auramaxx 1.0.0-alpha.4

package/server/lib/credential-shares.ts

@@ -0,0 +1,190 @@
+import fs from 'fs';
+import path from 'path';
+import { createHash, randomBytes, timingSafeEqual } from 'crypto';
+import { DATA_PATHS } from './config';
+
+export type ShareExpiresAfter = '15m' | '1h' | '24h' | '7d' | '30d';
+export type ShareAccessMode = 'anyone' | 'password';
+
+export interface CredentialShareFile {
+  token: string;
+  credentialId: string;
+  createdAt: string;
+  createdBy: string;
+  expiresAt: number;
+  accessMode: ShareAccessMode;
+  passwordSalt?: string;
+  passwordHash?: string;
+  oneTimeOnly: boolean;
+  viewCount: number;
+  lastViewedAt: string | null;
+}
+
+export interface CreateCredentialShareInput {
+  credentialId: string;
+  createdBy: string;
+  expiresAfter: ShareExpiresAfter;
+  accessMode: ShareAccessMode;
+  password?: string;
+  oneTimeOnly: boolean;
+}
+
+type ShareAccessFailureReason =
+  | 'not_found'
+  | 'expired'
+  | 'already_viewed'
+  | 'password_required'
+  | 'invalid_password';
+
+type ShareConsumeResult =
+  | { ok: true; share: CredentialShareFile }
+  | { ok: false; reason: ShareAccessFailureReason };
+
+const SHARE_TOKEN_PATTERN = /^[a-f0-9]{32}$/i;
+const EXPIRY_MS: Record<ShareExpiresAfter, number> = {
+  '15m': 15 * 60 * 1000,
+  '1h': 60 * 60 * 1000,
+  '24h': 24 * 60 * 60 * 1000,
+  '7d': 7 * 24 * 60 * 60 * 1000,
+  '30d': 30 * 24 * 60 * 60 * 1000,
+};
+
+function ensureShareDir(): void {
+  const dir = DATA_PATHS.credentialShares;
+  if (!fs.existsSync(dir)) {
+    fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
+  }
+}
+
+function isValidToken(token: string): boolean {
+  return SHARE_TOKEN_PATTERN.test(token);
+}
+
+function getSharePath(token: string): string {
+  return path.join(DATA_PATHS.credentialShares, `${token}.json`);
+}
+
+function readShare(token: string): CredentialShareFile | null {
+  if (!isValidToken(token)) return null;
+  const filePath = getSharePath(token);
+  if (!fs.existsSync(filePath)) return null;
+  try {
+    return JSON.parse(fs.readFileSync(filePath, 'utf8')) as CredentialShareFile;
+  } catch {
+    return null;
+  }
+}
+
+function writeShare(share: CredentialShareFile): void {
+  ensureShareDir();
+  fs.writeFileSync(getSharePath(share.token), JSON.stringify(share, null, 2));
+}
+
+function resolveExpiresAt(expiresAfter: ShareExpiresAfter): number {
+  return Date.now() + EXPIRY_MS[expiresAfter];
+}
+
+function hashSharePassword(password: string, salt: string): string {
+  return createHash('sha256').update(`${salt}:${password}`, 'utf8').digest('hex');
+}
+
+function verifySharePassword(password: string, share: CredentialShareFile): boolean {
+  if (!share.passwordSalt || !share.passwordHash) return false;
+  const expected = Buffer.from(share.passwordHash, 'hex');
+  const actual = Buffer.from(hashSharePassword(password, share.passwordSalt), 'hex');
+  if (expected.length !== actual.length) return false;
+  return timingSafeEqual(expected, actual);
+}
+
+function isExpired(share: CredentialShareFile): boolean {
+  return Date.now() > share.expiresAt;
+}
+
+function isAlreadyViewed(share: CredentialShareFile): boolean {
+  return share.oneTimeOnly && share.viewCount >= 1;
+}
+
+function generateShareToken(): string {
+  ensureShareDir();
+  while (true) {
+    const token = randomBytes(16).toString('hex');
+    if (!fs.existsSync(getSharePath(token))) return token;
+  }
+}
+
+export function createCredentialShare(input: CreateCredentialShareInput): CredentialShareFile {
+  if (!(input.expiresAfter in EXPIRY_MS)) {
+    throw new Error('Invalid expiresAfter value');
+  }
+  if (input.accessMode !== 'anyone' && input.accessMode !== 'password') {
+    throw new Error('Invalid accessMode value');
+  }
+  if (input.accessMode === 'password' && (!input.password || input.password.length === 0)) {
