@tuskydp/cli 0.2.1 → 0.4.0

package/dist/src/lib/keyring.d.ts

@@ -1,4 +0,0 @@
-export declare function storeMasterKey(masterKey: Buffer): void;
-export declare function loadMasterKey(): Buffer | null;
-export declare function clearSession(): void;
-//# sourceMappingURL=keyring.d.ts.map

package/dist/src/lib/keyring.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"keyring.d.ts","sourceRoot":"","sources":["../../../src/lib/keyring.ts"],"names":[],"mappings":"AAcA,wBAAgB,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAStD;AAED,wBAAgB,aAAa,IAAI,MAAM,GAAG,IAAI,CAc7C;AAED,wBAAgB,YAAY,IAAI,IAAI,CAQnC"}

package/dist/src/lib/keyring.js

@@ -1,49 +0,0 @@
-import { readFileSync, writeFileSync, mkdirSync, existsSync, unlinkSync } from 'fs';
-import { join } from 'path';
-import { homedir } from 'os';
-import { createCipheriv, createDecipheriv, randomBytes, createHash } from 'crypto';
-const SESSION_DIR = join(homedir(), '.tusky');
-const SESSION_FILE = join(SESSION_DIR, 'session.enc');
-// Derive a machine-specific key from hostname + user
-function getMachineKey() {
-    const machineId = `${homedir()}-tusky-session-key`;
-    return createHash('sha256').update(machineId).digest();
-}
-export function storeMasterKey(masterKey) {
-    mkdirSync(SESSION_DIR, { recursive: true, mode: 0o700 });
-    const key = getMachineKey();
-    const iv = randomBytes(12);
-    const cipher = createCipheriv('aes-256-gcm', key, iv);
-    const encrypted = Buffer.concat([cipher.update(masterKey), cipher.final()]);
-    const tag = cipher.getAuthTag();
-    const data = Buffer.concat([iv, tag, encrypted]);
-    writeFileSync(SESSION_FILE, data, { mode: 0o600 });
-}
-export function loadMasterKey() {
-    if (!existsSync(SESSION_FILE))
-        return null;
-    try {
-        const data = readFileSync(SESSION_FILE);
-        const key = getMachineKey();
-        const iv = data.subarray(0, 12);
-        const tag = data.subarray(12, 28);
-        const encrypted = data.subarray(28);
-        const decipher = createDecipheriv('aes-256-gcm', key, iv);
-        decipher.setAuthTag(tag);
-        return Buffer.concat([decipher.update(encrypted), decipher.final()]);
-    }
-    catch {
-        return null;
-    }
-}
-export function clearSession() {
-    try {
-        if (existsSync(SESSION_FILE)) {
-            unlinkSync(SESSION_FILE);
-        }
-    }
-    catch {
-        // Ignore
-    }
-}
-//# sourceMappingURL=keyring.js.map

package/dist/src/lib/keyring.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"keyring.js","sourceRoot":"","sources":["../../../src/lib/keyring.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AACpF,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAC7B,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAEnF,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,CAAC;AAC9C,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;AAEtD,qDAAqD;AACrD,SAAS,aAAa;IACpB,MAAM,SAAS,GAAG,GAAG,OAAO,EAAE,oBAAoB,CAAC;IACnD,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE,CAAC;AACzD,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,SAAiB;IAC9C,SAAS,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACzD,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,MAAM,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAC3B,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IACtD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC5E,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAChC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;IACjD,aAAa,CAAC,YAAY,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AACrD,CAAC;AAED,MAAM,UAAU,aAAa;IAC3B,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC;QAAE,OAAO,IAAI,CAAC;IAC3C,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;QACxC,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;QAC5B,MAAM,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAChC,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAClC,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QACpC,MAAM,QAAQ,GAAG,gBAAgB,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QAC1D,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACzB,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACvE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,IAAI,CAAC;QACH,IAAI,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAC7B,UAAU,CAAC,YAAY,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;AACH,CAAC"}

