npm - @wlfi-agent/cli - Versions diffs - 1.4.13 → 1.4.15 - Mend

@wlfi-agent/cli 1.4.13 → 1.4.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (289) hide show

package/Cargo.lock +3968 -0
package/Cargo.toml +50 -0
package/README.md +426 -6
package/crates/vault-cli-admin/Cargo.toml +26 -0
package/crates/vault-cli-admin/src/io_utils.rs +500 -0
package/crates/vault-cli-admin/src/main.rs +3990 -0
package/crates/vault-cli-admin/src/shared_config.rs +624 -0
package/crates/vault-cli-admin/src/tui/amounts.rs +180 -0
package/crates/vault-cli-admin/src/tui/token_rpc.rs +250 -0
package/crates/vault-cli-admin/src/tui/utils.rs +82 -0
package/crates/vault-cli-admin/src/tui.rs +3410 -0
package/crates/vault-cli-agent/Cargo.toml +24 -0
package/crates/vault-cli-agent/src/io_utils.rs +576 -0
package/crates/vault-cli-agent/src/main.rs +833 -0
package/crates/vault-cli-daemon/Cargo.toml +28 -0
package/crates/vault-cli-daemon/src/bin/wlfi-agent-system-keychain.rs +216 -0
package/crates/vault-cli-daemon/src/main.rs +644 -0
package/crates/vault-cli-daemon/src/relay_sync.rs +894 -0
package/crates/vault-cli-daemon/tests/system_keychain_helper_acl.rs +167 -0
package/crates/vault-daemon/Cargo.toml +32 -0
package/crates/vault-daemon/src/daemon_parts/api_impl_and_utils.rs +1041 -0
package/crates/vault-daemon/src/daemon_parts/core_helpers.rs +1256 -0
package/crates/vault-daemon/src/daemon_parts/types_api_rpc.rs +622 -0
package/crates/vault-daemon/src/lib.rs +54 -0
package/crates/vault-daemon/src/persistence.rs +441 -0
package/crates/vault-daemon/src/tests.rs +237 -0
package/crates/vault-daemon/src/tests_parts/part1.rs +1224 -0
package/crates/vault-daemon/src/tests_parts/part2.rs +1021 -0
package/crates/vault-daemon/src/tests_parts/part3.rs +835 -0
package/crates/vault-daemon/src/tests_parts/part4.rs +604 -0
package/crates/vault-domain/Cargo.toml +20 -0
package/crates/vault-domain/src/action.rs +849 -0
package/crates/vault-domain/src/address.rs +51 -0
package/crates/vault-domain/src/approval.rs +90 -0
package/crates/vault-domain/src/constants.rs +4 -0
package/crates/vault-domain/src/error.rs +54 -0
package/crates/vault-domain/src/keys.rs +71 -0
package/crates/vault-domain/src/lib.rs +42 -0
package/crates/vault-domain/src/nonce.rs +102 -0
package/crates/vault-domain/src/policy.rs +172 -0
package/crates/vault-domain/src/request.rs +53 -0
package/crates/vault-domain/src/scope.rs +24 -0
package/crates/vault-domain/src/session.rs +50 -0
package/crates/vault-domain/src/signature.rs +34 -0
package/crates/vault-domain/src/tests.rs +651 -0
package/crates/vault-domain/src/u128_as_decimal_string.rs +44 -0
package/crates/vault-policy/Cargo.toml +17 -0
package/crates/vault-policy/src/engine.rs +301 -0
package/crates/vault-policy/src/error.rs +81 -0
package/crates/vault-policy/src/lib.rs +17 -0
package/crates/vault-policy/src/report.rs +34 -0
package/crates/vault-policy/src/tests.rs +891 -0
package/crates/vault-policy/src/tests_explain.rs +78 -0
package/crates/vault-sdk-agent/Cargo.toml +21 -0
package/crates/vault-sdk-agent/src/lib.rs +711 -0
package/crates/vault-signer/Cargo.toml +25 -0
package/crates/vault-signer/src/lib.rs +731 -0
package/crates/vault-signer/tests/secure_enclave_acl.rs +54 -0
package/crates/vault-transport-unix/Cargo.toml +24 -0
package/crates/vault-transport-unix/src/lib.rs +1640 -0
package/crates/vault-transport-xpc/Cargo.toml +25 -0
package/crates/vault-transport-xpc/src/client_codec_api.rs +635 -0
package/crates/vault-transport-xpc/src/lib.rs +680 -0
package/crates/vault-transport-xpc/src/tests.rs +818 -0
package/crates/vault-transport-xpc/tests/e2e_flow.rs +773 -0
package/dist/cli.cjs +35088 -0
package/dist/cli.cjs.map +1 -0
package/package.json +45 -41
package/packages/cache/.turbo/turbo-build.log +52 -0
package/packages/cache/dist/chunk-2QFWMUXT.cjs +43 -0
package/packages/cache/dist/chunk-2QFWMUXT.cjs.map +1 -0
package/packages/cache/dist/chunk-4U63TZTQ.js +43 -0
package/packages/cache/dist/chunk-4U63TZTQ.js.map +1 -0
package/packages/cache/dist/chunk-ALQ6H7KG.cjs +404 -0
package/packages/cache/dist/chunk-ALQ6H7KG.cjs.map +1 -0
package/packages/cache/dist/chunk-FGJEEF5N.js +404 -0
package/packages/cache/dist/chunk-FGJEEF5N.js.map +1 -0
package/packages/cache/dist/chunk-UYNEHZHB.cjs +45 -0
package/packages/cache/dist/chunk-UYNEHZHB.cjs.map +1 -0
package/packages/cache/dist/chunk-VXVMPG3W.js +45 -0
package/packages/cache/dist/chunk-VXVMPG3W.js.map +1 -0
package/packages/cache/dist/client/index.cjs +11 -0
package/packages/cache/dist/client/index.cjs.map +1 -0
package/packages/cache/dist/client/index.d.cts +15 -0
package/packages/cache/dist/client/index.d.ts +15 -0
package/packages/cache/dist/client/index.js +11 -0
package/packages/cache/dist/client/index.js.map +1 -0
