npm - @tuskydp/cli - Versions diffs - 0.3.0 → 0.4.0 - Mend

@tuskydp/cli 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (113) hide show

package/CHANGELOG.md +19 -0
package/dist/src/commands/account.d.ts.map +1 -1
package/dist/src/commands/account.js +0 -1
package/dist/src/commands/account.js.map +1 -1
package/dist/src/commands/auth.d.ts.map +1 -1
package/dist/src/commands/auth.js +8 -5
package/dist/src/commands/auth.js.map +1 -1
package/dist/src/commands/download.d.ts.map +1 -1
package/dist/src/commands/download.js +2 -59
package/dist/src/commands/download.js.map +1 -1
package/dist/src/commands/export.d.ts +5 -26
package/dist/src/commands/export.d.ts.map +1 -1
package/dist/src/commands/export.js +6 -46
package/dist/src/commands/export.js.map +1 -1
package/dist/src/commands/files.js +2 -2
package/dist/src/commands/files.js.map +1 -1
package/dist/src/commands/mcp.d.ts.map +1 -1
package/dist/src/commands/mcp.js +15 -9
package/dist/src/commands/mcp.js.map +1 -1
package/dist/src/commands/sui.d.ts +3 -0
package/dist/src/commands/sui.d.ts.map +1 -0
package/dist/src/commands/sui.js +64 -0
package/dist/src/commands/sui.js.map +1 -0
package/dist/src/commands/trash.js +1 -1
package/dist/src/commands/trash.js.map +1 -1
package/dist/src/commands/upload.d.ts.map +1 -1
package/dist/src/commands/upload.js +3 -49
package/dist/src/commands/upload.js.map +1 -1
package/dist/src/commands/vault.d.ts.map +1 -1
package/dist/src/commands/vault.js +2 -24
package/dist/src/commands/vault.js.map +1 -1
package/dist/src/config.d.ts +2 -2
package/dist/src/config.d.ts.map +1 -1
package/dist/src/config.js +2 -3
package/dist/src/config.js.map +1 -1
package/dist/src/index.js +2 -4
package/dist/src/index.js.map +1 -1
package/dist/src/lib/resolve.d.ts.map +1 -1
package/dist/src/lib/resolve.js +4 -5
package/dist/src/lib/resolve.js.map +1 -1
package/dist/src/mcp/context.d.ts +1 -9
package/dist/src/mcp/context.d.ts.map +1 -1
package/dist/src/mcp/context.js +1 -2
package/dist/src/mcp/context.js.map +1 -1
package/dist/src/mcp/server.d.ts.map +1 -1
package/dist/src/mcp/server.js +0 -58
package/dist/src/mcp/server.js.map +1 -1
package/dist/src/mcp/tools/account.d.ts.map +1 -1
package/dist/src/mcp/tools/account.js +1 -3
package/dist/src/mcp/tools/account.js.map +1 -1
package/dist/src/mcp/tools/files.d.ts +2 -3
package/dist/src/mcp/tools/files.d.ts.map +1 -1
package/dist/src/mcp/tools/files.js +18 -56
package/dist/src/mcp/tools/files.js.map +1 -1
package/dist/src/mcp/tools/vaults.js +2 -2
package/dist/src/mcp/tools/vaults.js.map +1 -1
package/dist/src/tui/files-panel.d.ts +0 -1
package/dist/src/tui/files-panel.d.ts.map +1 -1
package/dist/src/tui/files-panel.js +1 -2
package/dist/src/tui/files-panel.js.map +1 -1
package/dist/src/tui/index.d.ts.map +1 -1
package/dist/src/tui/index.js +7 -42
package/dist/src/tui/index.js.map +1 -1
package/dist/src/tui/overview.d.ts.map +1 -1
package/dist/src/tui/overview.js +2 -6
package/dist/src/tui/overview.js.map +1 -1
package/dist/src/tui/trash-screen.js +1 -1
package/dist/src/tui/trash-screen.js.map +1 -1
package/package.json +3 -3
package/src/__tests__/seal.test.ts +7 -54
package/src/commands/account.ts +0 -1
package/src/commands/auth.ts +7 -5
package/src/commands/download.ts +2 -63
package/src/commands/export.ts +7 -67
package/src/commands/files.ts +2 -2
package/src/commands/mcp.ts +16 -10
package/src/commands/sui.ts +69 -0
package/src/commands/trash.ts +1 -1
package/src/commands/upload.ts +3 -59
package/src/commands/vault.ts +2 -23
package/src/config.ts +3 -4
package/src/index.ts +2 -4
package/src/lib/resolve.ts +3 -4
package/src/mcp/context.ts +1 -11
package/src/mcp/server.ts +0 -69
package/src/mcp/tools/account.ts +1 -3
package/src/mcp/tools/files.ts +19 -70
package/src/mcp/tools/vaults.ts +3 -3
package/src/tui/files-panel.ts +1 -3
package/src/tui/index.ts +7 -51
package/src/tui/overview.ts +2 -5
package/src/tui/trash-screen.ts +1 -1
