@wlfi-agent/cli 1.4.12 → 1.4.14

package/crates/vault-daemon/src/daemon_parts/api_impl_and_utils.rs

@@ -0,0 +1,1041 @@
+#[async_trait]
+impl<B> KeyManagerDaemonApi for InMemoryDaemon<B>
+where
+    B: VaultSignerBackend,
+{
+    async fn issue_lease(&self, vault_password: &str) -> Result<Lease, DaemonError> {
+        let _state_guard = self.state_persist_guard.lock().await;
+        let backup = self.backup_state_if_persistent()?;
+        self.authenticate_password(vault_password)?;
+        let now = OffsetDateTime::now_utc();
+        let expires_at = now.checked_add(self.config.lease_ttl).ok_or_else(|| {
+            DaemonError::InvalidConfig("lease_ttl causes timestamp overflow".to_string())
+        })?;
+        let lease = Lease {
+            lease_id: Uuid::new_v4(),
+            issued_at: now,
+            expires_at,
+        };
+        {
+            let mut leases = self.leases.write().map_err(|_| DaemonError::LockPoisoned)?;
+            // Retain only currently valid leases so corrupted/future-dated entries
+            // cannot permanently consume capacity.
+            leases.retain(|_, existing_lease| existing_lease.is_valid_at(now));
+            if leases.len() >= self.config.max_active_leases {
+                return Err(DaemonError::TooManyActiveLeases);
+            }
+            leases.insert(lease.lease_id, lease.clone());
+        }
+        self.persist_or_revert(backup)?;
+        Ok(lease)
+    }
+
+    async fn add_policy(
+        &self,
+        session: &AdminSession,
+        policy: SpendingPolicy,
+    ) -> Result<(), DaemonError> {
+        let _state_guard = self.state_persist_guard.lock().await;
+        let backup = self.backup_state_if_persistent()?;
+        self.authenticate(session, OffsetDateTime::now_utc())?;
+        validate_policy(&policy)?;
+
+        self.policies
+            .write()
+            .map_err(|_| DaemonError::LockPoisoned)?
+            .insert(policy.id, policy);
+
+        self.persist_or_revert(backup)?;
+        Ok(())
+    }
+
+    async fn list_policies(
+        &self,
+        session: &AdminSession,
+    ) -> Result<Vec<SpendingPolicy>, DaemonError> {
+        self.authenticate(session, OffsetDateTime::now_utc())?;
+        let mut policies: Vec<SpendingPolicy> = self
+            .policies
+            .read()
+            .map_err(|_| DaemonError::LockPoisoned)?
+            .values()
+            .cloned()
+            .collect();
+        policies.sort_by(|a, b| a.priority.cmp(&b.priority).then_with(|| a.id.cmp(&b.id)));
+        Ok(policies)
+    }
+
+    async fn disable_policy(
+        &self,
+        session: &AdminSession,
+        policy_id: Uuid,
+    ) -> Result<(), DaemonError> {
+        let _state_guard = self.state_persist_guard.lock().await;
+        let backup = self.backup_state_if_persistent()?;
+        self.authenticate(session, OffsetDateTime::now_utc())?;
+        {
+            let mut policies = self
+                .policies
+                .write()
+                .map_err(|_| DaemonError::LockPoisoned)?;
+            let policy = policies
+                .get_mut(&policy_id)
+                .ok_or(DaemonError::UnknownPolicy(policy_id))?;
+            policy.enabled = false;
+        }
+        self.persist_or_revert(backup)?;
+        Ok(())
+    }
+
+    async fn create_vault_key(
+        &self,
+        session: &AdminSession,
+        request: KeyCreateRequest,
+    ) -> Result<VaultKey, DaemonError> {
+        let _state_guard = self.state_persist_guard.lock().await;
+        let backup = self.backup_state_if_persistent()?;
+        self.authenticate(session, OffsetDateTime::now_utc())?;
+
+        let vault_key = self.signer_backend.create_vault_key(request).await?;
+
+        self.vault_keys
+            .write()
+            .map_err(|_| DaemonError::LockPoisoned)?
+            .insert(vault_key.id, vault_key.clone());
+
+        self.persist_or_revert(backup)?;
+        Ok(vault_key)
+    }
+
+    async fn export_vault_private_key(
+        &self,
+        session: &AdminSession,
+        vault_key_id: Uuid,
+    ) -> Result<Option<String>, DaemonError> {
+        self.authenticate(session, OffsetDateTime::now_utc())?;
+
+        if !self
+            .vault_keys
+            .read()
+            .map_err(|_| DaemonError::LockPoisoned)?