package/src/__tests__/crypto.test.ts

@@ -1,315 +0,0 @@
-import { describe, it, expect } from 'vitest';
-import {
-  deriveMasterKey,
-  computeVerifier,
-  verifyPassphrase,
-  generateSalt,
-  generateMasterKey,
-  generateRecoveryKey,
-  wrapMasterKey,
-  unwrapMasterKey,
-  encryptBuffer,
-  decryptBuffer,
-} from '../crypto.js';
-
-describe('deriveMasterKey', () => {
-  it('produces deterministic 32-byte output', () => {
-    const salt = Buffer.from('a'.repeat(32), 'hex');
-    const key1 = deriveMasterKey('passphrase', salt);
-    const key2 = deriveMasterKey('passphrase', salt);
-    expect(key1).toEqual(key2);
-    expect(key1.length).toBe(32);
-  });
-
-  it('different passphrase produces different key', () => {
-    const salt = Buffer.from('a'.repeat(32), 'hex');
-    const key1 = deriveMasterKey('pass1', salt);
-    const key2 = deriveMasterKey('pass2', salt);
-    expect(key1).not.toEqual(key2);
-  });
-
-  it('different salt produces different key', () => {
-    const salt1 = Buffer.from('a'.repeat(32), 'hex');
-    const salt2 = Buffer.from('b'.repeat(32), 'hex');
-    const key1 = deriveMasterKey('pass', salt1);
-    const key2 = deriveMasterKey('pass', salt2);
-    expect(key1).not.toEqual(key2);
-  });
-});
-
-describe('computeVerifier / verifyPassphrase', () => {
-  it('verifier matches correct key', () => {
-    const key = generateMasterKey();
-    const verifier = computeVerifier(key);
-    expect(verifyPassphrase(key, verifier)).toBe(true);
-  });
-
-  it('verifier rejects wrong key', () => {
-    const key1 = generateMasterKey();
-    const key2 = generateMasterKey();
-    const verifier = computeVerifier(key1);
-    expect(verifyPassphrase(key2, verifier)).toBe(false);
-  });
-
-  it('verifier is 32 bytes (SHA-256)', () => {
-    const key = generateMasterKey();
-    const verifier = computeVerifier(key);
-    expect(verifier.length).toBe(32);
-  });
-});
-
-describe('generateSalt / generateMasterKey / generateRecoveryKey', () => {
-  it('generateSalt returns 16 bytes', () => {
-    expect(generateSalt().length).toBe(16);
-  });
-
-  it('generateMasterKey returns 32 bytes', () => {
-    expect(generateMasterKey().length).toBe(32);
-  });
-
-  it('generateRecoveryKey returns 32 bytes', () => {
-    expect(generateRecoveryKey().length).toBe(32);
-  });
-
-  it('generates different values each time', () => {
-    const a = generateSalt();
-    const b = generateSalt();
-    expect(a).not.toEqual(b);
-  });
-});
-
-describe('wrapMasterKey / unwrapMasterKey', () => {
-  it('round-trips successfully', () => {
-    const masterKey = generateMasterKey();
-    const recoveryKey = generateRecoveryKey();
-    const wrapped = wrapMasterKey(masterKey, recoveryKey);
-    const unwrapped = unwrapMasterKey(wrapped, recoveryKey);
-    expect(unwrapped).toEqual(masterKey);
-  });
-
-  it('wrong recovery key throws', () => {
-    const masterKey = generateMasterKey();
-    const recoveryKey = generateRecoveryKey();
-    const wrongKey = generateRecoveryKey();
-    const wrapped = wrapMasterKey(masterKey, recoveryKey);
-    expect(() => unwrapMasterKey(wrapped, wrongKey)).toThrow();
-  });
-});
-
-describe('encryptBuffer / decryptBuffer', () => {
-  it('round-trips successfully', () => {
-    const masterKey = generateMasterKey();
-    const plaintext = Buffer.from('Hello, TuskyDP!');
-    const { ciphertext, wrappedKey, iv, plaintextChecksum } = encryptBuffer(plaintext, masterKey);
-    const decrypted = decryptBuffer(ciphertext, wrappedKey, iv, masterKey, plaintextChecksum);