package/dist/src/commands/decrypt.d.ts +0 -15
package/dist/src/commands/decrypt.d.ts.map +0 -1
package/dist/src/commands/decrypt.js +0 -256
package/dist/src/commands/decrypt.js.map +0 -1
package/dist/src/commands/encryption.d.ts +0 -3
package/dist/src/commands/encryption.d.ts.map +0 -1
package/dist/src/commands/encryption.js +0 -254
package/dist/src/commands/encryption.js.map +0 -1
package/dist/src/crypto.d.ts +0 -32
package/dist/src/crypto.d.ts.map +0 -1
package/dist/src/crypto.js +0 -121
package/dist/src/crypto.js.map +0 -1
package/dist/src/lib/keyring.d.ts +0 -4
package/dist/src/lib/keyring.d.ts.map +0 -1
package/dist/src/lib/keyring.js +0 -49
package/dist/src/lib/keyring.js.map +0 -1
package/src/__tests__/crypto.test.ts +0 -315
package/src/commands/decrypt.ts +0 -309
package/src/commands/encryption.ts +0 -305
package/src/crypto.ts +0 -165
package/src/lib/keyring.ts +0 -50

package/dist/src/crypto.js DELETED Viewed

@@ -1,121 +0,0 @@
-import { createHash, createHmac, randomBytes, createCipheriv, createDecipheriv, pbkdf2Sync, } from 'crypto';
-const PBKDF2_ITERATIONS = 600_000;
-const AES_ALGO = 'aes-256-gcm';
-const VERIFIER_CONTEXT = 'tuskydp-key-verifier-v1';
-export function deriveMasterKey(passphrase, salt) {
-    return pbkdf2Sync(passphrase, salt, PBKDF2_ITERATIONS, 32, 'sha256');
-}
-export function computeVerifier(masterKey) {
-    return createHmac('sha256', masterKey)
-        .update(VERIFIER_CONTEXT)
-        .digest();
-}
-export function verifyPassphrase(masterKey, expectedVerifier) {
-    const computed = computeVerifier(masterKey);
-    if (computed.length !== expectedVerifier.length)
-        return false;
-    let diff = 0;
-    for (let i = 0; i < computed.length; i++)
-        diff |= computed[i] ^ expectedVerifier[i];
-    return diff === 0;
-}
-export function generateSalt() {
-    return randomBytes(16);
-}
-export function generateRecoveryKey() {
-    return randomBytes(32);
-}
-export function generateMasterKey() {
-    return randomBytes(32);
-}
-export function wrapMasterKey(masterKey, recoveryKey) {
-    const wrapIv = randomBytes(12);
-    const cipher = createCipheriv(AES_ALGO, recoveryKey, wrapIv);
-    const wrapped = Buffer.concat([cipher.update(masterKey), cipher.final()]);
-    const tag = cipher.getAuthTag();
-    return Buffer.concat([wrapIv, wrapped, tag]);
-}
-export function unwrapMasterKey(wrappedData, recoveryKey) {
-    const wrapIv = wrappedData.subarray(0, 12);
-    const wrapped = wrappedData.subarray(12, wrappedData.length - 16);
-    const tag = wrappedData.subarray(wrappedData.length - 16);
-    const decipher = createDecipheriv(AES_ALGO, recoveryKey, wrapIv);
-    decipher.setAuthTag(tag);
-    return Buffer.concat([decipher.update(wrapped), decipher.final()]);
-}
-export function encryptBuffer(plaintext, masterKey) {
-    // Hash plaintext
-    const plaintextChecksum = createHash('sha256').update(plaintext).digest('hex');
-    // Generate random per-file key and IV
-    const fileKey = randomBytes(32);
-    const fileIv = randomBytes(12);
-    // Encrypt file
-    const cipher = createCipheriv(AES_ALGO, fileKey, fileIv);
-    const encrypted = Buffer.concat([cipher.update(plaintext), cipher.final()]);
-    const authTag = cipher.getAuthTag();
-    const ciphertext = Buffer.concat([encrypted, authTag]);
-    // Wrap file key with master key
-    const wrapIv = randomBytes(12);
-    const wrapCipher = createCipheriv(AES_ALGO, masterKey, wrapIv);
-    const wrappedKeyData = Buffer.concat([wrapCipher.update(fileKey), wrapCipher.final()]);
-    const wrapTag = wrapCipher.getAuthTag();
-    const wrappedKeyFull = Buffer.concat([wrapIv, wrappedKeyData, wrapTag]);
-    return {
-        ciphertext,
-        wrappedKey: wrappedKeyFull.toString('base64'),
-        iv: fileIv.toString('base64'),
-        plaintextChecksum,
-    };
-}
-/**
- * Encrypt filename + MIME type together using master key (AES-256-GCM).
