agentvault 1.0.0 → 1.0.2

package/macos-wallet-app/AgentVaultWallet/Services/KeychainService.swift

@@ -0,0 +1,219 @@
+import Foundation
+import Security
+
+/// Manages secure storage of wallet secrets in the macOS Keychain.
+/// Private keys and mnemonics are stored here, never on disk in plaintext.
+final class KeychainService {
+
+    static let shared = KeychainService()
+
+    private let servicePrefix = "com.agentvault.wallet"
+
+    enum KeychainError: LocalizedError {
+        case saveFailed(OSStatus)
+        case readFailed(OSStatus)
+        case deleteFailed(OSStatus)
+        case dataConversionFailed
+        case itemNotFound
+
+        var errorDescription: String? {
+            switch self {
+            case .saveFailed(let status):
+                return "Keychain save failed (status: \(status))"
+            case .readFailed(let status):
+                return "Keychain read failed (status: \(status))"
+            case .deleteFailed(let status):
+                return "Keychain delete failed (status: \(status))"
+            case .dataConversionFailed:
+                return "Failed to convert data for Keychain storage"
+            case .itemNotFound:
+                return "Item not found in Keychain"
+            }
+        }
+    }
+
+    private init() {}
+
+    // MARK: - Mnemonic Storage
+
+    /// Save a mnemonic phrase for a wallet
+    func saveMnemonic(_ mnemonic: String, forWalletId id: UUID) throws {
+        let key = mnemonicKey(for: id)
+        try saveString(mnemonic, forKey: key)
+    }
+
+    /// Retrieve a mnemonic phrase for a wallet
+    func getMnemonic(forWalletId id: UUID) throws -> String {
+        let key = mnemonicKey(for: id)
+        return try getString(forKey: key)
+    }
+
+    /// Delete a stored mnemonic
+    func deleteMnemonic(forWalletId id: UUID) throws {
+        let key = mnemonicKey(for: id)
+        try deleteItem(forKey: key)
+    }
+
+    /// Check if a mnemonic exists for a wallet
+    func hasMnemonic(forWalletId id: UUID) -> Bool {
+        let key = mnemonicKey(for: id)
+        return (try? getString(forKey: key)) != nil
+    }
+
+    // MARK: - Private Key Storage
+
+    /// Save a private key for a wallet
+    func savePrivateKey(_ key: String, forWalletId id: UUID) throws {
+        let storageKey = privateKeyKey(for: id)
+        try saveString(key, forKey: storageKey)
+    }
+
+    /// Retrieve a private key for a wallet
+    func getPrivateKey(forWalletId id: UUID) throws -> String {
+        let key = privateKeyKey(for: id)
+        return try getString(forKey: key)
+    }
+
+    /// Delete a stored private key
+    func deletePrivateKey(forWalletId id: UUID) throws {
+        let key = privateKeyKey(for: id)
+        try deleteItem(forKey: key)
+    }
+
+    // MARK: - JWK Storage (Arweave)
+
+    /// Save JWK data for an Arweave wallet
+    func saveJWK(_ jwkData: Data, forWalletId id: UUID) throws {
+        let key = jwkKey(for: id)
+        try saveData(jwkData, forKey: key)
+    }
+
+    /// Retrieve JWK data for an Arweave wallet
+    func getJWK(forWalletId id: UUID) throws -> Data {
+        let key = jwkKey(for: id)
+        return try getData(forKey: key)
+    }
+
+    /// Delete stored JWK data
+    func deleteJWK(forWalletId id: UUID) throws {
+        let key = jwkKey(for: id)
+        try deleteItem(forKey: key)
+    }
+
+    // MARK: - Backup Password
+
+    /// Save the backup encryption password hint (NOT the actual password)
+    func saveBackupPasswordHint(_ hint: String) throws {
+        try saveString(hint, forKey: "\(servicePrefix).backup-hint")
+    }
+
+    func getBackupPasswordHint() -> String? {
+        try? getString(forKey: "\(servicePrefix).backup-hint")
+    }
+
+    // MARK: - Bulk Operations
+
+    /// Delete all secrets for a wallet
+    func deleteAllSecrets(forWalletId id: UUID) {
+        try? deleteMnemonic(forWalletId: id)
+        try? deletePrivateKey(forWalletId: id)
+        try? deleteJWK(forWalletId: id)
