agentvault 1.0.0 → 1.0.2

package/macos-wallet-app/AgentVaultWallet/Services/CLIBridge.swift

@@ -0,0 +1,367 @@
+import Foundation
+
+/// Bridges the macOS GUI to the AgentVault Node.js CLI.
+/// Runs CLI commands as child processes and parses their output.
+actor CLIBridge {
+
+    enum CLIError: LocalizedError {
+        case nodeNotFound
+        case cliNotFound
+        case commandFailed(String)
+        case parseError(String)
+        case timeout
+
+        var errorDescription: String? {
+            switch self {
+            case .nodeNotFound:
+                return "Node.js is not installed. Please install Node.js 18+ from nodejs.org or via Homebrew."
+            case .cliNotFound:
+                return "AgentVault CLI not found. Run 'npm install' in the AgentVault directory."
+            case .commandFailed(let msg):
+                return "CLI command failed: \(msg)"
+            case .parseError(let msg):
+                return "Failed to parse CLI output: \(msg)"
+            case .timeout:
+                return "Command timed out after 60 seconds."
+            }
+        }
+    }
+
+    /// Cached path to the AgentVault project root
+    private var projectRoot: String?
+
+    /// Discover the AgentVault project root directory
+    func findProjectRoot() -> String? {
+        if let cached = projectRoot { return cached }
+
+        // Check common locations
+        let candidates = [
+            // Relative to the app bundle
+            Bundle.main.bundlePath + "/../../../../",
+            // Home directory
+            NSHomeDirectory() + "/AgentVault",
+            // Common dev paths
+            "/usr/local/src/AgentVault",
+            NSHomeDirectory() + "/Developer/AgentVault",
+            NSHomeDirectory() + "/Projects/AgentVault",
+            NSHomeDirectory() + "/Code/AgentVault",
+        ]
+
+        for path in candidates {
+            let packageJSON = (path as NSString).appendingPathComponent("package.json")
+            if FileManager.default.fileExists(atPath: packageJSON) {
+                // Verify it's actually AgentVault
+                if let data = FileManager.default.contents(atPath: packageJSON),
+                   let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any],
+                   let name = json["name"] as? String,
+                   name.contains("agentvault") {
+                    let resolved = (path as NSString).standardizingPath
+                    projectRoot = resolved
+                    return resolved
+                }
+            }
+        }
+        return nil
+    }
+
+    /// Set the project root manually (from Settings)
+    func setProjectRoot(_ path: String) {
+        projectRoot = path
+    }
+
+    // MARK: - Environment Checks
+
+    func checkEnvironment() async -> EnvironmentStatus {
+        var status = EnvironmentStatus()
+
+        // Check Node.js
+        if let result = try? await run("node", args: ["--version"]) {
+            status.nodeInstalled = true
+            status.nodeVersion = result.trimmingCharacters(in: .whitespacesAndNewlines)
+        }
+
+        // Check npm
+        if let _ = try? await run("npm", args: ["--version"]) {
+            status.npmInstalled = true
+        }
+
+        // Check AgentVault CLI
+        if let root = findProjectRoot() {
+            let cliEntry = (root as NSString).appendingPathComponent("cli/index.ts")
+            status.agentVaultInstalled = FileManager.default.fileExists(atPath: cliEntry)
+            if status.agentVaultInstalled {
+                status.agentVaultVersion = "local"
+            }
+        }
+
+        return status
+    }
+
+    // MARK: - Wallet Operations
+
+    /// Generate a new wallet for the given chain
+    func generateWallet(chain: Chain, name: String) async throws -> CLIWalletResult {
+        let root = try requireProjectRoot()
+
+        let output = try await runCLI(
+            root: root,
+            args: ["wallet", "generate", "--chain", chain.rawValue.lowercased(), "--name", name, "--json"]
+        )
+
+        return try parseCLIWalletResult(output, chain: chain)
+    }
+
+    /// Import a wallet from a mnemonic phrase
+    func importFromMnemonic(chain: Chain, mnemonic: String, name: String) async throws -> CLIWalletResult {
+        let root = try requireProjectRoot()
+
+        let output = try await runCLI(
+            root: root,
+            args: ["wallet", "import", "--chain", chain.rawValue.lowercased(),
+                   "--mnemonic", mnemonic, "--name", name, "--json"]
+        )
+
+        return try parseCLIWalletResult(output, chain: chain)
+    }
+
