@vellumai/assistant 0.7.1 → 0.7.2

package/src/backup/__tests__/stream-crypt.test.ts

@@ -1,228 +0,0 @@
-import { randomBytes } from "node:crypto";
-import { mkdirSync, readFileSync, rmSync, writeFileSync } from "node:fs";
-import { open } from "node:fs/promises";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
-import { afterEach, beforeEach, describe, expect, test } from "bun:test";
-
-import {
-  decryptFile,
-  ENCRYPTED_HEADER_SIZE,
-  encryptFile,
-  GCM_TAG_SIZE,
-  verifyEncryptedFile,
-} from "../stream-crypt.js";
-
-// ---------------------------------------------------------------------------
-// Fixtures
-// ---------------------------------------------------------------------------
-
-let TEST_DIR: string;
-
-beforeEach(() => {
-  TEST_DIR = join(
-    tmpdir(),
-    `vellum-stream-crypt-test-${randomBytes(6).toString("hex")}`,
-  );
-  mkdirSync(TEST_DIR, { recursive: true });
-});
-
-afterEach(() => {
-  try {
-    rmSync(TEST_DIR, { recursive: true, force: true });
-  } catch {
-    // best-effort
-  }
-});
-
-function makeKey(seed: number): Buffer {
-  const buf = Buffer.alloc(32);
-  for (let i = 0; i < 32; i++) {
-    buf[i] = (seed + i) & 0xff;
-  }
-  return buf;
-}
-
-// ---------------------------------------------------------------------------
-// Tests
-// ---------------------------------------------------------------------------
-
-describe("stream-crypt", () => {
-  test("round-trips a 1 KB random file", async () => {
-    const key = randomBytes(32);
-    const plaintext = randomBytes(1024);
-    const plainPath = join(TEST_DIR, "plain.bin");
-    const encPath = join(TEST_DIR, "enc.bin");
-    const roundTripPath = join(TEST_DIR, "roundtrip.bin");
-
-    writeFileSync(plainPath, plaintext);
-    await encryptFile(plainPath, encPath, key);
-    await decryptFile(encPath, roundTripPath, key);
-
-    const result = readFileSync(roundTripPath);
-    expect(result.equals(plaintext)).toBe(true);
-
-    // Encrypted file has the IV + tag overhead
-    const encBytes = readFileSync(encPath);
-    expect(encBytes.length).toBe(
-      plaintext.length + ENCRYPTED_HEADER_SIZE + GCM_TAG_SIZE,
-    );
-  });
-
-  test("round-trips a 10 MB file (streaming across chunk boundaries)", async () => {
-    const key = randomBytes(32);
-    const size = 10 * 1024 * 1024;
-    const plaintext = randomBytes(size);
-    const plainPath = join(TEST_DIR, "plain.bin");
-    const encPath = join(TEST_DIR, "enc.bin");
-    const roundTripPath = join(TEST_DIR, "roundtrip.bin");
-
-    writeFileSync(plainPath, plaintext);
-    await encryptFile(plainPath, encPath, key);
-    await decryptFile(encPath, roundTripPath, key);
-
-    const result = readFileSync(roundTripPath);
-    expect(result.length).toBe(size);
-    expect(result.equals(plaintext)).toBe(true);
-  });
-
-  test("auth tag verification: flipping a byte in the ciphertext causes decrypt to throw", async () => {
-    const key = randomBytes(32);
-    const plaintext = randomBytes(2048);
-    const plainPath = join(TEST_DIR, "plain.bin");
-    const encPath = join(TEST_DIR, "enc.bin");
-    const outPath = join(TEST_DIR, "out.bin");
-
-    writeFileSync(plainPath, plaintext);
-    await encryptFile(plainPath, encPath, key);
-
-    // Flip one byte somewhere in the middle of the ciphertext body
-    // (not in the IV header or the trailing auth tag).
