@onekeyfe/hardware-cli 1.1.25 → 1.1.26-alpha.10

package/dist/session.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Passphrase session management for hd-cli.
+ *
+ * Aligns with app-monorepo's CLI pattern:
+ *   Login:   getPassphraseState → passphraseState + sessionId → keychain
+ *   Command: keychain → preloadSessionCache → SDK call (no passphrase prompt)
+ *   Stale:   error 112 → clear keychain → re-prompt → retry
+ *   Logout:  keychain delete
+ */
+/**
+ * Load passphraseState + sessionId from keychain and call preloadSessionCache.
+ * Non-fatal: returns the loaded passphraseState or undefined.
+ */
+export declare function preloadSessionFromKeychain(deviceId: string): Promise<string | undefined>;
+/**
+ * Save passphraseState + sessionId to keychain for next CLI invocation.
+ */
+export declare function saveSessionToKeychain(deviceId: string, passphraseState: string, sessionId: string): Promise<void>;
+/**
+ * Clear cached session from keychain.
+ */
+export declare function clearSessionFromKeychain(deviceId?: string): Promise<void>;

package/dist/session.js

@@ -0,0 +1,83 @@
+"use strict";
+/**
+ * Passphrase session management for hd-cli.
+ *
+ * Aligns with app-monorepo's CLI pattern:
+ *   Login:   getPassphraseState → passphraseState + sessionId → keychain
+ *   Command: keychain → preloadSessionCache → SDK call (no passphrase prompt)
+ *   Stale:   error 112 → clear keychain → re-prompt → retry
+ *   Logout:  keychain delete
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.clearSessionFromKeychain = exports.saveSessionToKeychain = exports.preloadSessionFromKeychain = void 0;
+const hd_core_1 = require("@onekeyfe/hd-core");
+const storage_1 = require("./storage");
+// Keychain key format: scoped by deviceId for multi-device support
+function psKey(deviceId) {
+    return `onekey-hw:${deviceId}/passphrase-state`;
+}
+function sidKey(deviceId) {
+    return `onekey-hw:${deviceId}/session-id`;
+}
+let storageInstance = null;
+function getStorage() {
+    if (!storageInstance) {
+        storageInstance = (0, storage_1.createSecureStorage)();
+    }
+    return storageInstance;
+}
+/**
+ * Load passphraseState + sessionId from keychain and call preloadSessionCache.
+ * Non-fatal: returns the loaded passphraseState or undefined.
+ */
+async function preloadSessionFromKeychain(deviceId) {
+    try {
+        const storage = getStorage();
+        const [psBuf, sidBuf] = await Promise.all([
+            storage.get(psKey(deviceId)),
+            storage.get(sidKey(deviceId)),
+        ]);
+        if (psBuf && sidBuf) {
+            const passphraseState = psBuf.toString('utf-8');
+            const sessionId = sidBuf.toString('utf-8');
+            (0, hd_core_1.preloadSessionCache)(deviceId, passphraseState, sessionId);
+            return passphraseState;
+        }
+    }
+    catch {
+        // Non-fatal — fall through to passphrase prompt
+    }
+    return undefined;
+}
+exports.preloadSessionFromKeychain = preloadSessionFromKeychain;
+/**
+ * Save passphraseState + sessionId to keychain for next CLI invocation.
+ */
+async function saveSessionToKeychain(deviceId, passphraseState, sessionId) {
+    try {
+        const storage = getStorage();
+        await Promise.all([
+            storage.set(psKey(deviceId), Buffer.from(passphraseState, 'utf-8')),
+            storage.set(sidKey(deviceId), Buffer.from(sessionId, 'utf-8')),
+        ]);
+    }
+    catch {
+        // Non-fatal — session still works in-memory for this invocation
+    }
+}
+exports.saveSessionToKeychain = saveSessionToKeychain;
+/**
+ * Clear cached session from keychain.
+ */
+async function clearSessionFromKeychain(deviceId) {
+    try {
+        const storage = getStorage();
+        if (deviceId) {
+            await Promise.allSettled([storage.delete(psKey(deviceId)), storage.delete(sidKey(deviceId))]);
+        }
+    }
+    catch {
+        // Non-fatal
+    }
+}
+exports.clearSessionFromKeychain = clearSessionFromKeychain;