+    /// Import a wallet from a private key
+    func importFromPrivateKey(chain: Chain, privateKey: String, name: String) async throws -> CLIWalletResult {
+        let root = try requireProjectRoot()
+
+        let output = try await runCLI(
+            root: root,
+            args: ["wallet", "import", "--chain", chain.rawValue.lowercased(),
+                   "--private-key", privateKey, "--name", name, "--json"]
+        )
+
+        return try parseCLIWalletResult(output, chain: chain)
+    }
+
+    /// Import a wallet from a JWK file (Arweave)
+    func importFromJWK(filePath: String, name: String) async throws -> CLIWalletResult {
+        let root = try requireProjectRoot()
+
+        let output = try await runCLI(
+            root: root,
+            args: ["wallet", "import", "--chain", "ar", "--jwk-file", filePath, "--name", name, "--json"]
+        )
+
+        return try parseCLIWalletResult(output, chain: .arweave)
+    }
+
+    /// Import from PEM file (ICP)
+    func importFromPEM(filePath: String, name: String) async throws -> CLIWalletResult {
+        let root = try requireProjectRoot()
+
+        let output = try await runCLI(
+            root: root,
+            args: ["wallet", "import", "--chain", "icp", "--pem-file", filePath, "--name", name, "--json"]
+        )
+
+        return try parseCLIWalletResult(output, chain: .icp)
+    }
+
+    /// Import from keystore JSON (Ethereum)
+    func importFromKeystore(filePath: String, password: String, name: String) async throws -> CLIWalletResult {
+        let root = try requireProjectRoot()
+
+        let output = try await runCLI(
+            root: root,
+            args: ["wallet", "import", "--chain", "eth", "--keystore", filePath,
+                   "--password", password, "--name", name, "--json"]
+        )
+
+        return try parseCLIWalletResult(output, chain: .ethereum)
+    }
+
+    /// Get wallet balance
+    func getBalance(chain: Chain, address: String) async throws -> String {
+        let root = try requireProjectRoot()
+
+        let output = try await runCLI(
+            root: root,
+            args: ["wallet", "balance", "--chain", chain.rawValue.lowercased(), "--address", address, "--json"]
+        )
+
+        if let data = output.data(using: .utf8),
+           let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any],
+           let balance = json["balance"] as? String {
+            return balance
+        }
+
+        // Fallback: try to extract balance from plain text
+        let trimmed = output.trimmingCharacters(in: .whitespacesAndNewlines)
+        if !trimmed.isEmpty { return trimmed }
+        return "0"
+    }
+
+    /// Export wallet data
+    func exportWallet(walletId: String, format: String, outputPath: String) async throws -> String {
+        let root = try requireProjectRoot()
+
+        return try await runCLI(
+            root: root,
+            args: ["wallet-export", "--id", walletId, "--format", format, "--output", outputPath, "--json"]
+        )
+    }
+
+    /// Create a backup of all wallets
+    func createBackup(outputPath: String, password: String) async throws -> String {
+        let root = try requireProjectRoot()
+
+        return try await runCLI(
+            root: root,
+            args: ["backup", "create", "--output", outputPath, "--password", password, "--json"]
+        )
+    }
+
+    /// Restore wallets from a backup
+    func restoreBackup(inputPath: String, password: String) async throws -> String {
+        let root = try requireProjectRoot()
+
+        return try await runCLI(
+            root: root,
+            args: ["backup", "restore", "--input", inputPath, "--password", password, "--json"]
+        )
+    }
+
+    // MARK: - Process Execution
+
+    private func requireProjectRoot() throws -> String {
+        guard let root = findProjectRoot() else {
+            throw CLIError.cliNotFound
+        }
+        return root
+    }
+
+    /// Run the AgentVault CLI via tsx
+    private func runCLI(root: String, args: [String]) async throws -> String {
+        let tsxPath = (root as NSString).appendingPathComponent("node_modules/.bin/tsx")
+        let cliEntry = (root as NSString).appendingPathComponent("cli/index.ts")
+
+        let command: String
+        let fullArgs: [String]
+
+        if FileManager.default.fileExists(atPath: tsxPath) {
+            command = tsxPath
+            fullArgs = [cliEntry] + args
+        } else {
+            // Fallback: use npx tsx
+            command = "npx"
+            fullArgs = ["tsx", cliEntry] + args
+        }
+
+        return try await run(command, args: fullArgs, cwd: root)
+    }
+
