@scales-baby/nest-bridge 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 SCALES
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,120 @@
+# nest-bridge
+
+A local [MCP](https://modelcontextprotocol.io) bridge so your AI can read and write your end-to-end-encrypted [Nest](https://nest.scales.baby) data (people, companies, tasks, events) while Nest's servers only ever see ciphertext.
+
+The bridge runs **on your machine**. It unlocks your encryption key locally from your password, holds it in memory, and decrypts on read / encrypts on write right there. **Nest never receives your password, your key, or your plaintext** - only the already-encrypted blobs and your API key.
+
+```
+your AI  <--stdio MCP-->  nest-bridge (your machine)  <--HTTPS-->  nest.scales.baby
+                          |  decrypts on read         |
+                          |  encrypts on write        |  stores ciphertext only
+                          |  holds the key in memory  |
+```
+
+## Security model
+
+- Your **API key** and your **encryption password** stay on your machine. You supply them at runtime as environment variables (or, for the Claude Desktop connector, into your OS keychain).
+- The bridge fetches only your **password-wrapped key** (ciphertext plus the public salt) from Nest, derives your key locally with Argon2id, unwraps the key **locally**, and keeps it in memory.
+- **Reads** decrypt locally. **Writes** encrypt locally. The server stores only the encrypted blob with the plaintext columns blanked. Nest never receives the key, the password, or your plaintext.
+- The crypto is the **same WebCrypto + Argon2id (hash-wasm) code the Nest web app uses**, so reads and writes round-trip byte-for-byte with the browser. See `src/crypto/`.
+- **Your AI provider sees what it reads.** "Nest can't read your data" is not the same as "no one but you" once you connect an AI: the model you connect (Claude, OpenAI, etc.) sees the decrypted content the bridge returns to it. That is the point of connecting an AI. Mint a **read-only** key if you do not want it to write.
+- A **read-only** key cannot write; a **full-control** key can. The server enforces this independently of the bridge.
+
+This repository contains only the bridge and the client-side crypto. There is no server code, no database, and no secrets here.
+
+## Mint a key in Nest
+
+Open **Nest then Settings then Connect your AI** and create a key.
+
+- **Read-only** (the default) lets your AI read your data.
+- **Full control** also lets it create and update records.
+
+Copy the key when it is shown (it appears once). It looks like `nest_ab12cd34_...`.
+
+## Run it (npx)
+
+```bash
+NEST_API_KEY="nest_ab12cd34_..." \
+NEST_PASSWORD="your-encryption-password" \
+NEST_NON_INTERACTIVE=1 \
+npx @scales-baby/nest-bridge
+```
+
+The bridge fetches your wrapped key, unwraps it locally, and starts an MCP server on stdio. Point any MCP client at the same command.
+
+In a real interactive terminal you can omit `NEST_PASSWORD` and `NEST_NON_INTERACTIVE`; the bridge then prompts `Nest encryption password:` with hidden input.
+
+### Configuration (environment variables)
+
+| Var                    | Default                    | Notes                                              |
+| ---------------------- | -------------------------- | -------------------------------------------------- |
+| `NEST_API_KEY`         | (required)                 | Your scoped key from Nest.                          |
+| `NEST_PASSWORD`        | (prompt)                   | Set it to run non-interactively; else prompted.     |
+| `NEST_API_URL`         | `https://nest.scales.baby` | Override only to test against another instance.     |
+| `NEST_NON_INTERACTIVE` | (unset)                    | Set to `1` when launched by an app (no prompt).     |
+| `NEST_READ_ONLY`       | (unset)                    | Set to `1` to force read-only locally.              |
+
+If your account is not end-to-end encrypted, the bridge runs in pass-through mode and no password is needed.
+
+## Claude Desktop (one-click `.mcpb`)
+
+Build the connector bundle, then double-click it (or drag it onto Claude Desktop):
+
+```bash
+npm install
+npm run pack:mcpb     # produces dist/scales-nest.mcpb
+```
+
+Claude Desktop opens an install panel for "Nest by SCALES" and asks for your **Nest API key** and **Nest encryption password**. Both are marked sensitive, so Claude Desktop stores them in your OS keychain (macOS Keychain / Windows Credential Manager), not in a plain file. Leave **Nest URL** at its default and enable it.
