npm - @principle2026/vault - Versions diffs - 1.0.0 - Mend

@principle2026/vault 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,117 @@
+# Vault — AI-Powered Secret Management
+A Claude Code plugin that enables AI to automatically manage your secrets and sensitive information.
+## Features
+- 🗣️ **Conversational** — Save and retrieve secrets using natural language
+- 🔐 **End-to-end encryption** — AES-256-GCM encryption
+- ☁️ **iCloud sync** — Automatically sync across all your devices
+- 🔑 **Keychain integration** — Secure master key storage
+- ⚡ **Zero config** — Ready to use after initialization
+## Installation
+### 方式 1: npm 全局安装（推荐）
+```bash
+npm install -g @principle2026/vault
+vault init
+```
+### 方式 2: 本地开发
+```bash
+git clone <repository>
+cd Vault
+npm install
+npm run build
+```
+## Usage
+### Initialize
+```bash
+vault init
+```
+Follow the interactive prompts to set up your master passphrase.
+### Save a secret
+```bash
+echo "sk-abc123" | vault set openai_key --description "OpenAI API Key"
+```
+### Get a secret
+```bash
+vault get openai_key
+```
+### List secrets
+```bash
+vault list
+```
+### Delete a secret
+```bash
+vault delete openai_key
+```
+### Check status
+```bash
+vault status
+```
+## AI Conversation Usage
+In Claude Code, use natural language:
+```
+You: Remember my OpenAI key is sk-abc123
+AI: [auto-save] Saved: openai_key
+You: Use that key to call the API
+AI: [auto-retrieve] Using sk-abc123...
+```
+## Security Design
+- **Algorithm**: AES-256-GCM
+- **Key derivation**: PBKDF2 (100,000 iterations)
+- **Storage**: iCloud or local `~/.vault-data/`
+- **Master key**: System keychain (unlocked by passphrase)
+## Project Structure
+```
+src/
+├── Crypto.ts   # Encryption/decryption
+├── Keychain.ts # Keychain operations
+├── Store.ts    # Data storage
+├── tools.ts    # Core functions
+└── index.ts    # CLI entry point
+```
+## Development
+```bash
+# Build
+npm run build
+# Watch mode
+npm run dev
+# Run CLI
+./dist/index.js status
+```
+## Dependencies
+- `keytar` — Keychain access
+- Web Crypto API — Encryption operations

package/SKILL.md ADDED Viewed

@@ -0,0 +1,117 @@
+---
+name: vault
+description: |
+  AI-powered secret management. Automatically save and retrieve API keys, passwords, and other sensitive information.
+  When users say "remember", "save", or "store", AI will automatically save secrets.
+  When users say "my key", "that password", AI will automatically retrieve secrets.
+  After initialization, AI will securely manage your sensitive information in the background.
+---
+# Vault — AI Secret Management
+Vault is a Claude Code skill that enables AI to automatically manage your secrets and sensitive information.
+## When to Use
+Consider secret operations when users say:
+**Save secrets:**
+- "Remember my OpenAI key is sk-xxx"
+- "Save this password"
+- "AWS secret key is xxxxx, store it"
+**Retrieve secrets:**
+- "Use that key to call the API"
+- "What's my password"
+- "Read the saved AWS key"
+**List secrets:**
+- "What secrets have I saved"
+- "List all secrets"
+## Steps
+### 0. Check if Vault is initialized
+```bash
+vault status
+```
+If it shows `Initialized: no`, prompt the user:
+```
+Vault is not initialized. Please run:
+  vault init <username>
+Then set a passphrase (at least 8 characters).
+```
+### 1. Save a secret (set_secret)
+When the user wants to save a secret, use bash command:
+```bash
+echo "<secret-value>" | vault set <key-name> --description "<description>"
+```
+Example:
+```bash
+echo "sk-abc123" | vault set openai_key --description "OpenAI API Key"
+```
+**Important**: Never pass secret values directly in command history. Use echo pipe.
+### 2. Get a secret (get_secret)
+When the user wants to retrieve a secret, use bash command:
+```bash
+vault get <key-name>
+```
+This will prompt for passphrase, then output the secret value.
+### 3. List secrets (list_secrets)
+```bash
+vault list
+```
+Shows all saved secret names (without values).
+## Security Notes
+- Passphrase must be at least 8 characters
+- Secrets are encrypted using AES-256-GCM
+- Encrypted data is stored in iCloud (if available) or locally
+- Master key is stored in system keychain
+## Error Handling
+| Error | Cause | Solution |
+|-------|-------|----------|
+| `Vault is not initialized` | First time use | Run `vault init <username>` |
+| `Passphrase incorrect` | Wrong password | Re-enter correct passphrase |
+| `Secret "xxx" not found` | Secret not found | Check name or use `vault list` |
+| `Key name cannot be empty` | Validation failed | Provide valid key name |
+## Storage Locations
+- **iCloud**: `~/Library/Mobile Documents/com~apple~CloudDocs/.vault-data/`
+- **Local fallback**: `~/.vault-data/`
+- **Keychain**: service=`vault-skill`, account=`master-key`
+## Example Conversations
+```
+User: Remember my OpenAI key is sk-abc123
+AI: I'll save this secret...
+    [run: echo "sk-abc123" | vault set openai_key --description "OpenAI API Key"]
+    Saved: openai_key
+User: Use that key to call the OpenAI API
+AI: [run: vault get openai_key]
+    Using sk-abc123 to call the API...
+```

