@fairfox/polly 0.23.0 → 0.25.0

package/dist/src/mesh-node.js

@@ -0,0 +1,619 @@
+var __create = Object.create;
+var __getProtoOf = Object.getPrototypeOf;
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+function __accessProp(key) {
+  return this[key];
+}
+var __toESMCache_node;
+var __toESMCache_esm;
+var __toESM = (mod, isNodeMode, target) => {
+  var canCache = mod != null && typeof mod === "object";
+  if (canCache) {
+    var cache = isNodeMode ? __toESMCache_node ??= new WeakMap : __toESMCache_esm ??= new WeakMap;
+    var cached = cache.get(mod);
+    if (cached)
+      return cached;
+  }
+  target = mod != null ? __create(__getProtoOf(mod)) : {};
+  const to = isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target;
+  for (let key of __getOwnPropNames(mod))
+    if (!__hasOwnProp.call(to, key))
+      __defProp(to, key, {
+        get: __accessProp.bind(mod, key),
+        enumerable: true
+      });
+  if (canCache)
+    cache.set(mod, to);
+  return to;
+};
+var __toCommonJS = (from) => {
+  var entry = (__moduleCache ??= new WeakMap).get(from), desc;
+  if (entry)
+    return entry;
+  entry = __defProp({}, "__esModule", { value: true });
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (var key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(entry, key))
+        __defProp(entry, key, {
+          get: __accessProp.bind(from, key),
+          enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
+        });
+  }
+  __moduleCache.set(from, entry);
+  return entry;
+};
+var __moduleCache;
+var __commonJS = (cb, mod) => () => (mod || cb((mod = { exports: {} }).exports, mod), mod.exports);
+var __returnValue = (v) => v;
+function __exportSetter(name, newValue) {
+  this[name] = __returnValue.bind(null, newValue);
+}
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, {
+      get: all[name],
+      enumerable: true,
+      configurable: true,
+      set: __exportSetter.bind(all, name)
+    });
+};
+var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined")
+    return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+
+// src/shared/lib/encryption.ts
+var exports_encryption = {};
+__export(exports_encryption, {
+  sealEnvelope: () => sealEnvelope,
+  openEnvelope: () => openEnvelope,
+  generateDocumentKey: () => generateDocumentKey,
+  encrypt: () => encrypt,
+  encodeEncryptedEnvelope: () => encodeEncryptedEnvelope,
+  decryptOrThrow: () => decryptOrThrow,
+  decrypt: () => decrypt,
+  decodeEncryptedEnvelope: () => decodeEncryptedEnvelope,
+  TAG_BYTES: () => TAG_BYTES,
+  NONCE_BYTES: () => NONCE_BYTES,
+  KEY_BYTES: () => KEY_BYTES,
+  EncryptionError: () => EncryptionError
+});
+import nacl from "tweetnacl";
+function generateDocumentKey() {
+  return nacl.randomBytes(KEY_BYTES);
+}
+function encrypt(payload, key) {
+  if (key.length !== KEY_BYTES) {
+    throw new EncryptionError(`secretbox key must be ${KEY_BYTES} bytes, got ${key.length}.`, "invalid-key-length");
+  }
+  const nonce = nacl.randomBytes(NONCE_BYTES);
+  const ciphertext = nacl.secretbox(payload, nonce, key);
+  const out = new Uint8Array(NONCE_BYTES + ciphertext.length);
+  out.set(nonce, 0);
+  out.set(ciphertext, NONCE_BYTES);
+  return out;
+}
+function decrypt(sealed, key) {
+  if (key.length !== KEY_BYTES) {
+    throw new EncryptionError(`secretbox key must be ${KEY_BYTES} bytes, got ${key.length}.`, "invalid-key-length");
+  }
+  if (sealed.length < NONCE_BYTES + TAG_BYTES) {
+    return;
+  }
+  const nonce = sealed.subarray(0, NONCE_BYTES);
+  const ciphertext = sealed.subarray(NONCE_BYTES);
