@zcloak/ai-agent 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -0
- package/dist/bind.d.ts +22 -0
- package/dist/bind.js +145 -0
- package/dist/bind.js.map +1 -0
- package/dist/cli.d.ts +31 -0
- package/dist/cli.js +126 -0
- package/dist/cli.js.map +1 -0
- package/dist/config.d.ts +14 -0
- package/dist/config.js +34 -0
- package/dist/config.js.map +1 -0
- package/dist/crypto.d.ts +113 -0
- package/dist/crypto.js +252 -0
- package/dist/crypto.js.map +1 -0
- package/dist/daemon.d.ts +94 -0
- package/dist/daemon.js +271 -0
- package/dist/daemon.js.map +1 -0
- package/dist/delete.d.ts +22 -0
- package/dist/delete.js +231 -0
- package/dist/delete.js.map +1 -0
- package/dist/doc.d.ts +23 -0
- package/dist/doc.js +180 -0
- package/dist/doc.js.map +1 -0
- package/dist/error.d.ts +45 -0
- package/dist/error.js +79 -0
- package/dist/error.js.map +1 -0
- package/dist/feed.d.ts +20 -0
- package/dist/feed.js +83 -0
- package/dist/feed.js.map +1 -0
- package/dist/identity.d.ts +50 -0
- package/dist/identity.js +99 -0
- package/dist/identity.js.map +1 -0
- package/dist/identity_cmd.d.ts +23 -0
- package/dist/identity_cmd.js +136 -0
- package/dist/identity_cmd.js.map +1 -0
- package/dist/idl.d.ts +99 -0
- package/dist/idl.js +213 -0
- package/dist/idl.js.map +1 -0
- package/dist/key-store.d.ts +88 -0
- package/dist/key-store.js +171 -0
- package/dist/key-store.js.map +1 -0
- package/dist/pow.d.ts +24 -0
- package/dist/pow.js +86 -0
- package/dist/pow.js.map +1 -0
- package/dist/register.d.ts +24 -0
- package/dist/register.js +191 -0
- package/dist/register.js.map +1 -0
- package/dist/rpc.d.ts +107 -0
- package/dist/rpc.js +60 -0
- package/dist/rpc.js.map +1 -0
- package/dist/serve.d.ts +55 -0
- package/dist/serve.js +455 -0
- package/dist/serve.js.map +1 -0
- package/dist/session.d.ts +104 -0
- package/dist/session.js +189 -0
- package/dist/session.js.map +1 -0
- package/dist/sign.d.ts +33 -0
- package/dist/sign.js +355 -0
- package/dist/sign.js.map +1 -0
- package/dist/types/common.d.ts +63 -0
- package/dist/types/common.js +8 -0
- package/dist/types/common.js.map +1 -0
- package/dist/types/config.d.ts +28 -0
- package/dist/types/config.js +8 -0
- package/dist/types/config.js.map +1 -0
- package/dist/types/registry.d.ts +72 -0
- package/dist/types/registry.js +13 -0
- package/dist/types/registry.js.map +1 -0
- package/dist/types/sign-event.d.ts +134 -0
- package/dist/types/sign-event.js +13 -0
- package/dist/types/sign-event.js.map +1 -0
- package/dist/utils.d.ts +113 -0
- package/dist/utils.js +382 -0
- package/dist/utils.js.map +1 -0
- package/dist/verify.d.ts +23 -0
- package/dist/verify.js +207 -0
- package/dist/verify.js.map +1 -0
- package/dist/vetkey.d.ts +27 -0
- package/dist/vetkey.js +507 -0
- package/dist/vetkey.js.map +1 -0
- package/package.json +55 -0
package/dist/idl.js
ADDED
|
@@ -0,0 +1,213 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* zCloak.ai Candid IDL Definitions — Single Source of Truth
|
|
4
|
+
*
|
|
5
|
+
* Contains complete interface definitions for the signatures canister and registry canister.
|
|
6
|
+
* TypeScript type interfaces in types/sign-event.ts and types/registry.ts are
|
|
7
|
+
* AUTO-GENERATED from these IDL definitions via `npm run generate-types`.
|
|
8
|
+
*
|
|
9
|
+
* When the canister API changes:
|
|
10
|
+
* 1. Update the IDL definitions in this file
|
|
11
|
+
* 2. Run `npm run generate-types` to regenerate TS types
|
|
12
|
+
* 3. Run `npm run build` to verify compilation
|
|
13
|
+
*
|
|
14
|
+
* Architecture:
|
|
15
|
+
* - buildSignTypes() / buildRegistryTypes() — named IDL type constructors (used by codegen)
|
|
16
|
+
* - buildSignService() / buildRegistryService() — service constructors (used by codegen for shared instances)
|
|
17
|
+
* - signIdlFactory / registryIdlFactory — IDL.InterfaceFactory (used by @dfinity/agent Actor)
|
|
18
|
+
*
|
|
19
|
+
* The canister's actual Candid .did schema is the upstream source; this file is derived from
|
|
20
|
+
* skill.md documentation and verified against actual canister responses.
|
|
21
|
+
*/
|
|
22
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
23
|
+
exports.registryIdlFactory = exports.signIdlFactory = void 0;
|
|
24
|
+
exports.buildSignTypes = buildSignTypes;
|
|
25
|
+
exports.buildSignService = buildSignService;
|
|
26
|
+
exports.buildRegistryTypes = buildRegistryTypes;
|
|
27
|
+
exports.buildRegistryService = buildRegistryService;
|
|
28
|
+
const candid_1 = require("@dfinity/candid");
|
|
29
|
+
// ========== Signatures Canister ==========
|
|
30
|
+
/**
|
|
31
|
+
* Build named IDL types for the signatures canister.
|
|
32
|
+
* Exported so that the codegen script can discover type names and their structures.