+    /// Execute a process and capture its stdout
+    @discardableResult
+    private func run(_ command: String, args: [String] = [], cwd: String? = nil) async throws -> String {
+        try await withCheckedThrowingContinuation { continuation in
+            let process = Process()
+            let pipe = Pipe()
+
+            // Resolve command path
+            if command.hasPrefix("/") || command.hasPrefix(".") {
+                process.executableURL = URL(fileURLWithPath: command)
+            } else {
+                process.executableURL = URL(fileURLWithPath: "/usr/bin/env")
+                process.arguments = [command] + args
+            }
+
+            if process.executableURL?.lastPathComponent != "env" {
+                process.arguments = args
+            }
+
+            if let cwd = cwd {
+                process.currentDirectoryURL = URL(fileURLWithPath: cwd)
+            }
+
+            // Inherit PATH from user environment
+            var env = ProcessInfo.processInfo.environment
+            let additionalPaths = [
+                "/usr/local/bin",
+                "/opt/homebrew/bin",
+                NSHomeDirectory() + "/.nvm/versions/node/current/bin",
+                NSHomeDirectory() + "/.volta/bin",
+                NSHomeDirectory() + "/.fnm/current/bin",
+            ]
+            let currentPath = env["PATH"] ?? "/usr/bin:/bin"
+            env["PATH"] = (additionalPaths + [currentPath]).joined(separator: ":")
+            process.environment = env
+
+            process.standardOutput = pipe
+            process.standardError = pipe
+
+            process.terminationHandler = { proc in
+                let data = pipe.fileHandleForReading.readDataToEndOfFile()
+                let output = String(data: data, encoding: .utf8) ?? ""
+
+                if proc.terminationStatus == 0 {
+                    continuation.resume(returning: output)
+                } else {
+                    continuation.resume(throwing: CLIError.commandFailed(output))
+                }
+            }
+
+            do {
+                try process.run()
+            } catch {
+                continuation.resume(throwing: CLIError.commandFailed(error.localizedDescription))
+            }
+        }
+    }
+
+    // MARK: - Parsing
+
+    private func parseCLIWalletResult(_ output: String, chain: Chain) throws -> CLIWalletResult {
+        // Try JSON parse first
+        if let data = output.data(using: .utf8),
+           let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any] {
+            return CLIWalletResult(
+                address: json["address"] as? String ?? "",
+                mnemonic: json["mnemonic"] as? String,
+                privateKey: json["privateKey"] as? String,
+                publicKey: json["publicKey"] as? String,
+                chain: chain
+            )
+        }
+
+        // Fallback: parse text output
+        var address = ""
+        var mnemonic: String?
+        var privateKey: String?
+
+        for line in output.components(separatedBy: .newlines) {
+            let trimmed = line.trimmingCharacters(in: .whitespaces)
+            if trimmed.lowercased().contains("address:") || trimmed.lowercased().contains("principal:") {
+                address = trimmed.components(separatedBy: ":").dropFirst().joined(separator: ":").trimmingCharacters(in: .whitespaces)
+            } else if trimmed.lowercased().contains("mnemonic:") {
+                mnemonic = trimmed.components(separatedBy: ":").dropFirst().joined(separator: ":").trimmingCharacters(in: .whitespaces)
+            } else if trimmed.lowercased().contains("private") && trimmed.contains(":") {
+                privateKey = trimmed.components(separatedBy: ":").dropFirst().joined(separator: ":").trimmingCharacters(in: .whitespaces)
+            }
+        }
+
+        guard !address.isEmpty else {
+            throw CLIError.parseError("Could not extract wallet address from CLI output")
+        }
+
+        return CLIWalletResult(
+            address: address,
+            mnemonic: mnemonic,
+            privateKey: privateKey,
+            publicKey: nil,
+            chain: chain
+        )
+    }
+}
+
+/// Parsed result from CLI wallet operations
+struct CLIWalletResult {
+    let address: String
+    let mnemonic: String?
+    let privateKey: String?
+    let publicKey: String?
+    let chain: Chain
+}

package/macos-wallet-app/AgentVaultWallet/Services/CryptoService.swift

@@ -0,0 +1,157 @@
+import Foundation
+import CryptoKit
+
+/// Native cryptographic operations for wallet management.
+/// Uses Apple CryptoKit for encryption, hashing, and key derivation.