-    expect(decrypted).toEqual(plaintext);
-  });
-
-  it('wrong master key throws', () => {
-    const masterKey = generateMasterKey();
-    const wrongKey = generateMasterKey();
-    const plaintext = Buffer.from('secret data');
-    const { ciphertext, wrappedKey, iv } = encryptBuffer(plaintext, masterKey);
-    expect(() => decryptBuffer(ciphertext, wrappedKey, iv, wrongKey)).toThrow();
-  });
-
-  it('verifies checksum on corrupted data', () => {
-    const masterKey = generateMasterKey();
-    const plaintext = Buffer.from('important data');
-    const { ciphertext, wrappedKey, iv } = encryptBuffer(plaintext, masterKey);
-    // Pass a wrong checksum
-    expect(() => decryptBuffer(ciphertext, wrappedKey, iv, masterKey, 'wrong_checksum')).toThrow(
-      'Integrity check failed',
-    );
-  });
-
-  it('handles empty buffer', () => {
-    const masterKey = generateMasterKey();
-    const plaintext = Buffer.alloc(0);
-    const { ciphertext, wrappedKey, iv, plaintextChecksum } = encryptBuffer(plaintext, masterKey);
-    const decrypted = decryptBuffer(ciphertext, wrappedKey, iv, masterKey, plaintextChecksum);
-    expect(decrypted).toEqual(plaintext);
-  });
-
-  it('handles large buffer', () => {
-    const masterKey = generateMasterKey();
-    const plaintext = Buffer.alloc(1024 * 1024, 0xab); // 1 MB
-    const { ciphertext, wrappedKey, iv, plaintextChecksum } = encryptBuffer(plaintext, masterKey);
-    const decrypted = decryptBuffer(ciphertext, wrappedKey, iv, masterKey, plaintextChecksum);
-    expect(decrypted).toEqual(plaintext);
-  });
-
-  it('ciphertext is larger than plaintext (auth tag)', () => {
-    const masterKey = generateMasterKey();
-    const plaintext = Buffer.from('test');
-    const { ciphertext } = encryptBuffer(plaintext, masterKey);
-    expect(ciphertext.length).toBeGreaterThan(plaintext.length);
-  });
-});
-
-/**
- * Cross-platform interop test vectors.
- *
- * These tests use hardcoded inputs and expected outputs generated from Node.js crypto.
- * Any implementation (Rust, Python, Go, browser WebCrypto) of TuskyDP E2E encryption
- * MUST produce identical outputs for the same inputs.
- *
- * Algorithms:
- *   - deriveMasterKey: PBKDF2-SHA256, 600,000 iterations, 32-byte output
- *   - computeVerifier: HMAC-SHA256 with context string "tuskydp-key-verifier-v1"
- *   - wrapMasterKey/unwrapMasterKey: AES-256-GCM, 12-byte IV, 16-byte auth tag
- *     Wire format: [IV (12) | ciphertext (32) | authTag (16)] = 60 bytes
- *   - encryptBuffer/decryptBuffer: AES-256-GCM per-file key + AES-256-GCM key wrapping
- *     Ciphertext format: [encrypted data | authTag (16)]
- *     WrappedKey format (base64): [wrapIV (12) | wrapped fileKey (32) | wrapAuthTag (16)]
- */
-describe('cross-platform interop test vectors', () => {
-  // --- Test Vector Set 1 ---
-  const TV1 = {
-    passphrase: 'correct horse battery staple',
-    salt: '0102030405060708090a0b0c0d0e0f10',
-    derivedKey: '0008e69b89ffac1aa7bb1f44289ba65afaa711dd450f0aab6c322e4cd57bb216',
-    verifier: 'b15d5b00572798fd1f13667d790823b8756ba166c61cbdf99e2bbcfefa30baa6',
-  };
-
-  // --- Test Vector Set 2 ---
-  const TV2 = {
-    passphrase: 'hunter2',
-    salt: 'deadbeefcafebabe1234567890abcdef',
-    derivedKey: '0992dbbb89cef243b310b48482d8c73ed8389ee29fb1f5a25c70552f5f01c6b8',
-    verifier: '5387d9046eafd061d4473e2b87d885a325630b3ae4f2cb11b94d3cf3cd81b35e',
-  };
-
-  // --- Key wrapping vector ---
-  const WRAP_VECTOR = {
-    masterKey: '0011223344556677889900aabbccddeeff0011223344556677889900aabbccdd',
-    recoveryKey: 'aabbccddeeff00112233445566778899aabbccddeeff00112233445566778899',
-    // Pre-computed wrapped output (includes IV + ciphertext + authTag)
-    wrappedFull: 'AAECAwQFBgcICQoL5f88lTmbbm1t74wjfzEkZC6OBtte9PbLWIrK80jgH2CbiTyQ+3FYtoN2oaMj40Rg',
-  };
-
-  // --- File encryption vector ---
-  const ENCRYPT_VECTOR = {
-    plaintext: 'Hello, TuskyDP! This is a test vector for cross-platform interop.',