+  const opened = nacl.secretbox.open(ciphertext, nonce, key);
+  return opened ?? undefined;
+}
+function decryptOrThrow(sealed, key) {
+  const opened = decrypt(sealed, key);
+  if (!opened) {
+    throw new EncryptionError(`Failed to decrypt sealed blob: wrong key, malformed input, or tampered ciphertext.`, "decrypt-failed");
+  }
+  return opened;
+}
+function sealEnvelope(payload, documentId, key) {
+  return {
+    documentId,
+    sealed: encrypt(payload, key)
+  };
+}
+function openEnvelope(envelope, key) {
+  return decryptOrThrow(envelope.sealed, key);
+}
+function encodeEncryptedEnvelope(envelope) {
+  const idBytes = new TextEncoder().encode(envelope.documentId);
+  const out = new Uint8Array(4 + idBytes.length + envelope.sealed.length);
+  const view = new DataView(out.buffer);
+  view.setUint32(0, idBytes.length, false);
+  out.set(idBytes, 4);
+  out.set(envelope.sealed, 4 + idBytes.length);
+  return out;
+}
+function decodeEncryptedEnvelope(bytes) {
+  if (bytes.length < 4) {
+    throw new EncryptionError(`Encrypted envelope too short: ${bytes.length} bytes.`, "envelope-malformed");
+  }
+  const view = new DataView(bytes.buffer, bytes.byteOffset, bytes.byteLength);
+  const idLen = view.getUint32(0, false);
+  if (bytes.length < 4 + idLen) {
+    throw new EncryptionError(`Encrypted envelope truncated: declared id length ${idLen}, total ${bytes.length}.`, "envelope-malformed");
+  }
+  const documentId = new TextDecoder().decode(bytes.subarray(4, 4 + idLen));
+  const sealed = bytes.slice(4 + idLen);
+  return { documentId, sealed };
+}
+var KEY_BYTES = 32, NONCE_BYTES = 24, TAG_BYTES = 16, EncryptionError;
+var init_encryption = __esm(() => {
+  EncryptionError = class EncryptionError extends Error {
+    code;
+    constructor(message, code) {
+      super(message);
+      this.name = "EncryptionError";
+      this.code = code;
+    }
+  };
+});
+
+// src/mesh-node.ts
+var {readFile, rename, writeFile} = (() => ({}));
+var {createInterface} = (() => ({}));
+
+// src/shared/lib/keyring-storage.ts
+function memoryKeyringStorage() {
+  let stored = null;
+  return {
+    load: async () => stored,
+    save: async (keyring) => {
+      stored = keyring;
+    }
+  };
+}
+function serialiseKeyring(keyring) {
+  const payload = {
+    version: 1,
+    identity: {
+      publicKey: bytesToBase64(keyring.identity.publicKey),
+      secretKey: bytesToBase64(keyring.identity.secretKey)
+    },
+    knownPeers: mapToBase64Record(keyring.knownPeers),
+    documentKeys: mapToBase64Record(keyring.documentKeys),
+    revokedPeers: [...keyring.revokedPeers]
+  };
+  if (keyring.revocationAuthority && keyring.revocationAuthority.size > 0) {
+    payload.revocationAuthority = [...keyring.revocationAuthority];
+  }
+  return JSON.stringify(payload, null, 2);
+}
+function deserialiseKeyring(text) {
+  let raw;
+  try {
+    raw = JSON.parse(text);
+  } catch (err) {
+    throw new Error(`KeyringStorage: keyring payload is not valid JSON: ${err.message}`);
+  }
+  if (!raw || typeof raw !== "object") {
+    throw new Error("KeyringStorage: keyring payload is not an object");
+  }
+  const r = raw;
+  if (r.version !== 1) {
+    throw new Error(`KeyringStorage: unsupported keyring version: ${String(r.version)}`);
+  }
+  if (!r.identity || typeof r.identity !== "object") {
+    throw new Error("KeyringStorage: keyring payload is missing identity");
+  }
+  const identity = {
+    publicKey: base64ToBytes(r.identity.publicKey),
+    secretKey: base64ToBytes(r.identity.secretKey)
