@routstr/cocod 0.0.16

package/src/utils/logger.test.ts

@@ -0,0 +1,82 @@
+import { afterEach, describe, expect, test } from "bun:test";
+import { mkdtemp, readFile, rm, stat } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+
+import { StructuredLogger } from "./logger";
+
+const tempDirs: string[] = [];
+
+afterEach(async () => {
+  while (tempDirs.length > 0) {
+    const dir = tempDirs.pop();
+    if (!dir) {
+      continue;
+    }
+
+    await rm(dir, { force: true, recursive: true });
+  }
+});
+
+describe("StructuredLogger", () => {
+  test("writes structured log entries and redacts sensitive fields", async () => {
+    const dir = await mkdtemp(join(tmpdir(), "cocod-logger-"));
+    tempDirs.push(dir);
+
+    const logFile = join(dir, "daemon.log");
+    const logger = new StructuredLogger({
+      logFile,
+      mirrorToConsole: false,
+      bindings: { component: "daemon" },
+    });
+
+    logger.info("wallet.unlock_requested", {
+      mintUrl: "https://mint.example.com/Bitcoin",
+      passphrase: "secret-passphrase",
+    });
+    await logger.flush();
+
+    const content = await readFile(logFile, "utf8");
+    const entry = JSON.parse(content.trim()) as Record<string, unknown>;
+
+    expect(entry.event).toBe("wallet.unlock_requested");
+    expect(entry.level).toBe("info");
+    expect(entry.component).toBe("daemon");
+    expect(entry.passphrase).toBe("[REDACTED]");
+    expect(entry.mintUrl).toBe("https://mint.example.com/Bitcoin");
+  });
+
+  test("rotates files and respects retention count", async () => {
+    const dir = await mkdtemp(join(tmpdir(), "cocod-logger-"));
+    tempDirs.push(dir);
+
+    const logFile = join(dir, "daemon.log");
+    const logger = new StructuredLogger({
+      logFile,
+      maxBytes: 250,
+      maxFiles: 2,
+      mirrorToConsole: false,
+    });
+
+    for (let index = 0; index < 12; index += 1) {
+      logger.info("rotation.test", {
+        index,
+        payload: "x".repeat(80),
+      });
+    }
+    await logger.flush();
+
+    const current = await stat(logFile);
+    const rotatedOne = await stat(`${logFile}.1`);
+    const rotatedTwo = await stat(`${logFile}.2`);
+
+    expect(current.size).toBeGreaterThan(0);
+    expect(rotatedOne.size).toBeGreaterThan(0);
+    expect(rotatedTwo.size).toBeGreaterThan(0);
+
+    const currentContent = await readFile(logFile, "utf8");
+    expect(currentContent).toContain('"index":11');
+
+    await expect(stat(`${logFile}.3`)).rejects.toThrow();
+  });
+});

