTH);\n const iv = payload.subarray(SALT_LENGTH, SALT_LENGTH + IV_LENGTH);\n const tag = payload.subarray(payload.length - TAG_LENGTH);\n const ciphertext = payload.subarray(SALT_LENGTH + IV_LENGTH, payload.length - TAG_LENGTH);\n\n const key = scryptSync(passphrase, salt, KEY_LENGTH, {\n N: SCRYPT_N,\n r: SCRYPT_R,\n p: SCRYPT_P,\n maxmem: SCRYPT_MAXMEM,\n });\n\n const decipher = createDecipheriv('aes-256-gcm', key, iv);\n decipher.setAuthTag(tag);\n\n try {\n const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);\n return decrypted.toString('utf8');\n } catch {\n throw new Error('Decryption failed. Wrong passphrase or corrupted data.');\n }\n}\n","/**\n * Node.js-only config parsing with secret decryption.\n * Exported from '@elisym/sdk/node'.\n */\n\nimport type { AgentConfig } from '../types';\nimport { isEncrypted, decryptSecret } from './encryption';\n\n/**\n * Parse a JSON string into an AgentConfig.\n * If passphrase is provided, decrypts all encrypted fields (requires Node.js/Bun).\n * If passphrase is not provided and encrypted fields exist, throws.\n */\nexport function parseConfig(json: string, passphrase?: string): AgentConfig {\n const config = JSON.parse(json) as AgentConfig;\n\n if (!config || typeof config !== 'object' || Array.isArray(config)) {\n throw new Error('Invalid config: expected JSON object.');\n }\n if (!config.identity?.secret_key || typeof config.identity.secret_key !== 'string') {\n throw new Error('Invalid config: missing or non-string identity.secret_key.');\n }\n if (typeof config.identity.name !== 'string' || !config.identity.name) {\n throw new Error('Invalid config: missing or non-string identity.name.');\n }\n if (\n !Array.isArray(config.relays) ||\n !config.relays.every((r: unknown) => typeof r === 'string')\n ) {\n throw new Error('Invalid config: relays must be an array of strings.');\n }\n\n if (config.capabilities !== undefined) {\n if (!Array.isArray(config.capabilities)) {\n throw new Error('Invalid config: capabilities must be an array.');\n }\n for (const cap of config.capabilities) {\n if (\n !cap ||\n typeof cap !== 'object' ||\n typeof cap.name !== 'string' ||\n typeof cap.description !== 'string' ||\n typeof cap.price !== 'number'\n ) {\n throw new Error(\n 'Invalid config: each capability must have name (string), description (string), and price (number).',\n );\n }\n if (!Array.isArray(cap.tags) || !cap.tags.every((t: unknown) => typeof t === 'string')) {\n throw new Error('Invalid config: each capability must have tags (array of strings).');\n }\n if (!Number.isInteger(cap.price) || cap.price < 0) {\n throw new Error(\n 'Invalid config: capability price must be a non-negative integer (lamports).',\n );\n }\n }\n }\n if (config.payments !== undefined) {\n if (!Array.isArray(config.payments)) {\n throw new Error('Invalid config: payments must be an array.');\n }\n for (const p of config.payments) {\n if (\n !p ||\n typeof p !== 'object' ||\n typeof p.chain !== 'string' ||\n typeof p.network !== 'string' ||\n typeof p.address !== 'string'\n ) {\n throw new Error(\n 'Invalid config: each payment entry must have chain, network, and address (all strings).',\n );\n }\n }\n }\n if (config.wallet !== undefined) {\n if (\n !config.wallet ||\n typeof config.wallet !== 'object' ||\n typeof config.wallet.chain !== 'string' ||\n typeof config.wallet.network !== 'string' ||\n typeof config.wallet.secret_key !== 'string'\n ) {\n throw new Error(\n 'Invalid config: wallet must have chain, network, and secret_key (all strings).',\n );\n }\n }\n if (config.llm !== undefined) {\n if (\n !config.llm ||\n typeof config.llm !== 'object' ||\n typeof config.llm.provider !== 'string' ||\n typeof config.llm.model !== 'string' ||\n typeof config.llm.api_key !== 'string' ||\n typeof config.llm.max_tokens !== 'number' ||\n !Number.isInteger(config.llm.max_tokens) ||\n config.llm.max_tokens <= 0\n ) {\n throw new Error(\n 'Invalid config: llm must have provider, model, api_key (strings) and max_tokens (positive integer).',\n );\n }\n }\n\n if (!passphrase) {\n const encrypted: string[] = [];\n if (config.identity?.secret_key && isEncrypted(config.identity.secret_key)) {\n encrypted.push('identity.secret_key');\n }\n if (config.wallet?.secret_key && isEncrypted(config.wallet.secret_key)) {\n encrypted.push('wallet.secret_key');\n }\n if (config.llm?.api_key && isEncrypted(config.llm.api_key)) {\n encrypted.push('llm.api_key');\n }\n if (encrypted.length > 0) {\n throw new Error(\n `Fields [${encrypted.join(', ')}] are encrypted but no passphrase provided. Set ELISYM_PASSPHRASE env var.`,\n );\n }\n return config;\n }\n\n if (config.identity?.secret_key && isEncrypted(config.identity.secret_key)) {\n config.identity.secret_key = decryptSecret(config.identity.secret_key, passphrase);\n }\n if (config.wallet?.secret_key && isEncrypted(config.wallet.secret_key)) {\n config.wallet.secret_key = decryptSecret(config.wallet.secret_key, passphrase);\n }\n if (config.llm?.api_key && isEncrypted(config.llm.api_key)) {\n config.llm.api_key = decryptSecret(config.llm.api_key, passphrase);\n }\n\n return config;\n}\n"]}
|
|
1
|
+
{"version":3,"sources":["../src/primitives/encryption.ts"],"names":["randomBytes","scryptSync","createCipheriv","Buffer","createDecipheriv"],"mappings":";;;;;;AAcA,IAAM,MAAA,GAAS,eAAA;AACf,IAAM,WAAA,GAAc,EAAA;AACpB,IAAM,SAAA,GAAY,EAAA;AAClB,IAAM,UAAA,GAAa,EAAA;AACnB,IAAM,UAAA,GAAa,EAAA;AAEnB,IAAM,WAAW,CAAA,IAAK,EAAA;AACtB,IAAM,QAAA,GAAW,CAAA;AACjB,IAAM,QAAA,GAAW,CAAA;AACjB,IAAM,aAAA,GAAgB,GAAA,GAAM,QAAA,GAAW,QAAA,GAAW,CAAA;AAG3C,SAAS,YAAY,KAAA,EAAwB;AAClD,EAAA,OAAO,KAAA,CAAM,WAAW,MAAM,CAAA;AAChC;AAGO,SAAS,aAAA,CAAc,WAAmB,UAAA,EAA4B;AAC3E,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAI,MAAM,+BAA+B,CAAA;AAAA,EACjD;AAEA,EAAA,MAAM,IAAA,GAAOA,mBAAY,WAAW,CAAA;AACpC,EAAA,MAAM,GAAA,GAAMC,iBAAA,CAAW,UAAA,EAAY,IAAA,EAAM,UAAA,EAAY;AAAA,IACnD,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,MAAA,EAAQ;AAAA,GACT,CAAA;AACD,EAAA,MAAM,EAAA,GAAKD,mBAAY,SAAS,CAAA;AAEhC,EAAA,MAAM,MAAA,GAASE,qBAAA,CAAe,aAAA,EAAe,GAAA,EAAK,EAAE,CAAA;AACpD,EAAA,MAAM,SAAA,GAAYC,aAAA,CAAO,MAAA,CAAO,CAAC,MAAA,CAAO,MAAA,CAAO,SAAA,EAAW,MAAM,CAAA,EAAG,MAAA,CAAO,KAAA,EAAO,CAAC,CAAA;AAClF,EAAA,MAAM,GAAA,GAAM,OAAO,UAAA,EAAW;AAE9B,EAAA,MAAM,OAAA,GAAUA,cAAO,MAAA,CAAO,CAAC,MAAM,EAAA,EAAI,SAAA,EAAW,GAAG,CAAC,CAAA;AACxD,EAAA,OAAO,MAAA,GAAS,OAAA,CAAQ,QAAA,CAAS,QAAQ,CAAA;AAC3C;AAGO,SAAS,aAAA,CAAc,WAAmB,UAAA,EAA4B;AAC3E,EAAA,IAAI,CAAC,WAAA,CAAY,SAAS,CAAA,EAAG;AAC3B,IAAA,MAAM,IAAI,MAAM,wDAAwD,CAAA;AAAA,EAC1E;AACA,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAI,MAAM,+BAA+B,CAAA;AAAA,EACjD;AAEA,EAAA,MAAM,OAAA,GAAUA,cAAO,IAAA,CAAK,SAAA,CAAU,MAAM,MAAA,CAAO,MAAM,GAAG,QAAQ,CAAA;AACpE,EAAA,IAAI,OAAA,CAAQ,MAAA,GAAS,WAAA,GAAc,SAAA,GAAY,UAAA,EAAY;AACzD,IAAA,MAAM,IAAI,MAAM,iCAAiC,CAAA;AAAA,EACnD;AAEA,EAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,QAAA,CAAS,CAAA,EAAG,WAAW,CAAA;AAC5C,EAAA,MAAM,EAAA,GAAK,OAAA,CAAQ,QAAA,CAAS,WAAA,EAAa,cAAc,SAAS,CAAA;AAChE,EAAA,MAAM,GAAA,GAAM,OAAA,CAAQ,QAAA,CAAS,OAAA,CAAQ,SAAS,UAAU,CAAA;AACxD,EAAA,MAAM,aAAa,OAAA,CAAQ,QAAA,CAAS,cAAc,SAAA,EAAW,OAAA,CAAQ,SAAS,UAAU,CAAA;AAExF,EAAA,MAAM,GAAA,GAAMF,iBAAA,CAAW,UAAA,EAAY,IAAA,EAAM,UAAA,EAAY;AAAA,IACnD,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,MAAA,EAAQ;AAAA,GACT,CAAA;AAED,EAAA,MAAM,QAAA,GAAWG,uBAAA,CAAiB,aAAA,EAAe,GAAA,EAAK,EAAE,CAAA;AACxD,EAAA,QAAA,CAAS,WAAW,GAAG,CAAA;AAEvB,EAAA,IAAI;AACF,IAAA,MAAM,SAAA,GAAYD,aAAA,CAAO,MAAA,CAAO,CAAC,QAAA,CAAS,MAAA,CAAO,UAAU,CAAA,EAAG,QAAA,CAAS,KAAA,EAAO,CAAC,CAAA;AAC/E,IAAA,OAAO,SAAA,CAAU,SAAS,MAAM,CAAA;AAAA,EAClC,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,MAAM,wDAAwD,CAAA;AAAA,EAC1E;AACF","file":"node.cjs","sourcesContent":["/**\n * Secret encryption/decryption for agent config files.\n * Uses scrypt (KDF) + AES-256-GCM (cipher).\n * Format: \"encrypted:v1:\" + base64(salt[16] + iv[12] + ciphertext + tag[16])\n *\n * scrypt params: N=2^17, r=8, p=1 (~128 MB RAM per derivation).\n *\n * Node.js/Bun only - not available in browsers. Reachable only via the\n * '@elisym/sdk/node' subpath, which browser bundlers will not resolve.\n */\n\nimport { Buffer } from 'node:buffer';\nimport { createCipheriv, createDecipheriv, randomBytes, scryptSync } from 'node:crypto';\n\nconst PREFIX = 'encrypted:v1:';\nconst SALT_LENGTH = 16;\nconst IV_LENGTH = 12;\nconst TAG_LENGTH = 16;\nconst KEY_LENGTH = 32; // AES-256\n// v1: N=2^17 (OWASP minimum). v2 will use N=2^20 with format migration.\nconst SCRYPT_N = 2 ** 17;\nconst SCRYPT_R = 8;\nconst SCRYPT_P = 1;\nconst SCRYPT_MAXMEM = 128 * SCRYPT_N * SCRYPT_R * 2; // 2x the minimum required memory\n\n/** Check if a value is encrypted (has the encrypted:v1: prefix). */\nexport function isEncrypted(value: string): boolean {\n return value.startsWith(PREFIX);\n}\n\n/** Encrypt a plaintext secret with a passphrase. Returns \"encrypted:v1:base64...\". Node.js/Bun only. */\nexport function encryptSecret(plaintext: string, passphrase: string): string {\n if (!passphrase) {\n throw new Error('Passphrase must not be empty.');\n }\n\n const salt = randomBytes(SALT_LENGTH);\n const key = scryptSync(passphrase, salt, KEY_LENGTH, {\n N: SCRYPT_N,\n r: SCRYPT_R,\n p: SCRYPT_P,\n maxmem: SCRYPT_MAXMEM,\n });\n const iv = randomBytes(IV_LENGTH);\n\n const cipher = createCipheriv('aes-256-gcm', key, iv);\n const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);\n const tag = cipher.getAuthTag();\n\n const payload = Buffer.concat([salt, iv, encrypted, tag]);\n return PREFIX + payload.toString('base64');\n}\n\n/** Decrypt an encrypted secret with a passphrase. Throws on wrong passphrase or corrupted data. Node.js/Bun only. */\nexport function decryptSecret(encrypted: string, passphrase: string): string {\n if (!isEncrypted(encrypted)) {\n throw new Error('Value is not encrypted (missing encrypted:v1: prefix).');\n }\n if (!passphrase) {\n throw new Error('Passphrase must not be empty.');\n }\n\n const payload = Buffer.from(encrypted.slice(PREFIX.length), 'base64');\n if (payload.length < SALT_LENGTH + IV_LENGTH + TAG_LENGTH) {\n throw new Error('Encrypted payload is too short.');\n }\n\n const salt = payload.subarray(0, SALT_LENGTH);\n const iv = payload.subarray(SALT_LENGTH, SALT_LENGTH + IV_LENGTH);\n const tag = payload.subarray(payload.length - TAG_LENGTH);\n const ciphertext = payload.subarray(SALT_LENGTH + IV_LENGTH, payload.length - TAG_LENGTH);\n\n const key = scryptSync(passphrase, salt, KEY_LENGTH, {\n N: SCRYPT_N,\n r: SCRYPT_R,\n p: SCRYPT_P,\n maxmem: SCRYPT_MAXMEM,\n });\n\n const decipher = createDecipheriv('aes-256-gcm', key, iv);\n decipher.setAuthTag(tag);\n\n try {\n const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);\n return decrypted.toString('utf8');\n } catch {\n throw new Error('Decryption failed. Wrong passphrase or corrupted data.');\n }\n}\n"]}
|
package/dist/node.d.cts
CHANGED
|
@@ -1,5 +1,3 @@
|
|
|
1
|
-
import { g as AgentConfig } from './types-CII4k_8d.cjs';
|
|
2
|
-
|
|
3
1
|
/**
|
|
4
2
|
* Secret encryption/decryption for agent config files.
|
|
5
3
|
* Uses scrypt (KDF) + AES-256-GCM (cipher).
|
|
@@ -17,16 +15,4 @@ declare function encryptSecret(plaintext: string, passphrase: string): string;
|
|
|
17
15
|
/** Decrypt an encrypted secret with a passphrase. Throws on wrong passphrase or corrupted data. Node.js/Bun only. */
|
|
18
16
|
declare function decryptSecret(encrypted: string, passphrase: string): string;
|
|
19
17
|
|
|
20
|
-
|
|
21
|
-
* Node.js-only config parsing with secret decryption.
|
|
22
|
-
* Exported from '@elisym/sdk/node'.
|
|
23
|
-
*/
|
|
24
|
-
|
|
25
|
-
/**
|
|
26
|
-
* Parse a JSON string into an AgentConfig.
|
|
27
|
-
* If passphrase is provided, decrypts all encrypted fields (requires Node.js/Bun).
|
|
28
|
-
* If passphrase is not provided and encrypted fields exist, throws.
|
|
29
|
-
*/
|
|
30
|
-
declare function parseConfig(json: string, passphrase?: string): AgentConfig;
|
|
31
|
-
|
|
32
|
-
export { decryptSecret, encryptSecret, isEncrypted, parseConfig };
|
|
18
|
+
export { decryptSecret, encryptSecret, isEncrypted };
|
package/dist/node.d.ts
CHANGED
|
@@ -1,5 +1,3 @@
|
|
|
1
|
-
import { g as AgentConfig } from './types-CII4k_8d.js';
|
|
2
|
-
|
|
3
1
|
/**
|
|
4
2
|
* Secret encryption/decryption for agent config files.