+    throw new Error('Password is required when accessMode is password');
+  }
+
+  const token = generateShareToken();
+  const createdAt = new Date().toISOString();
+
+  let passwordSalt: string | undefined;
+  let passwordHash: string | undefined;
+  if (input.accessMode === 'password' && input.password) {
+    passwordSalt = randomBytes(16).toString('hex');
+    passwordHash = hashSharePassword(input.password, passwordSalt);
+  }
+
+  const share: CredentialShareFile = {
+    token,
+    credentialId: input.credentialId,
+    createdAt,
+    createdBy: input.createdBy,
+    expiresAt: resolveExpiresAt(input.expiresAfter),
+    accessMode: input.accessMode,
+    ...(passwordSalt ? { passwordSalt } : {}),
+    ...(passwordHash ? { passwordHash } : {}),
+    oneTimeOnly: input.oneTimeOnly,
+    viewCount: 0,
+    lastViewedAt: null,
+  };
+
+  writeShare(share);
+  return share;
+}
+
+export function getCredentialShare(token: string): CredentialShareFile | null {
+  return readShare(token);
+}
+
+export function getCredentialShareStatus(share: CredentialShareFile): {
+  isExpired: boolean;
+  isAlreadyViewed: boolean;
+} {
+  return {
+    isExpired: isExpired(share),
+    isAlreadyViewed: isAlreadyViewed(share),
+  };
+}
+
+export function consumeCredentialShare(token: string, password?: string): ShareConsumeResult {
+  const share = readShare(token);
+  if (!share) return { ok: false, reason: 'not_found' };
+  if (isExpired(share)) return { ok: false, reason: 'expired' };
+  if (isAlreadyViewed(share)) return { ok: false, reason: 'already_viewed' };
+
+  if (share.accessMode === 'password') {
+    if (!password || password.length === 0) {
+      return { ok: false, reason: 'password_required' };
+    }
+    if (!verifySharePassword(password, share)) {
+      return { ok: false, reason: 'invalid_password' };
+    }
+  }
+
+  const updated: CredentialShareFile = {
+    ...share,
+    viewCount: share.viewCount + 1,
+    lastViewedAt: new Date().toISOString(),
+  };
+  writeShare(updated);
+  return { ok: true, share: updated };
+}

package/server/lib/credential-transport.ts

@@ -0,0 +1,342 @@
+import {
+  constants,
+  createCipheriv,
+  createDecipheriv,
+  createPublicKey,
+  generateKeyPairSync,
+  KeyObject,
+  privateDecrypt,
+  publicEncrypt,
+  randomBytes,
+} from 'crypto';
+import * as net from 'net';
+
+interface HybridEnvelope {
+  v: 1;
+  alg: 'RSA-OAEP/AES-256-GCM';
+  key: string;
+  iv: string;
+  tag: string;
+  data: string;
+}
+
+const OAEP_HASH = 'sha256';
+
+function parseAgentPubkey(pubkey: string): KeyObject {
+  const value = pubkey.trim();
+  if (!value) {
+    throw new Error('Public key is required');
+  }
+
+  // PEM directly
+  if (value.includes('BEGIN PUBLIC KEY')) {
+    return createPublicKey(value);
+  }
+
+  // Base64(PEM) or DER/SPKI
+  const decoded = Buffer.from(value, 'base64');
+  if (decoded.length === 0) {
+    throw new Error('Invalid public key encoding');
+  }
+
+  const decodedText = decoded.toString('utf8');
+  if (decodedText.includes('BEGIN PUBLIC KEY')) {
+    return createPublicKey(decodedText);
+  }
+
+  return createPublicKey({
+    key: decoded,
+    format: 'der',
+    type: 'spki',
+  });
+}
+
+function rsaEncrypt(data: Buffer, key: KeyObject): Buffer {
+  return publicEncrypt(
+    {
+      key,
+      padding: constants.RSA_PKCS1_OAEP_PADDING,
+      oaepHash: OAEP_HASH,
+    },
+    data,
+  );
+}
+
+export function isValidAgentPubkey(pubkey: string): boolean {
+  try {
+    const key = parseAgentPubkey(pubkey);
+    return key.asymmetricKeyType === 'rsa';
+  } catch {
+    return false;
+  }
+}
+
+export function normalizeAgentPubkey(pubkey: string): string {
+  const key = parseAgentPubkey(pubkey);
+  return key.export({ type: 'spki', format: 'pem' }).toString();
+}
+
+/**
+ * Encrypt credential data to an agent's RSA-OAEP public key.
