@lucid-agents/taskmarket 0.7.1 → 0.8.0

package/dist/index.js

@@ -6,7 +6,7 @@ var __export = (target, all) => {
 };
 
 // src/index.ts
-import { Command as Command30 } from "commander";
+import { Command as Command33 } from "commander";
 import { createRequire } from "module";
 
 // src/commands/init.ts
@@ -128,6 +128,75 @@ async function pollAgentId(address, maxWaitMs = 6e4) {
   return null;
 }
 
+// src/lib/encryption.ts
+import { createECDH, hkdfSync, createCipheriv as createCipheriv2, createDecipheriv as createDecipheriv2, randomBytes as randomBytes2 } from "crypto";
+var VERSION = 1;
+var EPH_PUB_LEN = 65;
+var IV_LEN = 12;
+var TAG_LEN = 16;
+var HEADER_LEN = 1 + EPH_PUB_LEN + IV_LEN + TAG_LEN;
+function ecdhSharedSecret(privateKeyHex, otherPubKeyHex) {
+  const ecdh = createECDH("secp256k1");
+  ecdh.setPrivateKey(Buffer.from(privateKeyHex.replace(/^0x/, ""), "hex"));
+  const shared = ecdh.computeSecret(Buffer.from(otherPubKeyHex, "hex"));
+  return shared;
+}
+function hkdfKey(sharedSecret) {
+  return Buffer.from(hkdfSync("sha256", sharedSecret, Buffer.alloc(0), "taskmarket-ecies-v1", 32));
+}
+function aesGcmEncrypt(key, iv, plaintext) {
+  const cipher = createCipheriv2("aes-256-gcm", key, iv);
+  const ciphertext = Buffer.concat([cipher.update(plaintext), cipher.final()]);
+  const tag = cipher.getAuthTag();
+  return { ciphertext, tag };
+}
+function aesGcmDecrypt(key, iv, tag, ciphertext) {
+  const decipher = createDecipheriv2("aes-256-gcm", key, iv);
+  decipher.setAuthTag(tag);
+  return Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+}
+function derivePublicKey(privateKeyHex) {
+  const ecdh = createECDH("secp256k1");
+  ecdh.setPrivateKey(Buffer.from(privateKeyHex.replace(/^0x/, ""), "hex"));
+  return ecdh.getPublicKey(void 0, "uncompressed").toString("hex");
+}
+function deriveCompressedPublicKey(privateKeyHex) {
+  const ecdh = createECDH("secp256k1");
+  ecdh.setPrivateKey(Buffer.from(privateKeyHex.replace(/^0x/, ""), "hex"));
+  return ecdh.getPublicKey(void 0, "compressed").toString("hex");
+}
+function encryptForRecipient(fileBuffer, recipientPubKeyHex) {
+  const ephEcdh = createECDH("secp256k1");
+  ephEcdh.generateKeys();
+  const ephPubKey = ephEcdh.getPublicKey(void 0, "uncompressed");
+  const ephPrivKeyHex = ephEcdh.getPrivateKey("hex");
+  const shared = ecdhSharedSecret(ephPrivKeyHex, recipientPubKeyHex);
+  const aesKey = hkdfKey(shared);
+  const iv = randomBytes2(IV_LEN);
+  const { ciphertext, tag } = aesGcmEncrypt(aesKey, iv, fileBuffer);
+  return Buffer.concat([Buffer.from([VERSION]), ephPubKey, iv, tag, ciphertext]);
+}
+function decryptWithPrivateKey(fileBuffer, privateKeyHex) {
+  if (fileBuffer.length < HEADER_LEN + 1) {
+    throw new Error("Decryption failed: invalid key or corrupted file");
+  }
+  const version2 = fileBuffer[0];
+  if (version2 !== VERSION) {
+    throw new Error(`Decryption failed: unsupported file version 0x${version2.toString(16)}`);
+  }
+  const ephPubKeyHex = fileBuffer.subarray(1, 1 + EPH_PUB_LEN).toString("hex");
+  const iv = fileBuffer.subarray(1 + EPH_PUB_LEN, 1 + EPH_PUB_LEN + IV_LEN);
+  const tag = fileBuffer.subarray(1 + EPH_PUB_LEN + IV_LEN, 1 + EPH_PUB_LEN + IV_LEN + TAG_LEN);
+  const ciphertext = fileBuffer.subarray(1 + EPH_PUB_LEN + IV_LEN + TAG_LEN);
+  const shared = ecdhSharedSecret(privateKeyHex, ephPubKeyHex);
+  const aesKey = hkdfKey(shared);
+  try {
+    return aesGcmDecrypt(aesKey, iv, tag, ciphertext);
+  } catch {
+    throw new Error("Decryption failed: invalid key or corrupted file");
+  }
+}
+
 // src/commands/init.ts
 var initCommand = new Command("init").description("Create and register a new agent wallet (safe to re-run)").action(async () => {
   if (await keystoreExists()) {
@@ -154,10 +223,11 @@ var initCommand = new Command("init").description("Create and register a new age
     return;
   }
   const { privateKey, address } = generateKeypair();
+  const publicKey = deriveCompressedPublicKey(privateKey);
   const res = await fetch(`${API_URL}/api/devices`, {
     method: "POST",
     headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({ walletAddress: address })
+    body: JSON.stringify({ walletAddress: address, publicKey })
   });
   if (!res.ok) {
     const text = await res.text().catch(() => "");
@@ -660,7 +730,7 @@ var depositCommand = new Command22("deposit").description("Show wallet address a
 });
 
