@feralfile/cli 1.1.1

package/dist/src/utilities/domain-resolver.js

@@ -0,0 +1,291 @@
+"use strict";
+/**
+ * Domain Resolution Utilities
+ * Resolves blockchain domain names (ENS, TNS) to their corresponding addresses
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveDomain = resolveDomain;
+exports.resolveDomainsBatch = resolveDomainsBatch;
+exports.displayResolutionResults = displayResolutionResults;
+const viem_1 = require("viem");
+const chains_1 = require("viem/chains");
+const ens_1 = require("viem/ens");
+const axios_1 = __importDefault(require("axios"));
+const chalk_1 = __importDefault(require("chalk"));
+const logger = __importStar(require("../logger"));
+/**
+ * ENS resolver using viem
+ */
+class ENSResolver {
+    client;
+    constructor() {
+        this.client = (0, viem_1.createPublicClient)({
+            chain: chains_1.mainnet,
+            transport: (0, viem_1.http)(),
+        });
+    }
+    /**
+     * Resolve an ENS domain to its Ethereum address
+     *
+     * @param {string} domain - ENS domain (e.g., 'vitalik.eth')
+     * @returns {Promise<string|null>} Resolved address or null
+     */
+    async resolve(domain) {
+        try {
+            const address = await this.client.getEnsAddress({
+                name: (0, ens_1.normalize)(domain),
+            });
+            return address;
+        }
+        catch (error) {
+            logger.debug(`ENS resolution failed for ${domain}: ${error}`);
+            return null;
+        }
+    }
+}
+/**
+ * TNS (Tezos Name Service) resolver using Tezos Domains GraphQL API
+ *
+ * Uses the official Tezos Domains API for reliable resolution
+ * API: https://api.tezos.domains/graphql
+ */
+class TNSResolver {
+    apiUrl;
+    constructor() {
+        this.apiUrl = 'https://api.tezos.domains/graphql';
+    }
+    /**
+     * Resolve a TNS domain to its Tezos address using GraphQL API
+     *
+     * @param {string} domain - TNS domain (e.g., 'alice.tez', 'einstein-rosen.tez')
+     * @returns {Promise<string|null>} Resolved address or null
+     */
+    async resolve(domain) {
+        try {
+            // GraphQL query to resolve domain (using GET request)
+            // Note: API only supports 'address' field, not 'expiry'
+            const query = `{ domain(name: "${domain}") { address } }`;
+            const response = await axios_1.default.get(this.apiUrl, {
+                params: { query },
+                timeout: 10000,
+            });
+            if (response.data?.errors) {
+                logger.debug(`TNS API returned errors for ${domain}: ${JSON.stringify(response.data.errors)}`);
+                return null;
+            }
+            const domainData = response.data?.data?.domain;
+            if (!domainData || !domainData.address) {
+                logger.debug(`TNS domain ${domain} not found - domainData: ${JSON.stringify(domainData)}`);
+                return null;
+            }
+            logger.debug(`TNS resolved ${domain} → ${domainData.address}`);
+            return domainData.address;
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : String(error);
+            logger.debug(`TNS resolution failed for ${domain}: ${errorMessage}`);
+            return null;
+        }
+    }
+}
+/**
+ * Determine domain type based on TLD
+ *
+ * @param {string} domain - Domain name
+ * @returns {string|null} Domain type ('ens', 'tns') or null
+ */
+function getDomainType(domain) {
+    const normalizedDomain = domain.toLowerCase();
+    if (normalizedDomain.endsWith('.eth')) {
+        return 'ens';
+    }
+    else if (normalizedDomain.endsWith('.tez')) {
+        return 'tns';
+    }
+    return null;
+}
+/**
+ * Validate domain name format
+ *
+ * @param {string} domain - Domain to validate
+ * @returns {boolean} Whether domain is valid
+ */
+function isValidDomain(domain) {
+    if (!domain || typeof domain !== 'string') {
+        return false;
+    }
+    const trimmedDomain = domain.trim();
+    if (trimmedDomain.length === 0) {
+        return false;
+    }
+    const domainType = getDomainType(trimmedDomain);
+    return domainType !== null;
+}
+/**
+ * Resolve a single domain to its blockchain address
+ *
+ * @param {string} domain - Domain name to resolve (e.g., 'vitalik.eth', 'alice.tez')
+ * @returns {Promise<DomainResolution>} Resolution result
+ * @example
+ * const result = await resolveDomain('vitalik.eth');
+ * if (result.resolved) {
+ *   console.log(`${result.domain} -> ${result.address}`);
+ * }
+ */
+async function resolveDomain(domain) {
+    const trimmedDomain = domain.trim();
+    // Validate domain
+    if (!isValidDomain(trimmedDomain)) {
+        return {