+            .contains_key(&vault_key_id)
+        {
+            return Err(DaemonError::UnknownVaultKey(vault_key_id));
+        }
+
+        let mut exported = self
+            .signer_backend
+            .export_persistable_key_material(&[vault_key_id])
+            .map_err(DaemonError::Signer)?;
+        Ok(exported.remove(&vault_key_id))
+    }
+
+    async fn create_agent_key(
+        &self,
+        session: &AdminSession,
+        vault_key_id: Uuid,
+        attachment: PolicyAttachment,
+    ) -> Result<AgentCredentials, DaemonError> {
+        let _state_guard = self.state_persist_guard.lock().await;
+        let backup = self.backup_state_if_persistent()?;
+        let now = OffsetDateTime::now_utc();
+        self.authenticate(session, now)?;
+
+        if !self
+            .vault_keys
+            .read()
+            .map_err(|_| DaemonError::LockPoisoned)?
+            .contains_key(&vault_key_id)
+        {
+            return Err(DaemonError::UnknownVaultKey(vault_key_id));
+        }
+
+        if let PolicyAttachment::PolicySet(ids) = &attachment {
+            if ids.is_empty() {
+                return Err(DaemonError::InvalidPolicyAttachment(
+                    "policy set cannot be empty".to_string(),
+                ));
+            }
+            let policies = self
+                .policies
+                .read()
+                .map_err(|_| DaemonError::LockPoisoned)?;
+            for id in ids {
+                if !policies.contains_key(id) {
+                    return Err(DaemonError::UnknownPolicy(*id));
+                }
+            }
+        }
+
+        let agent_key = AgentKey {
+            id: Uuid::new_v4(),
+            vault_key_id,
+            policies: attachment,
+            created_at: now,
+        };
+
+        self.agent_keys
+            .write()
+            .map_err(|_| DaemonError::LockPoisoned)?
+            .insert(agent_key.id, agent_key.clone());
+
+        let auth_token = generate_agent_auth_token();
+        self.agent_auth_tokens
+            .write()
+            .map_err(|_| DaemonError::LockPoisoned)?
+            .insert(agent_key.id, hash_agent_auth_token(&auth_token));
+
+        self.persist_or_revert(backup)?;
+        Ok(AgentCredentials {
+            agent_key,
+            auth_token,
+        })
+    }
+
+    async fn rotate_agent_auth_token(
+        &self,
+        session: &AdminSession,
+        agent_key_id: Uuid,
+    ) -> Result<String, DaemonError> {
+        self.authenticate(session, OffsetDateTime::now_utc())?;
+        let _signing_guard = self.signing_guard.lock().await;
+        let _state_guard = self.state_persist_guard.lock().await;
+        let backup = self.backup_state_if_persistent()?;
+
+        if !self
+            .agent_keys
+            .read()
+            .map_err(|_| DaemonError::LockPoisoned)?
+            .contains_key(&agent_key_id)
+        {
+            return Err(DaemonError::UnknownAgentKey(agent_key_id));
+        }
+
+        let auth_token = generate_agent_auth_token();
+        self.agent_auth_tokens
+            .write()
+            .map_err(|_| DaemonError::LockPoisoned)?
+            .insert(agent_key_id, hash_agent_auth_token(&auth_token));
+        self.persist_or_revert(backup)?;
+        Ok(auth_token)
+    }
+
+    async fn revoke_agent_key(
+        &self,
+        session: &AdminSession,
+        agent_key_id: Uuid,
+    ) -> Result<(), DaemonError> {
+        self.authenticate(session, OffsetDateTime::now_utc())?;
+        let _signing_guard = self.signing_guard.lock().await;
+        let _state_guard = self.state_persist_guard.lock().await;
+        let backup = self.backup_state_if_persistent()?;
+
+        let removed = self
+            .agent_keys
+            .write()
+            .map_err(|_| DaemonError::LockPoisoned)?
+            .remove(&agent_key_id)
+            .is_some();
+        if !removed {
+            return Err(DaemonError::UnknownAgentKey(agent_key_id));
+        }
+
+        self.agent_auth_tokens
+            .write()
+            .map_err(|_| DaemonError::LockPoisoned)?
+            .remove(&agent_key_id);
+        self.spend_log
+            .write()
+            .map_err(|_| DaemonError::LockPoisoned)?
+            .retain(|event| event.agent_key_id != agent_key_id);
+        self.nonce_reservations
+            .write()
+            .map_err(|_| DaemonError::LockPoisoned)?
+            .retain(|_, reservation| reservation.agent_key_id != agent_key_id);
+        self.persist_or_revert(backup)?;
+        Ok(())
+    }
+
+    async fn list_manual_approval_requests(
+        &self,
+        session: &AdminSession,
+    ) -> Result<Vec<ManualApprovalRequest>, DaemonError> {
+        self.authenticate(session, OffsetDateTime::now_utc())?;
+        let mut requests = self
+            .manual_approval_requests
+            .read()
+            .map_err(|_| DaemonError::LockPoisoned)?