+ *
+ * Always uses hybrid RSA-OAEP + AES-256-GCM envelope so that clients
+ * only need a single decryption code path.
+ */
+export function encryptToAgentPubkey(data: string, pubkeyBase64: string): string {
+  const key = parseAgentPubkey(pubkeyBase64);
+  if (key.asymmetricKeyType !== 'rsa') {
+    throw new Error('Public key must be RSA');
+  }
+
+  const payload = Buffer.from(data, 'utf8');
+
+  // Always hybrid RSA + AES-GCM
+  const sessionKey = randomBytes(32); // AES-256
+  const iv = randomBytes(12); // GCM nonce
+  const cipher = createCipheriv('aes-256-gcm', sessionKey, iv);
+  const encryptedData = Buffer.concat([cipher.update(payload), cipher.final()]);
+  const tag = cipher.getAuthTag();
+  const wrappedKey = rsaEncrypt(sessionKey, key);
+
+  const envelope: HybridEnvelope = {
+    v: 1,
+    alg: 'RSA-OAEP/AES-256-GCM',
+    key: wrappedKey.toString('base64'),
+    iv: iv.toString('base64'),
+    tag: tag.toString('base64'),
+    data: encryptedData.toString('base64'),
+  };
+
+  return Buffer.from(JSON.stringify(envelope), 'utf8').toString('base64');
+}
+
+// ── Client-side decryption ──
+
+/**
+ * Decrypt a hybrid RSA-OAEP/AES-256-GCM envelope (or raw RSA ciphertext).
+ * Used by CLI tools to decrypt credentials returned from the server.
+ */
+export function decryptWithPrivateKey(encryptedBase64: string, privateKeyPem: string): string {
+  const decoded = Buffer.from(encryptedBase64, 'base64');
+  let envelope: HybridEnvelope;
+  try {
+    envelope = JSON.parse(decoded.toString('utf8')) as HybridEnvelope;
+  } catch {
+    return privateDecrypt(
+      { key: privateKeyPem, padding: constants.RSA_PKCS1_OAEP_PADDING, oaepHash: OAEP_HASH },
+      decoded,
+    ).toString('utf8');
+  }
+
+  if (envelope.v !== 1 || envelope.alg !== 'RSA-OAEP/AES-256-GCM') {
+    throw new Error(`Unexpected envelope: v=${envelope.v} alg=${envelope.alg}`);
+  }
+
+  const sessionKey = privateDecrypt(
+    { key: privateKeyPem, padding: constants.RSA_PKCS1_OAEP_PADDING, oaepHash: OAEP_HASH },
+    Buffer.from(envelope.key, 'base64'),
+  );
+  const decipher = createDecipheriv('aes-256-gcm', sessionKey, Buffer.from(envelope.iv, 'base64'));
+  decipher.setAuthTag(Buffer.from(envelope.tag, 'base64'));
+  return Buffer.concat([
+    decipher.update(Buffer.from(envelope.data, 'base64')),
+    decipher.final(),
+  ]).toString('utf8');
+}
+
+// ── Ephemeral keypair generation ──
+
+
+
+export interface ProfileIssuanceOverrides {
+  ttlSeconds?: number;
+  maxReads?: number;
+  readScopes?: string[];
+  writeScopes?: string[];
+  excludeFields?: string[];
+}
+
+export interface ProfileIssuanceSelection {
+  profile?: string;
+  profileVersion?: string;
+  profileOverrides?: ProfileIssuanceOverrides;
+}
+
+export function buildScopedReadTokenIssueRequest(input: {
+  agentId?: string;
+  pubkey: string;
+} & ProfileIssuanceSelection): Record<string, unknown> {
+  if (input.profile && input.profile.trim()) {
+    return {
+      agentId: input.agentId || 'cli-reader',
+      profile: input.profile,
+      ...(input.profileVersion ? { profileVersion: input.profileVersion } : {}),
+      ...(input.profileOverrides ? { profileOverrides: input.profileOverrides } : {}),
+      pubkey: input.pubkey,
+    };
+  }
+
+  return {
+    agentId: input.agentId || 'cli-reader',
+    permissions: ['secret:read'],
+    credentialAccess: { read: ['vault:*'], excludeFields: [] },
+    pubkey: input.pubkey,
+  };
+}
+
+export function buildScopedWriteTokenIssueRequest(input: {
+  agentId?: string;
+  pubkey: string;
+  vaultId: string;