+final class CryptoService {
+
+    static let shared = CryptoService()
+
+    private init() {}
+
+    // MARK: - Encryption (AES-256-GCM)
+
+    struct EncryptedData: Codable {
+        let ciphertext: Data
+        let nonce: Data
+        let tag: Data
+        let salt: Data
+    }
+
+    /// Encrypt data with a password using AES-256-GCM + PBKDF2 key derivation
+    func encrypt(data: Data, password: String) throws -> EncryptedData {
+        let salt = generateSalt()
+        let key = try deriveKey(from: password, salt: salt)
+        let nonce = AES.GCM.Nonce()
+
+        let sealed = try AES.GCM.seal(data, using: key, nonce: nonce)
+
+        guard let combined = sealed.combined else {
+            throw CryptoError.encryptionFailed
+        }
+
+        // Extract components from the combined representation
+        // Combined = nonce (12 bytes) + ciphertext + tag (16 bytes)
+        let nonceData = Data(nonce)
+        let ciphertext = combined.dropFirst(12).dropLast(16)
+        let tag = combined.suffix(16)
+
+        return EncryptedData(
+            ciphertext: Data(ciphertext),
+            nonce: nonceData,
+            tag: Data(tag),
+            salt: salt
+        )
+    }
+
+    /// Decrypt data with a password
+    func decrypt(encrypted: EncryptedData, password: String) throws -> Data {
+        let key = try deriveKey(from: password, salt: encrypted.salt)
+
+        let nonce = try AES.GCM.Nonce(data: encrypted.nonce)
+        let sealedBox = try AES.GCM.SealedBox(
+            nonce: nonce,
+            ciphertext: encrypted.ciphertext,
+            tag: encrypted.tag
+        )
+
+        return try AES.GCM.open(sealedBox, using: key)
+    }
+
+    // MARK: - Key Derivation
+
+    /// Derive a symmetric key from a password using HKDF (CryptoKit approach)
+    private func deriveKey(from password: String, salt: Data) throws -> SymmetricKey {
+        guard let passwordData = password.data(using: .utf8) else {
+            throw CryptoError.invalidPassword
+        }
+
+        // Use HKDF with SHA-256 for key derivation
+        let inputKey = SymmetricKey(data: passwordData)
+        let derivedKey = HKDF<SHA256>.deriveKey(
+            inputKeyMaterial: inputKey,
+            salt: salt,
+            info: "AgentVault Wallet Backup".data(using: .utf8)!,
+            outputByteCount: 32
+        )
+
+        return derivedKey
+    }
+
+    // MARK: - Hashing
+
+    /// SHA-256 hash of data
+    func sha256(_ data: Data) -> Data {
+        Data(SHA256.hash(data: data))
+    }
+
+    /// SHA-256 hash of a string
+    func sha256(_ string: String) -> String {
+        let data = Data(string.utf8)
+        let hash = SHA256.hash(data: data)
+        return hash.compactMap { String(format: "%02x", $0) }.joined()
+    }
+
+    // MARK: - Random Generation
+
+    /// Generate a cryptographically secure random salt (32 bytes)
+    func generateSalt() -> Data {
+        var bytes = [UInt8](repeating: 0, count: 32)
+        _ = SecRandomCopyBytes(kSecRandomDefault, bytes.count, &bytes)
+        return Data(bytes)
+    }
+
+    /// Generate a random password/passphrase of given length
+    func generateRandomPassword(length: Int = 32) -> String {
+        let chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*"
+        var password = ""
+        var randomBytes = [UInt8](repeating: 0, count: length)
+        _ = SecRandomCopyBytes(kSecRandomDefault, length, &randomBytes)
+
+        for byte in randomBytes {
+            let index = Int(byte) % chars.count
+            password.append(chars[chars.index(chars.startIndex, offsetBy: index)])
+        }
+        return password
+    }
+
+    // MARK: - Validation
+
+    /// Validate a BIP39 mnemonic phrase (basic word count check)
+    func isValidMnemonic(_ phrase: String) -> Bool {
+        let words = phrase.trimmingCharacters(in: .whitespacesAndNewlines)
+            .components(separatedBy: .whitespaces)
+            .filter { !$0.isEmpty }
+        return words.count == 12 || words.count == 24
+    }
+
+    /// Validate an Ethereum private key format
+    func isValidEthPrivateKey(_ key: String) -> Bool {
+        let cleaned = key.hasPrefix("0x") ? String(key.dropFirst(2)) : key
+        return cleaned.count == 64 && cleaned.allSatisfy { $0.isHexDigit }
+    }
+
+    /// Validate an Ethereum address format
+    func isValidEthAddress(_ address: String) -> Bool {
+        let cleaned = address.hasPrefix("0x") ? String(address.dropFirst(2)) : address
+        return cleaned.count == 40 && cleaned.allSatisfy { $0.isHexDigit }
+    }
+
+    // MARK: - Errors
+
+    enum CryptoError: LocalizedError {
+        case encryptionFailed
+        case decryptionFailed
+        case invalidPassword
+        case keyDerivationFailed
+
+        var errorDescription: String? {
+            switch self {
+            case .encryptionFailed: return "Encryption failed"
+            case .decryptionFailed: return "Decryption failed — wrong password?"
