@wopr-network/platform-core 0.1.0

package/dist/security/encryption.js

@@ -0,0 +1,53 @@
+import { createCipheriv, createDecipheriv, createHmac, randomBytes } from "node:crypto";
+const ALGORITHM = "aes-256-gcm";
+const IV_BYTES = 16;
+const KEY_BYTES = 32;
+/**
+ * Derive a per-instance encryption key from the instance ID and a platform secret.
+ * Uses HMAC-SHA256 so the platform never stores the raw key — it's deterministic
+ * from (instanceId + platformSecret) but the secret lives only in Docker secrets.
+ */
+export function deriveInstanceKey(instanceId, platformSecret) {
+    return createHmac("sha256", platformSecret).update(instanceId).digest();
+}
+/**
+ * Generate a random 32-byte encryption key.
+ * Used when creating a new instance to produce a Docker secret.
+ */
+export function generateInstanceKey() {
+    return randomBytes(KEY_BYTES);
+}
+/**
+ * Encrypt a plaintext string with AES-256-GCM.
+ * Returns a structured payload with iv, authTag, and ciphertext (all hex-encoded).
+ */
+export function encrypt(plaintext, key) {
+    if (key.length !== KEY_BYTES) {
+        throw new Error(`Encryption key must be ${KEY_BYTES} bytes, got ${key.length}`);
+    }
+    const iv = randomBytes(IV_BYTES);
+    const cipher = createCipheriv(ALGORITHM, key, iv);
+    const encrypted = Buffer.concat([cipher.update(plaintext, "utf-8"), cipher.final()]);
+    const authTag = cipher.getAuthTag();
+    return {
+        iv: iv.toString("hex"),
+        authTag: authTag.toString("hex"),
+        ciphertext: encrypted.toString("hex"),
+    };
+}
+/**
+ * Decrypt an AES-256-GCM encrypted payload back to plaintext.
+ * Throws on tampered data or wrong key.
+ */
+export function decrypt(payload, key) {
+    if (key.length !== KEY_BYTES) {
+        throw new Error(`Encryption key must be ${KEY_BYTES} bytes, got ${key.length}`);
+    }
+    const iv = Buffer.from(payload.iv, "hex");
+    const authTag = Buffer.from(payload.authTag, "hex");
+    const ciphertext = Buffer.from(payload.ciphertext, "hex");
+    const decipher = createDecipheriv(ALGORITHM, key, iv);
+    decipher.setAuthTag(authTag);
+    const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+    return decrypted.toString("utf-8");
+}

package/dist/security/encryption.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/security/encryption.test.js