+
+## Per-AI config snippets
+
+**Claude Code (CLI):**
+
+```bash
+claude mcp add nest \
+  --env NEST_API_KEY=nest_ab12cd34_... \
+  --env NEST_PASSWORD=your-encryption-password \
+  --env NEST_NON_INTERACTIVE=1 \
+  -- npx @scales-baby/nest-bridge
+```
+
+**OpenAI / any stdio MCP client (JSON):**
+
+```json
+{
+  "command": "npx",
+  "args": ["@scales-baby/nest-bridge"],
+  "env": {
+    "NEST_API_KEY": "nest_ab12cd34_...",
+    "NEST_PASSWORD": "your-encryption-password",
+    "NEST_NON_INTERACTIVE": "1"
+  }
+}
+```
+
+Note: OpenAI's **remote / hosted** MCP is metadata-only on encrypted accounts. Only the **local** bridge returns decrypted content, because decryption happens on your machine.
+
+## Tools
+
+People, Companies, Tasks, Events, each with `list_*`, `get_*`, `search_*`, `create_*`, `update_*`, plus `complete_task` and `get_digest`. 22 tools in all. Notes ride on the person / company / task / event they belong to.
+
+- **Reads** fetch ciphertext from Nest, decrypt locally, return plaintext to your AI.
+- **Writes** take your AI's plaintext, encrypt locally, send ciphertext to Nest.
+
+If you minted a read-only key, the write tools politely decline (and Nest enforces it on the server too).
+
+## Build from source
+
+```bash
+git clone https://github.com/scales-baby/nest-bridge.git
+cd nest-bridge
+npm install
+npm run build        # tsc → dist/
+npm test             # crypto round-trip proof
+npm start            # run the built bridge (needs the env above)
+```
+
+## License
+
+MIT. See [LICENSE](./LICENSE).

package/dist/crypto/contentSchema.js

@@ -0,0 +1,131 @@
+"use strict";
+// Nest encryption — the canonical encrypted-vs-cleartext field split per CRM
+// model. SINGLE SOURCE OF TRUTH for which fields get bundled into the `enc`
+// blob on write and hydrated back on read.
+//
+// HYBRID RULE: "content" fields (names, free text, handles, "what was said")
+// live ONLY inside the per-doc `enc` blob when the account is `encrypted`. The
+// "scheduling / structured metadata" fields stay CLEARTEXT top-level so the
+// server cron, digests, filters, sort, and pagination keep working without ever
+// holding a key.
+//
+// This module is environment-agnostic (no WebCrypto, no DOM).
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CONTENT_SCHEMA = void 0;
+exports.encryptedFields = encryptedFields;
+exports.searchKeys = searchKeys;
+// PERSON ----------------------------------------------------------------------
+// Encrypted: identity + relationship content (name/company label/role/how-met/
+// notes/social handles/next-action free text/tags plaintext copy).
+// Clear: scheduling + status + counts + refs (so digest/cron/filters work).
+const person = {
+    encrypted: [
+        "name",
+        "companyName",
+        "role",
+        "channelMet",
+        "notes",
+        "linkedin",
+        "twitter",
+        "telegram",
+        "nextAction",
+        "tags",
+    ],
+    searchKeys: ["name", "companyName", "role", "notes", "channelMet"],
+    clear: [
+        "userId",
+        "company", // ObjectId ref (not a name)
+        "status",
+        "lastContact",
+        "nextActionDate",
+        "reminderFiredAt",
+        "source",
+        "tagHashes",
+        "createdAt",
+        "updatedAt",
+    ],
+    blankWith: {
+        name: "",
+        companyName: "",
+        role: "",
+        channelMet: "",
+        notes: "",
+        linkedin: "",
+        twitter: "",
+        telegram: "",
+        nextAction: "",
+        tags: "[]",
+    },
+};
+// TASK ------------------------------------------------------------------------
+// Encrypted: title + body/notes (free text). Clear: due/status/priority/refs.