|
|
5
3
|
* Uses scrypt (KDF) + AES-256-GCM (cipher).
|
|
@@ -17,16 +15,4 @@ declare function encryptSecret(plaintext: string, passphrase: string): string;
|
|
|
17
15
|
/** Decrypt an encrypted secret with a passphrase. Throws on wrong passphrase or corrupted data. Node.js/Bun only. */
|
|
18
16
|
declare function decryptSecret(encrypted: string, passphrase: string): string;
|
|
19
17
|
|
|
20
|
-
|
|
21
|
-
* Node.js-only config parsing with secret decryption.
|
|
22
|
-
* Exported from '@elisym/sdk/node'.
|
|
23
|
-
*/
|
|
24
|
-
|
|
25
|
-
/**
|
|
26
|
-
* Parse a JSON string into an AgentConfig.
|
|
27
|
-
* If passphrase is provided, decrypts all encrypted fields (requires Node.js/Bun).
|
|
28
|
-
* If passphrase is not provided and encrypted fields exist, throws.
|
|
29
|
-
*/
|
|
30
|
-
declare function parseConfig(json: string, passphrase?: string): AgentConfig;
|
|
31
|
-
|
|
32
|
-
export { decryptSecret, encryptSecret, isEncrypted, parseConfig };
|
|
18
|
+
export { decryptSecret, encryptSecret, isEncrypted };
|
package/dist/node.js
CHANGED
|
@@ -63,97 +63,6 @@ function decryptSecret(encrypted, passphrase) {
|
|
|
63
63
|
}
|
|
64
64
|
}
|
|
65
65
|
|
|
66
|
-
|
|
67
|
-
function parseConfig(json, passphrase) {
|
|
68
|
-
const config = JSON.parse(json);
|
|
69
|
-
if (!config || typeof config !== "object" || Array.isArray(config)) {
|
|
70
|
-
throw new Error("Invalid config: expected JSON object.");
|
|
71
|
-
}
|
|
72
|
-
if (!config.identity?.secret_key || typeof config.identity.secret_key !== "string") {
|
|
73
|
-
throw new Error("Invalid config: missing or non-string identity.secret_key.");
|
|
74
|
-
}
|
|
75
|
-
if (typeof config.identity.name !== "string" || !config.identity.name) {
|
|
76
|
-
throw new Error("Invalid config: missing or non-string identity.name.");
|
|
77
|
-
}
|
|
78
|
-
if (!Array.isArray(config.relays) || !config.relays.every((r) => typeof r === "string")) {
|
|
79
|
-
throw new Error("Invalid config: relays must be an array of strings.");
|
|
80
|
-
}
|
|
81
|
-
if (config.capabilities !== void 0) {
|
|
82
|
-
if (!Array.isArray(config.capabilities)) {
|
|
83
|
-
throw new Error("Invalid config: capabilities must be an array.");
|
|
84
|
-
}
|
|
85
|
-
for (const cap of config.capabilities) {
|
|
86
|
-
if (!cap || typeof cap !== "object" || typeof cap.name !== "string" || typeof cap.description !== "string" || typeof cap.price !== "number") {
|
|
87
|
-
throw new Error(
|
|
88
|
-
"Invalid config: each capability must have name (string), description (string), and price (number)."
|
|
89
|
-
);
|
|
90
|
-
}
|
|
91
|
-
if (!Array.isArray(cap.tags) || !cap.tags.every((t) => typeof t === "string")) {
|
|
92
|
-
throw new Error("Invalid config: each capability must have tags (array of strings).");
|
|
93
|
-
}
|
|
94
|
-
if (!Number.isInteger(cap.price) || cap.price < 0) {
|
|
95
|
-
throw new Error(
|
|
96
|
-
"Invalid config: capability price must be a non-negative integer (lamports)."
|
|
97
|
-
);
|
|
98
|
-
}
|
|
99
|
-
}
|
|
100
|
-
}
|
|
101
|
-
if (config.payments !== void 0) {
|
|
102
|
-
if (!Array.isArray(config.payments)) {
|
|
103
|
-
throw new Error("Invalid config: payments must be an array.");
|
|
104
|
-
}
|
|
105
|
-
for (const p of config.payments) {
|
|
106
|
-
if (!p || typeof p !== "object" || typeof p.chain !== "string" || typeof p.network !== "string" || typeof p.address !== "string") {
|
|
107
|
-
throw new Error(
|
|
108
|
-
"Invalid config: each payment entry must have chain, network, and address (all strings)."
|
|
109
|
-
);
|
|
110
|
-
}
|
|
111
|
-
}
|
|
112
|
-
}
|
|
113
|
-
if (config.wallet !== void 0) {
|
|
114
|
-
if (!config.wallet || typeof config.wallet !== "object" || typeof config.wallet.chain !== "string" || typeof config.wallet.network !== "string" || typeof config.wallet.secret_key !== "string") {
|
|
115
|
-
throw new Error(
|
|
116
|
-
"Invalid config: wallet must have chain, network, and secret_key (all strings)."
|
|
117
|
-
);
|
|
118
|
-
}
|
|
119
|
-
}
|
|
120
|
-
if (config.llm !== void 0) {
|
|
121
|
-
if (!config.llm || typeof config.llm !== "object" || typeof config.llm.provider !== "string" || typeof config.llm.model !== "string" || typeof config.llm.api_key !== "string" || typeof config.llm.max_tokens !== "number" || !Number.isInteger(config.llm.max_tokens) || config.llm.max_tokens <= 0) {
|
|
122
|
-
throw new Error(
|
|
123
|
-
"Invalid config: llm must have provider, model, api_key (strings) and max_tokens (positive integer)."
|
|
124
|
-
);
|
|
125
|
-
}
|
|
126
|
-
}
|
|
127
|
-
if (!passphrase) {
|
|
128
|
-
const encrypted = [];
|
|
129
|
-
if (config.identity?.secret_key && isEncrypted(config.identity.secret_key)) {
|
|
130
|
-
encrypted.push("identity.secret_key");
|
|
131
|
-
}
|
|
132
|
-
if (config.wallet?.secret_key && isEncrypted(config.wallet.secret_key)) {
|
|
133
|
-
encrypted.push("wallet.secret_key");
|
|
134
|
-
}
|
|
135
|
-
if (config.llm?.api_key && isEncrypted(config.llm.api_key)) {
|
|
136
|
-
encrypted.push("llm.api_key");
|
|
137
|
-
}
|
|
138
|
-
if (encrypted.length > 0) {
|
|
139
|
-
throw new Error(
|
|
140
|
-
`Fields [${encrypted.join(", ")}] are encrypted but no passphrase provided. Set ELISYM_PASSPHRASE env var.`
|
|
141
|
-
);
|
|
142
|
-
}
|
|
143
|
-
return config;
|
|
144
|
-
}
|
|
145
|
-
if (config.identity?.secret_key && isEncrypted(config.identity.secret_key)) {
|
|
146
|
-
config.identity.secret_key = decryptSecret(config.identity.secret_key, passphrase);
|
|
147
|
-
}
|
|
148
|
-
if (config.wallet?.secret_key && isEncrypted(config.wallet.secret_key)) {
|
|
149
|
-
config.wallet.secret_key = decryptSecret(config.wallet.secret_key, passphrase);
|
|
150
|
-
}
|
|
151
|
-
if (config.llm?.api_key && isEncrypted(config.llm.api_key)) {