@@ -0,0 +1,95 @@
+import { randomBytes } from "node:crypto";
+import { describe, expect, it } from "vitest";
+import { decrypt, deriveInstanceKey, encrypt, generateInstanceKey } from "./encryption.js";
+describe("encryption", () => {
+    describe("generateInstanceKey", () => {
+        it("returns a 32-byte buffer", () => {
+            const key = generateInstanceKey();
+            expect(key).toBeInstanceOf(Buffer);
+            expect(key.length).toBe(32);
+        });
+        it("generates unique keys", () => {
+            const a = generateInstanceKey();
+            const b = generateInstanceKey();
+            expect(a.equals(b)).toBe(false);
+        });
+    });
+    describe("deriveInstanceKey", () => {
+        it("returns a 32-byte buffer", () => {
+            const key = deriveInstanceKey("instance-123", "platform-secret");
+            expect(key).toBeInstanceOf(Buffer);
+            expect(key.length).toBe(32);
+        });
+        it("is deterministic for the same inputs", () => {
+            const a = deriveInstanceKey("instance-123", "secret");
+            const b = deriveInstanceKey("instance-123", "secret");
+            expect(a.equals(b)).toBe(true);
+        });
+        it("differs for different instance IDs", () => {
+            const a = deriveInstanceKey("instance-1", "secret");
+            const b = deriveInstanceKey("instance-2", "secret");
+            expect(a.equals(b)).toBe(false);
+        });
+        it("differs for different secrets", () => {
+            const a = deriveInstanceKey("instance-1", "secret-a");
+            const b = deriveInstanceKey("instance-1", "secret-b");
+            expect(a.equals(b)).toBe(false);
+        });
+    });
+    describe("encrypt / decrypt round-trip", () => {
+        const key = generateInstanceKey();
+        it("encrypts and decrypts a simple string", () => {
+            const plaintext = "hello world";
+            const encrypted = encrypt(plaintext, key);
+            const decrypted = decrypt(encrypted, key);
+            expect(decrypted).toBe(plaintext);
+        });
+        it("encrypts and decrypts JSON secrets", () => {
+            const secrets = JSON.stringify({ ANTHROPIC_API_KEY: "sk-ant-test123", DISCORD_TOKEN: "token123" });
+            const encrypted = encrypt(secrets, key);
+            const decrypted = decrypt(encrypted, key);
+            expect(decrypted).toBe(secrets);
+        });
+        it("encrypts and decrypts empty string", () => {
+            const encrypted = encrypt("", key);
+            const decrypted = decrypt(encrypted, key);
+            expect(decrypted).toBe("");
+        });
+        it("produces different ciphertext for same plaintext (random IV)", () => {
+            const plaintext = "same data";
+            const a = encrypt(plaintext, key);
+            const b = encrypt(plaintext, key);
+            expect(a.ciphertext).not.toBe(b.ciphertext);
+            expect(a.iv).not.toBe(b.iv);
+        });
+        it("returns hex-encoded fields", () => {
+            const encrypted = encrypt("test", key);
+            expect(encrypted.iv).toMatch(/^[0-9a-f]+$/);
+            expect(encrypted.authTag).toMatch(/^[0-9a-f]+$/);
+            expect(encrypted.ciphertext).toMatch(/^[0-9a-f]+$/);
+        });
+    });
+    describe("decrypt error cases", () => {
+        const key = generateInstanceKey();
+        it("throws with wrong key", () => {
+            const encrypted = encrypt("secret data", key);
+            const wrongKey = generateInstanceKey();
+            expect(() => decrypt(encrypted, wrongKey)).toThrow();
+        });
+        it("throws with tampered ciphertext", () => {
+            const encrypted = encrypt("secret data", key);
+            const tampered = { ...encrypted, ciphertext: "deadbeef".repeat(8) };
+            expect(() => decrypt(tampered, tampered.iv.length > 0 ? key : key)).toThrow();
+        });
+        it("throws with tampered auth tag", () => {
+            const encrypted = encrypt("secret data", key);
+            const tampered = { ...encrypted, authTag: "00".repeat(16) };
+            expect(() => decrypt(tampered, key)).toThrow();
+        });
+        it("throws with wrong key length", () => {
+            const shortKey = randomBytes(16);
+            expect(() => encrypt("test", shortKey)).toThrow("Encryption key must be 32 bytes");
+            expect(() => decrypt({ iv: "", authTag: "", ciphertext: "" }, shortKey)).toThrow("Encryption key must be 32 bytes");
+        });
+    });
+});

package/dist/security/host-validation.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Validate a node registration host to prevent SSRF.
+ * Blocks loopback, link-local, multicast, broadcast, and unspecified addresses always.
+ * Blocks private ranges (10.x, 172.16-31.x, 192.168.x, fc00::/7) unless
+ * ALLOW_PRIVATE_NODE_HOSTS=true (for VPC deployments).
+ *
+ * NOTE: This validates the host string only. It does NOT perform DNS resolution,
+ * so hostnames that resolve to private IPs (e.g., via DNS rebinding or nip.io tricks)
+ * are not caught here. Out-of-scope for this issue.
+ */
+export declare function validateNodeHost(host: string): void;

