npm - @wlfi-agent/cli - Versions diffs - 1.4.13 → 1.4.14 - Mend

@wlfi-agent/cli 1.4.13 → 1.4.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (289) hide show

package/Cargo.lock +3968 -0
package/Cargo.toml +50 -0
package/README.md +426 -6
package/crates/vault-cli-admin/Cargo.toml +26 -0
package/crates/vault-cli-admin/src/io_utils.rs +500 -0
package/crates/vault-cli-admin/src/main.rs +3990 -0
package/crates/vault-cli-admin/src/shared_config.rs +624 -0
package/crates/vault-cli-admin/src/tui/amounts.rs +180 -0
package/crates/vault-cli-admin/src/tui/token_rpc.rs +250 -0
package/crates/vault-cli-admin/src/tui/utils.rs +82 -0
package/crates/vault-cli-admin/src/tui.rs +3410 -0
package/crates/vault-cli-agent/Cargo.toml +24 -0
package/crates/vault-cli-agent/src/io_utils.rs +576 -0
package/crates/vault-cli-agent/src/main.rs +833 -0
package/crates/vault-cli-daemon/Cargo.toml +28 -0
package/crates/vault-cli-daemon/src/bin/wlfi-agent-system-keychain.rs +216 -0
package/crates/vault-cli-daemon/src/main.rs +644 -0
package/crates/vault-cli-daemon/src/relay_sync.rs +894 -0
package/crates/vault-cli-daemon/tests/system_keychain_helper_acl.rs +167 -0
package/crates/vault-daemon/Cargo.toml +32 -0
package/crates/vault-daemon/src/daemon_parts/api_impl_and_utils.rs +1041 -0
package/crates/vault-daemon/src/daemon_parts/core_helpers.rs +1256 -0
package/crates/vault-daemon/src/daemon_parts/types_api_rpc.rs +622 -0
package/crates/vault-daemon/src/lib.rs +54 -0
package/crates/vault-daemon/src/persistence.rs +441 -0
package/crates/vault-daemon/src/tests.rs +237 -0
package/crates/vault-daemon/src/tests_parts/part1.rs +1224 -0
package/crates/vault-daemon/src/tests_parts/part2.rs +1021 -0
package/crates/vault-daemon/src/tests_parts/part3.rs +835 -0
package/crates/vault-daemon/src/tests_parts/part4.rs +604 -0
package/crates/vault-domain/Cargo.toml +20 -0
package/crates/vault-domain/src/action.rs +849 -0
package/crates/vault-domain/src/address.rs +51 -0
package/crates/vault-domain/src/approval.rs +90 -0
package/crates/vault-domain/src/constants.rs +4 -0
package/crates/vault-domain/src/error.rs +54 -0
package/crates/vault-domain/src/keys.rs +71 -0
package/crates/vault-domain/src/lib.rs +42 -0
package/crates/vault-domain/src/nonce.rs +102 -0
package/crates/vault-domain/src/policy.rs +172 -0
package/crates/vault-domain/src/request.rs +53 -0
package/crates/vault-domain/src/scope.rs +24 -0
package/crates/vault-domain/src/session.rs +50 -0
package/crates/vault-domain/src/signature.rs +34 -0
package/crates/vault-domain/src/tests.rs +651 -0
package/crates/vault-domain/src/u128_as_decimal_string.rs +44 -0
package/crates/vault-policy/Cargo.toml +17 -0
package/crates/vault-policy/src/engine.rs +301 -0
package/crates/vault-policy/src/error.rs +81 -0
package/crates/vault-policy/src/lib.rs +17 -0
package/crates/vault-policy/src/report.rs +34 -0
package/crates/vault-policy/src/tests.rs +891 -0
package/crates/vault-policy/src/tests_explain.rs +78 -0
package/crates/vault-sdk-agent/Cargo.toml +21 -0
package/crates/vault-sdk-agent/src/lib.rs +711 -0
package/crates/vault-signer/Cargo.toml +25 -0
package/crates/vault-signer/src/lib.rs +731 -0
package/crates/vault-signer/tests/secure_enclave_acl.rs +54 -0
package/crates/vault-transport-unix/Cargo.toml +24 -0
package/crates/vault-transport-unix/src/lib.rs +1640 -0
package/crates/vault-transport-xpc/Cargo.toml +25 -0
package/crates/vault-transport-xpc/src/client_codec_api.rs +635 -0
package/crates/vault-transport-xpc/src/lib.rs +680 -0
package/crates/vault-transport-xpc/src/tests.rs +818 -0
package/crates/vault-transport-xpc/tests/e2e_flow.rs +773 -0
package/dist/cli.cjs +35088 -0
package/dist/cli.cjs.map +1 -0
package/package.json +49 -43
package/packages/cache/.turbo/turbo-build.log +52 -0
package/packages/cache/dist/chunk-2QFWMUXT.cjs +43 -0
package/packages/cache/dist/chunk-2QFWMUXT.cjs.map +1 -0
package/packages/cache/dist/chunk-4U63TZTQ.js +43 -0
package/packages/cache/dist/chunk-4U63TZTQ.js.map +1 -0
package/packages/cache/dist/chunk-ALQ6H7KG.cjs +404 -0
package/packages/cache/dist/chunk-ALQ6H7KG.cjs.map +1 -0
package/packages/cache/dist/chunk-FGJEEF5N.js +404 -0
package/packages/cache/dist/chunk-FGJEEF5N.js.map +1 -0
package/packages/cache/dist/chunk-UYNEHZHB.cjs +45 -0
package/packages/cache/dist/chunk-UYNEHZHB.cjs.map +1 -0
package/packages/cache/dist/chunk-VXVMPG3W.js +45 -0
package/packages/cache/dist/chunk-VXVMPG3W.js.map +1 -0
package/packages/cache/dist/client/index.cjs +11 -0
package/packages/cache/dist/client/index.cjs.map +1 -0
package/packages/cache/dist/client/index.d.cts +15 -0
package/packages/cache/dist/client/index.d.ts +15 -0
package/packages/cache/dist/client/index.js +11 -0
package/packages/cache/dist/client/index.js.map +1 -0