package/dist/CLI.d.ts ADDED Viewed

@@ -0,0 +1,58 @@
+/**
+ * CLI - Interactive command line interface
+ *
+ * Handles user input, password prompts, and interactive flows
+ */
+/**
+ * Ask a question and get answer
+ */
+export declare function question(prompt: string): Promise<string>;
+/**
+ * Ask for password with hidden input
+ */
+export declare function password(prompt?: string): Promise<string>;
+/**
+ * Show welcome banner
+ */
+export declare function showWelcome(): void;
+/**
+ * Show first-time setup welcome
+ */
+export declare function showSetupWelcome(): void;
+/**
+ * Confirm action
+ */
+export declare function confirm(prompt: string): Promise<boolean>;
+/**
+ * Show success message
+ */
+export declare function success(message: string): void;
+/**
+ * Show error message
+ */
+export declare function error(message: string): void;
+/**
+ * Show info message
+ */
+export declare function info(message: string): void;
+/**
+ * Check if initialized, show welcome if first time
+ */
+export declare function checkInitialized(): Promise<boolean>;
+/**
+ * Run interactive setup
+ */
+export declare function runSetup(): Promise<{
+    username: string;
+    passphrase: string;
+}>;
+/**
+ * Show Vault status summary
+ */
+export declare function showStatusSummary(status: {
+    initialized: boolean;
+    userId?: string;
+    storageType: string;
+    secretCount: number;
+}): void;
+//# sourceMappingURL=CLI.d.ts.map

package/dist/CLI.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"CLI.d.ts","sourceRoot":"","sources":["../src/CLI.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAeH;;GAEG;AACH,wBAAgB,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAQxD;AAED;;GAEG;AACH,wBAAsB,QAAQ,CAAC,MAAM,SAAiB,GAAG,OAAO,CAAC,MAAM,CAAC,CAwDvE;AAED;;GAEG;AACH,wBAAgB,WAAW,SAK1B;AAED;;GAEG;AACH,wBAAgB,gBAAgB,SAW/B;AAED;;GAEG;AACH,wBAAsB,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAG9D;AAED;;GAEG;AACH,wBAAgB,OAAO,CAAC,OAAO,EAAE,MAAM,QAEtC;AAED;;GAEG;AACH,wBAAgB,KAAK,CAAC,OAAO,EAAE,MAAM,QAEpC;AAED;;GAEG;AACH,wBAAgB,IAAI,CAAC,OAAO,EAAE,MAAM,QAEnC;AAED;;GAEG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,OAAO,CAAC,CAQzD;AAED;;GAEG;AACH,wBAAsB,QAAQ,IAAI,OAAO,CAAC;IACxC,QAAQ,EAAE,MAAM,CAAA;IAChB,UAAU,EAAE,MAAM,CAAA;CACnB,CAAC,CAkCD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE;IACxC,WAAW,EAAE,OAAO,CAAA;IACpB,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,CAAA;CACpB,QASA"}