+            .values()
+            .cloned()
+            .collect::<Vec<_>>();
+        requests.sort_by(|left, right| right.created_at.cmp(&left.created_at));
+        Ok(requests)
+    }
+
+    async fn decide_manual_approval_request(
+        &self,
+        session: &AdminSession,
+        approval_request_id: Uuid,
+        decision: ManualApprovalDecision,
+        rejection_reason: Option<String>,
+    ) -> Result<ManualApprovalRequest, DaemonError> {
+        self.authenticate(session, OffsetDateTime::now_utc())?;
+        let _state_guard = self.state_persist_guard.lock().await;
+        let backup = self.backup_state_if_persistent()?;
+        let now = OffsetDateTime::now_utc();
+
+        let updated = {
+            let mut requests = self
+                .manual_approval_requests
+                .write()
+                .map_err(|_| DaemonError::LockPoisoned)?;
+            let request = requests.get_mut(&approval_request_id).ok_or(
+                DaemonError::UnknownManualApprovalRequest(approval_request_id),
+            )?;
+            request.updated_at = now;
+            match decision {
+                ManualApprovalDecision::Approve => {
+                    request.status = ManualApprovalStatus::Approved;
+                    request.rejection_reason = None;
+                }
+                ManualApprovalDecision::Reject => {
+                    request.status = ManualApprovalStatus::Rejected;
+                    request.rejection_reason = rejection_reason.and_then(|value| {
+                        let trimmed = value.trim().to_string();
+                        (!trimmed.is_empty()).then_some(trimmed)
+                    });
+                }
+            }
+            request.clone()
+        };
+
+        self.persist_or_revert(backup)?;
+        Ok(updated)
+    }
+
+    async fn set_relay_config(
+        &self,
+        session: &AdminSession,
+        relay_url: Option<String>,
+        frontend_url: Option<String>,
+    ) -> Result<RelayConfig, DaemonError> {
+        self.authenticate(session, OffsetDateTime::now_utc())?;
+        let _state_guard = self.state_persist_guard.lock().await;
+        let backup = self.backup_state_if_persistent()?;
+
+        let normalized = normalize_optional_url("relay_url", relay_url)?;
+        let normalized_frontend = normalize_optional_url("frontend_url", frontend_url)?;
+        {
+            let mut relay_config = self
+                .relay_config
+                .write()
+                .map_err(|_| DaemonError::LockPoisoned)?;
+            relay_config.relay_url = normalized;
+            relay_config.frontend_url = normalized_frontend;
+        }
+
+        let relay_config = self
+            .relay_config
+            .read()
+            .map_err(|_| DaemonError::LockPoisoned)?
+            .clone();
+        self.persist_or_revert(backup)?;
+        Ok(relay_config)
+    }
+
+    async fn get_relay_config(&self, session: &AdminSession) -> Result<RelayConfig, DaemonError> {
+        self.authenticate(session, OffsetDateTime::now_utc())?;
+        Ok(self
+            .relay_config
+            .read()
+            .map_err(|_| DaemonError::LockPoisoned)?
+            .clone())
+    }
+
+    async fn evaluate_for_agent(
+        &self,
+        request: SignRequest,
+    ) -> Result<PolicyEvaluation, DaemonError> {
+        let mut request = request;
+        let result = {
+            let now = OffsetDateTime::now_utc();
+            let (_, _, policy_evaluation) = self.evaluate_authorized_request(&request, now)?;
+            Ok(policy_evaluation)
+        };
+        request.zeroize_secrets();
+        result
+    }
+
+    async fn explain_for_agent(
+        &self,
+        request: SignRequest,
+    ) -> Result<PolicyExplanation, DaemonError> {
+        let mut request = request;
+        let result = {
+            let now = OffsetDateTime::now_utc();
+            let (_, _, policy_explanation) = self.explain_authorized_request(&request, now)?;
+            Ok(policy_explanation)
+        };
+        request.zeroize_secrets();
+        result
+    }
+
+    async fn reserve_nonce(
+        &self,
+        request: NonceReservationRequest,
+    ) -> Result<NonceReservation, DaemonError> {
+        let mut request = request;
+        let result = async {
+            let _signing_guard = self.signing_guard.lock().await;
+            let _state_guard = self.state_persist_guard.lock().await;
+            let backup = self.backup_state_if_persistent()?;
+            let now = OffsetDateTime::now_utc();
+            self.validate_request_timestamps(request.requested_at, request.expires_at, now)?;
+            if request.chain_id == 0 {