- * Format: base64([iv(12) | ciphertext | authTag(16)])
- */
-export function encryptMetadata(name, mimeType, masterKey) {
-    const plaintext = Buffer.from(JSON.stringify({ n: name, m: mimeType }), 'utf8');
-    const iv = randomBytes(12);
-    const cipher = createCipheriv(AES_ALGO, masterKey, iv);
-    const encrypted = Buffer.concat([cipher.update(plaintext), cipher.final()]);
-    const tag = cipher.getAuthTag();
-    return Buffer.concat([iv, encrypted, tag]).toString('base64');
-}
-/**
- * Decrypt an encryptedName blob produced by encryptMetadata.
- * Returns the original { name, mimeType }.
- */
-export function decryptMetadata(encryptedBase64, masterKey) {
-    const buf = Buffer.from(encryptedBase64, 'base64');
-    const iv = buf.subarray(0, 12);
-    const tag = buf.subarray(buf.length - 16);
-    const ciphertext = buf.subarray(12, buf.length - 16);
-    const decipher = createDecipheriv(AES_ALGO, masterKey, iv);
-    decipher.setAuthTag(tag);
-    const plaintext = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
-    return JSON.parse(plaintext.toString('utf8'));
-}
-export function decryptBuffer(ciphertext, wrappedKeyBase64, ivBase64, masterKey, expectedChecksum) {
-    // Unwrap file key
-    const wrappedKeyFull = Buffer.from(wrappedKeyBase64, 'base64');
-    const wrapIv = wrappedKeyFull.subarray(0, 12);
-    const wrappedKeyData = wrappedKeyFull.subarray(12, wrappedKeyFull.length - 16);
-    const wrapTag = wrappedKeyFull.subarray(wrappedKeyFull.length - 16);
-    const unwrapDecipher = createDecipheriv(AES_ALGO, masterKey, wrapIv);
-    unwrapDecipher.setAuthTag(wrapTag);
-    const fileKey = Buffer.concat([unwrapDecipher.update(wrappedKeyData), unwrapDecipher.final()]);
-    // Decrypt file
-    const fileIv = Buffer.from(ivBase64, 'base64');
-    const authTag = ciphertext.subarray(ciphertext.length - 16);
-    const encryptedData = ciphertext.subarray(0, ciphertext.length - 16);
-    const decipher = createDecipheriv(AES_ALGO, fileKey, fileIv);
-    decipher.setAuthTag(authTag);
-    const plaintext = Buffer.concat([decipher.update(encryptedData), decipher.final()]);
-    // Verify integrity
-    if (expectedChecksum) {
-        const actualChecksum = createHash('sha256').update(plaintext).digest('hex');
-        if (actualChecksum !== expectedChecksum) {
-            throw new Error('Integrity check failed — file may be corrupted');
-        }
-    }
-    return plaintext;
-}
-//# sourceMappingURL=crypto.js.map

package/dist/src/crypto.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/crypto.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,UAAU,EACV,UAAU,EACV,WAAW,EACX,cAAc,EACd,gBAAgB,EAChB,UAAU,GACX,MAAM,QAAQ,CAAC;AAShB,MAAM,iBAAiB,GAAG,OAAO,CAAC;AAClC,MAAM,QAAQ,GAAG,aAAsB,CAAC;AACxC,MAAM,gBAAgB,GAAG,yBAAyB,CAAC;AAEnD,MAAM,UAAU,eAAe,CAAC,UAAkB,EAAE,IAAY;IAC9D,OAAO,UAAU,CAAC,UAAU,EAAE,IAAI,EAAE,iBAAiB,EAAE,EAAE,EAAE,QAAQ,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,SAAiB;IAC/C,OAAO,UAAU,CAAC,QAAQ,EAAE,SAAS,CAAC;SACnC,MAAM,CAAC,gBAAgB,CAAC;SACxB,MAAM,EAAE,CAAC;AACd,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,SAAiB,EAAE,gBAAwB;IAC1E,MAAM,QAAQ,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;IAC5C,IAAI,QAAQ,CAAC,MAAM,KAAK,gBAAgB,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC9D,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,IAAI,IAAI,QAAQ,CAAC,CAAC,CAAC,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;IACpF,OAAO,IAAI,KAAK,CAAC,CAAC;AACpB,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,mBAAmB;IACjC,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,SAAiB,EAAE,WAAmB;IAClE,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,cAAc,CAAC,QAAQ,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;IAC7D,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC1E,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAChC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC;AAC/C,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,WAAmB,EAAE,WAAmB;IACtE,MAAM,MAAM,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,WAAW,CAAC,QAAQ,CAAC,EAAE,EAAE,WAAW,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IAClE,MAAM,GAAG,GAAG,WAAW,CAAC,QAAQ,CAAC,WAAW,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IAC1D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;IACjE,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACzB,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;AACrE,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