 // src/commands/wallet/index.ts
-import { Command as Command26 } from "commander";
+import { Command as Command27 } from "commander";
 
 // src/commands/wallet/balance.ts
 import { Command as Command23 } from "commander";
@@ -731,10 +801,11 @@ var walletImportCommand = new Command24("import").description("Import an existin
   const privateKey = normalizePrivateKey(rawKey);
   const account = privateKeyToAccount3(privateKey);
   const address = account.address;
+  const publicKey = deriveCompressedPublicKey(privateKey);
   const res = await fetch(`${API_URL}/api/devices`, {
     method: "POST",
     headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({ walletAddress: address })
+    body: JSON.stringify({ walletAddress: address, publicKey })
   });
   if (!res.ok) {
     const text = await res.text().catch(() => "");
@@ -792,14 +863,35 @@ var setWithdrawalAddressCommand = new Command25("set-withdrawal-address").descri
   printResult({ withdrawalAddress: result.withdrawalAddress });
 });
 
+// src/commands/wallet/publish-key.ts
+import { Command as Command26 } from "commander";
+var publishKeyCommand = new Command26("publish-key").description("Publish your secp256k1 public key so others can encrypt files for you").action(async () => {
+  let keystore;
+  try {
+    keystore = await loadKeystore();
+  } catch {
+    printError("No keystore found. Run `taskmarket init` first.");
+  }
+  const dek = await fetchDeviceKey(keystore.deviceId, keystore.apiToken);
+  const privateKey = decryptPrivateKey(dek, keystore.encryptedKey);
+  const publicKey = deriveCompressedPublicKey(privateKey);
+  const result = await apiPost("/trpc/agents.setPublicKey", {
+    deviceId: keystore.deviceId,
+    apiToken: keystore.apiToken,
+    publicKey
+  });
+  printResult({ publicKey: result.result.data.publicKey });
+});
+
 // src/commands/wallet/index.ts
-var walletCommand = new Command26("wallet").description("Wallet management commands");
+var walletCommand = new Command27("wallet").description("Wallet management commands");
 walletCommand.addCommand(walletBalanceCommand);
 walletCommand.addCommand(walletImportCommand);
 walletCommand.addCommand(setWithdrawalAddressCommand);
+walletCommand.addCommand(publishKeyCommand);
 
 // src/commands/withdraw.ts
-import { Command as Command27 } from "commander";
+import { Command as Command28 } from "commander";
 import { toHex as toHex2 } from "viem";
 var USDC_TYPES = {
   TransferWithAuthorization: [
@@ -811,7 +903,7 @@ var USDC_TYPES = {
     { name: "nonce", type: "bytes32" }
   ]
 };
-var withdrawCommand = new Command27("withdraw").description("Withdraw USDC to the registered withdrawal address").argument("<amount>", "Amount in USDC (e.g. 5 for 5 USDC)").action(async (amount) => {
+var withdrawCommand = new Command28("withdraw").description("Withdraw USDC to the registered withdrawal address").argument("<amount>", "Amount in USDC (e.g. 5 for 5 USDC)").action(async (amount) => {
   const parsed = parseFloat(amount);
   if (isNaN(parsed) || parsed <= 0) {
     printError("Invalid amount: must be a positive number (e.g. 5 for 5 USDC)");
@@ -860,13 +952,104 @@ var withdrawCommand = new Command27("withdraw").description("Withdraw USDC to th
   printResult({ txHash: result.txHash, amountBaseUnits: result.amountBaseUnits, to: result.to });
 });
 