-    plaintextChecksum: 'dd543914f5d1af720f853daad21143e7b9376ea26c7c3e208390cafc223ea1f7',
-    masterKey: '0011223344556677889900aabbccddeeff0011223344556677889900aabbccdd',
-    // Pre-computed ciphertext (encrypted data + authTag)
-    ciphertext:
-      'B5MbJQBGzwGMbS9gj5V0xY2GoxzWGUx3ujkR2s9kRpmSIGKAt9pR8BE8VFc7X8Q0AcLukUQDy4R5MhryTj0rFWEGv4uS3WQzDizQDnYTe8uT',
-    // Pre-computed wrapped file key (wrapIV + wrapped + wrapAuthTag)
-    wrappedKey: 'FRQTEhEQEA8ODQwK5oDpgjZPzbX4cHXCntl3HkaI+jWLqmRv7cxPzoein4YMkzJn9PAt3Qf4RRMiP0Yl',
-    // File IV
-    iv: 'CgsMDQ4PEBESExQV',
-  };
-
-  describe('deriveMasterKey vectors', () => {
-    it('vector 1: "correct horse battery staple"', () => {
-      const salt = Buffer.from(TV1.salt, 'hex');
-      const key = deriveMasterKey(TV1.passphrase, salt);
-      expect(key.toString('hex')).toBe(TV1.derivedKey);
-    });
-
-    it('vector 2: "hunter2"', () => {
-      const salt = Buffer.from(TV2.salt, 'hex');
-      const key = deriveMasterKey(TV2.passphrase, salt);
-      expect(key.toString('hex')).toBe(TV2.derivedKey);
-    });
-  });
-
-  describe('computeVerifier vectors', () => {
-    it('vector 1: verifier from derived key 1', () => {
-      const masterKey = Buffer.from(TV1.derivedKey, 'hex');
-      const verifier = computeVerifier(masterKey);
-      expect(verifier.toString('hex')).toBe(TV1.verifier);
-    });
-
-    it('vector 2: verifier from derived key 2', () => {
-      const masterKey = Buffer.from(TV2.derivedKey, 'hex');
-      const verifier = computeVerifier(masterKey);
-      expect(verifier.toString('hex')).toBe(TV2.verifier);
-    });
-
-    it('verifyPassphrase accepts correct verifier', () => {
-      const masterKey = Buffer.from(TV1.derivedKey, 'hex');
-      const verifier = Buffer.from(TV1.verifier, 'hex');
-      expect(verifyPassphrase(masterKey, verifier)).toBe(true);
-    });
-
-    it('verifyPassphrase rejects wrong verifier', () => {
-      const masterKey = Buffer.from(TV1.derivedKey, 'hex');
-      const verifier = Buffer.from(TV2.verifier, 'hex');
-      expect(verifyPassphrase(masterKey, verifier)).toBe(false);
-    });
-  });
-
-  describe('unwrapMasterKey vector', () => {
-    it('unwraps pre-computed wrapped key to original master key', () => {
-      const recoveryKey = Buffer.from(WRAP_VECTOR.recoveryKey, 'hex');
-      const wrappedData = Buffer.from(WRAP_VECTOR.wrappedFull, 'base64');
-      const unwrapped = unwrapMasterKey(wrappedData, recoveryKey);
-      expect(unwrapped.toString('hex')).toBe(WRAP_VECTOR.masterKey);
-    });
-
-    it('wrapped data has correct wire format length (60 bytes)', () => {
-      const wrappedData = Buffer.from(WRAP_VECTOR.wrappedFull, 'base64');
-      // 12 (IV) + 32 (encrypted key) + 16 (auth tag) = 60
-      expect(wrappedData.length).toBe(60);
-    });
-  });
-
-  describe('decryptBuffer vector', () => {
-    it('decrypts pre-computed ciphertext to original plaintext', () => {
-      const masterKey = Buffer.from(ENCRYPT_VECTOR.masterKey, 'hex');
-      const ciphertext = Buffer.from(ENCRYPT_VECTOR.ciphertext, 'base64');
-      const decrypted = decryptBuffer(
-        ciphertext,
-        ENCRYPT_VECTOR.wrappedKey,
-        ENCRYPT_VECTOR.iv,
-        masterKey,
-        ENCRYPT_VECTOR.plaintextChecksum,
-      );
-      expect(decrypted.toString('utf8')).toBe(ENCRYPT_VECTOR.plaintext);
-    });
-
-    it('decrypts without checksum verification', () => {
-      const masterKey = Buffer.from(ENCRYPT_VECTOR.masterKey, 'hex');
-      const ciphertext = Buffer.from(ENCRYPT_VECTOR.ciphertext, 'base64');
-      const decrypted = decryptBuffer(
-        ciphertext,
-        ENCRYPT_VECTOR.wrappedKey,
-        ENCRYPT_VECTOR.iv,
-        masterKey,
-      );
-      expect(decrypted.toString('utf8')).toBe(ENCRYPT_VECTOR.plaintext);
-    });
-
-    it('rejects tampered ciphertext', () => {
-      const masterKey = Buffer.from(ENCRYPT_VECTOR.masterKey, 'hex');
-      const ciphertext = Buffer.from(ENCRYPT_VECTOR.ciphertext, 'base64');