+                return Err(DaemonError::InvalidNonceReservation(
+                    "chain_id must be greater than zero".to_string(),
+                ));
+            }
+            let agent_key =
+                self.authenticate_agent(request.agent_key_id, &request.agent_auth_token)?;
+            self.register_replay_id(request.request_id, request.expires_at, now)?;
+            self.prune_nonce_reservations(now)?;
+
+            let max_lease_expires = now + self.config.nonce_reservation_ttl;
+            let lease_expires = if request.expires_at < max_lease_expires {
+                request.expires_at
+            } else {
+                max_lease_expires
+            };
+            if lease_expires <= now {
+                return Err(DaemonError::InvalidNonceReservation(
+                    "nonce reservation would be immediately expired".to_string(),
+                ));
+            }
+
+            let nonce = {
+                let mut nonce_heads = self
+                    .nonce_heads
+                    .write()
+                    .map_err(|_| DaemonError::LockPoisoned)?;
+                let chain_heads = nonce_heads.entry(agent_key.vault_key_id).or_default();
+                let head = chain_heads
+                    .entry(request.chain_id)
+                    .or_insert(request.min_nonce);
+                if *head < request.min_nonce {
+                    *head = request.min_nonce;
+                }
+                let nonce = *head;
+                *head = head.checked_add(1).ok_or_else(|| {
+                    DaemonError::InvalidNonceReservation("nonce allocation overflow".to_string())
+                })?;
+                nonce
+            };
+
+            let reservation = NonceReservation {
+                reservation_id: Uuid::new_v4(),
+                agent_key_id: request.agent_key_id,
+                vault_key_id: agent_key.vault_key_id,
+                chain_id: request.chain_id,
+                nonce,
+                issued_at: now,
+                expires_at: lease_expires,
+            };
+            self.nonce_reservations
+                .write()
+                .map_err(|_| DaemonError::LockPoisoned)?
+                .insert(reservation.reservation_id, reservation.clone());
+
+            self.persist_or_revert(backup)?;
+            Ok(reservation)
+        }
+        .await;
+        request.zeroize_secrets();
+        result
+    }
+
+    async fn release_nonce(&self, request: NonceReleaseRequest) -> Result<(), DaemonError> {
+        let mut request = request;
+        let result = async {
+            let _signing_guard = self.signing_guard.lock().await;
+            let _state_guard = self.state_persist_guard.lock().await;
+            let backup = self.backup_state_if_persistent()?;
+            let now = OffsetDateTime::now_utc();
+            self.validate_request_timestamps(request.requested_at, request.expires_at, now)?;
+            self.authenticate_agent(request.agent_key_id, &request.agent_auth_token)?;
+            self.register_replay_id(request.request_id, request.expires_at, now)?;
+            self.prune_nonce_reservations(now)?;
+
+            let released = {
+                let mut reservations = self
+                    .nonce_reservations
+                    .write()
+                    .map_err(|_| DaemonError::LockPoisoned)?;
+                let Some(existing) = reservations.get(&request.reservation_id) else {
+                    return Err(DaemonError::UnknownNonceReservation(request.reservation_id));
+                };
+                if existing.agent_key_id != request.agent_key_id {
+                    return Err(DaemonError::AgentAuthenticationFailed);
+                }
+                let released = existing.clone();
+                reservations.remove(&request.reservation_id);
+                released
+            };
+            self.reclaim_unused_nonce_heads(&[released])?;
+            self.persist_or_revert(backup)?;
+            Ok(())
+        }
+        .await;
+        request.zeroize_secrets();
+        result
+    }
+
+    async fn sign_for_agent(&self, request: SignRequest) -> Result<Signature, DaemonError> {
+        let mut request = request;
+        let result = async {
+            let _signing_guard = self.signing_guard.lock().await;
+            let _state_guard = self.state_persist_guard.lock().await;
+            let backup = self.backup_state_if_persistent()?;
+            let now = OffsetDateTime::now_utc();
+            let retention_start = now - Duration::days(8);
+
+            self.spend_log
+                .write()
+                .map_err(|_| DaemonError::LockPoisoned)?