+// src/commands/encrypt.ts
+import { Command as Command29 } from "commander";
+import { promises as fs3 } from "fs";
+var encryptCommand = new Command29("encrypt").description("Encrypt a file with ECIES using wallet keys").argument("<file>", "Path to the file to encrypt").option("--recipient <address>", "Recipient wallet address (default: self)").option("--output <path>", "Output path (default: <file>.enc)").action(async (file, opts) => {
+  let plaintext;
+  try {
+    plaintext = await fs3.readFile(file);
+  } catch {
+    printError(`Cannot read file: ${file}`);
+  }
+  let keystore;
+  try {
+    keystore = await loadKeystore();
+  } catch {
+    printError("No keystore found. Run `taskmarket init` first.");
+  }
+  let recipientPubKey;
+  let recipientAddress;
+  if (opts.recipient) {
+    recipientAddress = opts.recipient;
+    let result;
+    try {
+      result = await apiGet(
+        `/trpc/agents.publicKey?input=${encodeURIComponent(JSON.stringify({ address: opts.recipient }))}`
+      );
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      if (msg.includes("publish their public key") || msg.includes("NOT_FOUND")) {
+        printError(
+          `Recipient has not published their public key. Ask them to run: taskmarket wallet publish-key`
+        );
+      }
+      printError(`Failed to fetch recipient public key: ${msg}`);
+    }
+    recipientPubKey = result.result.data.publicKey;
+  } else {
+    recipientAddress = keystore.walletAddress;
+    const dek = await fetchDeviceKey(keystore.deviceId, keystore.apiToken);
+    const privateKey = decryptPrivateKey(dek, keystore.encryptedKey);
+    recipientPubKey = derivePublicKey(privateKey);
+  }
+  const encrypted = encryptForRecipient(plaintext, recipientPubKey);
+  const outputPath = opts.output ?? `${file}.enc`;
+  await fs3.writeFile(outputPath, encrypted);
+  printResult({
+    output: outputPath,
+    bytes: encrypted.length,
+    recipient: recipientAddress
+  });
+});
+
+// src/commands/decrypt.ts
+import { Command as Command30 } from "commander";
+import { promises as fs4 } from "fs";
+var decryptCommand = new Command30("decrypt").description("Decrypt a file using your wallet key").argument("<file>", "Path to the encrypted file").option("--output <path>", "Output path (default: strips .enc, otherwise appends .dec)").action(async (file, opts) => {
+  let ciphertext;
+  try {
+    ciphertext = await fs4.readFile(file);
+  } catch {
+    printError(`Cannot read file: ${file}`);
+  }
+  let keystore;
+  try {
+    keystore = await loadKeystore();
+  } catch {
+    printError("No keystore found. Run `taskmarket init` first.");
+  }
+  const dek = await fetchDeviceKey(keystore.deviceId, keystore.apiToken);
+  const privateKey = decryptPrivateKey(dek, keystore.encryptedKey);
+  let plaintext;
+  try {
+    plaintext = decryptWithPrivateKey(ciphertext, privateKey);
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    printError(msg);
+  }
+  let outputPath;
+  if (opts.output) {
+    outputPath = opts.output;
+  } else if (file.endsWith(".enc")) {
+    outputPath = file.slice(0, -4);
+  } else {
+    outputPath = `${file}.dec`;
+  }
+  await fs4.writeFile(outputPath, plaintext);
+  printResult({
+    output: outputPath,
+    bytes: plaintext.length
+  });
+});
+
 // src/commands/xmtp.ts
-import { Command as Command28 } from "commander";
+import { Command as Command31 } from "commander";
 
 // src/lib/xmtp-client.ts
 import os2 from "os";
 import path2 from "path";
-import { randomUUID as randomUUID2, hkdfSync } from "crypto";
+import { randomUUID as randomUUID2, hkdfSync as hkdfSync2 } from "crypto";
 import { privateKeyToAccount as privateKeyToAccount4 } from "viem/accounts";
 
