npm - arc402-cli - Versions diffs - 0.7.0 → 0.7.2 - Mend

arc402-cli 0.7.0 → 0.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (53) hide show

package/dist/commands/backup.d.ts +3 -0
package/dist/commands/backup.d.ts.map +1 -0
package/dist/commands/backup.js +106 -0
package/dist/commands/backup.js.map +1 -0
package/dist/commands/daemon.d.ts.map +1 -1
package/dist/commands/daemon.js +67 -0
package/dist/commands/daemon.js.map +1 -1
package/dist/commands/discover.d.ts.map +1 -1
package/dist/commands/discover.js +60 -15
package/dist/commands/discover.js.map +1 -1
package/dist/commands/wallet.d.ts.map +1 -1
package/dist/commands/wallet.js +136 -52
package/dist/commands/wallet.js.map +1 -1
package/dist/commands/watch.d.ts.map +1 -1
package/dist/commands/watch.js +146 -9
package/dist/commands/watch.js.map +1 -1
package/dist/config.d.ts +8 -0
package/dist/config.d.ts.map +1 -1
package/dist/config.js +25 -1
package/dist/config.js.map +1 -1
package/dist/daemon/config.d.ts +15 -1
package/dist/daemon/config.d.ts.map +1 -1
package/dist/daemon/config.js +32 -0
package/dist/daemon/config.js.map +1 -1
package/dist/daemon/index.d.ts.map +1 -1
package/dist/daemon/index.js +66 -21
package/dist/daemon/index.js.map +1 -1
package/dist/daemon/notify.d.ts +35 -6
package/dist/daemon/notify.d.ts.map +1 -1
package/dist/daemon/notify.js +176 -48
package/dist/daemon/notify.js.map +1 -1
package/dist/endpoint-notify.d.ts +2 -1
package/dist/endpoint-notify.d.ts.map +1 -1
package/dist/endpoint-notify.js +12 -3
package/dist/endpoint-notify.js.map +1 -1
package/dist/index.js +26 -0
package/dist/index.js.map +1 -1
package/dist/program.d.ts.map +1 -1
package/dist/program.js +2 -0
package/dist/program.js.map +1 -1
package/package.json +1 -1
package/src/commands/backup.ts +117 -0
package/src/commands/daemon.ts +73 -0
package/src/commands/discover.ts +74 -21
package/src/commands/wallet.ts +137 -51
package/src/commands/watch.ts +207 -10
package/src/config.ts +39 -1
package/src/daemon/config.ts +35 -0
package/src/daemon/index.ts +65 -26
package/src/daemon/notify.ts +199 -59
package/src/endpoint-notify.ts +13 -3
package/src/index.ts +26 -0
package/src/program.ts +2 -0

package/dist/commands/wallet.js CHANGED Viewed

@@ -26,6 +26,26 @@ const tree_1 = require("../ui/tree");
 const spinner_1 = require("../ui/spinner");
 const colors_1 = require("../ui/colors");
 const POLICY_ENGINE_DEFAULT = "0x44102e70c2A366632d98Fe40d892a2501fC7fFF2";
+const GUARDIAN_KEY_PATH = path_1.default.join(os_1.default.homedir(), ".arc402", "guardian.key");
+/** Save guardian private key to a restricted standalone file (never to config.json). */
+function saveGuardianKey(privateKey) {
+    fs_1.default.mkdirSync(path_1.default.dirname(GUARDIAN_KEY_PATH), { recursive: true, mode: 0o700 });
+    fs_1.default.writeFileSync(GUARDIAN_KEY_PATH, privateKey + "\n", { mode: 0o400 });
+}
+/** Load guardian private key from file, falling back to config for backwards compat. */
+function loadGuardianKey(config) {
+    try {
+        return fs_1.default.readFileSync(GUARDIAN_KEY_PATH, "utf-8").trim();
+    }
+    catch {
+        // Migration: if key still in config, migrate it to the file now
+        if (config.guardianPrivateKey) {
+            saveGuardianKey(config.guardianPrivateKey);
+            return config.guardianPrivateKey;
+        }
+        return null;
+    }
+}
 function parseAmount(raw) {
     const lower = raw.toLowerCase();
     if (lower.endsWith("eth")) {
@@ -161,6 +181,9 @@ async function runCompleteOnboardingCeremony(walletAddress, ownerAddress, config
         await sendTx({ to: walletAddress, data: mkIface.encodeFunctionData("authorizeMachineKey", [machineKeyAddress]), value: "0x0" }, "authorizeMachineKey");
         console.log(" " + colors_1.c.success + " Machine key authorized");
     }
+    // Save progress after machine key step
+    config.onboardingProgress = { walletAddress, step: 2, completedSteps: ["machineKey"] };
+    (0, config_1.saveConfig)(config);
     // ── Step 3: Passkey ───────────────────────────────────────────────────────
     console.log("\n" + colors_1.c.dim("── Step 3: Passkey (Face ID / WebAuthn) ──────────────────────"));
     let passkeyActive = false;