+} & ProfileIssuanceSelection): Record<string, unknown> {
+  if (input.profile && input.profile.trim()) {
+    return {
+      agentId: input.agentId || 'cli-writer',
+      profile: input.profile,
+      ...(input.profileVersion ? { profileVersion: input.profileVersion } : {}),
+      ...(input.profileOverrides ? { profileOverrides: input.profileOverrides } : {}),
+      pubkey: input.pubkey,
+    };
+  }
+
+  return {
+    agentId: input.agentId || 'cli-writer',
+    permissions: ['secret:write'],
+    credentialAccess: { write: [`vault:${input.vaultId}`] },
+    pubkey: input.pubkey,
+  };
+}
+export interface EphemeralKeypair {
+  publicKeyPem: string;
+  privateKeyPem: string;
+  publicKeyBase64: string;
+}
+
+export function generateEphemeralKeypair(): EphemeralKeypair {
+  const { publicKey, privateKey } = generateKeyPairSync('rsa', {
+    modulusLength: 2048,
+    publicKeyEncoding: { type: 'spki', format: 'pem' },
+    privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
+  });
+  return {
+    publicKeyPem: publicKey,
+    privateKeyPem: privateKey,
+    publicKeyBase64: Buffer.from(publicKey, 'utf8').toString('base64'),
+  };
+}
+
+// ── Socket bootstrap (CLI auth via Unix socket) ──
+
+/**
+ * Authenticate with the AuraWallet server via Unix socket.
+ * Returns a bearer token for API access.
+ */
+export function bootstrapViaSocket(
+  agentId: string,
+  keypair: EphemeralKeypair,
+): Promise<string> {
+  return new Promise((resolve, reject) => {
+    const uid = process.getuid?.() ?? 'unknown';
+    const socketPath = `/tmp/aura-cli-${uid}.sock`;
+
+    const socket = net.createConnection(socketPath);
+    let buffer = '';
+    let resolved = false;
+
+    const timeout = setTimeout(() => {
+      if (!resolved) {
+        resolved = true;
+        socket.destroy();
+        reject(new Error('Socket auth timed out. Is AuraWallet running? (npx aurawallet start)'));
+      }
+    }, 5000);
+
+    socket.on('error', (err) => {
+      if (!resolved) {
+        resolved = true;
+        clearTimeout(timeout);
+        reject(new Error(`Cannot connect to AuraWallet: ${err.message}\nRun 'npx aurawallet start' first.`));
+      }
+    });
+
+    socket.on('connect', () => {
+      socket.write(JSON.stringify({
+        type: 'auth',
+        agentId,
+        autoApprove: true,
+        pubkey: keypair.publicKeyPem,
+      }) + '\n');
+    });
+
+    socket.on('data', (data) => {
+      buffer += data.toString();
+      let idx;
+      while ((idx = buffer.indexOf('\n')) !== -1) {
+        const line = buffer.substring(0, idx);
+        buffer = buffer.substring(idx + 1);
+        if (!line.trim()) continue;
+        try {
+          const msg = JSON.parse(line.trim()) as {
+            type: string;
+            encryptedToken?: string;
+            message?: string;
+          };
+          if (msg.type === 'auth_approved' && msg.encryptedToken) {
+            if (!resolved) {
+              resolved = true;
+              clearTimeout(timeout);
+              socket.destroy();
+              resolve(decryptWithPrivateKey(msg.encryptedToken, keypair.privateKeyPem));
+            }
+          } else if (msg.type === 'error') {
+            if (!resolved) {
+              resolved = true;
+              clearTimeout(timeout);
+              socket.destroy();
+              reject(new Error(`Auth error: ${msg.message}`));
+            }
+          }
+        } catch { /* ignore parse errors */ }
+      }
+    });
+  });
+}
+
+/**
+ * Create a scoped credential-read token via the server API.
