npm - @wlfi-agent/cli - Versions diffs - 1.4.13 → 1.4.15 - Mend

@wlfi-agent/cli 1.4.13 → 1.4.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (289) hide show

package/Cargo.lock +3968 -0
package/Cargo.toml +50 -0
package/README.md +426 -6
package/crates/vault-cli-admin/Cargo.toml +26 -0
package/crates/vault-cli-admin/src/io_utils.rs +500 -0
package/crates/vault-cli-admin/src/main.rs +3990 -0
package/crates/vault-cli-admin/src/shared_config.rs +624 -0
package/crates/vault-cli-admin/src/tui/amounts.rs +180 -0
package/crates/vault-cli-admin/src/tui/token_rpc.rs +250 -0
package/crates/vault-cli-admin/src/tui/utils.rs +82 -0
package/crates/vault-cli-admin/src/tui.rs +3410 -0
package/crates/vault-cli-agent/Cargo.toml +24 -0
package/crates/vault-cli-agent/src/io_utils.rs +576 -0
package/crates/vault-cli-agent/src/main.rs +833 -0
package/crates/vault-cli-daemon/Cargo.toml +28 -0
package/crates/vault-cli-daemon/src/bin/wlfi-agent-system-keychain.rs +216 -0
package/crates/vault-cli-daemon/src/main.rs +644 -0
package/crates/vault-cli-daemon/src/relay_sync.rs +894 -0
package/crates/vault-cli-daemon/tests/system_keychain_helper_acl.rs +167 -0
package/crates/vault-daemon/Cargo.toml +32 -0
package/crates/vault-daemon/src/daemon_parts/api_impl_and_utils.rs +1041 -0
package/crates/vault-daemon/src/daemon_parts/core_helpers.rs +1256 -0
package/crates/vault-daemon/src/daemon_parts/types_api_rpc.rs +622 -0
package/crates/vault-daemon/src/lib.rs +54 -0
package/crates/vault-daemon/src/persistence.rs +441 -0
package/crates/vault-daemon/src/tests.rs +237 -0
package/crates/vault-daemon/src/tests_parts/part1.rs +1224 -0
package/crates/vault-daemon/src/tests_parts/part2.rs +1021 -0
package/crates/vault-daemon/src/tests_parts/part3.rs +835 -0
package/crates/vault-daemon/src/tests_parts/part4.rs +604 -0
package/crates/vault-domain/Cargo.toml +20 -0
package/crates/vault-domain/src/action.rs +849 -0
package/crates/vault-domain/src/address.rs +51 -0
package/crates/vault-domain/src/approval.rs +90 -0
package/crates/vault-domain/src/constants.rs +4 -0
package/crates/vault-domain/src/error.rs +54 -0
package/crates/vault-domain/src/keys.rs +71 -0
package/crates/vault-domain/src/lib.rs +42 -0
package/crates/vault-domain/src/nonce.rs +102 -0
package/crates/vault-domain/src/policy.rs +172 -0
package/crates/vault-domain/src/request.rs +53 -0
package/crates/vault-domain/src/scope.rs +24 -0
package/crates/vault-domain/src/session.rs +50 -0
package/crates/vault-domain/src/signature.rs +34 -0
package/crates/vault-domain/src/tests.rs +651 -0
package/crates/vault-domain/src/u128_as_decimal_string.rs +44 -0
package/crates/vault-policy/Cargo.toml +17 -0
package/crates/vault-policy/src/engine.rs +301 -0
package/crates/vault-policy/src/error.rs +81 -0
package/crates/vault-policy/src/lib.rs +17 -0
package/crates/vault-policy/src/report.rs +34 -0
package/crates/vault-policy/src/tests.rs +891 -0
package/crates/vault-policy/src/tests_explain.rs +78 -0
package/crates/vault-sdk-agent/Cargo.toml +21 -0
package/crates/vault-sdk-agent/src/lib.rs +711 -0
package/crates/vault-signer/Cargo.toml +25 -0
package/crates/vault-signer/src/lib.rs +731 -0
package/crates/vault-signer/tests/secure_enclave_acl.rs +54 -0
package/crates/vault-transport-unix/Cargo.toml +24 -0
package/crates/vault-transport-unix/src/lib.rs +1640 -0
package/crates/vault-transport-xpc/Cargo.toml +25 -0
package/crates/vault-transport-xpc/src/client_codec_api.rs +635 -0
package/crates/vault-transport-xpc/src/lib.rs +680 -0
package/crates/vault-transport-xpc/src/tests.rs +818 -0
package/crates/vault-transport-xpc/tests/e2e_flow.rs +773 -0
package/dist/cli.cjs +35088 -0
package/dist/cli.cjs.map +1 -0
package/package.json +45 -41
package/packages/cache/.turbo/turbo-build.log +52 -0
package/packages/cache/dist/chunk-2QFWMUXT.cjs +43 -0
package/packages/cache/dist/chunk-2QFWMUXT.cjs.map +1 -0
package/packages/cache/dist/chunk-4U63TZTQ.js +43 -0
package/packages/cache/dist/chunk-4U63TZTQ.js.map +1 -0
package/packages/cache/dist/chunk-ALQ6H7KG.cjs +404 -0
package/packages/cache/dist/chunk-ALQ6H7KG.cjs.map +1 -0
package/packages/cache/dist/chunk-FGJEEF5N.js +404 -0
package/packages/cache/dist/chunk-FGJEEF5N.js.map +1 -0
package/packages/cache/dist/chunk-UYNEHZHB.cjs +45 -0
package/packages/cache/dist/chunk-UYNEHZHB.cjs.map +1 -0
package/packages/cache/dist/chunk-VXVMPG3W.js +45 -0
package/packages/cache/dist/chunk-VXVMPG3W.js.map +1 -0