+                .retain(|event| event.at >= retention_start);
+
+            let (agent_key, payload_action, policy_explanation) =
+                self.explain_authorized_request(&request, now)?;
+            let approved_manual_request_id = match policy_explanation.decision {
+                PolicyDecision::Allow => None,
+                PolicyDecision::Deny(PolicyError::ManualApprovalRequired { policy_id, .. }) => {
+                    let payload_hash = payload_hash_hex(&request.payload);
+                    match self.resolve_manual_approval_request(
+                        &agent_key,
+                        &payload_action,
+                        &payload_hash,
+                        vec![policy_id],
+                        now,
+                    )? {
+                        ManualApprovalResolution::Approved(request_id) => request_id,
+                        ManualApprovalResolution::Pending {
+                            approval_request_id,
+                            relay_config,
+                        } => {
+                            let frontend_url = self
+                                .relay_private_key_hex
+                                .read()
+                                .ok()
+                                .and_then(|value| {
+                                    manual_approval_capability_token(&value, approval_request_id)
+                                        .ok()
+                                })
+                                .and_then(|approval_capability| {
+                                    manual_approval_frontend_url(
+                                        &relay_config,
+                                        approval_request_id,
+                                        &approval_capability,
+                                    )
+                                });
+                            self.persist_or_revert(backup)?;
+                            return Err(DaemonError::ManualApprovalRequired {
+                                approval_request_id,
+                                relay_url: relay_config.relay_url.clone(),
+                                frontend_url,
+                            });
+                        }
+                        ManualApprovalResolution::Rejected(approval_request_id) => {
+                            return Err(DaemonError::ManualApprovalRejected {
+                                approval_request_id,
+                            });
+                        }
+                    }
+                }
+                PolicyDecision::Deny(err) => return Err(DaemonError::Policy(err)),
+            };
+
+            self.register_replay_id(request.request_id, request.expires_at, now)?;
+
+            let vault_key = self
+                .vault_keys
+                .read()
+                .map_err(|_| DaemonError::LockPoisoned)?
+                .get(&agent_key.vault_key_id)
+                .cloned()
+                .ok_or(DaemonError::UnknownVaultKey(agent_key.vault_key_id))?;
+
+            if let AgentAction::BroadcastTx { tx } = &payload_action {
+                self.consume_nonce_reservation(
+                    request.agent_key_id,
+                    agent_key.vault_key_id,
+                    tx.chain_id,
+                    tx.nonce,
+                    now,
+                )?;
+            }
+
+            let signature = match &payload_action {
+                AgentAction::BroadcastTx { tx } => {
+                    if tx.tx_type != 0x02 {
+                        return Err(DaemonError::Signer(SignerError::Unsupported(format!(
+                            "broadcast transaction type 0x{:02x} is unsupported for signing",
+                            tx.tx_type
+                        ))));
+                    }
+                    self.sign_broadcast_eip1559(&vault_key, tx).await?
+                }
+                AgentAction::Permit2Permit { .. }
+                | AgentAction::Eip3009TransferWithAuthorization { .. }
+                | AgentAction::Eip3009ReceiveWithAuthorization { .. } => {
+                    self.sign_typed_data_action(&vault_key, &payload_action)
+                        .await?
+                }
+                _ => {
+                    self.signer_backend
+                        .sign_payload(agent_key.vault_key_id, &request.payload)
+                        .await?
+                }
+            };
+
+            if let Some(approval_request_id) = approved_manual_request_id {
+                self.complete_manual_approval_request(approval_request_id, now)?;
+            }
+
+            let event = SpendEvent {
+                agent_key_id: request.agent_key_id,
+                chain_id: payload_action.chain_id(),
+                asset: payload_action.asset(),
+                recipient: payload_action.recipient(),
+                amount_wei: payload_action.amount_wei(),
+                at: now,
+            };
+            self.spend_log
+                .write()
+                .map_err(|_| DaemonError::LockPoisoned)?
+                .push(event);
+            self.persist_or_revert(backup)?;
+
+            Ok(signature)