|
|
33
|
+
*
|
|
34
|
+
* @param I - The IDL module (passed through to allow use in both factory and codegen contexts)
|
|
35
|
+
*/
|
|
36
|
+
function buildSignTypes(I) {
|
|
37
|
+
/** SignEvent record — sign event returned by canister */
|
|
38
|
+
const SignEvent = I.Record({
|
|
39
|
+
counter: I.Opt(I.Nat32), // Global auto-increment counter
|
|
40
|
+
id: I.Text, // Event unique ID (sha256 hash)
|
|
41
|
+
kind: I.Nat32, // Event type (1-15)
|
|
42
|
+
ai_id: I.Text, // Signer principal ID
|
|
43
|
+
created_at: I.Nat64, // Creation timestamp (nanoseconds)
|
|
44
|
+
tags: I.Opt(I.Vec(I.Vec(I.Text))), // Tags array
|
|
45
|
+
content: I.Opt(I.Text), // Content (optional)
|
|
46
|
+
content_hash: I.Text, // Content SHA256 hash
|
|
47
|
+
});
|
|
48
|
+
/** SignParm variant — 15 signing parameter types */
|
|
49
|
+
const SignParm = I.Variant({
|
|
50
|
+
Kind1IdentityProfile: I.Record({ content: I.Text }),
|
|
51
|
+
Kind2IdentityVerification: I.Record({ content: I.Text, tags: I.Opt(I.Vec(I.Vec(I.Text))) }),
|
|
52
|
+
Kind3SimpleAgreement: I.Record({ content: I.Text, tags: I.Opt(I.Vec(I.Vec(I.Text))) }),
|
|
53
|
+
Kind4PublicPost: I.Record({ content: I.Text, tags: I.Opt(I.Vec(I.Vec(I.Text))) }),
|
|
54
|
+
// Kind5 uses VetKey IBE encryption: encrypted_content (bytes) + ibe_identity
|
|
55
|
+
Kind5PrivatePost: I.Record({
|
|
56
|
+
encrypted_content: I.Vec(I.Nat8),
|
|
57
|
+
ibe_identity: I.Text,
|
|
58
|
+
tags: I.Opt(I.Vec(I.Vec(I.Text))),
|
|
59
|
+
}),
|
|
60
|
+
Kind6Interaction: I.Record({ content: I.Text, tags: I.Opt(I.Vec(I.Vec(I.Text))) }),
|
|
61
|
+
Kind7ContactList: I.Record({ tags: I.Opt(I.Vec(I.Vec(I.Text))) }),
|
|
62
|
+
Kind8MediaAsset: I.Record({ content: I.Text, tags: I.Opt(I.Vec(I.Vec(I.Text))) }),
|
|
63
|
+
Kind9ServiceListing: I.Record({ content: I.Text, tags: I.Opt(I.Vec(I.Vec(I.Text))) }),
|
|
64
|
+
Kind10JobRequest: I.Record({ content: I.Text, tags: I.Opt(I.Vec(I.Vec(I.Text))) }),
|
|
65
|
+
Kind11DocumentSignature: I.Record({ content: I.Text, tags: I.Opt(I.Vec(I.Vec(I.Text))) }),
|
|
66
|
+
Kind12PublicContract: I.Record({ content: I.Text, tags: I.Opt(I.Vec(I.Vec(I.Text))) }),
|
|
67
|
+
Kind13PrivateContract: I.Record({ content: I.Text, tags: I.Opt(I.Vec(I.Vec(I.Text))) }),
|
|
68
|
+
Kind14Review: I.Record({ content: I.Text, tags: I.Opt(I.Vec(I.Vec(I.Text))) }),
|
|
69
|
+
Kind15GeneralAttestation: I.Record({ content: I.Text, tags: I.Opt(I.Vec(I.Vec(I.Text))) }),
|
|
70
|
+
});
|
|
71
|
+
/** DecryptionPackage record — returned by get_kind5_decryption_key */
|
|
72
|
+
const DecryptionPackage = I.Record({
|
|
73
|
+
encrypted_key: I.Vec(I.Nat8), // Transport-encrypted VetKey (192 bytes)
|
|
74
|
+
ciphertext: I.Vec(I.Nat8), // IBE ciphertext
|
|
75
|
+
ibe_identity: I.Text, // IBE identity string
|
|
76
|
+
});
|
|
77
|
+
return { SignEvent, SignParm, DecryptionPackage };
|
|
78
|
+
}
|
|
79
|
+
/**
|
|
80
|
+
* Build the signatures canister service, reusing pre-built named types.
|
|
81
|
+
* Exported for codegen to share type instances with the name registry.
|
|
82
|
+
*
|
|
83
|
+
* @param I - The IDL module
|
|
84
|
+
* @param types - Named types from buildSignTypes() (same instances used in the registry)
|
|
85
|
+
*/
|
|
86
|
+
function buildSignService(I, types) {
|
|
87
|
+
const { SignEvent, SignParm, DecryptionPackage } = types;
|
|
88
|
+
return I.Service({
|
|
89
|
+
// ===== Signing operations (update call, requires identity) =====
|
|
90
|
+
// agent_sign: Signing with PoW (2 params: SignParm + nonce text)
|
|
91
|
+
agent_sign: I.Func([SignParm, I.Text], [I.Variant({ Ok: SignEvent, Err: I.Text })], []),
|
|
92
|
+
// sign: Direct signing (no PoW, requires canister permission)
|
|
93
|
+
sign: I.Func([SignParm], [SignEvent], []),
|
|
94
|
+
// mcp_sign: MCP proxy signing
|
|
95
|
+
mcp_sign: I.Func([I.Principal, SignParm], [SignEvent], []),
|
|
96
|
+
// ===== VetKey operations (update call, requires identity) =====
|
|
97
|
+
// Get IBE derived public key (96 bytes, compressed G2 point)
|
|
98
|
+
get_ibe_public_key: I.Func([], [I.Vec(I.Nat8)], []),
|
|
99
|
+
// Get Kind5 decryption package (encrypted VetKey + ciphertext + identity)
|
|
100
|
+
get_kind5_decryption_key: I.Func([I.Text, I.Vec(I.Nat8)], [DecryptionPackage], []),
|
|
101
|
+
// Derive VetKey for daemon mode AES-256 key derivation
|
|
102
|
+
derive_vetkey: I.Func([I.Text, I.Vec(I.Nat8)], [I.Vec(I.Nat8)], []),
|
|
103
|
+
// ===== Query operations (query, can be anonymous) =====
|
|
104
|
+
// Get global counter
|
|
105
|
+
get_counter: I.Func([], [I.Nat32], ['query']),
|
|
106
|
+
// Fetch events by counter range
|
|
107
|
+
fetch_events_by_counter: I.Func([I.Nat32, I.Nat32], [I.Vec(SignEvent)], ['query']),
|
|
108
|
+
// Get all sign events
|
|
109
|
+
get_all_sign_events: I.Func([], [I.Vec(SignEvent)], ['query']),
|
|
110
|
+
// Get user sign history (paginated)
|
|
111
|
+
fetch_user_sign: I.Func([I.Principal, I.Nat32, I.Nat32], [I.Nat32, I.Vec(SignEvent)], ['query']),
|
|
112
|
+
// Get user's latest sign event ID (PoW base)
|
|
113
|
+
get_user_latest_sign_event_id: I.Func([I.Principal], [I.Text], ['query']),
|
|
114
|
+
// Verify signature by message content
|
|
115
|
+
verify_message: I.Func([I.Text], [I.Vec(SignEvent)], ['query']),
|
|
116
|
+
// Verify signature by message hash
|
|
117
|
+
verify_msg_hash: I.Func([I.Text], [I.Vec(SignEvent)], ['query']),
|
|
118
|
+
// Verify signature by file hash
|
|
119
|
+
verify_file_hash: I.Func([I.Text], [I.Vec(SignEvent)], ['query']),
|
|
120
|
+
// Get sign event by ID
|
|
121
|
+
get_sign_event_by_id: I.Func([I.Text], [I.Opt(SignEvent)], ['query']),
|
|
122
|
+
// Get Kind 1 identity profile
|
|
123
|
+
get_kind1_event_by_principal: I.Func([I.Text], [I.Opt(SignEvent)], ['query']),
|
|
124
|
+
// Connection test
|
|
125
|
+
greet: I.Func([I.Text], [I.Text], ['query']),
|
|
126
|
+
});
|
|
127
|
+
}
|
|
128
|
+
/**
|
|
129
|
+
* Signatures canister IDL factory (standard @dfinity/agent interface)
|
|
130
|
+
* Canister ID: zpbbm-piaaa-aaaaj-a3dsq-cai
|
|
131
|
+
*/
|
|
132
|
+
const signIdlFactory = () => {
|
|
133
|
+
return buildSignService(candid_1.IDL, buildSignTypes(candid_1.IDL));
|
|
134
|
+
};
|
|
135
|
+
exports.signIdlFactory = signIdlFactory;
|
|
136
|
+
// ========== Registry Canister ==========
|
|
137
|
+
/**
|
|
138
|
+
* Build named IDL types for the registry canister.