package/packages/cache/dist/errors/index.cjs +11 -0
package/packages/cache/dist/errors/index.cjs.map +1 -0
package/packages/cache/dist/errors/index.d.cts +26 -0
package/packages/cache/dist/errors/index.d.ts +26 -0
package/packages/cache/dist/errors/index.js +11 -0
package/packages/cache/dist/errors/index.js.map +1 -0
package/packages/cache/dist/index.cjs +29 -0
package/packages/cache/dist/index.cjs.map +1 -0
package/packages/cache/dist/index.d.cts +4 -0
package/packages/cache/dist/index.d.ts +4 -0
package/packages/cache/dist/index.js +29 -0
package/packages/cache/dist/index.js.map +1 -0
package/packages/cache/dist/service/index.cjs +15 -0
package/packages/cache/dist/service/index.cjs.map +1 -0
package/packages/cache/dist/service/index.d.cts +184 -0
package/packages/cache/dist/service/index.d.ts +184 -0
package/packages/cache/dist/service/index.js +15 -0
package/packages/cache/dist/service/index.js.map +1 -0
package/packages/cache/node_modules/.bin/jiti +17 -0
package/packages/cache/node_modules/.bin/tsc +17 -0
package/packages/cache/node_modules/.bin/tsserver +17 -0
package/packages/cache/node_modules/.bin/tsup +17 -0
package/packages/cache/node_modules/.bin/tsup-node +17 -0
package/packages/cache/node_modules/.bin/tsx +17 -0
package/packages/cache/node_modules/.bin/vitest +17 -0
package/packages/cache/package.json +48 -0
package/packages/cache/src/client/index.ts +56 -0
package/packages/cache/src/errors/index.ts +53 -0
package/packages/cache/src/index.ts +3 -0
package/packages/cache/src/service/index.test.ts +263 -0
package/packages/cache/src/service/index.ts +678 -0
package/packages/cache/tsconfig.json +13 -0
package/packages/cache/tsup.config.ts +13 -0
package/packages/cache/vitest.config.ts +16 -0
package/packages/config/.turbo/turbo-build.log +18 -0
package/packages/config/dist/index.cjs +1037 -0
package/packages/config/dist/index.cjs.map +1 -0
package/packages/config/dist/index.d.ts +131 -0
package/packages/config/node_modules/.bin/jiti +17 -0
package/packages/config/node_modules/.bin/tsc +17 -0
package/packages/config/node_modules/.bin/tsserver +17 -0
package/packages/config/node_modules/.bin/tsup +17 -0
package/packages/config/node_modules/.bin/tsup-node +17 -0
package/packages/config/node_modules/.bin/tsx +17 -0
package/packages/config/package.json +21 -0
package/packages/config/src/index.js +1 -0
package/packages/config/src/index.ts +1282 -0
package/packages/config/tsconfig.json +4 -0
package/packages/rpc/.turbo/turbo-build.log +32 -0
package/packages/rpc/dist/_esm-BCLXDO2R.cjs +3660 -0
package/packages/rpc/dist/_esm-BCLXDO2R.cjs.map +1 -0
package/packages/rpc/dist/ccip-OWJLAW55.cjs +16 -0
package/packages/rpc/dist/ccip-OWJLAW55.cjs.map +1 -0
package/packages/rpc/dist/chunk-APQIFZ3B.cjs +6247 -0
package/packages/rpc/dist/chunk-APQIFZ3B.cjs.map +1 -0
package/packages/rpc/dist/chunk-CDO2GWRD.cjs +410 -0
package/packages/rpc/dist/chunk-CDO2GWRD.cjs.map +1 -0
package/packages/rpc/dist/chunk-QGTNTFJ7.cjs +2249 -0
package/packages/rpc/dist/chunk-QGTNTFJ7.cjs.map +1 -0
package/packages/rpc/dist/chunk-TZDTAHWR.cjs +44 -0
package/packages/rpc/dist/chunk-TZDTAHWR.cjs.map +1 -0
package/packages/rpc/dist/index.cjs +7342 -0
package/packages/rpc/dist/index.cjs.map +1 -0
package/packages/rpc/dist/index.d.ts +3857 -0
package/packages/rpc/dist/secp256k1-WCNM675D.cjs +18 -0
package/packages/rpc/dist/secp256k1-WCNM675D.cjs.map +1 -0
package/packages/rpc/node_modules/.bin/jiti +17 -0
package/packages/rpc/node_modules/.bin/tsc +17 -0
package/packages/rpc/node_modules/.bin/tsserver +17 -0
package/packages/rpc/node_modules/.bin/tsup +17 -0
package/packages/rpc/node_modules/.bin/tsup-node +17 -0
package/packages/rpc/node_modules/.bin/tsx +17 -0
package/packages/rpc/package.json +25 -0
package/packages/rpc/src/index.ts +206 -0
package/packages/rpc/tsconfig.json +4 -0
package/packages/typescript/base.json +36 -0
package/packages/typescript/nextjs.json +17 -0
package/packages/typescript/package.json +10 -0
package/packages/ui/.turbo/turbo-build.log +44 -0
package/packages/ui/dist/chunk-MOAFBKSA.js +11 -0
package/packages/ui/dist/chunk-MOAFBKSA.js.map +1 -0
package/packages/ui/dist/components/badge.d.ts +12 -0
package/packages/ui/dist/components/badge.js +31 -0
package/packages/ui/dist/components/badge.js.map +1 -0
package/packages/ui/dist/components/button.d.ts +13 -0
package/packages/ui/dist/components/button.js +40 -0
package/packages/ui/dist/components/button.js.map +1 -0
package/packages/ui/dist/components/card.d.ts +10 -0
package/packages/ui/dist/components/card.js +39 -0
package/packages/ui/dist/components/card.js.map +1 -0
package/packages/ui/dist/components/input.d.ts +5 -0
package/packages/ui/dist/components/input.js +28 -0
package/packages/ui/dist/components/input.js.map +1 -0