,SAAiB,EAAE,SAAiB;IAMhE,iBAAiB;IACjB,MAAM,iBAAiB,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAE/E,sCAAsC;IACtC,MAAM,OAAO,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAChC,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAE/B,eAAe;IACf,MAAM,MAAM,GAAG,cAAc,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC5E,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IACpC,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;IAEvD,gCAAgC;IAChC,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAC/B,MAAM,UAAU,GAAG,cAAc,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;IAC/D,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,UAAU,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACvF,MAAM,OAAO,GAAG,UAAU,CAAC,UAAU,EAAE,CAAC;IACxC,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,cAAc,EAAE,OAAO,CAAC,CAAC,CAAC;IAExE,OAAO;QACL,UAAU;QACV,UAAU,EAAE,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC7C,EAAE,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC7B,iBAAiB;KAClB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,IAAY,EAAE,QAAgB,EAAE,SAAiB;IAC/E,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC;IAChF,MAAM,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAC3B,MAAM,MAAM,GAAG,cAAc,CAAC,QAAQ,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACvD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC5E,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAChC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAChE,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,eAAuB,EAAE,SAAiB;IACxE,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;IACnD,MAAM,EAAE,GAAG,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC/B,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IAC1C,MAAM,UAAU,GAAG,GAAG,CAAC,QAAQ,CAAC,EAAE,EAAE,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IACrD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IAC3D,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACzB,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACjF,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAa,CAAC;AAC5D,CAAC;AAED,MAAM,UAAU,aAAa,CAC3B,UAAkB,EAClB,gBAAwB,EACxB,QAAgB,EAChB,SAAiB,EACjB,gBAAyB;IAEzB,kBAAkB;IAClB,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAC;IAC/D,MAAM,MAAM,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC9C,MAAM,cAAc,GAAG,cAAc,CAAC,QAAQ,CAAC,EAAE,EAAE,cAAc,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IAC/E,MAAM,OAAO,GAAG,cAAc,CAAC,QAAQ,CAAC,cAAc,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IAEpE,MAAM,cAAc,GAAG,gBAAgB,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;IACrE,cAAc,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACnC,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE,cAAc,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAE/F,eAAe;IACf,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/C,MAAM,OAAO,GAAG,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IAC5D,MAAM,aAAa,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,EAAE,UAAU,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IAErE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAC7D,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAC7B,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,aAAa,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAEpF,mBAAmB;IACnB,IAAI,gBAAgB,EAAE,CAAC;QACrB,MAAM,cAAc,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5E,IAAI,cAAc,KAAK,gBAAgB,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/src/lib/keyring.d.ts DELETED Viewed

@@ -1,4 +0,0 @@
-export declare function storeMasterKey(masterKey: Buffer): void;
-export declare function loadMasterKey(): Buffer | null;
-export declare function clearSession(): void;
-//# sourceMappingURL=keyring.d.ts.map

package/dist/src/lib/keyring.d.ts.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"keyring.d.ts","sourceRoot":"","sources":["../../../src/lib/keyring.ts"],"names":[],"mappings":"AAcA,wBAAgB,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAStD;AAED,wBAAgB,aAAa,IAAI,MAAM,GAAG,IAAI,CAc7C;AAED,wBAAgB,YAAY,IAAI,IAAI,CAQnC"}

package/dist/src/lib/keyring.js DELETED Viewed

@@ -1,49 +0,0 @@
-import { readFileSync, writeFileSync, mkdirSync, existsSync, unlinkSync } from 'fs';
-import { join } from 'path';
-import { homedir } from 'os';
-import { createCipheriv, createDecipheriv, randomBytes, createHash } from 'crypto';
-const SESSION_DIR = join(homedir(), '.tusky');
-const SESSION_FILE = join(SESSION_DIR, 'session.enc');