package/dist/CLI.js ADDED Viewed

@@ -0,0 +1,180 @@
+/**
+ * CLI - Interactive command line interface
+ *
+ * Handles user input, password prompts, and interactive flows
+ */
+import { createInterface } from 'readline';
+import { getVaultStatus } from './tools.js';
+/**
+ * Create readline interface
+ */
+function createRL() {
+    return createInterface({
+        input: process.stdin,
+        output: process.stdout,
+    });
+}
+/**
+ * Ask a question and get answer
+ */
+export function question(prompt) {
+    const rl = createRL();
+    return new Promise((resolve) => {
+        rl.question(prompt, (answer) => {
+            rl.close();
+            resolve(answer.trim());
+        });
+    });
+}
+/**
+ * Ask for password with hidden input
+ */
+export async function password(prompt = 'Passphrase: ') {
+    const rl = createRL();
+    // Hide output
+    const stdin = process.stdin;
+    const stdout = process.stdout;
+    stdin.setRawMode(true);
+    stdin.resume();
+    stdin.setEncoding('utf8');
+    stdout.write(prompt);
+    return new Promise((resolve) => {
+        let password = '';
+        const onData = (char) => {
+            const charCode = char.charCodeAt(0);
+            // Enter = 13, Ctrl+D = 4
+            if (charCode === 13 || charCode === 4) {
+                stdin.pause();
+                stdin.removeListener('data', onData);
+                stdin.setRawMode(false);
+                stdout.write('\n');
+                rl.close();
+                resolve(password);
+                return;
+            }
+            // Backspace = 127, Ctrl+H = 8
+            if (charCode === 127 || charCode === 8) {
+                if (password.length > 0) {
+                    password = password.slice(0, -1);
+                }
+                return;
+            }
+            // Ctrl+C = 3
+            if (charCode === 3) {
+                stdin.pause();
+                stdin.removeListener('data', onData);
+                stdin.setRawMode(false);
+                stdout.write('^C\n');
+                rl.close();
+                process.exit(1);
+                return;
+            }
+            // Regular character
+            password += char;
+        };
+        stdin.on('data', onData);
+    });
+}
+/**
+ * Show welcome banner
+ */
+export function showWelcome() {
+    console.log(`
+🔐 Vault - AI-Powered Secret Management
+══════════════════════════════════════════
+`);
+}
+/**
+ * Show first-time setup welcome
+ */
+export function showSetupWelcome() {
+    console.log(`
+👋 Welcome to Vault!
+This is your first time using Vault. Let's get you set up.
+Vault will store your secrets securely using AES-256 encryption.
+Your data is stored locally (or synced via iCloud on macOS).
+You'll need to set a master passphrase to protect your secrets.
+`);
+}
+/**
+ * Confirm action
+ */
+export async function confirm(prompt) {
+    const answer = await question(`${prompt} (y/N): `);
+    return answer.toLowerCase() === 'y' || answer.toLowerCase() === 'yes';
+}
+/**
+ * Show success message
+ */
+export function success(message) {
+    console.log(`✅ ${message}`);
+}
+/**
+ * Show error message
+ */
+export function error(message) {
+    console.error(`❌ ${message}`);
+}
+/**
+ * Show info message
+ */
+export function info(message) {
+    console.log(`ℹ️  ${message}`);
+}
+/**
+ * Check if initialized, show welcome if first time
+ */
+export async function checkInitialized() {
+    const status = await getVaultStatus();
+    if (!status.initialized) {
+        return false;
+    }
+    return true;
+}
+/**
+ * Run interactive setup
+ */
+export async function runSetup() {
+    showSetupWelcome();
+    // Get system username
+    const os = await import('os');
+    const defaultUsername = os.userInfo().username;
+    // Ask for username (with default)
+    const username = await question(`Username [${defaultUsername}]: `);
+    const finalUsername = username || defaultUsername;
+    console.log('');
+    // Ask for passphrase
+    while (true) {
+        const passphrase1 = await password('Set a master passphrase (min 8 characters): ');
+        if (passphrase1.length < 8) {
+            error('Passphrase must be at least 8 characters. Please try again.');
+            console.log('');
+            continue;
+        }
+        const passphrase2 = await password('Confirm passphrase: ');
+        if (passphrase1 !== passphrase2) {
+            error('Passphrases do not match. Please try again.');
+            console.log('');
+            continue;
+        }
+        console.log('');
+        return { username: finalUsername, passphrase: passphrase1 };
+    }
+}
+/**
+ * Show Vault status summary
+ */
+export function showStatusSummary(status) {
+    console.log(`
+📊 Vault Status
+══════════════════════════════════════════
+  Initialized: ${status.initialized ? '✅ Yes' : '❌ No'}
+  Storage:     ${status.storageType}
+${status.userId ? `  User:        ${status.userId}` : ''}
+  Secrets:     ${status.secretCount}
+`);
+}
+//# sourceMappingURL=CLI.js.map