package/packages/ui/dist/components/label.d.ts +5 -0
package/packages/ui/dist/components/label.js +13 -0
package/packages/ui/dist/components/label.js.map +1 -0
package/packages/ui/dist/components/separator.d.ts +5 -0
package/packages/ui/dist/components/separator.js +13 -0
package/packages/ui/dist/components/separator.js.map +1 -0
package/packages/ui/dist/components/textarea.d.ts +5 -0
package/packages/ui/dist/components/textarea.js +27 -0
package/packages/ui/dist/components/textarea.js.map +1 -0
package/packages/ui/dist/tailwind.d.ts +56 -0
package/packages/ui/dist/tailwind.js +60 -0
package/packages/ui/dist/tailwind.js.map +1 -0
package/packages/ui/dist/utils/cn.d.ts +5 -0
package/packages/ui/dist/utils/cn.js +7 -0
package/packages/ui/dist/utils/cn.js.map +1 -0
package/packages/ui/node_modules/.bin/jiti +17 -0
package/packages/ui/node_modules/.bin/tsc +17 -0
package/packages/ui/node_modules/.bin/tsserver +17 -0
package/packages/ui/node_modules/.bin/tsup +17 -0
package/packages/ui/node_modules/.bin/tsup-node +17 -0
package/packages/ui/node_modules/.bin/tsx +17 -0
package/packages/ui/package.json +69 -0
package/packages/ui/src/components/badge.tsx +27 -0
package/packages/ui/src/components/button.tsx +40 -0
package/packages/ui/src/components/card.tsx +31 -0
package/packages/ui/src/components/input.tsx +21 -0
package/packages/ui/src/components/label.tsx +6 -0
package/packages/ui/src/components/separator.tsx +6 -0
package/packages/ui/src/components/textarea.tsx +20 -0
package/packages/ui/src/globals.css +70 -0
package/packages/ui/src/tailwind.ts +56 -0
package/packages/ui/src/utils/cn.ts +6 -0
package/packages/ui/tsconfig.json +20 -0
package/packages/ui/tsup.config.ts +20 -0
package/pnpm-workspace.yaml +4 -0
package/scripts/install-rust-binaries.mjs +84 -0
package/scripts/launchd/install-user-daemon.sh +358 -0
package/scripts/launchd/run-vault-daemon.sh +5 -0
package/scripts/launchd/run-wlfi-agent-daemon.sh +73 -0
package/scripts/launchd/uninstall-user-daemon.sh +103 -0
package/src/cli.ts +2121 -0
package/src/lib/admin-guard.js +1 -0
package/src/lib/admin-guard.ts +185 -0
package/src/lib/admin-passthrough.ts +33 -0
package/src/lib/admin-reset.ts +751 -0
package/src/lib/admin-setup.ts +1612 -0
package/src/lib/agent-auth-clear.js +1 -0
package/src/lib/agent-auth-clear.ts +58 -0
package/src/lib/agent-auth-forwarding.js +1 -0
package/src/lib/agent-auth-forwarding.ts +149 -0
package/src/lib/agent-auth-migrate.js +1 -0
package/src/lib/agent-auth-migrate.ts +150 -0
package/src/lib/agent-auth-revoke.ts +103 -0
package/src/lib/agent-auth-rotate.ts +107 -0
package/src/lib/agent-auth-token.js +1 -0
package/src/lib/agent-auth-token.ts +25 -0
package/src/lib/agent-auth.ts +89 -0
package/src/lib/asset-broadcast.js +1 -0
package/src/lib/asset-broadcast.ts +285 -0
package/src/lib/bootstrap-artifacts.js +1 -0
package/src/lib/bootstrap-artifacts.ts +205 -0
package/src/lib/bootstrap-credentials.js +1 -0
package/src/lib/bootstrap-credentials.ts +832 -0
package/src/lib/config-amounts.js +1 -0
package/src/lib/config-amounts.ts +189 -0
package/src/lib/config-mutation.ts +27 -0
package/src/lib/fs-trust.js +1 -0
package/src/lib/fs-trust.ts +537 -0
package/src/lib/keychain.js +1 -0
package/src/lib/keychain.ts +225 -0
package/src/lib/local-admin-access.ts +106 -0
package/src/lib/network-selection.js +1 -0
package/src/lib/network-selection.ts +71 -0
package/src/lib/passthrough-security.js +1 -0
package/src/lib/passthrough-security.ts +114 -0
package/src/lib/rpc-guard.js +1 -0
package/src/lib/rpc-guard.ts +7 -0
package/src/lib/rust-spawn-options.js +1 -0
package/src/lib/rust-spawn-options.ts +98 -0
package/src/lib/rust.js +1 -0
package/src/lib/rust.ts +143 -0
package/src/lib/signed-tx.js +1 -0
package/src/lib/signed-tx.ts +116 -0
package/src/lib/status-repair-cli.ts +116 -0
package/src/lib/sudo.js +1 -0
package/src/lib/sudo.ts +172 -0
package/src/lib/vault-password-forwarding.js +1 -0
package/src/lib/vault-password-forwarding.ts +155 -0
package/src/lib/wallet-profile.js +1 -0
package/src/lib/wallet-profile.ts +332 -0
package/src/lib/wallet-repair.js +1 -0
package/src/lib/wallet-repair.ts +304 -0
package/src/lib/wallet-setup.js +1 -0
package/src/lib/wallet-setup.ts +1466 -0
package/src/lib/wallet-status.js +1 -0
package/src/lib/wallet-status.ts +640 -0
package/tsconfig.base.json +17 -0
package/tsconfig.json +10 -0
package/tsup.config.ts +25 -0
package/turbo.json +41 -0
package/LICENSE.md +0 -1
package/dist/wlfa/index.cjs +0 -250
package/dist/wlfa/index.d.cts +0 -1
package/dist/wlfa/index.d.ts +0 -1
package/dist/wlfa/index.js +0 -250
package/dist/wlfc/index.cjs +0 -1839
package/dist/wlfc/index.d.cts +0 -1
package/dist/wlfc/index.d.ts +0 -1
package/dist/wlfc/index.js +0 -1839

