@wlfi-agent/cli 1.4.17 → 1.4.18

package/Cargo.lock

@@ -3777,6 +3777,7 @@ name = "wlfi-agent-agent"
 version = "0.1.0"
 dependencies = [
  "anyhow",
+ "async-trait",
  "clap",
  "hex",
  "libc",
@@ -3799,8 +3800,11 @@ name = "wlfi-agent-daemon"
 version = "0.1.0"
 dependencies = [
  "anyhow",
+ "async-trait",
+ "chacha20poly1305",
  "clap",
  "core-foundation",
+ "hex",
  "libc",
  "nix",
  "reqwest",
@@ -3816,6 +3820,7 @@ dependencies = [
  "vault-domain",
  "vault-signer",
  "vault-transport-unix",
+ "x25519-dalek",
  "zeroize",
 ]
 

package/README.md

@@ -2,6 +2,43 @@
 
 WLFI Agentic SDK is a root-managed local signing daemon with policy enforcement, a single `wlfi-agent` CLI, and an optional relay + web approval flow.
 
+## Install
+
+### Prerequisites
+
+- macOS
+- Rust toolchain on `PATH` (`cargo`, `rustc`) with Rust `1.87.0` or newer
+- Xcode Command Line Tools (`xcode-select --install`)
+
+### Install from npm
+
+```bash
+npm i -g @wlfi-agent/cli
+```
+
+`npm i -g @wlfi-agent/cli` builds the local Rust runtime during `postinstall`. If the prerequisites above are already installed, this is the normal one-step install path. If `cargo` or the macOS Command Line Tools are missing, installation fails immediately and tells you how to install the missing prerequisite before retrying.
+
+### Work from this repo
+
+```bash
+pnpm install
+npm run build
+npm run install:cli-launcher
+npm run install:rust-binaries
+```
+
+On macOS, add `export PATH="$HOME/.wlfi_agent/bin:$PATH"` to `~/.zshrc`, then reload your shell with `source ~/.zshrc`.
+
+On Linux, add `export PATH="$HOME/.wlfi_agent/bin:$PATH"` to your shell startup file such as `~/.bashrc`, `~/.zshrc`, or `~/.profile`, then reload that file or open a new shell.
+
+`npm run install:cli-launcher` installs the `wlfi-agent` launcher into `~/.wlfi_agent/bin`, and `npm run install:rust-binaries` installs the Rust runtime into the same directory.
+
+### Reinstall Rust daemon
+
+If you update Rust daemon code, rerun `npm run install:rust-binaries` so the root-managed daemon uses the new installed binaries under `~/.wlfi_agent/bin`.
+
+## Usage
+
 The main user path is:
 
 1. run `wlfi-agent admin setup`
@@ -15,6 +52,7 @@ User-facing examples below avoid shell env vars on purpose. Prefer prompts, conf
 
 - `wlfi-agent admin setup`
   - first-run setup
+  - `--reuse-existing-wallet` reattaches the current local vault when you need to recover the daemon or refresh local credentials without creating a fresh wallet
   - stores the vault password in macOS System Keychain
   - installs the root LaunchDaemon
   - creates a vault key + agent key
@@ -41,49 +79,36 @@ User-facing examples below avoid shell env vars on purpose. Prefer prompts, conf
 - `wlfi-agent daemon`
   - not a user entrypoint; daemon lifecycle is managed by `wlfi-agent admin setup`
 
-## Install
-
-### Prerequisites
-
-- macOS
-- Rust toolchain on `PATH` (`cargo`, `rustc`) with Rust `1.87.0` or newer
-- Xcode Command Line Tools (`xcode-select --install`)
+## Easiest wallet setup
 
-### Install from npm
+Run this once:
 
 ```bash
-npm i -g @wlfi-agent/cli
+wlfi-agent admin setup
 ```
 
-`npm i -g @wlfi-agent/cli` builds the local Rust runtime during `postinstall`. If the prerequisites above are already installed, this is the normal one-step install path. If `cargo` or the macOS Command Line Tools are missing, installation fails immediately and tells you how to install the missing prerequisite before retrying.
-
-### Work from this repo
+Preview the exact sanitized setup plan first:
 
 ```bash
-pnpm install
-npm run build
-npm run install:rust-binaries
+wlfi-agent admin setup --plan
 ```
 
-If you update Rust daemon code, rerun `npm run install:rust-binaries` so the root-managed daemon uses the new installed binaries under `~/.wlfi_agent/bin`.
-
-## Easiest wallet setup
+The preview is read-only. It does not prompt for the vault password, does not touch sudo, and does not mutate wallet or policy state. It prints the planned Rust command, trust preflight results, overwrite risk, and the password transport mode that would be used for the real setup.
 