+        }
+        .await;
+        request.zeroize_secrets();
+        result
+    }
+}
+
+fn normalize_optional_url(
+    label: &str,
+    value: Option<String>,
+) -> Result<Option<String>, DaemonError> {
+    let Some(value) = value else {
+        return Ok(None);
+    };
+    let trimmed = value.trim();
+    if trimmed.is_empty() {
+        return Ok(None);
+    }
+    let parsed = reqwest::Url::parse(trimmed).map_err(|err| {
+        DaemonError::InvalidRelayConfig(format!("{label} must be a valid URL: {err}"))
+    })?;
+    if !parsed.username().is_empty() || parsed.password().is_some() {
+        return Err(DaemonError::InvalidRelayConfig(format!(
+            "{label} must not include embedded username or password"
+        )));
+    }
+    if parsed.query().is_some() {
+        return Err(DaemonError::InvalidRelayConfig(format!(
+            "{label} must not include a query string"
+        )));
+    }
+    if parsed.fragment().is_some() {
+        return Err(DaemonError::InvalidRelayConfig(format!(
+            "{label} must not include a fragment"
+        )));
+    }
+    let host = parsed.host_str().ok_or_else(|| {
+        DaemonError::InvalidRelayConfig(format!("{label} must include a hostname"))
+    })?;
+    match parsed.scheme() {
+        "https" => Ok(Some(trimmed.to_string())),
+        "http" if host.eq_ignore_ascii_case("localhost") => Ok(Some(trimmed.to_string())),
+        "http" => {
+            let is_loopback = host
+                .parse::<std::net::IpAddr>()
+                .map(|ip| ip.is_loopback())
+                .unwrap_or(false);
+            if is_loopback {
+                Ok(Some(trimmed.to_string()))
+            } else {
+                Err(DaemonError::InvalidRelayConfig(format!(
+                    "{label} must use https unless it targets localhost or a loopback address"
+                )))
+            }
+        }
+        _ => Err(DaemonError::InvalidRelayConfig(format!(
+            "{label} must use http or https"
+        ))),
+    }
+}
+
+fn validate_admin_password(password: &str) -> Result<(), DaemonError> {
+    if password.trim().is_empty() {
+        return Err(DaemonError::InvalidConfig(
+            "admin_password must not be empty or whitespace".to_string(),
+        ));
+    }
+    if password.as_bytes().len() > MAX_AUTH_SECRET_BYTES {
+        return Err(DaemonError::InvalidConfig(format!(
+            "admin_password must not exceed {MAX_AUTH_SECRET_BYTES} bytes"
+        )));
+    }
+
+    Ok(())
+}
+
+fn hash_password(password: &str, config: &DaemonConfig) -> Result<String, DaemonError> {
+    let salt = SaltString::generate(&mut PasswordOsRng);
+
+    let params = ParamsBuilder::new()
+        .m_cost(config.argon2_memory_kib)
+        .t_cost(config.argon2_time_cost)
+        .p_cost(config.argon2_parallelism)
+        .build()
+        .map_err(|err| DaemonError::PasswordHash(format!("invalid argon2 params: {err}")))?;
+
+    Argon2::new(argon2::Algorithm::Argon2id, argon2::Version::V0x13, params)
+        .hash_password(password.as_bytes(), &salt)
+        .map(|hash| hash.to_string())
+        .map_err(|err| DaemonError::PasswordHash(format!("hashing failed: {err}")))
+}
+
+fn validate_config(config: &DaemonConfig) -> Result<(), DaemonError> {
+    if config.lease_ttl <= Duration::ZERO {
+        return Err(DaemonError::InvalidConfig(
+            "lease_ttl must be greater than zero".to_string(),
+        ));
+    }
+    if config.max_active_leases == 0 {
+        return Err(DaemonError::InvalidConfig(
+            "max_active_leases must be greater than zero".to_string(),
+        ));
+    }
+    if config.max_sign_payload_bytes == 0 {
+        return Err(DaemonError::InvalidConfig(
+            "max_sign_payload_bytes must be greater than zero".to_string(),
+        ));
+    }
+    if config.max_request_ttl <= Duration::ZERO {
+        return Err(DaemonError::InvalidConfig(
+            "max_request_ttl must be greater than zero".to_string(),
+        ));
+    }
+    if config.max_request_clock_skew < Duration::ZERO {
+        return Err(DaemonError::InvalidConfig(
+            "max_request_clock_skew must be non-negative".to_string(),
+        ));
+    }
+    if config.nonce_reservation_ttl <= Duration::ZERO {
+        return Err(DaemonError::InvalidConfig(
+            "nonce_reservation_ttl must be greater than zero".to_string(),
+        ));
+    }
+    if config.max_failed_admin_auth_attempts == 0 {
+        return Err(DaemonError::InvalidConfig(
+            "max_failed_admin_auth_attempts must be greater than zero".to_string(),
+        ));
+    }
+    if config.admin_auth_lockout <= Duration::ZERO {
+        return Err(DaemonError::InvalidConfig(
+            "admin_auth_lockout must be greater than zero".to_string(),
+        ));
+    }
+    if config.argon2_memory_kib == 0 {
+        return Err(DaemonError::InvalidConfig(
+            "argon2_memory_kib must be greater than zero".to_string(),
+        ));
+    }
+    if config.argon2_time_cost == 0 {
+        return Err(DaemonError::InvalidConfig(
+            "argon2_time_cost must be greater than zero".to_string(),
+        ));
+    }
+    if config.argon2_parallelism == 0 {