-      // Flip one byte in the encrypted data
-      ciphertext[0] ^= 0xff;
-      expect(() =>
-        decryptBuffer(ciphertext, ENCRYPT_VECTOR.wrappedKey, ENCRYPT_VECTOR.iv, masterKey),
-      ).toThrow();
-    });
-
-    it('rejects tampered wrapped key', () => {
-      const masterKey = Buffer.from(ENCRYPT_VECTOR.masterKey, 'hex');
-      const ciphertext = Buffer.from(ENCRYPT_VECTOR.ciphertext, 'base64');
-      // Corrupt the wrapped key
-      const badWrappedKey = Buffer.from(ENCRYPT_VECTOR.wrappedKey, 'base64');
-      badWrappedKey[15] ^= 0xff;
-      expect(() =>
-        decryptBuffer(ciphertext, badWrappedKey.toString('base64'), ENCRYPT_VECTOR.iv, masterKey),
-      ).toThrow();
-    });
-
-    it('plaintextChecksum matches SHA-256 of plaintext', () => {
-      const { createHash } = require('crypto');
-      const expectedChecksum = createHash('sha256')
-        .update(Buffer.from(ENCRYPT_VECTOR.plaintext, 'utf8'))
-        .digest('hex');
-      expect(expectedChecksum).toBe(ENCRYPT_VECTOR.plaintextChecksum);
-    });
-  });
-});

package/src/commands/decrypt.ts

@@ -1,276 +0,0 @@
-/**
- * `tusky decrypt` — Decrypt a file downloaded from Walrus.
- *
- * Works in two modes:
- *   1. With --export <manifest.json> — reads wrappedKey/iv from the export
- *      manifest, derives master key from passphrase + salt. Fully offline.
- *   2. Without --export — fetches encryption params from the Tusky API and
- *      looks up the file metadata by ID. Requires API access.
- *
- * In both modes, the passphrase is resolved from:
- *   --passphrase flag > TUSKYDP_PASSWORD env var > interactive prompt
- */
-
-import type { Command } from 'commander';
-import { readFileSync, writeFileSync, existsSync } from 'fs';
-import { resolve, basename } from 'path';
-import chalk from 'chalk';
-import inquirer from 'inquirer';
-import { getApiUrl, getApiKey } from '../config.js';
-import { createSDKClient } from '../sdk.js';
-import { createSpinner } from '../lib/progress.js';
-import { loadMasterKey } from '../lib/keyring.js';
-import {
-  deriveMasterKey,
-  verifyPassphrase,
-  unwrapMasterKey,
-  decryptBuffer,
-} from '../crypto.js';
-import type { ExportManifest, ExportedFile } from './export.js';
-
-// ---------------------------------------------------------------------------
-// Helpers
-// ---------------------------------------------------------------------------
-
-/**
- * Resolve the master key. Priority:
- *   1. Session keyring (~/.tusky/session.enc)
- *   2. Passphrase derivation (requires API or --salt/--encrypted-master-key)
- */
-async function resolveMasterKey(options: {
-  passphrase?: string;
-  salt?: string;
-  verifier?: string;
-  encryptedMasterKey?: string;
-}): Promise<Buffer> {
-  // Try session keyring first
-  const sessionKey = loadMasterKey();
-  if (sessionKey) return sessionKey;
-
-  // Need passphrase
-  let passphrase = options.passphrase ?? process.env.TUSKYDP_PASSWORD;
-  if (!passphrase) {
-    const answers = await inquirer.prompt([{
-      type: 'password',
-      name: 'passphrase',
-      message: 'Enter encryption passphrase:',
-      mask: '*',
-    }]);
-    passphrase = answers.passphrase as string;
-  }
-
-  if (!options.salt) {
-    throw new Error('Cannot derive master key: salt is required. Use --export with an export manifest, or ensure the Tusky API is accessible.');
-  }
-
-  const salt = Buffer.from(options.salt, 'base64');
-  const wrappingKey = deriveMasterKey(passphrase, salt);
-
-  // Verify if we have a verifier
-  if (options.verifier) {
-    const verifierBuf = Buffer.from(options.verifier, 'base64');
-    if (!verifyPassphrase(wrappingKey, verifierBuf)) {
-      throw new Error('Invalid passphrase.');
-    }
-  }
-
-  // Unwrap master key if account has one
-  if (options.encryptedMasterKey) {
-    return unwrapMasterKey(Buffer.from(options.encryptedMasterKey, 'base64'), wrappingKey);
-  }
-
-  // Legacy: wrapping key IS the master key