-Run this once:
+During a real `wlfi-agent admin setup`, you may be prompted for two different secrets:
 
-```bash
-wlfi-agent admin setup
-```
+- `Vault password`: the wallet password you choose for encrypted local state
+- `macOS admin password for sudo`: your macOS login/admin password, used only when setup needs elevated privileges to install or recover the root LaunchDaemon
 
-Preview the exact sanitized setup plan first:
+If the local vault already exists and you only need to recover the managed daemon or refresh local setup state, reuse the current wallet instead of creating a fresh one:
 
 ```bash
-wlfi-agent admin setup --plan
+wlfi-agent admin setup --reuse-existing-wallet
 ```
 
-The preview is read-only. It does not prompt for the vault password, does not touch sudo, and does not mutate wallet or policy state. It prints the planned Rust command, trust preflight results, overwrite risk, and the password transport mode that would be used for the real setup.
+This reuse path keeps the current vault address, prompts for `REUSE` in interactive mode, and still requires `--yes` in non-interactive mode.
 
-You will be prompted for the vault password. The command:
+After that, the command:
 
 - installs or refreshes the root daemon
 - waits for the daemon to come up
@@ -372,10 +397,18 @@ When relay is configured and a request requires manual approval:
 3. the frontend encrypts the vault password + decision to the daemon’s advertised X25519 public key
 4. the relay queues the encrypted update
 5. the daemon polls, decrypts, applies the decision, and reports status back
-6. the original request can be retried and signed
+6. for `wlfi-agent transfer --broadcast`, `wlfi-agent transfer-native --broadcast`, and `wlfi-agent approve --broadcast`, the original CLI command keeps waiting on that same approval request and continues automatically after approval
+7. commands outside those broadcast flows still print the approval details and exit, so operators can approve or reject the request separately
 
 If the frontend link is unavailable, operators can always fall back to the local admin CLI approval command printed by the agent CLI.
 
+For the auto-waiting broadcast flows above:
+
+- do not rerun the original command after approving in the browser
+- the CLI polls every 2 seconds for up to 5 minutes
+- if the daemon returns a different approval request id while waiting, the CLI stops and tells you to inspect the approval status before rerunning
+- approval details and waiting events go to `stderr`; the final successful `--json` result still goes to `stdout`
+
 ## Operational notes
 
 - The daemon state file lives at `/var/db/wlfi-agent/daemon-state.enc` and is intended to be root-only.
@@ -438,7 +471,7 @@ wlfi-agent admin tui
 wlfi-agent admin uninstall
 wlfi-agent admin get-relay-config
 wlfi-agent admin list-manual-approval-requests
-wlfi-agent wallet status
+wlfi-agent wallet
 npm run install:rust-binaries
 pnpm build
 pnpm typecheck

package/crates/vault-cli-admin/src/io_utils.rs

@@ -62,9 +62,11 @@ fn read_secret_from_reader(mut reader: impl Read, label: &str) -> Result<String>
 #[cfg(test)]
 mod tests {
     use super::{
-        ensure_output_parent, read_secret_from_reader, resolve_vault_password, validate_password,
+        emit_output, ensure_output_parent, print_status, read_secret_from_reader,
+        resolve_output_target, resolve_vault_password, should_print_status, validate_password,
         write_output_file,
     };
+    use crate::{OutputFormat, OutputTarget};
     use std::fs;
     use std::io::Cursor;
     use std::path::PathBuf;
@@ -95,12 +97,57 @@ mod tests {
         assert!(err.to_string().contains("must not exceed"));
     }
 
+    #[test]
+    fn read_secret_from_reader_trims_newlines_and_accepts_valid_secret() {
+        let secret =
+            read_secret_from_reader(Cursor::new(b"vault-secret\r\n".to_vec()), "vault password")
+                .expect("valid stdin secret");
+        assert_eq!(secret, "vault-secret");
+    }
+
+    #[test]
+    fn validate_password_accepts_non_empty_secret() {
+        let password = validate_password("vault-secret".to_string(), "prompt")
+            .expect("valid password");
+        assert_eq!(password, "vault-secret");
+    }
+
     #[test]
     fn resolve_vault_password_requires_stdin_in_non_interactive_mode() {
         let err = resolve_vault_password(false, true).expect_err("must fail");
         assert!(err.to_string().contains("use --vault-password-stdin"));
     }
 
