npm - auramaxx - Versions diffs - 1.0.0-alpha.4 - Mend

auramaxx 1.0.0-alpha.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (363) hide show

package/LICENSE +26 -0
package/README.md +112 -0
package/bin/aurawallet.js +121 -0
package/docs/ADAPTERS.md +467 -0
package/docs/API.md +2679 -0
package/docs/APPS.md +198 -0
package/docs/ARCHITECTURE.md +350 -0
package/docs/AUTH.md +698 -0
package/docs/BEST-PRACTICES.md +121 -0
package/docs/CLI.md +61 -0
package/docs/DEVELOPING-APPS.md +452 -0
package/docs/EXTENSION.md +97 -0
package/docs/JOBS.md +33 -0
package/docs/MCP.md +76 -0
package/docs/PROTOCOL.md +142 -0
package/docs/SETUP.md +219 -0
package/docs/WORKSPACE.md +672 -0
package/docs/agent-auth.md +63 -0
package/docs/aura-file.md +48 -0
package/docs/credentials.md +53 -0
package/docs/external/getting-started.md +65 -0
package/docs/external/overview.md +45 -0
package/docs/external/use-cases.md +48 -0
package/docs/external/why-aura.md +35 -0
package/docs/jobs/connect-agent.md +77 -0
package/docs/jobs/migrate-from-dotenv.md +79 -0
package/docs/jobs/recover-from-lockout.md +72 -0
package/docs/jobs/secure-ci.md +63 -0
package/docs/oauth2.md +42 -0
package/docs/passkeys.md +60 -0
package/docs/security.md +540 -0
package/docs/specs/aura-open-protocol.md +61 -0
package/docs/specs/aura-provider-plugin.md +24 -0
package/docs/specs/aura-registry-model.md +31 -0
package/docs/specs/fixtures/invalid-bad-key.aura +1 -0
package/docs/specs/fixtures/invalid-bad-unicode-escape.aura +1 -0
package/docs/specs/fixtures/invalid-duplicate-key.aura +2 -0
package/docs/specs/fixtures/valid-basic.aura +4 -0
package/docs/specs/fixtures/valid-provider-ref.aura +1 -0
package/docs/specs/fixtures/valid-quoted-escapes.aura +2 -0
package/docs/templates/RELEASE_NOTES_TEMPLATE.md +22 -0
package/docs/totp.md +40 -0
package/docs/wallet/AI.md +508 -0
package/docs/wallet/DEVELOPING-STRATEGIES.md +713 -0
package/docs/wallet/README.md +47 -0
package/docs/wallet/STRATEGY.md +89 -0
package/next.config.ts +21 -0
package/package.json +151 -0
package/postcss.config.mjs +8 -0
package/prisma/migrations/20260214170000_baseline/migration.sql +511 -0
package/prisma/migrations/20260216214537_add_passkey_model/migration.sql +18 -0
package/prisma/migrations/20260217150500_add_credential_access_audit/migration.sql +31 -0
package/prisma/migrations/migration_lock.toml +3 -0
package/prisma/schema.prisma +447 -0
package/public/logo-chevron.svg +31 -0
package/public/logo-concentric.svg +31 -0
package/public/logo-crosshatch.svg +39 -0
package/public/logo-dashed.svg +39 -0
package/public/logo-horizontal.svg +31 -0
package/public/logo-m56.svg +64 -0
package/public/logo.webp +0 -0
package/scripts/add-app.js +245 -0
package/scripts/init.sh +57 -0
package/scripts/migrate-apikeys-to-credentials.ts +35 -0
package/scripts/sandbox-agent-flow.sh +235 -0
package/scripts/sandbox.sh +175 -0
package/scripts/validate-job-docs.mjs +125 -0
package/server/abi/SwapHelper.json +438 -0
package/server/cli/approval.ts +447 -0
package/server/cli/commands/app.ts +204 -0
package/server/cli/commands/cron.ts +24 -0
package/server/cli/commands/doctor.ts +1007 -0
package/server/cli/commands/env.ts +456 -0
package/server/cli/commands/init.ts +752 -0
package/server/cli/commands/mcp.ts +125 -0
package/server/cli/commands/restore.ts +314 -0