package/src/utils/logger.ts

@@ -0,0 +1,359 @@
+import { appendFile, mkdir, rename, stat, unlink } from "node:fs/promises";
+import { dirname } from "node:path";
+
+import type { Logger } from "coco-cashu-core";
+
+import { LOG_FILE } from "./config.js";
+
+export type LogLevel = "error" | "warn" | "info" | "debug";
+
+export interface AppLogger extends Logger {
+  flush(): Promise<void>;
+}
+
+export interface StructuredLoggerOptions {
+  service?: string;
+  logFile?: string;
+  level?: LogLevel;
+  maxBytes?: number;
+  maxFiles?: number;
+  mirrorToConsole?: boolean;
+  bindings?: Record<string, unknown>;
+  sharedState?: LoggerSharedState;
+}
+
+interface LoggerSharedState {
+  queue: Promise<void>;
+  initialization?: Promise<void>;
+}
+
+const LOG_LEVEL_PRIORITY: Record<LogLevel, number> = {
+  error: 0,
+  warn: 1,
+  info: 2,
+  debug: 3,
+};
+
+const DEFAULT_MAX_BYTES = 5 * 1024 * 1024;
+const DEFAULT_MAX_FILES = 5;
+const DEFAULT_SERVICE = "cocod-daemon";
+const REDACTED_KEYS = new Set([
+  "authorization",
+  "encryptedMnemonic",
+  "invoice",
+  "mnemonic",
+  "passphrase",
+  "request",
+  "seed",
+  "token",
+  "xCashuHeader",
+]);
+
+const textEncoder = new TextEncoder();
+
+export class StructuredLogger implements AppLogger {
+  private readonly service: string;
+  private readonly logFile: string;
+  private readonly level: LogLevel;
+  private readonly maxBytes: number;
+  private readonly maxFiles: number;
+  private readonly mirrorToConsole: boolean;
+  private readonly bindings: Record<string, unknown>;
+  private readonly sharedState: LoggerSharedState;
+
+  constructor(options: StructuredLoggerOptions = {}) {
+    this.service = options.service ?? DEFAULT_SERVICE;
+    this.logFile = options.logFile ?? LOG_FILE;
+    this.level = options.level ?? "info";
+    this.maxBytes = options.maxBytes ?? DEFAULT_MAX_BYTES;
+    this.maxFiles = options.maxFiles ?? DEFAULT_MAX_FILES;
+    this.mirrorToConsole = options.mirrorToConsole ?? process.stdout.isTTY === true;
+    this.bindings = options.bindings ?? {};
+    this.sharedState = options.sharedState ?? { queue: Promise.resolve() };
+  }
+
+  error(message: string, ...meta: unknown[]): void {
+    this.enqueue("error", message, meta);
+  }
+
+  warn(message: string, ...meta: unknown[]): void {
+    this.enqueue("warn", message, meta);
+  }
+
+  info(message: string, ...meta: unknown[]): void {
+    this.enqueue("info", message, meta);
+  }
+
+  debug(message: string, ...meta: unknown[]): void {
+    this.enqueue("debug", message, meta);
+  }
+
+  log(level: LogLevel, message: string, ...meta: unknown[]): void {
+    this.enqueue(level, message, meta);
+  }
+
+  child(bindings: Record<string, unknown>): AppLogger {
+    return new StructuredLogger({
+      service: this.service,
+      logFile: this.logFile,
+      level: this.level,
+      maxBytes: this.maxBytes,
+      maxFiles: this.maxFiles,
+      mirrorToConsole: this.mirrorToConsole,
+      bindings: { ...this.bindings, ...bindings },
+      sharedState: this.sharedState,
+    });
+  }
+
+  async flush(): Promise<void> {
+    await this.sharedState.queue;
+  }
+
+  private shouldLog(level: LogLevel): boolean {
+    return LOG_LEVEL_PRIORITY[level] <= LOG_LEVEL_PRIORITY[this.level];
+  }
+
+  private enqueue(level: LogLevel, message: string, meta: unknown[]): void {
+    if (!this.shouldLog(level)) {
+      return;
+    }
+
+    const line = `${JSON.stringify(this.createEntry(level, message, meta))}\n`;
+    this.sharedState.queue = this.sharedState.queue
+      .then(async () => {
+        await this.ensureInitialized();
+        await this.rotateIfNeeded(line);
+        await appendFile(this.logFile, line, "utf8");
+
+        if (this.mirrorToConsole) {
+          this.writeToConsole(level, line);
+        }
+      })
+      .catch((error) => {
+        this.writeToConsole(
+          "error",
+          `${JSON.stringify({
+            ts: new Date().toISOString(),
+            level: "error",
+            service: this.service,
+            pid: process.pid,
+            event: "logger.write_failed",
+            error: serializeError(error),
+          })}\n`,
+        );
+      });
+  }
+
+  private async ensureInitialized(): Promise<void> {
+    if (!this.sharedState.initialization) {
+      this.sharedState.initialization = mkdir(dirname(this.logFile), { recursive: true }).then(
+        () => undefined,
+      );
+    }
+
+    await this.sharedState.initialization;
+  }
+
+  private async rotateIfNeeded(nextLine: string): Promise<void> {
+    const nextSize = textEncoder.encode(nextLine).byteLength;
+    const currentSize = await getFileSize(this.logFile);
+
+    if (currentSize === null || currentSize + nextSize <= this.maxBytes) {
+      return;
+    }
+
+    if (this.maxFiles < 1) {
+      await safeDelete(this.logFile);
+      return;
+    }
+
+    await safeDelete(`${this.logFile}.${this.maxFiles}`);