@@ -192,6 +215,9 @@ async function runCompleteOnboardingCeremony(walletAddress, ownerAddress, config
             console.log(" " + colors_1.c.success + " Passkey set (via browser)");
         }
     }
+    // Save progress after passkey step
+    config.onboardingProgress = { walletAddress, step: 3, completedSteps: ["machineKey", "passkey"] };
+    (0, config_1.saveConfig)(config);
     // ── Step 4: Policy ────────────────────────────────────────────────────────
     console.log("\n" + colors_1.c.dim("── Step 4: Policy ─────────────────────────────────────────────"));
     // 4a) setVelocityLimit
@@ -300,6 +326,9 @@ async function runCompleteOnboardingCeremony(walletAddress, ownerAddress, config
     await sendTx({ to: policyAddress, data: contractInteractionIface.encodeFunctionData("enableContractInteraction", [walletAddress, handshakeAddress]), value: "0x0" }, "enableContractInteraction: Handshake");
     (0, config_1.saveConfig)(config);
     console.log(" " + colors_1.c.success + " Policy configured");
+    // Save progress after policy step
+    config.onboardingProgress = { walletAddress, step: 4, completedSteps: ["machineKey", "passkey", "policy"] };
+    (0, config_1.saveConfig)(config);
     // ── Step 5: Agent Registration ─────────────────────────────────────────────
     console.log("\n" + colors_1.c.dim("── Step 5: Agent Registration ─────────────────────────────────"));
     let agentAlreadyRegistered = false;
@@ -377,6 +406,9 @@ async function runCompleteOnboardingCeremony(walletAddress, ownerAddress, config
     else {
         console.log(" " + colors_1.c.warning + " AgentRegistry address not configured — skipping");
     }
+    // Save progress after agent step, then clear on ceremony complete
+    config.onboardingProgress = { walletAddress, step: 5, completedSteps: ["machineKey", "passkey", "policy", "agent"] };
+    (0, config_1.saveConfig)(config);
     // ── Step 7: Workroom Init ─────────────────────────────────────────────────
     console.log("\n" + colors_1.c.dim("── Step 7: Workroom ────────────────────────────────────────────"));
     let workroomInitialized = false;
@@ -478,6 +510,9 @@ async function runCompleteOnboardingCeremony(walletAddress, ownerAddress, config
     const endpointLabel = agentEndpoint
         ? colors_1.c.white(agentEndpoint) + colors_1.c.dim(` → localhost:${relayPort}`)
         : colors_1.c.dim("—");
+    // Clear onboarding progress — ceremony complete
+    delete config.onboardingProgress;
+    (0, config_1.saveConfig)(config);
     console.log("\n " + colors_1.c.success + colors_1.c.white(" Onboarding complete"));
     (0, tree_1.renderTree)([
         { label: "Wallet", value: colors_1.c.white(walletAddress) },
@@ -986,12 +1021,44 @@ function registerWalletCommands(program) {
             const telegramOpts = config.telegramBotToken && config.telegramChatId
                 ? { botToken: config.telegramBotToken, chatId: config.telegramChatId, threadId: config.telegramThreadId }
                 : undefined;
+            // ── Resume check ──────────────────────────────────────────────────────
+            const resumeProgress = config.onboardingProgress;
+            const isResuming = !!(resumeProgress?.walletAddress &&
+                resumeProgress.walletAddress === config.walletContractAddress &&
+                config.ownerAddress);
+            if (isResuming) {
+                const stepNames = {
+                    2: "machine key", 3: "passkey", 4: "policy setup", 5: "agent registration",
+                };
+                const nextStep = (resumeProgress.step ?? 1) + 1;
+                console.log(" " + colors_1.c.dim(`◈ Resuming onboarding from step ${nextStep} (${stepNames[nextStep] ?? "ceremony"})...`));
+            }
+            // ── Gas estimation ─────────────────────────────────────────────────────
+            if (!isResuming) {
+                let gasMsg = "~0.003 ETH (6 transactions on Base)";
+                try {
+                    const feeData = await provider.getFeeData();
+                    const gasPrice = feeData.maxFeePerGas ?? feeData.gasPrice ?? BigInt(1500000000);
+                    const deployGas = await provider.estimateGas({
+                        to: factoryAddress,
