@waiaas/daemon 2.0.0-rc.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (480) hide show
  1. package/dist/api/error-hints.d.ts +15 -0
  2. package/dist/api/error-hints.d.ts.map +1 -0
  3. package/dist/api/error-hints.js +71 -0
  4. package/dist/api/error-hints.js.map +1 -0
  5. package/dist/api/index.d.ts +11 -0
  6. package/dist/api/index.d.ts.map +1 -0
  7. package/dist/api/index.js +14 -0
  8. package/dist/api/index.js.map +1 -0
  9. package/dist/api/middleware/address-validation.d.ts +38 -0
  10. package/dist/api/middleware/address-validation.d.ts.map +1 -0
  11. package/dist/api/middleware/address-validation.js +134 -0
  12. package/dist/api/middleware/address-validation.js.map +1 -0
  13. package/dist/api/middleware/csp.d.ts +17 -0
  14. package/dist/api/middleware/csp.d.ts.map +1 -0
  15. package/dist/api/middleware/csp.js +31 -0
  16. package/dist/api/middleware/csp.js.map +1 -0
  17. package/dist/api/middleware/error-handler.d.ts +16 -0
  18. package/dist/api/middleware/error-handler.d.ts.map +1 -0
  19. package/dist/api/middleware/error-handler.js +46 -0
  20. package/dist/api/middleware/error-handler.js.map +1 -0
  21. package/dist/api/middleware/host-guard.d.ts +11 -0
  22. package/dist/api/middleware/host-guard.d.ts.map +1 -0
  23. package/dist/api/middleware/host-guard.js +25 -0
  24. package/dist/api/middleware/host-guard.js.map +1 -0
  25. package/dist/api/middleware/index.d.ts +13 -0
  26. package/dist/api/middleware/index.d.ts.map +1 -0
  27. package/dist/api/middleware/index.js +13 -0
  28. package/dist/api/middleware/index.js.map +1 -0
  29. package/dist/api/middleware/kill-switch-guard.d.ts +19 -0
  30. package/dist/api/middleware/kill-switch-guard.d.ts.map +1 -0
  31. package/dist/api/middleware/kill-switch-guard.js +49 -0
  32. package/dist/api/middleware/kill-switch-guard.js.map +1 -0
  33. package/dist/api/middleware/master-auth.d.ts +15 -0
  34. package/dist/api/middleware/master-auth.d.ts.map +1 -0
  35. package/dist/api/middleware/master-auth.js +35 -0
  36. package/dist/api/middleware/master-auth.js.map +1 -0
  37. package/dist/api/middleware/owner-auth.d.ts +30 -0
  38. package/dist/api/middleware/owner-auth.d.ts.map +1 -0
  39. package/dist/api/middleware/owner-auth.js +133 -0
  40. package/dist/api/middleware/owner-auth.js.map +1 -0
  41. package/dist/api/middleware/request-id.d.ts +10 -0
  42. package/dist/api/middleware/request-id.d.ts.map +1 -0
  43. package/dist/api/middleware/request-id.js +18 -0
  44. package/dist/api/middleware/request-id.js.map +1 -0
  45. package/dist/api/middleware/request-logger.d.ts +9 -0
  46. package/dist/api/middleware/request-logger.d.ts.map +1 -0
  47. package/dist/api/middleware/request-logger.js +18 -0
  48. package/dist/api/middleware/request-logger.js.map +1 -0
  49. package/dist/api/middleware/session-auth.d.ts +21 -0
  50. package/dist/api/middleware/session-auth.d.ts.map +1 -0
  51. package/dist/api/middleware/session-auth.js +51 -0
  52. package/dist/api/middleware/session-auth.js.map +1 -0
  53. package/dist/api/middleware/siwe-verify.d.ts +31 -0
  54. package/dist/api/middleware/siwe-verify.d.ts.map +1 -0
  55. package/dist/api/middleware/siwe-verify.js +55 -0
  56. package/dist/api/middleware/siwe-verify.js.map +1 -0
  57. package/dist/api/routes/actions.d.ts +56 -0
  58. package/dist/api/routes/actions.d.ts.map +1 -0
  59. package/dist/api/routes/actions.js +291 -0
  60. package/dist/api/routes/actions.js.map +1 -0
  61. package/dist/api/routes/admin.d.ts +99 -0
  62. package/dist/api/routes/admin.d.ts.map +1 -0
  63. package/dist/api/routes/admin.js +1304 -0
  64. package/dist/api/routes/admin.js.map +1 -0
  65. package/dist/api/routes/display-currency-helper.d.ts +26 -0
  66. package/dist/api/routes/display-currency-helper.d.ts.map +1 -0
  67. package/dist/api/routes/display-currency-helper.js +47 -0
  68. package/dist/api/routes/display-currency-helper.js.map +1 -0
  69. package/dist/api/routes/health.d.ts +14 -0
  70. package/dist/api/routes/health.d.ts.map +1 -0
  71. package/dist/api/routes/health.js +47 -0
  72. package/dist/api/routes/health.js.map +1 -0
  73. package/dist/api/routes/index.d.ts +15 -0
  74. package/dist/api/routes/index.d.ts.map +1 -0
  75. package/dist/api/routes/index.js +15 -0
  76. package/dist/api/routes/index.js.map +1 -0
  77. package/dist/api/routes/mcp.d.ts +30 -0
  78. package/dist/api/routes/mcp.d.ts.map +1 -0
  79. package/dist/api/routes/mcp.js +156 -0
  80. package/dist/api/routes/mcp.js.map +1 -0
  81. package/dist/api/routes/nonce.d.ts +20 -0
  82. package/dist/api/routes/nonce.d.ts.map +1 -0
  83. package/dist/api/routes/nonce.js +48 -0
  84. package/dist/api/routes/nonce.js.map +1 -0
  85. package/dist/api/routes/openapi-schemas.d.ts +2281 -0
  86. package/dist/api/routes/openapi-schemas.d.ts.map +1 -0
  87. package/dist/api/routes/openapi-schemas.js +770 -0
  88. package/dist/api/routes/openapi-schemas.js.map +1 -0
  89. package/dist/api/routes/policies.d.ts +29 -0
  90. package/dist/api/routes/policies.d.ts.map +1 -0
  91. package/dist/api/routes/policies.js +332 -0
  92. package/dist/api/routes/policies.js.map +1 -0
  93. package/dist/api/routes/sessions.d.ts +35 -0
  94. package/dist/api/routes/sessions.d.ts.map +1 -0
  95. package/dist/api/routes/sessions.js +347 -0
  96. package/dist/api/routes/sessions.js.map +1 -0
  97. package/dist/api/routes/skills.d.ts +9 -0
  98. package/dist/api/routes/skills.d.ts.map +1 -0
  99. package/dist/api/routes/skills.js +59 -0
  100. package/dist/api/routes/skills.js.map +1 -0
  101. package/dist/api/routes/tokens.d.ts +25 -0
  102. package/dist/api/routes/tokens.d.ts.map +1 -0
  103. package/dist/api/routes/tokens.js +161 -0
  104. package/dist/api/routes/tokens.js.map +1 -0
  105. package/dist/api/routes/transactions.d.ts +68 -0
  106. package/dist/api/routes/transactions.d.ts.map +1 -0
  107. package/dist/api/routes/transactions.js +576 -0
  108. package/dist/api/routes/transactions.js.map +1 -0
  109. package/dist/api/routes/utils.d.ts +9 -0
  110. package/dist/api/routes/utils.d.ts.map +1 -0
  111. package/dist/api/routes/utils.js +52 -0
  112. package/dist/api/routes/utils.js.map +1 -0
  113. package/dist/api/routes/wallet.d.ts +36 -0
  114. package/dist/api/routes/wallet.d.ts.map +1 -0
  115. package/dist/api/routes/wallet.js +358 -0
  116. package/dist/api/routes/wallet.js.map +1 -0
  117. package/dist/api/routes/wallets.d.ts +43 -0
  118. package/dist/api/routes/wallets.d.ts.map +1 -0
  119. package/dist/api/routes/wallets.js +630 -0
  120. package/dist/api/routes/wallets.js.map +1 -0
  121. package/dist/api/routes/wc.d.ts +46 -0
  122. package/dist/api/routes/wc.d.ts.map +1 -0
  123. package/dist/api/routes/wc.js +354 -0
  124. package/dist/api/routes/wc.js.map +1 -0
  125. package/dist/api/routes/x402.d.ts +61 -0
  126. package/dist/api/routes/x402.d.ts.map +1 -0
  127. package/dist/api/routes/x402.js +493 -0
  128. package/dist/api/routes/x402.js.map +1 -0
  129. package/dist/api/server.d.ts +81 -0
  130. package/dist/api/server.d.ts.map +1 -0
  131. package/dist/api/server.js +406 -0
  132. package/dist/api/server.js.map +1 -0
  133. package/dist/index.d.ts +35 -0
  134. package/dist/index.d.ts.map +1 -0
  135. package/dist/index.js +43 -0
  136. package/dist/index.js.map +1 -0
  137. package/dist/infrastructure/action/action-provider-registry.d.ts +77 -0
  138. package/dist/infrastructure/action/action-provider-registry.d.ts.map +1 -0
  139. package/dist/infrastructure/action/action-provider-registry.js +239 -0
  140. package/dist/infrastructure/action/action-provider-registry.js.map +1 -0
  141. package/dist/infrastructure/action/api-key-store.d.ts +60 -0
  142. package/dist/infrastructure/action/api-key-store.d.ts.map +1 -0
  143. package/dist/infrastructure/action/api-key-store.js +130 -0
  144. package/dist/infrastructure/action/api-key-store.js.map +1 -0
  145. package/dist/infrastructure/action/index.d.ts +10 -0
  146. package/dist/infrastructure/action/index.d.ts.map +1 -0
  147. package/dist/infrastructure/action/index.js +9 -0
  148. package/dist/infrastructure/action/index.js.map +1 -0
  149. package/dist/infrastructure/adapter-pool.d.ts +50 -0
  150. package/dist/infrastructure/adapter-pool.d.ts.map +1 -0
  151. package/dist/infrastructure/adapter-pool.js +110 -0
  152. package/dist/infrastructure/adapter-pool.js.map +1 -0
  153. package/dist/infrastructure/backup/backup-service.d.ts +53 -0
  154. package/dist/infrastructure/backup/backup-service.d.ts.map +1 -0
  155. package/dist/infrastructure/backup/backup-service.js +158 -0
  156. package/dist/infrastructure/backup/backup-service.js.map +1 -0
  157. package/dist/infrastructure/backup/index.d.ts +2 -0
  158. package/dist/infrastructure/backup/index.d.ts.map +1 -0
  159. package/dist/infrastructure/backup/index.js +2 -0
  160. package/dist/infrastructure/backup/index.js.map +1 -0
  161. package/dist/infrastructure/config/index.d.ts +8 -0
  162. package/dist/infrastructure/config/index.d.ts.map +1 -0
  163. package/dist/infrastructure/config/index.js +7 -0
  164. package/dist/infrastructure/config/index.js.map +1 -0
  165. package/dist/infrastructure/config/loader.d.ts +555 -0
  166. package/dist/infrastructure/config/loader.d.ts.map +1 -0
  167. package/dist/infrastructure/config/loader.js +311 -0
  168. package/dist/infrastructure/config/loader.js.map +1 -0
  169. package/dist/infrastructure/database/checks.d.ts +19 -0
  170. package/dist/infrastructure/database/checks.d.ts.map +1 -0
  171. package/dist/infrastructure/database/checks.js +27 -0
  172. package/dist/infrastructure/database/checks.js.map +1 -0
  173. package/dist/infrastructure/database/compatibility.d.ts +36 -0
  174. package/dist/infrastructure/database/compatibility.d.ts.map +1 -0
  175. package/dist/infrastructure/database/compatibility.js +75 -0
  176. package/dist/infrastructure/database/compatibility.js.map +1 -0
  177. package/dist/infrastructure/database/connection.d.ts +36 -0
  178. package/dist/infrastructure/database/connection.d.ts.map +1 -0
  179. package/dist/infrastructure/database/connection.js +47 -0
  180. package/dist/infrastructure/database/connection.js.map +1 -0