package/dist/CLI.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"CLI.js","sourceRoot":"","sources":["../src/CLI.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAA;AAC1C,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAE3C;;GAEG;AACH,SAAS,QAAQ;IACf,OAAO,eAAe,CAAC;QACrB,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,MAAM,EAAE,OAAO,CAAC,MAAM;KACvB,CAAC,CAAA;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,QAAQ,CAAC,MAAc;IACrC,MAAM,EAAE,GAAG,QAAQ,EAAE,CAAA;IACrB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,EAAE;YAC7B,EAAE,CAAC,KAAK,EAAE,CAAA;YACV,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAA;QACxB,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,MAAM,GAAG,cAAc;IACpD,MAAM,EAAE,GAAG,QAAQ,EAAE,CAAA;IAErB,cAAc;IACd,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAA;IAC3B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAG5B;IAAC,KAAa,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;IAChC,KAAK,CAAC,MAAM,EAAE,CAAA;IACd,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAA;IAEzB,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;IAEpB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,IAAI,QAAQ,GAAG,EAAE,CAAA;QAEjB,MAAM,MAAM,GAAG,CAAC,IAAY,EAAE,EAAE;YAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;YAEnC,yBAAyB;YACzB,IAAI,QAAQ,KAAK,EAAE,IAAI,QAAQ,KAAK,CAAC,EAAE,CAAC;gBACtC,KAAK,CAAC,KAAK,EAAE,CAAA;gBACb,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CACnC;gBAAC,KAAa,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;gBACjC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;gBAClB,EAAE,CAAC,KAAK,EAAE,CAAA;gBACV,OAAO,CAAC,QAAQ,CAAC,CAAA;gBACjB,OAAM;YACR,CAAC;YAED,8BAA8B;YAC9B,IAAI,QAAQ,KAAK,GAAG,IAAI,QAAQ,KAAK,CAAC,EAAE,CAAC;gBACvC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACxB,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;gBAClC,CAAC;gBACD,OAAM;YACR,CAAC;YAED,aAAa;YACb,IAAI,QAAQ,KAAK,CAAC,EAAE,CAAC;gBACnB,KAAK,CAAC,KAAK,EAAE,CAAA;gBACb,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CACnC;gBAAC,KAAa,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;gBACjC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;gBACpB,EAAE,CAAC,KAAK,EAAE,CAAA;gBACV,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;gBACf,OAAM;YACR,CAAC;YAED,oBAAoB;YACpB,QAAQ,IAAI,IAAI,CAAA;QAClB,CAAC,CAAA;QAED,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC1B,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW;IACzB,OAAO,CAAC,GAAG,CAAC;;;CAGb,CAAC,CAAA;AACF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB;IAC9B,OAAO,CAAC,GAAG,CAAC;;;;;;;;;CASb,CAAC,CAAA;AACF,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,MAAc;IAC1C,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,GAAG,MAAM,UAAU,CAAC,CAAA;IAClD,OAAO,MAAM,CAAC,WAAW,EAAE,KAAK,GAAG,IAAI,MAAM,CAAC,WAAW,EAAE,KAAK,KAAK,CAAA;AACvE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,OAAO,CAAC,OAAe;IACrC,OAAO,CAAC,GAAG,CAAC,KAAK,OAAO,EAAE,CAAC,CAAA;AAC7B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,KAAK,CAAC,OAAe;IACnC,OAAO,CAAC,KAAK,CAAC,KAAK,OAAO,EAAE,CAAC,CAAA;AAC/B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,IAAI,CAAC,OAAe;IAClC,OAAO,CAAC,GAAG,CAAC,OAAO,OAAO,EAAE,CAAC,CAAA;AAC/B,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB;IACpC,MAAM,MAAM,GAAG,MAAM,cAAc,EAAE,CAAA;IAErC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;QACxB,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ;IAI5B,gBAAgB,EAAE,CAAA;IAElB,sBAAsB;IACtB,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,CAAA;IAC7B,MAAM,eAAe,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAA;IAE9C,kCAAkC;IAClC,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,aAAa,eAAe,KAAK,CAAC,CAAA;IAClE,MAAM,aAAa,GAAG,QAAQ,IAAI,eAAe,CAAA;IAEjD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IAEf,qBAAqB;IACrB,OAAO,IAAI,EAAE,CAAC;QACZ,MAAM,WAAW,GAAG,MAAM,QAAQ,CAAC,8CAA8C,CAAC,CAAA;QAElF,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,KAAK,CAAC,6DAA6D,CAAC,CAAA;YACpE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;YACf,SAAQ;QACV,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,QAAQ,CAAC,sBAAsB,CAAC,CAAA;QAE1D,IAAI,WAAW,KAAK,WAAW,EAAE,CAAC;YAChC,KAAK,CAAC,6CAA6C,CAAC,CAAA;YACpD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;YACf,SAAQ;QACV,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QACf,OAAO,EAAE,QAAQ,EAAE,aAAa,EAAE,UAAU,EAAE,WAAW,EAAE,CAAA;IAC7D,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAKjC;IACC,OAAO,CAAC,GAAG,CAAC;;;iBAGG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM;iBACrC,MAAM,CAAC,WAAW;EACjC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,kBAAkB,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE;iBACvC,MAAM,CAAC,WAAW;CAClC,CAAC,CAAA;AACF,CAAC"}