+
+    for (let index = this.maxFiles - 1; index >= 1; index -= 1) {
+      await safeRename(`${this.logFile}.${index}`, `${this.logFile}.${index + 1}`);
+    }
+
+    await safeRename(this.logFile, `${this.logFile}.1`);
+  }
+
+  private createEntry(level: LogLevel, message: string, meta: unknown[]): Record<string, unknown> {
+    const entry: Record<string, unknown> = {
+      ts: new Date().toISOString(),
+      level,
+      service: this.service,
+      pid: process.pid,
+      event: message,
+      ...sanitizeRecord(this.bindings),
+    };
+
+    const [fields, remainingMeta] = extractFields(meta);
+    Object.assign(entry, sanitizeRecord(fields));
+
+    if (remainingMeta.length > 0) {
+      entry.meta = remainingMeta.map((value) => sanitizeValue(value));
+    }
+
+    return entry;
+  }
+
+  private writeToConsole(level: LogLevel, line: string): void {
+    if (level === "error" || level === "warn") {
+      process.stderr.write(line);
+      return;
+    }
+
+    process.stdout.write(line);
+  }
+}
+
+export function createDaemonLogger(
+  options: Partial<StructuredLoggerOptions> = {},
+): StructuredLogger {
+  return new StructuredLogger({
+    service: DEFAULT_SERVICE,
+    logFile: options.logFile ?? LOG_FILE,
+    level: options.level ?? parseLogLevel(process.env.COCOD_LOG_LEVEL),
+    maxBytes:
+      options.maxBytes ?? parsePositiveInteger(process.env.COCOD_LOG_MAX_BYTES, DEFAULT_MAX_BYTES),
+    maxFiles:
+      options.maxFiles ?? parsePositiveInteger(process.env.COCOD_LOG_MAX_FILES, DEFAULT_MAX_FILES),
+    mirrorToConsole: options.mirrorToConsole,
+    bindings: options.bindings,
+  });
+}
+
+export function serializeError(error: unknown): Record<string, unknown> {
+  if (error instanceof Error) {
+    return {
+      name: error.name,
+      message: error.message,
+      stack: error.stack,
+      cause: error.cause === undefined ? undefined : sanitizeValue(error.cause),
+    };
+  }
+
+  return { message: String(error) };
+}
+
+function extractFields(meta: unknown[]): [Record<string, unknown>, unknown[]] {
+  if (meta.length === 1 && isPlainObject(meta[0])) {
+    return [meta[0], []];
+  }
+
+  return [{}, meta];
+}
+
+function sanitizeRecord(record: Record<string, unknown>): Record<string, unknown> {
+  const sanitized: Record<string, unknown> = {};
+
+  for (const [key, value] of Object.entries(record)) {
+    sanitized[key] = sanitizeValue(value, key);
+  }
+
+  return sanitized;
+}
+
+function sanitizeValue(value: unknown, key?: string, depth = 0): unknown {
+  if (key && REDACTED_KEYS.has(key)) {
+    return "[REDACTED]";
+  }
+
+  if (value instanceof Error) {
+    return serializeError(value);
+  }
+
+  if (depth >= 4) {
+    return "[Truncated]";
+  }
+
+  if (Array.isArray(value)) {
+    return value.map((item) => sanitizeValue(item, undefined, depth + 1));
+  }
+
+  if (isPlainObject(value)) {
+    const sanitized: Record<string, unknown> = {};
+
+    for (const [nestedKey, nestedValue] of Object.entries(value)) {
+      sanitized[nestedKey] = sanitizeValue(nestedValue, nestedKey, depth + 1);
+    }
+
+    return sanitized;
+  }
+
+  if (typeof value === "bigint") {
+    return value.toString();
+  }
+
+  if (value instanceof Uint8Array) {
+    return `[Uint8Array:${value.byteLength}]`;
+  }
+
+  return value;
+}
+
+function isPlainObject(value: unknown): value is Record<string, unknown> {
+  if (typeof value !== "object" || value === null || Array.isArray(value)) {
+    return false;
+  }
+
+  const prototype = Object.getPrototypeOf(value);
+  return prototype === Object.prototype || prototype === null;
+}
+
+function parseLogLevel(value: string | undefined): LogLevel {
+  switch (value) {
+    case "error":
+    case "warn":
+    case "info":
+    case "debug":
+      return value;
+    default:
+      return "info";
+  }
+}
+
+function parsePositiveInteger(value: string | undefined, fallback: number): number {
+  if (!value) {
+    return fallback;
+  }
+
+  const parsed = Number.parseInt(value, 10);
+  return Number.isFinite(parsed) && parsed > 0 ? parsed : fallback;
+}
+
+async function getFileSize(filePath: string): Promise<number | null> {
+  try {
+    const fileStat = await stat(filePath);
+    return fileStat.size;
+  } catch (error) {
+    if (isMissingFileError(error)) {
+      return null;
+    }
+
+    throw error;
+  }
+}
+
+async function safeRename(from: string, to: string): Promise<void> {
+  try {
+    await rename(from, to);
+  } catch (error) {
+    if (!isMissingFileError(error)) {
+      throw error;
+    }
+  }
+}
+
+async function safeDelete(filePath: string): Promise<void> {
+  try {
+    await unlink(filePath);
+  } catch (error) {
+    if (!isMissingFileError(error)) {
+      throw error;
+    }
+  }
+}
+
+function isMissingFileError(error: unknown): boolean {
+  return error instanceof Error && "code" in error && error.code === "ENOENT";
+}