package/packages/cache/dist/service/index.js ADDED Viewed

@@ -0,0 +1,15 @@
+import {
+  RelayCacheService,
+  createRelayCacheService,
+  relayApprovalStatuses,
+  relayUpdateStatuses
+} from "../chunk-FGJEEF5N.js";
+import "../chunk-VXVMPG3W.js";
+import "../chunk-4U63TZTQ.js";
+export {
+  RelayCacheService,
+  createRelayCacheService,
+  relayApprovalStatuses,
+  relayUpdateStatuses
+};
+//# sourceMappingURL=index.js.map

package/packages/cache/dist/service/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/packages/cache/node_modules/.bin/jiti ADDED Viewed

@@ -0,0 +1,17 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+case `uname` in
+    *CYGWIN*) basedir=`cygpath -w "$basedir"`;;
+esac
+if [ -z "$NODE_PATH" ]; then
+  export NODE_PATH="/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/jiti@1.21.7/node_modules/jiti/bin/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/jiti@1.21.7/node_modules/jiti/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/jiti@1.21.7/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/node_modules"
+else
+  export NODE_PATH="/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/jiti@1.21.7/node_modules/jiti/bin/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/jiti@1.21.7/node_modules/jiti/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/jiti@1.21.7/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/node_modules:$NODE_PATH"
+fi
+if [ -x "$basedir/node" ]; then
+  exec "$basedir/node"  "$basedir/../../../../node_modules/.pnpm/jiti@1.21.7/node_modules/jiti/bin/jiti.js" "$@"
+else
+  exec node  "$basedir/../../../../node_modules/.pnpm/jiti@1.21.7/node_modules/jiti/bin/jiti.js" "$@"
+fi

package/packages/cache/node_modules/.bin/tsc ADDED Viewed

@@ -0,0 +1,17 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+case `uname` in
+    *CYGWIN*) basedir=`cygpath -w "$basedir"`;;
+esac
+if [ -z "$NODE_PATH" ]; then
+  export NODE_PATH="/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/bin/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/typescript@5.9.3/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/node_modules"
+else
+  export NODE_PATH="/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/bin/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/typescript@5.9.3/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/node_modules:$NODE_PATH"
+fi
+if [ -x "$basedir/node" ]; then
+  exec "$basedir/node"  "$basedir/../../../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/bin/tsc" "$@"
+else
+  exec node  "$basedir/../../../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/bin/tsc" "$@"
+fi

package/packages/cache/node_modules/.bin/tsserver ADDED Viewed

@@ -0,0 +1,17 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+case `uname` in
+    *CYGWIN*) basedir=`cygpath -w "$basedir"`;;
+esac
+if [ -z "$NODE_PATH" ]; then
+  export NODE_PATH="/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/bin/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/typescript@5.9.3/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/node_modules"
+else
+  export NODE_PATH="/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/bin/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/typescript@5.9.3/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/node_modules:$NODE_PATH"
+fi
+if [ -x "$basedir/node" ]; then
+  exec "$basedir/node"  "$basedir/../../../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/bin/tsserver" "$@"
+else
+  exec node  "$basedir/../../../../node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/bin/tsserver" "$@"
+fi