+    }
+
+    /// Delete everything from our Keychain namespace
+    func purgeAll() {
+        let query: [String: Any] = [
+            kSecClass as String: kSecClassGenericPassword,
+            kSecAttrService as String: servicePrefix,
+        ]
+        SecItemDelete(query as CFDictionary)
+    }
+
+    // MARK: - Private Helpers
+
+    private func mnemonicKey(for id: UUID) -> String {
+        "\(servicePrefix).mnemonic.\(id.uuidString)"
+    }
+
+    private func privateKeyKey(for id: UUID) -> String {
+        "\(servicePrefix).privatekey.\(id.uuidString)"
+    }
+
+    private func jwkKey(for id: UUID) -> String {
+        "\(servicePrefix).jwk.\(id.uuidString)"
+    }
+
+    private func saveString(_ value: String, forKey key: String) throws {
+        guard let data = value.data(using: .utf8) else {
+            throw KeychainError.dataConversionFailed
+        }
+        try saveData(data, forKey: key)
+    }
+
+    private func getString(forKey key: String) throws -> String {
+        let data = try getData(forKey: key)
+        guard let string = String(data: data, encoding: .utf8) else {
+            throw KeychainError.dataConversionFailed
+        }
+        return string
+    }
+
+    private func saveData(_ data: Data, forKey key: String) throws {
+        // Delete existing item first
+        try? deleteItem(forKey: key)
+
+        let query: [String: Any] = [
+            kSecClass as String: kSecClassGenericPassword,
+            kSecAttrService as String: servicePrefix,
+            kSecAttrAccount as String: key,
+            kSecValueData as String: data,
+            kSecAttrAccessible as String: kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
+            kSecAttrLabel as String: "AgentVault Wallet Secret",
+            kSecAttrDescription as String: "Encrypted wallet key material",
+        ]
+
+        let status = SecItemAdd(query as CFDictionary, nil)
+        guard status == errSecSuccess else {
+            throw KeychainError.saveFailed(status)
+        }
+    }
+
+    private func getData(forKey key: String) throws -> Data {
+        let query: [String: Any] = [
+            kSecClass as String: kSecClassGenericPassword,
+            kSecAttrService as String: servicePrefix,
+            kSecAttrAccount as String: key,
+            kSecReturnData as String: true,
+            kSecMatchLimit as String: kSecMatchLimitOne,
+        ]
+
+        var result: AnyObject?
+        let status = SecItemCopyMatching(query as CFDictionary, &result)
+
+        guard status == errSecSuccess else {
+            if status == errSecItemNotFound {
+                throw KeychainError.itemNotFound
+            }
+            throw KeychainError.readFailed(status)
+        }
+
+        guard let data = result as? Data else {
+            throw KeychainError.dataConversionFailed
+        }
+
+        return data
+    }
+
+    private func deleteItem(forKey key: String) throws {
+        let query: [String: Any] = [
+            kSecClass as String: kSecClassGenericPassword,
+            kSecAttrService as String: servicePrefix,
+            kSecAttrAccount as String: key,
+        ]
+
+        let status = SecItemDelete(query as CFDictionary)
+        guard status == errSecSuccess || status == errSecItemNotFound else {
+            throw KeychainError.deleteFailed(status)
+        }
+    }
+}

package/macos-wallet-app/AgentVaultWallet/Utilities/Constants.swift

@@ -0,0 +1,44 @@
+import Foundation
+
+/// Application-wide constants
+enum AppConstants {
+    static let appName = "AgentVault Wallet"
+    static let appVersion = "1.0.0"
+    static let buildNumber = "1"
+
+    /// Keychain service identifier
+    static let keychainService = "com.agentvault.wallet"
+
+    /// Backup file extension
+    static let backupFileExtension = "avbackup"
+
+    /// Minimum password length for backups
+    static let minimumBackupPasswordLength = 8
+
+    /// How long to keep clipboard data before auto-clearing (seconds)