package/dist/security/host-validation.js

@@ -0,0 +1,108 @@
+import { isIP } from "node:net";
+/**
+ * Validate a node registration host to prevent SSRF.
+ * Blocks loopback, link-local, multicast, broadcast, and unspecified addresses always.
+ * Blocks private ranges (10.x, 172.16-31.x, 192.168.x, fc00::/7) unless
+ * ALLOW_PRIVATE_NODE_HOSTS=true (for VPC deployments).
+ *
+ * NOTE: This validates the host string only. It does NOT perform DNS resolution,
+ * so hostnames that resolve to private IPs (e.g., via DNS rebinding or nip.io tricks)
+ * are not caught here. Out-of-scope for this issue.
+ */
+export function validateNodeHost(host) {
+    const trimmed = host.trim();
+    if (trimmed.length === 0) {
+        throw new Error("Invalid node host: empty");
+    }
+    // Check for "localhost" hostname
+    if (trimmed.toLowerCase() === "localhost") {
+        throw new Error("Invalid node host: loopback hostname");
+    }
+    const ipVersion = isIP(trimmed);
+    if (ipVersion === 4) {
+        validateIPv4(trimmed);
+        return;
+    }
+    if (ipVersion === 6) {
+        validateIPv6(trimmed);
+        return;
+    }
+    // Reject malformed IPv4-looking strings (e.g. 999.999.999.999) that isIP()
+    // returns 0 for but validateHostname() would accept as digit-only labels.
+    if (/^\d+\.\d+\.\d+\.\d+$/.test(trimmed)) {
+        throw new Error("Invalid node host: malformed IPv4 address");
+    }
+    // Not an IP — treat as hostname
+    validateHostname(trimmed);
+}
+function validateIPv4(ip) {
+    const parts = ip.split(".").map(Number);
+    const [a, b] = parts;
+    // Unspecified
+    if (a === 0)
+        throw new Error("Invalid node host: unspecified address");
+    // Loopback — ALWAYS blocked
+    if (a === 127)
+        throw new Error("Invalid node host: loopback address");
+    // Link-local — ALWAYS blocked
+    if (a === 169 && b === 254)
+        throw new Error("Invalid node host: link-local address");
+    // Multicast
+    if (a >= 224 && a <= 239)
+        throw new Error("Invalid node host: multicast address");
+    // Broadcast
+    if (a === 255 && b === 255)
+        throw new Error("Invalid node host: broadcast address");
+    // Private ranges — blocked unless ALLOW_PRIVATE_NODE_HOSTS
+    if (!allowPrivateHosts()) {
+        if (a === 10)
+            throw new Error("Invalid node host: private address");
+        if (a === 172 && b >= 16 && b <= 31)
+            throw new Error("Invalid node host: private address");
+        if (a === 192 && b === 168)
+            throw new Error("Invalid node host: private address");
+    }
+}
+function validateIPv6(ip) {
+    const normalized = ip.toLowerCase();
+    // Loopback ::1 — ALWAYS blocked
+    if (normalized === "::1")
+        throw new Error("Invalid node host: loopback address");
+    // Unspecified :: — ALWAYS blocked
+    if (normalized === "::")
+        throw new Error("Invalid node host: unspecified address");
+    // IPv6-mapped IPv4 — check the embedded IPv4
+    const v4MappedMatch = normalized.match(/^::ffff:(\d+\.\d+\.\d+\.\d+)$/);
+    if (v4MappedMatch) {
+        validateIPv4(v4MappedMatch[1]);
+        return;
+    }
+    // Link-local fe80::/10 — ALWAYS blocked
+    if (normalized.startsWith("fe80:") || normalized.startsWith("fe80")) {
+        throw new Error("Invalid node host: link-local address");
+    }
+    // Unique local fc00::/7 (fc00:: and fd00::) — private
+    if (!allowPrivateHosts()) {
+        if (normalized.startsWith("fc") || normalized.startsWith("fd")) {
+            throw new Error("Invalid node host: private address");
+        }
+    }
+}
+function validateHostname(host) {
+    if (host.length > 253)
+        throw new Error("Invalid node host: hostname too long");
+    if (host.startsWith(".") || host.endsWith("."))
+        throw new Error("Invalid node host: invalid hostname");
+    // RFC 1123: labels separated by dots, alphanumeric + hyphens
+    const labelPattern = /^[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?$/;
+    const labels = host.split(".");
+    for (const label of labels) {
+        if (label.length === 0 || label.length > 63)
+            throw new Error("Invalid node host: invalid hostname");
+        if (!labelPattern.test(label))
+            throw new Error("Invalid node host: invalid hostname");
+    }
+}
+function allowPrivateHosts() {
+    return process.env.ALLOW_PRIVATE_NODE_HOSTS === "true";
+}

package/dist/security/host-validation.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/security/host-validation.test.js