+const task = {
+    encrypted: ["title", "notes"],
+    searchKeys: ["title", "notes"],
+    clear: [
+        "userId",
+        "dueDate",
+        "status",
+        "priority",
+        "relatedPerson",
+        "relatedEvent",
+        "reminderFiredAt",
+        "createdAt",
+        "updatedAt",
+    ],
+    blankWith: { title: "", notes: "" },
+};
+// COMPANY / MERCHANT / EVENT / ROUTE -----------------------------------------
+// These carry mostly structured scheduling/operational metadata; the genuinely
+// free-text "notes" (and a couple of note-like fields) are the sensitive
+// content. We encrypt those and keep everything else cleartext so the event
+// calendar and route planning stay server-side.
+const company = {
+    encrypted: ["notes", "payrollFriction"],
+    searchKeys: ["notes", "payrollFriction"],
+    clear: ["name", "city", "category", "contactStatus", "tags", "tagHashes"],
+    blankWith: { notes: "", payrollFriction: "" },
+};
+const merchant = {
+    encrypted: ["notes", "qrShippingContact", "ownerName", "contactPerson", "contactInfo"],
+    searchKeys: ["notes"],
+    clear: ["name", "city", "visitStatus", "qrDeliveryStatus", "tags", "tagHashes"],
+    blankWith: {
+        notes: "",
+        qrShippingContact: "",
+        ownerName: "",
+        contactPerson: "",
+        contactInfo: "",
+    },
+};
+const event = {
+    encrypted: ["notes", "researchNotes"],
+    searchKeys: ["notes", "researchNotes"],
+    clear: ["title", "date", "city", "status", "tier", "tags", "tagHashes"],
+    blankWith: { notes: "", researchNotes: "" },
+};
+const route = {
+    // Route "notes" live per-stop; the top-level route has no single notes field,
+    // so for now the only top-level free text is none — keep the split declared so
+    // the engine can be extended to per-stop notes later without a schema change.
+    encrypted: [],
+    searchKeys: [],
+    clear: ["name", "city", "status", "date", "tags", "tagHashes"],
+    blankWith: {},
+};
+exports.CONTENT_SCHEMA = {
+    person,
+    task,
+    company,
+    merchant,
+    event,
+    route,
+};
+// Convenience: the encrypted field list for a model.
+function encryptedFields(model) {
+    return exports.CONTENT_SCHEMA[model].encrypted;
+}
+// Convenience: the fuzzy-search keys for a model.
+function searchKeys(model) {
+    return exports.CONTENT_SCHEMA[model].searchKeys;
+}

package/dist/crypto/crmData.js

@@ -0,0 +1,150 @@
+"use strict";
+// Nest encryption — the CRM data layer.
+//
+// The clean seam between the caller and the network: it hands the caller plain
+// records on read and accepts plain records on write, transparently doing the
+// client-side encrypt-on-write / decrypt-on-read when the account is
+// `encrypted` and unlocked. When the account is `unencrypted` it is a
+// pass-through (plaintext).
+//
+// HARD RULE: encryption/decryption is CLIENT-SIDE only. On an encrypted write
+// we strip the sensitive plaintext fields and send only the `enc` ciphertext
+// blob + cleartext scheduling metadata. The server never receives the DEK or
+// plaintext content.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hydrateRecord = hydrateRecord;
+exports.hydrateRecords = hydrateRecords;
+exports.encryptPayload = encryptPayload;
+exports.splitRecord = splitRecord;
+exports.buildWritePayload = buildWritePayload;
+const envelope_1 = require("./envelope");
+const contentSchema_1 = require("./contentSchema");
+// ---------------------------------------------------------------------------
+// READ: hydrate a stored record into a plain record for the caller.