+        return Err(DaemonError::InvalidConfig(
+            "argon2_parallelism must be greater than zero".to_string(),
+        ));
+    }
+    Ok(())
+}
+
+fn map_domain_to_signer_error(err: vault_domain::DomainError) -> DaemonError {
+    DaemonError::Signer(SignerError::Unsupported(format!(
+        "action cannot be signed: {err}"
+    )))
+}
+
+fn parse_verifying_key(public_key_hex: &str) -> Result<VerifyingKey, DaemonError> {
+    let bytes =
+        hex::decode(public_key_hex.strip_prefix("0x").unwrap_or(public_key_hex)).map_err(|_| {
+            DaemonError::Signer(SignerError::Internal(
+                "vault public key is not valid hex".to_string(),
+            ))
+        })?;
+    VerifyingKey::from_sec1_bytes(&bytes).map_err(|err| {
+        DaemonError::Signer(SignerError::Internal(format!(
+            "vault public key is not valid secp256k1 SEC1 bytes: {err}"
+        )))
+    })
+}
+
+fn validate_loaded_state(state: &PersistedDaemonState) -> Result<(), DaemonError> {
+    for policy in state.policies.values() {
+        validate_policy(policy)?;
+    }
+
+    for signer_key_id in state.software_signer_private_keys.keys() {
+        if !state.vault_keys.contains_key(signer_key_id) {
+            return Err(DaemonError::Persistence(format!(
+                "loaded state contains signer key material for unknown vault key {}",
+                signer_key_id
+            )));
+        }
+    }
+
+    for agent_key in state.agent_keys.values() {
+        if !state.vault_keys.contains_key(&agent_key.vault_key_id) {
+            return Err(DaemonError::Persistence(format!(
+                "loaded state references unknown vault key {}",
+                agent_key.vault_key_id
+            )));
+        }
+        if let PolicyAttachment::PolicySet(policy_ids) = &agent_key.policies {
+            if policy_ids.is_empty() {
+                return Err(DaemonError::Persistence(format!(
+                    "loaded state contains empty policy attachment for agent {}",
+                    agent_key.id
+                )));
+            }
+            for policy_id in policy_ids {
+                if !state.policies.contains_key(policy_id) {
+                    return Err(DaemonError::Persistence(format!(
+                        "loaded state references unknown policy {} for agent {}",
+                        policy_id, agent_key.id
+                    )));
+                }
+            }
+        }
+    }
+
+    for agent_key_id in state.agent_auth_tokens.keys() {
+        if !state.agent_keys.contains_key(agent_key_id) {
+            return Err(DaemonError::Persistence(format!(
+                "loaded state contains auth token for unknown agent {}",
+                agent_key_id
+            )));
+        }
+    }
+
+    for vault_key_id in state.nonce_heads.keys() {
+        if !state.vault_keys.contains_key(vault_key_id) {
+            return Err(DaemonError::Persistence(format!(
+                "loaded state contains nonce head for unknown vault key {}",
+                vault_key_id
+            )));
+        }
+    }
+
+    for reservation in state.nonce_reservations.values() {
+        let Some(agent_key) = state.agent_keys.get(&reservation.agent_key_id) else {
+            return Err(DaemonError::Persistence(format!(
+                "loaded nonce reservation {} references unknown agent {}",
+                reservation.reservation_id, reservation.agent_key_id
+            )));
+        };
+        if reservation.vault_key_id != agent_key.vault_key_id {
+            return Err(DaemonError::Persistence(format!(
+                "loaded nonce reservation {} vault key mismatch for agent {}",
+                reservation.reservation_id, reservation.agent_key_id
+            )));
+        }
+        if reservation.chain_id == 0 {
+            return Err(DaemonError::Persistence(format!(
+                "loaded nonce reservation {} has invalid chain_id 0",
+                reservation.reservation_id
+            )));
+        }
+        if reservation.expires_at <= reservation.issued_at {
+            return Err(DaemonError::Persistence(format!(
+                "loaded nonce reservation {} has invalid timestamps",
+                reservation.reservation_id
+            )));
+        }
+    }
+
+    for request in state.manual_approval_requests.values() {
+        let Some(agent_key) = state.agent_keys.get(&request.agent_key_id) else {
+            return Err(DaemonError::Persistence(format!(
+                "loaded manual approval request {} references unknown agent {}",
+                request.id, request.agent_key_id
+            )));
+        };
+        if request.vault_key_id != agent_key.vault_key_id {
+            return Err(DaemonError::Persistence(format!(
+                "loaded manual approval request {} vault key mismatch for agent {}",
+                request.id, request.agent_key_id
+            )));
+        }
+        if request.chain_id == 0 {
+            return Err(DaemonError::Persistence(format!(
+                "loaded manual approval request {} has invalid chain_id 0",
+                request.id
+            )));
+        }
+        if request.request_payload_hash_hex.trim().is_empty() {