package/server/cli/commands/shell-hook.ts +468 -0
package/server/cli/commands/start.ts +62 -0
package/server/cli/commands/status.ts +59 -0
package/server/cli/commands/stop.ts +14 -0
package/server/cli/commands/token.ts +180 -0
package/server/cli/commands/unlock.ts +49 -0
package/server/cli/commands/vault.ts +417 -0
package/server/cli/index.ts +328 -0
package/server/cli/lib/aura-parser.ts +64 -0
package/server/cli/lib/credential-create.ts +74 -0
package/server/cli/lib/credential-resolve.ts +254 -0
package/server/cli/lib/dotenv-migrate.ts +116 -0
package/server/cli/lib/dotenv-parser.ts +146 -0
package/server/cli/lib/http.ts +91 -0
package/server/cli/lib/init-steps.ts +76 -0
package/server/cli/lib/local-agent-trust.ts +45 -0
package/server/cli/lib/process.ts +136 -0
package/server/cli/lib/prompt.ts +85 -0
package/server/cli/lib/theme.ts +240 -0
package/server/cli/socket.ts +570 -0
package/server/cli/transport-client.ts +50 -0
package/server/cron/index.ts +137 -0
package/server/cron/job.ts +31 -0
package/server/cron/jobs/balance-sync.ts +436 -0
package/server/cron/jobs/incoming-scan.ts +506 -0
package/server/cron/jobs/native-price.ts +70 -0
package/server/cron/jobs/orphan-cleanup.ts +40 -0
package/server/cron/jobs/strategy-runner.ts +175 -0
package/server/cron/scheduler.ts +125 -0
package/server/index.ts +406 -0
package/server/lib/adapters/factory.ts +110 -0
package/server/lib/adapters/index.ts +19 -0
package/server/lib/adapters/router.ts +297 -0
package/server/lib/adapters/telegram.ts +645 -0
package/server/lib/adapters/types.ts +89 -0
package/server/lib/adapters/webhook.ts +95 -0
package/server/lib/address.ts +49 -0
package/server/lib/agent-auth/contracts.ts +1194 -0
package/server/lib/agent-profiles.ts +328 -0
package/server/lib/ai.ts +285 -0
package/server/lib/api-registry/contracts.ts +86 -0
package/server/lib/api-registry/validation.ts +172 -0
package/server/lib/apikey-migration.ts +189 -0
package/server/lib/app-installer.ts +505 -0
package/server/lib/app-tokens.ts +247 -0
package/server/lib/auth.ts +314 -0
package/server/lib/batch.ts +242 -0
package/server/lib/cold.ts +874 -0
package/server/lib/config.ts +381 -0
package/server/lib/credential-access-audit.ts +85 -0
package/server/lib/credential-access-policy.ts +110 -0
package/server/lib/credential-health.ts +343 -0
package/server/lib/credential-import.ts +487 -0
package/server/lib/credential-scope.ts +87 -0
package/server/lib/credential-shares.ts +190 -0
package/server/lib/credential-transport.ts +342 -0
package/server/lib/credential-vault.ts +77 -0
package/server/lib/credentials.ts +333 -0
package/server/lib/crypto.ts +8 -0
package/server/lib/db.ts +15 -0
package/server/lib/defaults.ts +366 -0
package/server/lib/dex/index.ts +80 -0
package/server/lib/dex/relay.ts +235 -0
package/server/lib/dex/types.ts +59 -0
package/server/lib/dex/uniswap.ts +370 -0
package/server/lib/e2e-agent/artifacts.ts +36 -0
package/server/lib/e2e-agent/contracts.ts +112 -0
package/server/lib/e2e-agent/validation.ts +135 -0
package/server/lib/encrypt.ts +128 -0
package/server/lib/error.ts +20 -0
package/server/lib/events.ts +205 -0
package/server/lib/hot.ts +357 -0
package/server/lib/key-fingerprint.ts +28 -0
package/server/lib/logger.ts +331 -0
package/server/lib/network.ts +137 -0
package/server/lib/notifications.ts +219 -0