package/packages/cache/node_modules/.bin/tsup ADDED Viewed

@@ -0,0 +1,17 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+case `uname` in
+    *CYGWIN*) basedir=`cygpath -w "$basedir"`;;
+esac
+if [ -z "$NODE_PATH" ]; then
+  export NODE_PATH="/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/tsup@8.5.1_jiti@1.21.7_postcss@8.5.8_tsx@4.21.0_typescript@5.9.3/node_modules/tsup/dist/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/tsup@8.5.1_jiti@1.21.7_postcss@8.5.8_tsx@4.21.0_typescript@5.9.3/node_modules/tsup/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/tsup@8.5.1_jiti@1.21.7_postcss@8.5.8_tsx@4.21.0_typescript@5.9.3/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/node_modules"
+else
+  export NODE_PATH="/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/tsup@8.5.1_jiti@1.21.7_postcss@8.5.8_tsx@4.21.0_typescript@5.9.3/node_modules/tsup/dist/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/tsup@8.5.1_jiti@1.21.7_postcss@8.5.8_tsx@4.21.0_typescript@5.9.3/node_modules/tsup/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/tsup@8.5.1_jiti@1.21.7_postcss@8.5.8_tsx@4.21.0_typescript@5.9.3/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/node_modules:$NODE_PATH"
+fi
+if [ -x "$basedir/node" ]; then
+  exec "$basedir/node"  "$basedir/../../../../node_modules/.pnpm/tsup@8.5.1_jiti@1.21.7_postcss@8.5.8_tsx@4.21.0_typescript@5.9.3/node_modules/tsup/dist/cli-default.js" "$@"
+else
+  exec node  "$basedir/../../../../node_modules/.pnpm/tsup@8.5.1_jiti@1.21.7_postcss@8.5.8_tsx@4.21.0_typescript@5.9.3/node_modules/tsup/dist/cli-default.js" "$@"
+fi

package/packages/cache/node_modules/.bin/tsup-node ADDED Viewed

@@ -0,0 +1,17 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+case `uname` in
+    *CYGWIN*) basedir=`cygpath -w "$basedir"`;;
+esac
+if [ -z "$NODE_PATH" ]; then
+  export NODE_PATH="/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/tsup@8.5.1_jiti@1.21.7_postcss@8.5.8_tsx@4.21.0_typescript@5.9.3/node_modules/tsup/dist/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/tsup@8.5.1_jiti@1.21.7_postcss@8.5.8_tsx@4.21.0_typescript@5.9.3/node_modules/tsup/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/tsup@8.5.1_jiti@1.21.7_postcss@8.5.8_tsx@4.21.0_typescript@5.9.3/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/node_modules"
+else
+  export NODE_PATH="/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/tsup@8.5.1_jiti@1.21.7_postcss@8.5.8_tsx@4.21.0_typescript@5.9.3/node_modules/tsup/dist/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/tsup@8.5.1_jiti@1.21.7_postcss@8.5.8_tsx@4.21.0_typescript@5.9.3/node_modules/tsup/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/tsup@8.5.1_jiti@1.21.7_postcss@8.5.8_tsx@4.21.0_typescript@5.9.3/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/node_modules:$NODE_PATH"
+fi
+if [ -x "$basedir/node" ]; then
+  exec "$basedir/node"  "$basedir/../../../../node_modules/.pnpm/tsup@8.5.1_jiti@1.21.7_postcss@8.5.8_tsx@4.21.0_typescript@5.9.3/node_modules/tsup/dist/cli-node.js" "$@"
+else
+  exec node  "$basedir/../../../../node_modules/.pnpm/tsup@8.5.1_jiti@1.21.7_postcss@8.5.8_tsx@4.21.0_typescript@5.9.3/node_modules/tsup/dist/cli-node.js" "$@"
+fi

package/packages/cache/node_modules/.bin/tsx ADDED Viewed

@@ -0,0 +1,17 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+case `uname` in
+    *CYGWIN*) basedir=`cygpath -w "$basedir"`;;
+esac
+if [ -z "$NODE_PATH" ]; then
+  export NODE_PATH="/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/tsx@4.21.0/node_modules/tsx/dist/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/tsx@4.21.0/node_modules/tsx/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/tsx@4.21.0/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/node_modules"
+else
+  export NODE_PATH="/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/tsx@4.21.0/node_modules/tsx/dist/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/tsx@4.21.0/node_modules/tsx/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/tsx@4.21.0/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/node_modules:$NODE_PATH"
+fi
+if [ -x "$basedir/node" ]; then
+  exec "$basedir/node"  "$basedir/../../../../node_modules/.pnpm/tsx@4.21.0/node_modules/tsx/dist/cli.mjs" "$@"
+else
+  exec node  "$basedir/../../../../node_modules/.pnpm/tsx@4.21.0/node_modules/tsx/dist/cli.mjs" "$@"
+fi