package/packages/cache/dist/client/index.cjs +11 -0
package/packages/cache/dist/client/index.cjs.map +1 -0
package/packages/cache/dist/client/index.d.cts +15 -0
package/packages/cache/dist/client/index.d.ts +15 -0
package/packages/cache/dist/client/index.js +11 -0
package/packages/cache/dist/client/index.js.map +1 -0
package/packages/cache/dist/errors/index.cjs +11 -0
package/packages/cache/dist/errors/index.cjs.map +1 -0
package/packages/cache/dist/errors/index.d.cts +26 -0
package/packages/cache/dist/errors/index.d.ts +26 -0
package/packages/cache/dist/errors/index.js +11 -0
package/packages/cache/dist/errors/index.js.map +1 -0
package/packages/cache/dist/index.cjs +29 -0
package/packages/cache/dist/index.cjs.map +1 -0
package/packages/cache/dist/index.d.cts +4 -0
package/packages/cache/dist/index.d.ts +4 -0
package/packages/cache/dist/index.js +29 -0
package/packages/cache/dist/index.js.map +1 -0
package/packages/cache/dist/service/index.cjs +15 -0
package/packages/cache/dist/service/index.cjs.map +1 -0
package/packages/cache/dist/service/index.d.cts +184 -0
package/packages/cache/dist/service/index.d.ts +184 -0
package/packages/cache/dist/service/index.js +15 -0
package/packages/cache/dist/service/index.js.map +1 -0
package/packages/cache/node_modules/.bin/jiti +17 -0
package/packages/cache/node_modules/.bin/tsc +17 -0
package/packages/cache/node_modules/.bin/tsserver +17 -0
package/packages/cache/node_modules/.bin/tsup +17 -0
package/packages/cache/node_modules/.bin/tsup-node +17 -0
package/packages/cache/node_modules/.bin/tsx +17 -0
package/packages/cache/node_modules/.bin/vitest +17 -0
package/packages/cache/package.json +48 -0
package/packages/cache/src/client/index.ts +56 -0
package/packages/cache/src/errors/index.ts +53 -0
package/packages/cache/src/index.ts +3 -0
package/packages/cache/src/service/index.test.ts +263 -0
package/packages/cache/src/service/index.ts +678 -0
package/packages/cache/tsconfig.json +13 -0
package/packages/cache/tsup.config.ts +13 -0
package/packages/cache/vitest.config.ts +16 -0
package/packages/config/.turbo/turbo-build.log +18 -0
package/packages/config/dist/index.cjs +1037 -0
package/packages/config/dist/index.cjs.map +1 -0
package/packages/config/dist/index.d.ts +131 -0
package/packages/config/node_modules/.bin/jiti +17 -0
package/packages/config/node_modules/.bin/tsc +17 -0
package/packages/config/node_modules/.bin/tsserver +17 -0
package/packages/config/node_modules/.bin/tsup +17 -0
package/packages/config/node_modules/.bin/tsup-node +17 -0
package/packages/config/node_modules/.bin/tsx +17 -0
package/packages/config/package.json +21 -0
package/packages/config/src/index.js +1 -0
package/packages/config/src/index.ts +1282 -0
package/packages/config/tsconfig.json +4 -0
package/packages/rpc/.turbo/turbo-build.log +32 -0
package/packages/rpc/dist/_esm-BCLXDO2R.cjs +3660 -0
package/packages/rpc/dist/_esm-BCLXDO2R.cjs.map +1 -0
package/packages/rpc/dist/ccip-OWJLAW55.cjs +16 -0
package/packages/rpc/dist/ccip-OWJLAW55.cjs.map +1 -0
package/packages/rpc/dist/chunk-APQIFZ3B.cjs +6247 -0
package/packages/rpc/dist/chunk-APQIFZ3B.cjs.map +1 -0
package/packages/rpc/dist/chunk-CDO2GWRD.cjs +410 -0
package/packages/rpc/dist/chunk-CDO2GWRD.cjs.map +1 -0
package/packages/rpc/dist/chunk-QGTNTFJ7.cjs +2249 -0
package/packages/rpc/dist/chunk-QGTNTFJ7.cjs.map +1 -0
package/packages/rpc/dist/chunk-TZDTAHWR.cjs +44 -0
package/packages/rpc/dist/chunk-TZDTAHWR.cjs.map +1 -0
package/packages/rpc/dist/index.cjs +7342 -0
package/packages/rpc/dist/index.cjs.map +1 -0
package/packages/rpc/dist/index.d.ts +3857 -0
package/packages/rpc/dist/secp256k1-WCNM675D.cjs +18 -0
package/packages/rpc/dist/secp256k1-WCNM675D.cjs.map +1 -0
package/packages/rpc/node_modules/.bin/jiti +17 -0
package/packages/rpc/node_modules/.bin/tsc +17 -0
package/packages/rpc/node_modules/.bin/tsserver +17 -0
package/packages/rpc/node_modules/.bin/tsup +17 -0
package/packages/rpc/node_modules/.bin/tsup-node +17 -0
package/packages/rpc/node_modules/.bin/tsx +17 -0
package/packages/rpc/package.json +25 -0
package/packages/rpc/src/index.ts +206 -0
package/packages/rpc/tsconfig.json +4 -0
package/packages/typescript/base.json +36 -0
package/packages/typescript/nextjs.json +17 -0
package/packages/typescript/package.json +10 -0
package/packages/ui/.turbo/turbo-build.log +44 -0
package/packages/ui/dist/chunk-MOAFBKSA.js +11 -0
package/packages/ui/dist/chunk-MOAFBKSA.js.map +1 -0