package/dist/storage/index.d.ts

@@ -0,0 +1,2 @@
+export { createSecureStorage } from './storage-factory';
+export type { ISecureStorage, SecureStorageBackend } from './types';

package/dist/storage/index.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createSecureStorage = void 0;
+var storage_factory_1 = require("./storage-factory");
+Object.defineProperty(exports, "createSecureStorage", { enumerable: true, get: function () { return storage_factory_1.createSecureStorage; } });

package/dist/storage/process-utils.d.ts

@@ -0,0 +1,2 @@
+import type { IProcessRunner } from './types';
+export declare const defaultProcessRunner: IProcessRunner;

package/dist/storage/process-utils.js

@@ -0,0 +1,44 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.defaultProcessRunner = void 0;
+const node_child_process_1 = require("node:child_process");
+exports.defaultProcessRunner = {
+    execFileAsync(cmd, args) {
+        return new Promise((resolve, reject) => {
+            (0, node_child_process_1.execFile)(cmd, args, (error, stdout, stderr) => {
+                if (error) {
+                    error.stderr = stderr;
+                    reject(error);
+                    return;
+                }
+                resolve({ stdout, stderr });
+            });
+        });
+    },
+    spawnWithStdin(cmd, args, input) {
+        return new Promise((resolve, reject) => {
+            const child = (0, node_child_process_1.spawn)(cmd, args, { stdio: ['pipe', 'pipe', 'pipe'] });
+            let stdout = '';
+            let stderr = '';
+            child.stdout.on('data', (data) => {
+                stdout += data.toString();
+            });
+            child.stderr.on('data', (data) => {
+                stderr += data.toString();
+            });
+            child.on('error', reject);
+            child.on('close', code => {
+                if (code !== 0) {
+                    const error = new Error(`Process exited with code ${code}`);
+                    error.code = code ?? 1;
+                    error.stderr = stderr;
+                    reject(error);
+                    return;
+                }
+                resolve({ stdout, stderr });
+            });
+            child.stdin.write(`${input}\n`);
+            child.stdin.end();
+        });
+    },
+};

package/dist/storage/secure-storage.linux.d.ts

@@ -0,0 +1,11 @@
+/// <reference types="node" />
+import type { IProcessRunner, ISecureStorage, SecureStorageBackend } from './types';
+export declare class LinuxSecureStorage implements ISecureStorage {
+    private readonly runner;
+    constructor(runner?: IProcessRunner);
+    getBackendType(): SecureStorageBackend;
+    set(key: string, value: Buffer): Promise<void>;
+    get(key: string): Promise<Buffer | null>;
+    delete(key: string): Promise<void>;
+    private isItemNotFound;
+}

package/dist/storage/secure-storage.linux.js

@@ -0,0 +1,59 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LinuxSecureStorage = void 0;
+const process_utils_1 = require("./process-utils");
+const SERVICE_NAME = 'onekey-hw-cli';
+const SECRET_LABEL = 'OneKey HW CLI Secret';
+class LinuxSecureStorage {
+    constructor(runner = process_utils_1.defaultProcessRunner) {
+        this.runner = runner;
+    }
+    getBackendType() {
+        return 'linux-secret-service';
+    }
+    async set(key, value) {
+        await this.runner.spawnWithStdin('secret-tool', ['store', '--label', SECRET_LABEL, 'service', SERVICE_NAME, 'account', key], value.toString('hex'));
+    }
+    async get(key) {
+        try {
+            const { stdout } = await this.runner.execFileAsync('secret-tool', [
+                'lookup',
+                'service',
+                SERVICE_NAME,
+                'account',
+                key,
+            ]);
+            const hex = stdout.trim();
+            return hex ? Buffer.from(hex, 'hex') : null;
+        }
+        catch (error) {
+            if (this.isItemNotFound(error))
+                return null;
+            throw error;
+        }
+    }
+    async delete(key) {
+        try {
+            await this.runner.execFileAsync('secret-tool', [
+                'clear',
+                'service',
+                SERVICE_NAME,
+                'account',
+                key,
+            ]);
+        }
+        catch (error) {
+            if (this.isItemNotFound(error))
+                return;
+            throw error;
+        }
+    }
+    isItemNotFound(error) {
+        const err = error;
+        const stderr = err.stderr ?? err.message ?? '';
+        return (stderr.includes('No such secret item') ||
+            stderr.includes('Object does not exist') ||
+            stderr.includes('could not find'));
+    }
+}
+exports.LinuxSecureStorage = LinuxSecureStorage;