-  return wrappingKey;
-}
-
-// ---------------------------------------------------------------------------
-// Command registration
-// ---------------------------------------------------------------------------
-
-export function registerDecryptCommand(program: Command) {
-  program
-    .command('decrypt <encrypted-file>')
-    .description('Decrypt a file downloaded from Walrus using your encryption passphrase')
-    .option('-o, --output <path>', 'Output path for decrypted file')
-    .option('--file-id <id>', 'Tusky file ID (to look up wrappedKey/iv from API)')
-    .option('--export <path>', 'Path to tusky-export.json manifest (for offline decryption)')
-    .option('--passphrase <passphrase>', 'Encryption passphrase (also reads TUSKYDP_PASSWORD env var)')
-    .option('--wrapped-key <key>', 'Per-file wrapped key (base64, from export manifest)')
-    .option('--iv <iv>', 'Per-file encryption IV (base64, from export manifest)')
-    .option('--checksum <sha256>', 'Expected plaintext SHA-256 checksum (hex)')
-    .action(async (encryptedFile: string, options: {
-      output?: string;
-      fileId?: string;
-      export?: string;
-      passphrase?: string;
-      wrappedKey?: string;
-      iv?: string;
-      checksum?: string;
-    }) => {
-      const spinner = createSpinner('Preparing decryption...');
-      spinner.start();
-
-      try {
-        // Resolve the encrypted file
-        const inputPath = resolve(encryptedFile);
-        if (!existsSync(inputPath)) {
-          spinner.fail(`File not found: ${inputPath}`);
-          return;
-        }
-
-        let wrappedKey: string;
-        let iv: string;
-        let checksum: string | undefined = options.checksum;
-        let fileName: string = basename(inputPath).replace(/\.enc$/, '');
-        let encryptionParams: { salt?: string; verifier?: string; encryptedMasterKey?: string } = {};
-
-        // ── Mode 1: Export manifest ──────────────────────────────────
-        if (options.export) {
-          spinner.text = 'Reading export manifest...';
-          const manifestPath = resolve(options.export);
-          if (!existsSync(manifestPath)) {
-            spinner.fail(`Export manifest not found: ${manifestPath}`);
-            return;
-          }
-
-          const manifest: ExportManifest = JSON.parse(readFileSync(manifestPath, 'utf-8'));
-          let exportedFile: ExportedFile | undefined;
-
-          if (options.fileId) {
-            exportedFile = manifest.files.find((f) => f.fileId === options.fileId);
-          } else {
-            // Try to match by filename
-            const inputBase = basename(inputPath);
-            exportedFile = manifest.files.find((f) =>
-              f.name === inputBase || f.name === fileName,
-            );
-
-            if (!exportedFile && manifest.files.length === 1) {
-              exportedFile = manifest.files[0];
-            }
-          }
-
-          if (!exportedFile) {
-            spinner.fail(
-              options.fileId
-                ? `File ID ${options.fileId} not found in export manifest.`
-                : `Could not match "${basename(inputPath)}" to a file in the export manifest. Use --file-id to specify.`,
-            );
-            return;
-          }
-
-          if (!exportedFile.encrypted) {
-            spinner.fail(`File "${exportedFile.name}" is not encrypted (public vault). No decryption needed.`);
-            return;
-          }
-
-          if (!exportedFile.wrappedKey || !exportedFile.encryptionIv) {
-            spinner.fail(`File "${exportedFile.name}" is missing encryption metadata in the export.`);
-            return;
-          }
-
-          wrappedKey = exportedFile.wrappedKey;
-          iv = exportedFile.encryptionIv;
-          checksum = checksum ?? exportedFile.plaintextChecksumSha256 ?? undefined;
-          fileName = exportedFile.name;
-
-          // Read account-level encryption params from manifest
-          if (manifest.encryption) {