package/packages/ui/dist/components/badge.d.ts +12 -0
package/packages/ui/dist/components/badge.js +31 -0
package/packages/ui/dist/components/badge.js.map +1 -0
package/packages/ui/dist/components/button.d.ts +13 -0
package/packages/ui/dist/components/button.js +40 -0
package/packages/ui/dist/components/button.js.map +1 -0
package/packages/ui/dist/components/card.d.ts +10 -0
package/packages/ui/dist/components/card.js +39 -0
package/packages/ui/dist/components/card.js.map +1 -0
package/packages/ui/dist/components/input.d.ts +5 -0
package/packages/ui/dist/components/input.js +28 -0
package/packages/ui/dist/components/input.js.map +1 -0
package/packages/ui/dist/components/label.d.ts +5 -0
package/packages/ui/dist/components/label.js +13 -0
package/packages/ui/dist/components/label.js.map +1 -0
package/packages/ui/dist/components/separator.d.ts +5 -0
package/packages/ui/dist/components/separator.js +13 -0
package/packages/ui/dist/components/separator.js.map +1 -0
package/packages/ui/dist/components/textarea.d.ts +5 -0
package/packages/ui/dist/components/textarea.js +27 -0
package/packages/ui/dist/components/textarea.js.map +1 -0
package/packages/ui/dist/tailwind.d.ts +56 -0
package/packages/ui/dist/tailwind.js +60 -0
package/packages/ui/dist/tailwind.js.map +1 -0
package/packages/ui/dist/utils/cn.d.ts +5 -0
package/packages/ui/dist/utils/cn.js +7 -0
package/packages/ui/dist/utils/cn.js.map +1 -0
package/packages/ui/node_modules/.bin/jiti +17 -0
package/packages/ui/node_modules/.bin/tsc +17 -0
package/packages/ui/node_modules/.bin/tsserver +17 -0
package/packages/ui/node_modules/.bin/tsup +17 -0
package/packages/ui/node_modules/.bin/tsup-node +17 -0
package/packages/ui/node_modules/.bin/tsx +17 -0
package/packages/ui/package.json +69 -0
package/packages/ui/src/components/badge.tsx +27 -0
package/packages/ui/src/components/button.tsx +40 -0
package/packages/ui/src/components/card.tsx +31 -0
package/packages/ui/src/components/input.tsx +21 -0
package/packages/ui/src/components/label.tsx +6 -0
package/packages/ui/src/components/separator.tsx +6 -0
package/packages/ui/src/components/textarea.tsx +20 -0
package/packages/ui/src/globals.css +70 -0
package/packages/ui/src/tailwind.ts +56 -0
package/packages/ui/src/utils/cn.ts +6 -0
package/packages/ui/tsconfig.json +20 -0
package/packages/ui/tsup.config.ts +20 -0
package/pnpm-workspace.yaml +4 -0
package/scripts/install-rust-binaries.mjs +84 -0
package/scripts/launchd/install-user-daemon.sh +358 -0
package/scripts/launchd/run-vault-daemon.sh +5 -0
package/scripts/launchd/run-wlfi-agent-daemon.sh +73 -0
package/scripts/launchd/uninstall-user-daemon.sh +103 -0
package/src/cli.ts +2121 -0
package/src/lib/admin-guard.js +1 -0
package/src/lib/admin-guard.ts +185 -0
package/src/lib/admin-passthrough.ts +33 -0
package/src/lib/admin-reset.ts +751 -0
package/src/lib/admin-setup.ts +1612 -0
package/src/lib/agent-auth-clear.js +1 -0
package/src/lib/agent-auth-clear.ts +58 -0
package/src/lib/agent-auth-forwarding.js +1 -0
package/src/lib/agent-auth-forwarding.ts +149 -0
package/src/lib/agent-auth-migrate.js +1 -0
package/src/lib/agent-auth-migrate.ts +150 -0
package/src/lib/agent-auth-revoke.ts +103 -0
package/src/lib/agent-auth-rotate.ts +107 -0
package/src/lib/agent-auth-token.js +1 -0
package/src/lib/agent-auth-token.ts +25 -0
package/src/lib/agent-auth.ts +89 -0
package/src/lib/asset-broadcast.js +1 -0
package/src/lib/asset-broadcast.ts +285 -0
package/src/lib/bootstrap-artifacts.js +1 -0
package/src/lib/bootstrap-artifacts.ts +205 -0
package/src/lib/bootstrap-credentials.js +1 -0
package/src/lib/bootstrap-credentials.ts +832 -0
package/src/lib/config-amounts.js +1 -0
package/src/lib/config-amounts.ts +189 -0
package/src/lib/config-mutation.ts +27 -0
package/src/lib/fs-trust.js +1 -0
package/src/lib/fs-trust.ts +537 -0
package/src/lib/keychain.js +1 -0
package/src/lib/keychain.ts +225 -0
package/src/lib/local-admin-access.ts +106 -0
package/src/lib/network-selection.js +1 -0
package/src/lib/network-selection.ts +71 -0
package/src/lib/passthrough-security.js +1 -0
package/src/lib/passthrough-security.ts +114 -0
package/src/lib/rpc-guard.js +1 -0
package/src/lib/rpc-guard.ts +7 -0
package/src/lib/rust-spawn-options.js +1 -0
package/src/lib/rust-spawn-options.ts +98 -0
package/src/lib/rust.js +1 -0
package/src/lib/rust.ts +143 -0
package/src/lib/signed-tx.js +1 -0
package/src/lib/signed-tx.ts +116 -0