@@ -0,0 +1,106 @@
+import { afterEach, describe, expect, it, vi } from "vitest";
+import { validateNodeHost } from "./host-validation.js";
+describe("validateNodeHost", () => {
+    afterEach(() => {
+        vi.unstubAllEnvs();
+    });
+    // --- VALID hosts ---
+    it("accepts a public IPv4 address", () => {
+        expect(() => validateNodeHost("203.0.113.10")).not.toThrow();
+    });
+    it("accepts a valid hostname", () => {
+        expect(() => validateNodeHost("node-1.fleet.wopr.network")).not.toThrow();
+    });
+    it("accepts a public IPv6 address", () => {
+        expect(() => validateNodeHost("2001:db8::1")).not.toThrow();
+    });
+    // --- ALWAYS blocked ---
+    it("rejects empty string", () => {
+        expect(() => validateNodeHost("")).toThrow("Invalid node host");
+    });
+    it("rejects whitespace-only string", () => {
+        expect(() => validateNodeHost("   ")).toThrow("Invalid node host");
+    });
+    it("rejects loopback 127.0.0.1", () => {
+        expect(() => validateNodeHost("127.0.0.1")).toThrow("Invalid node host");
+    });
+    it("rejects loopback 127.0.0.2", () => {
+        expect(() => validateNodeHost("127.0.0.2")).toThrow("Invalid node host");
+    });
+    it("rejects link-local 169.254.169.254", () => {
+        expect(() => validateNodeHost("169.254.169.254")).toThrow("Invalid node host");
+    });
+    it("rejects IPv6 loopback ::1", () => {
+        expect(() => validateNodeHost("::1")).toThrow("Invalid node host");
+    });
+    it("rejects IPv6-mapped loopback ::ffff:127.0.0.1", () => {
+        expect(() => validateNodeHost("::ffff:127.0.0.1")).toThrow("Invalid node host");
+    });
+    it("rejects multicast 224.0.0.1", () => {
+        expect(() => validateNodeHost("224.0.0.1")).toThrow("Invalid node host");
+    });
+    it("rejects broadcast 255.255.255.255", () => {
+        expect(() => validateNodeHost("255.255.255.255")).toThrow("Invalid node host");
+    });
+    it("rejects 0.0.0.0", () => {
+        expect(() => validateNodeHost("0.0.0.0")).toThrow("Invalid node host");
+    });
+    it("rejects localhost hostname", () => {
+        expect(() => validateNodeHost("localhost")).toThrow("Invalid node host");
+    });
+    // --- Private ranges (blocked by default) ---
+    it("rejects 10.x.x.x by default", () => {
+        expect(() => validateNodeHost("10.0.0.1")).toThrow("Invalid node host");
+    });
+    it("rejects 172.16.x.x by default", () => {
+        expect(() => validateNodeHost("172.16.0.1")).toThrow("Invalid node host");
+    });
+    it("rejects 192.168.x.x by default", () => {
+        expect(() => validateNodeHost("192.168.1.1")).toThrow("Invalid node host");
+    });
+    it("rejects IPv6 unique local fc00::", () => {
+        expect(() => validateNodeHost("fc00::1")).toThrow("Invalid node host");
+    });
+    // --- Private ranges (allowed with env var) ---
+    it("allows 10.x.x.x when ALLOW_PRIVATE_NODE_HOSTS=true", () => {
+        vi.stubEnv("ALLOW_PRIVATE_NODE_HOSTS", "true");
+        expect(() => validateNodeHost("10.0.0.1")).not.toThrow();
+    });
+    it("allows 172.16.x.x when ALLOW_PRIVATE_NODE_HOSTS=true", () => {
+        vi.stubEnv("ALLOW_PRIVATE_NODE_HOSTS", "true");
+        expect(() => validateNodeHost("172.16.0.1")).not.toThrow();
+    });
+    it("allows 192.168.x.x when ALLOW_PRIVATE_NODE_HOSTS=true", () => {
+        vi.stubEnv("ALLOW_PRIVATE_NODE_HOSTS", "true");
+        expect(() => validateNodeHost("192.168.1.1")).not.toThrow();
+    });
+    it("still blocks loopback even with ALLOW_PRIVATE_NODE_HOSTS=true", () => {
+        vi.stubEnv("ALLOW_PRIVATE_NODE_HOSTS", "true");
+        expect(() => validateNodeHost("127.0.0.1")).toThrow("Invalid node host");
+    });
+    it("still blocks link-local even with ALLOW_PRIVATE_NODE_HOSTS=true", () => {
+        vi.stubEnv("ALLOW_PRIVATE_NODE_HOSTS", "true");
+        expect(() => validateNodeHost("169.254.169.254")).toThrow("Invalid node host");
+    });
+    // --- Malformed IPv4-looking strings ---
+    it("rejects malformed dotted-quad 999.999.999.999", () => {
+        expect(() => validateNodeHost("999.999.999.999")).toThrow("Invalid node host: malformed IPv4 address");
+    });
+    it("rejects malformed dotted-quad 256.0.0.1", () => {
+        expect(() => validateNodeHost("256.0.0.1")).toThrow("Invalid node host: malformed IPv4 address");
+    });
+    it("rejects malformed dotted-quad 1.2.3.999", () => {
+        expect(() => validateNodeHost("1.2.3.999")).toThrow("Invalid node host: malformed IPv4 address");
+    });
+    // --- Hostname validation ---
+    it("rejects hostnames with spaces", () => {
+        expect(() => validateNodeHost("host name")).toThrow("Invalid node host");
+    });
+    it("rejects hostnames starting with a dot", () => {
+        expect(() => validateNodeHost(".example.com")).toThrow("Invalid node host");
+    });
+    it("rejects hostnames longer than 253 characters", () => {
+        const long = "a".repeat(254);
+        expect(() => validateNodeHost(long)).toThrow("Invalid node host");
+    });
+});