-// Derive a machine-specific key from hostname + user
-function getMachineKey() {
-    const machineId = `${homedir()}-tusky-session-key`;
-    return createHash('sha256').update(machineId).digest();
-}
-export function storeMasterKey(masterKey) {
-    mkdirSync(SESSION_DIR, { recursive: true, mode: 0o700 });
-    const key = getMachineKey();
-    const iv = randomBytes(12);
-    const cipher = createCipheriv('aes-256-gcm', key, iv);
-    const encrypted = Buffer.concat([cipher.update(masterKey), cipher.final()]);
-    const tag = cipher.getAuthTag();
-    const data = Buffer.concat([iv, tag, encrypted]);
-    writeFileSync(SESSION_FILE, data, { mode: 0o600 });
-}
-export function loadMasterKey() {
-    if (!existsSync(SESSION_FILE))
-        return null;
-    try {
-        const data = readFileSync(SESSION_FILE);
-        const key = getMachineKey();
-        const iv = data.subarray(0, 12);
-        const tag = data.subarray(12, 28);
-        const encrypted = data.subarray(28);
-        const decipher = createDecipheriv('aes-256-gcm', key, iv);
-        decipher.setAuthTag(tag);
-        return Buffer.concat([decipher.update(encrypted), decipher.final()]);
-    }
-    catch {
-        return null;
-    }
-}
-export function clearSession() {
-    try {
-        if (existsSync(SESSION_FILE)) {
-            unlinkSync(SESSION_FILE);
-        }
-    }
-    catch {
-        // Ignore
-    }
-}
-//# sourceMappingURL=keyring.js.map

package/dist/src/lib/keyring.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"keyring.js","sourceRoot":"","sources":["../../../src/lib/keyring.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AACpF,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAC7B,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAEnF,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,CAAC;AAC9C,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;AAEtD,qDAAqD;AACrD,SAAS,aAAa;IACpB,MAAM,SAAS,GAAG,GAAG,OAAO,EAAE,oBAAoB,CAAC;IACnD,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE,CAAC;AACzD,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,SAAiB;IAC9C,SAAS,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACzD,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,MAAM,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAC3B,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IACtD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC5E,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAChC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;IACjD,aAAa,CAAC,YAAY,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AACrD,CAAC;AAED,MAAM,UAAU,aAAa;IAC3B,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC;QAAE,OAAO,IAAI,CAAC;IAC3C,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;QACxC,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;QAC5B,MAAM,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAChC,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAClC,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QACpC,MAAM,QAAQ,GAAG,gBAAgB,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QAC1D,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACzB,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACvE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,IAAI,CAAC;QACH,IAAI,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAC7B,UAAU,CAAC,YAAY,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;AACH,CAAC"}

package/src/__tests__/crypto.test.ts DELETED Viewed

@@ -1,315 +0,0 @@
-import { describe, it, expect } from 'vitest';
-import {
-  deriveMasterKey,
-  computeVerifier,
-  verifyPassphrase,
-  generateSalt,
-  generateMasterKey,
-  generateRecoveryKey,
-  wrapMasterKey,
-  unwrapMasterKey,
-  encryptBuffer,
-  decryptBuffer,
-} from '../crypto.js';
-describe('deriveMasterKey', () => {
-  it('produces deterministic 32-byte output', () => {
-    const salt = Buffer.from('a'.repeat(32), 'hex');
-    const key1 = deriveMasterKey('passphrase', salt);
-    const key2 = deriveMasterKey('passphrase', salt);
-    expect(key1).toEqual(key2);
-    expect(key1.length).toBe(32);
-  });
-  it('different passphrase produces different key', () => {
-    const salt = Buffer.from('a'.repeat(32), 'hex');
-    const key1 = deriveMasterKey('pass1', salt);
-    const key2 = deriveMasterKey('pass2', salt);
-    expect(key1).not.toEqual(key2);
-  });
-  it('different salt produces different key', () => {
-    const salt1 = Buffer.from('a'.repeat(32), 'hex');