  181. package/dist/infrastructure/database/id.d.ts +17 -0
  182. package/dist/infrastructure/database/id.d.ts.map +1 -0
  183. package/dist/infrastructure/database/id.js +20 -0
  184. package/dist/infrastructure/database/id.js.map +1 -0
  185. package/dist/infrastructure/database/index.d.ts +15 -0
  186. package/dist/infrastructure/database/index.d.ts.map +1 -0
  187. package/dist/infrastructure/database/index.js +12 -0
  188. package/dist/infrastructure/database/index.js.map +1 -0
  189. package/dist/infrastructure/database/migrate.d.ts +76 -0
  190. package/dist/infrastructure/database/migrate.d.ts.map +1 -0
  191. package/dist/infrastructure/database/migrate.js +1214 -0
  192. package/dist/infrastructure/database/migrate.js.map +1 -0
  193. package/dist/infrastructure/database/schema.d.ts +2352 -0
  194. package/dist/infrastructure/database/schema.d.ts.map +1 -0
  195. package/dist/infrastructure/database/schema.js +288 -0
  196. package/dist/infrastructure/database/schema.js.map +1 -0
  197. package/dist/infrastructure/jwt/index.d.ts +2 -0
  198. package/dist/infrastructure/jwt/index.d.ts.map +1 -0
  199. package/dist/infrastructure/jwt/index.js +2 -0
  200. package/dist/infrastructure/jwt/index.js.map +1 -0
  201. package/dist/infrastructure/jwt/jwt-secret-manager.d.ts +58 -0
  202. package/dist/infrastructure/jwt/jwt-secret-manager.d.ts.map +1 -0
  203. package/dist/infrastructure/jwt/jwt-secret-manager.js +222 -0
  204. package/dist/infrastructure/jwt/jwt-secret-manager.js.map +1 -0
  205. package/dist/infrastructure/keystore/crypto.d.ts +62 -0
  206. package/dist/infrastructure/keystore/crypto.d.ts.map +1 -0
  207. package/dist/infrastructure/keystore/crypto.js +89 -0
  208. package/dist/infrastructure/keystore/crypto.js.map +1 -0
  209. package/dist/infrastructure/keystore/index.d.ts +4 -0
  210. package/dist/infrastructure/keystore/index.d.ts.map +1 -0
  211. package/dist/infrastructure/keystore/index.js +5 -0
  212. package/dist/infrastructure/keystore/index.js.map +1 -0
  213. package/dist/infrastructure/keystore/keystore.d.ts +115 -0
  214. package/dist/infrastructure/keystore/keystore.d.ts.map +1 -0
  215. package/dist/infrastructure/keystore/keystore.js +327 -0
  216. package/dist/infrastructure/keystore/keystore.js.map +1 -0
  217. package/dist/infrastructure/keystore/memory.d.ts +45 -0
  218. package/dist/infrastructure/keystore/memory.d.ts.map +1 -0
  219. package/dist/infrastructure/keystore/memory.js +105 -0
  220. package/dist/infrastructure/keystore/memory.js.map +1 -0
  221. package/dist/infrastructure/oracle/coingecko-forex.d.ts +35 -0
  222. package/dist/infrastructure/oracle/coingecko-forex.d.ts.map +1 -0
  223. package/dist/infrastructure/oracle/coingecko-forex.js +69 -0
  224. package/dist/infrastructure/oracle/coingecko-forex.js.map +1 -0
  225. package/dist/infrastructure/oracle/coingecko-oracle.d.ts +73 -0
  226. package/dist/infrastructure/oracle/coingecko-oracle.d.ts.map +1 -0
  227. package/dist/infrastructure/oracle/coingecko-oracle.js +199 -0
  228. package/dist/infrastructure/oracle/coingecko-oracle.js.map +1 -0
  229. package/dist/infrastructure/oracle/coingecko-platform-ids.d.ts +32 -0
  230. package/dist/infrastructure/oracle/coingecko-platform-ids.d.ts.map +1 -0
  231. package/dist/infrastructure/oracle/coingecko-platform-ids.js +30 -0
  232. package/dist/infrastructure/oracle/coingecko-platform-ids.js.map +1 -0
  233. package/dist/infrastructure/oracle/forex-currencies.d.ts +36 -0
  234. package/dist/infrastructure/oracle/forex-currencies.d.ts.map +1 -0
  235. package/dist/infrastructure/oracle/forex-currencies.js +71 -0
  236. package/dist/infrastructure/oracle/forex-currencies.js.map +1 -0
  237. package/dist/infrastructure/oracle/forex-rate-service.d.ts +51 -0
  238. package/dist/infrastructure/oracle/forex-rate-service.d.ts.map +1 -0
  239. package/dist/infrastructure/oracle/forex-rate-service.js +149 -0
  240. package/dist/infrastructure/oracle/forex-rate-service.js.map +1 -0
  241. package/dist/infrastructure/oracle/index.d.ts +18 -0
  242. package/dist/infrastructure/oracle/index.d.ts.map +1 -0
  243. package/dist/infrastructure/oracle/index.js +19 -0
  244. package/dist/infrastructure/oracle/index.js.map +1 -0
  245. package/dist/infrastructure/oracle/oracle-chain.d.ts +101 -0
  246. package/dist/infrastructure/oracle/oracle-chain.d.ts.map +1 -0
  247. package/dist/infrastructure/oracle/oracle-chain.js +163 -0
  248. package/dist/infrastructure/oracle/oracle-chain.js.map +1 -0
  249. package/dist/infrastructure/oracle/oracle-errors.d.ts +42 -0
  250. package/dist/infrastructure/oracle/oracle-errors.d.ts.map +1 -0
  251. package/dist/infrastructure/oracle/oracle-errors.js +53 -0
  252. package/dist/infrastructure/oracle/oracle-errors.js.map +1 -0
  253. package/dist/infrastructure/oracle/price-age.d.ts +38 -0
  254. package/dist/infrastructure/oracle/price-age.d.ts.map +1 -0
  255. package/dist/infrastructure/oracle/price-age.js +44 -0
  256. package/dist/infrastructure/oracle/price-age.js.map +1 -0
  257. package/dist/infrastructure/oracle/price-cache.d.ts +99 -0
  258. package/dist/infrastructure/oracle/price-cache.d.ts.map +1 -0
  259. package/dist/infrastructure/oracle/price-cache.js +173 -0
  260. package/dist/infrastructure/oracle/price-cache.js.map +1 -0
  261. package/dist/infrastructure/oracle/pyth-feed-ids.d.ts +31 -0
  262. package/dist/infrastructure/oracle/pyth-feed-ids.d.ts.map +1 -0
  263. package/dist/infrastructure/oracle/pyth-feed-ids.js +44 -0
  264. package/dist/infrastructure/oracle/pyth-feed-ids.js.map +1 -0
  265. package/dist/infrastructure/oracle/pyth-oracle.d.ts +69 -0
  266. package/dist/infrastructure/oracle/pyth-oracle.d.ts.map +1 -0
  267. package/dist/infrastructure/oracle/pyth-oracle.js +149 -0
  268. package/dist/infrastructure/oracle/pyth-oracle.js.map +1 -0
  269. package/dist/infrastructure/settings/hot-reload.d.ts +71 -0
  270. package/dist/infrastructure/settings/hot-reload.d.ts.map +1 -0
  271. package/dist/infrastructure/settings/hot-reload.js +315 -0
  272. package/dist/infrastructure/settings/hot-reload.js.map +1 -0
  273. package/dist/infrastructure/settings/index.d.ts +13 -0
  274. package/dist/infrastructure/settings/index.d.ts.map +1 -0
  275. package/dist/infrastructure/settings/index.js +10 -0
  276. package/dist/infrastructure/settings/index.js.map +1 -0
  277. package/dist/infrastructure/settings/setting-keys.d.ts +28 -0
  278. package/dist/infrastructure/settings/setting-keys.d.ts.map +1 -0
  279. package/dist/infrastructure/settings/setting-keys.js +105 -0
  280. package/dist/infrastructure/settings/setting-keys.js.map +1 -0
  281. package/dist/infrastructure/settings/settings-crypto.d.ts +39 -0
  282. package/dist/infrastructure/settings/settings-crypto.d.ts.map +1 -0
  283. package/dist/infrastructure/settings/settings-crypto.js +73 -0
  284. package/dist/infrastructure/settings/settings-crypto.js.map +1 -0
  285. package/dist/infrastructure/settings/settings-service.d.ts +82 -0
  286. package/dist/infrastructure/settings/settings-service.d.ts.map +1 -0
  287. package/dist/infrastructure/settings/settings-service.js +267 -0
  288. package/dist/infrastructure/settings/settings-service.js.map +1 -0
  289. package/dist/infrastructure/telegram/index.d.ts +6 -0
  290. package/dist/infrastructure/telegram/index.d.ts.map +1 -0
  291. package/dist/infrastructure/telegram/index.js +5 -0
  292. package/dist/infrastructure/telegram/index.js.map +1 -0
  293. package/dist/infrastructure/telegram/telegram-api.d.ts +35 -0
  294. package/dist/infrastructure/telegram/telegram-api.d.ts.map +1 -0
  295. package/dist/infrastructure/telegram/telegram-api.js +82 -0
  296. package/dist/infrastructure/telegram/telegram-api.js.map +1 -0
  297. package/dist/infrastructure/telegram/telegram-auth.d.ts +57 -0
  298. package/dist/infrastructure/telegram/telegram-auth.d.ts.map +1 -0
  299. package/dist/infrastructure/telegram/telegram-auth.js +88 -0
  300. package/dist/infrastructure/telegram/telegram-auth.js.map +1 -0
  301. package/dist/infrastructure/telegram/telegram-bot-service.d.ts +95 -0
  302. package/dist/infrastructure/telegram/telegram-bot-service.d.ts.map +1 -0
  303. package/dist/infrastructure/telegram/telegram-bot-service.js +564 -0
  304. package/dist/infrastructure/telegram/telegram-bot-service.js.map +1 -0
  305. package/dist/infrastructure/telegram/telegram-keyboard.d.ts +27 -0
  306. package/dist/infrastructure/telegram/telegram-keyboard.d.ts.map +1 -0
  307. package/dist/infrastructure/telegram/telegram-keyboard.js +52 -0
  308. package/dist/infrastructure/telegram/telegram-keyboard.js.map +1 -0
  309. package/dist/infrastructure/telegram/telegram-types.d.ts +43 -0
  310. package/dist/infrastructure/telegram/telegram-types.d.ts.map +1 -0
  311. package/dist/infrastructure/telegram/telegram-types.js +8 -0
  312. package/dist/infrastructure/telegram/telegram-types.js.map +1 -0
  313. package/dist/infrastructure/token-registry/builtin-tokens.d.ts +39 -0
  314. package/dist/infrastructure/token-registry/builtin-tokens.d.ts.map +1 -0
  315. package/dist/infrastructure/token-registry/builtin-tokens.js +135 -0
  316. package/dist/infrastructure/token-registry/builtin-tokens.js.map +1 -0
  317. package/dist/infrastructure/token-registry/index.d.ts +8 -0
  318. package/dist/infrastructure/token-registry/index.d.ts.map +1 -0
  319. package/dist/infrastructure/token-registry/index.js +8 -0
  320. package/dist/infrastructure/token-registry/index.js.map +1 -0
  321. package/dist/infrastructure/token-registry/token-registry-service.d.ts +49 -0
  322. package/dist/infrastructure/token-registry/token-registry-service.d.ts.map +1 -0
  323. package/dist/infrastructure/token-registry/token-registry-service.js +93 -0
  324. package/dist/infrastructure/token-registry/token-registry-service.js.map +1 -0
  325. package/dist/infrastructure/version/index.d.ts +5 -0
  326. package/dist/infrastructure/version/index.d.ts.map +1 -0
  327. package/dist/infrastructure/version/index.js +5 -0
  328. package/dist/infrastructure/version/index.js.map +1 -0
  329. package/dist/infrastructure/version/version-check-service.d.ts +35 -0