package/packages/cache/node_modules/.bin/vitest ADDED Viewed

@@ -0,0 +1,17 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+case `uname` in
+    *CYGWIN*) basedir=`cygpath -w "$basedir"`;;
+esac
+if [ -z "$NODE_PATH" ]; then
+  export NODE_PATH="/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/vitest@3.2.4_@types+node@24.12.0_jiti@1.21.7_tsx@4.21.0/node_modules/vitest/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/vitest@3.2.4_@types+node@24.12.0_jiti@1.21.7_tsx@4.21.0/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/node_modules"
+else
+  export NODE_PATH="/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/vitest@3.2.4_@types+node@24.12.0_jiti@1.21.7_tsx@4.21.0/node_modules/vitest/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/vitest@3.2.4_@types+node@24.12.0_jiti@1.21.7_tsx@4.21.0/node_modules:/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/node_modules/.pnpm/node_modules:$NODE_PATH"
+fi
+if [ -x "$basedir/node" ]; then
+  exec "$basedir/node"  "$basedir/../../../../node_modules/.pnpm/vitest@3.2.4_@types+node@24.12.0_jiti@1.21.7_tsx@4.21.0/node_modules/vitest/vitest.mjs" "$@"
+else
+  exec node  "$basedir/../../../../node_modules/.pnpm/vitest@3.2.4_@types+node@24.12.0_jiti@1.21.7_tsx@4.21.0/node_modules/vitest/vitest.mjs" "$@"
+fi

package/packages/cache/package.json ADDED Viewed

@@ -0,0 +1,48 @@
+{
+  "name": "@wlfi-agent/cache",
+  "private": true,
+  "version": "0.0.0",
+  "type": "module",
+  "exports": {
+    ".": {
+      "types": "./src/index.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    },
+    "./client": {
+      "types": "./src/client/index.ts",
+      "import": "./dist/client/index.js",
+      "require": "./dist/client/index.cjs"
+    },
+    "./errors": {
+      "types": "./src/errors/index.ts",
+      "import": "./dist/errors/index.js",
+      "require": "./dist/errors/index.cjs"
+    },
+    "./service": {
+      "types": "./src/service/index.ts",
+      "import": "./dist/service/index.js",
+      "require": "./dist/service/index.cjs"
+    }
+  },
+  "scripts": {
+    "build": "tsup",
+    "clean": "rm -rf .turbo node_modules dist coverage junit",
+    "dev": "tsup --watch",
+    "lint": "biome check .",
+    "lint:fix": "biome check --write .",
+    "test:unit": "vitest run",
+    "typecheck": "tsc --noEmit",
+    "check": "pnpm run typecheck"
+  },
+  "types": "./src/index.ts",
+  "dependencies": {
+    "ioredis": "^5.7.0"
+  },
+  "devDependencies": {
+    "@types/node": "^24.0.0",
+    "tsup": "^8.5.1",
+    "typescript": "^5.9.0",
+    "vitest": "^3.2.4"
+  }
+}

package/packages/cache/src/client/index.ts ADDED Viewed

@@ -0,0 +1,56 @@
+/** biome-ignore-all lint/style/noProcessEnv: relay cache config is environment driven */
+import Redis from 'ioredis';
+export interface CacheClientOptions {
+  connectTimeoutMs?: number;
+  enableOfflineQueue?: boolean;
+  keyPrefix?: string;
+  lazyConnect?: boolean;
+  maxRetriesPerRequest?: number | null;
+  url?: string;
+}
+let singletonClient: Redis | null = null;
+const getDefaultCacheUrl = (): string => {
+  const explicitUrl = process.env.CACHE_URL?.trim();
+  if (explicitUrl) {
+    return explicitUrl;
+  }
+  const host = process.env.CACHE_HOST?.trim() || '127.0.0.1';
+  const port = Number(process.env.CACHE_PORT?.trim() || '6379');
+  return `redis://${host}:${port}`;
+};
+export const createCacheClient = (options: CacheClientOptions = {}): Redis => {
+  return new Redis(options.url ?? getDefaultCacheUrl(), {
+    connectTimeout: options.connectTimeoutMs ?? 5_000,
+    enableOfflineQueue: options.enableOfflineQueue ?? true,
+    keyPrefix: options.keyPrefix,
+    lazyConnect: options.lazyConnect ?? false,
+    maxRetriesPerRequest: options.maxRetriesPerRequest ?? 2,
+    reconnectOnError(error) {
+      return error.message.includes('READONLY') || error.message.includes('ETIMEDOUT');
+    },
+  });
+};
+export const getCacheClient = (options: CacheClientOptions = {}): Redis => {
+  if (!singletonClient) {
+    singletonClient = createCacheClient(options);
+  }
+  return singletonClient;
+};
+export const closeCacheClient = async (): Promise<void> => {
+  if (!singletonClient) {
+    return;
+  }
+  const client = singletonClient;
+  singletonClient = null;
+  await client.quit();
+};