package/dist/storage/secure-storage.macos.d.ts

@@ -0,0 +1,11 @@
+/// <reference types="node" />
+import type { IProcessRunner, ISecureStorage, SecureStorageBackend } from './types';
+export declare class MacOSSecureStorage implements ISecureStorage {
+    private readonly runner;
+    constructor(runner?: IProcessRunner);
+    getBackendType(): SecureStorageBackend;
+    set(key: string, value: Buffer): Promise<void>;
+    get(key: string): Promise<Buffer | null>;
+    delete(key: string): Promise<void>;
+    private isItemNotFound;
+}

package/dist/storage/secure-storage.macos.js

@@ -0,0 +1,65 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MacOSSecureStorage = void 0;
+const process_utils_1 = require("./process-utils");
+const SERVICE_NAME = 'onekey-hw-cli';
+class MacOSSecureStorage {
+    constructor(runner = process_utils_1.defaultProcessRunner) {
+        this.runner = runner;
+    }
+    getBackendType() {
+        return 'macos-keychain';
+    }
+    async set(key, value) {
+        const hex = value.toString('hex');
+        // Use `security -i` (interactive/batch mode): the tool parses commands
+        // from stdin internally instead of re-spawning a sub-process per command,
+        // so the password argument never appears in /proc or `ps aux` output.
+        //
+        // Keys are of the form `onekey-hw:<deviceId>/<slot>` and hex values only
+        // contain 0-9a-f, so neither contains shell metacharacters that would
+        // break the simple quoting security's parser expects.
+        const cmd = `add-generic-password -s "${SERVICE_NAME}" -a "${key}" -w "${hex}" -U`;
+        await this.runner.spawnWithStdin('security', ['-i'], cmd);
+    }
+    async get(key) {
+        try {
+            const { stdout } = await this.runner.execFileAsync('security', [
+                'find-generic-password',
+                '-s',
+                SERVICE_NAME,
+                '-a',
+                key,
+                '-w',
+            ]);
+            const hex = stdout.trim();
+            return hex ? Buffer.from(hex, 'hex') : null;
+        }
+        catch (error) {
+            if (this.isItemNotFound(error))
+                return null;
+            throw error;
+        }
+    }
+    async delete(key) {
+        try {
+            await this.runner.execFileAsync('security', [
+                'delete-generic-password',
+                '-s',
+                SERVICE_NAME,
+                '-a',
+                key,
+            ]);
+        }
+        catch (error) {
+            if (this.isItemNotFound(error))
+                return;
+            throw error;
+        }
+    }
+    isItemNotFound(error) {
+        const err = error;
+        return err.code === 44 || err.stderr?.includes('could not be found') === true;
+    }
+}
+exports.MacOSSecureStorage = MacOSSecureStorage;

package/dist/storage/storage-factory.d.ts

@@ -0,0 +1,3 @@
+/// <reference types="node" />
+import type { ISecureStorage } from './types';
+export declare function createSecureStorage(platform?: NodeJS.Platform): ISecureStorage;

package/dist/storage/storage-factory.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createSecureStorage = void 0;
+const secure_storage_linux_1 = require("./secure-storage.linux");
+const secure_storage_macos_1 = require("./secure-storage.macos");
+function createSecureStorage(platform = process.platform) {
+    if (platform === 'darwin')
+        return new secure_storage_macos_1.MacOSSecureStorage();
+    if (platform === 'linux')
+        return new secure_storage_linux_1.LinuxSecureStorage();
+    throw new Error(`Secure storage is not supported on platform "${platform}". ` +
+        'Use macOS Keychain or Linux Secret Service.');
+}
+exports.createSecureStorage = createSecureStorage;