+  };
+  const keyring = {
+    identity,
+    knownPeers: base64RecordToMap(r.knownPeers ?? {}),
+    documentKeys: base64RecordToMap(r.documentKeys ?? {}),
+    revokedPeers: new Set(r.revokedPeers ?? [])
+  };
+  if (r.revocationAuthority && r.revocationAuthority.length > 0) {
+    keyring.revocationAuthority = new Set(r.revocationAuthority);
+  }
+  return keyring;
+}
+function mapToBase64Record(map) {
+  const out = {};
+  for (const [key, value] of map) {
+    out[key] = bytesToBase64(value);
+  }
+  return out;
+}
+function base64RecordToMap(record) {
+  const out = new Map;
+  for (const [key, value] of Object.entries(record)) {
+    out.set(key, base64ToBytes(value));
+  }
+  return out;
+}
+function bytesToBase64(bytes) {
+  let binary = "";
+  for (const byte of bytes) {
+    binary += String.fromCharCode(byte);
+  }
+  return btoa(binary);
+}
+function base64ToBytes(b64) {
+  const binary = atob(b64);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0;i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return bytes;
+}
+
+// src/shared/lib/pairing.ts
+init_encryption();
+
+// src/shared/lib/signing.ts
+import nacl2 from "tweetnacl";
+var PUBLIC_KEY_BYTES = 32;
+var SECRET_KEY_BYTES = 64;
+var SIGNATURE_BYTES = 64;
+
+class SigningError extends Error {
+  code;
+  constructor(message, code) {
+    super(message);
+    this.name = "SigningError";
+    this.code = code;
+  }
+}
+function generateSigningKeyPair() {
+  const pair = nacl2.sign.keyPair();
+  return {
+    publicKey: pair.publicKey,
+    secretKey: pair.secretKey
+  };
+}
+function signingKeyPairFromSecret(secretKey) {
+  if (secretKey.length !== SECRET_KEY_BYTES) {
+    throw new SigningError(`Ed25519 secret key must be ${SECRET_KEY_BYTES} bytes, got ${secretKey.length}.`, "invalid-secret-key");
+  }
+  const pair = nacl2.sign.keyPair.fromSecretKey(secretKey);
+  return {
+    publicKey: pair.publicKey,
+    secretKey: pair.secretKey
+  };
+}
+function sign(payload, secretKey) {
+  if (secretKey.length !== SECRET_KEY_BYTES) {
+    throw new SigningError(`Ed25519 secret key must be ${SECRET_KEY_BYTES} bytes, got ${secretKey.length}.`, "invalid-secret-key");
+  }
+  return nacl2.sign.detached(payload, secretKey);
+}
+function verify(payload, signature, publicKey) {
+  if (publicKey.length !== PUBLIC_KEY_BYTES) {
+    throw new SigningError(`Ed25519 public key must be ${PUBLIC_KEY_BYTES} bytes, got ${publicKey.length}.`, "invalid-public-key");
+  }
+  if (signature.length !== SIGNATURE_BYTES) {
+    throw new SigningError(`Ed25519 signature must be ${SIGNATURE_BYTES} bytes, got ${signature.length}.`, "invalid-signature-length");
+  }
+  return nacl2.sign.detached.verify(payload, signature, publicKey);
+}
+function signEnvelope(payload, senderId, secretKey) {
+  const signature = sign(payload, secretKey);
+  return { senderId, payload, signature };
+}
+function openEnvelope2(envelope, publicKey) {
+  const ok = verify(envelope.payload, envelope.signature, publicKey);
+  if (!ok) {
+    throw new SigningError(`Signature verification failed for envelope from ${envelope.senderId}.`, "envelope-malformed");
+  }
+  return envelope.payload;
+}
+function encodeSignedEnvelope(envelope) {
+  const senderBytes = new TextEncoder().encode(envelope.senderId);
+  const total = 4 + senderBytes.length + SIGNATURE_BYTES + envelope.payload.length;
+  const out = new Uint8Array(total);
+  const view = new DataView(out.buffer);
+  view.setUint32(0, senderBytes.length, false);
+  out.set(senderBytes, 4);
+  out.set(envelope.signature, 4 + senderBytes.length);