package/server/lib/oauth2-refresh.ts +241 -0
package/server/lib/oursecret.ts +54 -0
package/server/lib/passkey-credential.ts +360 -0
package/server/lib/passkey.ts +68 -0
package/server/lib/permissions.ts +248 -0
package/server/lib/pino.ts +24 -0
package/server/lib/policy-preview.ts +138 -0
package/server/lib/price.ts +338 -0
package/server/lib/prices.ts +34 -0
package/server/lib/project-scope.ts +239 -0
package/server/lib/resolve-action.ts +427 -0
package/server/lib/resolve.ts +36 -0
package/server/lib/sessions.ts +632 -0
package/server/lib/solana/connection.ts +26 -0
package/server/lib/solana/jupiter.ts +128 -0
package/server/lib/solana/transfer.ts +108 -0
package/server/lib/solana/wallet.ts +136 -0
package/server/lib/strategy/emits.ts +21 -0
package/server/lib/strategy/engine.ts +1305 -0
package/server/lib/strategy/executor.ts +115 -0
package/server/lib/strategy/hook-context.ts +158 -0
package/server/lib/strategy/hooks.ts +990 -0
package/server/lib/strategy/index.ts +28 -0
package/server/lib/strategy/installer.ts +305 -0
package/server/lib/strategy/loader.ts +256 -0
package/server/lib/strategy/message.ts +235 -0
package/server/lib/strategy/repository.ts +218 -0
package/server/lib/strategy/session-logger.ts +693 -0
package/server/lib/strategy/sources.ts +288 -0
package/server/lib/strategy/state.ts +189 -0
package/server/lib/strategy/templates.ts +403 -0
package/server/lib/strategy/tick.ts +404 -0
package/server/lib/strategy/types.ts +230 -0
package/server/lib/swap.ts +3 -0
package/server/lib/temp.ts +86 -0
package/server/lib/token-metadata.ts +86 -0
package/server/lib/token-safety.ts +200 -0
package/server/lib/token-search.ts +444 -0
package/server/lib/totp.ts +194 -0
package/server/lib/transactions.ts +123 -0
package/server/lib/transport.ts +75 -0
package/server/lib/txhistory/decoder.ts +262 -0
package/server/lib/txhistory/enricher.ts +652 -0
package/server/lib/txhistory/index.ts +391 -0
package/server/lib/txhistory/signatures.ts +59 -0
package/server/lib/verified-summary.ts +421 -0
package/server/mcp/profile-policy.ts +30 -0
package/server/mcp/server.ts +619 -0
package/server/mcp/tools.ts +523 -0
package/server/middleware/auth.ts +119 -0
package/server/middleware/requestLogger.ts +84 -0
package/server/routes/actions.ts +459 -0
package/server/routes/adapters.ts +703 -0
package/server/routes/addressbook.ts +113 -0
package/server/routes/ai.ts +34 -0
package/server/routes/apikeys.ts +295 -0
package/server/routes/apps.ts +601 -0
package/server/routes/auth.ts +457 -0
package/server/routes/backup.ts +340 -0
package/server/routes/batch.ts +270 -0
package/server/routes/bookmarks.ts +162 -0
package/server/routes/credential-shares.ts +198 -0
package/server/routes/credential-vaults.ts +154 -0
package/server/routes/credentials.ts +1290 -0
package/server/routes/dashboard.ts +71 -0
package/server/routes/defaults.ts +124 -0
package/server/routes/fund.ts +229 -0
package/server/routes/import.ts +352 -0
package/server/routes/launch.ts +665 -0
package/server/routes/lock.ts +54 -0
package/server/routes/logs.ts +68 -0
package/server/routes/nuke.ts +111 -0
package/server/routes/passkey-credentials.ts +99 -0
package/server/routes/passkey.ts +346 -0
package/server/routes/portfolio.ts +217 -0
package/server/routes/price.ts +63 -0
package/server/routes/resolve.ts +31 -0