+                        data: factoryInterface.encodeFunctionData("createWallet", ["0x0000000071727De22E5E9d8BAf0edAc6f37da032"]),
+                    }).catch(() => BigInt(280000));
+                    const ceremonyGas = BigInt(700000); // ~5 ceremony txs × ~140k each
+                    const totalGasEth = parseFloat(ethers_1.ethers.formatEther((deployGas + ceremonyGas) * gasPrice));
+                    gasMsg = `~${totalGasEth.toFixed(4)} ETH (6 transactions on Base)`;
+                }
+                catch { /* use default */ }
+                console.log(" " + colors_1.c.dim(`◈ Estimated gas: ${gasMsg}`));
+            }
             // ── Step 1: Connect ────────────────────────────────────────────────────
-            const { client, session, account } = await (0, walletconnect_1.connectPhoneWallet)(config.walletConnectProjectId, chainId, config, { telegramOpts, prompt: "Approve ARC402Wallet deployment — you will be set as owner", hardware: !!opts.hardware });
+            const connectPrompt = isResuming
+                ? "Connect wallet to resume onboarding"
+                : "Approve ARC402Wallet deployment — you will be set as owner";
+            const { client, session, account } = await (0, walletconnect_1.connectPhoneWallet)(config.walletConnectProjectId, chainId, config, { telegramOpts, prompt: connectPrompt, hardware: !!opts.hardware });
             const networkName = chainId === 8453 ? "Base" : "Base Sepolia";
             const shortAddr = `${account.slice(0, 6)}...${account.slice(-5)}`;
             console.log("\n" + colors_1.c.success + colors_1.c.white(` Connected: ${shortAddr} on ${networkName}`));
-            if (telegramOpts) {
+            if (telegramOpts && !isResuming) {
                 // Send "connected" message with a deploy confirmation button.
                 // TODO: wire up full callback_data round-trip when a persistent bot process is available.
                 await (0, telegram_notify_1.sendTelegramMessage)({
@@ -1002,50 +1069,59 @@ function registerWalletCommands(program) {
                     buttons: [[{ text: "🚀 Deploy ARC-402 Wallet", callback_data: "arc402_deploy_confirm" }]],
                 });
             }
-            // ── Step 2: Confirm & Deploy ───────────────────────────────────────────
-            // WalletConnect approval already confirmed intent — sending automatically
-            console.log("Deploying...");
-            const txHash = await (0, walletconnect_1.sendTransactionWithSession)(client, session, account, chainId, {
-                to: factoryAddress,
-                data: factoryInterface.encodeFunctionData("createWallet", ["0x0000000071727De22E5E9d8BAf0edAc6f37da032"]),
-                value: "0x0",
-            });
-            console.log(`\nTransaction submitted: ${txHash}`);
-            console.log("Waiting for confirmation...");
-            const receipt = await provider.waitForTransaction(txHash);
-            if (!receipt) {
-                console.error("Transaction not confirmed. Check on-chain.");
-                process.exit(1);
+            let walletAddress;
+            if (isResuming) {
+                // Resume: skip deploy, use existing wallet
+                walletAddress = config.walletContractAddress;
+                console.log(" " + colors_1.c.dim(`◈ Using existing wallet: ${walletAddress}`));
             }
-            let walletAddress = null;
-            const factoryContract = new ethers_1.ethers.Contract(factoryAddress, abis_1.WALLET_FACTORY_ABI, provider);
-            for (const log of receipt.logs) {
-                try {
-                    const parsed = factoryContract.interface.parseLog(log);
-                    if (parsed?.name === "WalletCreated") {
-                        walletAddress = parsed.args.walletAddress;
-                        break;
+            else {
+                // ── Step 2: Confirm & Deploy ─────────────────────────────────────────
+                // WalletConnect approval already confirmed intent — sending automatically
+                console.log("Deploying...");
+                const txHash = await (0, walletconnect_1.sendTransactionWithSession)(client, session, account, chainId, {