package/packages/cache/dist/errors/index.cjs +11 -0
package/packages/cache/dist/errors/index.cjs.map +1 -0
package/packages/cache/dist/errors/index.d.cts +26 -0
package/packages/cache/dist/errors/index.d.ts +26 -0
package/packages/cache/dist/errors/index.js +11 -0
package/packages/cache/dist/errors/index.js.map +1 -0
package/packages/cache/dist/index.cjs +29 -0
package/packages/cache/dist/index.cjs.map +1 -0
package/packages/cache/dist/index.d.cts +4 -0
package/packages/cache/dist/index.d.ts +4 -0
package/packages/cache/dist/index.js +29 -0
package/packages/cache/dist/index.js.map +1 -0
package/packages/cache/dist/service/index.cjs +15 -0
package/packages/cache/dist/service/index.cjs.map +1 -0
package/packages/cache/dist/service/index.d.cts +184 -0
package/packages/cache/dist/service/index.d.ts +184 -0
package/packages/cache/dist/service/index.js +15 -0
package/packages/cache/dist/service/index.js.map +1 -0
package/packages/cache/node_modules/.bin/jiti +17 -0
package/packages/cache/node_modules/.bin/tsc +17 -0
package/packages/cache/node_modules/.bin/tsserver +17 -0
package/packages/cache/node_modules/.bin/tsup +17 -0
package/packages/cache/node_modules/.bin/tsup-node +17 -0
package/packages/cache/node_modules/.bin/tsx +17 -0
package/packages/cache/node_modules/.bin/vitest +17 -0
package/packages/cache/package.json +48 -0
package/packages/cache/src/client/index.ts +56 -0
package/packages/cache/src/errors/index.ts +53 -0
package/packages/cache/src/index.ts +3 -0
package/packages/cache/src/service/index.test.ts +263 -0
package/packages/cache/src/service/index.ts +678 -0
package/packages/cache/tsconfig.json +13 -0
package/packages/cache/tsup.config.ts +13 -0
package/packages/cache/vitest.config.ts +16 -0
package/packages/config/.turbo/turbo-build.log +18 -0
package/packages/config/dist/index.cjs +1037 -0
package/packages/config/dist/index.cjs.map +1 -0
package/packages/config/dist/index.d.ts +131 -0
package/packages/config/node_modules/.bin/jiti +17 -0
package/packages/config/node_modules/.bin/tsc +17 -0
package/packages/config/node_modules/.bin/tsserver +17 -0
package/packages/config/node_modules/.bin/tsup +17 -0
package/packages/config/node_modules/.bin/tsup-node +17 -0
package/packages/config/node_modules/.bin/tsx +17 -0
package/packages/config/package.json +21 -0
package/packages/config/src/index.js +1 -0
package/packages/config/src/index.ts +1282 -0
package/packages/config/tsconfig.json +4 -0
package/packages/rpc/.turbo/turbo-build.log +32 -0
package/packages/rpc/dist/_esm-BCLXDO2R.cjs +3660 -0
package/packages/rpc/dist/_esm-BCLXDO2R.cjs.map +1 -0
package/packages/rpc/dist/ccip-OWJLAW55.cjs +16 -0
package/packages/rpc/dist/ccip-OWJLAW55.cjs.map +1 -0
package/packages/rpc/dist/chunk-APQIFZ3B.cjs +6247 -0
package/packages/rpc/dist/chunk-APQIFZ3B.cjs.map +1 -0
package/packages/rpc/dist/chunk-CDO2GWRD.cjs +410 -0
package/packages/rpc/dist/chunk-CDO2GWRD.cjs.map +1 -0
package/packages/rpc/dist/chunk-QGTNTFJ7.cjs +2249 -0
package/packages/rpc/dist/chunk-QGTNTFJ7.cjs.map +1 -0
package/packages/rpc/dist/chunk-TZDTAHWR.cjs +44 -0
package/packages/rpc/dist/chunk-TZDTAHWR.cjs.map +1 -0
package/packages/rpc/dist/index.cjs +7342 -0
package/packages/rpc/dist/index.cjs.map +1 -0
package/packages/rpc/dist/index.d.ts +3857 -0
package/packages/rpc/dist/secp256k1-WCNM675D.cjs +18 -0
package/packages/rpc/dist/secp256k1-WCNM675D.cjs.map +1 -0
package/packages/rpc/node_modules/.bin/jiti +17 -0
package/packages/rpc/node_modules/.bin/tsc +17 -0
package/packages/rpc/node_modules/.bin/tsserver +17 -0
package/packages/rpc/node_modules/.bin/tsup +17 -0
package/packages/rpc/node_modules/.bin/tsup-node +17 -0
package/packages/rpc/node_modules/.bin/tsx +17 -0
package/packages/rpc/package.json +25 -0
package/packages/rpc/src/index.ts +206 -0
package/packages/rpc/tsconfig.json +4 -0
package/packages/typescript/base.json +36 -0
package/packages/typescript/nextjs.json +17 -0
package/packages/typescript/package.json +10 -0
package/packages/ui/.turbo/turbo-build.log +44 -0
package/packages/ui/dist/chunk-MOAFBKSA.js +11 -0
package/packages/ui/dist/chunk-MOAFBKSA.js.map +1 -0
package/packages/ui/dist/components/badge.d.ts +12 -0
package/packages/ui/dist/components/badge.js +31 -0
package/packages/ui/dist/components/badge.js.map +1 -0
package/packages/ui/dist/components/button.d.ts +13 -0
package/packages/ui/dist/components/button.js +40 -0
package/packages/ui/dist/components/button.js.map +1 -0
package/packages/ui/dist/components/card.d.ts +10 -0
package/packages/ui/dist/components/card.js +39 -0
package/packages/ui/dist/components/card.js.map +1 -0
package/packages/ui/dist/components/input.d.ts +5 -0
package/packages/ui/dist/components/input.js +28 -0
package/packages/ui/dist/components/input.js.map +1 -0