package/dist/storage/types.d.ts

@@ -0,0 +1,18 @@
+/// <reference types="node" />
+export type SecureStorageBackend = 'macos-keychain' | 'linux-secret-service';
+export interface ISecureStorage {
+    getBackendType(): SecureStorageBackend;
+    get(key: string): Promise<Buffer | null>;
+    set(key: string, value: Buffer): Promise<void>;
+    delete(key: string): Promise<void>;
+}
+export interface IProcessRunner {
+    execFileAsync(cmd: string, args: string[]): Promise<{
+        stdout: string;
+        stderr: string;
+    }>;
+    spawnWithStdin(cmd: string, args: string[], input: string): Promise<{
+        stdout: string;
+        stderr: string;
+    }>;
+}

package/dist/storage/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@onekeyfe/hardware-cli",
-  "version": "1.1.25",
-  "description": "OneKey hardware wallet CLI for AI agent integration",
+  "version": "1.1.26-alpha.10",
+  "description": "OneKey hardware wallet CLI for testing device communication",
   "author": "OneKey",
   "license": "Apache-2.0",
   "homepage": "https://github.com/OneKeyHQ/hardware-js-sdk#readme",
@@ -18,20 +18,23 @@
     "access": "public"
   },
   "scripts": {
-    "dev": "rimraf dist && rollup -c rollup.config.js -w",
-    "build": "rimraf dist && rollup -c rollup.config.js && node -e \"const f='dist/cli.js';const c=require('fs').readFileSync(f,'utf8');require('fs').writeFileSync(f,'#!/usr/bin/env node\\n'+c)\"",
+    "build": "tsc && node -e \"const f='dist/cli.js';const c=require('fs').readFileSync(f,'utf8');if(!c.startsWith('#!'))require('fs').writeFileSync(f,'#!/usr/bin/env node\\n'+c)\"",
+    "prestart": "tsc",
+    "start": "node dist/cli.js",
+    "search": "node dist/cli.js search",
+    "get-features": "node dist/cli.js get-features",
+    "get-address": "node dist/cli.js get-address",
+    "ping": "node dist/cli.js ping",
     "lint": "eslint .",
-    "lint:fix": "eslint . --fix"
+    "lint:fix": "eslint . --fix",
+    "test": "jest"
   },
   "dependencies": {
-    "@onekeyfe/hd-common-connect-sdk": "1.1.25",
-    "@onekeyfe/hd-core": "1.1.25",
-    "@onekeyfe/hd-shared": "1.1.25",
-    "@onekeyfe/hd-transport-usb": "1.1.25",
-    "commander": "^12.0.0",
-    "eventemitter2": "^6.4.9",
-    "lodash": "^4.17.21",
-    "tslib": "^2.6.0"
+    "@onekeyfe/hd-common-connect-sdk": "1.1.26-alpha.10",
+    "@onekeyfe/hd-core": "1.1.26-alpha.10",
+    "@onekeyfe/hd-shared": "1.1.26-alpha.10",
+    "@onekeyfe/hd-transport-usb": "1.1.26-alpha.10",
+    "commander": "^12.0.0"
   },
-  "gitHead": "6110417c47363db38190076610ea4de0e8508924"
+  "gitHead": "4cab4ba97dee894aa87145ced1e629c06f0ab8b7"
 }