package/server/routes/security.ts +45 -0
package/server/routes/send-evm.ts +241 -0
package/server/routes/send-solana.ts +281 -0
package/server/routes/send.ts +178 -0
package/server/routes/setup.ts +210 -0
package/server/routes/strategy.ts +894 -0
package/server/routes/swap-evm.ts +353 -0
package/server/routes/swap-solana.ts +177 -0
package/server/routes/swap.ts +356 -0
package/server/routes/token.ts +247 -0
package/server/routes/unlock.ts +403 -0
package/server/routes/wallet-assets.ts +361 -0
package/server/routes/wallet-transactions.ts +515 -0
package/server/routes/wallet.ts +710 -0
package/server/types.ts +146 -0
package/skills/aurawallet/SKILL.md +739 -0
package/skills/aurawallet-setup/SKILL.md +74 -0
package/skills/security-review/SKILL.md +148 -0
package/src/app/api/agent-requests/route.ts +30 -0
package/src/app/api/apps/install/route.ts +126 -0
package/src/app/api/apps/manifests/route.ts +16 -0
package/src/app/api/apps/static/[...path]/route.ts +57 -0
package/src/app/api/events/route.ts +92 -0
package/src/app/api/page.tsx +212 -0
package/src/app/api/workspace/[id]/apps/[wid]/route.ts +119 -0
package/src/app/api/workspace/[id]/apps/route.ts +81 -0
package/src/app/api/workspace/[id]/export/route.ts +67 -0
package/src/app/api/workspace/[id]/route.ts +168 -0
package/src/app/api/workspace/auth.ts +34 -0
package/src/app/api/workspace/config/route.ts +106 -0
package/src/app/api/workspace/import/route.ts +127 -0
package/src/app/api/workspace/route.ts +116 -0
package/src/app/app/page.tsx +2122 -0
package/src/app/apple-icon.png +0 -0
package/src/app/docs/page.tsx +178 -0
package/src/app/favicon.ico +0 -0
package/src/app/globals.css +572 -0
package/src/app/health/page.tsx +5 -0
package/src/app/hello/page.tsx +15 -0
package/src/app/icon.png +0 -0
package/src/app/layout.tsx +34 -0
package/src/app/page.tsx +986 -0
package/src/app/providers.tsx +90 -0
package/src/app/share/[token]/page.tsx +295 -0
package/src/components/ChainSelector.tsx +144 -0
package/src/components/HumanActionBar.tsx +695 -0
package/src/components/NotificationDrawer.tsx +129 -0
package/src/components/apps/AgentKeysApp.tsx +490 -0
package/src/components/apps/App.tsx +153 -0
package/src/components/apps/AppGrid.tsx +15 -0
package/src/components/apps/DetailedAddressDrawer.tsx +325 -0
package/src/components/apps/DraggableApp.tsx +562 -0
package/src/components/apps/IFrameApp.tsx +73 -0
package/src/components/apps/LogsApp.tsx +360 -0
package/src/components/apps/SendApp.tsx +394 -0
package/src/components/apps/SetupWizardApp.tsx +1004 -0
package/src/components/apps/SystemDefaultsApp.tsx +845 -0
package/src/components/apps/ThirdPartyApp.tsx +428 -0
package/src/components/apps/TokenApp.tsx +319 -0
package/src/components/apps/TransactionsApp.tsx +438 -0
package/src/components/apps/WalletDetailApp.tsx +1505 -0
package/src/components/apps/index.ts +13 -0
package/src/components/design-system/Button.tsx +53 -0
package/src/components/design-system/ChainIndicator.tsx +65 -0
package/src/components/design-system/ChainSelector.tsx +137 -0
package/src/components/design-system/ConfirmationModal.tsx +106 -0
package/src/components/design-system/ConfirmationPopover.tsx +81 -0
package/src/components/design-system/Drawer.tsx +123 -0
package/src/components/design-system/FilterDropdown.tsx +72 -0
package/src/components/design-system/Modal.tsx +206 -0