+  out.set(envelope.payload, 4 + senderBytes.length + SIGNATURE_BYTES);
+  return out;
+}
+function decodeSignedEnvelope(bytes) {
+  if (bytes.length < 4 + SIGNATURE_BYTES) {
+    throw new SigningError(`Envelope too short: ${bytes.length} bytes, need at least ${4 + SIGNATURE_BYTES}.`, "envelope-malformed");
+  }
+  const view = new DataView(bytes.buffer, bytes.byteOffset, bytes.byteLength);
+  const senderLen = view.getUint32(0, false);
+  if (bytes.length < 4 + senderLen + SIGNATURE_BYTES) {
+    throw new SigningError(`Envelope truncated: declared sender length ${senderLen}, total ${bytes.length}.`, "envelope-malformed");
+  }
+  const senderId = new TextDecoder().decode(bytes.subarray(4, 4 + senderLen));
+  const signature = bytes.slice(4 + senderLen, 4 + senderLen + SIGNATURE_BYTES);
+  const payload = bytes.slice(4 + senderLen + SIGNATURE_BYTES);
+  return { senderId, payload, signature };
+}
+
+// src/shared/lib/pairing.ts
+var PAIRING_TOKEN_VERSION = 1;
+var PAIRING_TOKEN_MAGIC = new Uint8Array([80, 80, 84, 49]);
+var PAIRING_NONCE_BYTES = 16;
+var DEFAULT_PAIRING_TTL_MS = 10 * 60 * 1000;
+
+class PairingError extends Error {
+  code;
+  constructor(message, code) {
+    super(message);
+    this.name = "PairingError";
+    this.code = code;
+  }
+}
+function createPairingToken(options) {
+  const now = options.now ? options.now() : Date.now();
+  const ttlMs = options.ttlMs ?? DEFAULT_PAIRING_TTL_MS;
+  const documentKey = options.documentKey ?? generateDocumentKey();
+  const nonce = randomBytes(PAIRING_NONCE_BYTES);
+  return {
+    version: PAIRING_TOKEN_VERSION,
+    issuerPeerId: options.issuerPeerId,
+    issuerPublicKey: options.identity.publicKey,
+    documentKey,
+    documentKeyId: options.documentKeyId,
+    expiresAt: now + ttlMs,
+    nonce
+  };
+}
+function createPairingTokenWithFreshIdentity(args) {
+  const identity = generateSigningKeyPair();
+  const token = createPairingToken({
+    identity,
+    issuerPeerId: args.issuerPeerId,
+    documentKeyId: args.documentKeyId,
+    ttlMs: args.ttlMs,
+    now: args.now
+  });
+  return { identity, token };
+}
+function isPairingTokenExpired(token, now) {
+  const t = now ? now() : Date.now();
+  return t >= token.expiresAt;
+}
+function applyPairingToken(token, keyring, options = {}) {
+  if (isPairingTokenExpired(token, options.now)) {
+    throw new PairingError(`Pairing token from ${token.issuerPeerId} expired at ${new Date(token.expiresAt).toISOString()}.`, "expired");
+  }
+  keyring.knownPeers.set(token.issuerPeerId, token.issuerPublicKey);
+  keyring.documentKeys.set(token.documentKeyId, token.documentKey);
+}
+function serialisePairingToken(token) {
+  validateForSerialisation(token);
+  const issuerBytes = new TextEncoder().encode(token.issuerPeerId);
+  const keyIdBytes = new TextEncoder().encode(token.documentKeyId);
+  const total = PAIRING_TOKEN_MAGIC.length + 1 + 4 + issuerBytes.length + PUBLIC_KEY_BYTES + KEY_BYTES + 4 + keyIdBytes.length + 8 + PAIRING_NONCE_BYTES;
+  const out = new Uint8Array(total);
+  let offset = 0;
+  out.set(PAIRING_TOKEN_MAGIC, offset);
+  offset += PAIRING_TOKEN_MAGIC.length;
+  out[offset] = token.version;
+  offset += 1;
+  const view = new DataView(out.buffer);
+  view.setUint32(offset, issuerBytes.length, false);
+  offset += 4;
+  out.set(issuerBytes, offset);
+  offset += issuerBytes.length;
+  out.set(token.issuerPublicKey, offset);
+  offset += PUBLIC_KEY_BYTES;
+  out.set(token.documentKey, offset);
+  offset += KEY_BYTES;
+  view.setUint32(offset, keyIdBytes.length, false);