|
|
152
|
-
config.llm.api_key = decryptSecret(config.llm.api_key, passphrase);
|
|
153
|
-
}
|
|
154
|
-
return config;
|
|
155
|
-
}
|
|
156
|
-
|
|
157
|
-
export { decryptSecret, encryptSecret, isEncrypted, parseConfig };
|
|
66
|
+
export { decryptSecret, encryptSecret, isEncrypted };
|
|
158
67
|
//# sourceMappingURL=node.js.map
|
|
159
68
|
//# sourceMappingURL=node.js.map
|
package/dist/node.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/primitives/encryption.ts","../src/primitives/config-node.ts"],"names":[],"mappings":";;;;AAcA,IAAM,MAAA,GAAS,eAAA;AACf,IAAM,WAAA,GAAc,EAAA;AACpB,IAAM,SAAA,GAAY,EAAA;AAClB,IAAM,UAAA,GAAa,EAAA;AACnB,IAAM,UAAA,GAAa,EAAA;AAEnB,IAAM,WAAW,CAAA,IAAK,EAAA;AACtB,IAAM,QAAA,GAAW,CAAA;AACjB,IAAM,QAAA,GAAW,CAAA;AACjB,IAAM,aAAA,GAAgB,GAAA,GAAM,QAAA,GAAW,QAAA,GAAW,CAAA;AAG3C,SAAS,YAAY,KAAA,EAAwB;AAClD,EAAA,OAAO,KAAA,CAAM,WAAW,MAAM,CAAA;AAChC;AAGO,SAAS,aAAA,CAAc,WAAmB,UAAA,EAA4B;AAC3E,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAI,MAAM,+BAA+B,CAAA;AAAA,EACjD;AAEA,EAAA,MAAM,IAAA,GAAO,YAAY,WAAW,CAAA;AACpC,EAAA,MAAM,GAAA,GAAM,UAAA,CAAW,UAAA,EAAY,IAAA,EAAM,UAAA,EAAY;AAAA,IACnD,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,MAAA,EAAQ;AAAA,GACT,CAAA;AACD,EAAA,MAAM,EAAA,GAAK,YAAY,SAAS,CAAA;AAEhC,EAAA,MAAM,MAAA,GAAS,cAAA,CAAe,aAAA,EAAe,GAAA,EAAK,EAAE,CAAA;AACpD,EAAA,MAAM,SAAA,GAAY,MAAA,CAAO,MAAA,CAAO,CAAC,MAAA,CAAO,MAAA,CAAO,SAAA,EAAW,MAAM,CAAA,EAAG,MAAA,CAAO,KAAA,EAAO,CAAC,CAAA;AAClF,EAAA,MAAM,GAAA,GAAM,OAAO,UAAA,EAAW;AAE9B,EAAA,MAAM,OAAA,GAAU,OAAO,MAAA,CAAO,CAAC,MAAM,EAAA,EAAI,SAAA,EAAW,GAAG,CAAC,CAAA;AACxD,EAAA,OAAO,MAAA,GAAS,OAAA,CAAQ,QAAA,CAAS,QAAQ,CAAA;AAC3C;AAGO,SAAS,aAAA,CAAc,WAAmB,UAAA,EAA4B;AAC3E,EAAA,IAAI,CAAC,WAAA,CAAY,SAAS,CAAA,EAAG;AAC3B,IAAA,MAAM,IAAI,MAAM,wDAAwD,CAAA;AAAA,EAC1E;AACA,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAI,MAAM,+BAA+B,CAAA;AAAA,EACjD;AAEA,EAAA,MAAM,OAAA,GAAU,OAAO,IAAA,CAAK,SAAA,CAAU,MAAM,MAAA,CAAO,MAAM,GAAG,QAAQ,CAAA;AACpE,EAAA,IAAI,OAAA,CAAQ,MAAA,GAAS,WAAA,GAAc,SAAA,GAAY,UAAA,EAAY;AACzD,IAAA,MAAM,IAAI,MAAM,iCAAiC,CAAA;AAAA,EACnD;AAEA,EAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,QAAA,CAAS,CAAA,EAAG,WAAW,CAAA;AAC5C,EAAA,MAAM,EAAA,GAAK,OAAA,CAAQ,QAAA,CAAS,WAAA,EAAa,cAAc,SAAS,CAAA;AAChE,EAAA,MAAM,GAAA,GAAM,OAAA,CAAQ,QAAA,CAAS,OAAA,CAAQ,SAAS,UAAU,CAAA;AACxD,EAAA,MAAM,aAAa,OAAA,CAAQ,QAAA,CAAS,cAAc,SAAA,EAAW,OAAA,CAAQ,SAAS,UAAU,CAAA;AAExF,EAAA,MAAM,GAAA,GAAM,UAAA,CAAW,UAAA,EAAY,IAAA,EAAM,UAAA,EAAY;AAAA,IACnD,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,MAAA,EAAQ;AAAA,GACT,CAAA;AAED,EAAA,MAAM,QAAA,GAAW,gBAAA,CAAiB,aAAA,EAAe,GAAA,EAAK,EAAE,CAAA;AACxD,EAAA,QAAA,CAAS,WAAW,GAAG,CAAA;AAEvB,EAAA,IAAI;AACF,IAAA,MAAM,SAAA,GAAY,MAAA,CAAO,MAAA,CAAO,CAAC,QAAA,CAAS,MAAA,CAAO,UAAU,CAAA,EAAG,QAAA,CAAS,KAAA,EAAO,CAAC,CAAA;AAC/E,IAAA,OAAO,SAAA,CAAU,SAAS,MAAM,CAAA;AAAA,EAClC,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,MAAM,wDAAwD,CAAA;AAAA,EAC1E;AACF;;;AC3EO,SAAS,WAAA,CAAY,MAAc,UAAA,EAAkC;AAC1E,EAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,IAAI,CAAA;AAE9B,EAAA,IAAI,CAAC,UAAU,OAAO,MAAA,KAAW,YAAY,KAAA,CAAM,OAAA,CAAQ,MAAM,CAAA,EAAG;AAClE,IAAA,MAAM,IAAI,MAAM,uCAAuC,CAAA;AAAA,EACzD;AACA,EAAA,IAAI,CAAC,OAAO,QAAA,EAAU,UAAA,IAAc,OAAO,MAAA,CAAO,QAAA,CAAS,eAAe,QAAA,EAAU;AAClF,IAAA,MAAM,IAAI,MAAM,4DAA4D,CAAA;AAAA,EAC9E;AACA,EAAA,IAAI,OAAO,OAAO,QAAA,CAAS,IAAA,KAAS,YAAY,CAAC,MAAA,CAAO,SAAS,IAAA,EAAM;AACrE,IAAA,MAAM,IAAI,MAAM,sDAAsD,CAAA;AAAA,EACxE;AACA,EAAA,IACE,CAAC,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,MAAM,CAAA,IAC5B,CAAC,MAAA,CAAO,MAAA,CAAO,MAAM,CAAC,CAAA,KAAe,OAAO,CAAA,KAAM,QAAQ,CAAA,EAC1D;AACA,IAAA,MAAM,IAAI,MAAM,qDAAqD,CAAA;AAAA,EACvE;AAEA,EAAA,IAAI,MAAA,CAAO,iBAAiB,MAAA,EAAW;AACrC,IAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,YAAY,CAAA,EAAG;AACvC,MAAA,MAAM,IAAI,MAAM,gDAAgD,CAAA;AAAA,IAClE;AACA,IAAA,KAAA,MAAW,GAAA,IAAO,OAAO,YAAA,EAAc;AACrC,MAAA,IACE,CAAC,GAAA,IACD,OAAO,GAAA,KAAQ,QAAA,IACf,OAAO,GAAA,CAAI,IAAA,KAAS,QAAA,IACpB,OAAO,IAAI,WAAA,KAAgB,QAAA,IAC3B,OAAO,GAAA,CAAI,UAAU,QAAA,EACrB;AACA,QAAA,MAAM,IAAI,KAAA;AAAA,UACR;AAAA,SACF;AAAA,MACF;AACA,MAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,GAAA,CAAI,IAAI,CAAA,IAAK,CAAC,GAAA,CAAI,IAAA,CAAK,MAAM,CAAC,CAAA,KAAe,OAAO,CAAA,KAAM,QAAQ,CAAA,EAAG;AACtF,QAAA,MAAM,IAAI,MAAM,oEAAoE,CAAA;AAAA,MACtF;AACA,MAAA,IAAI,CAAC,OAAO,SAAA,CAAU,GAAA,CAAI,KAAK,CAAA,IAAK,GAAA,CAAI,QAAQ,CAAA,EAAG;AACjD,QAAA,MAAM,IAAI,KAAA;AAAA,UACR;AAAA,SACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACA,EAAA,IAAI,MAAA,CAAO,aAAa,MAAA,EAAW;AACjC,IAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,QAAQ,CAAA,EAAG;AACnC,MAAA,MAAM,IAAI,MAAM,4CAA4C,CAAA;AAAA,IAC9D;AACA,IAAA,KAAA,MAAW,CAAA,IAAK,OAAO,QAAA,EAAU;AAC/B,MAAA,IACE,CAAC,CAAA,IACD,OAAO,CAAA,KAAM,QAAA,IACb,OAAO,CAAA,CAAE,KAAA,KAAU,QAAA,IACnB,OAAO,EAAE,OAAA,KAAY,QAAA,IACrB,OAAO,CAAA,CAAE,YAAY,QAAA,EACrB;AACA,QAAA,MAAM,IAAI,KAAA;AAAA,UACR;AAAA,SACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACA,EAAA,IAAI,MAAA,CAAO,WAAW,MAAA,EAAW;AAC/B,IAAA,IACE,CAAC,OAAO,MAAA,IACR,OAAO,OAAO,MAAA,KAAW,QAAA,IACzB,OAAO,MAAA,CAAO,MAAA,CAAO,UAAU,QAAA,IAC/B,OAAO,OAAO,MAAA,CAAO,OAAA,KAAY,YACjC,OAAO,MAAA,CAAO,MAAA,CAAO,UAAA,KAAe,QAAA,EACpC;AACA,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AACA,EAAA,IAAI,MAAA,CAAO,QAAQ,MAAA,EAAW;AAC5B,IAAA,IACE,CAAC,MAAA,CAAO,GAAA,IACR,OAAO,MAAA,CAAO,QAAQ,QAAA,IACtB,OAAO,MAAA,CAAO,GAAA,CAAI,aAAa,QAAA,IAC/B,OAAO,MAAA,CAAO,GAAA,CAAI,UAAU,QAAA,IAC5B,OAAO,MAAA,CAAO,GAAA,CAAI,YAAY,QAAA,IAC9B,OAAO,MAAA,CAAO,GAAA,CAAI,eAAe,QAAA,IACjC,CAAC,MAAA,CAAO,SAAA,CAAU,OAAO,GAAA,CAAI,UAAU,KACvC,MAAA,CAAO,GAAA,CAAI,cAAc,CAAA,EACzB;AACA,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,YAAsB,EAAC;AAC7B,IAAA,IAAI,OAAO,QAAA,EAAU,UAAA,IAAc,YAAY,MAAA,CAAO,QAAA,CAAS,UAAU,CAAA,EAAG;AAC1E,MAAA,SAAA,CAAU,KAAK,qBAAqB,CAAA;AAAA,IACtC;AACA,IAAA,IAAI,OAAO,MAAA,EAAQ,UAAA,IAAc,YAAY,MAAA,CAAO,MAAA,CAAO,UAAU,CAAA,EAAG;AACtE,MAAA,SAAA,CAAU,KAAK,mBAAmB,CAAA;AAAA,IACpC;AACA,IAAA,IAAI,OAAO,GAAA,EAAK,OAAA,IAAW,YAAY,MAAA,CAAO,GAAA,CAAI,OAAO,CAAA,EAAG;AAC1D,MAAA,SAAA,CAAU,KAAK,aAAa,CAAA;AAAA,IAC9B;AACA,IAAA,IAAI,SAAA,CAAU,SAAS,CAAA,EAAG;AACxB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,QAAA,EAAW,SAAA,CAAU,IAAA,CAAK,IAAI,CAAC,CAAA,0EAAA;AAAA,OACjC;AAAA,IACF;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,IAAI,OAAO,QAAA,EAAU,UAAA,IAAc,YAAY,MAAA,CAAO,QAAA,CAAS,UAAU,CAAA,EAAG;AAC1E,IAAA,MAAA,CAAO,SAAS,UAAA,GAAa,aAAA,CAAc,MAAA,CAAO,QAAA,CAAS,YAAY,UAAU,CAAA;AAAA,EACnF;AACA,EAAA,IAAI,OAAO,MAAA,EAAQ,UAAA,IAAc,YAAY,MAAA,CAAO,MAAA,CAAO,UAAU,CAAA,EAAG;AACtE,IAAA,MAAA,CAAO,OAAO,UAAA,GAAa,aAAA,CAAc,MAAA,CAAO,MAAA,CAAO,YAAY,UAAU,CAAA;AAAA,EAC/E;AACA,EAAA,IAAI,OAAO,GAAA,EAAK,OAAA,IAAW,YAAY,MAAA,CAAO,GAAA,CAAI,OAAO,CAAA,EAAG;AAC1D,IAAA,MAAA,CAAO,IAAI,OAAA,GAAU,aAAA,CAAc,MAAA,CAAO,GAAA,CAAI,SAAS,UAAU,CAAA;AAAA,EACnE;AAEA,EAAA,OAAO,MAAA;AACT","file":"node.js","sourcesContent":["/**\n * Secret encryption/decryption for agent config files.\n * Uses scrypt (KDF) + AES-256-GCM (cipher).\n * Format: \"encrypted:v1:\" + base64(salt[16] + iv[12] + ciphertext + tag[16])\n *\n * scrypt params: N=2^17, r=8, p=1 (~128 MB RAM per derivation).\n *\n * Node.js/Bun only - not available in browsers. Reachable only via the\n * '@elisym/sdk/node' subpath, which browser bundlers will not resolve.\n */\n\nimport { Buffer } from 'node:buffer';\nimport { createCipheriv, createDecipheriv, randomBytes, scryptSync } from 'node:crypto';\n\nconst PREFIX = 'encrypted:v1:';\nconst SALT_LENGTH = 16;\nconst IV_LENGTH = 12;\nconst TAG_LENGTH = 16;\nconst KEY_LENGTH = 32; // AES-256\n// v1: N=2^17 (OWASP minimum). v2 will use N=2^20 with format migration.\nconst SCRYPT_N = 2 ** 17;\nconst SCRYPT_R = 8;\nconst SCRYPT_P = 1;\nconst SCRYPT_MAXMEM = 128 * SCRYPT_N * SCRYPT_R * 2; // 2x the minimum required memory\n\n/** Check if a value is encrypted (has the encrypted:v1: prefix). */\nexport function isEncrypted(value: string): boolean {\n return value.startsWith(PREFIX);\n}\n\n/** Encrypt a plaintext secret with a passphrase. Returns \"encrypted:v1:base64...\". Node.js/Bun only. */\nexport function encryptSecret(plaintext: string, passphrase: string): string {\n if (!passphrase) {\n throw new Error('Passphrase must not be empty.');\n }\n\n const salt = randomBytes(SALT_LENGTH);\n const key = scryptSync(passphrase, salt, KEY_LENGTH, {\n N: SCRYPT_N,\n r: SCRYPT_R,\n p: SCRYPT_P,\n maxmem: SCRYPT_MAXMEM,\n });\n const iv = randomBytes(IV_LENGTH);\n\n const cipher = createCipheriv('aes-256-gcm', key, iv);\n const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);\n const tag = cipher.getAuthTag();\n\n const payload = Buffer.concat([salt, iv, encrypted, tag]);\n return PREFIX + payload.toString('base64');\n}\n\n/** Decrypt an encrypted secret with a passphrase. Throws on wrong passphrase or corrupted data. Node.js/Bun only. */\nexport function decryptSecret(encrypted: string, passphrase: string): string {\n if (!isEncrypted(encrypted)) {\n throw new Error('Value is not encrypted (missing encrypted:v1: prefix).');\n }\n if (!passphrase) {\n throw new Error('Passphrase must not be empty.');\n }\n\n const payload = Buffer.from(encrypted.slice(PREFIX.length), 'base64');\n if (payload.length < SALT_LENGTH + IV_LENGTH + TAG_LENGTH) {\n throw new Error('Encrypted payload is too short.');\n }\n\n const salt = payload.subarray(0, SALT_LENGTH);\n const iv = payload.subarray(SALT_LENGTH, SALT_LENGTH + IV_LENGTH);\n const tag = payload.subarray(payload.length - TAG_LENGTH);\n const ciphertext = payload.subarray(SALT_LENGTH + IV_LENGTH, payload.length - TAG_LENGTH);\n\n const key = scryptSync(passphrase, salt, KEY_LENGTH, {\n N: SCRYPT_N,\n r: SCRYPT_R,\n p: SCRYPT_P,\n maxmem: SCRYPT_MAXMEM,\n });\n\n const decipher = createDecipheriv('aes-256-gcm', key, iv);\n decipher.setAuthTag(tag);\n\n try {\n const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);\n return decrypted.toString('utf8');\n } catch {\n throw new Error('Decryption failed. Wrong passphrase or corrupted data.');\n }\n}\n","/**\n * Node.js-only config parsing with secret decryption.\n * Exported from '@elisym/sdk/node'.\n */\n\nimport type { AgentConfig } from '../types';\nimport { isEncrypted, decryptSecret } from './encryption';\n\n/**\n * Parse a JSON string into an AgentConfig.\n * If passphrase is provided, decrypts all encrypted fields (requires Node.js/Bun).\n * If passphrase is not provided and encrypted fields exist, throws.\n */\nexport function parseConfig(json: string, passphrase?: string): AgentConfig {\n const config = JSON.parse(json) as AgentConfig;\n\n if (!config || typeof config !== 'object' || Array.isArray(config)) {\n throw new Error('Invalid config: expected JSON object.');\n }\n if (!config.identity?.secret_key || typeof config.identity.secret_key !== 'string') {\n throw new Error('Invalid config: missing or non-string identity.secret_key.');\n }\n if (typeof config.identity.name !== 'string' || !config.identity.name) {\n throw new Error('Invalid config: missing or non-string identity.name.');\n }\n if (\n !Array.isArray(config.relays) ||\n !config.relays.every((r: unknown) => typeof r === 'string')\n ) {\n throw new Error('Invalid config: relays must be an array of strings.');\n }\n\n if (config.capabilities !== undefined) {\n if (!Array.isArray(config.capabilities)) {\n throw new Error('Invalid config: capabilities must be an array.');\n }\n for (const cap of config.capabilities) {\n if (\n !cap ||\n typeof cap !== 'object' ||\n typeof cap.name !== 'string' ||\n typeof cap.description !== 'string' ||\n typeof cap.price !