-    const salt2 = Buffer.from('b'.repeat(32), 'hex');
-    const key1 = deriveMasterKey('pass', salt1);
-    const key2 = deriveMasterKey('pass', salt2);
-    expect(key1).not.toEqual(key2);
-  });
-});
-describe('computeVerifier / verifyPassphrase', () => {
-  it('verifier matches correct key', () => {
-    const key = generateMasterKey();
-    const verifier = computeVerifier(key);
-    expect(verifyPassphrase(key, verifier)).toBe(true);
-  });
-  it('verifier rejects wrong key', () => {
-    const key1 = generateMasterKey();
-    const key2 = generateMasterKey();
-    const verifier = computeVerifier(key1);
-    expect(verifyPassphrase(key2, verifier)).toBe(false);
-  });
-  it('verifier is 32 bytes (SHA-256)', () => {
-    const key = generateMasterKey();
-    const verifier = computeVerifier(key);
-    expect(verifier.length).toBe(32);
-  });
-});
-describe('generateSalt / generateMasterKey / generateRecoveryKey', () => {
-  it('generateSalt returns 16 bytes', () => {
-    expect(generateSalt().length).toBe(16);
-  });
-  it('generateMasterKey returns 32 bytes', () => {
-    expect(generateMasterKey().length).toBe(32);
-  });
-  it('generateRecoveryKey returns 32 bytes', () => {
-    expect(generateRecoveryKey().length).toBe(32);
-  });
-  it('generates different values each time', () => {
-    const a = generateSalt();
-    const b = generateSalt();
-    expect(a).not.toEqual(b);
-  });
-});
-describe('wrapMasterKey / unwrapMasterKey', () => {
-  it('round-trips successfully', () => {
-    const masterKey = generateMasterKey();
-    const recoveryKey = generateRecoveryKey();
-    const wrapped = wrapMasterKey(masterKey, recoveryKey);
-    const unwrapped = unwrapMasterKey(wrapped, recoveryKey);
-    expect(unwrapped).toEqual(masterKey);
-  });
-  it('wrong recovery key throws', () => {
-    const masterKey = generateMasterKey();
-    const recoveryKey = generateRecoveryKey();
-    const wrongKey = generateRecoveryKey();
-    const wrapped = wrapMasterKey(masterKey, recoveryKey);
-    expect(() => unwrapMasterKey(wrapped, wrongKey)).toThrow();
-  });
-});
-describe('encryptBuffer / decryptBuffer', () => {
-  it('round-trips successfully', () => {
-    const masterKey = generateMasterKey();
-    const plaintext = Buffer.from('Hello, TuskyDP!');
-    const { ciphertext, wrappedKey, iv, plaintextChecksum } = encryptBuffer(plaintext, masterKey);
-    const decrypted = decryptBuffer(ciphertext, wrappedKey, iv, masterKey, plaintextChecksum);
-    expect(decrypted).toEqual(plaintext);
-  });
-  it('wrong master key throws', () => {
-    const masterKey = generateMasterKey();
-    const wrongKey = generateMasterKey();
-    const plaintext = Buffer.from('secret data');
-    const { ciphertext, wrappedKey, iv } = encryptBuffer(plaintext, masterKey);
-    expect(() => decryptBuffer(ciphertext, wrappedKey, iv, wrongKey)).toThrow();
-  });
-  it('verifies checksum on corrupted data', () => {
-    const masterKey = generateMasterKey();
-    const plaintext = Buffer.from('important data');
-    const { ciphertext, wrappedKey, iv } = encryptBuffer(plaintext, masterKey);
-    // Pass a wrong checksum
-    expect(() => decryptBuffer(ciphertext, wrappedKey, iv, masterKey, 'wrong_checksum')).toThrow(
-      'Integrity check failed',
-    );
-  });
-  it('handles empty buffer', () => {
-    const masterKey = generateMasterKey();
-    const plaintext = Buffer.alloc(0);
-    const { ciphertext, wrappedKey, iv, plaintextChecksum } = encryptBuffer(plaintext, masterKey);
-    const decrypted = decryptBuffer(ciphertext, wrappedKey, iv, masterKey, plaintextChecksum);
-    expect(decrypted).toEqual(plaintext);
-  });
-  it('handles large buffer', () => {
-    const masterKey = generateMasterKey();
-    const plaintext = Buffer.alloc(1024 * 1024, 0xab); // 1 MB
-    const { ciphertext, wrappedKey, iv, plaintextChecksum } = encryptBuffer(plaintext, masterKey);
-    const decrypted = decryptBuffer(ciphertext, wrappedKey, iv, masterKey, plaintextChecksum);
-    expect(decrypted).toEqual(plaintext);
-  });
-  it('ciphertext is larger than plaintext (auth tag)', () => {
-    const masterKey = generateMasterKey();
-    const plaintext = Buffer.from('test');
-    const { ciphertext } = encryptBuffer(plaintext, masterKey);
-    expect(ciphertext.length).toBeGreaterThan(plaintext.length);
-  });
-});
-/**
- * Cross-platform interop test vectors.
- *
- * These tests use hardcoded inputs and expected outputs generated from Node.js crypto.
