chainlesschain 0.37.12 → 0.40.1

package/src/commands/hardening.js

@@ -0,0 +1,230 @@
+/**
+ * Hardening commands
+ * chainlesschain hardening baseline|audit
+ */
+
+import chalk from "chalk";
+import { logger } from "../lib/logger.js";
+import { bootstrap, shutdown } from "../runtime/bootstrap.js";
+import {
+  ensureHardeningTables,
+  collectBaseline,
+  compareBaseline,
+  listBaselines,
+  runAudit,
+  getAuditReports,
+  getAuditReport,
+} from "../lib/hardening-manager.js";
+
+export function registerHardeningCommand(program) {
+  const hardening = program
+    .command("hardening")
+    .description(
+      "Security hardening — baselines, audits, regression detection",
+    );
+
+  // baseline subcommands
+  const baseline = hardening
+    .command("baseline")
+    .description("Performance baseline management");
+
+  baseline
+    .command("collect <name>")
+    .description("Collect a performance baseline")
+    .option("-v, --version <version>", "Baseline version", "1.0.0")
+    .action(async (name, options) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        ensureHardeningTables(db);
+
+        const result = collectBaseline(db, name, options.version);
+        logger.success("Baseline collected");
+        logger.log(`  ${chalk.bold("ID:")}      ${chalk.cyan(result.id)}`);
+        logger.log(`  ${chalk.bold("Name:")}    ${result.name}`);
+        logger.log(`  ${chalk.bold("Version:")} ${result.version}`);
+        logger.log(`  ${chalk.bold("Status:")}  ${result.status}`);
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+
+  baseline
+    .command("compare <baseline-id>")
+    .description("Compare baseline against current or another baseline")
+    .option("-c, --current <id>", "Current baseline ID to compare against")
+    .option("--json", "Output as JSON")
+    .action(async (baselineId, options) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        ensureHardeningTables(db);
+
+        const result = compareBaseline(baselineId, options.current);
+        if (options.json) {
+          console.log(JSON.stringify(result, null, 2));
+        } else {
+          logger.log(
+            `  ${chalk.bold("Regressions:")} ${result.hasRegressions ? chalk.red("Yes") : chalk.green("No")}`,
+          );
+          logger.log(`  ${chalk.bold("Summary:")}     ${result.summary}`);
+          for (const r of result.regressions) {
+            logger.log(
+              `    ${chalk.yellow(r.metric)}: ${r.ratio.toFixed(2)}x (threshold: ${r.threshold}x)`,
+            );
+          }
+        }
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+
+  baseline
+    .command("list")
+    .description("List collected baselines")
+    .option("--json", "Output as JSON")
+    .action(async (options) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        ensureHardeningTables(db);
+
+        const baselines = listBaselines();
+        if (options.json) {
+          console.log(JSON.stringify(baselines, null, 2));
+        } else if (baselines.length === 0) {
+          logger.info("No baselines collected.");
+        } else {
+          for (const b of baselines) {
+            logger.log(
+              `  ${chalk.cyan(b.id.slice(0, 8))} ${b.name} v${b.version} [${b.status}] samples=${b.sampleCount}`,
+            );
+          }
+        }
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+
+  // audit subcommands
+  const audit = hardening
+    .command("audit")
+    .description("Security audit management");
+
+  audit
+    .command("run <name>")
+    .description("Run a security hardening audit")
+    .action(async (name) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        ensureHardeningTables(db);
+
+        const result = runAudit(db, name);
+        logger.success(`Audit complete: score ${result.score}%`);
+        logger.log(`  ${chalk.bold("ID:")}     ${chalk.cyan(result.id)}`);
+        logger.log(
+          `  ${chalk.bold("Passed:")} ${result.passed}/${result.checks.length}`,
+        );
+        logger.log(
+          `  ${chalk.bold("Failed:")} ${result.failed}/${result.checks.length}`,
+        );
+        for (const rec of result.recommendations) {
+          logger.log(`  ${chalk.yellow("→")} ${rec}`);
+        }
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+
+  audit
+    .command("reports")
+    .description("List audit reports")
+    .option("--json", "Output as JSON")
+    .action(async (options) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        ensureHardeningTables(db);
+
+        const reports = getAuditReports();
+        if (options.json) {
+          console.log(JSON.stringify(reports, null, 2));
+        } else if (reports.length === 0) {
+          logger.info("No audit reports.");
+        } else {
+          for (const r of reports) {
+            logger.log(
+              `  ${chalk.cyan(r.id.slice(0, 8))} ${r.name} score=${r.score}% passed=${r.passed} failed=${r.failed}`,
+            );
+          }
+        }
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+
+  audit
+    .command("report <audit-id>")
+    .description("Show a specific audit report")
+    .option("--json", "Output as JSON")
+    .action(async (auditId, options) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        ensureHardeningTables(db);
+
+        const report = getAuditReport(auditId);
+        if (options.json) {
+          console.log(JSON.stringify(report, null, 2));
+        } else {
+          logger.log(`  ${chalk.bold("ID:")}     ${chalk.cyan(report.id)}`);
+          logger.log(`  ${chalk.bold("Name:")}   ${report.name}`);
+          logger.log(`  ${chalk.bold("Score:")}  ${report.score}%`);
+          for (const c of report.checks) {
+            const icon =
+              c.status === "pass" ? chalk.green("✓") : chalk.red("✗");
+            logger.log(`    ${icon} ${c.name}: ${c.detail}`);
+          }
+        }
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+}