|
|
139
|
+
* Exported so that the codegen script can discover type names and their structures.
|
|
140
|
+
*
|
|
141
|
+
* @param I - The IDL module
|
|
142
|
+
*/
|
|
143
|
+
function buildRegistryTypes(I) {
|
|
144
|
+
/** Position record — position information in the registry */
|
|
145
|
+
const Position = I.Record({
|
|
146
|
+
is_human: I.Bool,
|
|
147
|
+
connection_list: I.Vec(I.Principal),
|
|
148
|
+
});
|
|
149
|
+
/** AI profile record */
|
|
150
|
+
const AiProfile = I.Record({
|
|
151
|
+
position: I.Opt(Position),
|
|
152
|
+
});
|
|
153
|
+
/** User profile record */
|
|
154
|
+
const UserProfile = I.Record({
|
|
155
|
+
username: I.Text,
|
|
156
|
+
ai_profile: I.Opt(AiProfile),
|
|
157
|
+
principal_id: I.Opt(I.Text),
|
|
158
|
+
passkey_name: I.Vec(I.Text), // Passkey names registered by the user
|
|
159
|
+
});
|
|
160
|
+
/** Registration success result record */
|
|
161
|
+
const RegisterResult = I.Record({
|
|
162
|
+
username: I.Text,
|
|
163
|
+
});
|
|
164
|
+
/** 2FA verification record — tracks a pending or completed 2FA request */
|
|
165
|
+
const TwoFARecord = I.Record({
|
|
166
|
+
caller: I.Text, // Agent principal that initiated the 2FA request
|
|
167
|
+
owner_list: I.Vec(I.Text), // List of owner principals authorized to confirm
|
|
168
|
+
confirm_owner: I.Opt(I.Text), // Owner principal that confirmed (null if pending)
|
|
169
|
+
content: I.Text, // JSON content describing the operation
|
|
170
|
+
request_timestamp: I.Nat64, // When the 2FA request was created
|
|
171
|
+
confirm_timestamp: I.Opt(I.Nat64), // When the 2FA was confirmed (null if pending)
|
|
172
|
+
});
|
|
173
|
+
return { Position, AiProfile, UserProfile, RegisterResult, TwoFARecord };
|
|
174
|
+
}
|
|
175
|
+
/**
|
|
176
|
+
* Build the registry canister service, reusing pre-built named types.
|
|
177
|
+
* Exported for codegen to share type instances with the name registry.
|
|
178
|
+
*
|
|
179
|
+
* @param I - The IDL module
|
|
180
|
+
* @param types - Named types from buildRegistryTypes() (same instances used in the registry)
|
|
181
|
+
*/
|
|
182
|
+
function buildRegistryService(I, types) {
|
|
183
|
+
const { UserProfile, RegisterResult, TwoFARecord } = types;
|
|
184
|
+
return I.Service({
|
|
185
|
+
// ===== Query operations (query) =====
|
|
186
|
+
// Get username by principal
|
|
187
|
+
get_username_by_principal: I.Func([I.Text], [I.Opt(I.Text)], ['query']),
|
|
188
|
+
// Get principal by username
|
|
189
|
+
get_user_principal: I.Func([I.Text], [I.Opt(I.Principal)], ['query']),
|
|
190
|
+
// Get UserProfile by username
|
|
191
|
+
user_profile_get: I.Func([I.Text], [I.Opt(UserProfile)], ['query']),
|
|
192
|
+
// Get UserProfile by principal
|
|
193
|
+
user_profile_get_by_principal: I.Func([I.Text], [I.Opt(UserProfile)], ['query']),
|
|
194
|
+
// ===== Update operations (update call, requires identity) =====
|
|
195
|
+
// Register new agent name
|
|
196
|
+
register_agent: I.Func([I.Text], [I.Variant({ Ok: RegisterResult, Err: I.Text })], []),
|
|
197
|
+
// Prepare agent-owner binding (WebAuthn challenge)
|
|
198
|
+
agent_prepare_bond: I.Func([I.Text], [I.Variant({ Ok: I.Text, Err: I.Text })], []),
|
|
199
|
+
// Prepare 2FA verification request (returns WebAuthn challenge JSON)
|
|
200
|
+
prepare_2fa_info: I.Func([I.Text], [I.Variant({ Ok: I.Text, Err: I.Text })], []),
|
|
201
|
+
// Query 2FA verification result by challenge string
|
|
202
|
+
query_2fa_result_by_challenge: I.Func([I.Text], [I.Opt(TwoFARecord)], ['query']),
|
|
203
|
+
});
|
|
204
|
+
}
|
|
205
|
+
/**
|
|
206
|
+
* Registry canister IDL factory (standard @dfinity/agent interface)
|
|
207
|
+
* Canister ID: 3spie-caaaa-aaaam-ae3sa-cai
|
|
208
|
+
*/
|
|
209
|
+
const registryIdlFactory = () => {
|
|
210
|
+
return buildRegistryService(candid_1.IDL, buildRegistryTypes(candid_1.IDL));
|
|
211
|
+
};
|
|
212
|
+
exports.registryIdlFactory = registryIdlFactory;
|
|
213
|
+
//# sourceMappingURL=idl.js.map
|
package/dist/idl.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"idl.js","sourceRoot":"","sources":["../src/idl.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;GAmBG;;;AAYH,wCA6CC;AASD,4CAgGC;AAkBD,gDAoCC;AASD,oDAmEC;AAlSD,4CAAsC;AAEtC,4CAA4C;AAE5C;;;;;GAKG;AACH,SAAgB,cAAc,CAAC,CAAa;IAC1C,yDAAyD;IACzD,MAAM,SAAS,GAAG,CAAC,CAAC,MAAM,CAAC;QACzB,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,EAAW,gCAAgC;QAClE,EAAE,EAAE,CAAC,CAAC,IAAI,EAAyB,gCAAgC;QACnE,IAAI,EAAE,CAAC,CAAC,KAAK,EAAsB,oBAAoB;QACvD,KAAK,EAAE,CAAC,CAAC,IAAI,EAAsB,sBAAsB;QACzD,UAAU,EAAE,CAAC,CAAC,KAAK,EAAgB,mCAAmC;QACtE,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,aAAa;QAChD,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAa,qBAAqB;QACxD,YAAY,EAAE,CAAC,CAAC,IAAI,EAAe,sBAAsB;KAC1D,CAAC,CAAC;IAEH,oDAAoD;IACpD,MAAM,QAAQ,GAAG,CAAC,CAAC,OAAO,CAAC;QACzB,oBAAoB,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACnD,yBAAyB,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3F,oBAAoB,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QACtF,eAAe,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QACjF,6EAA6E;QAC7E,gBAAgB,EAAE,CAAC,CAAC,MAAM,CAAC;YACzB,iBAAiB,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;YAChC,YAAY,EAAE,CAAC,CAAC,IAAI;YACpB,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;SAClC,CAAC;QACF,gBAAgB,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QAClF,gBAAgB,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QACjE,eAAe,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QACjF,mBAAmB,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QACrF,gBAAgB,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QAClF,uBAAuB,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QACzF,oBAAoB,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QACtF,qBAAqB,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QACvF,YAAY,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9E,wBAAwB,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;KAC3F,CAAC,CAAC;IAEH,sEAAsE;IACtE,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