package/src/components/design-system/Popover.tsx +142 -0
package/src/components/design-system/TextInput.tsx +85 -0
package/src/components/design-system/Toggle.tsx +58 -0
package/src/components/design-system/index.ts +11 -0
package/src/components/docs/DocsThemeToggle.tsx +49 -0
package/src/components/health/CredentialHealthDashboard.tsx +214 -0
package/src/components/icons/ChainIcons.tsx +72 -0
package/src/components/layout/AppStoreDrawer.tsx +369 -0
package/src/components/layout/ContentArea.tsx +21 -0
package/src/components/layout/TabBar.tsx +278 -0
package/src/components/layout/WalletSidebar.tsx +1033 -0
package/src/components/layout/index.ts +4 -0
package/src/components/marketing/AuraWalletSpecOverlay.tsx +635 -0
package/src/components/marketing/DeviceMorphExperience.tsx +216 -0
package/src/components/vault/ApiKeysConsole.tsx +1080 -0
package/src/components/vault/AuditConsole.tsx +584 -0
package/src/components/vault/CredentialDetail.tsx +455 -0
package/src/components/vault/CredentialEmpty.tsx +55 -0
package/src/components/vault/CredentialField.tsx +361 -0
package/src/components/vault/CredentialForm.tsx +1212 -0
package/src/components/vault/CredentialList.tsx +165 -0
package/src/components/vault/CredentialRow.tsx +97 -0
package/src/components/vault/CredentialShareModal.tsx +178 -0
package/src/components/vault/CredentialVault.tsx +754 -0
package/src/components/vault/CredentialWalletWidget.tsx +103 -0
package/src/components/vault/ImportCredentialsModal.tsx +515 -0
package/src/components/vault/LargeTypeModal.tsx +64 -0
package/src/components/vault/PasswordGenerator.tsx +224 -0
package/src/components/vault/TOTPDisplay.tsx +123 -0
package/src/components/vault/VaultSidebar.tsx +413 -0
package/src/components/vault/types.ts +54 -0
package/src/context/AuthContext.tsx +337 -0
package/src/context/PriceContext.tsx +113 -0
package/src/context/ThemeContext.tsx +164 -0
package/src/context/WebSocketContext.tsx +269 -0
package/src/context/WorkspaceContext.tsx +668 -0
package/src/hooks/index.ts +3 -0
package/src/hooks/useAgentActions.ts +368 -0
package/src/hooks/useBalance.ts +103 -0
package/src/hooks/useBalances.ts +129 -0
package/src/instrumentation.ts +12 -0
package/src/lib/api.ts +449 -0
package/src/lib/app-loader.ts +148 -0
package/src/lib/app-registry.ts +178 -0
package/src/lib/app-sdk.ts +157 -0
package/src/lib/audit-console-adapter.ts +151 -0
package/src/lib/auth-client.ts +75 -0
package/src/lib/config.ts +74 -0
package/src/lib/crypto.ts +112 -0
package/src/lib/db.ts +21 -0
package/src/lib/docs.ts +390 -0
package/src/lib/events.ts +361 -0
package/src/lib/pino.ts +24 -0
package/src/lib/theme-handlers.ts +168 -0
package/src/lib/theme.ts +351 -0
package/src/lib/tokenData.ts +378 -0
package/src/lib/vault-crypto.ts +129 -0
package/src/lib/websocket-server.ts +302 -0
package/src/lib/websocket-setup.ts +79 -0
package/src/lib/wordlist.ts +2050 -0
package/src/lib/workspace-handlers.ts +285 -0
package/start.sh +80 -0
package/tailwind.config.ts +99 -0
package/tsconfig.json +42 -0

package/server/lib/credentials.ts ADDED Viewed

@@ -0,0 +1,333 @@
+/**
+ * Credential CRUD — Encrypted Credential File Management
+ * =======================================================
+ *
+ * Create, read, update, delete credential files in ~/.aurawallet/credentials/.