+                    to: factoryAddress,
+                    data: factoryInterface.encodeFunctionData("createWallet", ["0x0000000071727De22E5E9d8BAf0edAc6f37da032"]),
+                    value: "0x0",
+                });
+                console.log(`\nTransaction submitted: ${txHash}`);
+                console.log("Waiting for confirmation...");
+                const receipt = await provider.waitForTransaction(txHash);
+                if (!receipt) {
+                    console.error("Transaction not confirmed. Check on-chain.");
+                    process.exit(1);
+                }
+                let deployedWallet = null;
+                const factoryContract = new ethers_1.ethers.Contract(factoryAddress, abis_1.WALLET_FACTORY_ABI, provider);
+                for (const log of receipt.logs) {
+                    try {
+                        const parsed = factoryContract.interface.parseLog(log);
+                        if (parsed?.name === "WalletCreated") {
+                            deployedWallet = parsed.args.walletAddress;
+                            break;
+                        }
                     }
+                    catch { /* skip unparseable logs */ }
                 }
-                catch { /* skip unparseable logs */ }
-            }
-            if (!walletAddress) {
-                console.error("Could not find WalletCreated event in receipt. Check the transaction on-chain.");
-                process.exit(1);
-            }
-            // ── Step 1 complete: save wallet + owner immediately ─────────────────
-            config.walletContractAddress = walletAddress;
-            config.ownerAddress = account;
-            (0, config_1.saveConfig)(config);
-            try {
-                fs_1.default.chmodSync((0, config_1.getConfigPath)(), 0o600);
+                if (!deployedWallet) {
+                    console.error("Could not find WalletCreated event in receipt. Check the transaction on-chain.");
+                    process.exit(1);
+                }
+                walletAddress = deployedWallet;
+                // ── Step 1 complete: save wallet + owner immediately ─────────────────
+                config.walletContractAddress = walletAddress;
+                config.ownerAddress = account;
+                (0, config_1.saveConfig)(config);
+                try {
+                    fs_1.default.chmodSync((0, config_1.getConfigPath)(), 0o600);
+                }
+                catch { /* best-effort */ }
+                console.log("\n " + colors_1.c.success + colors_1.c.white(" Wallet deployed"));
+                (0, tree_1.renderTree)([
+                    { label: "Wallet", value: walletAddress },
+                    { label: "Owner", value: account, last: true },
+                ]);
             }
-            catch { /* best-effort */ }
-            console.log("\n " + colors_1.c.success + colors_1.c.white(" Wallet deployed"));
-            (0, tree_1.renderTree)([
-                { label: "Wallet", value: walletAddress },
-                { label: "Owner", value: account, last: true },
-            ]);
             // ── Steps 2–6: Complete onboarding ceremony (same WalletConnect session)
             const sendTxCeremony = async (call, description) => {
                 console.log(" " + colors_1.c.dim(`◈ ${description}`));
@@ -1086,8 +1162,11 @@ function registerWalletCommands(program) {
             const guardianWallet = ethers_1.ethers.Wallet.createRandom();
             config.walletContractAddress = walletAddress;
             config.ownerAddress = address;
-            config.guardianPrivateKey = guardianWallet.privateKey;
             config.guardianAddress = guardianWallet.address;
+            // Save key to restricted file — never store in config.json
+            saveGuardianKey(guardianWallet.privateKey);
+            if (config.guardianPrivateKey)
+                delete config.guardianPrivateKey;
             (0, config_1.saveConfig)(config);
             // Call setGuardian on the deployed wallet
             const walletContract = new ethers_1.ethers.Contract(walletAddress, abis_1.ARC402_WALLET_GUARDIAN_ABI, signer);