package/packages/cache/src/errors/index.ts ADDED Viewed

@@ -0,0 +1,53 @@
+export const cacheErrorCodes = {
+  connectionFailed: 'CACHE_CONNECTION_FAILED',
+  invalidPayload: 'CACHE_INVALID_PAYLOAD',
+  notFound: 'CACHE_NOT_FOUND',
+  unknown: 'CACHE_UNKNOWN',
+} as const;
+export type CacheErrorCode = (typeof cacheErrorCodes)[keyof typeof cacheErrorCodes];
+export class CacheError extends Error {
+  readonly code: CacheErrorCode;
+  readonly key?: string;
+  readonly operation?: string;
+  override readonly cause?: unknown;
+  constructor(options: {
+    cause?: unknown;
+    code: CacheErrorCode;
+    key?: string;
+    message: string;
+    operation?: string;
+  }) {
+    super(options.message);
+    this.name = 'CacheError';
+    this.code = options.code;
+    this.key = options.key;
+    this.operation = options.operation;
+    this.cause = options.cause;
+  }
+}
+export const toCacheError = (
+  error: unknown,
+  context: { key?: string; operation?: string } = {},
+): CacheError => {
+  if (error instanceof CacheError) {
+    return error;
+  }
+  const message = error instanceof Error ? error.message : 'Unknown cache error';
+  const normalizedMessage = message.toLowerCase();
+  const code = normalizedMessage.includes('connect')
+    ? cacheErrorCodes.connectionFailed
+    : cacheErrorCodes.unknown;
+  return new CacheError({
+    cause: error,
+    code,
+    key: context.key,
+    message,
+    operation: context.operation,
+  });
+};

package/packages/cache/src/index.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export * from './client/index.js';
+export * from './errors/index.js';
+export * from './service/index.js';