+            case .invalidPassword: return "Invalid password"
+            case .keyDerivationFailed: return "Key derivation failed"
+            }
+        }
+    }
+}

package/macos-wallet-app/AgentVaultWallet/Services/FileService.swift

@@ -0,0 +1,120 @@
+import Foundation
+
+/// Manages persistent storage of wallet metadata on the filesystem.
+/// Secrets are NOT stored here — they live in Keychain only.
+final class FileService {
+
+    static let shared = FileService()
+
+    private let fileManager = FileManager.default
+
+    private init() {}
+
+    // MARK: - App Support Directory
+
+    /// The application's data directory
+    var appDataDirectory: URL {
+        let appSupport = fileManager.urls(for: .applicationSupportDirectory, in: .userDomainMask).first!
+        let appDir = appSupport.appendingPathComponent("AgentVaultWallet", isDirectory: true)
+        try? fileManager.createDirectory(at: appDir, withIntermediateDirectories: true)
+        return appDir
+    }
+
+    /// Path to the wallet metadata file
+    private var walletsFilePath: URL {
+        appDataDirectory.appendingPathComponent("wallets.json")
+    }
+
+    // MARK: - Wallet Metadata Persistence
+
+    /// Save wallet list to disk (metadata only, no secrets)
+    func saveWallets(_ wallets: [Wallet]) throws {
+        let encoder = JSONEncoder()
+        encoder.dateEncodingStrategy = .iso8601
+        encoder.outputFormatting = [.prettyPrinted]
+        let data = try encoder.encode(wallets)
+        try data.write(to: walletsFilePath, options: [.atomic])
+    }
+
+    /// Load wallet list from disk
+    func loadWallets() throws -> [Wallet] {
+        guard fileManager.fileExists(atPath: walletsFilePath.path) else {
+            return []
+        }
+
+        let data = try Data(contentsOf: walletsFilePath)
+        let decoder = JSONDecoder()
+        decoder.dateDecodingStrategy = .iso8601
+        return try decoder.decode([Wallet].self, from: data)
+    }
+
+    /// Delete a specific wallet's metadata from the stored list
+    func deleteWallet(withId id: UUID) throws {
+        var wallets = try loadWallets()
+        wallets.removeAll { $0.id == id }
+        try saveWallets(wallets)
+    }
+
+    // MARK: - File Dialogs
+
+    /// Suggest a save location for backup files
+    var suggestedBackupURL: URL {
+        let desktop = fileManager.urls(for: .desktopDirectory, in: .userDomainMask).first!
+        let formatter = DateFormatter()
+        formatter.dateFormat = "yyyy-MM-dd"
+        let filename = "AgentVault-Backup-\(formatter.string(from: Date())).avbackup"
+        return desktop.appendingPathComponent(filename)
+    }
+
+    // MARK: - Import File Validation
+
+    /// Read and validate a JWK file
+    func readJWKFile(at url: URL) throws -> Data {
+        let data = try Data(contentsOf: url)
+
+        // Basic validation: should be valid JSON with "n" and "d" fields (RSA key)
+        guard let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any],
+              json["n"] != nil,
+              json["kty"] as? String == "RSA" else {
+            throw FileError.invalidJWKFile
+        }
+
+        return data
+    }
+
+    /// Read and validate a PEM file
+    func readPEMFile(at url: URL) throws -> String {
+        let content = try String(contentsOf: url, encoding: .utf8)
+        guard content.contains("BEGIN") && content.contains("KEY") else {
+            throw FileError.invalidPEMFile
+        }
+        return content
+    }
+
+    /// Read and validate an Ethereum keystore JSON file
+    func readKeystoreFile(at url: URL) throws -> Data {
+        let data = try Data(contentsOf: url)
+        guard let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any],
+              json["crypto"] != nil || json["Crypto"] != nil else {
+            throw FileError.invalidKeystoreFile
+        }
+        return data
+    }
+
+    enum FileError: LocalizedError {
+        case invalidJWKFile
+        case invalidPEMFile
+        case invalidKeystoreFile
+
+        var errorDescription: String? {
+            switch self {
+            case .invalidJWKFile:
+                return "The selected file is not a valid Arweave JWK wallet file"
+            case .invalidPEMFile:
+                return "The selected file is not a valid PEM identity file"
+            case .invalidKeystoreFile:
+                return "The selected file is not a valid Ethereum keystore file"
+            }
+        }
+    }
+}