package/dist/security/index.d.ts

@@ -0,0 +1,11 @@
+export type { EncryptedPayload, Provider, ValidateKeyRequest, ValidateKeyResponse, WriteSecretsRequest, ProviderEndpoint } from "./types.js";
+export { providerSchema, validateKeyRequestSchema, writeSecretsRequestSchema } from "./types.js";
+export { deriveInstanceKey, generateInstanceKey, encrypt, decrypt } from "./encryption.js";
+export { validateNodeHost } from "./host-validation.js";
+export { assertSafeRedirectUrl } from "./redirect-allowlist.js";
+export type { KeyLeakMatch } from "./key-audit.js";
+export { scanForKeyLeaks } from "./key-audit.js";
+export { writeEncryptedSeed, forwardSecretsToInstance } from "./key-injection.js";
+export { PROVIDER_ENDPOINTS, validateProviderKey } from "./key-validation.js";
+export { type SecretAuditEvent, type ISecretAuditRepository, DrizzleSecretAuditRepository, type CredentialRow, type CredentialSummaryRow, type InsertCredentialRow, type ICredentialMigrationAccess, type ICredentialRepository, type IMigrationTenantKeyAccess, DrizzleCredentialRepository, DrizzleMigrationTenantKeyAccess, type RotationResult, reEncryptAllCredentials, type MigrationResult, migratePlaintextCredentials, type PlaintextFinding, auditCredentialEncryption, type AuthType, type CreateCredentialInput, type CredentialSummary, type DecryptedCredential, type ICredentialVaultStore, type RotateCredentialInput, CredentialVaultStore, getVaultEncryptionKey, } from "./credential-vault/index.js";
+export { type IKeyResolutionRepository, DrizzleKeyResolutionRepository, type ResolvedKey, resolveApiKey, buildPooledKeysMap, type TenantApiKey, type ITenantKeyRepository, TenantKeyRepository, type CapabilityName, type TenantCapabilitySetting, type ICapabilitySettingsRepository, ALL_CAPABILITIES, CapabilitySettingsStore, type IOrgMembershipRepository, type OrgResolvedKey, DrizzleOrgMembershipRepository, resolveApiKeyWithOrgFallback, } from "./tenant-keys/index.js";

package/dist/security/index.js

@@ -0,0 +1,11 @@
+export { providerSchema, validateKeyRequestSchema, writeSecretsRequestSchema } from "./types.js";
+export { deriveInstanceKey, generateInstanceKey, encrypt, decrypt } from "./encryption.js";
+export { validateNodeHost } from "./host-validation.js";
+export { assertSafeRedirectUrl } from "./redirect-allowlist.js";
+export { scanForKeyLeaks } from "./key-audit.js";
+export { writeEncryptedSeed, forwardSecretsToInstance } from "./key-injection.js";
+export { PROVIDER_ENDPOINTS, validateProviderKey } from "./key-validation.js";
+// Credential vault
+export { DrizzleSecretAuditRepository, DrizzleCredentialRepository, DrizzleMigrationTenantKeyAccess, reEncryptAllCredentials, migratePlaintextCredentials, auditCredentialEncryption, CredentialVaultStore, getVaultEncryptionKey, } from "./credential-vault/index.js";
+// Tenant keys
+export { DrizzleKeyResolutionRepository, resolveApiKey, buildPooledKeysMap, TenantKeyRepository, ALL_CAPABILITIES, CapabilitySettingsStore, DrizzleOrgMembershipRepository, resolveApiKeyWithOrgFallback, } from "./tenant-keys/index.js";