-    const ciphertextByteOffset =
-      ENCRYPTED_HEADER_SIZE + Math.floor(plaintext.length / 2);
-    const fh = await open(encPath, "r+");
-    try {
-      const one = Buffer.alloc(1);
-      await fh.read(one, 0, 1, ciphertextByteOffset);
-      one[0] = one[0] ^ 0xff;
-      await fh.write(one, 0, 1, ciphertextByteOffset);
-    } finally {
-      await fh.close();
-    }
-
-    await expect(decryptFile(encPath, outPath, key)).rejects.toThrow();
-  });
-
-  test("decrypting with the wrong key throws", async () => {
-    const keyA = makeKey(1);
-    const keyB = makeKey(99);
-    const plaintext = randomBytes(4096);
-    const plainPath = join(TEST_DIR, "plain.bin");
-    const encPath = join(TEST_DIR, "enc.bin");
-    const outPath = join(TEST_DIR, "out.bin");
-
-    writeFileSync(plainPath, plaintext);
-    await encryptFile(plainPath, encPath, keyA);
-
-    await expect(decryptFile(encPath, outPath, keyB)).rejects.toThrow();
-  });
-
-  test("passing a 16-byte key throws the typed error", async () => {
-    const badKey = randomBytes(16);
-    const plainPath = join(TEST_DIR, "plain.bin");
-    const encPath = join(TEST_DIR, "enc.bin");
-
-    writeFileSync(plainPath, Buffer.from("hello world", "utf-8"));
-
-    await expect(encryptFile(plainPath, encPath, badKey)).rejects.toThrow(
-      "Backup encryption key must be 32 bytes",
-    );
-  });
-
-  test("IV uniqueness: encrypting the same file twice yields different outputs", async () => {
-    const key = randomBytes(32);
-    const plaintext = randomBytes(4096);
-    const plainPath = join(TEST_DIR, "plain.bin");
-    const encPathA = join(TEST_DIR, "enc-a.bin");
-    const encPathB = join(TEST_DIR, "enc-b.bin");
-
-    writeFileSync(plainPath, plaintext);
-    await encryptFile(plainPath, encPathA, key);
-    await encryptFile(plainPath, encPathB, key);
-
-    const a = readFileSync(encPathA);
-    const b = readFileSync(encPathB);
-
-    expect(a.equals(b)).toBe(false);
-    // The first 12 bytes are the IV — they must differ with overwhelming
-    // probability (collision chance is 1/2^96 for random 12-byte IVs).
-    expect(
-      a.subarray(0, ENCRYPTED_HEADER_SIZE).equals(
-        b.subarray(0, ENCRYPTED_HEADER_SIZE),
-      ),
-    ).toBe(false);
-  });
-
-  test("verifyEncryptedFile returns true for a valid bundle and false for a tampered one", async () => {
-    const key = randomBytes(32);
-    const plaintext = randomBytes(1024);
-    const plainPath = join(TEST_DIR, "plain.bin");
-    const encPath = join(TEST_DIR, "enc.bin");
-
-    writeFileSync(plainPath, plaintext);
-    await encryptFile(plainPath, encPath, key);
-
-    expect(await verifyEncryptedFile(encPath, key)).toBe(true);
-
-    // Tamper the ciphertext and re-verify
-    const fh = await open(encPath, "r+");
-    try {
-      const flipOffset = ENCRYPTED_HEADER_SIZE + 10;
-      const one = Buffer.alloc(1);
-      await fh.read(one, 0, 1, flipOffset);
-      one[0] = one[0] ^ 0x01;
-      await fh.write(one, 0, 1, flipOffset);
-    } finally {
-      await fh.close();
-    }
-
-    expect(await verifyEncryptedFile(encPath, key)).toBe(false);
-  });
-
-  test("verifyEncryptedFile returns true for a valid bundle even when tmpdir is unwritable", async () => {
-    const key = randomBytes(32);
-    const plaintext = randomBytes(2048);
-    const plainPath = join(TEST_DIR, "plain.bin");
-    const encPath = join(TEST_DIR, "enc.bin");
-
-    writeFileSync(plainPath, plaintext);
-    await encryptFile(plainPath, encPath, key);
-
-    // Point tmpdir at a path that cannot be written to. The implementation
-    // must authenticate the bundle without writing any scratch file — a full
-    // or read-only /tmp must not block restore for healthy backups.
-    const originalTmpdir = process.env.TMPDIR;
-    const originalTmp = process.env.TMP;
-    const originalTemp = process.env.TEMP;
-    process.env.TMPDIR = "/dev/null/does-not-exist";
-    process.env.TMP = "/dev/null/does-not-exist";
-    process.env.TEMP = "/dev/null/does-not-exist";
-    try {
-      expect(await verifyEncryptedFile(encPath, key)).toBe(true);
-    } finally {
-      if (originalTmpdir === undefined) delete process.env.TMPDIR;
-      else process.env.TMPDIR = originalTmpdir;
-      if (originalTmp === undefined) delete process.env.TMP;
-      else process.env.TMP = originalTmp;
-      if (originalTemp === undefined) delete process.env.TEMP;
-      else process.env.TEMP = originalTemp;
-    }
-  });
-
-  test("verifyEncryptedFile rethrows filesystem errors (e.g. ENOENT) instead of masking them as tamper", async () => {
-    const key = randomBytes(32);
-    const missingPath = join(TEST_DIR, "does-not-exist.bin");
-
-    await expect(verifyEncryptedFile(missingPath, key)).rejects.toThrow();
-  });
-});

package/src/backup/backup-key.ts

@@ -1,137 +0,0 @@
-/**
- * Backup key management.
- *
- * The backup key is a 32-byte random secret used to authenticate / encrypt
- * workspace backups. It is generated once per install and persisted to disk
- * so subsequent backup/restore operations reuse the same key.
- *
- * This module is intentionally pure: callers pass the full `keyPath` rather
- * than resolving a default location. That keeps the helpers trivially
- * testable against temp directories and avoids any coupling to daemon
- * startup, workspace layout, or global path helpers.