package/src/lib/status-repair-cli.ts +116 -0
package/src/lib/sudo.js +1 -0
package/src/lib/sudo.ts +172 -0
package/src/lib/vault-password-forwarding.js +1 -0
package/src/lib/vault-password-forwarding.ts +155 -0
package/src/lib/wallet-profile.js +1 -0
package/src/lib/wallet-profile.ts +332 -0
package/src/lib/wallet-repair.js +1 -0
package/src/lib/wallet-repair.ts +304 -0
package/src/lib/wallet-setup.js +1 -0
package/src/lib/wallet-setup.ts +1466 -0
package/src/lib/wallet-status.js +1 -0
package/src/lib/wallet-status.ts +640 -0
package/tsconfig.base.json +17 -0
package/tsconfig.json +10 -0
package/tsup.config.ts +25 -0
package/turbo.json +41 -0
package/LICENSE.md +0 -1
package/dist/wlfa/index.cjs +0 -250
package/dist/wlfa/index.d.cts +0 -1
package/dist/wlfa/index.d.ts +0 -1
package/dist/wlfa/index.js +0 -250
package/dist/wlfc/index.cjs +0 -1839
package/dist/wlfc/index.d.cts +0 -1
package/dist/wlfc/index.d.ts +0 -1
package/dist/wlfc/index.js +0 -1839

package/src/lib/wallet-profile.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from './wallet-profile.ts';

package/src/lib/wallet-profile.ts ADDED Viewed

@@ -0,0 +1,332 @@
+import { resolveChainProfile, type WalletProfile, type WlfiConfig } from '../../packages/config/src/index.js';
+import type { Address, Hex } from 'viem';
+import { isAddress } from 'viem';
+import { publicKeyToAddress } from 'viem/accounts';
+import { listAutoGeneratedBootstrapArtifacts } from './bootstrap-artifacts.js';
+import {
+  readBootstrapSetupSummaryFile,
+  type BootstrapSetupSummary,
+} from './bootstrap-credentials.js';
+function presentString(value: string | undefined | null): string | undefined {
+  const normalized = value?.trim();
+  return normalized ? normalized : undefined;
+}
+function renderError(error: unknown): string {
+  return error instanceof Error ? error.message : String(error);
+}
+function normalizePublicKeyHex(value: string): Hex {
+  const normalized = value.trim();
+  return (normalized.startsWith('0x') ? normalized : `0x${normalized}`) as Hex;
+}
+function deriveWalletAddress(vaultPublicKey: string): string | undefined {
+  try {
+    return publicKeyToAddress(normalizePublicKeyHex(vaultPublicKey));
+  } catch {
+    return undefined;
+  }
+}
+function findMatchingBootstrapSummary(profile: WalletProfile | undefined): BootstrapSetupSummary | undefined {
+  if (!profile) {
+    return undefined;
+  }
+  const persistedAgentKeyId = presentString(profile.agentKeyId);
+  const persistedPublicKey = presentString(profile.vaultPublicKey);
+  const persistedAddress = presentString(profile.address) ?? (
+    persistedPublicKey ? deriveWalletAddress(persistedPublicKey) : undefined
+  );
+  return listAutoGeneratedBootstrapArtifacts()
+    .filter(
+      (artifact) =>
+        (artifact.status === 'plaintext' || artifact.status === 'redacted') && !artifact.leaseExpired,
+    )
+    .map((artifact) => readBootstrapSetupSummaryFile(artifact.path))
+    .find((summary) => {
+      if (persistedAgentKeyId && summary.agentKeyId === persistedAgentKeyId) {
+        return true;
+      }
+      if (persistedPublicKey && summary.vaultPublicKey === persistedPublicKey) {
+        return true;
+      }
+      const summaryAddress = deriveWalletAddress(summary.vaultPublicKey);
+      return Boolean(persistedAddress && summaryAddress && summaryAddress === persistedAddress);
+    });
+}
+export function walletProfileFromBootstrapSummary(summary: BootstrapSetupSummary): WalletProfile {
+  return {
+    vaultKeyId: presentString(summary.vaultKeyId) ?? summary.vaultKeyId,
+    vaultPublicKey: presentString(summary.vaultPublicKey) ?? summary.vaultPublicKey,
+    address: deriveWalletAddress(summary.vaultPublicKey),
+    agentKeyId: presentString(summary.agentKeyId),
+    policyAttachment: presentString(summary.policyAttachment) ?? summary.policyAttachment,
+    attachedPolicyIds: summary.attachedPolicyIds.length > 0 ? [...summary.attachedPolicyIds] : undefined,
+    policyNote: presentString(summary.policyNote),
+    networkScope: presentString(summary.networkScope),
+    assetScope: presentString(summary.assetScope),
+    recipientScope: presentString(summary.recipientScope),
+  };
+}
+export function resolveWalletProfile(config: WlfiConfig): WalletProfile {
+  if (config.wallet?.vaultPublicKey && config.wallet?.policyAttachment) {
+    const matchingBootstrap = findMatchingBootstrapSummary(config.wallet);