  330. package/dist/infrastructure/version/version-check-service.d.ts.map +1 -0
  331. package/dist/infrastructure/version/version-check-service.js +92 -0
  332. package/dist/infrastructure/version/version-check-service.js.map +1 -0
  333. package/dist/lifecycle/daemon.d.ts +103 -0
  334. package/dist/lifecycle/daemon.d.ts.map +1 -0
  335. package/dist/lifecycle/daemon.js +934 -0
  336. package/dist/lifecycle/daemon.js.map +1 -0
  337. package/dist/lifecycle/index.d.ts +9 -0
  338. package/dist/lifecycle/index.d.ts.map +1 -0
  339. package/dist/lifecycle/index.js +9 -0
  340. package/dist/lifecycle/index.js.map +1 -0
  341. package/dist/lifecycle/signal-handler.d.ts +18 -0
  342. package/dist/lifecycle/signal-handler.d.ts.map +1 -0
  343. package/dist/lifecycle/signal-handler.js +37 -0
  344. package/dist/lifecycle/signal-handler.js.map +1 -0
  345. package/dist/lifecycle/workers.d.ts +46 -0
  346. package/dist/lifecycle/workers.d.ts.map +1 -0
  347. package/dist/lifecycle/workers.js +101 -0
  348. package/dist/lifecycle/workers.js.map +1 -0
  349. package/dist/notifications/channels/discord.d.ts +10 -0
  350. package/dist/notifications/channels/discord.d.ts.map +1 -0
  351. package/dist/notifications/channels/discord.js +54 -0
  352. package/dist/notifications/channels/discord.js.map +1 -0
  353. package/dist/notifications/channels/ntfy.d.ts +13 -0
  354. package/dist/notifications/channels/ntfy.d.ts.map +1 -0
  355. package/dist/notifications/channels/ntfy.js +58 -0
  356. package/dist/notifications/channels/ntfy.js.map +1 -0
  357. package/dist/notifications/channels/slack.d.ts +10 -0
  358. package/dist/notifications/channels/slack.d.ts.map +1 -0
  359. package/dist/notifications/channels/slack.js +55 -0
  360. package/dist/notifications/channels/slack.js.map +1 -0
  361. package/dist/notifications/channels/telegram.d.ts +10 -0
  362. package/dist/notifications/channels/telegram.d.ts.map +1 -0
  363. package/dist/notifications/channels/telegram.js +40 -0
  364. package/dist/notifications/channels/telegram.js.map +1 -0
  365. package/dist/notifications/index.d.ts +9 -0
  366. package/dist/notifications/index.d.ts.map +1 -0
  367. package/dist/notifications/index.js +7 -0
  368. package/dist/notifications/index.js.map +1 -0
  369. package/dist/notifications/notification-service.d.ts +75 -0
  370. package/dist/notifications/notification-service.d.ts.map +1 -0
  371. package/dist/notifications/notification-service.js +213 -0
  372. package/dist/notifications/notification-service.js.map +1 -0
  373. package/dist/notifications/templates/message-templates.d.ts +12 -0
  374. package/dist/notifications/templates/message-templates.d.ts.map +1 -0
  375. package/dist/notifications/templates/message-templates.js +22 -0
  376. package/dist/notifications/templates/message-templates.js.map +1 -0
  377. package/dist/pipeline/database-policy-engine.d.ts +286 -0
  378. package/dist/pipeline/database-policy-engine.d.ts.map +1 -0
  379. package/dist/pipeline/database-policy-engine.js +992 -0
  380. package/dist/pipeline/database-policy-engine.js.map +1 -0
  381. package/dist/pipeline/default-policy-engine.d.ts +26 -0
  382. package/dist/pipeline/default-policy-engine.d.ts.map +1 -0
  383. package/dist/pipeline/default-policy-engine.js +25 -0
  384. package/dist/pipeline/default-policy-engine.js.map +1 -0
  385. package/dist/pipeline/index.d.ts +9 -0
  386. package/dist/pipeline/index.d.ts.map +1 -0
  387. package/dist/pipeline/index.js +9 -0
  388. package/dist/pipeline/index.js.map +1 -0
  389. package/dist/pipeline/network-resolver.d.ts +22 -0
  390. package/dist/pipeline/network-resolver.d.ts.map +1 -0
  391. package/dist/pipeline/network-resolver.js +32 -0
  392. package/dist/pipeline/network-resolver.js.map +1 -0
  393. package/dist/pipeline/pipeline.d.ts +72 -0
  394. package/dist/pipeline/pipeline.d.ts.map +1 -0
  395. package/dist/pipeline/pipeline.js +87 -0
  396. package/dist/pipeline/pipeline.js.map +1 -0
  397. package/dist/pipeline/resolve-effective-amount-usd.d.ts +41 -0
  398. package/dist/pipeline/resolve-effective-amount-usd.d.ts.map +1 -0
  399. package/dist/pipeline/resolve-effective-amount-usd.js +208 -0
  400. package/dist/pipeline/resolve-effective-amount-usd.js.map +1 -0
  401. package/dist/pipeline/sign-only.d.ts +99 -0
  402. package/dist/pipeline/sign-only.d.ts.map +1 -0
  403. package/dist/pipeline/sign-only.js +267 -0
  404. package/dist/pipeline/sign-only.js.map +1 -0
  405. package/dist/pipeline/sleep.d.ts +6 -0
  406. package/dist/pipeline/sleep.d.ts.map +1 -0
  407. package/dist/pipeline/sleep.js +8 -0
  408. package/dist/pipeline/sleep.js.map +1 -0
  409. package/dist/pipeline/stages.d.ts +82 -0
  410. package/dist/pipeline/stages.d.ts.map +1 -0
  411. package/dist/pipeline/stages.js +784 -0
  412. package/dist/pipeline/stages.js.map +1 -0
  413. package/dist/services/autostop-rules.d.ts +79 -0
  414. package/dist/services/autostop-rules.d.ts.map +1 -0
  415. package/dist/services/autostop-rules.js +174 -0
  416. package/dist/services/autostop-rules.js.map +1 -0
  417. package/dist/services/autostop-service.d.ts +82 -0
  418. package/dist/services/autostop-service.d.ts.map +1 -0
  419. package/dist/services/autostop-service.js +223 -0
  420. package/dist/services/autostop-service.js.map +1 -0
  421. package/dist/services/kill-switch-service.d.ts +118 -0
  422. package/dist/services/kill-switch-service.d.ts.map +1 -0
  423. package/dist/services/kill-switch-service.js +291 -0
  424. package/dist/services/kill-switch-service.js.map +1 -0
  425. package/dist/services/monitoring/balance-monitor-service.d.ts +65 -0
  426. package/dist/services/monitoring/balance-monitor-service.d.ts.map +1 -0
  427. package/dist/services/monitoring/balance-monitor-service.js +207 -0
  428. package/dist/services/monitoring/balance-monitor-service.js.map +1 -0
  429. package/dist/services/wc-session-service.d.ts +123 -0
  430. package/dist/services/wc-session-service.d.ts.map +1 -0
  431. package/dist/services/wc-session-service.js +363 -0
  432. package/dist/services/wc-session-service.js.map +1 -0
  433. package/dist/services/wc-signing-bridge.d.ts +60 -0
  434. package/dist/services/wc-signing-bridge.d.ts.map +1 -0
  435. package/dist/services/wc-signing-bridge.js +334 -0
  436. package/dist/services/wc-signing-bridge.js.map +1 -0
  437. package/dist/services/wc-storage.d.ts +32 -0
  438. package/dist/services/wc-storage.d.ts.map +1 -0
  439. package/dist/services/wc-storage.js +64 -0
  440. package/dist/services/wc-storage.js.map +1 -0
  441. package/dist/services/x402/payment-signer.d.ts +88 -0
  442. package/dist/services/x402/payment-signer.d.ts.map +1 -0
  443. package/dist/services/x402/payment-signer.js +311 -0
  444. package/dist/services/x402/payment-signer.js.map +1 -0
  445. package/dist/services/x402/ssrf-guard.d.ts +27 -0
  446. package/dist/services/x402/ssrf-guard.d.ts.map +1 -0
  447. package/dist/services/x402/ssrf-guard.js +236 -0
  448. package/dist/services/x402/ssrf-guard.js.map +1 -0
  449. package/dist/services/x402/x402-domain-policy.d.ts +50 -0
  450. package/dist/services/x402/x402-domain-policy.d.ts.map +1 -0
  451. package/dist/services/x402/x402-domain-policy.js +78 -0
  452. package/dist/services/x402/x402-domain-policy.js.map +1 -0
  453. package/dist/services/x402/x402-handler.d.ts +71 -0
  454. package/dist/services/x402/x402-handler.d.ts.map +1 -0
  455. package/dist/services/x402/x402-handler.js +195 -0
  456. package/dist/services/x402/x402-handler.js.map +1 -0
  457. package/dist/services/x402/x402-usd-resolver.d.ts +26 -0
  458. package/dist/services/x402/x402-usd-resolver.d.ts.map +1 -0
  459. package/dist/services/x402/x402-usd-resolver.js +79 -0
  460. package/dist/services/x402/x402-usd-resolver.js.map +1 -0
  461. package/dist/workflow/approval-workflow.d.ts +103 -0
  462. package/dist/workflow/approval-workflow.d.ts.map +1 -0
  463. package/dist/workflow/approval-workflow.js +202 -0
  464. package/dist/workflow/approval-workflow.js.map +1 -0
  465. package/dist/workflow/delay-queue.d.ts +78 -0
  466. package/dist/workflow/delay-queue.d.ts.map +1 -0
  467. package/dist/workflow/delay-queue.js +174 -0
  468. package/dist/workflow/delay-queue.js.map +1 -0
  469. package/dist/workflow/index.d.ts +11 -0
  470. package/dist/workflow/index.d.ts.map +1 -0
  471. package/dist/workflow/index.js +9 -0
  472. package/dist/workflow/index.js.map +1 -0
  473. package/dist/workflow/owner-state.d.ts +97 -0
  474. package/dist/workflow/owner-state.d.ts.map +1 -0
  475. package/dist/workflow/owner-state.js +168 -0
  476. package/dist/workflow/owner-state.js.map +1 -0
  477. package/package.json +71 -0
  478. package/public/admin/assets/index-BPoUSH8W.css +1 -0
  479. package/public/admin/assets/index-CDi1qoXB.js +1 -0
  480. package/public/admin/index.html +13 -0
package/dist/infrastructure/database/schema.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../src/infrastructure/database/schema.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAqCH,eAAO,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAiCnB,CAAC;AAMF,eAAO,MAAM,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAuBpB,CAAC;AAMF,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA0DxB,CAAC;AAMF,eAAO,MAAM,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAyBpB,CAAC;AAMF,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAmB5B,CAAC;AAMF,eAAO,MAAM,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAsBpB,CAAC;AAMF,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAIxB,CAAC;AAMH,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAmB5B,CAAC;AAMF,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAiBzB,CAAC;AAMF,eAAO,MAAM,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAYpB,CAAC;AAMF,eAAO,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAKlB,CAAC;AAMH,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAazB,CAAC;AAMF,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAiBtB,CAAC;AAMF,eAAO,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAGlB,CAAC"}
package/dist/infrastructure/database/schema.js ADDED
@@ -0,0 +1,288 @@
1
+ /**
2
+ * Drizzle ORM schema definitions for WAIaaS daemon SQLite database.