-            encryptionParams = {
-              salt: manifest.encryption.salt ?? undefined,
-              verifier: manifest.encryption.verifier ?? undefined,
-              encryptedMasterKey: manifest.encryption.encryptedMasterKey ?? undefined,
-            };
-          }
-
-        // ── Mode 2: Direct flags ─────────────────────────────────────
-        } else if (options.wrappedKey && options.iv) {
-          wrappedKey = options.wrappedKey;
-          iv = options.iv;
-
-        // ── Mode 3: Fetch from API ───────────────────────────────────
-        } else if (options.fileId) {
-          spinner.text = 'Fetching file metadata from API...';
-          const apiUrl = getApiUrl(program.opts().apiUrl);
-          const apiKey = getApiKey(program.opts().apiKey);
-          const sdk = createSDKClient(apiUrl, apiKey);
-
-          const file = await sdk.files.get(options.fileId);
-          if (!file.encrypted) {
-            spinner.fail('This file is not encrypted. No decryption needed.');
-            return;
-          }
-          if (!file.wrappedKey || !file.encryptionIv) {
-            spinner.fail('File is missing encryption metadata.');
-            return;
-          }
-
-          wrappedKey = file.wrappedKey;
-          iv = file.encryptionIv;
-          checksum = checksum ?? file.plaintextChecksumSha256 ?? undefined;
-          fileName = file.name;
-
-          // Also fetch encryption params for master key derivation
-          const params = await sdk.account.getEncryptionParams();
-          encryptionParams = {
-            salt: params.salt ?? undefined,
-            verifier: params.verifier ?? undefined,
-            encryptedMasterKey: params.encryptedMasterKey ?? undefined,
-          };
-
-        } else {
-          spinner.fail(
-            'Need encryption metadata. Use one of:\n' +
-            '  --export <manifest.json>          (offline, from tusky export)\n' +
-            '  --file-id <id>                    (online, fetches from API)\n' +
-            '  --wrapped-key <key> --iv <iv>     (manual, base64 values)',
-          );
-          return;
-        }
-
-        // If we don't have encryption params yet, try API
-        if (!encryptionParams.salt) {
-          try {
-            const apiUrl = getApiUrl(program.opts().apiUrl);
-            const apiKey = getApiKey(program.opts().apiKey);
-            const sdk = createSDKClient(apiUrl, apiKey);
-            const params = await sdk.account.getEncryptionParams();
-            encryptionParams = {
-              salt: params.salt ?? undefined,
-              verifier: params.verifier ?? undefined,
-              encryptedMasterKey: params.encryptedMasterKey ?? undefined,
-            };
-          } catch {
-            // API unavailable — that's ok if we have a session key
-          }
-        }
-
-        // Resolve master key
-        spinner.text = 'Deriving encryption key...';
-        const masterKey = await resolveMasterKey({
-          passphrase: options.passphrase,
-          ...encryptionParams,
-        });
-
-        // Read and decrypt
-        spinner.text = 'Decrypting...';
-        const ciphertext = readFileSync(inputPath);
-        const plaintext = decryptBuffer(ciphertext, wrappedKey, iv, masterKey, checksum);
-
-        // Write output
-        const outputPath = options.output ? resolve(options.output) : resolve(fileName);
-        writeFileSync(outputPath, plaintext);
-
-        spinner.succeed(`Decrypted -> ${outputPath} (${plaintext.length} bytes)`);
-
-        if (checksum) {
-          console.log(chalk.dim('  Integrity check passed (SHA-256)'));
-        }
-      } catch (err: any) {
-        spinner.fail(`Decryption failed: ${err.message}`);
-        if (err.message.includes('Unsupported state') || err.message.includes('auth tag')) {
-          console.log(chalk.dim('  This usually means the passphrase is incorrect or the file is corrupted.'));
-        }
-      }
-    });
-}