== 'number'\n ) {\n throw new Error(\n 'Invalid config: each capability must have name (string), description (string), and price (number).',\n );\n }\n if (!Array.isArray(cap.tags) || !cap.tags.every((t: unknown) => typeof t === 'string')) {\n throw new Error('Invalid config: each capability must have tags (array of strings).');\n }\n if (!Number.isInteger(cap.price) || cap.price < 0) {\n throw new Error(\n 'Invalid config: capability price must be a non-negative integer (lamports).',\n );\n }\n }\n }\n if (config.payments !== undefined) {\n if (!Array.isArray(config.payments)) {\n throw new Error('Invalid config: payments must be an array.');\n }\n for (const p of config.payments) {\n if (\n !p ||\n typeof p !== 'object' ||\n typeof p.chain !== 'string' ||\n typeof p.network !== 'string' ||\n typeof p.address !== 'string'\n ) {\n throw new Error(\n 'Invalid config: each payment entry must have chain, network, and address (all strings).',\n );\n }\n }\n }\n if (config.wallet !== undefined) {\n if (\n !config.wallet ||\n typeof config.wallet !== 'object' ||\n typeof config.wallet.chain !== 'string' ||\n typeof config.wallet.network !== 'string' ||\n typeof config.wallet.secret_key !== 'string'\n ) {\n throw new Error(\n 'Invalid config: wallet must have chain, network, and secret_key (all strings).',\n );\n }\n }\n if (config.llm !== undefined) {\n if (\n !config.llm ||\n typeof config.llm !== 'object' ||\n typeof config.llm.provider !== 'string' ||\n typeof config.llm.model !== 'string' ||\n typeof config.llm.api_key !== 'string' ||\n typeof config.llm.max_tokens !== 'number' ||\n !Number.isInteger(config.llm.max_tokens) ||\n config.llm.max_tokens <= 0\n ) {\n throw new Error(\n 'Invalid config: llm must have provider, model, api_key (strings) and max_tokens (positive integer).',\n );\n }\n }\n\n if (!passphrase) {\n const encrypted: string[] = [];\n if (config.identity?.secret_key && isEncrypted(config.identity.secret_key)) {\n encrypted.push('identity.secret_key');\n }\n if (config.wallet?.secret_key && isEncrypted(config.wallet.secret_key)) {\n encrypted.push('wallet.secret_key');\n }\n if (config.llm?.api_key && isEncrypted(config.llm.api_key)) {\n encrypted.push('llm.api_key');\n }\n if (encrypted.length > 0) {\n throw new Error(\n `Fields [${encrypted.join(', ')}] are encrypted but no passphrase provided. Set ELISYM_PASSPHRASE env var.`,\n );\n }\n return config;\n }\n\n if (config.identity?.secret_key && isEncrypted(config.identity.secret_key)) {\n config.identity.secret_key = decryptSecret(config.identity.secret_key, passphrase);\n }\n if (config.wallet?.secret_key && isEncrypted(config.wallet.secret_key)) {\n config.wallet.secret_key = decryptSecret(config.wallet.secret_key, passphrase);\n }\n if (config.llm?.api_key && isEncrypted(config.llm.api_key)) {\n config.llm.api_key = decryptSecret(config.llm.api_key, passphrase);\n }\n\n return config;\n}\n"]}
|
|
1
|
+
{"version":3,"sources":["../src/primitives/encryption.ts"],"names":[],"mappings":";;;;AAcA,IAAM,MAAA,GAAS,eAAA;AACf,IAAM,WAAA,GAAc,EAAA;AACpB,IAAM,SAAA,GAAY,EAAA;AAClB,IAAM,UAAA,GAAa,EAAA;AACnB,IAAM,UAAA,GAAa,EAAA;AAEnB,IAAM,WAAW,CAAA,IAAK,EAAA;AACtB,IAAM,QAAA,GAAW,CAAA;AACjB,IAAM,QAAA,GAAW,CAAA;AACjB,IAAM,aAAA,GAAgB,GAAA,GAAM,QAAA,GAAW,QAAA,GAAW,CAAA;AAG3C,SAAS,YAAY,KAAA,EAAwB;AAClD,EAAA,OAAO,KAAA,CAAM,WAAW,MAAM,CAAA;AAChC;AAGO,SAAS,aAAA,CAAc,WAAmB,UAAA,EAA4B;AAC3E,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAI,MAAM,+BAA+B,CAAA;AAAA,EACjD;AAEA,EAAA,MAAM,IAAA,GAAO,YAAY,WAAW,CAAA;AACpC,EAAA,MAAM,GAAA,GAAM,UAAA,CAAW,UAAA,EAAY,IAAA,EAAM,UAAA,EAAY;AAAA,IACnD,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,MAAA,EAAQ;AAAA,GACT,CAAA;AACD,EAAA,MAAM,EAAA,GAAK,YAAY,SAAS,CAAA;AAEhC,EAAA,MAAM,MAAA,GAAS,cAAA,CAAe,aAAA,EAAe,GAAA,EAAK,EAAE,CAAA;AACpD,EAAA,MAAM,SAAA,GAAY,MAAA,CAAO,MAAA,CAAO,CAAC,MAAA,CAAO,MAAA,CAAO,SAAA,EAAW,MAAM,CAAA,EAAG,MAAA,CAAO,KAAA,EAAO,CAAC,CAAA;AAClF,EAAA,MAAM,GAAA,GAAM,OAAO,UAAA,EAAW;AAE9B,EAAA,MAAM,OAAA,GAAU,OAAO,MAAA,CAAO,CAAC,MAAM,EAAA,EAAI,SAAA,EAAW,GAAG,CAAC,CAAA;AACxD,EAAA,OAAO,MAAA,GAAS,OAAA,CAAQ,QAAA,CAAS,QAAQ,CAAA;AAC3C;AAGO,SAAS,aAAA,CAAc,WAAmB,UAAA,EAA4B;AAC3E,EAAA,IAAI,CAAC,WAAA,CAAY,SAAS,CAAA,EAAG;AAC3B,IAAA,MAAM,IAAI,MAAM,wDAAwD,CAAA;AAAA,EAC1E;AACA,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAI,MAAM,+BAA+B,CAAA;AAAA,EACjD;AAEA,EAAA,MAAM,OAAA,GAAU,OAAO,IAAA,CAAK,SAAA,CAAU,MAAM,MAAA,CAAO,MAAM,GAAG,QAAQ,CAAA;AACpE,EAAA,IAAI,OAAA,CAAQ,MAAA,GAAS,WAAA,GAAc,SAAA,GAAY,UAAA,EAAY;AACzD,IAAA,MAAM,IAAI,MAAM,iCAAiC,CAAA;AAAA,EACnD;AAEA,EAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,QAAA,CAAS,CAAA,EAAG,WAAW,CAAA;AAC5C,EAAA,MAAM,EAAA,GAAK,OAAA,CAAQ,QAAA,CAAS,WAAA,EAAa,cAAc,SAAS,CAAA;AAChE,EAAA,MAAM,GAAA,GAAM,OAAA,CAAQ,QAAA,CAAS,OAAA,CAAQ,SAAS,UAAU,CAAA;AACxD,EAAA,MAAM,aAAa,OAAA,CAAQ,QAAA,CAAS,cAAc,SAAA,EAAW,OAAA,CAAQ,SAAS,UAAU,CAAA;AAExF,EAAA,MAAM,GAAA,GAAM,UAAA,CAAW,UAAA,EAAY,IAAA,EAAM,UAAA,EAAY;AAAA,IACnD,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,CAAA,EAAG,QAAA;AAAA,IACH,MAAA,EAAQ;AAAA,GACT,CAAA;AAED,EAAA,MAAM,QAAA,GAAW,gBAAA,CAAiB,aAAA,EAAe,GAAA,EAAK,EAAE,CAAA;AACxD,EAAA,QAAA,CAAS,WAAW,GAAG,CAAA;AAEvB,EAAA,IAAI;AACF,IAAA,MAAM,SAAA,GAAY,MAAA,CAAO,MAAA,CAAO,CAAC,QAAA,CAAS,MAAA,CAAO,UAAU,CAAA,EAAG,QAAA,CAAS,KAAA,EAAO,CAAC,CAAA;AAC/E,IAAA,OAAO,SAAA,CAAU,SAAS,MAAM,CAAA;AAAA,EAClC,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,MAAM,wDAAwD,CAAA;AAAA,EAC1E;AACF","file":"node.js","sourcesContent":["/**\n * Secret encryption/decryption for agent config files.\n * Uses scrypt (KDF) + AES-256-GCM (cipher).\n * Format: \"encrypted:v1:\" + base64(salt[16] + iv[12] + ciphertext + tag[16])\n *\n * scrypt params: N=2^17, r=8, p=1 (~128 MB RAM per derivation).\n *\n * Node.js/Bun only - not available in browsers. Reachable only via the\n * '@elisym/sdk/node' subpath, which browser bundlers will not resolve.