+ * Sensitive fields are encrypted with the vault's derived credential key.
+ * Non-sensitive metadata is stored as plaintext for search/filtering.
+ */
+import fs from 'fs';
+import path from 'path';
+import { randomBytes } from 'crypto';
+import { DATA_PATHS } from './config';
+import { getCredentialVaultKey } from './credential-vault';
+import { encryptWithSeed, decryptWithSeed } from './encrypt';
+import { CredentialType, CredentialField, CredentialFile, EncryptedData } from '../types';
+export type CredentialLocation = 'active' | 'archive' | 'recently_deleted';
+// ---------------------------------------------------------------------------
+// ID generation
+// ---------------------------------------------------------------------------
+function generateCredentialId(): string {
+  const chars = 'abcdefghijklmnopqrstuvwxyz0123456789';
+  const bytes = randomBytes(8);
+  let id = 'cred-';
+  for (let i = 0; i < 8; i++) {
+    id += chars[bytes[i] % chars.length];
+  }
+  return id;
+}
+// ---------------------------------------------------------------------------
+// File helpers
+// ---------------------------------------------------------------------------
+function getCredentialsDir(location: CredentialLocation): string {
+  if (location === 'archive') return DATA_PATHS.credentialsArchive;
+  if (location === 'recently_deleted') return DATA_PATHS.credentialsRecentlyDeleted;
+  return DATA_PATHS.credentials;
+}
+function getCredentialPath(id: string, location: CredentialLocation = 'active'): string {
+  return path.join(getCredentialsDir(location), `${id}.json`);
+}
+function readCredentialFile(id: string, location: CredentialLocation = 'active'): CredentialFile | null {
+  const filePath = getCredentialPath(id, location);
+  if (!fs.existsSync(filePath)) return null;
+  return JSON.parse(fs.readFileSync(filePath, 'utf-8'));
+}
+function writeCredentialFile(cred: CredentialFile, location: CredentialLocation = 'active'): void {
+  const dir = getCredentialsDir(location);
+  if (!fs.existsSync(dir)) {
+    fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
+  }
+  fs.writeFileSync(getCredentialPath(cred.id, location), JSON.stringify(cred, null, 2));
+}
+function moveCredentialFile(
+  id: string,
+  from: CredentialLocation,
+  to: CredentialLocation,
+): CredentialFile | null {
+  const sourcePath = getCredentialPath(id, from);
+  if (!fs.existsSync(sourcePath)) return null;
+  const destinationPath = getCredentialPath(id, to);
+  const destinationDir = getCredentialsDir(to);
+  if (!fs.existsSync(destinationDir)) {
+    fs.mkdirSync(destinationDir, { recursive: true, mode: 0o700 });
+  }
+  fs.renameSync(sourcePath, destinationPath);
+  return readCredentialFile(id, to);
+}
+// ---------------------------------------------------------------------------
+// CRUD operations
+// ---------------------------------------------------------------------------
+/**
+ * Create a new credential.
+ * Encrypts sensitive fields with the vault's derived credential key.
+ */
+export function createCredential(
+  vaultId: string,
+  type: CredentialType,
+  name: string,
+  meta: Record<string, unknown>,
+  sensitiveFields: CredentialField[]
+): CredentialFile {
+  const vaultKey = getCredentialVaultKey(vaultId);
+  if (!vaultKey) {
+    throw new Error(`Credential vault for ${vaultId} is locked`);
+  }
+  const id = generateCredentialId();
+  const now = new Date().toISOString();
+  const encrypted = encryptWithSeed(JSON.stringify(sensitiveFields), vaultKey);
+  const cred: CredentialFile = {
+    id,
+    vaultId,
+    type,
+    name,
+    meta,
+    encrypted,
+    createdAt: now,
+    updatedAt: now,
+  };
+  writeCredentialFile(cred);
+  return cred;
+}
+/**
+ * Get credential metadata (no decryption).