package/dist/Crypto.d.ts ADDED Viewed

@@ -0,0 +1,43 @@
+/**
+ * Crypto - AES-256-GCM encryption/decryption
+ *
+ * Uses Web Crypto API for encryption operations
+ */
+export interface EncryptedData {
+    iv: string;
+    ciphertext: string;
+    authTag: string;
+}
+export interface EncryptionResult {
+    encrypted: EncryptedData;
+    salt: string;
+}
+/**
+ * Derive encryption key from passphrase
+ */
+export declare function deriveKey(passphrase: string, salt: Uint8Array): Promise<CryptoKey>;
+/**
+ * Encrypt data
+ */
+export declare function encrypt(plaintext: string, passphrase: string): Promise<EncryptionResult>;
+/**
+ * Decrypt data
+ */
+export declare function decrypt(encrypted: EncryptedData, salt: string, passphrase: string): Promise<string>;
+/**
+ * Vault error class
+ */
+export declare class VaultError extends Error {
+    code: string;
+    cause?: Error | undefined;
+    constructor(code: string, message: string, cause?: Error | undefined);
+}
+/**
+ * Validate passphrase format
+ */
+export declare function validatePassphrase(passphrase: string): void;
+/**
+ * Generate random salt
+ */
+export declare function generateSalt(): string;
+//# sourceMappingURL=Crypto.d.ts.map