package/src/utils/state.test.ts

@@ -0,0 +1,55 @@
+import { describe, expect, test } from "bun:test";
+
+import { DaemonStateManager } from "./state";
+
+describe("DaemonStateManager", () => {
+  test("transitions through states", () => {
+    const stateManager = new DaemonStateManager();
+
+    expect(stateManager.getState().status).toBe("UNINITIALIZED");
+
+    stateManager.setLocked("encrypted", "https://mint.example.com");
+    expect(stateManager.getState().status).toBe("LOCKED");
+
+    const fakeManager = {} as unknown as import("coco-cashu-core").Manager;
+    stateManager.setUnlocked(fakeManager, "https://mint.example.com", new Uint8Array([1, 2, 3]));
+    expect(stateManager.getState().status).toBe("UNLOCKED");
+
+    stateManager.setError("boom");
+    expect(stateManager.getState().status).toBe("ERROR");
+  });
+
+  test("requireUnlocked returns 403 when locked", async () => {
+    const stateManager = new DaemonStateManager();
+    stateManager.setLocked("encrypted", "https://mint.example.com");
+
+    const handler = stateManager.requireUnlocked(async () => {
+      return Response.json({ output: "ok" });
+    });
+
+    const response = await handler(
+      new Request("http://localhost/balance"),
+      stateManager.getState(),
+    );
+    const body = (await response.json()) as { error?: string };
+
+    expect(response.status).toBe(403);
+    expect(body.error).toContain("locked");
+  });
+
+  test("requireLocked returns 409 when already unlocked", async () => {
+    const stateManager = new DaemonStateManager();
+    const fakeManager = {} as unknown as import("coco-cashu-core").Manager;
+    stateManager.setUnlocked(fakeManager, "https://mint.example.com", new Uint8Array([1]));
+
+    const handler = stateManager.requireLocked(async () => {
+      return Response.json({ output: "ok" });
+    });
+
+    const response = await handler(new Request("http://localhost/unlock"), stateManager.getState());
+    const body = (await response.json()) as { error?: string };
+
+    expect(response.status).toBe(409);
+    expect(body.error).toContain("already unlocked");
+  });
+});

package/src/utils/state.ts

@@ -0,0 +1,128 @@
+import type { Manager } from "coco-cashu-core";
+
+export interface UninitializedState {
+  status: "UNINITIALIZED";
+}
+
+export interface LockedState {
+  status: "LOCKED";
+  encryptedMnemonic: string;
+  mintUrl: string;
+}
+
+export interface UnlockedState {
+  status: "UNLOCKED";
+  manager: Manager;
+  mintUrl: string;
+  seed: Uint8Array;
+}
+
+export interface ErrorState {
+  status: "ERROR";
+  message: string;
+}
+
+export type DaemonState = UninitializedState | LockedState | UnlockedState | ErrorState;
+
+export type RouteHandler = (req: Request, state: DaemonState) => Promise<Response>;
+
+export class DaemonStateManager {
+  private state: DaemonState;
+
+  constructor(initialState: DaemonState = { status: "UNINITIALIZED" }) {
+    this.state = initialState;
+  }
+
+  getState(): DaemonState {
+    return this.state;
+  }
+
+  isUnlocked(): this is { getState: () => UnlockedState } {
+    return this.state.status === "UNLOCKED";
+  }
+
+  isLocked(): this is { getState: () => LockedState } {
+    return this.state.status === "LOCKED";
+  }
+
+  isUninitialized(): boolean {
+    return this.state.status === "UNINITIALIZED";
+  }
+
+  setLocked(encryptedMnemonic: string, mintUrl: string): void {
+    this.state = { status: "LOCKED", encryptedMnemonic, mintUrl };
+  }
+
+  setUnlocked(manager: Manager, mintUrl: string, seed: Uint8Array): void {
+    this.state = { status: "UNLOCKED", manager, mintUrl, seed };
+  }
+
+  setUninitialized(): void {
+    this.state = { status: "UNINITIALIZED" };
+  }
+
+  setError(message: string): void {
+    this.state = { status: "ERROR", message };
+  }
+
+  requireUnlocked(
+    handler: (req: Request, state: UnlockedState) => Promise<Response>,
+  ): RouteHandler {
+    return async (req: Request, state: DaemonState) => {
+      if (state.status !== "UNLOCKED") {
+        if (state.status === "LOCKED") {
+          return Response.json(
+            {
+              error: "Wallet is locked. Run 'cocod unlock <passphrase>' to decrypt.",
+            },
+            { status: 403 },
+          );
+        }
+        if (state.status === "UNINITIALIZED") {
+          return Response.json(
+            {
+              error: "Wallet not initialized. Run 'cocod init [mnemonic]' first.",
+            },
+            { status: 503 },
+          );
+        }
+        return Response.json({ error: "Wallet error" }, { status: 500 });
+      }
+      return handler(req, state as UnlockedState);
+    };
+  }
+
+  requireUninitialized(handler: (req: Request) => Promise<Response>): RouteHandler {
+    return async (req: Request, state: DaemonState) => {
+      if (state.status !== "UNINITIALIZED") {
+        return Response.json(
+          {
+            error: "Wallet already initialized. Delete ~/.cocod/config.json to reset.",
+          },
+          { status: 409 },
+        );
+      }
+      return handler(req);
+    };
+  }
+
+  requireLocked(handler: (req: Request, state: LockedState) => Promise<Response>): RouteHandler {
+    return async (req: Request, state: DaemonState) => {
+      if (state.status !== "LOCKED") {
+        if (state.status === "UNINITIALIZED") {
+          return Response.json(
+            {
+              error: "Wallet not initialized. Run 'cocod init [mnemonic]' first.",
+            },
+            { status: 503 },
+          );
+        }
+        if (state.status === "UNLOCKED") {
+          return Response.json({ error: "Wallet is already unlocked" }, { status: 409 });
+        }
+        return Response.json({ error: "Wallet error" }, { status: 500 });
+      }
+      return handler(req, state as LockedState);
+    };
+  }
+}