package/packages/cache/src/service/index.test.ts ADDED Viewed

@@ -0,0 +1,263 @@
+import { createHash } from 'node:crypto';
+import { describe, expect, it } from 'vitest';
+import { RelayCacheService } from './index.js';
+class InMemoryCacheClient {
+  private readonly store = new Map<string, string>();
+  private readonly sets = new Map<string, Set<string>>();
+  private readonly zsets = new Map<string, Array<{ member: string; score: number }>>();
+  async del(key: string): Promise<number> {
+    const existed = this.store.delete(key);
+    this.sets.delete(key);
+    this.zsets.delete(key);
+    return existed ? 1 : 0;
+  }
+  async get(key: string): Promise<string | null> {
+    return this.store.get(key) ?? null;
+  }
+  async ping(): Promise<string> {
+    return 'PONG';
+  }
+  async quit(): Promise<string> {
+    return 'OK';
+  }
+  async sadd(key: string, ...members: string[]): Promise<number> {
+    const bucket = this.sets.get(key) ?? new Set<string>();
+    let added = 0;
+    for (const member of members) {
+      if (!bucket.has(member)) {
+        bucket.add(member);
+        added += 1;
+      }
+    }
+    this.sets.set(key, bucket);
+    return added;
+  }
+  async set(key: string, value: string, mode?: 'NX' | 'XX'): Promise<'OK' | null> {
+    if (mode === 'NX' && this.store.has(key)) {
+      return null;
+    }
+    if (mode === 'XX' && !this.store.has(key)) {
+      return null;
+    }
+    this.store.set(key, value);
+    return 'OK';
+  }
+  async smembers(key: string): Promise<string[]> {
+    return [...(this.sets.get(key) ?? new Set<string>())];
+  }
+  async zadd(key: string, ...args: (string | number)[]): Promise<number> {
+    const bucket = this.zsets.get(key) ?? [];
+    for (let index = 0; index < args.length; index += 2) {
+      bucket.push({ score: Number(args[index]), member: String(args[index + 1]) });
+    }
+    this.zsets.set(key, bucket);
+    return args.length / 2;
+  }
+  async zrange(key: string, start: number, stop: number, ...args: string[]): Promise<string[]> {
+    const bucket = [...(this.zsets.get(key) ?? [])].sort((left, right) => left.score - right.score);
+    const ordered = args.includes('REV') ? bucket.reverse() : bucket;
+    const normalizedStop = stop < 0 ? ordered.length + stop : stop;
+    return ordered.slice(start, normalizedStop + 1).map((entry) => entry.member);
+  }
+  async zrem(key: string, ...members: string[]): Promise<number> {
+    const bucket = this.zsets.get(key) ?? [];
+    const filtered = bucket.filter((entry) => !members.includes(entry.member));
+    this.zsets.set(key, filtered);
+    return bucket.length - filtered.length;
+  }
+}
+describe('RelayCacheService approval capability guards', () => {
+  it('consumes an approval capability only once', async () => {
+    const service = new RelayCacheService({
+      client: new InMemoryCacheClient() as never,
+      namespace: 'test:relay',
+    });
+    await expect(service.consumeApprovalCapability('approval-1', 'hash-1')).resolves.toBe(true);
+    await expect(service.consumeApprovalCapability('approval-1', 'hash-1')).resolves.toBe(false);
+  });
+  it('rate limits repeated invalid approval capability attempts', async () => {
+    const service = new RelayCacheService({
+      client: new InMemoryCacheClient() as never,
+      namespace: 'test:relay',
+    });
+    for (let attempt = 1; attempt < 5; attempt += 1) {
+      await expect(service.recordApprovalCapabilityFailure('approval-2')).resolves.toMatchObject({
+        attempts: attempt,
+        blocked: false,
+        blockedUntil: null,
+      });
+    }
+    await expect(service.recordApprovalCapabilityFailure('approval-2')).resolves.toMatchObject({
+      attempts: 5,
+      blocked: true,
+    });
+  });
+  it('rotates approval capabilities for pending approvals and clears prior failure state', async () => {
+    const service = new RelayCacheService({
+      client: new InMemoryCacheClient() as never,
+      namespace: 'test:relay',
+    });
+    const daemonId = '11'.repeat(32);
+    const originalToken = 'aa'.repeat(32);
+    const originalHash = createHash('sha256').update(originalToken).digest('hex');
+    await service.syncDaemonRegistration({
+      daemon: {
+        daemonId,
+        daemonPublicKey: '22'.repeat(32),
+        ethereumAddress: '0x3333333333333333333333333333333333333333',
+        lastSeenAt: new Date().toISOString(),
+        registeredAt: new Date().toISOString(),
+        status: 'active',
+        updatedAt: new Date().toISOString(),
+      },
+      approvalRequests: [
+        {
+          approvalRequestId: 'aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa',
+          daemonId,
+          destination: '0x4444444444444444444444444444444444444444',
+          metadata: {
+            approvalCapabilityHash: originalHash,
+            approvalCapabilityToken: originalToken,
+            source: 'daemon',
+          },
+          requestedAt: new Date().toISOString(),
+          status: 'pending',
+          transactionType: 'transfer_native',
+          updatedAt: new Date().toISOString(),
+        },
+      ],
+    });
+    for (let attempt = 1; attempt <= 2; attempt += 1) {
+      await expect(
+        service.recordApprovalCapabilityFailure('aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa'),
+      ).resolves.toMatchObject({
+        attempts: attempt,
+        blocked: false,
+      });
+    }
+    const rotated = await service.rotateApprovalCapability('aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa');
+    expect(rotated.metadata?.source).toBe('daemon');
+    expect(rotated.metadata?.approvalCapabilityToken).toMatch(/^[a-f0-9]{64}$/u);
+    expect(rotated.metadata?.approvalCapabilityToken).not.toBe(originalToken);
+    expect(rotated.metadata?.approvalCapabilityHash).toMatch(/^[a-f0-9]{64}$/u);
+    expect(rotated.metadata?.approvalCapabilityHash).not.toBe(originalHash);
+    expect(rotated.metadata?.approvalCapabilityHash).toBe(
+      createHash('sha256')
+        .update(rotated.metadata?.approvalCapabilityToken ?? '')
+        .digest('hex'),
+    );
+    await expect(
+      service.recordApprovalCapabilityFailure('aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa'),
+    ).resolves.toMatchObject({
+      attempts: 1,
+      blocked: false,
+      blockedUntil: null,
+    });
+  });
+  it('issues a secure approval capability for pending approvals that were synced without one', async () => {
+    const service = new RelayCacheService({
+      client: new InMemoryCacheClient() as never,
+      namespace: 'test:relay',
+    });
+    const daemonId = '55'.repeat(32);
+    await service.syncDaemonRegistration({
+      daemon: {
+        daemonId,
+        daemonPublicKey: '66'.repeat(32),
+        ethereumAddress: '0x7777777777777777777777777777777777777777',
+        lastSeenAt: new Date().toISOString(),
+        registeredAt: new Date().toISOString(),
+        status: 'active',
+        updatedAt: new Date().toISOString(),
+      },
+      approvalRequests: [
+        {
+          approvalRequestId: 'bbbbbbbb-bbbb-4bbb-8bbb-bbbbbbbbbbbb',
+          daemonId,
+          destination: '0x8888888888888888888888888888888888888888',
+          metadata: {
+            source: 'legacy-daemon',
+          },
+          requestedAt: new Date().toISOString(),
+          status: 'pending',
+          transactionType: 'transfer_native',
+          updatedAt: new Date().toISOString(),
+        },
+      ],
+    });
+    const rotated = await service.rotateApprovalCapability('bbbbbbbb-bbbb-4bbb-8bbb-bbbbbbbbbbbb');
+    expect(rotated.metadata).toMatchObject({
+      source: 'legacy-daemon',
+    });
+    expect(rotated.metadata?.approvalCapabilityToken).toMatch(/^[a-f0-9]{64}$/u);
+    expect(rotated.metadata?.approvalCapabilityHash).toBe(
+      createHash('sha256')
+        .update(rotated.metadata?.approvalCapabilityToken ?? '')
+        .digest('hex'),
+    );
+  });
+  it('rejects secure approval capability rotation for non-pending approvals', async () => {
+    const service = new RelayCacheService({
+      client: new InMemoryCacheClient() as never,
+      namespace: 'test:relay',
+    });
+    const daemonId = '99'.repeat(32);
+    await service.syncDaemonRegistration({
+      daemon: {
+        daemonId,
+        daemonPublicKey: 'aa'.repeat(32),
+        ethereumAddress: '0xbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb',
+        lastSeenAt: new Date().toISOString(),
+        registeredAt: new Date().toISOString(),
+        status: 'active',
+        updatedAt: new Date().toISOString(),
+      },
+      approvalRequests: [
+        {
+          approvalRequestId: 'cccccccc-cccc-4ccc-8ccc-cccccccccccc',
+          daemonId,
+          destination: '0xdddddddddddddddddddddddddddddddddddddddd',
+          requestedAt: new Date().toISOString(),
+          status: 'completed',
+          transactionType: 'transfer_native',
+          updatedAt: new Date().toISOString(),
+        },
+      ],
+    });
+    await expect(
+      service.rotateApprovalCapability('cccccccc-cccc-4ccc-8ccc-cccccccccccc'),
+    ).rejects.toThrow(/cannot accept a new secure approval link/);
+  });
+});