+    return {
+      ...config.wallet,
+      vaultKeyId: config.wallet.vaultKeyId ?? matchingBootstrap?.vaultKeyId,
+      address: config.wallet.address ?? deriveWalletAddress(config.wallet.vaultPublicKey),
+    };
+  }
+  const bootstrapArtifact = listAutoGeneratedBootstrapArtifacts().find(
+    (artifact) =>
+      (artifact.status === 'plaintext' || artifact.status === 'redacted') && !artifact.leaseExpired,
+  );
+  if (!bootstrapArtifact) {
+    throw new Error(
+      'wallet metadata is unavailable; rerun `wlfi-agent admin setup` or import a bootstrap file first',
+    );
+  }
+  return walletProfileFromBootstrapSummary(readBootstrapSetupSummaryFile(bootstrapArtifact.path));
+}
+export function resolveWalletAddress(config: WlfiConfig): Address {
+  const profile = resolveWalletProfile(config);
+  const address = presentString(profile.address) ?? deriveWalletAddress(profile.vaultPublicKey);
+  if (!address || !isAddress(address)) {
+    throw new Error(
+      'wallet address is unavailable; rerun `wlfi-agent admin setup` or import a bootstrap file first',
+    );
+  }
+  return address;
+}
+export interface WalletBalanceEntry {
+  tokenKey: string;
+  symbol: string;
+  name?: string;
+  chainKey: string;
+  chainName: string;
+  chainId: number;
+  rpcUrl: string;
+  kind: 'native' | 'erc20';
+  tokenAddress: string;
+  decimals: number;
+  balance?: {
+    raw: string;
+    formatted: string;
+  };
+  error?: string;
+}
+export interface WalletProfileWithBalances extends WalletProfile {
+  balances: WalletBalanceEntry[];
+}
+interface ResolveWalletProfileWithBalancesDeps {
+  getNativeBalance: (rpcUrl: string, address: Address) => Promise<{
+    raw: bigint;
+    formatted: string;
+  }>;
+  getTokenBalance: (rpcUrl: string, token: Address, owner: Address, decimals?: number) => Promise<{
+    raw: bigint;
+    decimals: number;
+    name: string | null;
+    symbol: string | null;
+    formatted: string;
+  }>;
+}
+interface WalletBalanceTarget {
+  tokenKey: string;
+  symbol: string;
+  name?: string;
+  chainKey: string;
+  chainName: string;
+  chainId: number;
+  rpcUrl: string;
+  isNative: boolean;
+  tokenAddress: string;
+  decimals: number;
+}
+function collectWalletBalanceTargets(config: WlfiConfig): WalletBalanceTarget[] {
+  return Object.entries(config.tokens ?? {})
+    .flatMap(([tokenKey, tokenProfile]) =>
+      Object.entries(tokenProfile.chains ?? {}).flatMap(([chainKey, chainProfile]) => {
+        const resolvedChain = resolveChainProfile(chainKey, config);
+        const rpcUrl = presentString(resolvedChain?.rpcUrl);
+        if (!rpcUrl) {
+          return [];
+        }
+        return [{
+          tokenKey,
+          symbol: tokenProfile.symbol,
+          name: tokenProfile.name,
+          chainKey,
+          chainName: resolvedChain?.name ?? chainKey,
+          chainId: chainProfile.chainId,
+          rpcUrl,
+          isNative: chainProfile.isNative,
+          tokenAddress: chainProfile.isNative
+            ? 'native'
+            : presentString(chainProfile.address) ?? '',
+          decimals: chainProfile.decimals,
+        }];
+      }),
+    )
+    .sort(
+      (left, right) =>
+        left.chainId - right.chainId
+        || left.chainKey.localeCompare(right.chainKey)
+        || left.symbol.localeCompare(right.symbol)
+        || left.tokenKey.localeCompare(right.tokenKey),
+    );
+}
+export async function resolveWalletProfileWithBalances(
+  config: WlfiConfig,
+  deps: ResolveWalletProfileWithBalancesDeps,
+): Promise<WalletProfileWithBalances> {
+  const profile = resolveWalletProfile(config);
+  const owner = resolveWalletAddress(config);
+  const nativeBalance = deps.getNativeBalance;
+  const erc20Balance = deps.getTokenBalance;
+  const balances = await Promise.all(
+    collectWalletBalanceTargets(config).map(async (target): Promise<WalletBalanceEntry> => {
+      if (target.isNative) {
+        try {
+          const balance = await nativeBalance(target.rpcUrl, owner);
+          return {
+            tokenKey: target.tokenKey,
+            symbol: target.symbol,
+            name: target.name,
+            chainKey: target.chainKey,
+            chainName: target.chainName,
+            chainId: target.chainId,
+            rpcUrl: target.rpcUrl,
+            kind: 'native',
+            tokenAddress: target.tokenAddress,
+            decimals: target.decimals,