+            domain: trimmedDomain,
+            address: null,
+            resolved: false,
+            error: `Invalid or unsupported domain: ${trimmedDomain}`,
+        };
+    }
+    const domainType = getDomainType(trimmedDomain);
+    try {
+        let address = null;
+        if (domainType === 'ens') {
+            const ensResolver = new ENSResolver();
+            address = await ensResolver.resolve(trimmedDomain);
+        }
+        else if (domainType === 'tns') {
+            const tnsResolver = new TNSResolver();
+            address = await tnsResolver.resolve(trimmedDomain);
+        }
+        if (!address) {
+            return {
+                domain: trimmedDomain,
+                address: null,
+                resolved: false,
+                error: `Could not resolve ${trimmedDomain}`,
+            };
+        }
+        return {
+            domain: trimmedDomain,
+            address,
+            resolved: true,
+        };
+    }
+    catch (error) {
+        const errorMessage = error instanceof Error ? error.message : 'Unknown error during resolution';
+        logger.debug(`Domain resolution error for ${trimmedDomain}: ${errorMessage}`);
+        return {
+            domain: trimmedDomain,
+            address: null,
+            resolved: false,
+            error: errorMessage,
+        };
+    }
+}
+/**
+ * Resolve multiple domains in batch (concurrent processing)
+ *
+ * Supports ENS (.eth) and TNS (.tez) domains.
+ * Processes all domains concurrently for optimal performance.
+ *
+ * @param {string[]} domains - Array of domain names to resolve
+ * @returns {Promise<BatchResolutionResult>} Batch resolution result with domain->address map
+ * @example
+ * const result = await resolveDomainsBatch(['vitalik.eth', 'alice.tez']);
+ * if (result.success) {
+ *   console.log(result.domainMap); // { 'vitalik.eth': '0x...', 'alice.tez': 'tz...' }
+ * }
+ */
+async function resolveDomainsBatch(domains) {
+    // Validate input
+    if (!Array.isArray(domains) || domains.length === 0) {
+        return {
+            success: false,
+            resolutions: [],
+            domainMap: {},
+            errors: ['No domains provided for resolution'],
+        };
+    }
+    logger.debug(`Resolving ${domains.length} domains in batch...`);
+    // Resolve all domains concurrently
+    const resolutionPromises = domains.map((domain) => resolveDomain(domain));
+    const resolutions = await Promise.all(resolutionPromises);
+    // Build domain map and collect errors
+    const domainMap = {};
+    const errors = [];
+    for (const resolution of resolutions) {
+        if (resolution.resolved && resolution.address) {
+            domainMap[resolution.domain] = resolution.address;
+        }
+        else if (resolution.error) {
+            errors.push(`${resolution.domain}: ${resolution.error}`);
+        }
+    }
+    const successfulResolutions = resolutions.filter((r) => r.resolved).length;
+    logger.debug(`Batch resolution complete: ${successfulResolutions}/${domains.length} successful`);
+    return {
+        success: successfulResolutions > 0,
+        resolutions,
+        domainMap,
+        errors,
+    };
+}
+/**
+ * Display batch resolution results in a user-friendly format
+ *
+ * @param {BatchResolutionResult} result - Batch resolution result
+ */
+function displayResolutionResults(result) {
+    if (result.resolutions.length === 0) {
+        console.log(chalk_1.default.yellow('No names to resolve'));
+        return;
+    }
+    // Display successful resolutions
+    const successful = result.resolutions.filter((r) => r.resolved);
+    if (successful.length > 0) {
+        successful.forEach((resolution) => {
+            console.log(chalk_1.default.dim(`  ${resolution.domain} → ${resolution.address}`));
+        });
+    }
+    // Display failures (but don't make them too prominent)
+    const failed = result.resolutions.filter((r) => !r.resolved);
+    if (failed.length > 0) {
+        failed.forEach((resolution) => {
+            console.log(chalk_1.default.yellow(`  ${resolution.domain}: ${resolution.error || 'Could not resolve'}`));
+        });
+    }
+    console.log();
+}

package/dist/src/utilities/ed25519-key-derive.js

@@ -0,0 +1,155 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.normalizeVerifyPublicKeyToPem = normalizeVerifyPublicKeyToPem;
+exports.parsePlaylistPrivateKeyToKeyObject = parsePlaylistPrivateKeyToKeyObject;
+exports.deriveEd25519PublicKeyForVerify = deriveEd25519PublicKeyForVerify;
+const node_crypto_1 = require("node:crypto");
+/**
+ * RFC 5480-style SubjectPublicKeyInfo prefix for Ed25519 public keys (raw 32 octets in BIT STRING).