+// ---------------------------------------------------------------------------
+// Decrypt one record's `enc` blob (if any) and merge the recovered sensitive
+// fields back on top of the cleartext metadata. No `enc` blob ⇒ pass-through
+// (the record is plaintext). Throws only if a present blob fails to decrypt
+// (wrong/missing DEK) — callers decide how to surface that.
+async function hydrateRecord(model, dek, record) {
+    if (!record.enc)
+        return record; // plaintext doc — nothing to do
+    if (!dek) {
+        // Encrypted doc but we have no key: return the record with the sensitive
+        // fields left at their blanked plaintext values rather than throwing, so a
+        // locked caller can still show scheduling rows ("3 follow-ups due").
+        return record;
+    }
+    const fields = await (0, envelope_1.decryptContent)(dek, record.enc);
+    const out = { ...record };
+    for (const key of contentSchema_1.CONTENT_SCHEMA[model].encrypted) {
+        if (key in fields)
+            out[key] = fields[key];
+    }
+    return out;
+}
+// Hydrate a whole list. Decrypt failures on individual rows are tolerated (that
+// row stays blanked) so one corrupt blob can't blank the entire view.
+//
+// `T` is intentionally loose (not constrained to StoredRecord) so callers can
+// pass their domain arrays (Person[], Task[], ...) without an index signature.
+// Each record is treated structurally as a StoredRecord internally.
+async function hydrateRecords(model, dek, records) {
+    return Promise.all(records.map(async (r) => {
+        try {
+            return (await hydrateRecord(model, dek, r));
+        }
+        catch {
+            return r;
+        }
+    }));
+}
+// Encrypt the sensitive subset of a plain payload under the DEK, returning a
+// wire payload with those plaintext fields blanked + an `enc` blob set. Because
+// `enc` is a single per-doc blob, any encrypted write MUST include the full
+// sensitive set — callers pass the merged full record (see buildWritePayload).
+async function encryptPayload(model, dek, fullSensitive, cleartext, dekVersion = 1) {
+    const spec = contentSchema_1.CONTENT_SCHEMA[model];
+    // Bundle every sensitive field (defaulting missing ones) so the single blob
+    // is always complete and self-consistent.
+    const bundle = {};
+    for (const key of spec.encrypted) {
+        bundle[key] = fullSensitive[key];
+    }
+    const enc = await (0, envelope_1.encryptContent)(dek, bundle, dekVersion);
+    // Start from the cleartext scheduling fields the caller wants to write.
+    const payload = { ...cleartext };
+    // Blank the plaintext columns for every encrypted field so the server stores
+    // no plaintext content.
+    for (const key of spec.encrypted) {
+        const blank = spec.blankWith[key];
+        payload[key] = blank === "[]" ? [] : blank ?? "";
+    }
+    payload.enc = enc;
+    payload.encMigrated = true;
+    return payload;
+}
+// Split a flat plain record into its sensitive vs cleartext halves by the model
+// schema. Helper for callers that hold one merged object.
+function splitRecord(model, record) {
+    const spec = contentSchema_1.CONTENT_SCHEMA[model];
+    const encSet = new Set(spec.encrypted);
+    const sensitive = {};
+    const clear = {};
+    for (const [k, v] of Object.entries(record)) {
+        if (encSet.has(k))
+            sensitive[k] = v;
+        else
+            clear[k] = v;
+    }
+    return { sensitive, clear };
+}
+// High-level write helper the data layer calls.
+//
+// `fullRecord` is the COMPLETE plain record (merge of the existing decrypted doc
+// + the user's edits) — used to assemble the complete sensitive blob, since
+// `enc` is one per-doc blob and a partial bundle would drop unchanged sensitive
+// fields.
+//
+// `changes` (optional) is the user's intended field changes only. When provided
+// on an encrypted write, ONLY its CLEARTEXT keys are sent alongside the blob —
+// so we don't echo back populated refs / _id / timestamps from the merged
+// record (which the server's patch schema would reject). When omitted,
+// `fullRecord` itself supplies the cleartext.