package/dist/security/key-audit.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Key material audit — grep-based detection of leaked key patterns in log output.
+ *
+ * This utility scans arbitrary text (log lines, config dumps, etc.) for patterns
+ * that look like provider API keys. Used in tests to verify zero key leakage.
+ */
+export interface KeyLeakMatch {
+    provider: string;
+    line: number;
+    match: string;
+}
+/**
+ * Scan text content for key-like patterns.
+ * Returns an array of matches found — empty array means no leaks detected.
+ */
+export declare function scanForKeyLeaks(content: string): KeyLeakMatch[];

package/dist/security/key-audit.js

@@ -0,0 +1,35 @@
+/**
+ * Key material audit — grep-based detection of leaked key patterns in log output.
+ *
+ * This utility scans arbitrary text (log lines, config dumps, etc.) for patterns
+ * that look like provider API keys. Used in tests to verify zero key leakage.
+ */
+/** Patterns that match common provider key formats. */
+const KEY_PATTERNS = [
+    { provider: "anthropic", pattern: /sk-ant-[A-Za-z0-9_-]{20,}/ },
+    { provider: "openai", pattern: /sk-[A-Za-z0-9]{20,}/ },
+    { provider: "google", pattern: /AIza[A-Za-z0-9_-]{30,}/ },
+    { provider: "discord", pattern: /[A-Za-z0-9_-]{24}\.[A-Za-z0-9_-]{6}\.[A-Za-z0-9_-]{27,}/ },
+];
+/**
+ * Scan text content for key-like patterns.
+ * Returns an array of matches found — empty array means no leaks detected.
+ */
+export function scanForKeyLeaks(content) {
+    const leaks = [];
+    const lines = content.split("\n");
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        for (const { provider, pattern } of KEY_PATTERNS) {
+            const match = line.match(pattern);
+            if (match) {
+                leaks.push({
+                    provider,
+                    line: i + 1,
+                    match: `${match[0].slice(0, 8)}...${match[0].slice(-4)}`,
+                });
+            }
+        }
+    }
+    return leaks;
+}

package/dist/security/key-audit.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/security/key-audit.test.js

@@ -0,0 +1,50 @@
+import { describe, expect, it } from "vitest";
+import { scanForKeyLeaks } from "./key-audit.js";
+describe("key-audit", () => {
+    describe("scanForKeyLeaks", () => {
+        it("detects Anthropic key patterns", () => {
+            const content = "info: processing request with key sk-ant-abcdefghijklmnopqrstuvwxyz123456";
+            const leaks = scanForKeyLeaks(content);
+            expect(leaks.length).toBe(1);
+            expect(leaks[0].provider).toBe("anthropic");
+            expect(leaks[0].line).toBe(1);
+        });
+        it("detects OpenAI key patterns", () => {
+            const content = "debug: using API key sk-abcdefghijklmnopqrstuvwxyz";
+            const leaks = scanForKeyLeaks(content);
+            expect(leaks.some((l) => l.provider === "openai")).toBe(true);
+        });
+        it("detects Google key patterns", () => {
+            const content = "config: api_key=AIzaSyA1234567890abcdefghijklmnopqrstuvwx";
+            const leaks = scanForKeyLeaks(content);
+            expect(leaks.some((l) => l.provider === "google")).toBe(true);
+        });
+        it("returns empty array for clean logs", () => {
+            const content = [
+                "info: server started on port 3000",
+                "info: health check passed",
+                "debug: processing request id=abc-123",
+            ].join("\n");
+            const leaks = scanForKeyLeaks(content);
+            expect(leaks).toEqual([]);
+        });
+        it("detects multiple leaks across lines", () => {
+            const content = [
+                "line 1: safe content",
+                "line 2: key=sk-ant-abcdefghijklmnopqrstuvwxyz",
+                "line 3: also sk-abcdefghijklmnopqrstuvwxyz",
+            ].join("\n");
+            const leaks = scanForKeyLeaks(content);
+            expect(leaks.length).toBeGreaterThanOrEqual(2);
+        });
+        it("truncates matched key in output for safety", () => {
+            const content = "key: sk-ant-abcdefghijklmnopqrstuvwxyz123456";
+            const leaks = scanForKeyLeaks(content);
+            expect(leaks[0].match).toContain("...");
+            expect(leaks[0].match.length).toBeLessThan(40);
+        });
+        it("handles empty input", () => {
+            expect(scanForKeyLeaks("")).toEqual([]);
+        });
+    });
+});