;QACjC,aAAa,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAK,yCAAyC;QAC1E,UAAU,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAQ,iBAAiB;QAClD,YAAY,EAAE,CAAC,CAAC,IAAI,EAAa,sBAAsB;KACxD,CAAC,CAAC;IAEH,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,EAAE,CAAC;AACpD,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,gBAAgB,CAC9B,CAAa,EACb,KAAwC;IAExC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,EAAE,GAAG,KAAK,CAAC;IAEzD,OAAO,CAAC,CAAC,OAAO,CAAC;QACf,kEAAkE;QAElE,iEAAiE;QACjE,UAAU,EAAE,CAAC,CAAC,IAAI,CAChB,CAAC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,EAClB,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,EAC3C,EAAE,CACH;QAED,8DAA8D;QAC9D,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC;QAEzC,8BAA8B;QAC9B,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC;QAE1D,iEAAiE;QAEjE,6DAA6D;QAC7D,kBAAkB,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC;QAEnD,0EAA0E;QAC1E,wBAAwB,EAAE,CAAC,CAAC,IAAI,CAC9B,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,EACvB,CAAC,iBAAiB,CAAC,EACnB,EAAE,CACH;QAED,uDAAuD;QACvD,aAAa,EAAE,CAAC,CAAC,IAAI,CACnB,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,EACvB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,EACf,EAAE,CACH;QAED,yDAAyD;QAEzD,qBAAqB;QACrB,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC;QAE7C,gCAAgC;QAChC,uBAAuB,EAAE,CAAC,CAAC,IAAI,CAC7B,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,EAClB,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EAClB,CAAC,OAAO,CAAC,CACV;QAED,sBAAsB;QACtB,mBAAmB,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC;QAE9D,oCAAoC;QACpC,eAAe,EAAE,CAAC,CAAC,IAAI,CACrB,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,EAC/B,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EAC3B,CAAC,OAAO,CAAC,CACV;QAED,6CAA6C;QAC7C,6BAA6B,EAAE,CAAC,CAAC,IAAI,CACnC,CAAC,CAAC,CAAC,SAAS,CAAC,EACb,CAAC,CAAC,CAAC,IAAI,CAAC,EACR,CAAC,OAAO,CAAC,CACV;QAED,sCAAsC;QACtC,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC;QAE/D,mCAAmC;QACnC,eAAe,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC;QAEhE,gCAAgC;QAChC,gBAAgB,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC;QAEjE,uBAAuB;QACvB,oBAAoB,EAAE,CAAC,CAAC,IAAI,CAC1B,CAAC,CAAC,CAAC,IAAI,CAAC,EACR,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EAClB,CAAC,OAAO,CAAC,CACV;QAED,8BAA8B;QAC9B,4BAA4B,EAAE,CAAC,CAAC,IAAI,CAClC,CAAC,CAAC,CAAC,IAAI,CAAC,EACR,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EAClB,CAAC,OAAO,CAAC,CACV;QAED,kBAAkB;QAClB,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC;KAC7C,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACI,MAAM,cAAc,GAAyB,GAAG,EAAE;IACvD,OAAO,gBAAgB,CAAC,YAAG,EAAE,cAAc,CAAC,YAAG,CAAC,CAAC,CAAC;AACpD,CAAC,CAAC;AAFW,QAAA,cAAc,kBAEzB;AAEF,0CAA0C;AAE1C;;;;;GAKG;AACH,SAAgB,kBAAkB,CAAC,CAAa;IAC9C,6DAA6D;IAC7D,MAAM,QAAQ,GAAG,CAAC,CAAC,MAAM,CAAC;QACxB,QAAQ,EAAE,CAAC,CAAC,IAAI;QAChB,eAAe,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;KACpC,CAAC,CAAC;IAEH,wBAAwB;IACxB,MAAM,SAAS,GAAG,CAAC,CAAC,MAAM,CAAC;QACzB,QAAQ,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC;KAC1B,CAAC,CAAC;IAEH,0BAA0B;IAC1B,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC;QAC3B,QAAQ,EAAE,CAAC,CAAC,IAAI;QAChB,UAAU,EAAE,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC;QAC5B,YAAY,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;QAC3B,YAAY,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAG,uCAAuC;KACtE,CAAC,CAAC;IAEH,yCAAyC;IACzC,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;QAC9B,QAAQ,EAAE,CAAC,CAAC,IAAI;KACjB,CAAC,CAAC;IAEH,0EAA0E;IAC1E,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC;QAC3B,MAAM,EAAE,CAAC,CAAC,IAAI,EAAwB,iDAAiD;QACvF,UAAU,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAa,iDAAiD;QACvF,aAAa,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAU,mDAAmD;QACzF,OAAO,EAAE,CAAC,CAAC,IAAI,EAAuB,wCAAwC;QAC9E,iBAAiB,EAAE,CAAC,CAAC,KAAK,EAAY,mCAAmC;QACzE,iBAAiB,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,EAAK,+CAA+C;KACtF,CAAC,CAAC;IAEH,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC;AAC3E,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,oBAAoB,CAClC,CAAa,EACb,KAA4C;IAE5C,MAAM,EAAE,WAAW,EAAE,cAAc,EAAE,WAAW,EAAE,GAAG,KAAK,CAAC;IAE3D,OAAO,CAAC,CAAC,OAAO,CAAC;QACf,uCAAuC;QAEvC,4BAA4B;QAC5B,yBAAyB,EAAE,CAAC,CAAC,IAAI,CAC/B,CAAC,CAAC,CAAC,IAAI,CAAC,EACR,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,EACf,CAAC,OAAO,CAAC,CACV;QAED,4BAA4B;QAC5B,kBAAkB,EAAE,CAAC,CAAC,IAAI,CACxB,CAAC,CAAC,CAAC,IAAI,CAAC,EACR,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EACpB,CAAC,OAAO,CAAC,CACV;QAED,8BAA8B;QAC9B,gBAAgB,EAAE,CAAC,CAAC,IAAI,CACtB,CAAC,CAAC,CAAC,IAAI,CAAC,EACR,CAAC,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,EACpB,CAAC,OAAO,CAAC,CACV;QAED,+BAA+B;QAC/B,6BAA6B,EAAE,CAAC,CAAC,IAAI,CACnC,CAAC,CAAC,CAAC,IAAI,CAAC,EACR,CAAC,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,EACpB,CAAC,OAAO,CAAC,CACV;QAED,iEAAiE;QAEjE,0BAA0B;QAC1B,cAAc,EAAE,CAAC,CAAC,IAAI,CACpB,CAAC,CAAC,CAAC,IAAI,CAAC,EACR,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,cAAc,EAAE,GAAG,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,EAChD,EAAE,CACH;QAED,mDAAmD;QACnD,kBAAkB,EAAE,CAAC,CAAC,IAAI,CACxB,CAAC,CAAC,CAAC,IAAI,CAAC,EACR,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,EACxC,EAAE,CACH;QAED,qEAAqE;QACrE,gBAAgB,EAAE,CAAC,CAAC,IAAI,CACtB,CAAC,CAAC,CAAC,IAAI,CAAC,EACR,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,EACxC,EAAE,CACH;QAED,oDAAoD;QACpD,6BAA6B,EAAE,CAAC,CAAC,IAAI,CACnC,CAAC,CAAC,CAAC,IAAI,CAAC,EACR,CAAC,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,EACpB,CAAC,OAAO,CAAC,CACV;KACF,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACI,MAAM,kBAAkB,GAAyB,GAAG,EAAE;IAC3D,OAAO,oBAAoB,CAAC,YAAG,EAAE,kBAAkB,CAAC,YAAG,CAAC,CAAC,CAAC;AAC5D,CAAC,CAAC;AAFW,QAAA,kBAAkB,sBAE7B"}
|
|
@@ -0,0 +1,88 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Key Store — In-memory AES-256 key management for daemon mode
|
|
3
|
+
*
|
|
4
|
+
* Responsible for securely holding the AES-256 key during daemon runtime.
|
|
5
|
+
* The key is derived from a VetKey obtained from the trust canister at startup.
|
|
6
|
+
*
|
|
7
|
+
* Key derivation flow:
|
|
8
|
+
* 1. Generate ephemeral transport key pair
|
|
9
|
+
* 2. Call actor.derive_vetkey(derivationId, transportPublicKey)
|
|
10
|
+
* 3. Decrypt EncryptedVetKey with transport secret → VetKey (G1 point, 48B)
|
|
11
|
+
* 4. HKDF(vetkey_bytes, "vetkey-aes256-file-encryption") → AES-256 key (32B)
|
|
12
|
+
*
|
|
13
|
+
* Memory safety note:
|
|
14
|
+
* JavaScript does not have Rust's ZeroizeOnDrop equivalent. We use
|
|
15
|
+
* Buffer.fill(0) to manually clear the key when destroy() is called.
|
|
16
|
+
* This is best-effort — the GC may have created copies we can't reach.
|
|
17
|
+
* For production use, the key exists only in a single Buffer that we
|
|
18
|
+
* can explicitly zero.
|
|
19
|
+
*/
|
|
20
|
+
import type { ActorSubclass } from '@dfinity/agent';
|
|
21
|
+
/**
|
|
22
|
+
* In-memory AES-256 key holder for daemon mode.
|
|
23
|
+
*
|
|
24
|
+
* The AES key is derived from VetKey at startup and held in a Buffer.
|
|
25
|
+
* Call destroy() when done to zero the key bytes.
|
|
26
|
+
*/
|
|
27
|
+
export declare class KeyStore {
|
|
28
|
+
/** AES-256 key (32 bytes), derived from VetKey via HKDF */
|
|
29
|
+
private aesKey;
|
|
30
|
+
/** Derivation ID used for this key (format: "{principal}:{key_name}") */
|
|
31
|
+
private _derivationId;
|
|
32
|
+
/** Whether the key has been destroyed */
|
|
33
|
+
private destroyed;
|
|
34
|
+
private constructor();
|
|
35
|
+
/**
|
|
36
|
+
* Derive a VetKey from the canister via the sign actor and create a KeyStore.
|
|
37
|
+
*
|
|
38
|
+
* Complete flow:
|
|
39
|
+
* 1. Fetch IBE public key from canister (needed for BLS signature verification)
|
|
40
|
+
* 2. Generate random transport key pair
|
|
41
|
+
* 3. Call actor.derive_vetkey(derivationId, transportPublicKey)
|
|
42
|
+
* 4. Transport-decrypt EncryptedVetKey → VetKey (48 bytes)
|
|
43
|
+
* 5. HKDF(vetkey_bytes, domain_sep) → AES-256 key (32 bytes)
|
|
44
|
+
*
|
|
45
|
+
* Uses the same sign actor (signIdlFactory) from the existing Session pattern,
|
|
46
|
+
* which now includes VetKey methods on the same canister.
|
|
47
|
+
*
|
|
48
|
+
* @param actor - Signatures canister actor (with VetKey methods)
|
|
49
|
+
* @param derivationId - Derivation ID (format: "{principal}:{key_name}")
|
|
50
|
+
* @returns Initialized KeyStore
|
|
51
|
+
*/
|
|
52
|
+
static deriveFromActor(actor: ActorSubclass<any>, derivationId: string): Promise<KeyStore>;
|
|
53
|
+
/**
|
|
54
|
+
* Create a KeyStore with a known test key (for unit/integration testing only).
|
|
55
|
+
*
|
|
56
|
+
* @internal
|
|
57
|
+
*/
|
|
58
|
+
static createForTest(derivationId: string, key?: Buffer): KeyStore;
|
|
59
|
+
/**
|
|
60
|
+
* Encrypt plaintext using the held AES-256 key.
|
|
61
|
+
*
|
|
62
|
+
* Output format: [magic:4B "VKDA"][version:1B][nonce:12B][ciphertext+GCM_tag]
|
|
63
|
+
*
|
|
64
|
+
* @param plaintext - Data to encrypt
|
|
65
|
+
* @returns VKDA-formatted ciphertext
|
|
66
|
+
*/
|
|
67
|
+
encrypt(plaintext: Uint8Array): Buffer;
|
|
68
|
+
/**
|
|
69
|
+
* Decrypt VKDA-formatted ciphertext using the held AES-256 key.
|
|
70
|
+
*
|
|
71
|
+
* @param ciphertext - VKDA-formatted ciphertext
|
|
72
|
+
* @returns Decrypted plaintext
|
|
73
|
+
*/
|
|
74
|
+
decrypt(ciphertext: Uint8Array): Buffer;
|
|
75
|
+
/** Get the derivation ID (for status reporting, not sensitive) */
|
|
76
|
+
get derivationId(): string;
|
|
77
|
+
/**
|
|
78
|
+
* Destroy the key store by zeroing the AES key bytes.
|
|
79
|
+
*
|
|
80
|
+
* After calling destroy(), encrypt() and decrypt() will throw.
|
|
81
|
+
* This is best-effort memory cleanup — JavaScript GC may have
|
|
82
|
+
* created copies we cannot reach.
|
|
83
|
+
*/
|
|
84
|
+
destroy(): void;
|
|
85
|
+
/** Throw if the KeyStore has been destroyed */
|
|
86
|
+
private checkNotDestroyed;
|
|
87
|
+
}
|
|
88
|
+
//# sourceMappingURL=key-store.d.ts.map
|
|
@@ -0,0 +1,171 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Key Store — In-memory AES-256 key management for daemon mode
|
|
4
|
+
*
|
|
5
|
+
* Responsible for securely holding the AES-256 key during daemon runtime.
|
|
6
|
+
* The key is derived from a VetKey obtained from the trust canister at startup.