package/packages/ui/dist/components/label.d.ts +5 -0
package/packages/ui/dist/components/label.js +13 -0
package/packages/ui/dist/components/label.js.map +1 -0
package/packages/ui/dist/components/separator.d.ts +5 -0
package/packages/ui/dist/components/separator.js +13 -0
package/packages/ui/dist/components/separator.js.map +1 -0
package/packages/ui/dist/components/textarea.d.ts +5 -0
package/packages/ui/dist/components/textarea.js +27 -0
package/packages/ui/dist/components/textarea.js.map +1 -0
package/packages/ui/dist/tailwind.d.ts +56 -0
package/packages/ui/dist/tailwind.js +60 -0
package/packages/ui/dist/tailwind.js.map +1 -0
package/packages/ui/dist/utils/cn.d.ts +5 -0
package/packages/ui/dist/utils/cn.js +7 -0
package/packages/ui/dist/utils/cn.js.map +1 -0
package/packages/ui/node_modules/.bin/jiti +17 -0
package/packages/ui/node_modules/.bin/tsc +17 -0
package/packages/ui/node_modules/.bin/tsserver +17 -0
package/packages/ui/node_modules/.bin/tsup +17 -0
package/packages/ui/node_modules/.bin/tsup-node +17 -0
package/packages/ui/node_modules/.bin/tsx +17 -0
package/packages/ui/package.json +69 -0
package/packages/ui/src/components/badge.tsx +27 -0
package/packages/ui/src/components/button.tsx +40 -0
package/packages/ui/src/components/card.tsx +31 -0
package/packages/ui/src/components/input.tsx +21 -0
package/packages/ui/src/components/label.tsx +6 -0
package/packages/ui/src/components/separator.tsx +6 -0
package/packages/ui/src/components/textarea.tsx +20 -0
package/packages/ui/src/globals.css +70 -0
package/packages/ui/src/tailwind.ts +56 -0
package/packages/ui/src/utils/cn.ts +6 -0
package/packages/ui/tsconfig.json +20 -0
package/packages/ui/tsup.config.ts +20 -0
package/pnpm-workspace.yaml +4 -0
package/scripts/install-rust-binaries.mjs +84 -0
package/scripts/launchd/install-user-daemon.sh +358 -0
package/scripts/launchd/run-vault-daemon.sh +5 -0
package/scripts/launchd/run-wlfi-agent-daemon.sh +73 -0
package/scripts/launchd/uninstall-user-daemon.sh +103 -0
package/src/cli.ts +2121 -0
package/src/lib/admin-guard.js +1 -0
package/src/lib/admin-guard.ts +185 -0
package/src/lib/admin-passthrough.ts +33 -0
package/src/lib/admin-reset.ts +751 -0
package/src/lib/admin-setup.ts +1612 -0
package/src/lib/agent-auth-clear.js +1 -0
package/src/lib/agent-auth-clear.ts +58 -0
package/src/lib/agent-auth-forwarding.js +1 -0
package/src/lib/agent-auth-forwarding.ts +149 -0
package/src/lib/agent-auth-migrate.js +1 -0
package/src/lib/agent-auth-migrate.ts +150 -0
package/src/lib/agent-auth-revoke.ts +103 -0
package/src/lib/agent-auth-rotate.ts +107 -0
package/src/lib/agent-auth-token.js +1 -0
package/src/lib/agent-auth-token.ts +25 -0
package/src/lib/agent-auth.ts +89 -0
package/src/lib/asset-broadcast.js +1 -0
package/src/lib/asset-broadcast.ts +285 -0
package/src/lib/bootstrap-artifacts.js +1 -0
package/src/lib/bootstrap-artifacts.ts +205 -0
package/src/lib/bootstrap-credentials.js +1 -0
package/src/lib/bootstrap-credentials.ts +832 -0
package/src/lib/config-amounts.js +1 -0
package/src/lib/config-amounts.ts +189 -0
package/src/lib/config-mutation.ts +27 -0
package/src/lib/fs-trust.js +1 -0
package/src/lib/fs-trust.ts +537 -0
package/src/lib/keychain.js +1 -0
package/src/lib/keychain.ts +225 -0
package/src/lib/local-admin-access.ts +106 -0
package/src/lib/network-selection.js +1 -0
package/src/lib/network-selection.ts +71 -0
package/src/lib/passthrough-security.js +1 -0
package/src/lib/passthrough-security.ts +114 -0
package/src/lib/rpc-guard.js +1 -0
package/src/lib/rpc-guard.ts +7 -0
package/src/lib/rust-spawn-options.js +1 -0
package/src/lib/rust-spawn-options.ts +98 -0
package/src/lib/rust.js +1 -0
package/src/lib/rust.ts +143 -0
package/src/lib/signed-tx.js +1 -0
package/src/lib/signed-tx.ts +116 -0
package/src/lib/status-repair-cli.ts +116 -0
package/src/lib/sudo.js +1 -0
package/src/lib/sudo.ts +172 -0
package/src/lib/vault-password-forwarding.js +1 -0
package/src/lib/vault-password-forwarding.ts +155 -0
package/src/lib/wallet-profile.js +1 -0
package/src/lib/wallet-profile.ts +332 -0
package/src/lib/wallet-repair.js +1 -0
package/src/lib/wallet-repair.ts +304 -0
package/src/lib/wallet-setup.js +1 -0
package/src/lib/wallet-setup.ts +1466 -0
package/src/lib/wallet-status.js +1 -0
package/src/lib/wallet-status.ts +640 -0
package/tsconfig.base.json +17 -0
package/tsconfig.json +10 -0
package/tsup.config.ts +25 -0
package/turbo.json +41 -0
package/LICENSE.md +0 -1
package/dist/wlfa/index.cjs +0 -250
package/dist/wlfa/index.d.cts +0 -1
package/dist/wlfa/index.d.ts +0 -1
package/dist/wlfa/index.js +0 -250
package/dist/wlfc/index.cjs +0 -1839
package/dist/wlfc/index.d.cts +0 -1
package/dist/wlfc/index.d.ts +0 -1
package/dist/wlfc/index.js +0 -1839