+ */
+export function getCredential(id: string, location: CredentialLocation = 'active'): CredentialFile | null {
+  return readCredentialFile(id, location);
+}
+export function findCredentialLocation(id: string): CredentialLocation | null {
+  if (readCredentialFile(id, 'active')) return 'active';
+  if (readCredentialFile(id, 'archive')) return 'archive';
+  if (readCredentialFile(id, 'recently_deleted')) return 'recently_deleted';
+  return null;
+}
+/**
+ * Decrypt and return the sensitive fields of a credential.
+ */
+export function readCredentialSecrets(id: string, location: CredentialLocation = 'active'): CredentialField[] {
+  const cred = readCredentialFile(id, location);
+  if (!cred) {
+    throw new Error(`Credential not found: ${id}`);
+  }
+  const vaultKey = getCredentialVaultKey(cred.vaultId);
+  if (!vaultKey) {
+    throw new Error(`Credential vault for ${cred.vaultId} is locked`);
+  }
+  const decrypted = decryptWithSeed(cred.encrypted, vaultKey);
+  return JSON.parse(decrypted) as CredentialField[];
+}
+/**
+ * Update a credential's metadata and/or sensitive fields.
+ */
+export function updateCredential(
+  id: string,
+  updates: {
+    name?: string;
+    meta?: Record<string, unknown>;
+    sensitiveFields?: CredentialField[];
+  }
+): CredentialFile {
+  const cred = readCredentialFile(id, 'active');
+  if (!cred) {
+    throw new Error(`Credential not found: ${id}`);
+  }
+  if (updates.name !== undefined) {
+    cred.name = updates.name;
+  }
+  if (updates.meta !== undefined) {
+    cred.meta = updates.meta;
+  }
+  if (updates.sensitiveFields !== undefined) {
+    const vaultKey = getCredentialVaultKey(cred.vaultId);
+    if (!vaultKey) {
+      throw new Error(`Credential vault for ${cred.vaultId} is locked`);
+    }
+    cred.encrypted = encryptWithSeed(JSON.stringify(updates.sensitiveFields), vaultKey);
+  }
+  cred.updatedAt = new Date().toISOString();
+  writeCredentialFile(cred, 'active');
+  return cred;
+}
+/**
+ * Permanently delete a credential file in the given location.
+ */
+export function deleteCredential(id: string, location: CredentialLocation = 'active'): boolean {
+  const filePath = getCredentialPath(id, location);
+  if (!fs.existsSync(filePath)) return false;
+  fs.unlinkSync(filePath);
+  return true;
+}
+export function archiveCredential(id: string): CredentialFile | null {
+  const moved = moveCredentialFile(id, 'active', 'archive');
+  if (!moved) return null;
+  const now = new Date().toISOString();
+  moved.archivedAt = now;
+  delete moved.deletedAt;
+  moved.updatedAt = now;
+  writeCredentialFile(moved, 'archive');
+  return moved;
+}
+export function deleteArchivedCredential(id: string): CredentialFile | null {
+  const moved = moveCredentialFile(id, 'archive', 'recently_deleted');
+  if (!moved) return null;
+  const now = new Date().toISOString();
+  moved.archivedAt = moved.archivedAt || now;
+  moved.deletedAt = now;
+  moved.updatedAt = now;
+  writeCredentialFile(moved, 'recently_deleted');
+  return moved;
+}
+export function restoreArchivedCredential(id: string): CredentialFile | null {
+  const moved = moveCredentialFile(id, 'archive', 'active');
+  if (!moved) return null;
+  delete moved.archivedAt;
+  delete moved.deletedAt;
+  moved.updatedAt = new Date().toISOString();
+  writeCredentialFile(moved, 'active');
+  return moved;
+}
+export function restoreDeletedCredential(id: string): CredentialFile | null {
+  const moved = moveCredentialFile(id, 'recently_deleted', 'archive');
+  if (!moved) return null;
+  moved.archivedAt = moved.archivedAt || new Date().toISOString();
+  delete moved.deletedAt;