+ */
+const ED25519_SPKI_RAW_PREFIX = Buffer.from('302a300506032b6570032100', 'hex');
+function rawEd25519PublicBytesToPem(raw32) {
+    if (raw32.length !== 32) {
+        throw new Error('Ed25519 raw public key must be 32 bytes');
+    }
+    const der = Buffer.concat([ED25519_SPKI_RAW_PREFIX, raw32]);
+    const pub = (0, node_crypto_1.createPublicKey)({ key: der, format: 'der', type: 'spki' });
+    assertEd25519Public(pub);
+    return pub.export({ format: 'pem', type: 'spki' }).toString();
+}
+/**
+ * normalizeVerifyPublicKeyToPem interprets `--public-key` values documented for `verify`:
+ * PEM SPKI, 64-character hex (optional `0x`), standard base64 of exactly 32 raw bytes,
+ * or DER SPKI as base64 (typical single-line export).
+ *
+ * dp1-js expects PEM-friendly material in practice; this keeps CLI input aligned with docs.
+ *
+ * @param material - Non-empty key string from the CLI or config-derived PEM
+ * @returns PEM-encoded SPKI Ed25519 public key
+ * @throws Error if the material cannot be decoded as Ed25519 public key material
+ */
+function normalizeVerifyPublicKeyToPem(material) {
+    const trimmed = material.trim();
+    if (!trimmed) {
+        throw new Error('Public key material is empty');
+    }
+    if (trimmed.includes('BEGIN')) {
+        const pub = (0, node_crypto_1.createPublicKey)({ key: trimmed, format: 'pem' });
+        assertEd25519Public(pub);
+        return pub.export({ format: 'pem', type: 'spki' }).toString();
+    }
+    const hexCompact = trimmed.replace(/^0x/i, '').replace(/\s/g, '');
+    const hexRegex = /^[0-9a-fA-F]{64}$/;
+    if (hexRegex.test(hexCompact)) {
+        return rawEd25519PublicBytesToPem(Buffer.from(hexCompact, 'hex'));
+    }
+    const base64Regex = /^[A-Za-z0-9+/]+=*$/;
+    if (base64Regex.test(trimmed)) {
+        const buf = Buffer.from(trimmed, 'base64');
+        if (buf.length === 32) {
+            return rawEd25519PublicBytesToPem(buf);
+        }
+        try {
+            const pub = (0, node_crypto_1.createPublicKey)({ key: buf, format: 'der', type: 'spki' });
+            assertEd25519Public(pub);
+            return pub.export({ format: 'pem', type: 'spki' }).toString();
+        }
+        catch {
+            // fall through
+        }
+    }
+    throw new Error('Unrecognized Ed25519 public key format for verify (expected PEM, 32-byte hex, 32-byte base64, or SPKI DER base64)');
+}
+/**
+ * RFC 8410 PKCS#8 prefix for Ed25519: nested OCTET STRING holds the 32-byte seed.