package/src/__tests__/pinentry.test.ts

@@ -0,0 +1,185 @@
+/**
+ * Unit tests for pinentry stdout parsing.
+ *
+ * These tests exercise the pure Assuan-protocol parser — no hardware,
+ * no child process, no keychain. They catch the class of bugs that
+ * silently corrupt a user's passphrase (e.g. losing `%` characters,
+ * mis-splitting multi-line responses, trailing CR from CRLF shells).
+ *
+ * Mirrors app-monorepo/apps/cli/src/__tests__/pinentry.test.ts so both
+ * CLIs stay aligned on the same decoding semantics.
+ */
+
+import { decodeAssuanData, parsePinentryStdout } from '../pinentry';
+
+describe('decodeAssuanData', () => {
+  it('passes plain ASCII through unchanged', () => {
+    expect(decodeAssuanData('hello-world')).toBe('hello-world');
+  });
+
+  it('decodes a literal percent (%25 -> %)', () => {
+    // pinentry sends `D a%25b%25c` for the user input `a%b%c`
+    expect(decodeAssuanData('a%25b%25c')).toBe('a%b%c');
+  });
+
+  it('decodes CR (%0D) and LF (%0A)', () => {
+    expect(decodeAssuanData('line1%0Dline2%0Aline3')).toBe(
+      'line1\rline2\nline3'
+    );
+  });
+
+  it('handles trailing percent encoding', () => {
+    expect(decodeAssuanData('end%25')).toBe('end%');
+  });
+
+  it('handles uppercase and lowercase hex', () => {
+    expect(decodeAssuanData('%2a%2A')).toBe('**');
+  });
+
+  it('leaves a bare % (not followed by 2 hex chars) untouched', () => {
+    // pinentry never produces this, but the decoder must not corrupt it.
+    expect(decodeAssuanData('100%')).toBe('100%');
+    expect(decodeAssuanData('%2')).toBe('%2');
+    expect(decodeAssuanData('%zz')).toBe('%zz');
+  });
+
+  it('leaves an empty string alone', () => {
+    expect(decodeAssuanData('')).toBe('');
+  });
+
+  // Assuan only percent-encodes %, CR, and LF. Every other byte — including
+  // multi-byte UTF-8 sequences, extended ASCII, spaces, symbols — goes over
+  // the D line untouched. These tests mirror the real passphrases exercised
+  // by expo-example/TestSpecialPassphraseWallet, so a decoder change that
+  // accidentally mangles non-ASCII input fails here instead of only in a
+  // hardware-required integration run.
+  it('passes UTF-8 multi-byte scripts through unchanged', () => {
+    expect(decodeAssuanData('你好passphrase')).toBe('你好passphrase');
+    expect(decodeAssuanData('私のパスワード')).toBe('私のパスワード');
+    expect(decodeAssuanData('myسياسةpassphrase')).toBe('myسياسةpassphrase');
+  });
+
+  it('passes extended ASCII and accented chars unchanged', () => {
+    expect(decodeAssuanData('¥Øÿ')).toBe('¥Øÿ');
+    expect(decodeAssuanData('P@sswôrd€')).toBe('P@sswôrd€');
+    expect(decodeAssuanData('mi política de frase de contraseña')).toBe(
+      'mi política de frase de contraseña'
+    );
+  });
+
+  it('preserves leading and trailing spaces', () => {
+    // Regression guard: a .trim() added "defensively" anywhere in the pipe
+    // would derive the wrong passphraseState for Wallet-4 and silently
+    // unlock a different hidden wallet. expo-example Wallet-4 exercises
+    // exactly this passphrase.
+    expect(decodeAssuanData(' My Passphrase ')).toBe(' My Passphrase ');
+  });
+
+  it('passes a multi-script mixed passphrase through unchanged', () => {
+    // Matches expo-example Wallet-1 — the "everything all at once" case.
+    const mixed = 'Aa0!)_+맪Ӎ¬}¨¥ϸΔѭЧゞく6鼵';
+    expect(decodeAssuanData(mixed)).toBe(mixed);
+  });
+});
+
+describe('parsePinentryStdout', () => {
+  it('parses a real pinentry-mac success response', () => {
+    const stdout =
+      'OK Pleased to meet you, process 38946\nOK\nOK\nD a%25b%25c\nOK\n';
+    expect(parsePinentryStdout(stdout)).toEqual({
+      data: 'a%b%c',
+      cancelled: false,
+    });
+  });