3
+ *
4
+ * 14 tables: wallets, sessions, transactions, policies, pending_approvals, audit_log, key_value_store, notification_logs, token_registry, settings, api_keys, telegram_users, wc_sessions, wc_store
5
+ *
6
+ * CHECK constraints are derived from @waiaas/core enum SSoT arrays (not hardcoded strings).
7
+ * All timestamps are Unix epoch seconds via { mode: 'timestamp' }.
8
+ * All text PKs use UUID v7 for ms-precision time ordering (except audit_log which uses AUTOINCREMENT).
9
+ *
10
+ * v1.4.2: agents table renamed to wallets, agent_id columns renamed to wallet_id.
11
+ * WALLET_STATUSES used for status CHECK constraint.
12
+ *
13
+ * v1.4.6: Environment model -- wallets.network replaced by wallets.environment + wallets.defaultNetwork.
14
+ * transactions.network and policies.network columns added.
15
+ *
16
+ * @see docs/25-sqlite-schema.md
17
+ */
18
+ import { sqliteTable, text, integer, real, index, uniqueIndex, check, } from 'drizzle-orm/sqlite-core';
19
+ import { sql } from 'drizzle-orm';
20
+ import { WALLET_STATUSES, CHAIN_TYPES, NETWORK_TYPES, ENVIRONMENT_TYPES, TRANSACTION_STATUSES, TRANSACTION_TYPES, POLICY_TYPES, POLICY_TIERS, NOTIFICATION_LOG_STATUSES, } from '@waiaas/core';
21
+ // ---------------------------------------------------------------------------
22
+ // Utility: build CHECK constraint SQL from SSoT enum arrays
23
+ // ---------------------------------------------------------------------------
24
+ const buildCheckSql = (column, values) => sql.raw(`${column} IN (${values.map((v) => `'${v}'`).join(', ')})`);
25
+ // ---------------------------------------------------------------------------
26
+ // Table 1: wallets -- wallet identity and lifecycle state (renamed from agents in v3)
27
+ // v1.4.6: network replaced by environment + defaultNetwork (environment model)
28
+ // ---------------------------------------------------------------------------
29
+ export const wallets = sqliteTable('wallets', {
30
+ id: text('id').primaryKey(),
31
+ name: text('name').notNull(),
32
+ chain: text('chain').notNull(),
33
+ environment: text('environment').notNull(),
34
+ defaultNetwork: text('default_network'),
35
+ publicKey: text('public_key').notNull(),
36
+ status: text('status').notNull().default('CREATING'),
37
+ ownerAddress: text('owner_address'),
38
+ ownerVerified: integer('owner_verified', { mode: 'boolean' }).notNull().default(false),
39
+ createdAt: integer('created_at', { mode: 'timestamp' }).notNull(),
40
+ updatedAt: integer('updated_at', { mode: 'timestamp' }).notNull(),
41
+ suspendedAt: integer('suspended_at', { mode: 'timestamp' }),
42
+ suspensionReason: text('suspension_reason'),
43
+ }, (table) => [
44
+ uniqueIndex('idx_wallets_public_key').on(table.publicKey),
45
+ index('idx_wallets_status').on(table.status),
46
+ index('idx_wallets_chain_environment').on(table.chain, table.environment),
47
+ index('idx_wallets_owner_address').on(table.ownerAddress),
48
+ check('check_chain', buildCheckSql('chain', CHAIN_TYPES)),
49
+ check('check_environment', buildCheckSql('environment', ENVIRONMENT_TYPES)),
50
+ check('check_default_network', sql.raw(`default_network IS NULL OR default_network IN (${NETWORK_TYPES.map((v) => `'${v}'`).join(', ')})`)),
51
+ check('check_status', buildCheckSql('status', WALLET_STATUSES)),
52
+ check('check_owner_verified', sql `owner_verified IN (0, 1)`),
53
+ ]);
54
+ // ---------------------------------------------------------------------------
55
+ // Table 2: sessions -- JWT session tracking
56
+ // ---------------------------------------------------------------------------
57
+ export const sessions = sqliteTable('sessions', {
58
+ id: text('id').primaryKey(),
59
+ walletId: text('wallet_id')
60
+ .notNull()
61
+ .references(() => wallets.id, { onDelete: 'cascade' }),
62
+ tokenHash: text('token_hash').notNull(),
63
+ expiresAt: integer('expires_at', { mode: 'timestamp' }).notNull(),
64
+ constraints: text('constraints'),
65
+ usageStats: text('usage_stats'),
66
+ revokedAt: integer('revoked_at', { mode: 'timestamp' }),
67
+ renewalCount: integer('renewal_count').notNull().default(0),
68
+ maxRenewals: integer('max_renewals').notNull().default(30),
69
+ lastRenewedAt: integer('last_renewed_at', { mode: 'timestamp' }),
70
+ absoluteExpiresAt: integer('absolute_expires_at', { mode: 'timestamp' }).notNull(),
71
+ createdAt: integer('created_at', { mode: 'timestamp' }).notNull(),
72
+ }, (table) => [
73
+ index('idx_sessions_wallet_id').on(table.walletId),
74
+ index('idx_sessions_expires_at').on(table.expiresAt),
75
+ index('idx_sessions_token_hash').on(table.tokenHash),
76
+ ]);
77
+ // ---------------------------------------------------------------------------
78
+ // Table 3: transactions -- on-chain transaction records
79
+ // ---------------------------------------------------------------------------
80
+ export const transactions = sqliteTable('transactions', {
81
+ id: text('id').primaryKey(),
82
+ walletId: text('wallet_id')
83
+ .notNull()
84
+ .references(() => wallets.id, { onDelete: 'restrict' }),
85
+ sessionId: text('session_id').references(() => sessions.id, { onDelete: 'set null' }),
86
+ chain: text('chain').notNull(),
87
+ txHash: text('tx_hash'),
88
+ type: text('type').notNull(),
89
+ amount: text('amount'),
90
+ toAddress: text('to_address'),
91
+ tokenMint: text('token_mint'),
92
+ contractAddress: text('contract_address'),
93
+ methodSignature: text('method_signature'),
94
+ spenderAddress: text('spender_address'),
95
+ approvedAmount: text('approved_amount'),
96
+ parentId: text('parent_id').references(() => transactions.id, {
97
+ onDelete: 'cascade',
98
+ }),
99
+ batchIndex: integer('batch_index'),
100
+ status: text('status').notNull().default('PENDING'),
101
+ tier: text('tier'),
102
+ queuedAt: integer('queued_at', { mode: 'timestamp' }),
103
+ executedAt: integer('executed_at', { mode: 'timestamp' }),
104
+ createdAt: integer('created_at', { mode: 'timestamp' }).notNull(),
105
+ reservedAmount: text('reserved_amount'),
106
+ amountUsd: real('amount_usd'),
107
+ reservedAmountUsd: real('reserved_amount_usd'),
108
+ error: text('error'),
109
+ metadata: text('metadata'),
110
+ network: text('network'),
111
+ }, (table) => [
112
+ index('idx_transactions_wallet_status').on(table.walletId, table.status),
113
+ index('idx_transactions_session_id').on(table.sessionId),
114
+ uniqueIndex('idx_transactions_tx_hash').on(table.txHash),
115
+ index('idx_transactions_queued_at').on(table.queuedAt),
116
+ index('idx_transactions_created_at').on(table.createdAt),
117
+ index('idx_transactions_type').on(table.type),
118
+ index('idx_transactions_contract_address').on(table.contractAddress),
119
+ index('idx_transactions_parent_id').on(table.parentId),
120
+ check('check_tx_type', buildCheckSql('type', TRANSACTION_TYPES)),
121
+ check('check_tx_status', buildCheckSql('status', TRANSACTION_STATUSES)),
122
+ check('check_tx_tier', sql.raw(`tier IS NULL OR tier IN (${POLICY_TIERS.map((v) => `'${v}'`).join(', ')})`)),
123
+ check('check_tx_network', sql.raw(`network IS NULL OR network IN (${NETWORK_TYPES.map((v) => `'${v}'`).join(', ')})`)),
124
+ ]);
125
+ // ---------------------------------------------------------------------------
126
+ // Table 4: policies -- wallet and global policy rules
127
+ // ---------------------------------------------------------------------------
128
+ export const policies = sqliteTable('policies', {
129
+ id: text('id').primaryKey(),
130
+ walletId: text('wallet_id').references(() => wallets.id, { onDelete: 'cascade' }),
131
+ type: text('type').notNull(),
132
+ rules: text('rules').notNull(),
133
+ priority: integer('priority').notNull().default(0),
134
+ enabled: integer('enabled', { mode: 'boolean' }).notNull().default(true),
135
+ network: text('network'),
136
+ createdAt: integer('created_at', { mode: 'timestamp' }).notNull(),
137
+ updatedAt: integer('updated_at', { mode: 'timestamp' }).notNull(),
138
+ }, (table) => [
139
+ index('idx_policies_wallet_enabled').on(table.walletId, table.enabled),
140
+ index('idx_policies_type').on(table.type),
141
+ index('idx_policies_network').on(table.network),
142
+ check('check_policy_type', buildCheckSql('type', POLICY_TYPES)),
143
+ check('check_policy_network', sql.raw(`network IS NULL OR network IN (${NETWORK_TYPES.map((v) => `'${v}'`).join(', ')})`)),
144
+ ]);
145
+ // ---------------------------------------------------------------------------
146
+ // Table 5: pending_approvals -- APPROVAL tier owner sign-off tracking
147
+ // ---------------------------------------------------------------------------
148
+ export const pendingApprovals = sqliteTable('pending_approvals', {
149
+ id: text('id').primaryKey(),
150
+ txId: text('tx_id')
151
+ .notNull()
152
+ .references(() => transactions.id, { onDelete: 'cascade' }),
153
+ requiredBy: integer('required_by', { mode: 'timestamp' }).notNull(),
154
+ expiresAt: integer('expires_at', { mode: 'timestamp' }).notNull(),
155
+ approvedAt: integer('approved_at', { mode: 'timestamp' }),
156
+ rejectedAt: integer('rejected_at', { mode: 'timestamp' }),
157
+ ownerSignature: text('owner_signature'),
158
+ approvalChannel: text('approval_channel').default('rest_api'),
159
+ createdAt: integer('created_at', { mode: 'timestamp' }).notNull(),
160
+ }, (table) => [
161
+ index('idx_pending_approvals_tx_id').on(table.txId),
162
+ index('idx_pending_approvals_expires_at').on(table.expiresAt),
163
+ ]);
164
+ // ---------------------------------------------------------------------------
165
+ // Table 6: audit_log -- append-only security event log
166
+ // ---------------------------------------------------------------------------
167
+ export const auditLog = sqliteTable('audit_log', {
168
+ id: integer('id').primaryKey({ autoIncrement: true }),
169
+ timestamp: integer('timestamp', { mode: 'timestamp' }).notNull(),
170
+ eventType: text('event_type').notNull(),
171
+ actor: text('actor').notNull(),
172
+ walletId: text('wallet_id'),
173
+ sessionId: text('session_id'),
174
+ txId: text('tx_id'),
175
+ details: text('details').notNull(),
176
+ severity: text('severity').notNull().default('info'),
177
+ ipAddress: text('ip_address'),
178
+ }, (table) => [
179
+ index('idx_audit_log_timestamp').on(table.timestamp),
180
+ index('idx_audit_log_event_type').on(table.eventType),
181
+ index('idx_audit_log_wallet_id').on(table.walletId),
182
+ index('idx_audit_log_severity').on(table.severity),
183
+ index('idx_audit_log_wallet_timestamp').on(table.walletId, table.timestamp),
184
+ check('check_severity', sql `severity IN ('info', 'warning', 'critical')`),
185
+ ]);
186
+ // ---------------------------------------------------------------------------