+            balance: {
+              raw: balance.raw.toString(),
+              formatted: balance.formatted,
+            },
+          };
+        } catch (error) {
+          return {
+            tokenKey: target.tokenKey,
+            symbol: target.symbol,
+            name: target.name,
+            chainKey: target.chainKey,
+            chainName: target.chainName,
+            chainId: target.chainId,
+            rpcUrl: target.rpcUrl,
+            kind: 'native',
+            tokenAddress: target.tokenAddress,
+            decimals: target.decimals,
+            error: renderError(error),
+          };
+        }
+      }
+      if (!isAddress(target.tokenAddress)) {
+        return {
+          tokenKey: target.tokenKey,
+          symbol: target.symbol,
+          name: target.name,
+          chainKey: target.chainKey,
+          chainName: target.chainName,
+          chainId: target.chainId,
+          rpcUrl: target.rpcUrl,
+          kind: 'erc20',
+          tokenAddress: target.tokenAddress || '<unset>',
+          decimals: target.decimals,
+          error: `configured token address for ${target.tokenKey} on ${target.chainKey} is invalid`,
+        };
+      }
+      try {
+        const balance = await erc20Balance(target.rpcUrl, target.tokenAddress as Address, owner, target.decimals);
+        return {
+          tokenKey: target.tokenKey,
+          symbol: balance.symbol ?? target.symbol,
+          name: balance.name ?? target.name,
+          chainKey: target.chainKey,
+          chainName: target.chainName,
+          chainId: target.chainId,
+          rpcUrl: target.rpcUrl,
+          kind: 'erc20',
+          tokenAddress: target.tokenAddress,
+          decimals: balance.decimals,
+          balance: {
+            raw: balance.raw.toString(),
+            formatted: balance.formatted,
+          },
+        };
+      } catch (error) {
+        return {
+          tokenKey: target.tokenKey,
+          symbol: target.symbol,
+          name: target.name,
+          chainKey: target.chainKey,
+          chainName: target.chainName,
+          chainId: target.chainId,
+          rpcUrl: target.rpcUrl,
+          kind: 'erc20',
+          tokenAddress: target.tokenAddress,
+          decimals: target.decimals,
+          error: renderError(error),
+        };
+      }
+    }),
+  );
+  return {
+    ...profile,
+    balances,
+  };
+}
+export function formatWalletProfileText(profile: WalletProfile | WalletProfileWithBalances): string {
+  const lines = [
+    `Public Key: ${profile.vaultPublicKey}`,
+    profile.address ? `Address: ${profile.address}` : null,
+    profile.agentKeyId ? `Agent Key ID: ${profile.agentKeyId}` : null,
+    `Policy Attachment: ${profile.policyAttachment}`,
+    profile.policyNote ? `Policy Note: ${profile.policyNote}` : null,
+    profile.networkScope ? `Network Scope: ${profile.networkScope}` : null,
+    profile.assetScope ? `Asset Scope: ${profile.assetScope}` : null,
+    profile.recipientScope ? `Recipient Scope: ${profile.recipientScope}` : null,
+    profile.attachedPolicyIds?.length
+      ? `Attached Policy IDs: ${profile.attachedPolicyIds.join(', ')}`
+      : null,
+  ];
+  if ('balances' in profile && Array.isArray(profile.balances) && profile.balances.length > 0) {
+    lines.push('Balances:');
+    lines.push(
+      ...profile.balances.map((balance) => {
+        const label = `${balance.symbol} on ${balance.chainKey} (${balance.chainId})`;
+        if (balance.error) {
+          return `- ${label}: error: ${balance.error}`;
+        }
+        return `- ${label}: ${balance.balance?.formatted ?? '0'}`;
+      }),
+    );
+  }
+  return lines.filter((line): line is string => Boolean(line)).join('\n');
+}

package/src/lib/wallet-repair.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from './wallet-repair.ts';

package/src/lib/wallet-repair.ts ADDED Viewed

@@ -0,0 +1,304 @@
+import { readConfig, type WlfiConfig } from '../../packages/config/src/index.js';
+import {
+  type MigrateLegacyAgentAuthInput,
+  type MigrateLegacyAgentAuthResult,
+  migrateLegacyAgentAuthToken,
+} from './agent-auth-migrate.js';
+import {
+  type BootstrapArtifactCheck,
+  cleanupAutoGeneratedBootstrapArtifacts,
+} from './bootstrap-artifacts.js';
+import { assertValidAgentKeyId } from './keychain.js';
+import { getWalletStatus, type WalletStatusResult } from './wallet-status.js';