+
+  it('returns no data and cancelled=false when user clicks OK on empty', () => {
+    // Pinentry omits the D line entirely when the input is empty.
+    const stdout = 'OK Pleased to meet you\nOK\nOK\nOK\n';
+    expect(parsePinentryStdout(stdout)).toEqual({ cancelled: false });
+  });
+
+  it('flags cancellation via ERR 83886179', () => {
+    const stdout =
+      'OK Pleased to meet you\nOK\nOK\nERR 83886179 Operation cancelled\n';
+    expect(parsePinentryStdout(stdout)).toEqual({ cancelled: true });
+  });
+
+  it('concatenates multi-line D responses before decoding', () => {
+    // User typed `first-half-with-%-end` (literal `%`). Pinentry encoded
+    // `%` as `%25` and the line-length limit happened to split right inside
+    // that triple — `%2` ends line 1, `5` starts line 2. We must concat
+    // raw chunks *first*, then decode — otherwise `%2` alone is not a
+    // valid `%XX` triple and the `%` would be permanently lost.
+    const stdout = ['OK', 'D first-half-with-%2', 'D 5-end', 'OK'].join('\n');
+    expect(parsePinentryStdout(stdout)).toEqual({
+      data: 'first-half-with-%-end',
+      cancelled: false,
+    });
+  });
+
+  it('also concatenates D chunks that do not split inside %XX', () => {
+    const stdout = ['OK', 'D part-one-', 'D part-two', 'OK'].join('\n');
+    expect(parsePinentryStdout(stdout)).toEqual({
+      data: 'part-one-part-two',
+      cancelled: false,
+    });
+  });
+
+  it('handles CRLF line endings (pinentry-gnome3/qt)', () => {
+    const stdout = 'OK Pleased\r\nOK\r\nOK\r\nD secret%25here\r\nOK\r\n';
+    expect(parsePinentryStdout(stdout)).toEqual({
+      data: 'secret%here',
+      cancelled: false,
+    });
+  });
+
+  it('decodes CR/LF inside the passphrase (theoretical)', () => {
+    const stdout = 'OK\nD line1%0Dline2%0Aline3\nOK\n';
+    expect(parsePinentryStdout(stdout)).toEqual({
+      data: 'line1\rline2\nline3',
+      cancelled: false,
+    });
+  });
+
+  it('flags cancellation via "Operation cancelled" message', () => {
+    // Some pinentry variants surface cancellation without the canonical
+    // error code — just the human-readable string.
+    const stdout = 'OK\nOK\nERR Operation cancelled\n';
+    expect(parsePinentryStdout(stdout)).toEqual({ cancelled: true });
+  });
+
+  it('handles empty stdout without throwing', () => {
+    expect(parsePinentryStdout('')).toEqual({ cancelled: false });
+  });
+
+  // End-to-end sanity over a full stdout frame carrying the real-world
+  // passphrases exercised by expo-example. Guards the `D ` prefix strip
+  // (`.slice(2)`) against any future refactor that would drop a byte from
+  // the leading space (e.g. switching to `.slice(1).trimStart()`).
+  it('parses a stdout frame carrying a UTF-8 passphrase', () => {
+    const stdout = 'OK Pleased to meet you\nOK\nOK\nD 你好passphrase\nOK\n';
+    expect(parsePinentryStdout(stdout)).toEqual({
+      data: '你好passphrase',
+      cancelled: false,
+    });
+  });
+
+  it('parses a stdout frame with surrounding spaces in the passphrase', () => {
+    const stdout = 'OK\nOK\nOK\nD  My Passphrase \nOK\n';
+    expect(parsePinentryStdout(stdout)).toEqual({
+      data: ' My Passphrase ',
+      cancelled: false,
+    });
+  });
+
+  it('parses a stdout frame with a mixed-script passphrase', () => {
+    // expo-example Wallet-1 — guards that neither split nor slice corrupts
+    // surrogate pairs (e.g. `鼵` U+9E35 fits in a single UTF-16 unit, but
+    // `맪` U+B9AA also does; kept together here as a smoke test).
+    const stdout = 'OK\nD Aa0!)_+맪Ӎ¬}¨¥ϸΔѭЧゞく6鼵\nOK\n';
+    expect(parsePinentryStdout(stdout)).toEqual({
+      data: 'Aa0!)_+맪Ӎ¬}¨¥ϸΔѭЧゞく6鼵',
+      cancelled: false,
+    });
+  });
+});