187
+ // Table 7: key_value_store -- system state (JWT secret, daemon metadata)
188
+ // ---------------------------------------------------------------------------
189
+ export const keyValueStore = sqliteTable('key_value_store', {
190
+ key: text('key').primaryKey(),
191
+ value: text('value').notNull(),
192
+ updatedAt: integer('updated_at', { mode: 'timestamp' }).notNull(),
193
+ });
194
+ // ---------------------------------------------------------------------------
195
+ // Table 8: notification_logs -- notification delivery history
196
+ // ---------------------------------------------------------------------------
197
+ export const notificationLogs = sqliteTable('notification_logs', {
198
+ id: text('id').primaryKey(), // UUID v7
199
+ eventType: text('event_type').notNull(),
200
+ walletId: text('wallet_id'),
201
+ channel: text('channel').notNull(), // telegram / discord / ntfy
202
+ status: text('status').notNull(), // sent / failed
203
+ error: text('error'), // failure error message (nullable)
204
+ message: text('message'), // nullable - null for pre-v10 logs
205
+ createdAt: integer('created_at', { mode: 'timestamp' }).notNull(),
206
+ }, (table) => [
207
+ index('idx_notification_logs_event_type').on(table.eventType),
208
+ index('idx_notification_logs_wallet_id').on(table.walletId),
209
+ index('idx_notification_logs_status').on(table.status),
210
+ index('idx_notification_logs_created_at').on(table.createdAt),
211
+ check('check_notif_log_status', buildCheckSql('status', NOTIFICATION_LOG_STATUSES)),
212
+ ]);
213
+ // ---------------------------------------------------------------------------
214
+ // Table 9: token_registry -- EVM ERC-20 token management (builtin + custom)
215
+ // ---------------------------------------------------------------------------
216
+ export const tokenRegistry = sqliteTable('token_registry', {
217
+ id: text('id').primaryKey(), // UUID v7
218
+ network: text('network').notNull(), // EvmNetworkType
219
+ address: text('address').notNull(), // EIP-55 checksum address
220
+ symbol: text('symbol').notNull(),
221
+ name: text('name').notNull(),
222
+ decimals: integer('decimals').notNull(),
223
+ source: text('source').notNull().default('custom'), // 'builtin' | 'custom'
224
+ createdAt: integer('created_at', { mode: 'timestamp' }).notNull(),
225
+ }, (table) => [
226
+ uniqueIndex('idx_token_registry_network_address').on(table.network, table.address),
227
+ index('idx_token_registry_network').on(table.network),
228
+ check('check_token_source', sql `source IN ('builtin', 'custom')`),
229
+ ]);
230
+ // ---------------------------------------------------------------------------
231
+ // Table 10: settings -- daemon operational settings (key-value)
232
+ // ---------------------------------------------------------------------------
233
+ export const settings = sqliteTable('settings', {
234
+ key: text('key').primaryKey(), // e.g., 'notifications.telegram_bot_token'
235
+ value: text('value').notNull(), // plain or AES-GCM encrypted (base64 JSON)
236
+ encrypted: integer('encrypted', { mode: 'boolean' }).notNull().default(false),
237
+ category: text('category').notNull(), // 'notifications' | 'rpc' | 'security' | 'daemon' | 'walletconnect'
238
+ updatedAt: integer('updated_at', { mode: 'timestamp' }).notNull(),
239
+ }, (table) => [
240
+ index('idx_settings_category').on(table.category),
241
+ ]);
242
+ // ---------------------------------------------------------------------------
243
+ // Table 11: api_keys -- Action Provider API key encrypted storage (v1.5)
244
+ // ---------------------------------------------------------------------------
245
+ export const apiKeys = sqliteTable('api_keys', {
246
+ providerName: text('provider_name').primaryKey(),
247
+ encryptedKey: text('encrypted_key').notNull(),
248
+ createdAt: integer('created_at', { mode: 'timestamp' }).notNull(),
249
+ updatedAt: integer('updated_at', { mode: 'timestamp' }).notNull(),
250
+ });
251
+ // ---------------------------------------------------------------------------
252
+ // Table 12: telegram_users -- Telegram Bot user management (v1.6)
253
+ // ---------------------------------------------------------------------------
254
+ export const telegramUsers = sqliteTable('telegram_users', {
255
+ chatId: integer('chat_id').primaryKey(),
256
+ username: text('username'),
257
+ role: text('role').notNull().default('PENDING'),
258
+ registeredAt: integer('registered_at', { mode: 'timestamp' }).notNull(),
259
+ approvedAt: integer('approved_at', { mode: 'timestamp' }),
260
+ }, (table) => [
261
+ index('idx_telegram_users_role').on(table.role),
262
+ check('check_telegram_role', sql `role IN ('PENDING', 'ADMIN', 'READONLY')`),
263
+ ]);
264
+ // ---------------------------------------------------------------------------
265
+ // Table 13: wc_sessions -- WalletConnect session metadata (v1.6.1)
266
+ // ---------------------------------------------------------------------------
267
+ export const wcSessions = sqliteTable('wc_sessions', {
268
+ walletId: text('wallet_id')
269
+ .primaryKey()
270
+ .references(() => wallets.id, { onDelete: 'cascade' }),
271
+ topic: text('topic').notNull().unique(),
272
+ peerMeta: text('peer_meta'),
273
+ chainId: text('chain_id').notNull(),
274
+ ownerAddress: text('owner_address').notNull(),
275
+ namespaces: text('namespaces'),
276
+ expiry: integer('expiry').notNull(),
277
+ createdAt: integer('created_at', { mode: 'timestamp' }).notNull(),
278
+ }, (table) => [
279
+ index('idx_wc_sessions_topic').on(table.topic),
280
+ ]);
281
+ // ---------------------------------------------------------------------------
282
+ // Table 14: wc_store -- WalletConnect IKeyValueStorage (v1.6.1)
283
+ // ---------------------------------------------------------------------------
284
+ export const wcStore = sqliteTable('wc_store', {
285
+ key: text('key').primaryKey(),
286
+ value: text('value').notNull(),
287
+ });
288
+ //# sourceMappingURL=schema.js.map
package/dist/infrastructure/database/schema.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../src/infrastructure/database/schema.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EACL,WAAW,EACX,IAAI,EACJ,OAAO,EACP,IAAI,EACJ,KAAK,EACL,WAAW,EACX,KAAK,GAEN,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AAClC,OAAO,EACL,eAAe,EACf,WAAW,EACX,aAAa,EACb,iBAAiB,EACjB,oBAAoB,EACpB,iBAAiB,EACjB,YAAY,EACZ,YAAY,EACZ,yBAAyB,GAC1B,MAAM,cAAc,CAAC;AAEtB,8EAA8E;AAC9E,4DAA4D;AAC5D,8EAA8E;AAE9E,MAAM,aAAa,GAAG,CAAC,MAAc,EAAE,MAAyB,EAAE,EAAE,CAClE,GAAG,CAAC,GAAG,CAAC,GAAG,MAAM,QAAQ,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAEtE,8EAA8E;AAC9E,sFAAsF;AACtF,+EAA+E;AAC/E,8EAA8E;AAE9E,MAAM,CAAC,MAAM,OAAO,GAAG,WAAW,CAChC,SAAS,EACT;IACE,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE;IAC3B,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE;IAC5B,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE;IAC9B,WAAW,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC,OAAO,EAAE;IAC1C,cAAc,EAAE,IAAI,CAAC,iBAAiB,CAAC;IACvC,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC,OAAO,EAAE;IACvC,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC;IACpD,YAAY,EAAE,IAAI,CAAC,eAAe,CAAC;IACnC,aAAa,EAAE,OAAO,CAAC,gBAAgB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IACtF,SAAS,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE;IACjE,SAAS,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE;IACjE,WAAW,EAAE,OAAO,CAAC,cAAc,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;IAC3D,gBAAgB,EAAE,IAAI,CAAC,mBAAmB,CAAC;CAC5C,EACD,CAAC,KAAK,EAAE,EAAE,CAAC;IACT,WAAW,CAAC,wBAAwB,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC;IACzD,KAAK,CAAC,oBAAoB,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC;IAC5C,KAAK,CAAC,+BAA+B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,WAAW,CAAC;IACzE,KAAK,CAAC,2BAA2B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,YAAY,CAAC;IACzD,KAAK,CAAC,aAAa,EAAE,aAAa,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IACzD,KAAK,CAAC,mBAAmB,EAAE,aAAa,CAAC,aAAa,EAAE,iBAAiB,CAAC,CAAC;IAC3E,KAAK,CACH,uBAAuB,EACvB,GAAG,CAAC,GAAG,CACL,kDAAkD,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CACnG,CACF;IACD,KAAK,CAAC,cAAc,EAAE,aAAa,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;IAC/D,KAAK,CAAC,sBAAsB,EAAE,GAAG,CAAA,0BAA0B,CAAC;CAC7D,CACF,CAAC;AAEF,8EAA8E;AAC9E,4CAA4C;AAC5C,8EAA8E;AAE9E,MAAM,CAAC,MAAM,QAAQ,GAAG,WAAW,CACjC,UAAU,EACV;IACE,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE;IAC3B,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC;SACxB,OAAO,EAAE;SACT,UAAU,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IACxD,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC,OAAO,EAAE;IACvC,SAAS,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE;IACjE,WAAW,EAAE,IAAI,CAAC,aAAa,CAAC;IAChC,UAAU,EAAE,IAAI,CAAC,aAAa,CAAC;IAC/B,SAAS,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;IACvD,YAAY,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;IAC3D,WAAW,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IAC1D,aAAa,EAAE,OAAO,CAAC,iBAAiB,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;IAChE,iBAAiB,EAAE,OAAO,CAAC,qBAAqB,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE;IAClF,SAAS,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE;CAClE,EACD,CAAC,KAAK,EAAE,EAAE,CAAC;IACT,KAAK,CAAC,wBAAwB,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC;IAClD,KAAK,CAAC,yBAAyB,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC;IACpD,KAAK,CAAC,yBAAyB,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC;CACrD,CACF,CAAC;AAEF,8EAA8E;AAC9E,wDAAwD;AACxD,8EAA8E;AAE9E,MAAM,CAAC,MAAM,YAAY,GAAG,WAAW,CACrC,cAAc,EACd;IACE,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE;IAC3B,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC;SACxB,OAAO,EAAE;SACT,UAAU,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;IACzD,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;IACrF,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE;IAC9B,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC;IACvB,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE;IAC5B,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC;IACtB,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC;IAC7B,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC;IAC7B,eAAe,EAAE,IAAI,CAAC,kBAAkB,CAAC;IACzC,eAAe,EAAE,IAAI,CAAC,kBAAkB,CAAC;IACzC,cAAc,EAAE,IAAI,CAAC,iBAAiB,CAAC;IACvC,cAAc,EAAE,IAAI,CAAC,iBAAiB,CAAC;IACvC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,UAAU,CAAC,GAAoB,EAAE,CAAC,YAAY,CAAC,EAAE,EAAE;QAC7E,QAAQ,EAAE,SAAS;KACpB,CAAC;IACF,UAAU,EAAE,OAAO,CAAC,aAAa,CAAC;IAClC,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,SAAS,CAAC;IACnD,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC;IAClB,QAAQ,EAAE,OAAO,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;IACrD,UAAU,EAAE,OAAO,CAAC,aAAa,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;IACzD,SAAS,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE;IACjE,cAAc,EAAE,IAAI,CAAC,iBAAiB,CAAC;IACvC,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC;IAC7B,iBAAiB,EAAE,IAAI,CAAC,qBAAqB,CAAC;IAC9C,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC;IACpB,QAAQ,EAAE,IAAI,CAAC,UAAU,CAAC;IAC1B,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC;CACzB,EACD,CAAC,KAAK,EAAE,EAAE,CAAC;IACT,KAAK,CAAC,gCAAgC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,MAAM,CAAC;IACxE,KAAK,CAAC,6BAA6B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC;IACxD,WAAW,CAAC,0BAA0B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC;IACxD,KAAK,CAAC,4BAA4B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC;IACtD,KAAK,CAAC,6BAA6B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC;IACxD,KAAK,CAAC,uBAAuB,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC;IAC7C,KAAK,CAAC,mCAAmC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,eAAe,CAAC;IACpE,KAAK,CAAC,4BAA4B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC;IACtD,KAAK,CAAC,eAAe,EAAE,aAAa,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;IAChE,KAAK,CAAC,iBAAiB,EAAE,aAAa,CAAC,QAAQ,EAAE,oBAAoB,CAAC,CAAC;IACvE,KAAK,CACH,eAAe,EACf,GAAG,CAAC,GAAG,CACL,4BAA4B,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC5E,CACF;IACD,KAAK,CACH,kBAAkB,EAClB,GAAG,CAAC,GAAG,CACL,kCAAkC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CACnF,CACF;CACF,CACF,CAAC;AAEF,8EAA8E;AAC9E,sDAAsD;AACtD,8EAA8E;AAE9E,MAAM,CAAC,MAAM,QAAQ,GAAG,WAAW,CACjC,UAAU,EACV;IACE,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE;IAC3B,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IACjF,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE;IAC5B,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE;IAC9B,QAAQ,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;IAClD,OAAO,EAAE,OAAO,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IACxE,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC;IACxB,SAAS,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE;IACjE,SAAS,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE;CAClE,EACD,CAAC,KAAK,EAAE,EAAE,CAAC;IACT,KAAK,CAAC,6BAA6B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC;IACtE,KAAK,CAAC,mBAAmB,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC;IACzC,KAAK,CAAC,sBAAsB,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC;IAC/C,KAAK,CAAC,mBAAmB,EAAE,aAAa,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;IAC/D,KAAK,CACH,sBAAsB,EACtB,GAAG,CAAC,GAAG,CACL,kCAAkC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CACnF,CACF;CACF,CACF,CAAC;AAEF,8EAA8E;AAC9E,sEAAsE;AACtE,8EAA8E;AAE9E,MAAM,CAAC,MAAM,gBAAgB,GAAG,WAAW,CACzC,mBAAmB,EACnB;IACE,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE;IAC3B,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC;SAChB,OAAO,EAAE;SACT,UAAU,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IAC7D,UAAU,EAAE,OAAO,CAAC,aAAa,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE;IACnE,SAAS,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE;IACjE,UAAU,EAAE,OAAO,CAAC,aAAa,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;IACzD,UAAU,EAAE,OAAO,CAAC,aAAa,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;IACzD,cAAc,EAAE,IAAI,CAAC,iBAAiB,CAAC;IACvC,eAAe,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC;IAC7D,SAAS,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE;CAClE,EACD,CAAC,KAAK,EAAE,EAAE,CAAC;IACT,KAAK,CAAC,6BAA6B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC;IACnD,KAAK,CAAC,kCAAkC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC;CAC9D,CACF,CAAC;AAEF,8EAA8E;AAC9E,uDAAuD;AACvD,8EAA8E;AAE9E,MAAM,CAAC,MAAM,QAAQ,GAAG,WAAW,CACjC,WAAW,EACX;IACE,EAAE,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;IACrD,SAAS,EAAE,OAAO,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE;IAChE,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC,OAAO,EAAE;IACvC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE;IAC9B,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC;IAC3B,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC;IAC7B,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC;IACnB,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;IAClC,QAAQ,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;IACpD,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC;CAC9B,EACD,CAAC,KAAK,EAAE,EAAE,CAAC;IACT,KAAK,CAAC,yBAAyB,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC;IACpD,KAAK,CAAC,0BAA0B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC;IACrD,KAAK,CAAC,yBAAyB,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC;IACnD,KAAK,CAAC,wBAAwB,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC;IAClD,KAAK,CAAC,gCAAgC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAC3E,KAAK,CAAC,gBAAgB,EAAE,GAAG,CAAA,6CAA6C,CAAC;CAC1E,CACF,CAAC;AAEF,8EAA8E;AAC9E,yEAAyE;AACzE,8EAA8E;AAE9E,MAAM,CAAC,MAAM,aAAa,GAAG,WAAW,CAAC,iBAAiB,EAAE;IAC1D,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,UAAU,EAAE;IAC7B,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE;IAC9B,SAAS,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE;CAClE,CAAC,CAAC;AAEH,8EAA8E;AAC9E,8DAA8D;AAC9D,8EAA8E;AAE9E,MAAM,CAAC,MAAM,gBAAgB,GAAG,WAAW,CACzC,mBAAmB,EACnB;IACE,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,EAAE,UAAU;IACvC,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC,OAAO,EAAE;IACvC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC;IAC3B,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,EAAE,4BAA4B;IAChE,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,EAAE,gBAAgB;IAClD,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE,mCAAmC;IACzD,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,mCAAmC;IAC7D,SAAS,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE;CAClE,EACD,CAAC,KAAK,EAAE,EAAE,CAAC;IACT,KAAK,CAAC,kCAAkC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC;IAC7D,KAAK,CAAC,iCAAiC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC;IAC3D,KAAK,CAAC,8BAA8B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC;IACtD,KAAK,CAAC,kCAAkC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC;IAC7D,KAAK,CAAC,wBAAwB,EAAE,aAAa,CAAC,QAAQ,EAAE,yBAAyB,CAAC,CAAC;CACpF,CACF,CAAC;AAEF,8EAA8E;AAC9E,4EAA4E;AAC5E,8EAA8E;AAE9E,MAAM,CAAC,MAAM,aAAa,GAAG,WAAW,CACtC,gBAAgB,EAChB;IACE,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,EAAE,UAAU;IACvC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,EAAE,iBAAiB;IACrD,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,EAAE,0BAA0B;IAC9D,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE;IAChC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE;IAC5B,QAAQ,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE;IACvC,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,uBAAuB;IAC3E,SAAS,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE;CAClE,EACD,CAAC,KAAK,EAAE,EAAE,CAAC;IACT,WAAW,CAAC,oCAAoC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC;IAClF,KAAK,CAAC,4BAA4B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC;IACrD,KAAK,CAAC,oBAAoB,EAAE,GAAG,CAAA,iCAAiC,CAAC;CAClE,CACF,CAAC;AAEF,8EAA8E;AAC9E,gEAAgE;AAChE,8EAA8E;AAE9E,MAAM,CAAC,MAAM,QAAQ,GAAG,WAAW,CACjC,UAAU,EACV;IACE,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,UAAU,EAAE,EAAE,2CAA2C;IAC1E,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,2CAA2C;IAC3E,SAAS,EAAE,OAAO,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAC7E,QAAQ,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,EAAE,oEAAoE;IAC1G,SAAS,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE;CAClE,EACD,CAAC,KAAK,EAAE,EAAE,CAAC;IACT,KAAK,CAAC,uBAAuB,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC;CAClD,CACF,CAAC;AAEF,8EAA8E;AAC9E,yEAAyE;AACzE,8EAA8E;AAE9E,MAAM,CAAC,MAAM,OAAO,GAAG,WAAW,CAAC,UAAU,EAAE;IAC7C,YAAY,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC,UAAU,EAAE;IAChD,YAAY,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC,OAAO,EAAE;IAC7C,SAAS,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE;IACjE,SAAS,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE;CAClE,CAAC,CAAC;AAEH,8EAA8E;AAC9E,kEAAkE;AAClE,8EAA8E;AAE9E,MAAM,CAAC,MAAM,aAAa,GAAG,WAAW,CACtC,gBAAgB,EAChB;IACE,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,UAAU,EAAE;IACvC,QAAQ,EAAE,IAAI,CAAC,UAAU,CAAC;IAC1B,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,SAAS,CAAC;IAC/C,YAAY,EAAE,OAAO,CAAC,eAAe,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE;IACvE,UAAU,EAAE,OAAO,CAAC,aAAa,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;CAC1D,EACD,CAAC,KAAK,EAAE,EAAE,CAAC;IACT,KAAK,CAAC,yBAAyB,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC;IAC/C,KAAK,CAAC,qBAAqB,EAAE,GAAG,CAAA,0CAA0C,CAAC;CAC5E,CACF,CAAC;AAEF,8EAA8E;AAC9E,mEAAmE;AACnE,8EAA8E;AAE9E,MAAM,CAAC,MAAM,UAAU,GAAG,WAAW,CACnC,aAAa,EACb;IACE,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC;SACxB,UAAU,EAAE;SACZ,UAAU,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IACxD,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,CAAC,MAAM,EAAE;IACvC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC;IAC3B,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE;IACnC,YAAY,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC,OAAO,EAAE;IAC7C,UAAU,EAAE,IAAI,CAAC,YAAY,CAAC;IAC9B,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE;IACnC,SAAS,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE;CAClE,EACD,CAAC,KAAK,EAAE,EAAE,CAAC;IACT,KAAK,CAAC,uBAAuB,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC;CAC/C,CACF,CAAC;AAEF,8EAA8E;AAC9E,gEAAgE;AAChE,8EAA8E;AAE9E,MAAM,CAAC,MAAM,OAAO,GAAG,WAAW,CAAC,UAAU,EAAE;IAC7C,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,UAAU,EAAE;IAC7B,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE;CAC/B,CAAC,CAAC"}
package/dist/infrastructure/jwt/index.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ export { JwtSecretManager, type JwtPayload } from './jwt-secret-manager.js';
2
+ //# sourceMappingURL=index.d.ts.map
package/dist/infrastructure/jwt/index.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/infrastructure/jwt/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,KAAK,UAAU,EAAE,MAAM,yBAAyB,CAAC"}
package/dist/infrastructure/jwt/index.js ADDED
@@ -0,0 +1,2 @@
1
+ export { JwtSecretManager } from './jwt-secret-manager.js';
2
+ //# sourceMappingURL=index.js.map
package/dist/infrastructure/jwt/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/infrastructure/jwt/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAmB,MAAM,yBAAyB,CAAC"}
package/dist/infrastructure/jwt/jwt-secret-manager.d.ts ADDED
@@ -0,0 +1,58 @@
1
+ /**
2
+ * JWT Secret Manager: generates, stores, rotates JWT secrets with dual-key window.