 // src/lib/xmtp-envelope.ts
@@ -5911,7 +6094,7 @@ async function createSdkClient(factory, signer, options) {
 }
 function deriveXmtpDbKey(dekHex) {
   const ikm = Buffer.from(dekHex, "hex");
-  const derived = hkdfSync("sha256", ikm, "", "taskmarket-xmtp-db", 32);
+  const derived = hkdfSync2("sha256", ikm, "", "taskmarket-xmtp-db", 32);
   return new Uint8Array(derived);
 }
 async function sendViaConversation(client, toInboxId, body) {
@@ -6334,7 +6517,7 @@ function getDefaultQueryTimeoutMs() {
   }
   return Math.floor(parsed);
 }
-var xmtpCommand = new Command28("xmtp").description("Manage XMTP messaging for this agent");
+var xmtpCommand = new Command31("xmtp").description("Manage XMTP messaging for this agent");
 xmtpCommand.command("init").description("Initialize XMTP client and register installation metadata with backend").action(async () => {
   const keystore = await loadKeystore();
   const client = await createXmtpClient({
@@ -6562,7 +6745,7 @@ xmtpCommand.command("purge").description("Revoke stale XMTP installations that h
 });
 
 // src/commands/daemon.ts
-import { Command as Command29 } from "commander";
+import { Command as Command32 } from "commander";
 function diffTaskStatuses(prev, next) {
   const changes = [];
   for (const [taskId, newStatus] of next) {
@@ -6590,7 +6773,7 @@ function sleepOrAbort(ms, signal) {
   });
 }
 var MAX_SEEN_TASK_IDS = 2e3;
-var daemonCommand = new Command29("daemon").description("Long-running agent daemon: XMTP stream, heartbeats, and task polling").option("--heartbeat-interval <ms>", "Heartbeat interval in milliseconds", "1800000").option("--inbox-interval <ms>", "Inbox poll interval in milliseconds", "15000").option("--task-interval <ms>", "New task poll interval in milliseconds", "60000").option("--task-filters <json>", "JSON filter object for new-task discovery").option("--no-xmtp", "Disable XMTP stream and heartbeat").action(
+var daemonCommand = new Command32("daemon").description("Long-running agent daemon: XMTP stream, heartbeats, and task polling").option("--heartbeat-interval <ms>", "Heartbeat interval in milliseconds", "1800000").option("--inbox-interval <ms>", "Inbox poll interval in milliseconds", "15000").option("--task-interval <ms>", "New task poll interval in milliseconds", "60000").option("--task-filters <json>", "JSON filter object for new-task discovery").option("--no-xmtp", "Disable XMTP stream and heartbeat").action(
   async (opts) => {
     const heartbeatIntervalMs = Number(opts.heartbeatInterval);
     const inboxIntervalMs = Number(opts.inboxInterval);
@@ -6809,7 +6992,7 @@ var daemonCommand = new Command29("daemon").description("Long-running agent daem
 // src/index.ts
 var require2 = createRequire(import.meta.url);
 var { version } = require2("../package.json");
-var program = new Command30();
+var program = new Command33();
 program.name("taskmarket").description("Taskmarket CLI for AI agents").version(version);
 program.addCommand(initCommand);
 program.addCommand(walletCommand);
@@ -6821,6 +7004,8 @@ program.addCommand(agentsCommand);
 program.addCommand(inboxCommand);
 program.addCommand(depositCommand);
 program.addCommand(withdrawCommand);
+program.addCommand(encryptCommand);
+program.addCommand(decryptCommand);
 program.addCommand(xmtpCommand);
 program.addCommand(daemonCommand);
 program.parseAsync(process.argv).catch((err) => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lucid-agents/taskmarket",
-  "version": "0.7.1",
+  "version": "0.8.0",
   "type": "module",
   "bin": {
     "taskmarket": "./dist/index.js"
@@ -17,9 +17,9 @@
     "tsx": "^4.7.0",
     "typescript": "^5.3.3",
     "vitest": "^2.0.0",
-    "@taskmarket/eslint-config": "0.0.0",
+    "@taskmarket/prettier-config": "0.0.0",
     "@taskmarket/shared": "1.0.0",
-    "@taskmarket/prettier-config": "0.0.0"
+    "@taskmarket/eslint-config": "0.0.0"
   },
   "files": [
     "dist"