+//
+//   - encrypted account + dek  → encrypt sensitive into `enc`, blank plaintext,
+//                                send only the cleartext scheduling fields
+//   - otherwise                → pass the plain payload through unchanged
+async function buildWritePayload(model, opts, fullRecord, changes) {
+    if (!opts.encrypted || !opts.dek) {
+        // Unencrypted: send the user's payload plaintext exactly as before. Strip
+        // any stray enc housekeeping fields.
+        const src = changes ?? fullRecord;
+        const { enc: _enc, encMigrated: _m, tagHashes: _t, ...rest } = src;
+        void _enc;
+        void _m;
+        void _t;
+        return rest;
+    }
+    // Encrypted: full sensitive set from fullRecord; cleartext from `changes` if
+    // given (the user's edits), else from fullRecord.
+    const { sensitive } = splitRecord(model, fullRecord);
+    const { clear } = splitRecord(model, changes ?? fullRecord);
+    // Drop fields the patch schema can't take (refs as populated objects, _id,
+    // timestamps). We keep only primitive / id-string / array cleartext values.
+    const safeClear = {};
+    for (const [k, v] of Object.entries(clear)) {
+        if (k === "_id" || k === "createdAt" || k === "updatedAt")
+            continue;
+        if (v && typeof v === "object" && !Array.isArray(v)) {
+            // Populated ref object -> its id string (e.g. company:{_id,name} -> id).
+            const id = v._id;
+            if (id != null)
+                safeClear[k] = String(id);
+            // else drop non-id objects (dates arrive as ISO strings, not objects)
+            continue;
+        }
+        safeClear[k] = v;
+    }
+    return encryptPayload(model, opts.dek, sensitive, safeClear, opts.dekVersion ?? 1);
+}

package/dist/crypto/envelope.js

@@ -0,0 +1,60 @@
+"use strict";
+// Nest encryption — envelope wrap/unwrap + content helpers.
+//
+// THE ENVELOPE MODEL: one DEK per user, wrapped under a per-method KEK. This
+// module is method-agnostic — it takes a raw 256-bit KEK (whatever method
+// produced it) and wraps or unwraps the DEK with it. The KEK derivation itself
+// lives in crypto/kek/*.
+//
+// It also exposes the content encrypt/decrypt helpers the DATA LAYER uses to
+// encrypt CRM fields under the DEK.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.wrapDek = wrapDek;
+exports.unwrapDek = unwrapDek;
+exports.encryptContent = encryptContent;
+exports.decryptContent = decryptContent;
+const primitives_1 = require("./primitives");
+// ---------------------------------------------------------------------------
+// DEK wrap / unwrap (the envelope)
+// ---------------------------------------------------------------------------
+// Wrap the DEK under a method's KEK, producing the blob to POST to the server.
+async function wrapDek(kek, dek, meta) {
+    const blob = await (0, primitives_1.aesGcmEncrypt)(kek, dek);
+    return {
+        method: meta.method,
+        binding: meta.binding,
+        kdfSalt: meta.kdfSalt,
+        wrappedKey: blob.ct,
+        iv: blob.iv,
+        authTag: blob.tag,
+        kdf: meta.kdf,
+        dekVersion: meta.dekVersion ?? 1,
+        label: meta.label,
+    };
+}
+// Unwrap the DEK from a stored record using a freshly re-derived KEK. Throws on
+// a bad KEK (GCM tag mismatch) — that's the integrity check.
+async function unwrapDek(kek, record) {
+    const blob = {
+        iv: record.iv,
+        ct: record.wrappedKey,
+        tag: record.authTag,
+    };
+    return (0, primitives_1.aesGcmDecrypt)(kek, blob);
+}
+// Encrypt a CRM document's sensitive fields under the DEK. Caller passes a plain
+// object of the to-be-hidden fields; we JSON-serialise + AES-GCM it into one
+// `enc` blob (per-doc, not per-field, to minimise IV management).
