@neuraiproject/neurai-depin-terminal 1.0.0 → 2.0.0

package/src/utils.js

@@ -75,10 +75,10 @@ export function truncate(str, length, suffix = '...') {
  */
 export function formatTimestamp(timestamp, timezone = 'UTC') {
   const date = timestamp instanceof Date ? timestamp : new Date(timestamp * 1000);
-  
+
   // Handle UTC explicitly
   if (timezone === 'UTC') {
-    return date.toLocaleTimeString('en-US', { 
+    return date.toLocaleTimeString('en-US', {
       timeZone: 'UTC',
       hour12: false,
       hour: '2-digit',
@@ -93,7 +93,7 @@ export function formatTimestamp(timestamp, timezone = 'UTC') {
     // Create a new date shifted by the offset hours
     // We use UTC for display to avoid local system timezone interference
     const shiftedDate = new Date(date.getTime() + (offset * 60 * 60 * 1000));
-    return shiftedDate.toLocaleTimeString('en-US', { 
+    return shiftedDate.toLocaleTimeString('en-US', {
       timeZone: 'UTC',
       hour12: false,
       hour: '2-digit',
@@ -103,7 +103,7 @@ export function formatTimestamp(timestamp, timezone = 'UTC') {
   }
 
   // Fallback to UTC
-  return date.toLocaleTimeString('en-US', { 
+  return date.toLocaleTimeString('en-US', {
     timeZone: 'UTC',
     hour12: false,
     hour: '2-digit',
@@ -123,53 +123,260 @@ export function createMessageKey(hash, signature) {
 }
 
 /**
- * Read password from stdin with character masking
+ * Drain stdin until silence is detected
+ * @param {Object} stdin - Stdin stream
+ * @param {number} silenceMs - Milliseconds of silence to wait for (default: 300)
+ * @param {number} maxWaitMs - Maximum time to wait in total (default: 2000)
+ * @returns {Promise<void>}
+ */
+export async function drainInput(stdin, silenceMs = 300, maxWaitMs = 2000) {
+  // If not TTY, we can't really drain in the same way, but we can try small read
+  if (!stdin.isTTY) {
+    if (stdin.readableLength > 0) stdin.read();
+    return;
+  }
+
+  // Enable raw mode to catch all chars
+  try {
+    stdin.setRawMode(true);
+  } catch (e) {
+    // Ignore
+  }
+
+  await new Promise(resolve => {
+    stdin.resume();
+
+    let silenceTimer;
+    let maxTimer;
+
+    const cleanup = () => {
+      if (silenceTimer) clearTimeout(silenceTimer);
+      if (maxTimer) clearTimeout(maxTimer);
+      stdin.removeAllListeners('data');
+
+      // Pause so we don't eat future input intended for others
+      stdin.pause();
+
+      try {
+        stdin.setRawMode(false);
+      } catch (e) {
+        // Ignore
+      }
+      resolve();
+    };
+
+    const resetSilenceTimer = () => {
+      if (silenceTimer) clearTimeout(silenceTimer);
+      silenceTimer = setTimeout(cleanup, silenceMs);
+    };
+
+    // If we hit the max wait time, just force proceed
+    maxTimer = setTimeout(cleanup, maxWaitMs);
+
+    // Listen for ANY data and drain it
+    stdin.on('data', () => {
+      resetSilenceTimer();
+    });
+
+    // Start the initial timer
+    resetSilenceTimer();
+  });
+
+  // Final sanity check drain
+  if (stdin.readableLength > 0) {
+    stdin.read();
+  }
+}
+
+/**
+ * Read password from stdin with character masking (pure implementation without readline)
  * @param {string} prompt - Prompt to display
  * @param {string} [maskChar='*'] - Character to display for each typed character
  * @returns {Promise<string>} The entered password
  */
-export function readPassword(prompt, maskChar = '*') {
-  return new Promise((resolve) => {
-    process.stdout.write(prompt);
-    const stdin = process.stdin;
-    stdin.setRawMode(true);
+export async function readPassword(prompt, maskChar = '*') {
+  const stdin = process.stdin;
+
+  // Use robust drain before starting
+  await drainInput(stdin, 200, 1000);
+
+  return new Promise((resolve, reject) => {
+    let onDataHandler = null;
+
+    // Comprehensive cleanup function to ensure stdin is in pristine state
+    const cleanup = (removeListener = true) => {
+      if (removeListener && onDataHandler) {
+        stdin.removeListener('data', onDataHandler);
+        onDataHandler = null;
+      }
+
+      // Remove ALL listeners to avoid any residual state
+      stdin.removeAllListeners('data');
+
+      if (stdin.isTTY) {
+        try {
+          stdin.setRawMode(false);
+        } catch (error) {
+          // Ignore raw mode reset failures
+        }
+      }
+
+      // DON'T pause stdin - leave it ready for next use
+      // CharsmUI will manage its own resume/pause
+    };
+
+    // Ensure stdin is in correct initial state
+    if (!stdin.isTTY) {
+      reject(new Error('stdin is not a TTY'));
+      return;
+    }
+
+    // Start fresh
+    stdin.removeAllListeners('data');
+    stdin.removeAllListeners('keypress');
     stdin.resume();
+
+    // Set raw mode for character-by-character input
+    try {
+      stdin.setRawMode(true);
+    } catch (error) {
+      reject(new Error(`Failed to set raw mode: ${error.message}`));
+      return;
+    }
+
     stdin.setEncoding('utf8');
+
+    // Always mask password (show asterisks)
+    const shouldMask = true;
     let password = '';
+    let done = false;
+    let escapeState = 'normal';
 
