@keepgoingdev/cli 1.3.2 → 1.3.3

package/dist/index.js

@@ -616,6 +616,7 @@ import os from "os";
 import path3 from "path";
 var LICENSE_FILE = "license.json";
 var DEVICE_ID_FILE = "device-id";
+var SIGNING_KEY_FILE = "signing-key";
 function getGlobalLicenseDir() {
   return path3.join(os.homedir(), ".keepgoing");
 }
@@ -637,6 +638,37 @@ function getDeviceId() {
   fs.writeFileSync(filePath, id, "utf-8");
   return id;
 }
+function getSigningKey() {
+  const dir = getGlobalLicenseDir();
+  const keyPath = path3.join(dir, SIGNING_KEY_FILE);
+  try {
+    const existing = fs.readFileSync(keyPath, "utf-8").trim();
+    if (existing) return existing;
+  } catch {
+  }
+  const key = crypto.randomBytes(32).toString("hex");
+  if (!fs.existsSync(dir)) {
+    fs.mkdirSync(dir, { recursive: true });
+  }
+  fs.writeFileSync(keyPath, key, "utf-8");
+  return key;
+}
+function computeSignature(licenses) {
+  const sorted = [...licenses].sort((a, b) => a.licenseKey.localeCompare(b.licenseKey));
+  const payload = JSON.stringify(sorted);
+  return crypto.createHmac("sha256", getSigningKey()).update(payload).digest("hex");
+}
+function verifySignature(store) {
+  if (!store.signature) return false;
+  try {
+    const expected = Buffer.from(computeSignature(store.licenses), "hex");
+    const actual = Buffer.from(store.signature, "hex");
+    if (actual.length !== expected.length) return false;
+    return crypto.timingSafeEqual(actual, expected);
+  } catch {
+    return false;
+  }
+}
 var DECISION_DETECTION_VARIANT_ID = 1361527;
 var SESSION_AWARENESS_VARIANT_ID = 1366510;
 var TEST_DECISION_DETECTION_VARIANT_ID = 1345647;
@@ -675,6 +707,13 @@ function readLicenseStore() {
       const data = JSON.parse(raw);
       if (data?.version === 2 && Array.isArray(data.licenses)) {
         store = data;
+        if (store.signature && !verifySignature(store)) {
+          store = {
+            version: 2,
+            licenses: store.licenses.map((l) => ({ ...l, status: "inactive" }))
+            // Omit signature so the next writeLicenseStore() re-signs cleanly
+          };
+        }
       } else {
         store = { version: 2, licenses: [] };
       }
@@ -691,6 +730,7 @@ function writeLicenseStore(store) {
   if (!fs.existsSync(dirPath)) {
     fs.mkdirSync(dirPath, { recursive: true });
   }
+  store.signature = computeSignature(store.licenses);
   const licensePath = path3.join(dirPath, LICENSE_FILE);
   fs.writeFileSync(licensePath, JSON.stringify(store, null, 2), "utf-8");
   _cachedStore = store;
@@ -724,7 +764,7 @@ function getLicenseForFeature(feature) {
 function getAllLicensesNeedingRevalidation() {
   return getActiveLicenses().filter((l) => needsRevalidation(l));
 }
-var REVALIDATION_THRESHOLD_MS = 24 * 60 * 60 * 1e3;
+var REVALIDATION_THRESHOLD_MS = 6 * 60 * 60 * 1e3;
 function needsRevalidation(entry) {
   const lastValidated = new Date(entry.lastValidatedAt).getTime();
   return Date.now() - lastValidated > REVALIDATION_THRESHOLD_MS;
@@ -2398,7 +2438,7 @@ import { spawn } from "child_process";
 import { readFileSync, existsSync } from "fs";
 import path10 from "path";
 import os4 from "os";
-var CLI_VERSION = "1.3.2";
+var CLI_VERSION = "1.3.3";
 var NPM_REGISTRY_URL = "https://registry.npmjs.org/@keepgoingdev/cli/latest";
 var FETCH_TIMEOUT_MS = 5e3;
 var CHECK_INTERVAL_MS = 24 * 60 * 60 * 1e3;
@@ -3939,7 +3979,7 @@ async function main() {
       }
       break;
     case "version":
-      console.log(`keepgoing v${"1.3.2"}`);
+      console.log(`keepgoing v${"1.3.3"}`);
       break;
     case "activate":
       await activateCommand({ licenseKey: subcommand });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@keepgoingdev/cli",
-  "version": "1.3.2",
+  "version": "1.3.3",
   "description": "Terminal CLI for KeepGoing. Resume side projects without the mental friction.",
   "type": "module",
   "main": "./dist/index.js",