3
+ *
4
+ * Secrets are stored in the key_value_store SQLite table via Drizzle ORM.
5
+ * Dual-key rotation: after rotation, old key remains valid for 5 minutes.
6
+ *
7
+ * Storage keys:
8
+ * - jwt_secret_current: JSON { secret: hex, createdAt: epoch_seconds }
9
+ * - jwt_secret_previous: JSON { secret: hex, createdAt: epoch_seconds }
10
+ *
11
+ * Token format: wai_sess_<JWT> (HS256)
12
+ *
13
+ * @see docs/52-auth-redesign.md
14
+ */
15
+ import type { BetterSQLite3Database } from 'drizzle-orm/better-sqlite3';
16
+ import type * as schema from '../database/schema.js';
17
+ export interface JwtPayload {
18
+ sub: string;
19
+ wlt: string;
20
+ iat: number;
21
+ exp: number;
22
+ }
23
+ export declare class JwtSecretManager {
24
+ private db;
25
+ private _currentSecret;
26
+ private _previousSecret;
27
+ constructor(db: BetterSQLite3Database<typeof schema>);
28
+ /**
29
+ * Initialize: generate new secret on first run, or load existing from DB.
30
+ */
31
+ initialize(): Promise<void>;
32
+ /**
33
+ * Return the current hex secret string.
34
+ */
35
+ getCurrentSecret(): Promise<string>;
36
+ /**
37
+ * Return array of valid secrets. Normally just [current].
38
+ * During rotation window (previous exists and rotation was < 5 minutes ago),
39
+ * returns [current, previous].
40
+ */
41
+ getValidSecrets(): Promise<string[]>;
42
+ /**
43
+ * Rotate the JWT secret. Generate new, move current to previous.
44
+ * Throws ROTATION_TOO_RECENT if last rotation was < 5 minutes ago.
45
+ */
46
+ rotateSecret(): Promise<void>;
47
+ /**
48
+ * Sign a JWT payload. Returns wai_sess_ prefixed token.
49
+ */
50
+ signToken(payload: JwtPayload): Promise<string>;
51
+ /**
52
+ * Verify a wai_sess_ prefixed token against valid secrets.
53
+ * Returns decoded JwtPayload on success.
54
+ * Throws TOKEN_EXPIRED for expired tokens, INVALID_TOKEN for all other failures.
55
+ */
56
+ verifyToken(token: string): Promise<JwtPayload>;
57
+ }
58
+ //# sourceMappingURL=jwt-secret-manager.d.ts.map
package/dist/infrastructure/jwt/jwt-secret-manager.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"jwt-secret-manager.d.ts","sourceRoot":"","sources":["../../../src/infrastructure/jwt/jwt-secret-manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAIH,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AAGxE,OAAO,KAAK,KAAK,MAAM,MAAM,uBAAuB,CAAC;AAOrD,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAqBD,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,EAAE,CAAuC;IACjD,OAAO,CAAC,cAAc,CAA6B;IACnD,OAAO,CAAC,eAAe,CAA6B;gBAExC,EAAE,EAAE,qBAAqB,CAAC,OAAO,MAAM,CAAC;IAIpD;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAuCjC;;OAEG;IACG,gBAAgB,IAAI,OAAO,CAAC,MAAM,CAAC;IAOzC;;;;OAIG;IACG,eAAe,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAkB1C;;;OAGG;IACG,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;IA0DnC;;OAEG;IACG,SAAS,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC;IAmBrD;;;;OAIG;IACG,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;CA2CtD"}
package/dist/infrastructure/jwt/jwt-secret-manager.js ADDED
@@ -0,0 +1,222 @@
1
+ /**
2
+ * JWT Secret Manager: generates, stores, rotates JWT secrets with dual-key window.
3
+ *
4
+ * Secrets are stored in the key_value_store SQLite table via Drizzle ORM.
5
+ * Dual-key rotation: after rotation, old key remains valid for 5 minutes.
6
+ *
7
+ * Storage keys:
8
+ * - jwt_secret_current: JSON { secret: hex, createdAt: epoch_seconds }
9
+ * - jwt_secret_previous: JSON { secret: hex, createdAt: epoch_seconds }
10
+ *
11
+ * Token format: wai_sess_<JWT> (HS256)
12
+ *
13
+ * @see docs/52-auth-redesign.md
14
+ */
15
+ import { randomBytes } from 'node:crypto';
16
+ import { SignJWT, jwtVerify, errors as joseErrors } from 'jose';
17
+ import { eq } from 'drizzle-orm';
18
+ import { WAIaaSError } from '@waiaas/core';
19
+ import { keyValueStore } from '../database/schema.js';
20
+ // ---------------------------------------------------------------------------
21
+ // Constants
22
+ // ---------------------------------------------------------------------------
23
+ const TOKEN_PREFIX = 'wai_sess_';
24
+ const KEY_CURRENT = 'jwt_secret_current';
25
+ const KEY_PREVIOUS = 'jwt_secret_previous';
26
+ const ROTATION_WINDOW_SECONDS = 5 * 60; // 5 minutes
27
+ const SECRET_BYTES = 32; // 256-bit
28
+ // ---------------------------------------------------------------------------
29
+ // JwtSecretManager
30
+ // ---------------------------------------------------------------------------
31
+ export class JwtSecretManager {
32
+ db;
33
+ _currentSecret = null;
34
+ _previousSecret = null;
35
+ constructor(db) {
36
+ this.db = db;
37
+ }
38
+ /**
39
+ * Initialize: generate new secret on first run, or load existing from DB.
40
+ */
41
+ async initialize() {
42
+ const existing = this.db
43
+ .select()
44
+ .from(keyValueStore)
45
+ .where(eq(keyValueStore.key, KEY_CURRENT))
46
+ .get();
47
+ if (existing) {
48
+ this._currentSecret = JSON.parse(existing.value);
49
+ }
50
+ else {
51
+ const secret = randomBytes(SECRET_BYTES).toString('hex');
52
+ const nowSec = Math.floor(Date.now() / 1000);
53
+ const stored = { secret, createdAt: nowSec };
54
+ this.db
55
+ .insert(keyValueStore)
56
+ .values({
57
+ key: KEY_CURRENT,
58
+ value: JSON.stringify(stored),
59
+ updatedAt: new Date(nowSec * 1000),
60
+ })
61
+ .onConflictDoNothing()
62
+ .run();
63
+ this._currentSecret = stored;
64
+ }
65
+ // Load previous secret if exists
66
+ const prev = this.db
67
+ .select()
68
+ .from(keyValueStore)
69
+ .where(eq(keyValueStore.key, KEY_PREVIOUS))
70
+ .get();
71
+ if (prev) {
72
+ this._previousSecret = JSON.parse(prev.value);
73
+ }
74
+ }
75
+ /**
76
+ * Return the current hex secret string.
77
+ */
78
+ async getCurrentSecret() {
79
+ if (!this._currentSecret) {
80
+ throw new Error('JwtSecretManager not initialized. Call initialize() first.');
81
+ }
82
+ return this._currentSecret.secret;
83
+ }
84
+ /**
85
+ * Return array of valid secrets. Normally just [current].
86
+ * During rotation window (previous exists and rotation was < 5 minutes ago),
87
+ * returns [current, previous].
88
+ */
89
+ async getValidSecrets() {
90
+ if (!this._currentSecret) {
91
+ throw new Error('JwtSecretManager not initialized. Call initialize() first.');
92
+ }
93
+ const secrets = [this._currentSecret.secret];
94
+ if (this._previousSecret) {
95
+ const nowSec = Math.floor(Date.now() / 1000);
96
+ const elapsed = nowSec - this._currentSecret.createdAt;
97
+ if (elapsed < ROTATION_WINDOW_SECONDS) {
98
+ secrets.push(this._previousSecret.secret);
99
+ }
100
+ }
101
+ return secrets;
102
+ }
103
+ /**
104
+ * Rotate the JWT secret. Generate new, move current to previous.
105
+ * Throws ROTATION_TOO_RECENT if last rotation was < 5 minutes ago.