package/packages/ui/src/components/label.tsx ADDED Viewed

@@ -0,0 +1,6 @@
+import * as React from 'react';
+import { cn } from '../utils/cn';
+export function Label({ className, ...props }: React.LabelHTMLAttributes<HTMLLabelElement>): React.JSX.Element {
+  return <label className={cn('text-sm font-medium leading-none', className)} {...props} />;
+}

package/packages/ui/src/components/separator.tsx ADDED Viewed

@@ -0,0 +1,6 @@
+import * as React from 'react';
+import { cn } from '../utils/cn';
+export function Separator({ className, ...props }: React.HTMLAttributes<HTMLDivElement>): React.JSX.Element {
+  return <div className={cn('h-px w-full bg-border', className)} role="separator" {...props} />;
+}

package/packages/ui/src/components/textarea.tsx ADDED Viewed

@@ -0,0 +1,20 @@
+import * as React from 'react';
+import { cn } from '../utils/cn';
+const Textarea = React.forwardRef<HTMLTextAreaElement, React.TextareaHTMLAttributes<HTMLTextAreaElement>>(
+  ({ className, ...props }, ref) => {
+    return (
+      <textarea
+        className={cn(
+          'flex min-h-[96px] w-full rounded-xl border border-input bg-background px-3 py-2 text-sm ring-offset-background placeholder:text-muted-foreground focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 disabled:cursor-not-allowed disabled:opacity-50',
+          className
+        )}
+        ref={ref}
+        {...props}
+      />
+    );
+  }
+);
+Textarea.displayName = 'Textarea';
+export { Textarea };