+export interface RepairWalletStateOptions {
+  agentKeyId?: string;
+  overwriteKeychain?: boolean;
+  redactBootstrap?: boolean;
+}
+export interface WalletRepairLegacyAgentAuthResult {
+  attempted: boolean;
+  action: 'none' | 'migrated' | 'scrubbed-config' | 'skipped';
+  agentKeyId: string | null;
+  reason: string | null;
+  keychain: {
+    service: string | null;
+    stored: boolean;
+    overwritten: boolean;
+    alreadyPresent: boolean;
+    matchedExisting: boolean;
+  } | null;
+}
+export interface WalletRepairBootstrapArtifactsResult {
+  attempted: boolean;
+  action: 'deleted' | 'redacted';
+  wlfiHome: string | null;
+  files: Array<
+    BootstrapArtifactCheck & {
+      cleanup: 'deleted' | 'redacted' | 'skipped';
+    }
+  >;
+  error: string | null;
+}
+export interface WalletRepairResult {
+  before: WalletStatusResult;
+  after: WalletStatusResult;
+  legacyAgentAuth: WalletRepairLegacyAgentAuthResult;
+  bootstrapArtifacts: WalletRepairBootstrapArtifactsResult;
+  fixedWarnings: string[];
+  remainingWarnings: string[];
+  newWarnings: string[];
+}
+interface RepairWalletStateDeps {
+  platform?: NodeJS.Platform;
+  readConfig?: () => WlfiConfig;
+  getWalletStatus?: () => WalletStatusResult;
+  migrateLegacyAgentAuthToken?: (
+    input: MigrateLegacyAgentAuthInput,
+  ) => MigrateLegacyAgentAuthResult;
+  cleanupAutoGeneratedBootstrapArtifacts?: (action: 'deleted' | 'redacted') => {
+    wlfiHome: string;
+    action: 'deleted' | 'redacted';
+    files: Array<
+      BootstrapArtifactCheck & {
+        cleanup: 'deleted' | 'redacted' | 'skipped';
+      }
+    >;
+  };
+}
+function renderError(error: unknown): string {
+  return error instanceof Error ? error.message : String(error);
+}
+function presentSecret(value: string | undefined): string | null {
+  if (typeof value !== 'string') {
+    return null;
+  }
+  return value.trim().length > 0 ? value : null;
+}
+function resolveResultAgentKeyId(
+  explicitAgentKeyId: string | undefined,
+  status: WalletStatusResult,
+): string | null {
+  if (explicitAgentKeyId) {
+    return explicitAgentKeyId;
+  }
+  return status.agent.agentKeyId;
+}
+function describeLegacyMigration(result: MigrateLegacyAgentAuthResult): string {
+  if (!result.keychain.stored) {
+    return 'matching macOS Keychain token already existed, so plaintext config storage was scrubbed';
+  }
+  if (result.keychain.overwritten) {
+    return 'legacy config secret replaced a different macOS Keychain token after explicit confirmation, then plaintext config storage was scrubbed';
+  }
+  return 'legacy config secret was moved into macOS Keychain and scrubbed from plaintext config storage';
+}
+function repairLegacyAgentAuth(
+  input: RepairWalletStateOptions,
+  before: WalletStatusResult,
+  deps: RepairWalletStateDeps,
+): WalletRepairLegacyAgentAuthResult {
+  const platform = deps.platform ?? process.platform;
+  const loadConfig = deps.readConfig ?? readConfig;
+  const migrate = deps.migrateLegacyAgentAuthToken ?? migrateLegacyAgentAuthToken;
+  const explicitAgentKeyId = input.agentKeyId ? assertValidAgentKeyId(input.agentKeyId) : undefined;
+  let config: WlfiConfig;
+  try {
+    config = loadConfig();
+  } catch (error) {
+    return {
+      attempted: false,
+      action: 'skipped',
+      agentKeyId: resolveResultAgentKeyId(explicitAgentKeyId, before),
+      reason: `config is unreadable: ${renderError(error)}`,
+      keychain: null,
+    };
+  }
+  if (!presentSecret(config.agentAuthToken)) {
+    return {
+      attempted: false,
+      action: 'none',
+      agentKeyId: resolveResultAgentKeyId(explicitAgentKeyId, before),
+      reason: null,
+      keychain: null,
+    };
+  }
+  if (platform !== 'darwin') {
+    return {
+      attempted: false,
+      action: 'skipped',
+      agentKeyId: resolveResultAgentKeyId(explicitAgentKeyId, before),
+      reason:
+        'legacy agentAuthToken cannot be repaired automatically without macOS Keychain access',
+      keychain: null,
+    };
+  }
+  try {
+    const result = migrate({
+      agentKeyId: explicitAgentKeyId,
+      overwriteKeychain: input.overwriteKeychain,
+    });
+    return {
+      attempted: true,
+      action: result.keychain.stored ? 'migrated' : 'scrubbed-config',
+      agentKeyId: result.agentKeyId,
+      reason: describeLegacyMigration(result),
+      keychain: {
+        service: result.keychain.service,