-    const onData = (char) => {
-      switch (char) {
-        case KEY_CODES.ENTER:
-        case KEY_CODES.CARRIAGE_RETURN:
-        case KEY_CODES.CTRL_D:
-          stdin.setRawMode(false);
-          stdin.pause();
-          stdin.removeListener('data', onData);
-          process.stdout.write('\n');
-          resolve(password);
-          break;
+    const finish = () => {
+      if (done) {
+        return;
+      }
+      done = true;
+      cleanup(true);
+      process.stdout.write('\n');
+      resolve(password);
+    };
 
-        case KEY_CODES.CTRL_C:
-          process.stdout.write('\n');
-          process.exit(0);
+    onDataHandler = (chunk) => {
+      for (const ch of chunk) {
+        if (done) {
           break;
+        }
+
+        const codePoint = ch.charCodeAt(0);
 
-        case KEY_CODES.BACKSPACE:
-        case KEY_CODES.BACKSPACE_ALT:
-          if (password.length > 0) {
-            password = password.slice(0, -1);
-            process.stdout.write(TERMINAL.BACKSPACE);
+        // State machine for filtering ANSI escape sequences
+        if (escapeState === 'esc') {
+          if (ch === '[') {
+            escapeState = 'csi';
+          } else if (ch === ']') {
+            escapeState = 'osc';
+          } else {
+            escapeState = 'normal';
           }
-          break;
+          continue;
+        }
 
-        default:
-          password += char;
-          process.stdout.write(maskChar);
-          break;
+        if (escapeState === 'csi') {
+          if (ch >= '@' && ch <= '~') {
+            escapeState = 'normal';
+          }
+          continue;
+        }
+
+        if (escapeState === 'osc') {
+          if (ch === '\x07') {
+            escapeState = 'normal';
+          } else if (codePoint === 0x9c) {
+            escapeState = 'normal';
+          } else if (ch === '\x1b') {
+            escapeState = 'osc-esc';
+          }
+          continue;
+        }
+
+        if (escapeState === 'osc-esc') {
+          if (ch === '\\') {
+            escapeState = 'normal';
+          } else if (ch !== '\x1b') {
+            escapeState = 'osc';
+          }
+          continue;
+        }
+
+        // Process actual characters
+        switch (ch) {
+          case KEY_CODES.ENTER:
+          case KEY_CODES.CARRIAGE_RETURN:
+          case KEY_CODES.CTRL_D:
+            finish();
+            return;
+
+          case KEY_CODES.CTRL_C:
+            cleanup(true);
+            process.stdout.write('\n');
+            resetTerminal();
+            process.exit(0);
+
+          case KEY_CODES.BACKSPACE:
+          case KEY_CODES.BACKSPACE_ALT:
+            if (password.length > 0) {
+              password = password.slice(0, -1);
+              if (shouldMask) {
+                process.stdout.write(TERMINAL.BACKSPACE);
+              }
+            }
+            break;
+
+          default:
+            // Start of escape sequence
+            if (ch === '\x1b') {
+              escapeState = 'esc';
+              break;
+            }
+
+            // C1 control characters (ignore)
+            if (codePoint === 0x9b) {
+              escapeState = 'csi';
+              break;
+            }
+            if (codePoint === 0x9d) {
+              escapeState = 'osc';
+              break;
+            }
+            if (codePoint >= 0x80 && codePoint <= 0x9f) {
+              // Ignore C1 control characters
+              break;
+            }
+
+            // C0 control characters (ignore except Enter, Backspace, Ctrl+C handled above)
+            if (codePoint < 0x20) {
+              // Ignore C0 control characters
+              break;
+            }
+
+            // Valid printable character
+            password += ch;
+            if (shouldMask) {
+              process.stdout.write(maskChar);
+            }
+            break;
+        }
       }
     };
 
-    stdin.on('data', onData);
+    // Attach listener FIRST so it can filter any incoming ANSI sequences
+    stdin.on('data', onDataHandler);
+
+    // Show prompt after a tiny delay
+    setTimeout(() => {
+      process.stdout.write(prompt);
+    }, 10);
   });
 }
 
@@ -186,12 +393,12 @@ export async function withSuppressedConsole(fn) {
   const originalStdoutWrite = process.stdout.write;
   const originalStderrWrite = process.stderr.write;
 