package/src/utils/wallet.ts

@@ -0,0 +1,51 @@
+import { initializeCoco, ConsoleLogger, type Logger, type Manager } from "coco-cashu-core";
+import { SqliteRepositories } from "coco-cashu-sqlite-bun";
+import { Database } from "bun:sqlite";
+import { mnemonicToSeedSync } from "@scure/bip39";
+import { NPCPlugin } from "coco-cashu-plugin-npc";
+import { privateKeyFromSeedWords } from "nostr-tools/nip06";
+import { finalizeEvent, type EventTemplate } from "nostr-tools";
+import { decryptMnemonic } from "./crypto.js";
+import { SALT_FILE, DB_FILE } from "./config.js";
+import type { WalletConfig } from "./config.js";
+
+export async function initializeWallet(
+  config: WalletConfig,
+  passphrase?: string,
+  logger?: Logger,
+): Promise<Manager> {
+  let mnemonic: string;
+
+  if (config.encrypted) {
+    if (!passphrase) {
+      throw new Error("Passphrase required for encrypted wallet");
+    }
+    const salt = await Bun.file(SALT_FILE).text();
+    mnemonic = await decryptMnemonic(config.mnemonic, passphrase, salt);
+  } else {
+    mnemonic = config.mnemonic;
+  }
+
+  const seed = mnemonicToSeedSync(mnemonic);
+
+  const repo = new SqliteRepositories({ database: new Database(DB_FILE) });
+  const walletLogger = logger?.child?.({ component: "coco" }) ?? logger;
+  const cocoLogger = walletLogger ?? new ConsoleLogger("Coco", { level: "info" });
+  const sk = privateKeyFromSeedWords(mnemonic);
+  const signer = async (t: EventTemplate) => finalizeEvent(t, sk);
+  const npcPlugin = new NPCPlugin("https://npubx.cash", signer, {
+    useWebsocket: true,
+    logger: cocoLogger,
+  });
+  const coco = await initializeCoco({
+    repo,
+    seedGetter: async () => seed,
+    logger: cocoLogger,
+  });
+
+  coco.use(npcPlugin);
+
+  await coco.mint.addMint(config.mintUrl, { trusted: true });
+
+  return coco;
+}

package/tsconfig.json

@@ -0,0 +1,29 @@
+{
+  "compilerOptions": {
+    // Environment setup & latest features
+    "lib": ["ESNext"],
+    "target": "ESNext",
+    "module": "Preserve",
+    "moduleDetection": "force",
+    "jsx": "react-jsx",
+    "allowJs": true,
+
+    // Bundler mode
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "verbatimModuleSyntax": true,
+    "noEmit": true,
+
+    // Best practices
+    "strict": true,
+    "skipLibCheck": true,
+    "noFallthroughCasesInSwitch": true,
+    "noUncheckedIndexedAccess": true,
+    "noImplicitOverride": true,
+
+    // Some stricter flags (disabled by default)
+    "noUnusedLocals": false,
+    "noUnusedParameters": false,
+    "noPropertyAccessFromIndexSignature": false
+  }
+}