@@ -1108,7 +1187,7 @@ function registerWalletCommands(program) {
                 { label: "Wallet", value: walletAddress },
                 { label: "Guardian", value: guardianWallet.address, last: true },
             ]);
-            console.log(`Guardian private key saved to config (keep it safe — used for emergency freeze only)`);
+            console.log(`Guardian private key saved to ~/.arc402/guardian.key (chmod 400 — keep it safe, used for emergency freeze only)`);
             console.log(`Your wallet contract is ready for policy enforcement`);
             printOpenShellHint();
         }
@@ -1305,12 +1384,13 @@ function registerWalletCommands(program) {
             console.error("walletContractAddress not set in config. Run `arc402 wallet deploy` first.");
             process.exit(1);
         }
-        if (!config.guardianPrivateKey) {
-            console.error("guardianPrivateKey not set in config. Guardian key was generated during `arc402 wallet deploy`.");
+        const guardianKey = loadGuardianKey(config);
+        if (!guardianKey) {
+            console.error(`Guardian key not found. Expected at ~/.arc402/guardian.key (or guardianPrivateKey in config for legacy setups).`);
             process.exit(1);
         }
         const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
-        const guardianSigner = new ethers_1.ethers.Wallet(config.guardianPrivateKey, provider);
+        const guardianSigner = new ethers_1.ethers.Wallet(guardianKey, provider);
         const walletContract = new ethers_1.ethers.Contract(config.walletContractAddress, abis_1.ARC402_WALLET_GUARDIAN_ABI, guardianSigner);
         let tx;
         if (opts.drain) {
@@ -1430,12 +1510,14 @@ function registerWalletCommands(program) {
             value: "0x0",
         });
         await provider.waitForTransaction(txHash);
-        config.guardianPrivateKey = guardianWallet.privateKey;
+        saveGuardianKey(guardianWallet.privateKey);
+        if (config.guardianPrivateKey)
+            delete config.guardianPrivateKey;
         config.guardianAddress = guardianWallet.address;
         (0, config_1.saveConfig)(config);
         console.log("\n" + colors_1.c.success + colors_1.c.white(` Guardian set to: ${guardianWallet.address}`));
         console.log(" " + colors_1.c.dim("Tx:") + " " + colors_1.c.white(txHash));
-        console.log(" " + colors_1.c.dim("Guardian private key saved to config."));
+        console.log(" " + colors_1.c.dim("Guardian private key saved to ~/.arc402/guardian.key (chmod 400)."));
         console.log(" " + colors_1.c.warning + " " + colors_1.c.yellow("The guardian key can freeze your wallet. Store it separately from your hot key."));
     });
     // ─── policy-engine freeze / unfreeze (legacy — for PolicyEngine-level freeze) ──
@@ -2146,9 +2228,11 @@ function registerWalletCommands(program) {
                 txHashes.push(txHash);
             }
         }
-        // Persist guardian key if generated
+        // Persist guardian key if generated — save to restricted file, not config.json
         if (guardianWallet) {
-            config.guardianPrivateKey = guardianWallet.privateKey;
+            saveGuardianKey(guardianWallet.privateKey);
+            if (config.guardianPrivateKey)
+                delete config.guardianPrivateKey;
             config.guardianAddress = guardianWallet.address;
             (0, config_1.saveConfig)(config);
         }
@@ -2160,7 +2244,7 @@ function registerWalletCommands(program) {
             txHashes.forEach((h, i) => console.log(" " + colors_1.c.dim(`Tx ${i + 1}:`) + " " + colors_1.c.white(h)));
         }
         if (guardianWallet) {
-            console.log(" " + colors_1.c.success + colors_1.c.dim(` Guardian key saved to config — address: ${guardianWallet.address}`));
+            console.log(" " + colors_1.c.success + colors_1.c.dim(` Guardian key saved to ~/.arc402/guardian.key — address: ${guardianWallet.address}`));
             console.log(" " + colors_1.c.warning + " " + colors_1.c.yellow("Store the guardian private key separately from your hot key."));
         }
         console.log(colors_1.c.dim("\nVerify with: arc402 wallet status && arc402 wallet policy show"));