+  offset += 4;
+  out.set(keyIdBytes, offset);
+  offset += keyIdBytes.length;
+  view.setBigUint64(offset, BigInt(token.expiresAt), false);
+  offset += 8;
+  out.set(token.nonce, offset);
+  offset += PAIRING_NONCE_BYTES;
+  return out;
+}
+function parsePairingToken(bytes) {
+  let offset = 0;
+  if (bytes.length < PAIRING_TOKEN_MAGIC.length) {
+    throw new PairingError(`Pairing token too short: ${bytes.length} bytes.`, "truncated");
+  }
+  for (let i = 0;i < PAIRING_TOKEN_MAGIC.length; i++) {
+    if (bytes[offset + i] !== PAIRING_TOKEN_MAGIC[i]) {
+      throw new PairingError(`Pairing token magic mismatch: not a Polly pairing token.`, "wrong-magic");
+    }
+  }
+  offset += PAIRING_TOKEN_MAGIC.length;
+  if (bytes.length < offset + 1) {
+    throw new PairingError("Pairing token truncated at version.", "truncated");
+  }
+  const version = bytes[offset];
+  offset += 1;
+  if (version !== PAIRING_TOKEN_VERSION) {
+    throw new PairingError(`Unknown pairing token version: ${version}. This Polly build supports version ${PAIRING_TOKEN_VERSION}.`, "unknown-version");
+  }
+  if (bytes.length < offset + 4) {
+    throw new PairingError("Pairing token truncated at issuer id length.", "truncated");
+  }
+  const view = new DataView(bytes.buffer, bytes.byteOffset, bytes.byteLength);
+  const issuerLen = view.getUint32(offset, false);
+  offset += 4;
+  if (bytes.length < offset + issuerLen) {
+    throw new PairingError("Pairing token truncated at issuer id.", "truncated");
+  }
+  const issuerPeerId = new TextDecoder().decode(bytes.subarray(offset, offset + issuerLen));
+  offset += issuerLen;
+  if (bytes.length < offset + PUBLIC_KEY_BYTES) {
+    throw new PairingError("Pairing token truncated at public key.", "truncated");
+  }
+  const issuerPublicKey = bytes.slice(offset, offset + PUBLIC_KEY_BYTES);
+  offset += PUBLIC_KEY_BYTES;
+  if (bytes.length < offset + KEY_BYTES) {
+    throw new PairingError("Pairing token truncated at document key.", "truncated");
+  }
+  const documentKey = bytes.slice(offset, offset + KEY_BYTES);
+  offset += KEY_BYTES;
+  if (bytes.length < offset + 4) {
+    throw new PairingError("Pairing token truncated at document key id length.", "truncated");
+  }
+  const keyIdLen = view.getUint32(offset, false);
+  offset += 4;
+  if (bytes.length < offset + keyIdLen) {
+    throw new PairingError("Pairing token truncated at document key id.", "truncated");
+  }
+  const documentKeyId = new TextDecoder().decode(bytes.subarray(offset, offset + keyIdLen));
+  offset += keyIdLen;
+  if (bytes.length < offset + 8) {
+    throw new PairingError("Pairing token truncated at expiry.", "truncated");
+  }
+  const expiresAtBig = view.getBigUint64(offset, false);
+  offset += 8;
+  const expiresAt = Number(expiresAtBig);
+  if (bytes.length < offset + PAIRING_NONCE_BYTES) {
+    throw new PairingError("Pairing token truncated at nonce.", "truncated");
+  }
+  const nonce = bytes.slice(offset, offset + PAIRING_NONCE_BYTES);
+  offset += PAIRING_NONCE_BYTES;
+  return {
+    version,
+    issuerPeerId,
+    issuerPublicKey,
+    documentKey,
+    documentKeyId,
+    expiresAt,
+    nonce
+  };
+}
+function encodePairingToken(token) {
+  const bytes = serialisePairingToken(token);
+  let binary = "";
+  for (const byte of bytes) {
+    binary += String.fromCharCode(byte);
+  }
+  return btoa(binary);
+}
+function decodePairingToken(encoded) {
+  let binary;
+  try {
+    binary = atob(encoded);
+  } catch {
+    throw new PairingError("Pairing token is not valid base64.", "wrong-magic");