+  moved.updatedAt = new Date().toISOString();
+  writeCredentialFile(moved, 'archive');
+  return moved;
+}
+export function purgeDeletedCredentials(retentionDays = 30): {
+  scanned: number;
+  purged: number;
+  errors: Array<{ id: string; error: string }>;
+} {
+  const dir = getCredentialsDir('recently_deleted');
+  if (!fs.existsSync(dir)) {
+    return { scanned: 0, purged: 0, errors: [] };
+  }
+  const cutoffMs = Date.now() - retentionDays * 24 * 60 * 60 * 1000;
+  const files = fs.readdirSync(dir).filter(file => file.startsWith('cred-') && file.endsWith('.json'));
+  const errors: Array<{ id: string; error: string }> = [];
+  let purged = 0;
+  for (const file of files) {
+    const id = file.replace(/\.json$/, '');
+    try {
+      const cred = readCredentialFile(id, 'recently_deleted');
+      if (!cred) continue;
+      const deletedAt = cred.deletedAt || cred.updatedAt || cred.createdAt;
+      const deletedMs = Date.parse(deletedAt);
+      if (Number.isNaN(deletedMs)) continue;
+      if (deletedMs <= cutoffMs) {
+        deleteCredential(id, 'recently_deleted');
+        purged += 1;
+      }
+    } catch (error) {
+      errors.push({
+        id,
+        error: error instanceof Error ? error.message : 'Unknown error',
+      });
+    }
+  }
+  return {
+    scanned: files.length,
+    purged,
+    errors,
+  };
+}
+/**
+ * List credentials with optional filters.
+ * Returns metadata only (no decryption).
+ */
+export function listCredentials(filters?: {
+  vaultId?: string;
+  type?: CredentialType;
+  tag?: string;
+  query?: string;
+}, location: CredentialLocation = 'active'): CredentialFile[] {
+  const dir = getCredentialsDir(location);
+  if (!fs.existsSync(dir)) return [];
+  const files = fs.readdirSync(dir);
+  const results: CredentialFile[] = [];
+  for (const file of files) {
+    if (!file.startsWith('cred-') || !file.endsWith('.json')) continue;
+    try {
+      const raw = fs.readFileSync(path.join(dir, file), 'utf-8');
+      const cred: CredentialFile = JSON.parse(raw);
+      // Apply filters
+      if (filters?.vaultId && cred.vaultId !== filters.vaultId) continue;
+      if (filters?.type && cred.type !== filters.type) continue;
+      if (filters?.tag) {
+        const tags = (cred.meta.tags as string[] | undefined) || [];
+        if (!tags.some(t => t.toLowerCase() === filters.tag!.toLowerCase())) continue;
+      }
+      if (filters?.query) {
+        const q = filters.query.toLowerCase();
+        if (!cred.name.toLowerCase().includes(q) && !cred.id.toLowerCase().includes(q)) continue;
+      }
+      results.push(cred);
+    } catch {
+      // skip corrupt files
+    }
+  }
+  // Sort by updatedAt descending
+  results.sort((a, b) => new Date(b.updatedAt).getTime() - new Date(a.updatedAt).getTime());
+  return results;
+}

package/server/lib/crypto.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import { createHash } from 'crypto';
+/**
+ * Hash a secret for storage (we only store the hash, never the secret)
+ */
+export function hashSecret(secret: string): string {
+  return createHash('sha256').update(secret).digest('hex');
+}

package/server/lib/db.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import { PrismaClient } from '@prisma/client';
+import { getDbUrl } from './config';
+// Resolve DATABASE_URL to ~/.aurawallet/aurawallet.db (unless tests override)
+process.env.DATABASE_URL = getDbUrl();
+const globalForPrisma = globalThis as unknown as {
+  prisma: PrismaClient | undefined;
+};
+export const prisma = globalForPrisma.prisma ?? new PrismaClient();
+if (process.env.NODE_ENV !== 'production') {
+  globalForPrisma.prisma = prisma;
+}