+ */
+export async function createReadToken(
+  baseUrl: string,
+  token: string,
+  keypair: EphemeralKeypair,
+  agentId: string = 'cli-reader',
+  profile?: ProfileIssuanceSelection,
+): Promise<string> {
+  const res = await fetch(`${baseUrl}/actions/token`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'Authorization': `Bearer ${token}`,
+    },
+    body: JSON.stringify(buildScopedReadTokenIssueRequest({
+      agentId,
+      pubkey: keypair.publicKeyBase64,
+      profile: profile?.profile,
+      profileVersion: profile?.profileVersion,
+      profileOverrides: profile?.profileOverrides,
+    })),
+    signal: AbortSignal.timeout(5000),
+  });
+
+  if (!res.ok) {
+    const text = await res.text();
+    throw new Error(`Failed to create read token (${res.status}): ${text}`);
+  }
+
+  const data = await res.json() as { encryptedToken?: string };
+  if (!data.encryptedToken) {
+    throw new Error('No encryptedToken in response');
+  }
+
+  return decryptWithPrivateKey(data.encryptedToken, keypair.privateKeyPem);
+}

package/server/lib/credential-vault.ts

@@ -0,0 +1,77 @@
+/**
+ * Credential Vault — Subkey Derivation & Session Management
+ * =========================================================
+ *
+ * Derives a credential-specific encryption key from the wallet mnemonic.
+ * The derived key is held in memory while the vault is unlocked and used
+ * to encrypt/decrypt credential files. Hooks into the vault lifecycle
+ * (unlock/lock) in cold.ts.
+ *
+ * Key derivation: SHA256("credential-v1:" + vaultId + ":" + mnemonic)
+ * This produces a deterministic 256-bit key unique to each vault.
+ */
+
+import CryptoJS from 'crypto-js';
+import { getVaultMnemonic } from './cold';
+
+// In-memory storage of derived credential keys (vaultId → hex key)
+const credentialVaultSessions = new Map<string, string>();
+
+/**
+ * Derive a credential encryption key from a vault's mnemonic.
+ * Uses SHA-256 of a domain-separated string for deterministic derivation.
+ */
+export function deriveCredentialKey(vaultId: string, mnemonic: string): string {
+  const input = `credential-v1:${vaultId}:${mnemonic}`;
+  return CryptoJS.SHA256(input).toString(CryptoJS.enc.Hex);
+}
+
+/**
+ * Unlock the credential vault for a given vault ID.
+ * Reads the mnemonic from the already-unlocked wallet vault session
+ * and derives + stores the credential subkey.
+ */
+export function unlockCredentialVault(vaultId: string): boolean {
+  const mnemonic = getVaultMnemonic(vaultId);
+  if (!mnemonic) return false;
+
+  const key = deriveCredentialKey(vaultId, mnemonic);
+  credentialVaultSessions.set(vaultId, key);
+  return true;
+}
+
+/**
+ * Lock the credential vault for a given vault ID.
+ * Removes the derived key from memory.
+ */
+export function lockCredentialVault(vaultId: string): void {
+  credentialVaultSessions.delete(vaultId);
+}
+
+/**
+ * Lock all credential vaults.
+ */
+export function lockAllCredentialVaults(): void {
+  credentialVaultSessions.clear();
+}
+
+/**
+ * Get the derived credential key for a vault (or null if locked).
+ */
+export function getCredentialVaultKey(vaultId: string): string | null {
+  return credentialVaultSessions.get(vaultId) ?? null;
+}
+
+/**
+ * Check if a credential vault is unlocked.
+ */
+export function isCredentialVaultUnlocked(vaultId: string): boolean {
+  return credentialVaultSessions.has(vaultId);
+}
+
+/**
+ * Reset all credential vault state (for testing only).
+ */
+export function _resetCredentialVaultForTesting(): void {
+  credentialVaultSessions.clear();
+}