106
+ */
107
+ async rotateSecret() {
108
+ if (!this._currentSecret) {
109
+ throw new Error('JwtSecretManager not initialized. Call initialize() first.');
110
+ }
111
+ const nowSec = Math.floor(Date.now() / 1000);
112
+ const elapsed = nowSec - this._currentSecret.createdAt;
113
+ if (elapsed < ROTATION_WINDOW_SECONDS) {
114
+ throw new WAIaaSError('ROTATION_TOO_RECENT', {
115
+ message: `Key rotation attempted too recently. Wait ${ROTATION_WINDOW_SECONDS - elapsed} seconds.`,
116
+ });
117
+ }
118
+ const newSecret = randomBytes(SECRET_BYTES).toString('hex');
119
+ const newStored = { secret: newSecret, createdAt: nowSec };
120
+ const oldStored = this._currentSecret;
121
+ // Single DB transaction: move current -> previous, store new current
122
+ this.db.transaction((tx) => {
123
+ // Store old as previous
124
+ tx.insert(keyValueStore)
125
+ .values({
126
+ key: KEY_PREVIOUS,
127
+ value: JSON.stringify(oldStored),
128
+ updatedAt: new Date(nowSec * 1000),
129
+ })
130
+ .onConflictDoUpdate({
131
+ target: keyValueStore.key,
132
+ set: {
133
+ value: JSON.stringify(oldStored),
134
+ updatedAt: new Date(nowSec * 1000),
135
+ },
136
+ })
137
+ .run();
138
+ // Store new as current
139
+ tx.insert(keyValueStore)
140
+ .values({
141
+ key: KEY_CURRENT,
142
+ value: JSON.stringify(newStored),
143
+ updatedAt: new Date(nowSec * 1000),
144
+ })
145
+ .onConflictDoUpdate({
146
+ target: keyValueStore.key,
147
+ set: {
148
+ value: JSON.stringify(newStored),
149
+ updatedAt: new Date(nowSec * 1000),
150
+ },
151
+ })
152
+ .run();
153
+ });
154
+ // Update in-memory cache
155
+ this._previousSecret = oldStored;
156
+ this._currentSecret = newStored;
157
+ }
158
+ /**
159
+ * Sign a JWT payload. Returns wai_sess_ prefixed token.
160
+ */
161
+ async signToken(payload) {
162
+ if (!this._currentSecret) {
163
+ throw new Error('JwtSecretManager not initialized. Call initialize() first.');
164
+ }
165
+ const secretKey = Buffer.from(this._currentSecret.secret, 'hex');
166
+ const jwt = await new SignJWT({
167
+ sub: payload.sub,
168
+ wlt: payload.wlt,
169
+ })
170
+ .setProtectedHeader({ alg: 'HS256' })
171
+ .setIssuedAt(payload.iat)
172
+ .setExpirationTime(payload.exp)
173
+ .sign(secretKey);
174
+ return TOKEN_PREFIX + jwt;
175
+ }
176
+ /**
177
+ * Verify a wai_sess_ prefixed token against valid secrets.
178
+ * Returns decoded JwtPayload on success.
179
+ * Throws TOKEN_EXPIRED for expired tokens, INVALID_TOKEN for all other failures.
180
+ */
181
+ async verifyToken(token) {
182
+ if (!token.startsWith(TOKEN_PREFIX)) {
183
+ throw new WAIaaSError('INVALID_TOKEN', {
184
+ message: 'Token must start with wai_sess_ prefix',
185
+ });
186
+ }
187
+ const jwt = token.slice(TOKEN_PREFIX.length);
188
+ const validSecrets = await this.getValidSecrets();
189
+ let lastError;
190
+ for (const secret of validSecrets) {
191
+ try {
192
+ const secretKey = Buffer.from(secret, 'hex');
193
+ const { payload } = await jwtVerify(jwt, secretKey, {
194
+ algorithms: ['HS256'],
195
+ });
196
+ return {
197
+ sub: payload.sub,
198
+ wlt: payload.wlt,
199
+ iat: payload.iat,
200
+ exp: payload.exp,
201
+ };
202
+ }
203
+ catch (err) {
204
+ lastError = err;
205
+ // If expired, throw immediately (no need to try other keys)
206
+ if (err instanceof joseErrors.JWTExpired) {
207
+ throw new WAIaaSError('TOKEN_EXPIRED', {
208
+ message: 'Authentication token has expired',
209
+ cause: err,
210
+ });
211
+ }
212
+ // Try next secret
213
+ continue;
214
+ }
215
+ }
216
+ throw new WAIaaSError('INVALID_TOKEN', {
217
+ message: 'Invalid authentication token',
218
+ cause: lastError instanceof Error ? lastError : undefined,
219
+ });
220
+ }
221
+ }
222
+ //# sourceMappingURL=jwt-secret-manager.js.map
package/dist/infrastructure/jwt/jwt-secret-manager.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"jwt-secret-manager.js","sourceRoot":"","sources":["../../../src/infrastructure/jwt/jwt-secret-manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,MAAM,CAAC;AAEhE,OAAO,EAAE,EAAE,EAAE,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAE3C,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAkBtD,8EAA8E;AAC9E,YAAY;AACZ,8EAA8E;AAE9E,MAAM,YAAY,GAAG,WAAW,CAAC;AACjC,MAAM,WAAW,GAAG,oBAAoB,CAAC;AACzC,MAAM,YAAY,GAAG,qBAAqB,CAAC;AAC3C,MAAM,uBAAuB,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,YAAY;AACpD,MAAM,YAAY,GAAG,EAAE,CAAC,CAAC,UAAU;AAEnC,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,MAAM,OAAO,gBAAgB;IACnB,EAAE,CAAuC;IACzC,cAAc,GAAwB,IAAI,CAAC;IAC3C,eAAe,GAAwB,IAAI,CAAC;IAEpD,YAAY,EAAwC;QAClD,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;IACf,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,MAAM,QAAQ,GAAG,IAAI,CAAC,EAAE;aACrB,MAAM,EAAE;aACR,IAAI,CAAC,aAAa,CAAC;aACnB,KAAK,CAAC,EAAE,CAAC,aAAa,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;aACzC,GAAG,EAAE,CAAC;QAET,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAiB,CAAC;QACnE,CAAC;aAAM,CAAC;YACN,MAAM,MAAM,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YACzD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAC7C,MAAM,MAAM,GAAiB,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;YAE3D,IAAI,CAAC,EAAE;iBACJ,MAAM,CAAC,aAAa,CAAC;iBACrB,MAAM,CAAC;gBACN,GAAG,EAAE,WAAW;gBAChB,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;gBAC7B,SAAS,EAAE,IAAI,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;aACnC,CAAC;iBACD,mBAAmB,EAAE;iBACrB,GAAG,EAAE,CAAC;YAET,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC;QAC/B,CAAC;QAED,iCAAiC;QACjC,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE;aACjB,MAAM,EAAE;aACR,IAAI,CAAC,aAAa,CAAC;aACnB,KAAK,CAAC,EAAE,CAAC,aAAa,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;aAC1C,GAAG,EAAE,CAAC;QAET,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAiB,CAAC;QAChE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB;QACpB,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;QAChF,CAAC;QACD,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC;IACpC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,eAAe;QACnB,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;QAChF,CAAC;QAED,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAE7C,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAC7C,MAAM,OAAO,GAAG,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC;YACvD,IAAI,OAAO,GAAG,uBAAuB,EAAE,CAAC;gBACtC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;YAC5C,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY;QAChB,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;QAChF,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC7C,MAAM,OAAO,GAAG,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC;QAEvD,IAAI,OAAO,GAAG,uBAAuB,EAAE,CAAC;YACtC,MAAM,IAAI,WAAW,CAAC,qBAAqB,EAAE;gBAC3C,OAAO,EAAE,6CAA6C,uBAAuB,GAAG,OAAO,WAAW;aACnG,CAAC,CAAC;QACL,CAAC;QAED,MAAM,SAAS,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC5D,MAAM,SAAS,GAAiB,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;QACzE,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC;QAEtC,qEAAqE;QACrE,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,EAAE,EAAE,EAAE;YACzB,wBAAwB;YACxB,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC;iBACrB,MAAM,CAAC;gBACN,GAAG,EAAE,YAAY;gBACjB,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC;gBAChC,SAAS,EAAE,IAAI,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;aACnC,CAAC;iBACD,kBAAkB,CAAC;gBAClB,MAAM,EAAE,aAAa,CAAC,GAAG;gBACzB,GAAG,EAAE;oBACH,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC;oBAChC,SAAS,EAAE,IAAI,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;iBACnC;aACF,CAAC;iBACD,GAAG,EAAE,CAAC;YAET,uBAAuB;YACvB,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC;iBACrB,MAAM,CAAC;gBACN,GAAG,EAAE,WAAW;gBAChB,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC;gBAChC,SAAS,EAAE,IAAI,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;aACnC,CAAC;iBACD,kBAAkB,CAAC;gBAClB,MAAM,EAAE,aAAa,CAAC,GAAG;gBACzB,GAAG,EAAE;oBACH,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC;oBAChC,SAAS,EAAE,IAAI,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;iBACnC;aACF,CAAC;iBACD,GAAG,EAAE,CAAC;QACX,CAAC,CAAC,CAAC;QAEH,yBAAyB;QACzB,IAAI,CAAC,eAAe,GAAG,SAAS,CAAC;QACjC,IAAI,CAAC,cAAc,GAAG,SAAS,CAAC;IAClC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,OAAmB;QACjC,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;QAChF,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAEjE,MAAM,GAAG,GAAG,MAAM,IAAI,OAAO,CAAC;YAC5B,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,GAAG,EAAE,OAAO,CAAC,GAAG;SACjB,CAAC;aACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;aACpC,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC;aACxB,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC;aAC9B,IAAI,CAAC,SAAS,CAAC,CAAC;QAEnB,OAAO,YAAY,GAAG,GAAG,CAAC;IAC5B,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,WAAW,CAAC,KAAa;QAC7B,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YACpC,MAAM,IAAI,WAAW,CAAC,eAAe,EAAE;gBACrC,OAAO,EAAE,wCAAwC;aAClD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAC7C,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAElD,IAAI,SAAkB,CAAC;QACvB,KAAK,MAAM,MAAM,IAAI,YAAY,EAAE,CAAC;YAClC,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;gBAC7C,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,SAAS,EAAE;oBAClD,UAAU,EAAE,CAAC,OAAO,CAAC;iBACtB,CAAC,CAAC;gBAEH,OAAO;oBACL,GAAG,EAAE,OAAO,CAAC,GAAa;oBAC1B,GAAG,EAAE,OAAO,CAAC,GAAa;oBAC1B,GAAG,EAAE,OAAO,CAAC,GAAa;oBAC1B,GAAG,EAAE,OAAO,CAAC,GAAa;iBAC3B,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,SAAS,GAAG,GAAG,CAAC;gBAChB,4DAA4D;gBAC5D,IAAI,GAAG,YAAY,UAAU,CAAC,UAAU,EAAE,CAAC;oBACzC,MAAM,IAAI,WAAW,CAAC,eAAe,EAAE;wBACrC,OAAO,EAAE,kCAAkC;wBAC3C,KAAK,EAAE,GAAG;qBACX,CAAC,CAAC;gBACL,CAAC;gBACD,kBAAkB;gBAClB,SAAS;YACX,CAAC;QACH,CAAC;QAED,MAAM,IAAI,WAAW,CAAC,eAAe,EAAE;YACrC,OAAO,EAAE,8BAA8B;YACvC,KAAK,EAAE,SAAS,YAAY,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;SAC1D,CAAC,CAAC;IACL,CAAC;CACF"}