+            return Err(DaemonError::Persistence(format!(
+                "loaded manual approval request {} has empty payload hash",
+                request.id
+            )));
+        }
+        if request.updated_at < request.created_at {
+            return Err(DaemonError::Persistence(format!(
+                "loaded manual approval request {} has invalid timestamps",
+                request.id
+            )));
+        }
+        if matches!(request.status, ManualApprovalStatus::Completed)
+            && request.completed_at.is_none()
+        {
+            return Err(DaemonError::Persistence(format!(
+                "loaded manual approval request {} is completed without completed_at",
+                request.id
+            )));
+        }
+        for policy_id in &request.triggered_by_policy_ids {
+            let Some(policy) = state.policies.get(policy_id) else {
+                return Err(DaemonError::Persistence(format!(
+                    "loaded manual approval request {} references unknown policy {}",
+                    request.id, policy_id
+                )));
+            };
+            if !matches!(policy.policy_type, vault_domain::PolicyType::ManualApproval) {
+                return Err(DaemonError::Persistence(format!(
+                    "loaded manual approval request {} references non-manual policy {}",
+                    request.id, policy_id
+                )));
+            }
+        }
+    }
+
+    let relay_url = normalize_optional_url("relay_url", state.relay_config.relay_url.clone())?;
+    if relay_url != state.relay_config.relay_url {
+        return Err(DaemonError::Persistence(
+            "loaded relay configuration must be normalized".to_string(),
+        ));
+    }
+    let frontend_url =
+        normalize_optional_url("frontend_url", state.relay_config.frontend_url.clone())?;
+    if frontend_url != state.relay_config.frontend_url {
+        return Err(DaemonError::Persistence(
+            "loaded relay frontend configuration must be normalized".to_string(),
+        ));
+    }
+
+    let private_key_bytes = hex::decode(
+        state.relay_private_key_hex.trim().trim_start_matches("0x"),
+    )
+    .map_err(|err| {
+        DaemonError::Persistence(format!("loaded relay private key is invalid hex: {err}"))
+    })?;
+    if private_key_bytes.len() != 32 {
+        return Err(DaemonError::Persistence(
+            "loaded relay private key must be 32 bytes".to_string(),
+        ));
+    }
+    let mut private_key = [0u8; 32];
+    private_key.copy_from_slice(&private_key_bytes);
+    let secret = x25519_dalek::StaticSecret::from(private_key);
+    let public = x25519_dalek::PublicKey::from(&secret);
+    let expected_public_key_hex = hex::encode(public.as_bytes());
+    if state.relay_config.daemon_public_key_hex != expected_public_key_hex {
+        return Err(DaemonError::Persistence(
+            "loaded relay public key does not match stored private key".to_string(),
+        ));
+    }
+
+    let daemon_id_bytes = hex::decode(
+        state
+            .relay_config
+            .daemon_id_hex
+            .trim()
+            .trim_start_matches("0x"),
+    )
+    .map_err(|err| DaemonError::Persistence(format!("loaded daemon id is invalid hex: {err}")))?;
+    if daemon_id_bytes.len() != 32 {
+        return Err(DaemonError::Persistence(
+            "loaded daemon id must be 32 bytes".to_string(),
+        ));
+    }
+
+    Ok(())
+}
+
+fn validate_policy(policy: &SpendingPolicy) -> Result<(), DaemonError> {
+    if policy.max_amount_wei == 0 {
+        return Err(DaemonError::InvalidPolicy(
+            "max_amount_wei must be greater than zero".to_string(),
+        ));
+    }
+
+    if matches!(
+        &policy.recipients,
+        vault_domain::EntityScope::Set(values) if values.is_empty()
+    ) {
+        return Err(DaemonError::InvalidPolicy(
+            "recipient set scope must not be empty".to_string(),
+        ));
+    }
+
+    if matches!(
+        &policy.assets,
+        vault_domain::EntityScope::Set(values) if values.is_empty()
+    ) {
+        return Err(DaemonError::InvalidPolicy(
+            "asset set scope must not be empty".to_string(),
+        ));
+    }
+
+    if matches!(
+        &policy.networks,
+        vault_domain::EntityScope::Set(values)
+            if values.is_empty() || values.iter().any(|chain_id| *chain_id == 0)
+    ) {
+        return Err(DaemonError::InvalidPolicy(
+            "network set scope must not be empty and must not contain chain_id 0".to_string(),
+        ));
+    }
+
+    Ok(())
+}
+
+fn generate_agent_auth_token() -> String {
+    format!("{}.{}", Uuid::new_v4().simple(), Uuid::new_v4().simple())
+}
+
+fn hash_agent_auth_token(token: &str) -> [u8; 32] {
+    let digest = Sha256::digest(token.as_bytes());
+    let mut bytes = [0u8; 32];
+    bytes.copy_from_slice(&digest);
+    bytes
+}
+
+fn constant_time_eq(left: &[u8], right: &[u8]) -> bool {
+    if left.len() != right.len() {
+        return false;
+    }
+
+    let mut diff = 0u8;
+    for (left, right) in left.iter().zip(right.iter()) {
+        diff |= left ^ right;
+    }
+    diff == 0
+}