+async function encryptContent(dek, fields, dekVersion = 1) {
+    const blob = await (0, primitives_1.aesGcmEncrypt)(dek, (0, primitives_1.utf8)(JSON.stringify(fields)));
+    return { v: dekVersion, iv: blob.iv, ct: blob.ct, tag: blob.tag };
+}
+// Decrypt an `enc` envelope back into the original fields object.
+async function decryptContent(dek, env) {
+    const bytes = await (0, primitives_1.aesGcmDecrypt)(dek, {
+        iv: env.iv,
+        ct: env.ct,
+        tag: env.tag,
+    });
+    return JSON.parse((0, primitives_1.fromUtf8)(bytes));
+}

package/dist/crypto/kek/password.js

@@ -0,0 +1,79 @@
+"use strict";
+// Nest encryption — password-derived KEK.
+//
+// The KEK is derived CLIENT-SIDE with Argon2id via hash-wasm (a portable WASM
+// build), so the password and the KEK never reach the server.
+//
+//   KEK = Argon2id(password, salt)   (32-byte output)
+//
+// We store ONLY the random salt + the Argon2 params (m/t/p) in the wrap record
+// so the same password re-derives the same KEK on any device. The password and
+// KEK are never persisted or transmitted.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ARGON2_PARAMS = void 0;
+exports.derivePasswordKekNew = derivePasswordKekNew;
+exports.derivePasswordKek = derivePasswordKek;
+exports.passwordWrapMeta = passwordWrapMeta;
+const hash_wasm_1 = require("hash-wasm");
+const primitives_1 = require("../primitives");
+// Argon2id params (m=64MB, t=3, p=1). Tunable later via the stored kdf
+// descriptor without breaking old wraps (each row carries its own params).
+exports.ARGON2_PARAMS = {
+    // hash-wasm takes memory in KiB; 64 MiB = 65536 KiB.
+    memorySizeKiB: 65536,
+    iterations: 3,
+    parallelism: 1,
+    hashLength: 32,
+};
+// Derive a NEW password KEK (registration / set-password). Generates a fresh
+// random 16-byte salt and returns the KEK + the descriptor to persist.
+async function derivePasswordKekNew(password) {
+    const salt = crypto.getRandomValues(new Uint8Array(16));
+    const kek = await runArgon2(password, salt);
+    return {
+        kek,
+        kdfSalt: (0, primitives_1.bytesToB64u)(salt),
+        kdf: {
+            alg: "argon2id",
+            m: exports.ARGON2_PARAMS.memorySizeKiB,
+            t: exports.ARGON2_PARAMS.iterations,
+            p: exports.ARGON2_PARAMS.parallelism,
+        },
+    };
+}
+// Re-derive an EXISTING password KEK at unlock time, using the stored salt
+// (and, if present, the stored params).
+async function derivePasswordKek(password, kdfSalt, kdf) {
+    const salt = (0, primitives_1.b64uToBytes)(kdfSalt);
+    return runArgon2(password, salt, kdf);
+}
+async function runArgon2(password, salt, kdf) {
+    const memorySize = typeof kdf?.m === "number" ? kdf.m : exports.ARGON2_PARAMS.memorySizeKiB;
+    const iterations = typeof kdf?.t === "number" ? kdf.t : exports.ARGON2_PARAMS.iterations;
+    const parallelism = typeof kdf?.p === "number" ? kdf.p : exports.ARGON2_PARAMS.parallelism;
+    const hex = await (0, hash_wasm_1.argon2id)({
+        password,
+        salt,
+        memorySize,
+        iterations,
+        parallelism,
+        hashLength: exports.ARGON2_PARAMS.hashLength,
+        outputType: "hex",
+    });
+    // hex -> bytes
+    const out = new Uint8Array(hex.length / 2);
+    for (let i = 0; i < out.length; i++) {
+        out[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);
+    }
+    return out;
+}
+// Binding + KDF descriptor to persist with a password-wrapped DEK. The binding
+// is the "password" sentinel (one password wrap per user).
+function passwordWrapMeta(result) {
+    return {
+        method: "password",
+        binding: "password",
+        kdfSalt: result.kdfSalt,
+        kdf: result.kdf,
+    };
+}