\n */\n\nimport { Buffer } from 'node:buffer';\nimport { createCipheriv, createDecipheriv, randomBytes, scryptSync } from 'node:crypto';\n\nconst PREFIX = 'encrypted:v1:';\nconst SALT_LENGTH = 16;\nconst IV_LENGTH = 12;\nconst TAG_LENGTH = 16;\nconst KEY_LENGTH = 32; // AES-256\n// v1: N=2^17 (OWASP minimum). v2 will use N=2^20 with format migration.\nconst SCRYPT_N = 2 ** 17;\nconst SCRYPT_R = 8;\nconst SCRYPT_P = 1;\nconst SCRYPT_MAXMEM = 128 * SCRYPT_N * SCRYPT_R * 2; // 2x the minimum required memory\n\n/** Check if a value is encrypted (has the encrypted:v1: prefix). */\nexport function isEncrypted(value: string): boolean {\n return value.startsWith(PREFIX);\n}\n\n/** Encrypt a plaintext secret with a passphrase. Returns \"encrypted:v1:base64...\". Node.js/Bun only. */\nexport function encryptSecret(plaintext: string, passphrase: string): string {\n if (!passphrase) {\n throw new Error('Passphrase must not be empty.');\n }\n\n const salt = randomBytes(SALT_LENGTH);\n const key = scryptSync(passphrase, salt, KEY_LENGTH, {\n N: SCRYPT_N,\n r: SCRYPT_R,\n p: SCRYPT_P,\n maxmem: SCRYPT_MAXMEM,\n });\n const iv = randomBytes(IV_LENGTH);\n\n const cipher = createCipheriv('aes-256-gcm', key, iv);\n const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);\n const tag = cipher.getAuthTag();\n\n const payload = Buffer.concat([salt, iv, encrypted, tag]);\n return PREFIX + payload.toString('base64');\n}\n\n/** Decrypt an encrypted secret with a passphrase. Throws on wrong passphrase or corrupted data. Node.js/Bun only. */\nexport function decryptSecret(encrypted: string, passphrase: string): string {\n if (!isEncrypted(encrypted)) {\n throw new Error('Value is not encrypted (missing encrypted:v1: prefix).');\n }\n if (!passphrase) {\n throw new Error('Passphrase must not be empty.');\n }\n\n const payload = Buffer.from(encrypted.slice(PREFIX.length), 'base64');\n if (payload.length < SALT_LENGTH + IV_LENGTH + TAG_LENGTH) {\n throw new Error('Encrypted payload is too short.');\n }\n\n const salt = payload.subarray(0, SALT_LENGTH);\n const iv = payload.subarray(SALT_LENGTH, SALT_LENGTH + IV_LENGTH);\n const tag = payload.subarray(payload.length - TAG_LENGTH);\n const ciphertext = payload.subarray(SALT_LENGTH + IV_LENGTH, payload.length - TAG_LENGTH);\n\n const key = scryptSync(passphrase, salt, KEY_LENGTH, {\n N: SCRYPT_N,\n r: SCRYPT_R,\n p: SCRYPT_P,\n maxmem: SCRYPT_MAXMEM,\n });\n\n const decipher = createDecipheriv('aes-256-gcm', key, iv);\n decipher.setAuthTag(tag);\n\n try {\n const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);\n return decrypted.toString('utf8');\n } catch {\n throw new Error('Decryption failed. Wrong passphrase or corrupted data.');\n }\n}\n"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@elisym/sdk",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.5.0",
|
|
4
4
|
"description": "TypeScript SDK for elisym - AI agent discovery, marketplace, and payments on Nostr",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"ai-agents",
|
|
@@ -53,6 +53,16 @@
|
|
|
53
53
|
"types": "./dist/node.d.cts",
|
|
54
54
|
"default": "./dist/node.cjs"
|
|
55
55
|
}
|
|
56
|
+
},
|
|
57
|
+
"./agent-store": {
|
|
58
|
+
"import": {
|
|
59
|
+
"types": "./dist/agent-store.d.ts",
|
|
60
|
+
"default": "./dist/agent-store.js"
|
|
61
|
+
},
|
|
62
|
+
"require": {
|
|
63
|
+
"types": "./dist/agent-store.d.cts",
|
|
64
|
+
"default": "./dist/agent-store.cjs"
|
|
65
|
+
}
|
|
56
66
|
}
|
|
57
67
|
},
|
|
58
68
|
"scripts": {
|
|
@@ -66,6 +76,10 @@
|
|
|
66
76
|
"qa": "tsup && vitest run && tsc --noEmit && oxlint src/ && oxfmt --check src/ tests/",
|
|
67
77
|
"clean": "rm -rf dist"
|
|
68
78
|
},
|
|
79
|
+
"dependencies": {
|
|
80
|
+
"yaml": "~2.8.3",
|
|
81
|
+
"zod": "~3.25.0"
|
|
82
|
+
},
|
|
69
83
|
"devDependencies": {
|
|
70
84
|
"@elisym/config-client": "workspace:*",
|
|
71
85
|
"@solana-program/system": "~0.12.0",
|
|
@@ -1,181 +0,0 @@
|
|
|
1
|
-
declare class ElisymIdentity {
|
|
2
|
-
private _secretKey;
|
|
3
|
-
readonly publicKey: string;
|
|
4
|
-
readonly npub: string;
|
|
5
|
-
get secretKey(): Uint8Array;
|
|
6
|
-
private constructor();
|
|
7
|
-
static generate(): ElisymIdentity;
|
|
8
|
-
static fromSecretKey(sk: Uint8Array): ElisymIdentity;
|
|
9
|
-
toJSON(): {
|
|
10
|
-
publicKey: string;
|
|
11
|
-
npub: string;
|
|
12
|
-
};
|
|
13
|
-
/** Best-effort scrub of the secret key bytes in memory. */
|
|
14
|
-
scrub(): void;
|
|
15
|
-
static fromHex(hex: string): ElisymIdentity;
|
|
16
|
-
}
|
|
17
|
-
|
|
18
|
-
interface SubCloser {
|
|
19
|
-
close: (reason?: string) => void;
|
|
20
|
-
}
|
|
21
|
-
/** Capability card published to Nostr (NIP-89). */
|
|
22
|
-
interface CapabilityCard {
|
|
23
|
-
name: string;
|
|
24
|
-
description: string;
|
|
25
|
-
capabilities: string[];
|
|
26
|
-
payment?: PaymentInfo;
|
|
27
|
-
image?: string;
|
|
28
|
-
static?: boolean;
|
|
29
|
-
}
|
|
30
|
-
/** Payment info embedded in capability card (legacy format for on-network events). */
|
|
31
|
-
interface PaymentInfo {
|
|
32
|
-
chain: string;
|
|
33
|
-
network: string;
|
|
34
|
-
address: string;
|
|
35
|
-
/** Price in lamports (must be non-negative integer). */
|
|
36
|
-
job_price?: number;
|
|
37
|
-
}
|
|
38
|
-
/** Agent discovered from the network. */
|
|
39
|
-
interface Agent {
|
|
40
|
-
pubkey: string;
|
|
41
|
-
npub: string;
|
|
42
|
-
cards: CapabilityCard[];
|
|
43
|
-
eventId: string;
|
|
44
|
-
supportedKinds: number[];
|
|
45
|
-
lastSeen: number;
|
|
46
|
-
picture?: string;
|
|
47
|
-
name?: string;
|
|
48
|
-
about?: string;
|
|
49
|
-
}
|
|
50
|
-
type Network = 'mainnet' | 'devnet';
|
|
51
|
-
/**
|
|
52
|
-
* Job lifecycle status.