+    static let clipboardClearDelay: TimeInterval = 60
+
+    /// Maximum wallets per chain (soft limit)
+    static let maxWalletsPerChain = 50
+
+    /// Supported mnemonic word counts
+    static let supportedMnemonicLengths: Set<Int> = [12, 24]
+
+    /// Network endpoints (for reference; actual connections go through CLI)
+    enum Networks {
+        static let icpMainnet = "https://ic0.app"
+        static let icpLocal = "http://127.0.0.1:4943"
+        static let ethMainnet = "https://eth.llamarpc.com"
+        static let ethSepolia = "https://rpc.sepolia.org"
+        static let arweaveGateway = "https://arweave.net"
+    }
+
+    /// UserDefaults keys
+    enum Defaults {
+        static let hasCompletedOnboarding = "hasCompletedOnboarding"
+        static let agentVaultCLIPath = "agentVaultCLIPath"
+        static let autoRefreshBalances = "autoRefreshBalances"
+        static let defaultChain = "defaultChain"
+        static let lastBackupDate = "lastBackupDate"
+    }
+}

package/macos-wallet-app/AgentVaultWallet/Utilities/Extensions.swift

@@ -0,0 +1,115 @@
+import SwiftUI
+
+// MARK: - Date Extensions
+
+extension Date {
+    /// Format as a relative time string ("2 hours ago", "just now")
+    var relativeString: String {
+        let formatter = RelativeDateTimeFormatter()
+        formatter.unitsStyle = .abbreviated
+        return formatter.localizedString(for: self, relativeTo: Date())
+    }
+
+    /// Format as ISO 8601 string for backup files
+    var iso8601String: String {
+        ISO8601DateFormatter().string(from: self)
+    }
+}
+
+// MARK: - String Extensions
+
+extension String {
+    /// Truncate the middle of a string for display
+    func truncatedMiddle(maxLength: Int = 20) -> String {
+        guard count > maxLength else { return self }
+        let halfLength = (maxLength - 3) / 2
+        return "\(prefix(halfLength))...\(suffix(halfLength))"
+    }
+
+    /// Check if string is a valid hexadecimal string
+    var isValidHex: Bool {
+        let cleaned = hasPrefix("0x") ? String(dropFirst(2)) : self
+        return !cleaned.isEmpty && cleaned.allSatisfy { $0.isHexDigit }
+    }
+}
+
+// MARK: - Data Extensions
+
+extension Data {
+    /// Hex string representation
+    var hexString: String {
+        map { String(format: "%02x", $0) }.joined()
+    }
+
+    /// Initialize from hex string
+    init?(hexString: String) {
+        let cleaned = hexString.hasPrefix("0x") ? String(hexString.dropFirst(2)) : hexString
+        let length = cleaned.count / 2
+        var data = Data(capacity: length)
+        var index = cleaned.startIndex
+
+        for _ in 0..<length {
+            let nextIndex = cleaned.index(index, offsetBy: 2)
+            guard let byte = UInt8(cleaned[index..<nextIndex], radix: 16) else {
+                return nil
+            }
+            data.append(byte)
+            index = nextIndex
+        }
+
+        self = data
+    }
+}
+
+// MARK: - View Extensions
+
+extension View {
+    /// Apply a card-style background
+    func cardStyle() -> some View {
+        self
+            .padding(16)
+            .background(.background, in: RoundedRectangle(cornerRadius: 12))
+            .overlay(
+                RoundedRectangle(cornerRadius: 12)
+                    .stroke(Color.secondary.opacity(0.15))
+            )
+            .shadow(color: .black.opacity(0.03), radius: 4, y: 2)
+    }
+
+    /// Conditional modifier
+    @ViewBuilder
+    func `if`<Transform: View>(_ condition: Bool, transform: (Self) -> Transform) -> some View {
+        if condition {
+            transform(self)
+        } else {
+            self
+        }
+    }
+}
+
+// MARK: - Color Extensions
+
+extension Color {
+    /// Create a color from a hex string
+    init(hex: String) {
+        let cleaned = hex.trimmingCharacters(in: CharacterSet.alphanumerics.inverted)
+        var int: UInt64 = 0
+        Scanner(string: cleaned).scanHexInt64(&int)