package/packages/ui/src/globals.css ADDED Viewed

@@ -0,0 +1,70 @@
+@tailwind base;
+@tailwind components;
+@tailwind utilities;
+:root {
+  --background: 0 0% 100%;
+  --foreground: 222 47% 11%;
+  --card: 0 0% 100%;
+  --card-foreground: 222 47% 11%;
+  --primary: 45 93% 47%;
+  --primary-foreground: 222 47% 11%;
+  --secondary: 222 14% 96%;
+  --secondary-foreground: 222 47% 11%;
+  --accent: 210 40% 96%;
+  --accent-foreground: 222 47% 11%;
+  --muted: 210 40% 96%;
+  --muted-foreground: 215 16% 47%;
+  --destructive: 0 84% 60%;
+  --destructive-foreground: 0 0% 100%;
+  --success: 152 77% 39%;
+  --success-foreground: 0 0% 100%;
+  --warning: 34 100% 52%;
+  --warning-foreground: 222 47% 11%;
+  --border: 214 32% 91%;
+  --input: 214 32% 91%;
+  --ring: 45 93% 47%;
+}
+.dark {
+  --background: 222 47% 7%;
+  --foreground: 210 40% 98%;
+  --card: 224 38% 11%;
+  --card-foreground: 210 40% 98%;
+  --primary: 45 93% 47%;
+  --primary-foreground: 222 47% 11%;
+  --secondary: 217 33% 17%;
+  --secondary-foreground: 210 40% 98%;
+  --accent: 217 33% 17%;
+  --accent-foreground: 210 40% 98%;
+  --muted: 217 33% 17%;
+  --muted-foreground: 215 20% 65%;
+  --destructive: 0 63% 44%;
+  --destructive-foreground: 210 40% 98%;
+  --success: 152 77% 39%;
+  --success-foreground: 210 40% 98%;
+  --warning: 34 100% 52%;
+  --warning-foreground: 222 47% 11%;
+  --border: 217 33% 20%;
+  --input: 217 33% 20%;
+  --ring: 45 93% 47%;
+}
+* {
+  @apply border-border;
+}
+html {
+  color-scheme: light dark;
+}
+body {
+  @apply min-h-screen bg-background text-foreground antialiased;
+  background-image:
+    radial-gradient(circle at top, rgba(255, 209, 70, 0.12), transparent 34%),
+    linear-gradient(180deg, rgba(15, 23, 42, 0.04), transparent 30%);
+}
+a {
+  @apply text-primary transition-colors hover:text-primary/80;
+}

package/packages/ui/src/tailwind.ts ADDED Viewed

@@ -0,0 +1,56 @@
+const tailwindPreset = {
+  darkMode: ['class'],
+  content: [],
+  theme: {
+    extend: {
+      borderRadius: {
+        xl: '1rem',
+        '2xl': '1.25rem'
+      },
+      boxShadow: {
+        soft: '0 16px 40px -20px rgba(0, 0, 0, 0.35)'
+      },
+      colors: {
+        border: 'hsl(var(--border))',
+        input: 'hsl(var(--input))',
+        ring: 'hsl(var(--ring))',
+        background: 'hsl(var(--background))',
+        foreground: 'hsl(var(--foreground))',
+        muted: {
+          DEFAULT: 'hsl(var(--muted))',
+          foreground: 'hsl(var(--muted-foreground))'
+        },
+        primary: {
+          DEFAULT: 'hsl(var(--primary))',
+          foreground: 'hsl(var(--primary-foreground))'
+        },
+        secondary: {
+          DEFAULT: 'hsl(var(--secondary))',
+          foreground: 'hsl(var(--secondary-foreground))'
+        },
+        accent: {
+          DEFAULT: 'hsl(var(--accent))',
+          foreground: 'hsl(var(--accent-foreground))'
+        },
+        destructive: {
+          DEFAULT: 'hsl(var(--destructive))',
+          foreground: 'hsl(var(--destructive-foreground))'
+        },
+        success: {
+          DEFAULT: 'hsl(var(--success))',
+          foreground: 'hsl(var(--success-foreground))'
+        },
+        warning: {
+          DEFAULT: 'hsl(var(--warning))',
+          foreground: 'hsl(var(--warning-foreground))'
+        },
+        card: {
+          DEFAULT: 'hsl(var(--card))',
+          foreground: 'hsl(var(--card-foreground))'
+        }
+      }
+    }
+  }
+};
+export default tailwindPreset;

package/packages/ui/src/utils/cn.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { clsx, type ClassValue } from 'clsx';
+import { twMerge } from 'tailwind-merge';
+export function cn(...inputs: ClassValue[]): string {
+  return twMerge(clsx(inputs));
+}

package/packages/ui/tsconfig.json ADDED Viewed

@@ -0,0 +1,20 @@
+{
+  "extends": "../typescript/base.json",
+  "compilerOptions": {
+    "rootDir": "src",
+    "outDir": "dist",
+    "jsx": "react-jsx",
+    "lib": [
+      "dom",
+      "dom.iterable",
+      "es2022"
+    ],
+    "types": [
+      "react",
+      "react-dom"
+    ]
+  },
+  "include": [
+    "src/**/*"
+  ]
+}

package/packages/ui/tsup.config.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import { defineConfig } from 'tsup';
+export default defineConfig({
+  entry: [
+    'src/tailwind.ts',
+    'src/utils/cn.ts',
+    'src/components/badge.tsx',
+    'src/components/button.tsx',
+    'src/components/card.tsx',
+    'src/components/input.tsx',
+    'src/components/label.tsx',
+    'src/components/separator.tsx',
+    'src/components/textarea.tsx'
+  ],
+  format: ['esm'],
+  dts: true,
+  sourcemap: true,
+  clean: true,
+  external: ['react', 'react-dom']
+});