-  console.log = () => {};
-  console.warn = () => {};
-  console.error = () => {};
-  console.info = () => {};
-  process.stdout.write = () => {};
-  process.stderr.write = () => {};
+  console.log = () => { };
+  console.warn = () => { };
+  console.error = () => { };
+  console.info = () => { };
+  process.stdout.write = () => { };
+  process.stderr.write = () => { };
 
   try {
     return await fn();
@@ -213,6 +420,12 @@ export function resetTerminal() {
   if (process.stdout.isTTY) {
     try {
       process.stdout.write(TERMINAL.EXIT_ALT_SCREEN);
+      // Disable mouse reporting (1000, 1002, 1003, 1006, 1015)
+      process.stdout.write('\x1b[?1000l\x1b[?1002l\x1b[?1003l\x1b[?1006l\x1b[?1015l');
+      // Disable bracketed paste (2004)
+      process.stdout.write('\x1b[?2004l');
+      // Disable focus tracking (1004)
+      process.stdout.write('\x1b[?1004l');
       process.stdout.write(TERMINAL.SHOW_CURSOR);
       process.stdout.write(TERMINAL.RESET_ATTRIBUTES);
       process.stdout.write(TERMINAL.NEW_LINE);
@@ -231,6 +444,54 @@ export function resetTerminal() {
   }
 }
 
+/**
+ * Emergency terminal cleanup
+ * Called at startup to ensure terminal is in a clean state
+ */
+export function emergencyTerminalCleanup() {
+  if (process.stdin.isTTY) {
+    try {
+      // Remove any stale listeners
+      process.stdin.removeAllListeners('keypress');
+      process.stdin.removeAllListeners('data');
+
+      // Ensure raw mode is off
+      process.stdin.setRawMode(false);
+
+      // Resume stdin to allow reading buffered data
+      process.stdin.resume();
+
+      // Aggressively flush all buffered data (may need multiple reads)
+      let flushed = 0;
+      while (process.stdin.readableLength > 0 && flushed < 10) {
+        process.stdin.read();
+        flushed++;
+      }
+
+      // Now pause for normal operation
+      process.stdin.pause();
+    } catch (err) {
+      // Ignore errors during cleanup
+    }
+  }
+
+  if (process.stdout.isTTY) {
+    try {
+      // Reset terminal attributes
+      process.stdout.write(TERMINAL.RESET_ATTRIBUTES);
+      // Disable mouse reporting (1000, 1002, 1003, 1006, 1015)
+      process.stdout.write('\x1b[?1000l\x1b[?1002l\x1b[?1003l\x1b[?1006l\x1b[?1015l');
+      // Disable bracketed paste (2004)
+      process.stdout.write('\x1b[?2004l');
+      // Disable focus tracking (1004)
+      process.stdout.write('\x1b[?1004l');
+      process.stdout.write(TERMINAL.SHOW_CURSOR);
+    } catch (err) {
+      // Ignore errors
+    }
+  }
+}
+
 /**
  * Parse RPC host from URL for display
  * @param {string} url - Full RPC URL
@@ -277,8 +538,8 @@ export function validatePassword(password, minLength, maxLength) {
  */
 export function isPubkeyRevealed(pubkeyResponse) {
   return pubkeyResponse?.pubkey &&
-         pubkeyResponse?.revealed === 1 &&
-         pubkeyResponse.pubkey.trim().length > 0;
+    pubkeyResponse?.revealed === 1 &&
+    pubkeyResponse.pubkey.trim().length > 0;
 }
 
 /**

package/src/wallet/WalletManager.js

@@ -5,7 +5,6 @@
  */
 
 import NeuraiKey from '@neuraiproject/neurai-key';
-import secp256k1 from 'secp256k1';
 import {
   ADDRESS,
   ERROR_MESSAGES
@@ -32,7 +31,7 @@ export class WalletManager {
 
   /**
    * Derive address and public key from WIF private key
-   * Uses NeuraiKey to get address and secp256k1 to derive compressed public key
+   * Uses NeuraiKey to get address and derive compressed public key
    * @returns {Promise<void>}
    * @throws {WalletError} If key derivation fails
    */
@@ -46,10 +45,10 @@ export class WalletManager {
       this.address = keyInfo.address;
       this.privateKeyHex = keyInfo.privateKey;
 
-      // Derive compressed public key from private key
-      const privateKeyBuffer = Buffer.from(keyInfo.privateKey, 'hex');
-      const publicKeyBuffer = secp256k1.publicKeyCreate(privateKeyBuffer, true);
-      this.publicKey = Buffer.from(publicKeyBuffer).toString('hex');
+      // Derive compressed public key from WIF
+      this.publicKey = await withSuppressedConsole(() => {
+        return NeuraiKey.getPubkeyByWIF(this.config.network, this.config.privateKey);
+      });
     } catch (error) {
       throw new WalletError(`${ERROR_MESSAGES.INVALID_WIF}: ${error.message}`);
     }