package/dist/Crypto.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"Crypto.d.ts","sourceRoot":"","sources":["../src/Crypto.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAQH,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAA;IACV,UAAU,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,MAAM,CAAA;CAChB;AAED,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,aAAa,CAAA;IACxB,IAAI,EAAE,MAAM,CAAA;CACb;AAED;;GAEG;AACH,wBAAsB,SAAS,CAC7B,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,UAAU,GACf,OAAO,CAAC,SAAS,CAAC,CAwBpB;AAED;;GAEG;AACH,wBAAsB,OAAO,CAC3B,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,gBAAgB,CAAC,CA+B3B;AAED;;GAEG;AACH,wBAAsB,OAAO,CAC3B,SAAS,EAAE,aAAa,EACxB,IAAI,EAAE,MAAM,EACZ,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,MAAM,CAAC,CAqCjB;AAED;;GAEG;AACH,qBAAa,UAAW,SAAQ,KAAK;IAE1B,IAAI,EAAE,MAAM;IAEZ,KAAK,CAAC,EAAE,KAAK;gBAFb,IAAI,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,EACR,KAAK,CAAC,EAAE,KAAK,YAAA;CAKvB;AAoCD;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAO3D;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI,MAAM,CAGrC"}

package/dist/Crypto.js ADDED Viewed

@@ -0,0 +1,136 @@
+/**
+ * Crypto - AES-256-GCM encryption/decryption
+ *
+ * Uses Web Crypto API for encryption operations
+ */
+const ENCRYPTION_ALGO = 'AES-GCM';
+const KEY_LENGTH = 256;
+const IV_LENGTH = 12;
+const SALT_LENGTH = 16;
+const ITERATIONS = 100000;
+/**
+ * Derive encryption key from passphrase
+ */
+export async function deriveKey(passphrase, salt) {
+    const encoder = new TextEncoder();
+    const passphraseBuffer = encoder.encode(passphrase);
+    const baseKey = await crypto.subtle.importKey('raw', passphraseBuffer, 'PBKDF2', false, ['deriveKey']);
+    return crypto.subtle.deriveKey({
+        name: 'PBKDF2',
+        salt: salt,
+        iterations: ITERATIONS,
+        hash: 'SHA-256',
+    }, baseKey, { name: ENCRYPTION_ALGO, length: KEY_LENGTH }, false, ['encrypt', 'decrypt']);
+}
+/**
+ * Encrypt data
+ */
+export async function encrypt(plaintext, passphrase) {
+    // Generate random salt and IV
+    const salt = crypto.getRandomValues(new Uint8Array(SALT_LENGTH));
+    const iv = crypto.getRandomValues(new Uint8Array(IV_LENGTH));
+    // Derive key
+    const key = await deriveKey(passphrase, salt);
+    // Encrypt
+    const encoder = new TextEncoder();
+    const plaintextBuffer = encoder.encode(plaintext);
+    const ciphertext = await crypto.subtle.encrypt({ name: ENCRYPTION_ALGO, iv }, key, plaintextBuffer);
+    // Extract auth tag (GCM mode: last 16 bytes is the tag)
+    const ciphertextArray = new Uint8Array(ciphertext);
+    const authTag = ciphertextArray.slice(-16);
+    const actualCiphertext = ciphertextArray.slice(0, -16);
+    return {
+        encrypted: {
+            iv: bufferToHex(iv),
+            ciphertext: bufferToBase64(actualCiphertext),
+            authTag: bufferToHex(authTag),