- *
- * On-disk invariants:
- * - Parent directory is created with mode `0o700`.
- * - Key file is written atomically (temp + `link`) with mode `0o600`, so
- *   concurrent callers converge on the first winner's bytes.
- * - Key file is exactly 32 bytes; any other size is treated as corruption.
- */
-
-import { randomBytes } from "node:crypto";
-import {
-  chmod,
-  link,
-  mkdir,
-  readFile,
-  stat,
-  unlink,
-  writeFile,
-} from "node:fs/promises";
-import { dirname } from "node:path";
-
-/** Required length of the backup key file, in bytes. */
-const BACKUP_KEY_LENGTH = 32;
-
-/**
- * Check whether a filesystem path exists without throwing.
- *
- * Only `ENOENT` is treated as "missing". Any other errno (EIO, ESTALE,
- * EACCES, ...) is rethrown — we must not silently treat a transient I/O
- * failure as "file is absent" because that can cause an existing backup
- * key to be rotated away under the caller's feet, breaking decryption of
- * data encrypted with the prior key.
- */
-async function pathExists(path: string): Promise<boolean> {
-  try {
-    await stat(path);
-    return true;
-  } catch (err) {
-    if ((err as NodeJS.ErrnoException)?.code === "ENOENT") return false;
-    throw err;
-  }
-}
-
-/**
- * Read the backup key from disk if it exists.
- *
- * Returns the raw 32-byte buffer, or `null` if the file is missing. Intended
- * for read-only callers (e.g. restore paths) that should not create a new
- * key as a side effect.
- *
- * Throws if the file exists but is not exactly 32 bytes -- callers should
- * treat that as a corruption signal rather than silently regenerating.
- */
-export async function readBackupKey(keyPath: string): Promise<Buffer | null> {
-  if (!(await pathExists(keyPath))) return null;
-  const buf = await readFile(keyPath);
-  if (buf.length !== BACKUP_KEY_LENGTH) {
-    throw new Error(
-      `Backup key at ${keyPath} has invalid length ${buf.length} (expected ${BACKUP_KEY_LENGTH})`,
-    );
-  }
-  return buf;
-}
-
-/**
- * Ensure a backup key exists at `keyPath`, returning its bytes.
- *
- * - If the file exists, it is read and validated. A wrong-size file throws,
- *   so a corrupt key is never silently replaced.
- * - Otherwise, the parent directory is created (mode `0o700`), a fresh
- *   32-byte random key is generated, written to a unique tmp file, and
- *   atomically published to `keyPath` via `link()`.
- *
- * Concurrency: callers that race here must all converge on the same bytes
- * — otherwise one caller encrypts data with bytes that will never be
- * persisted and can never be decrypted.
- *
- * We use the canonical Unix atomic-create idiom: write full contents to
- * a per-call tmp file, then `link(tmp, keyPath)`. `link` fails with
- * `EEXIST` if `keyPath` already exists, which makes exactly one racing
- * caller the winner; the rest read the winner's bytes. `rename(2)` by
- * contrast overwrites the destination and is not race-safe here — two
- * renames can leave either caller's bytes on disk regardless of who
- * generated them, so a lost caller would return bytes that don't match
- * what's persisted. `link` avoids that entirely.
- */
-export async function ensureBackupKey(keyPath: string): Promise<Buffer> {
-  const existing = await readBackupKey(keyPath);
-  if (existing) return existing;
-
-  const parent = dirname(keyPath);
-  await mkdir(parent, { recursive: true, mode: 0o700 });
-
-  const key = randomBytes(BACKUP_KEY_LENGTH);
-  const tmpPath = `${keyPath}.tmp.${process.pid}.${randomBytes(8).toString("hex")}`;
-  try {
-    // `wx` fails if tmpPath somehow exists (stale orphan or collision) so
-    // we never silently overwrite another writer's in-flight tmp file.
-    await writeFile(tmpPath, key, { flag: "wx", mode: 0o600 });
-    // Some platforms / umasks ignore the `mode` option on writeFile, so
-    // enforce 0o600 explicitly before publishing.
-    await chmod(tmpPath, 0o600);
-    try {
-      // Atomic publish: only one racing caller's link() succeeds.
-      await link(tmpPath, keyPath);
-      return key;
-    } catch (err) {
-      if ((err as NodeJS.ErrnoException)?.code !== "EEXIST") throw err;
-      // Another caller won the race. Return their bytes, not ours.
-      const winner = await readBackupKey(keyPath);
-      if (!winner) {
-        throw new Error(
-          `link() reported EEXIST but ${keyPath} is unreadable`,
-        );
-      }
-      return winner;
-    }
-  } finally {
-    // Remove our tmp file whether we won (tmp is a hard link to keyPath,
-    // safe to unlink), lost, or errored. Best-effort.
-    try {
-      await unlink(tmpPath);
-    } catch {
-      // ignore
-    }
-  }
-}