- * Any implementation (Rust, Python, Go, browser WebCrypto) of TuskyDP E2E encryption
- * MUST produce identical outputs for the same inputs.
- *
- * Algorithms:
- *   - deriveMasterKey: PBKDF2-SHA256, 600,000 iterations, 32-byte output
- *   - computeVerifier: HMAC-SHA256 with context string "tuskydp-key-verifier-v1"
- *   - wrapMasterKey/unwrapMasterKey: AES-256-GCM, 12-byte IV, 16-byte auth tag
- *     Wire format: [IV (12) | ciphertext (32) | authTag (16)] = 60 bytes
- *   - encryptBuffer/decryptBuffer: AES-256-GCM per-file key + AES-256-GCM key wrapping
- *     Ciphertext format: [encrypted data | authTag (16)]
- *     WrappedKey format (base64): [wrapIV (12) | wrapped fileKey (32) | wrapAuthTag (16)]
- */
-describe('cross-platform interop test vectors', () => {
-  // --- Test Vector Set 1 ---
-  const TV1 = {
-    passphrase: 'correct horse battery staple',
-    salt: '0102030405060708090a0b0c0d0e0f10',
-    derivedKey: '0008e69b89ffac1aa7bb1f44289ba65afaa711dd450f0aab6c322e4cd57bb216',
-    verifier: 'b15d5b00572798fd1f13667d790823b8756ba166c61cbdf99e2bbcfefa30baa6',
-  };
-  // --- Test Vector Set 2 ---
-  const TV2 = {
-    passphrase: 'hunter2',
-    salt: 'deadbeefcafebabe1234567890abcdef',
-    derivedKey: '0992dbbb89cef243b310b48482d8c73ed8389ee29fb1f5a25c70552f5f01c6b8',
-    verifier: '5387d9046eafd061d4473e2b87d885a325630b3ae4f2cb11b94d3cf3cd81b35e',
-  };
-  // --- Key wrapping vector ---
-  const WRAP_VECTOR = {
-    masterKey: '0011223344556677889900aabbccddeeff0011223344556677889900aabbccdd',
-    recoveryKey: 'aabbccddeeff00112233445566778899aabbccddeeff00112233445566778899',
-    // Pre-computed wrapped output (includes IV + ciphertext + authTag)
-    wrappedFull: 'AAECAwQFBgcICQoL5f88lTmbbm1t74wjfzEkZC6OBtte9PbLWIrK80jgH2CbiTyQ+3FYtoN2oaMj40Rg',
-  };
-  // --- File encryption vector ---
-  const ENCRYPT_VECTOR = {
-    plaintext: 'Hello, TuskyDP! This is a test vector for cross-platform interop.',
-    plaintextChecksum: 'dd543914f5d1af720f853daad21143e7b9376ea26c7c3e208390cafc223ea1f7',
-    masterKey: '0011223344556677889900aabbccddeeff0011223344556677889900aabbccdd',
-    // Pre-computed ciphertext (encrypted data + authTag)
-    ciphertext:
-      'B5MbJQBGzwGMbS9gj5V0xY2GoxzWGUx3ujkR2s9kRpmSIGKAt9pR8BE8VFc7X8Q0AcLukUQDy4R5MhryTj0rFWEGv4uS3WQzDizQDnYTe8uT',
-    // Pre-computed wrapped file key (wrapIV + wrapped + wrapAuthTag)
-    wrappedKey: 'FRQTEhEQEA8ODQwK5oDpgjZPzbX4cHXCntl3HkaI+jWLqmRv7cxPzoein4YMkzJn9PAt3Qf4RRMiP0Yl',
-    // File IV
-    iv: 'CgsMDQ4PEBESExQV',
-  };
-  describe('deriveMasterKey vectors', () => {
-    it('vector 1: "correct horse battery staple"', () => {
-      const salt = Buffer.from(TV1.salt, 'hex');
-      const key = deriveMasterKey(TV1.passphrase, salt);
-      expect(key.toString('hex')).toBe(TV1.derivedKey);
-    });
-    it('vector 2: "hunter2"', () => {
-      const salt = Buffer.from(TV2.salt, 'hex');
-      const key = deriveMasterKey(TV2.passphrase, salt);
-      expect(key.toString('hex')).toBe(TV2.derivedKey);
-    });
-  });
-  describe('computeVerifier vectors', () => {
-    it('vector 1: verifier from derived key 1', () => {
-      const masterKey = Buffer.from(TV1.derivedKey, 'hex');
-      const verifier = computeVerifier(masterKey);
-      expect(verifier.toString('hex')).toBe(TV1.verifier);
-    });
-    it('vector 2: verifier from derived key 2', () => {
-      const masterKey = Buffer.from(TV2.derivedKey, 'hex');
-      const verifier = computeVerifier(masterKey);