package/pnpm-workspace.yaml ADDED Viewed

@@ -0,0 +1,4 @@
+packages:
+  - packages/*
+  - apps/*
+  - apps/maintenance/*

package/scripts/install-rust-binaries.mjs ADDED Viewed

@@ -0,0 +1,84 @@
+import fs from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+import { spawnSync } from 'node:child_process';
+if (process.env.WLFI_SKIP_RUST_INSTALL === '1') {
+  process.exit(0);
+}
+const repoRoot = new URL('..', import.meta.url).pathname;
+const wlfiHome = process.env.WLFI_HOME?.trim() || path.join(os.homedir(), '.wlfi_agent');
+const binDir = path.join(wlfiHome, 'bin');
+const extension = process.platform === 'win32' ? '.exe' : '';
+const rustBins = [
+  'wlfi-agent-daemon',
+  'wlfi-agent-admin',
+  'wlfi-agent-agent',
+  'wlfi-agent-system-keychain'
+];
+const helperScripts = [
+  {
+    source: path.join(repoRoot, 'scripts', 'launchd', 'run-wlfi-agent-daemon.sh'),
+    destination: path.join(binDir, 'run-wlfi-agent-daemon.sh')
+  }
+];
+fs.mkdirSync(binDir, { recursive: true, mode: 0o700 });
+const cargo = spawnSync('cargo', ['--version'], { cwd: repoRoot, stdio: 'pipe' });
+if (cargo.status !== 0) {
+  console.warn('[wlfi-agent] cargo was not found; skipping Rust binary installation');
+  console.warn('[wlfi-agent] install Rust from https://rustup.rs and rerun `npm run install:rust-binaries`.');
+  process.exit(0);
+}
+const build = spawnSync(
+  'cargo',
+  [
+    'build',
+    '--release',
+    '-p',
+    'wlfi-agent-daemon',
+    '-p',
+    'wlfi-agent-admin',
+    '-p',
+    'wlfi-agent-agent'
+  ],
+  { cwd: repoRoot, stdio: 'inherit' }
+);
+if (build.status !== 0) {
+  process.exit(build.status ?? 1);
+}
+for (const binary of rustBins) {
+  const source = path.join(repoRoot, 'target', 'release', binary + extension);
+  const destination = path.join(binDir, binary + extension);
+  fs.copyFileSync(source, destination);
+  if (process.platform !== 'win32') {
+    fs.chmodSync(destination, 0o755);
+  }
+}
+for (const script of helperScripts) {
+  fs.copyFileSync(script.source, script.destination);
+  if (process.platform !== 'win32') {
+    fs.chmodSync(script.destination, 0o755);
+  }
+}
+const configPath = path.join(wlfiHome, 'config.json');
+if (!fs.existsSync(configPath)) {
+  fs.writeFileSync(
+    configPath,
+    JSON.stringify(
+      {
+        daemonSocket: path.join(wlfiHome, 'daemon.sock'),
+        stateFile: path.join(wlfiHome, 'daemon-state.enc'),
+        rustBinDir: binDir
+      },
+      null,
+      2
+    ) + '\n',
+    { mode: 0o600 }
+  );
+}