|
|
53
|
-
* Note: for broadcast jobs (no providerPubkey, no bid), fetchRecentJobs() keeps
|
|
54
|
-
* status as 'processing' even if a provider sent 'payment-required' feedback,
|
|
55
|
-
* because the customer hasn't committed to that provider yet. The real-time
|
|
56
|
-
* payment-required transition is handled by subscribeToJobUpdates().
|
|
57
|
-
*/
|
|
58
|
-
type JobStatus = 'payment-required' | 'payment-completed' | 'processing' | 'error' | 'success' | 'partial' | 'unknown';
|
|
59
|
-
interface Job {
|
|
60
|
-
eventId: string;
|
|
61
|
-
customer: string;
|
|
62
|
-
agentPubkey?: string;
|
|
63
|
-
capability?: string;
|
|
64
|
-
bid?: number;
|
|
65
|
-
status: JobStatus;
|
|
66
|
-
result?: string;
|
|
67
|
-
resultEventId?: string;
|
|
68
|
-
amount?: number;
|
|
69
|
-
txHash?: string;
|
|
70
|
-
createdAt: number;
|
|
71
|
-
}
|
|
72
|
-
interface SubmitJobOptions {
|
|
73
|
-
/** Job input text. Sent unencrypted if providerPubkey is not set. */
|
|
74
|
-
input: string;
|
|
75
|
-
capability: string;
|
|
76
|
-
/** Target provider pubkey. If omitted, job is broadcast unencrypted and visible to all relays. */
|
|
77
|
-
providerPubkey?: string;
|
|
78
|
-
/** Kind offset (default 100 - kind 5100). */
|
|
79
|
-
kindOffset?: number;
|
|
80
|
-
}
|
|
81
|
-
interface JobUpdateCallbacks {
|
|
82
|
-
onFeedback?: (status: string, amount?: number, paymentRequest?: string, senderPubkey?: string) => void;
|
|
83
|
-
onResult?: (content: string, eventId: string) => void;
|
|
84
|
-
onError?: (error: string) => void;
|
|
85
|
-
}
|
|
86
|
-
interface JobSubscriptionOptions {
|
|
87
|
-
jobEventId: string;
|
|
88
|
-
providerPubkey?: string;
|
|
89
|
-
customerPublicKey: string;
|
|
90
|
-
callbacks: JobUpdateCallbacks;
|
|
91
|
-
timeoutMs?: number;
|
|
92
|
-
customerSecretKey?: Uint8Array;
|
|
93
|
-
kindOffsets?: number[];
|
|
94
|
-
sinceOverride?: number;
|
|
95
|
-
}
|
|
96
|
-
interface PingResult {
|
|
97
|
-
online: boolean;
|
|
98
|
-
/** The identity used for the ping session - reuse for job submission so pubkeys match. */
|
|
99
|
-
identity: ElisymIdentity | null;
|
|
100
|
-
}
|
|
101
|
-
interface PaymentRequestData {
|
|
102
|
-
recipient: string;
|
|
103
|
-
/** Total amount in lamports (must be positive integer). */
|
|
104
|
-
amount: number;
|
|
105
|
-
reference: string;
|
|
106
|
-
description?: string;
|
|
107
|
-
fee_address?: string;
|
|
108
|
-
fee_amount?: number;
|
|
109
|
-
/** Creation timestamp (Unix seconds). */
|
|
110
|
-
created_at: number;
|
|
111
|
-
/** Expiry duration in seconds. */
|
|
112
|
-
expiry_secs: number;
|
|
113
|
-
}
|
|
114
|
-
interface VerifyResult {
|
|
115
|
-
verified: boolean;
|
|
116
|
-
txSignature?: string;
|
|
117
|
-
error?: string;
|
|
118
|
-
}
|
|
119
|
-
interface VerifyOptions {
|
|
120
|
-
retries?: number;
|
|
121
|
-
intervalMs?: number;
|
|
122
|
-
txSignature?: string;
|
|
123
|
-
}
|
|
124
|
-
type PaymentValidationCode = 'invalid_json' | 'invalid_amount' | 'missing_recipient' | 'invalid_recipient_address' | 'missing_reference' | 'invalid_reference_address' | 'recipient_mismatch' | 'expired' | 'future_timestamp' | 'fee_address_mismatch' | 'fee_amount_mismatch' | 'missing_fee' | 'invalid_fee_params';
|
|
125
|
-
interface PaymentValidationError {
|
|
126
|
-
code: PaymentValidationCode;
|
|
127
|
-
message: string;
|
|
128
|
-
}
|
|
129
|
-
interface NetworkStats {
|
|
130
|
-
totalAgentCount: number;
|
|
131
|
-
agentCount: number;
|
|
132
|
-
jobCount: number;
|
|
133
|
-
totalLamports: number;
|
|
134
|
-
}
|
|
135
|
-
interface ElisymClientConfig {
|
|
136
|
-
relays?: string[];
|
|
137
|
-
}
|
|
138
|
-
interface Identity {
|
|
139
|
-
secret_key: string;
|
|
140
|
-
name: string;
|
|
141
|
-
description?: string;
|
|
142
|
-
picture?: string;
|
|
143
|
-
banner?: string;
|
|
144
|
-
}
|
|
145
|
-
interface Capability {
|
|
146
|
-
name: string;
|
|
147
|
-
description: string;
|
|
148
|
-
tags: string[];
|
|
149
|
-
/** Price in smallest unit (lamports for Solana). */
|
|
150
|
-
price: number;
|
|
151
|
-
/** Hero image URL for app display. */
|
|
152
|
-
image?: string;
|
|
153
|
-
}
|
|
154
|
-
interface PaymentAddress {
|
|
155
|
-
chain: string;
|
|
156
|
-
network: string;
|
|
157
|
-
address: string;
|
|
158
|
-
/** Token mint/contract address. Absent = native coin. */
|
|
159
|
-
token?: string;
|
|
160
|
-
}
|
|
161
|
-
interface WalletConfig {
|
|
162
|
-
chain: string;
|
|
163
|
-
network: string;
|
|
164
|
-
secret_key: string;
|
|
165
|
-
}
|
|
166
|
-
interface LlmConfig {
|
|
167
|
-
provider: string;
|
|
168
|
-
api_key: string;
|
|
169
|
-
model: string;
|
|
170
|
-
max_tokens: number;
|
|
171
|
-
}
|
|
172
|
-
interface AgentConfig {
|
|
173
|
-
identity: Identity;
|
|
174
|
-
relays: string[];
|
|
175
|
-
capabilities?: Capability[];
|
|
176
|
-
payments?: PaymentAddress[];
|
|
177
|
-
wallet?: WalletConfig;
|
|
178
|
-
llm?: LlmConfig;
|
|
179
|
-
}
|
|
180
|
-
|
|
181
|
-
export { type Agent as A, type CapabilityCard as C, ElisymIdentity as E, type Identity as I, type JobSubscriptionOptions as J, type LlmConfig as L, type Network as N, type PaymentRequestData as P, type SubCloser as S, type VerifyOptions as V, type WalletConfig as W, type PaymentValidationError as a, type VerifyResult as b, type SubmitJobOptions as c, type Job as d, type PingResult as e, type ElisymClientConfig as f, type AgentConfig as g, type Capability as h, type JobStatus as i, type JobUpdateCallbacks as j, type NetworkStats as k, type PaymentAddress as l, type PaymentInfo as m, type PaymentValidationCode as n };
|