+        stored: result.keychain.stored,
+        overwritten: result.keychain.overwritten,
+        alreadyPresent: result.keychain.alreadyPresent,
+        matchedExisting: result.keychain.matchedExisting,
+      },
+    };
+  } catch (error) {
+    return {
+      attempted: true,
+      action: 'skipped',
+      agentKeyId: resolveResultAgentKeyId(explicitAgentKeyId, before),
+      reason: renderError(error),
+      keychain: null,
+    };
+  }
+}
+function repairBootstrapArtifacts(
+  input: RepairWalletStateOptions,
+  deps: RepairWalletStateDeps,
+): WalletRepairBootstrapArtifactsResult {
+  const cleanup =
+    deps.cleanupAutoGeneratedBootstrapArtifacts ?? cleanupAutoGeneratedBootstrapArtifacts;
+  const action = input.redactBootstrap ? 'redacted' : 'deleted';
+  try {
+    const result = cleanup(action);
+    return {
+      attempted: true,
+      action: result.action,
+      wlfiHome: result.wlfiHome,
+      files: result.files,
+      error: null,
+    };
+  } catch (error) {
+    return {
+      attempted: true,
+      action,
+      wlfiHome: null,
+      files: [],
+      error: renderError(error),
+    };
+  }
+}
+function summarizeLegacyAgentAuth(result: WalletRepairLegacyAgentAuthResult): string {
+  switch (result.action) {
+    case 'none':
+      return 'no plaintext config token was present';
+    case 'migrated':
+      return `migrated for ${result.agentKeyId ?? '<unknown>'}`;
+    case 'scrubbed-config':
+      return `scrubbed plaintext config storage for ${result.agentKeyId ?? '<unknown>'}`;
+    case 'skipped':
+      return result.reason ? `skipped: ${result.reason}` : 'skipped';
+    default:
+      return result.reason ?? result.action;
+  }
+}
+function summarizeBootstrapArtifacts(result: WalletRepairBootstrapArtifactsResult): string {
+  if (result.error) {
+    return `cleanup failed: ${result.error}`;
+  }
+  if (result.files.length === 0) {
+    return 'no auto-generated bootstrap files found';
+  }
+  const deleted = result.files.filter((file) => file.cleanup === 'deleted').length;
+  const redacted = result.files.filter((file) => file.cleanup === 'redacted').length;
+  const skipped = result.files.filter((file) => file.cleanup === 'skipped').length;
+  const parts = [`${deleted} deleted`, `${redacted} redacted`];
+  if (skipped > 0) {
+    parts.push(`${skipped} skipped`);
+  }
+  return parts.join(', ');
+}
+export function formatWalletRepairText(result: WalletRepairResult): string {
+  const lines = [
+    'wallet repair complete',
+    `legacy agent auth: ${summarizeLegacyAgentAuth(result.legacyAgentAuth)}`,
+    `bootstrap artifacts: ${summarizeBootstrapArtifacts(result.bootstrapArtifacts)}`,
+  ];
+  if (result.fixedWarnings.length === 0) {
+    lines.push('fixed warnings: none');
+  } else {
+    lines.push(`fixed warnings (${result.fixedWarnings.length}):`);
+    for (const warning of result.fixedWarnings) {
+      lines.push(`- ${warning}`);
+    }
+  }
+  if (result.remainingWarnings.length === 0) {
+    lines.push('remaining warnings: none');
+  } else {
+    lines.push(`remaining warnings (${result.remainingWarnings.length}):`);
+    for (const warning of result.remainingWarnings) {
+      lines.push(`- ${warning}`);
+    }
+  }
+  if (result.newWarnings.length > 0) {
+    lines.push(`new warnings (${result.newWarnings.length}):`);
+    for (const warning of result.newWarnings) {
+      lines.push(`- ${warning}`);
+    }
+  }
+  return lines.join('\n');
+}
+export function repairWalletState(
+  input: RepairWalletStateOptions = {},
+  deps: RepairWalletStateDeps = {},
+): WalletRepairResult {
+  const readStatus = deps.getWalletStatus ?? getWalletStatus;
+  const before = readStatus();
+  const legacyAgentAuth = repairLegacyAgentAuth(input, before, deps);
+  const bootstrapArtifacts = repairBootstrapArtifacts(input, deps);
+  const after = readStatus();
+  const fixedWarnings = before.security.warnings.filter(
+    (warning) => !after.security.warnings.includes(warning),
+  );
+  const newWarnings = after.security.warnings.filter(
+    (warning) => !before.security.warnings.includes(warning),
+  );
+  return {
+    before,
+    after,
+    legacyAgentAuth,
+    bootstrapArtifacts,
+    fixedWarnings,
+    remainingWarnings: after.security.warnings,
+    newWarnings,
+  };
+}

package/src/lib/wallet-setup.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from './wallet-setup.ts';