-      expect(verifier.toString('hex')).toBe(TV2.verifier);
-    });
-    it('verifyPassphrase accepts correct verifier', () => {
-      const masterKey = Buffer.from(TV1.derivedKey, 'hex');
-      const verifier = Buffer.from(TV1.verifier, 'hex');
-      expect(verifyPassphrase(masterKey, verifier)).toBe(true);
-    });
-    it('verifyPassphrase rejects wrong verifier', () => {
-      const masterKey = Buffer.from(TV1.derivedKey, 'hex');
-      const verifier = Buffer.from(TV2.verifier, 'hex');
-      expect(verifyPassphrase(masterKey, verifier)).toBe(false);
-    });
-  });
-  describe('unwrapMasterKey vector', () => {
-    it('unwraps pre-computed wrapped key to original master key', () => {
-      const recoveryKey = Buffer.from(WRAP_VECTOR.recoveryKey, 'hex');
-      const wrappedData = Buffer.from(WRAP_VECTOR.wrappedFull, 'base64');
-      const unwrapped = unwrapMasterKey(wrappedData, recoveryKey);
-      expect(unwrapped.toString('hex')).toBe(WRAP_VECTOR.masterKey);
-    });
-    it('wrapped data has correct wire format length (60 bytes)', () => {
-      const wrappedData = Buffer.from(WRAP_VECTOR.wrappedFull, 'base64');
-      // 12 (IV) + 32 (encrypted key) + 16 (auth tag) = 60
-      expect(wrappedData.length).toBe(60);
-    });
-  });
-  describe('decryptBuffer vector', () => {
-    it('decrypts pre-computed ciphertext to original plaintext', () => {
-      const masterKey = Buffer.from(ENCRYPT_VECTOR.masterKey, 'hex');
-      const ciphertext = Buffer.from(ENCRYPT_VECTOR.ciphertext, 'base64');
-      const decrypted = decryptBuffer(
-        ciphertext,
-        ENCRYPT_VECTOR.wrappedKey,
-        ENCRYPT_VECTOR.iv,
-        masterKey,
-        ENCRYPT_VECTOR.plaintextChecksum,
-      );
-      expect(decrypted.toString('utf8')).toBe(ENCRYPT_VECTOR.plaintext);
-    });
-    it('decrypts without checksum verification', () => {
-      const masterKey = Buffer.from(ENCRYPT_VECTOR.masterKey, 'hex');
-      const ciphertext = Buffer.from(ENCRYPT_VECTOR.ciphertext, 'base64');
-      const decrypted = decryptBuffer(
-        ciphertext,
-        ENCRYPT_VECTOR.wrappedKey,
-        ENCRYPT_VECTOR.iv,
-        masterKey,
-      );
-      expect(decrypted.toString('utf8')).toBe(ENCRYPT_VECTOR.plaintext);
-    });
-    it('rejects tampered ciphertext', () => {
-      const masterKey = Buffer.from(ENCRYPT_VECTOR.masterKey, 'hex');
-      const ciphertext = Buffer.from(ENCRYPT_VECTOR.ciphertext, 'base64');
-      // Flip one byte in the encrypted data
-      ciphertext[0] ^= 0xff;
-      expect(() =>
-        decryptBuffer(ciphertext, ENCRYPT_VECTOR.wrappedKey, ENCRYPT_VECTOR.iv, masterKey),
-      ).toThrow();
-    });
-    it('rejects tampered wrapped key', () => {
-      const masterKey = Buffer.from(ENCRYPT_VECTOR.masterKey, 'hex');
-      const ciphertext = Buffer.from(ENCRYPT_VECTOR.ciphertext, 'base64');
-      // Corrupt the wrapped key
-      const badWrappedKey = Buffer.from(ENCRYPT_VECTOR.wrappedKey, 'base64');
-      badWrappedKey[15] ^= 0xff;
-      expect(() =>
-        decryptBuffer(ciphertext, badWrappedKey.toString('base64'), ENCRYPT_VECTOR.iv, masterKey),
-      ).toThrow();
-    });
-    it('plaintextChecksum matches SHA-256 of plaintext', () => {
-      const { createHash } = require('crypto');
-      const expectedChecksum = createHash('sha256')
-        .update(Buffer.from(ENCRYPT_VECTOR.plaintext, 'utf8'))
-        .digest('hex');
-      expect(expectedChecksum).toBe(ENCRYPT_VECTOR.plaintextChecksum);
-    });
-  });
-});