+  }
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0;i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return parsePairingToken(bytes);
+}
+function validateForSerialisation(token) {
+  if (token.issuerPublicKey.length !== PUBLIC_KEY_BYTES) {
+    throw new PairingError(`Issuer public key must be ${PUBLIC_KEY_BYTES} bytes, got ${token.issuerPublicKey.length}.`, "invalid-public-key");
+  }
+  if (token.documentKey.length !== KEY_BYTES) {
+    throw new PairingError(`Document key must be ${KEY_BYTES} bytes, got ${token.documentKey.length}.`, "invalid-document-key");
+  }
+  if (token.nonce.length !== PAIRING_NONCE_BYTES) {
+    throw new PairingError(`Nonce must be ${PAIRING_NONCE_BYTES} bytes, got ${token.nonce.length}.`, "invalid-nonce");
+  }
+}
+function randomBytes(n) {
+  const out = new Uint8Array(n);
+  crypto.getRandomValues(out);
+  return out;
+}
+
+// src/mesh-node.ts
+function fileKeyringStorage(path) {
+  return {
+    load: async () => {
+      try {
+        const text = await readFile(path, "utf-8");
+        return deserialiseKeyring(text);
+      } catch (err) {
+        if (isFileNotFound(err))
+          return null;
+        throw err;
+      }
+    },
+    save: async (keyring) => {
+      const text = serialiseKeyring(keyring);
+      const tmp = `${path}.tmp-${process.pid}-${Date.now()}`;
+      await writeFile(tmp, text, { mode: 384 });
+      await rename(tmp, path);
+    }
+  };
+}
+async function bootstrapCliKeyring(options) {
+  const existing = await options.storage.load();
+  if (existing !== null)
+    return existing;
+  const identity = generateSigningKeyPair();
+  const keyring = {
+    identity,
+    knownPeers: new Map,
+    documentKeys: new Map,
+    revokedPeers: new Set
+  };
+  const promptStream = options.promptStream ?? process.stderr;
+  const fingerprint = fingerprintPublicKey(identity.publicKey);
+  promptStream.write([
+    "",
+    "Polly mesh-state CLI bootstrap",
+    "──────────────────────────────",
+    `Fingerprint:  ${fingerprint}`,
+    "",
+    "Authorise this peer on a trusted device (open the pairing UI, enter",
+    "the fingerprint above, copy the generated token). Then paste the",
+    "pairing token below and press enter.",
+    ""
+  ].join(`
+`));
+  const token = await readPairingTokenFromStdin({
+    promptStream,
+    inputStream: options.inputStream ?? process.stdin
+  });
+  const applyOptions = options.now ? { now: options.now } : {};
+  applyPairingToken(token, keyring, applyOptions);
+  await options.storage.save(keyring);
+  promptStream.write(`Pairing applied. Keyring saved.
+`);
+  return keyring;
+}
+async function readPairingTokenFromStdin(options = {}) {
+  const rl = createInterface({
+    input: options.inputStream ?? process.stdin,
+    output: options.promptStream ?? process.stderr
+  });
+  try {
+    const line = await rl.question("pairing-token> ");
+    return decodePairingToken(line.trim());
+  } finally {
+    rl.close();
+  }
+}
+function fingerprintPublicKey(publicKey) {
+  const slice = publicKey.slice(0, 8);
+  const hex = Array.from(slice).map((b) => b.toString(16).padStart(2, "0")).join("");
+  return hex.match(/.{2}/g)?.join(":") ?? hex;
+}
+function isFileNotFound(err) {
+  return typeof err === "object" && err !== null && "code" in err && err.code === "ENOENT";
+}
+export {
+  serialiseKeyring,
+  readPairingTokenFromStdin,
+  memoryKeyringStorage,
+  fileKeyringStorage,
+  deserialiseKeyring,
+  bootstrapCliKeyring
+};
+
+//# debugId=79E90F8B0F70449064756E2164756E21