package/dist/security/key-injection.d.ts

@@ -0,0 +1,28 @@
+import type { EncryptedPayload } from "./types.js";
+/**
+ * Write an encrypted seed file to an instance's WOPR_HOME volume.
+ * Used during initial provisioning when the instance container isn't running yet.
+ *
+ * The platform writes ciphertext only — it never sees or persists the plaintext keys.
+ * The instance decrypts on first boot using its own derived key (injected as a Docker secret).
+ *
+ * @param woprHome - Absolute path to the instance's WOPR_HOME volume mount.
+ * @param secrets - Key-value map of secrets to encrypt.
+ * @param instanceKey - The 32-byte instance-derived encryption key.
+ * @returns The encrypted payload that was written.
+ */
+export declare function writeEncryptedSeed(woprHome: string, secrets: Record<string, string>, instanceKey: Buffer): Promise<EncryptedPayload>;
+/**
+ * Forward secrets opaquely to a running instance container.
+ * The platform acts as a pass-through — it never parses or logs the request body.
+ *
+ * @param instanceUrl - The internal URL of the running instance (e.g., http://container:3000).
+ * @param sessionToken - The user's session token for authentication.
+ * @param opaqueBody - The raw request body string to forward without parsing.
+ * @returns Whether the write succeeded.
+ */
+export declare function forwardSecretsToInstance(instanceUrl: string, sessionToken: string, opaqueBody: string): Promise<{
+    ok: boolean;
+    status: number;
+    error?: string;
+}>;

package/dist/security/key-injection.js

@@ -0,0 +1,57 @@
+import { mkdir, writeFile } from "node:fs/promises";
+import path from "node:path";
+import { logger } from "../config/logger.js";
+import { encrypt } from "./encryption.js";
+/**
+ * Write an encrypted seed file to an instance's WOPR_HOME volume.
+ * Used during initial provisioning when the instance container isn't running yet.
+ *
+ * The platform writes ciphertext only — it never sees or persists the plaintext keys.
+ * The instance decrypts on first boot using its own derived key (injected as a Docker secret).
+ *
+ * @param woprHome - Absolute path to the instance's WOPR_HOME volume mount.
+ * @param secrets - Key-value map of secrets to encrypt.
+ * @param instanceKey - The 32-byte instance-derived encryption key.
+ * @returns The encrypted payload that was written.
+ */
+export async function writeEncryptedSeed(woprHome, secrets, instanceKey) {
+    const serialized = JSON.stringify(secrets);
+    const encrypted = encrypt(serialized, instanceKey);
+    await mkdir(woprHome, { recursive: true });
+    const seedPath = path.join(woprHome, "secrets.enc");
+    await writeFile(seedPath, JSON.stringify(encrypted), { mode: 0o600 });
+    logger.info("Wrote encrypted seed file", { path: seedPath });
+    return encrypted;
+}
+/**
+ * Forward secrets opaquely to a running instance container.
+ * The platform acts as a pass-through — it never parses or logs the request body.
+ *
+ * @param instanceUrl - The internal URL of the running instance (e.g., http://container:3000).
+ * @param sessionToken - The user's session token for authentication.
+ * @param opaqueBody - The raw request body string to forward without parsing.
+ * @returns Whether the write succeeded.
+ */
+export async function forwardSecretsToInstance(instanceUrl, sessionToken, opaqueBody) {
+    try {
+        const response = await fetch(`${instanceUrl}/config/secrets`, {
+            method: "PUT",
+            headers: {
+                "Content-Type": "application/json",
+                Authorization: `Bearer ${sessionToken}`,
+            },
+            body: opaqueBody,
+            signal: AbortSignal.timeout(10_000),
+        });
+        if (response.ok) {
+            return { ok: true, status: response.status };
+        }
+        const errorText = await response.text().catch(() => "Unknown error");
+        return { ok: false, status: response.status, error: errorText };
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : "Failed to forward secrets";
+        logger.error("Failed to forward secrets to instance", { error: message });
+        return { ok: false, status: 502, error: message };
+    }
+}

package/dist/security/key-injection.test.d.ts

@@ -0,0 +1 @@
+export {};