+ * Used so 32-byte hex seeds work on Node versions that reject `type: 'raw'` imports.
+ */
+const ED25519_PKCS8_SEED_PREFIX = Buffer.from('302e020100300506032b657004220420', 'hex');
+function ed25519SeedBytesToPkcs8(seed32) {
+    if (seed32.length !== 32) {
+        throw new Error('Ed25519 seed must be 32 bytes');
+    }
+    return Buffer.concat([ED25519_PKCS8_SEED_PREFIX, seed32]);
+}
+/**
+ * parsePlaylistPrivateKeyToKeyObject interprets playlist signing material the same way
+ * operators configure it: PKCS#8 DER as base64 (setup default), optional 32-byte raw
+ * seed as hex, PKCS#8 as hex, or PEM.
+ *
+ * @param material - Trimmed private key string from config or env
+ * @returns Node.js KeyObject for the Ed25519 private key
+ * @throws Error if the material cannot be parsed or is not Ed25519
+ */
+function parsePlaylistPrivateKeyToKeyObject(material) {
+    const trimmed = material.trim();
+    if (!trimmed) {
+        throw new Error('Private key material is empty');
+    }
+    if (trimmed.includes('BEGIN')) {
+        const key = (0, node_crypto_1.createPrivateKey)({ key: trimmed, format: 'pem' });
+        assertEd25519(key);
+        return key;
+    }
+    const base64Regex = /^[A-Za-z0-9+/]+=*$/;
+    const hexRegex = /^(0x)?[0-9a-fA-F]+$/;
+    if (base64Regex.test(trimmed)) {
+        const buf = Buffer.from(trimmed, 'base64');
+        if (buf.length === 0) {
+            throw new Error('Invalid base64 private key');
+        }
+        try {
+            const key = (0, node_crypto_1.createPrivateKey)({ key: buf, format: 'der', type: 'pkcs8' });
+            assertEd25519(key);
+            return key;
+        }
+        catch {
+            // Continue to other strategies (e.g. hex path may apply for unusual configs)
+        }
+    }
+    if (hexRegex.test(trimmed)) {
+        const raw = Buffer.from(trimmed.replace(/^0x/i, ''), 'hex');
+        if (raw.length === 32) {
+            try {
+                const der = ed25519SeedBytesToPkcs8(raw);
+                const key = (0, node_crypto_1.createPrivateKey)({ key: der, format: 'der', type: 'pkcs8' });
+                assertEd25519(key);
+                return key;
+            }
+            catch {
+                // fall through to full PKCS#8-in-hex
+            }
+        }
+        try {
+            const key = (0, node_crypto_1.createPrivateKey)({ key: raw, format: 'der', type: 'pkcs8' });
+            assertEd25519(key);
+            return key;
+        }
+        catch {
+            // fall through
+        }
+    }
+    throw new Error('Unrecognized Ed25519 private key format (expected PKCS#8 base64, 32-byte hex seed, PKCS#8 hex, or PEM)');
+}
+/**
+ * deriveEd25519PublicKeyForVerify exports the public half as PEM so legacy
+ * verification can hand Node a decoder-friendly public key string directly.
+ *
+ * @param privateKeyMaterial - Same encoding rules as `playlist.privateKey` / `PLAYLIST_PRIVATE_KEY`
+ * @returns PEM-encoded SPKI public key
+ */
+function deriveEd25519PublicKeyForVerify(privateKeyMaterial) {
+    const privateKey = parsePlaylistPrivateKeyToKeyObject(privateKeyMaterial);
+    const publicKey = (0, node_crypto_1.createPublicKey)(privateKey);
+    assertEd25519Public(publicKey);
+    return publicKey.export({ format: 'pem', type: 'spki' }).toString();
+}
+function assertEd25519(key) {
+    if (key.asymmetricKeyType !== 'ed25519') {
+        throw new Error('Configured private key must be an Ed25519 key');
+    }
+}
+function assertEd25519Public(key) {
+    if (key.asymmetricKeyType !== 'ed25519') {
+        throw new Error('Public key must be Ed25519');
+    }
+}