+        },
+        salt: bufferToHex(salt),
+    };
+}
+/**
+ * Decrypt data
+ */
+export async function decrypt(encrypted, salt, passphrase) {
+    try {
+        // Parse input
+        const iv = hexToBuffer(encrypted.iv);
+        const authTag = hexToBuffer(encrypted.authTag);
+        const ciphertext = base64ToBuffer(encrypted.ciphertext);
+        const saltBuffer = hexToBuffer(salt);
+        // Derive key
+        const key = await deriveKey(passphrase, saltBuffer);
+        // Reconstruct ciphertext (actual ciphertext + auth tag)
+        const combined = new Uint8Array(ciphertext.length + authTag.length);
+        combined.set(ciphertext);
+        combined.set(authTag, ciphertext.length);
+        // Decrypt
+        const decrypted = await crypto.subtle.decrypt({ name: ENCRYPTION_ALGO, iv }, key, combined);
+        const decoder = new TextDecoder();
+        return decoder.decode(decrypted);
+    }
+    catch (error) {
+        // Distinguish error types
+        if (error instanceof DOMException) {
+            if (error.name === 'OperationError') {
+                throw new VaultError('DECRYPTION_FAILED', 'Decryption failed: incorrect passphrase or corrupted data');
+            }
+        }
+        throw error;
+    }
+}
+/**
+ * Vault error class
+ */
+export class VaultError extends Error {
+    code;
+    cause;
+    constructor(code, message, cause) {
+        super(message);
+        this.code = code;
+        this.cause = cause;
+        this.name = 'VaultError';
+    }
+}
+// ============================================================================
+// Utility functions
+// ============================================================================
+function bufferToHex(buffer) {
+    return Array.from(buffer)
+        .map(b => b.toString(16).padStart(2, '0'))
+        .join('');
+}
+function hexToBuffer(hex) {
+    const cleanHex = hex.replace(/[^0-9a-fA-F]/g, '');
+    if (cleanHex.length % 2 !== 0) {
+        throw new VaultError('INVALID_HEX', 'Invalid hex string');
+    }
+    const pairs = cleanHex.match(/.{1,2}/g) || [];
+    return new Uint8Array(pairs.map(p => parseInt(p, 16)));
+}
+function bufferToBase64(buffer) {
+    const binary = Array.from(buffer)
+        .map(b => String.fromCharCode(b))
+        .join('');
+    return btoa(binary);
+}
+function base64ToBuffer(base64) {
+    const binary = atob(base64);
+    return new Uint8Array(Array.from(binary).map(c => c.charCodeAt(0)));
+}
+/**
+ * Validate passphrase format
+ */
+export function validatePassphrase(passphrase) {
+    if (!passphrase || passphrase.length < 8) {
+        throw new VaultError('INVALID_PASSPHRASE', 'Passphrase must be at least 8 characters');
+    }
+}
+/**
+ * Generate random salt
+ */
+export function generateSalt() {
+    const salt = crypto.getRandomValues(new Uint8Array(SALT_LENGTH));
+    return bufferToHex(salt);
+}
+//# sourceMappingURL=Crypto.js.map