+        let r, g, b, a: UInt64
+        switch cleaned.count {
+        case 6:
+            (r, g, b, a) = (int >> 16, int >> 8 & 0xFF, int & 0xFF, 255)
+        case 8:
+            (r, g, b, a) = (int >> 24, int >> 16 & 0xFF, int >> 8 & 0xFF, int & 0xFF)
+        default:
+            (r, g, b, a) = (0, 0, 0, 255)
+        }
+        self.init(
+            .sRGB,
+            red: Double(r) / 255,
+            green: Double(g) / 255,
+            blue: Double(b) / 255,
+            opacity: Double(a) / 255
+        )
+    }
+}

package/macos-wallet-app/AgentVaultWallet/ViewModels/BackupViewModel.swift

@@ -0,0 +1,237 @@
+import SwiftUI
+
+/// Manages backup and restore workflows
+@MainActor
+final class BackupViewModel: ObservableObject {
+
+    // MARK: - Backup State
+
+    @Published var backupPassword: String = ""
+    @Published var backupPasswordConfirm: String = ""
+    @Published var selectedWalletsForBackup: Set<UUID> = []
+    @Published var isCreatingBackup: Bool = false
+    @Published var backupComplete: Bool = false
+    @Published var backupFilePath: String?
+
+    // MARK: - Restore State
+
+    @Published var restoreFileURL: URL?
+    @Published var restorePassword: String = ""
+    @Published var backupMetadata: WalletBackup?
+    @Published var isRestoring: Bool = false
+    @Published var restoreComplete: Bool = false
+    @Published var restoredCount: Int = 0
+
+    // MARK: - Common
+
+    @Published var errorMessage: String?
+    @Published var showFileImporter: Bool = false
+    @Published var showFileSaver: Bool = false
+    @Published var existingBackups: [BackupFileInfo] = []
+
+    private let backupService = BackupService.shared
+
+    // MARK: - Backup Validation
+
+    var isBackupPasswordValid: Bool {
+        backupPassword.count >= 8 && backupPassword == backupPasswordConfirm
+    }
+
+    var hasSelectedWallets: Bool {
+        !selectedWalletsForBackup.isEmpty
+    }
+
+    var canCreateBackup: Bool {
+        isBackupPasswordValid && hasSelectedWallets && !isCreatingBackup
+    }
+
+    var passwordStrength: PasswordStrength {
+        PasswordStrength.evaluate(backupPassword)
+    }
+
+    // MARK: - Restore Validation
+
+    var canRestore: Bool {
+        restoreFileURL != nil && !restorePassword.isEmpty && !isRestoring
+    }
+
+    var hasBackupMetadata: Bool {
+        backupMetadata != nil
+    }
+
+    // MARK: - Backup Operations
+
+    func selectAllWallets(from wallets: [Wallet]) {
+        selectedWalletsForBackup = Set(wallets.map(\.id))
+    }
+
+    func deselectAllWallets() {
+        selectedWalletsForBackup.removeAll()
+    }
+
+    func createBackup(wallets: [Wallet]) async {
+        isCreatingBackup = true
+        errorMessage = nil
+
+        do {
+            let walletsToBackup = wallets.filter { selectedWalletsForBackup.contains($0.id) }
+            let data = try backupService.createBackup(wallets: walletsToBackup, password: backupPassword)
+
+            let filename = backupService.defaultBackupFilename()
+            let fileURL = backupService.defaultBackupDirectory.appendingPathComponent(filename)
+
+            try backupService.writeBackup(data, to: fileURL)
+
+            backupFilePath = fileURL.path
+            backupComplete = true
+            isCreatingBackup = false
+        } catch {
+            errorMessage = error.localizedDescription
+            isCreatingBackup = false
+        }
+    }
+
+    /// Save backup to a user-chosen location
+    func saveBackupToLocation(wallets: [Wallet], url: URL) async {
+        isCreatingBackup = true
+        errorMessage = nil
+
+        do {
+            let walletsToBackup = wallets.filter { selectedWalletsForBackup.contains($0.id) }
+            let data = try backupService.createBackup(wallets: walletsToBackup, password: backupPassword)
+            try backupService.writeBackup(data, to: url)
+
+            backupFilePath = url.path
+            backupComplete = true
+            isCreatingBackup = false