|
|
7
|
+
*
|
|
8
|
+
* Key derivation flow:
|
|
9
|
+
* 1. Generate ephemeral transport key pair
|
|
10
|
+
* 2. Call actor.derive_vetkey(derivationId, transportPublicKey)
|
|
11
|
+
* 3. Decrypt EncryptedVetKey with transport secret → VetKey (G1 point, 48B)
|
|
12
|
+
* 4. HKDF(vetkey_bytes, "vetkey-aes256-file-encryption") → AES-256 key (32B)
|
|
13
|
+
*
|
|
14
|
+
* Memory safety note:
|
|
15
|
+
* JavaScript does not have Rust's ZeroizeOnDrop equivalent. We use
|
|
16
|
+
* Buffer.fill(0) to manually clear the key when destroy() is called.
|
|
17
|
+
* This is best-effort — the GC may have created copies we can't reach.
|
|
18
|
+
* For production use, the key exists only in a single Buffer that we
|
|
19
|
+
* can explicitly zero.
|
|
20
|
+
*/
|
|
21
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
22
|
+
if (k2 === undefined) k2 = k;
|
|
23
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
24
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
25
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
26
|
+
}
|
|
27
|
+
Object.defineProperty(o, k2, desc);
|
|
28
|
+
}) : (function(o, m, k, k2) {
|
|
29
|
+
if (k2 === undefined) k2 = k;
|
|
30
|
+
o[k2] = m[k];
|
|
31
|
+
}));
|
|
32
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
33
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
34
|
+
}) : function(o, v) {
|
|
35
|
+
o["default"] = v;
|
|
36
|
+
});
|
|
37
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
38
|
+
var ownKeys = function(o) {
|
|
39
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
40
|
+
var ar = [];
|
|
41
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
42
|
+
return ar;
|
|
43
|
+
};
|
|
44
|
+
return ownKeys(o);
|
|
45
|
+
};
|
|
46
|
+
return function (mod) {
|
|
47
|
+
if (mod && mod.__esModule) return mod;
|
|
48
|
+
var result = {};
|
|
49
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
50
|
+
__setModuleDefault(result, mod);
|
|
51
|
+
return result;
|
|
52
|
+
};
|
|
53
|
+
})();
|
|
54
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
55
|
+
exports.KeyStore = void 0;
|
|
56
|
+
const cryptoOps = __importStar(require("./crypto"));
|
|
57
|
+
const error_1 = require("./error");
|
|
58
|
+
/**
|
|
59
|
+
* In-memory AES-256 key holder for daemon mode.
|
|
60
|
+
*
|
|
61
|
+
* The AES key is derived from VetKey at startup and held in a Buffer.
|
|
62
|
+
* Call destroy() when done to zero the key bytes.
|
|
63
|
+
*/
|
|
64
|
+
class KeyStore {
|
|
65
|
+
constructor(aesKey, derivationId) {
|
|
66
|
+
/** Whether the key has been destroyed */
|
|
67
|
+
this.destroyed = false;
|
|
68
|
+
this.aesKey = aesKey;
|
|
69
|
+
this._derivationId = derivationId;
|
|
70
|
+
}
|
|
71
|
+
/**
|
|
72
|
+
* Derive a VetKey from the canister via the sign actor and create a KeyStore.
|
|
73
|
+
*
|
|
74
|
+
* Complete flow:
|
|
75
|
+
* 1. Fetch IBE public key from canister (needed for BLS signature verification)
|
|
76
|
+
* 2. Generate random transport key pair
|
|
77
|
+
* 3. Call actor.derive_vetkey(derivationId, transportPublicKey)
|
|
78
|
+
* 4. Transport-decrypt EncryptedVetKey → VetKey (48 bytes)
|
|
79
|
+
* 5. HKDF(vetkey_bytes, domain_sep) → AES-256 key (32 bytes)
|
|
80
|
+
*
|
|
81
|
+
* Uses the same sign actor (signIdlFactory) from the existing Session pattern,
|
|
82
|
+
* which now includes VetKey methods on the same canister.
|
|
83
|
+
*
|
|
84
|
+
* @param actor - Signatures canister actor (with VetKey methods)
|
|
85
|
+
* @param derivationId - Derivation ID (format: "{principal}:{key_name}")
|
|
86
|
+
* @returns Initialized KeyStore
|
|
87
|
+
*/
|
|
88
|
+
static async deriveFromActor(actor, derivationId) {
|
|
89
|
+
// Step 1: Get IBE public key (needed for EncryptedVetKey BLS signature verification)
|
|
90
|
+
let dpkBytes;
|
|
91
|
+
try {
|
|
92
|
+
const result = await actor.get_ibe_public_key();
|
|
93
|
+
dpkBytes = new Uint8Array(result);
|
|
94
|
+
}
|
|
95
|
+
catch (e) {
|
|
96
|
+
throw (0, error_1.canisterCallError)(`get_ibe_public_key failed: ${e instanceof Error ? e.message : String(e)}`, e);
|
|
97
|
+
}
|
|
98
|
+
// Step 2: Generate ephemeral transport key pair
|
|
99
|
+
const [transportSecret, transportPublic] = cryptoOps.generateTransportKeypair();
|
|
100
|
+
// Step 3: Call canister to derive encrypted VetKey
|
|
101
|
+
let encryptedVetkeyBytes;
|
|
102
|
+
try {
|
|
103
|
+
const result = await actor.derive_vetkey(derivationId, Array.from(transportPublic));
|
|
104
|
+
encryptedVetkeyBytes = new Uint8Array(result);
|
|
105
|
+
}
|
|
106
|
+
catch (e) {
|
|
107
|
+
throw (0, error_1.canisterCallError)(`derive_vetkey failed: ${e instanceof Error ? e.message : String(e)}`, e);
|
|
108
|
+
}
|
|
109
|
+
// Step 4: Transport-decrypt and verify the VetKey
|
|
110
|
+
const vetkeyBytes = cryptoOps.decryptVetkey(encryptedVetkeyBytes, dpkBytes, derivationId, transportSecret);
|
|
111
|
+
// Step 5: HKDF derive AES-256 key from VetKey bytes
|
|
112
|
+
const aesKey = cryptoOps.vetkeyToAes256(vetkeyBytes);
|
|
113
|
+
return new KeyStore(aesKey, derivationId);
|
|
114
|
+
}
|
|
115
|
+
/**
|
|
116
|
+
* Create a KeyStore with a known test key (for unit/integration testing only).
|
|
117
|
+
*
|
|
118
|
+
* @internal
|
|
119
|
+
*/
|
|
120
|
+
static createForTest(derivationId, key) {
|
|
121
|
+
const aesKey = key ?? Buffer.alloc(32, 0x42); // Fixed test key
|
|
122
|
+
return new KeyStore(aesKey, derivationId);
|
|
123
|
+
}
|
|
124
|
+
/**
|
|
125
|
+
* Encrypt plaintext using the held AES-256 key.
|
|
126
|
+
*
|
|
127
|
+
* Output format: [magic:4B "VKDA"][version:1B][nonce:12B][ciphertext+GCM_tag]
|
|
128
|
+
*
|
|
129
|
+
* @param plaintext - Data to encrypt
|
|
130
|
+
* @returns VKDA-formatted ciphertext
|
|
131
|
+
*/
|
|
132
|
+
encrypt(plaintext) {
|
|
133
|
+
this.checkNotDestroyed();
|
|
134
|
+
return cryptoOps.aes256Encrypt(this.aesKey, plaintext);
|
|
135
|
+
}
|
|
136
|
+
/**
|
|
137
|
+
* Decrypt VKDA-formatted ciphertext using the held AES-256 key.