package/scripts/launchd/install-user-daemon.sh ADDED Viewed

@@ -0,0 +1,358 @@
+#!/usr/bin/env bash
+set -euo pipefail
+usage() {
+  cat <<'EOF2'
+Install or replace the WLFI Agent root LaunchDaemon.
+Usage:
+  install-user-daemon.sh [options]
+Options:
+  --label <label>                LaunchDaemon label (default: com.wlfi.agent.daemon)
+  --runner <path>                LaunchDaemon runner script path (required)
+  --daemon-bin <path>            Rust daemon binary path (required)
+  --keychain-helper <path>       Rust helper path for daemon System.keychain access (required)
+  --state-file <path>            Encrypted daemon state path (required)
+  --daemon-socket <path>         Daemon unix socket path (required)
+  --keychain-service <name>      Keychain service (default: wlfi-agent-daemon-password)
+  --keychain-account <name>      Keychain account (required)
+  --signer-backend <kind>        Signer backend for daemon (default: software)
+  --allow-admin-euid <uid>       Allowed admin client uid (required)
+  --allow-agent-euid <uid>       Allowed agent client uid (required)
+  Environment:
+    WLFI_RELAY_DAEMON_TOKEN      Optional relay auth token to store in a root-only daemon file
+  --vault-password-stdin         Read vault password from stdin and store it in System.keychain
+  --help                         Show this help
+EOF2
+}
+require_non_empty_value() {
+  local flag="$1"
+  local value="${2:-}"
+  if [[ -z "$value" ]]; then
+    echo "missing value for $flag" >&2
+    exit 1
+  fi
+}
+validate_label() {
+  local value="$1"
+  if [[ ! "$value" =~ ^[A-Za-z0-9._-]+$ ]]; then
+    echo "invalid --label '$value': allowed characters are [A-Za-z0-9._-]" >&2
+    exit 1
+  fi
+}
+read_secret_from_stdin() {
+  local label="$1"
+  local raw
+  raw="$(cat)"
+  raw="${raw%$'\n'}"
+  raw="${raw%$'\r'}"
+  if [[ -z "${raw//[[:space:]]/}" ]]; then
+    echo "$label must not be empty or whitespace" >&2
+    exit 1
+  fi
+  printf '%s' "$raw"
+}
+require_regular_executable() {
+  local label="$1"
+  local target="$2"
+  if [[ -L "$target" ]]; then
+    echo "$label must not be a symlink: $target" >&2
+    exit 1
+  fi
+  if [[ ! -f "$target" ]]; then
+    echo "$label must be a regular file: $target" >&2
+    exit 1
+  fi
+  if [[ ! -x "$target" ]]; then
+    echo "$label is not executable: $target" >&2
+    exit 1
+  fi
+}
+install_private_file() {
+  local label="$1"
+  local target="$2"
+  local value="$3"
+  local temp_target="${target}.tmp.$$"
+  if [[ -L "$target" ]]; then
+    echo "$label must not be a symlink: $target" >&2
+    exit 1
+  fi
+  if [[ -e "$target" && ! -f "$target" ]]; then
+    echo "$label must be a regular file: $target" >&2
+    exit 1
+  fi
+  printf '%s' "$value" > "$temp_target"
+  chmod 600 "$temp_target"
+  chown root:wheel "$temp_target"
+  mv -f "$temp_target" "$target"
+}
+if [[ "$(uname -s)" != "Darwin" ]]; then
+  echo "install-user-daemon.sh supports macOS launchd only" >&2
+  exit 1
+fi
+if [[ "$(id -u)" -ne 0 ]]; then
+  echo "install-user-daemon.sh must be run as root" >&2
+  exit 1
+fi
+label="com.wlfi.agent.daemon"
+runner=""
+daemon_bin=""
+keychain_helper=""
+state_file=""
+daemon_socket=""
+keychain_service="wlfi-agent-daemon-password"
+keychain_account=""
+signer_backend="software"
+allow_admin_euid=""
+allow_agent_euid=""
+vault_password_stdin=false
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --label)
+      require_non_empty_value "$1" "${2:-}"
+      label="$2"
+      shift 2
+      ;;
+    --runner)
+      require_non_empty_value "$1" "${2:-}"
+      runner="$2"
+      shift 2
+      ;;
+    --daemon-bin)
+      require_non_empty_value "$1" "${2:-}"
+      daemon_bin="$2"
+      shift 2
+      ;;
+    --keychain-helper)
+      require_non_empty_value "$1" "${2:-}"
+      keychain_helper="$2"
+      shift 2
+      ;;
+    --state-file)
+      require_non_empty_value "$1" "${2:-}"
+      state_file="$2"
+      shift 2
+      ;;
+    --daemon-socket)
+      require_non_empty_value "$1" "${2:-}"
+      daemon_socket="$2"
+      shift 2
+      ;;
+    --keychain-service)
+      require_non_empty_value "$1" "${2:-}"
+      keychain_service="$2"
+      shift 2
+      ;;
+    --keychain-account)
+      require_non_empty_value "$1" "${2:-}"
+      keychain_account="$2"
+      shift 2
+      ;;
+    --signer-backend)
+      require_non_empty_value "$1" "${2:-}"
+      signer_backend="$2"
+      shift 2
+      ;;
+    --allow-admin-euid)
+      require_non_empty_value "$1" "${2:-}"
+      allow_admin_euid="$2"
+      shift 2
+      ;;
+    --allow-agent-euid)
+      require_non_empty_value "$1" "${2:-}"
+      allow_agent_euid="$2"
+      shift 2
+      ;;
+    --vault-password-stdin)
+      vault_password_stdin=true
+      shift
+      ;;
+    --help|-h)
+      usage
+      exit 0
+      ;;
+    *)
+      echo "unknown argument: $1" >&2
+      usage >&2
+      exit 1
+      ;;
+  esac
+done
+validate_label "$label"
+require_non_empty_value "--runner" "$runner"
+require_non_empty_value "--daemon-bin" "$daemon_bin"
+require_non_empty_value "--keychain-helper" "$keychain_helper"
+require_non_empty_value "--state-file" "$state_file"
+require_non_empty_value "--daemon-socket" "$daemon_socket"
+require_non_empty_value "--keychain-account" "$keychain_account"
+require_non_empty_value "--allow-admin-euid" "$allow_admin_euid"