+    #[test]
+    fn resolve_output_target_covers_stdout_and_file_paths() {
+        let stdout_target = resolve_output_target(None, false).expect("default stdout");
+        assert!(matches!(stdout_target, OutputTarget::Stdout));
+
+        let file_target = resolve_output_target(Some(PathBuf::from("out.json")), false)
+            .expect("file output target");
+        assert!(matches!(
+            file_target,
+            OutputTarget::File {
+                path,
+                overwrite: false
+            } if path == PathBuf::from("out.json")
+        ));
+
+        let err = resolve_output_target(Some(PathBuf::from("-")), true).expect_err("must fail");
+        assert!(err.to_string().contains("--overwrite cannot be used with --output -"));
+    }
+
+    #[test]
+    fn emit_output_to_stdout_and_print_status_cover_text_paths() {
+        emit_output("stdout output", &OutputTarget::Stdout).expect("stdout output");
+        assert!(should_print_status(OutputFormat::Text, false));
+        assert!(!should_print_status(OutputFormat::Json, false));
+        assert!(!should_print_status(OutputFormat::Text, true));
+        print_status("status output", OutputFormat::Text, false);
+        print_status("quiet output", OutputFormat::Text, true);
+        print_status("json output", OutputFormat::Json, false);
+    }
+
     #[test]
     #[cfg(unix)]
     fn ensure_output_parent_rejects_symlinked_parent_directory() {
@@ -188,6 +235,46 @@ mod tests {
         fs::remove_dir_all(&root).expect("cleanup temp tree");
     }
 
+    #[test]
+    #[cfg(unix)]
+    fn ensure_output_parent_rejects_directory_path() {
+        use std::os::unix::fs::PermissionsExt;
+
+        let root = temp_path("vault-cli-admin-output-dir-path");
+        fs::create_dir_all(&root).expect("create root");
+        fs::set_permissions(&root, fs::Permissions::from_mode(0o700))
+            .expect("secure root permissions");
+
+        let err = ensure_output_parent(&root).expect_err("directory path must fail");
+        assert!(err
+            .to_string()
+            .contains("is a directory; provide a file path"));
+
+        fs::remove_dir_all(&root).expect("cleanup temp tree");
+    }
+
+    #[test]
+    #[cfg(unix)]
+    fn ensure_output_parent_allows_sticky_world_writable_ancestor() {
+        use std::os::unix::fs::PermissionsExt;
+
+        let root = temp_path("vault-cli-admin-output-sticky-ancestor");
+        let shared = root.join("shared");
+        let nested = shared.join("nested");
+        fs::create_dir_all(&nested).expect("create nested directory");
+        fs::set_permissions(&shared, fs::Permissions::from_mode(0o1777))
+            .expect("set sticky shared permissions");
+        fs::set_permissions(&nested, fs::Permissions::from_mode(0o700))
+            .expect("set secure nested permissions");
+
+        ensure_output_parent(&nested.join("output.json"))
+            .expect("sticky world-writable ancestor should be allowed");
+
+        fs::set_permissions(&shared, fs::Permissions::from_mode(0o700))
+            .expect("restore cleanup permissions");
+        fs::remove_dir_all(&root).expect("cleanup temp tree");
+    }
+
     #[test]
     #[cfg(unix)]
     fn write_output_file_overwrite_replaces_existing_hard_link_instead_of_mutating_shared_inode() {
@@ -218,6 +305,67 @@ mod tests {
 
         fs::remove_dir_all(&root).expect("cleanup temp tree");
     }
+
+    #[test]
+    #[cfg(unix)]
+    fn write_output_file_creates_new_file_and_rejects_existing_without_overwrite() {
+        use std::os::unix::fs::PermissionsExt;
+
+        let root = temp_path("vault-cli-admin-output-create-file");
+        fs::create_dir_all(&root).expect("create root directory");
+        fs::set_permissions(&root, fs::Permissions::from_mode(0o700))
+            .expect("secure root directory permissions");
+
+        let output_path = root.join("output.json");
+        write_output_file(&output_path, "created", false).expect("write new output file");
+        assert_eq!(
+            fs::read_to_string(&output_path).expect("read created output"),
+            "created\n"
+        );
+        assert_eq!(
+            fs::metadata(&output_path)
+                .expect("metadata")
+                .permissions()
+                .mode()
+                & 0o777,
+            0o600
+        );
+
+        let err = write_output_file(&output_path, "second", false)
+            .expect_err("existing file without overwrite must fail");
+        assert!(err
+            .to_string()
+            .contains("already exists; pass --overwrite to replace it"));
+
+        fs::remove_dir_all(&root).expect("cleanup temp tree");
+    }
+
+    #[test]
+    #[cfg(unix)]
+    fn emit_output_to_file_target_writes_expected_content() {
+        use std::os::unix::fs::PermissionsExt;
+
+        let root = temp_path("vault-cli-admin-emit-output-file");
+        fs::create_dir_all(&root).expect("create root directory");
+        fs::set_permissions(&root, fs::Permissions::from_mode(0o700))
+            .expect("secure root directory permissions");
+
+        let output_path = root.join("output.json");
+        emit_output(
+            "file output",
+            &OutputTarget::File {
+                path: output_path.clone(),
+                overwrite: false,
+            },
+        )
+        .expect("emit output to file");
+        assert_eq!(
+            fs::read_to_string(&output_path).expect("read emitted file"),
+            "file output\n"
+        );
+
+        fs::remove_dir_all(&root).expect("cleanup temp tree");
+    }
 }
 
 pub(crate) fn resolve_output_format(