|
|
138
|
+
*
|
|
139
|
+
* @param ciphertext - VKDA-formatted ciphertext
|
|
140
|
+
* @returns Decrypted plaintext
|
|
141
|
+
*/
|
|
142
|
+
decrypt(ciphertext) {
|
|
143
|
+
this.checkNotDestroyed();
|
|
144
|
+
return cryptoOps.aes256Decrypt(this.aesKey, ciphertext);
|
|
145
|
+
}
|
|
146
|
+
/** Get the derivation ID (for status reporting, not sensitive) */
|
|
147
|
+
get derivationId() {
|
|
148
|
+
return this._derivationId;
|
|
149
|
+
}
|
|
150
|
+
/**
|
|
151
|
+
* Destroy the key store by zeroing the AES key bytes.
|
|
152
|
+
*
|
|
153
|
+
* After calling destroy(), encrypt() and decrypt() will throw.
|
|
154
|
+
* This is best-effort memory cleanup — JavaScript GC may have
|
|
155
|
+
* created copies we cannot reach.
|
|
156
|
+
*/
|
|
157
|
+
destroy() {
|
|
158
|
+
if (!this.destroyed) {
|
|
159
|
+
this.aesKey.fill(0);
|
|
160
|
+
this.destroyed = true;
|
|
161
|
+
}
|
|
162
|
+
}
|
|
163
|
+
/** Throw if the KeyStore has been destroyed */
|
|
164
|
+
checkNotDestroyed() {
|
|
165
|
+
if (this.destroyed) {
|
|
166
|
+
throw (0, error_1.encryptionError)("KeyStore has been destroyed (key zeroized)");
|
|
167
|
+
}
|
|
168
|
+
}
|
|
169
|
+
}
|
|
170
|
+
exports.KeyStore = KeyStore;
|
|
171
|
+
//# sourceMappingURL=key-store.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"key-store.js","sourceRoot":"","sources":["../src/key-store.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;GAkBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAGH,oDAAsC;AACtC,mCAA6D;AAE7D;;;;;GAKG;AACH,MAAa,QAAQ;IAQnB,YAAoB,MAAc,EAAE,YAAoB;QAHxD,yCAAyC;QACjC,cAAS,GAAG,KAAK,CAAC;QAGxB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,aAAa,GAAG,YAAY,CAAC;IACpC,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACH,MAAM,CAAC,KAAK,CAAC,eAAe,CAC1B,KAAyB,EACzB,YAAoB;QAEpB,qFAAqF;QACrF,IAAI,QAAoB,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,kBAAkB,EAAgB,CAAC;YAC9D,QAAQ,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;QACpC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,IAAA,yBAAiB,EACrB,8BAA8B,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAC1E,CAAC,CACF,CAAC;QACJ,CAAC;QAED,gDAAgD;QAChD,MAAM,CAAC,eAAe,EAAE,eAAe,CAAC,GAAG,SAAS,CAAC,wBAAwB,EAAE,CAAC;QAEhF,mDAAmD;QACnD,IAAI,oBAAgC,CAAC;QACrC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,aAAa,CACtC,YAAY,EACZ,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CACd,CAAC;YAChB,oBAAoB,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;QAChD,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,IAAA,yBAAiB,EACrB,yBAAyB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EACrE,CAAC,CACF,CAAC;QACJ,CAAC;QAED,kDAAkD;QAClD,MAAM,WAAW,GAAG,SAAS,CAAC,aAAa,CACzC,oBAAoB,EACpB,QAAQ,EACR,YAAY,EACZ,eAAe,CAChB,CAAC;QAEF,oDAAoD;QACpD,MAAM,MAAM,GAAG,SAAS,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;QAErD,OAAO,IAAI,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;IAC5C,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,aAAa,CAAC,YAAoB,EAAE,GAAY;QACrD,MAAM,MAAM,GAAG,GAAG,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,CAAC,iBAAiB;QAC/D,OAAO,IAAI,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;IAC5C,CAAC;IAED;;;;;;;OAOG;IACH,OAAO,CAAC,SAAqB;QAC3B,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,OAAO,SAAS,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACzD,CAAC;IAED;;;;;OAKG;IACH,OAAO,CAAC,UAAsB;QAC5B,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,OAAO,SAAS,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IAC1D,CAAC;IAED,kEAAkE;IAClE,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IAED;;;;;;OAMG;IACH,OAAO;QACL,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACpB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;QACxB,CAAC;IACH,CAAC;IAED,+CAA+C;IACvC,iBAAiB;QACvB,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,MAAM,IAAA,uBAAe,EAAC,4CAA4C,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;CACF;AAzID,4BAyIC"}
|
package/dist/pow.d.ts
ADDED
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
/**
|
|
3
|
+
* zCloak.ai PoW Computation Tool
|
|
4
|
+
*
|
|
5
|
+
* Finds a nonce such that sha256(base + nonce) starts with a specified number of leading zeros.
|
|
6
|
+
* Can be used as a standalone script, or called internally by Session.autoPoW() via utils.ts computePow.
|
|
7
|
+
*
|
|
8
|
+
* Usage:
|
|
9
|
+
* zcloak-ai pow <base_string> <zeros>
|
|
10
|
+
*
|
|
11
|
+
* Examples:
|
|
12
|
+
* zcloak-ai pow 185f8db32271fe25f561a6fc938b2e264306ec304eda518007d1764826381969 5
|
|
13
|
+
*/
|
|
14
|
+
import { Session } from './session';
|
|
15
|
+
/**
|
|
16
|
+
* Entry point when invoked via cli.ts.
|
|
17
|
+
* Receives a Session instance with pre-parsed arguments.
|
|
18
|
+
*
|
|
19
|
+
* Arguments are read from session.args._args:
|
|
20
|
+
* _args[0] = base_string
|
|
21
|
+
* _args[1] = zeros (default: 5)
|
|
22
|
+
*/
|
|
23
|
+
export declare function run(session: Session): void;
|
|
24
|
+
//# sourceMappingURL=pow.d.ts.map
|
package/dist/pow.js
ADDED
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
"use strict";
|
|
3
|
+
/**
|
|
4
|
+
* zCloak.ai PoW Computation Tool
|
|
5
|
+
*
|
|
6
|
+
* Finds a nonce such that sha256(base + nonce) starts with a specified number of leading zeros.
|
|
7
|
+
* Can be used as a standalone script, or called internally by Session.autoPoW() via utils.ts computePow.
|
|
8
|
+
*
|
|
9
|
+
* Usage:
|
|
10
|
+
* zcloak-ai pow <base_string> <zeros>
|
|
11
|
+
*
|
|
12
|
+
* Examples:
|
|
13
|
+
* zcloak-ai pow 185f8db32271fe25f561a6fc938b2e264306ec304eda518007d1764826381969 5
|
|
14
|
+
*/
|
|
15
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
16
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
17
|
+
};
|
|
18
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
19
|
+
exports.run = run;
|
|
20
|
+
const crypto_1 = __importDefault(require("crypto"));
|
|
21
|
+
// ========== Exported run() — called by cli.ts ==========
|
|
22
|
+
/**
|
|
23
|
+
* Entry point when invoked via cli.ts.