+require_non_empty_value "--allow-agent-euid" "$allow_agent_euid"
+if [[ ! -x "$runner" ]]; then
+  echo "runner is not executable: $runner" >&2
+  exit 1
+fi
+if [[ ! -x "$daemon_bin" ]]; then
+  echo "daemon binary is not executable: $daemon_bin" >&2
+  exit 1
+fi
+if [[ ! -x "$keychain_helper" ]]; then
+  echo "keychain helper is not executable: $keychain_helper" >&2
+  exit 1
+fi
+if [[ "$vault_password_stdin" != true ]]; then
+  echo "install-user-daemon.sh requires --vault-password-stdin" >&2
+  exit 1
+fi
+vault_password="$(read_secret_from_stdin 'vault password')"
+trap 'unset vault_password' EXIT
+relay_daemon_token="${WLFI_RELAY_DAEMON_TOKEN:-}"
+launch_daemons_dir="/Library/LaunchDaemons"
+plist_path="${launch_daemons_dir}/${label}.plist"
+log_dir="/var/log/wlfi-agent"
+stdout_log="${log_dir}/${label}.out.log"
+stderr_log="${log_dir}/${label}.err.log"
+managed_bin_dir="/Library/WLFI/bin"
+managed_runner="${managed_bin_dir}/run-wlfi-agent-daemon.sh"
+managed_daemon_bin="${managed_bin_dir}/$(basename "$daemon_bin")"
+managed_keychain_helper="${managed_bin_dir}/$(basename "$keychain_helper")"
+state_dir="$(dirname "$state_file")"
+socket_dir="$(dirname "$daemon_socket")"
+relay_token_file="${state_dir}/relay-daemon-token"
+require_regular_executable "runner" "$runner"
+require_regular_executable "daemon binary" "$daemon_bin"
+require_regular_executable "keychain helper" "$keychain_helper"
+mkdir -p "$launch_daemons_dir" "$log_dir" "$managed_bin_dir" "$state_dir" "$socket_dir"
+chmod 755 "$launch_daemons_dir"
+chmod 755 "$managed_bin_dir"
+chmod 700 "$log_dir" "$state_dir"
+chmod 755 "$socket_dir"
+chown root:wheel "$log_dir" "$managed_bin_dir" "$state_dir" "$socket_dir"
+temp_runner="${managed_runner}.tmp.$$"
+temp_daemon_bin="${managed_daemon_bin}.tmp.$$"
+temp_keychain_helper="${managed_keychain_helper}.tmp.$$"
+temp_relay_token_file="${relay_token_file}.tmp.$$"
+trap 'rm -f "$temp_runner" "$temp_daemon_bin" "$temp_keychain_helper" "$temp_relay_token_file"; unset vault_password relay_daemon_token' EXIT
+install -o root -g wheel -m 755 "$runner" "$temp_runner"
+install -o root -g wheel -m 755 "$daemon_bin" "$temp_daemon_bin"
+install -o root -g wheel -m 700 "$keychain_helper" "$temp_keychain_helper"
+mv -f "$temp_runner" "$managed_runner"
+mv -f "$temp_daemon_bin" "$managed_daemon_bin"
+mv -f "$temp_keychain_helper" "$managed_keychain_helper"
+if [[ -n "$relay_daemon_token" ]]; then
+  install_private_file "relay daemon token file" "$relay_token_file" "$relay_daemon_token"
+else
+  rm -f "$relay_token_file"
+fi
+"$managed_keychain_helper" replace-generic-password \
+  --keychain /Library/Keychains/System.keychain \
+  --service "$keychain_service" \
+  --account "$keychain_account" \
+  --password-stdin <<<"$vault_password"
+cat > "$plist_path" <<EOF2
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+  <dict>
+    <key>Label</key>
+    <string>${label}</string>
+    <key>ProgramArguments</key>
+    <array>
+      <string>${managed_runner}</string>
+    </array>
+    <key>EnvironmentVariables</key>
+    <dict>
+      <key>WLFI_DAEMON_BIN</key>
+      <string>${managed_daemon_bin}</string>
+      <key>WLFI_STATE_FILE</key>
+      <string>${state_file}</string>
+      <key>WLFI_DAEMON_SOCKET</key>
+      <string>${daemon_socket}</string>
+      <key>WLFI_KEYCHAIN_SERVICE</key>
+      <string>${keychain_service}</string>
+      <key>WLFI_KEYCHAIN_ACCOUNT</key>
+      <string>${keychain_account}</string>
+      <key>WLFI_KEYCHAIN_HELPER</key>
+      <string>${managed_keychain_helper}</string>
+      <key>WLFI_SIGNER_BACKEND</key>
+      <string>${signer_backend}</string>
+      <key>WLFI_ALLOW_ADMIN_EUID</key>
+      <string>${allow_admin_euid}</string>
+      <key>WLFI_ALLOW_AGENT_EUID</key>
+      <string>${allow_agent_euid}</string>
+EOF2
+if [[ -n "$relay_daemon_token" ]]; then
+cat >> "$plist_path" <<EOF2
+      <key>WLFI_RELAY_DAEMON_TOKEN_FILE</key>
+      <string>${relay_token_file}</string>
+EOF2
+fi
+cat >> "$plist_path" <<EOF2
+    </dict>
+    <key>RunAtLoad</key>
+    <true/>
+    <key>KeepAlive</key>
+    <true/>
+    <key>WorkingDirectory</key>
+    <string>${state_dir}</string>
+    <key>StandardOutPath</key>
+    <string>${stdout_log}</string>
+    <key>StandardErrorPath</key>
+    <string>${stderr_log}</string>
+  </dict>
+</plist>
+EOF2
+chmod 644 "$plist_path"
+chown root:wheel "$plist_path"
+launchctl bootout system/${label} >/dev/null 2>&1 || true
+launchctl enable system/${label} >/dev/null 2>&1 || true
+launchctl bootstrap system "$plist_path"
+launchctl enable system/${label} >/dev/null 2>&1 || true
+launchctl kickstart -k system/${label} >/dev/null 2>&1 || true
+cat <<EOF2
+installed launch daemon:
+  label: ${label}
+  plist: ${plist_path}
+  runner: ${managed_runner}
+  daemon bin: ${managed_daemon_bin}
+  keychain helper: ${managed_keychain_helper}
+  daemon socket: ${daemon_socket}
+  state file: ${state_file}
+  signer backend: ${signer_backend}
+  keychain service: ${keychain_service}
+  keychain account: ${keychain_account}
+EOF2
+if [[ -n "$relay_daemon_token" ]]; then
+  cat <<EOF2
+  relay daemon token file: ${relay_token_file}
+EOF2
+fi

package/scripts/launchd/run-vault-daemon.sh ADDED Viewed

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+set -euo pipefail
+script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+exec "${script_dir}/run-wlfi-agent-daemon.sh" "$@"