package/dist/Crypto.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"Crypto.js","sourceRoot":"","sources":["../src/Crypto.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,eAAe,GAAG,SAAS,CAAA;AACjC,MAAM,UAAU,GAAG,GAAG,CAAA;AACtB,MAAM,SAAS,GAAG,EAAE,CAAA;AACpB,MAAM,WAAW,GAAG,EAAE,CAAA;AACtB,MAAM,UAAU,GAAG,MAAM,CAAA;AAazB;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,UAAkB,EAClB,IAAgB;IAEhB,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;IACjC,MAAM,gBAAgB,GAAG,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAA;IAEnD,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC3C,KAAK,EACL,gBAAgB,EAChB,QAAQ,EACR,KAAK,EACL,CAAC,WAAW,CAAC,CACd,CAAA;IAED,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAC5B;QACE,IAAI,EAAE,QAAQ;QACd,IAAI,EAAE,IAAI;QACV,UAAU,EAAE,UAAU;QACtB,IAAI,EAAE,SAAS;KAChB,EACD,OAAO,EACP,EAAE,IAAI,EAAE,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE,EAC7C,KAAK,EACL,CAAC,SAAS,EAAE,SAAS,CAAC,CACvB,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAC3B,SAAiB,EACjB,UAAkB;IAElB,8BAA8B;IAC9B,MAAM,IAAI,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,WAAW,CAAC,CAAC,CAAA;IAChE,MAAM,EAAE,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,CAAA;IAE5D,aAAa;IACb,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,CAAA;IAE7C,UAAU;IACV,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;IACjC,MAAM,eAAe,GAAG,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;IAEjD,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAC5C,EAAE,IAAI,EAAE,eAAe,EAAE,EAAE,EAAE,EAC7B,GAAG,EACH,eAAe,CAChB,CAAA;IAED,wDAAwD;IACxD,MAAM,eAAe,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,CAAA;IAClD,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAA;IAC1C,MAAM,gBAAgB,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAA;IAEtD,OAAO;QACL,SAAS,EAAE;YACT,EAAE,EAAE,WAAW,CAAC,EAAE,CAAC;YACnB,UAAU,EAAE,cAAc,CAAC,gBAAgB,CAAC;YAC5C,OAAO,EAAE,WAAW,CAAC,OAAO,CAAC;SAC9B;QACD,IAAI,EAAE,WAAW,CAAC,IAAI,CAAC;KACxB,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAC3B,SAAwB,EACxB,IAAY,EACZ,UAAkB;IAElB,IAAI,CAAC;QACH,cAAc;QACd,MAAM,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;QACpC,MAAM,OAAO,GAAG,WAAW,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;QAC9C,MAAM,UAAU,GAAG,cAAc,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;QACvD,MAAM,UAAU,GAAG,WAAW,CAAC,IAAI,CAAC,CAAA;QAEpC,aAAa;QACb,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,UAAU,CAAC,CAAA;QAEnD,wDAAwD;QACxD,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;QACnE,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QACxB,QAAQ,CAAC,GAAG,CAAC,OAAO,EAAE,UAAU,CAAC,MAAM,CAAC,CAAA;QAExC,UAAU;QACV,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAC3C,EAAE,IAAI,EAAE,eAAe,EAAE,EAAE,EAAE,EAC7B,GAAG,EACH,QAAQ,CACT,CAAA;QAED,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;QACjC,OAAO,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;IAClC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,0BAA0B;QAC1B,IAAI,KAAK,YAAY,YAAY,EAAE,CAAC;YAClC,IAAI,KAAK,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;gBACpC,MAAM,IAAI,UAAU,CAClB,mBAAmB,EACnB,2DAA2D,CAC5D,CAAA;YACH,CAAC;QACH,CAAC;QACD,MAAM,KAAK,CAAA;IACb,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,UAAW,SAAQ,KAAK;IAE1B;IAEA;IAHT,YACS,IAAY,EACnB,OAAe,EACR,KAAa;QAEpB,KAAK,CAAC,OAAO,CAAC,CAAA;QAJP,SAAI,GAAJ,IAAI,CAAQ;QAEZ,UAAK,GAAL,KAAK,CAAQ;QAGpB,IAAI,CAAC,IAAI,GAAG,YAAY,CAAA;IAC1B,CAAC;CACF;AAED,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E,SAAS,WAAW,CAAC,MAAkB;IACrC,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;SACtB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SACzC,IAAI,CAAC,EAAE,CAAC,CAAA;AACb,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAA;IACjD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,UAAU,CAClB,aAAa,EACb,oBAAoB,CACrB,CAAA;IACH,CAAC;IACD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,EAAE,CAAA;IAC7C,OAAO,IAAI,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAA;AACxD,CAAC;AAED,SAAS,cAAc,CAAC,MAAkB;IACxC,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;SAC9B,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;SAChC,IAAI,CAAC,EAAE,CAAC,CAAA;IACX,OAAO,IAAI,CAAC,MAAM,CAAC,CAAA;AACrB,CAAC;AAED,SAAS,cAAc,CAAC,MAAc;IACpC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAA;IAC3B,OAAO,IAAI,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;AACrE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,UAAkB;IACnD,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzC,MAAM,IAAI,UAAU,CAClB,oBAAoB,EACpB,0CAA0C,CAC3C,CAAA;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY;IAC1B,MAAM,IAAI,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,WAAW,CAAC,CAAC,CAAA;IAChE,OAAO,WAAW,CAAC,IAAI,CAAC,CAAA;AAC1B,CAAC"}