|
|
24
|
+
* Receives a Session instance with pre-parsed arguments.
|
|
25
|
+
*
|
|
26
|
+
* Arguments are read from session.args._args:
|
|
27
|
+
* _args[0] = base_string
|
|
28
|
+
* _args[1] = zeros (default: 5)
|
|
29
|
+
*/
|
|
30
|
+
function run(session) {
|
|
31
|
+
const base = session.args._args[0];
|
|
32
|
+
const zeros = parseInt(session.args._args[1] || '5', 10);
|
|
33
|
+
if (!base) {
|
|
34
|
+
console.log('zCloak.ai PoW Computation Tool');
|
|
35
|
+
console.log('');
|
|
36
|
+
console.log('Usage: zcloak-ai pow <base_string> <zeros>');
|
|
37
|
+
console.log('');
|
|
38
|
+
console.log('Arguments:');
|
|
39
|
+
console.log(' base_string PoW base string (usually the return value of get_user_latest_sign_event_id)');
|
|
40
|
+
console.log(' zeros Number of required leading zeros (default: 5)');
|
|
41
|
+
console.log('');
|
|
42
|
+
console.log('Examples:');
|
|
43
|
+
console.log(' zcloak-ai pow 185f8db32271fe25f561a6fc938b2e264306ec304eda518007d1764826381969 5');
|
|
44
|
+
process.exit(0);
|
|
45
|
+
}
|
|
46
|
+
if (!Number.isFinite(zeros) || zeros < 1) {
|
|
47
|
+
console.error('Error: zeros must be a positive integer');
|
|
48
|
+
process.exit(1);
|
|
49
|
+
}
|
|
50
|
+
/** PoW timeout in milliseconds (5 minutes) — same limit as utils.ts computePow */
|
|
51
|
+
const POW_TIMEOUT_MS = 5 * 60 * 1000;
|
|
52
|
+
const prefix = '0'.repeat(zeros);
|
|
53
|
+
const start = Date.now();
|
|
54
|
+
let nonce = 0;
|
|
55
|
+
for (;;) {
|
|
56
|
+
const candidate = base + nonce.toString();
|
|
57
|
+
const hash = crypto_1.default.createHash('sha256').update(candidate).digest('hex');
|
|
58
|
+
if (hash.startsWith(prefix)) {
|
|
59
|
+
const ms = Date.now() - start;
|
|
60
|
+
const hashesTried = nonce + 1;
|
|
61
|
+
const rate = hashesTried / (ms / 1000 || 1);
|
|
62
|
+
console.log('Found solution!');
|
|
63
|
+
console.log('base =', base);
|
|
64
|
+
console.log('zeros =', zeros);
|
|
65
|
+
console.log('nonce =', nonce);
|
|
66
|
+
console.log('hash =', hash);
|
|
67
|
+
console.log('candidate =', JSON.stringify(candidate));
|
|
68
|
+
console.log('time_ms =', ms);
|
|
69
|
+
console.log('hashes_tried =', hashesTried);
|
|
70
|
+
console.log('hashes_per_second ~= ', rate.toFixed(2));
|
|
71
|
+
break;
|
|
72
|
+
}
|
|
73
|
+
nonce++;
|
|
74
|
+
// Check timeout every 10000 iterations to avoid excessive Date.now() calls
|
|
75
|
+
if (nonce % 10000 === 0) {
|
|
76
|
+
const elapsed = Date.now() - start;
|
|
77
|
+
if (elapsed > POW_TIMEOUT_MS) {
|
|
78
|
+
console.error(`PoW computation timed out after ${Math.round(elapsed / 1000)}s ` +
|
|
79
|
+
`(${nonce} hashes tried, zeros=${zeros}). ` +
|
|
80
|
+
`Consider reducing the zeros parameter.`);
|
|
81
|
+
process.exit(1);
|
|
82
|
+
}
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
//# sourceMappingURL=pow.js.map
|
package/dist/pow.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pow.js","sourceRoot":"","sources":["../src/pow.ts"],"names":[],"mappings":";;AACA;;;;;;;;;;;GAWG;;;;;AAeH,kBAgEC;AA7ED,oDAA4B;AAG5B,0DAA0D;AAE1D;;;;;;;GAOG;AACH,SAAgB,GAAG,CAAC,OAAgB;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACnC,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC;IAEzD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,4FAA4F,CAAC,CAAC;QAC1G,OAAO,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAC;QAC5E,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,oFAAoF,CAAC,CAAC;QAClG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QACzC,OAAO,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;QACzD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,kFAAkF;IAClF,MAAM,cAAc,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;IAErC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,IAAI,KAAK,GAAG,CAAC,CAAC;IAEd,SAAS,CAAC;QACR,MAAM,SAAS,GAAG,IAAI,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC1C,MAAM,IAAI,GAAG,gBAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACzE,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5B,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;YAC9B,MAAM,WAAW,GAAG,KAAK,GAAG,CAAC,CAAC;YAC9B,MAAM,IAAI,GAAG,WAAW,GAAG,CAAC,EAAE,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC;YAE5C,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;YAC/B,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YAC9B,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YAC9B,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;YAC7B,OAAO,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YAC7B,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,WAAW,CAAC,CAAC;YAC3C,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;YACtD,MAAM;QACR,CAAC;QACD,KAAK,EAAE,CAAC;QAER,2EAA2E;QAC3E,IAAI,KAAK,GAAG,KAAK,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;YACnC,IAAI,OAAO,GAAG,cAAc,EAAE,CAAC;gBAC7B,OAAO,CAAC,KAAK,CACX,mCAAmC,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC,IAAI;oBACjE,IAAI,KAAK,wBAAwB,KAAK,KAAK;oBAC3C,wCAAwC,CACzC,CAAC;gBACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
/**
|
|
3
|
+
* zCloak.ai Agent Registration Management Script
|
|
4
|
+
*
|
|
5
|
+
* Provides agent name query, registration, and owner relationship query functions.
|
|
6
|
+
* Uses @dfinity JS SDK to interact directly with ICP canister, no dfx required.
|
|
7
|
+
*
|
|
8
|
+
* Usage:
|
|
9
|
+
* zcloak-ai register get-principal Get current identity's principal ID
|
|
10
|
+
* zcloak-ai register lookup Query current principal's agent name
|
|
11
|
+
* zcloak-ai register lookup-by-name <agent_name> Look up principal by agent name
|
|
12
|
+
* zcloak-ai register lookup-by-principal <principal> Look up agent name by principal
|
|
13
|
+
* zcloak-ai register register <base_name> Register new agent name
|
|
14
|
+
* zcloak-ai register get-owner <principal> Query agent's owner (binding relationship)
|
|
15
|
+
*
|
|
16
|
+
* All commands support --identity=<pem_path> to specify identity file.
|
|
17
|
+
*/
|
|
18
|
+
import { Session } from './session';
|
|
19
|
+
/**
|
|
20
|
+
* Entry point when invoked via cli.ts.
|
|
21
|
+
* Receives a Session instance with pre-parsed arguments.
|
|
22
|
+
*/
|
|
23
|
+
export declare function run(session: Session): Promise<void>;
|
|
24
|
+
//# sourceMappingURL=register.d.ts.map
|