+        } catch {
+            errorMessage = error.localizedDescription
+            isCreatingBackup = false
+        }
+    }
+
+    // MARK: - Restore Operations
+
+    func loadBackupMetadata() {
+        guard let url = restoreFileURL else { return }
+        errorMessage = nil
+
+        do {
+            backupMetadata = try backupService.readBackupMetadata(from: url)
+        } catch {
+            errorMessage = error.localizedDescription
+            backupMetadata = nil
+        }
+    }
+
+    func restoreFromBackup(store: WalletStore) async {
+        guard let backup = backupMetadata else { return }
+        isRestoring = true
+        errorMessage = nil
+
+        do {
+            let secrets = try backupService.restoreSecrets(from: backup, password: restorePassword)
+            try backupService.saveRestoredSecrets(secrets)
+
+            // Re-create wallet entries
+            var restored = 0
+            for entry in backup.wallets {
+                // Skip if wallet already exists
+                if store.wallets.contains(where: { $0.address == entry.address && $0.chain == entry.chain }) {
+                    continue
+                }
+
+                let wallet = Wallet(
+                    id: entry.id,
+                    name: entry.name,
+                    chain: entry.chain,
+                    address: entry.address,
+                    isImported: true,
+                    derivationPath: entry.derivationPath,
+                    hasMnemonicBackup: entry.hasMnemonicBackup
+                )
+                store.wallets.append(wallet)
+                restored += 1
+            }
+
+            store.saveWallets()
+            restoredCount = restored
+            restoreComplete = true
+            isRestoring = false
+        } catch {
+            errorMessage = error.localizedDescription
+            isRestoring = false
+        }
+    }
+
+    func loadExistingBackups() {
+        existingBackups = backupService.listBackups()
+    }
+
+    func reset() {
+        backupPassword = ""
+        backupPasswordConfirm = ""
+        selectedWalletsForBackup.removeAll()
+        isCreatingBackup = false
+        backupComplete = false
+        backupFilePath = nil
+        restoreFileURL = nil
+        restorePassword = ""
+        backupMetadata = nil
+        isRestoring = false
+        restoreComplete = false
+        restoredCount = 0
+        errorMessage = nil
+    }
+}
+
+/// Password strength indicator
+enum PasswordStrength {
+    case weak, fair, good, strong
+
+    var label: String {
+        switch self {
+        case .weak: return "Weak"
+        case .fair: return "Fair"
+        case .good: return "Good"
+        case .strong: return "Strong"
+        }
+    }
+
+    var color: Color {
+        switch self {
+        case .weak: return .red
+        case .fair: return .orange
+        case .good: return .yellow
+        case .strong: return .green
+        }
+    }
+
+    var progress: Double {
+        switch self {
+        case .weak: return 0.25
+        case .fair: return 0.5
+        case .good: return 0.75
+        case .strong: return 1.0
+        }
+    }
+
+    static func evaluate(_ password: String) -> PasswordStrength {
+        guard !password.isEmpty else { return .weak }
+
+        var score = 0
+        if password.count >= 8 { score += 1 }
+        if password.count >= 12 { score += 1 }
+        if password.rangeOfCharacter(from: .uppercaseLetters) != nil { score += 1 }
+        if password.rangeOfCharacter(from: .lowercaseLetters) != nil { score += 1 }
+        if password.rangeOfCharacter(from: .decimalDigits) != nil { score += 1 }
+        if password.rangeOfCharacter(from: CharacterSet(charactersIn: "!@#$%^&*()_+-=[]{}|;:,.<>?")) != nil { score += 1 }
+
+        switch score {
+        case 0...2: return .weak
+        case 3: return .fair
+        case 4...5: return .good
+        default: return .strong
+        }
+    }
+}