package/src/commands/matrix.js

@@ -0,0 +1,168 @@
+/**
+ * Matrix commands
+ * chainlesschain matrix login|rooms|send|messages|join
+ */
+
+import chalk from "chalk";
+import { logger } from "../lib/logger.js";
+import { bootstrap, shutdown } from "../runtime/bootstrap.js";
+import {
+  ensureMatrixTables,
+  login,
+  listRooms,
+  sendMessage,
+  getMessages,
+  joinRoom,
+  getLoginState,
+} from "../lib/matrix-bridge.js";
+
+export function registerMatrixCommand(program) {
+  const matrix = program
+    .command("matrix")
+    .description("Matrix bridge — rooms, messaging, E2EE");
+
+  matrix
+    .command("login")
+    .description("Login to a Matrix homeserver")
+    .option("-s, --server <url>", "Homeserver URL", "https://matrix.org")
+    .requiredOption("-u, --user <id>", "User ID (e.g. @user:matrix.org)")
+    .requiredOption("-p, --password <pass>", "Password")
+    .action(async (options) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        ensureMatrixTables(db);
+
+        const result = login(
+          db,
+          options.server,
+          options.user,
+          options.password,
+        );
+        logger.success(`Logged in as ${chalk.cyan(result.userId)}`);
+        logger.log(`  ${chalk.bold("Server:")} ${result.homeserver}`);
+        logger.log(`  ${chalk.bold("Token:")}  ${result.accessToken}`);
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+
+  matrix
+    .command("rooms")
+    .description("List joined rooms")
+    .option("--json", "Output as JSON")
+    .action(async (options) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        ensureMatrixTables(db);
+
+        const rooms = listRooms();
+        if (options.json) {
+          console.log(JSON.stringify(rooms, null, 2));
+        } else if (rooms.length === 0) {
+          logger.info("No rooms joined.");
+        } else {
+          for (const r of rooms) {
+            logger.log(
+              `  ${chalk.cyan(r.roomId)} ${r.name || ""} members=${r.memberCount} encrypted=${r.isEncrypted}`,
+            );
+          }
+        }
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+
+  matrix
+    .command("send <room-id> <message>")
+    .description("Send a message to a room")
+    .option("-t, --type <msgtype>", "Message type", "m.text")
+    .action(async (roomId, message, options) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        ensureMatrixTables(db);
+
+        const result = sendMessage(db, roomId, message, options.type);
+        logger.success(`Message sent to ${chalk.cyan(roomId)}`);
+        logger.log(`  ${chalk.bold("Event:")} ${result.event.eventId}`);
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+
+  matrix
+    .command("messages <room-id>")
+    .description("Get messages from a room")
+    .option("-n, --limit <n>", "Max messages", "50")
+    .option("--json", "Output as JSON")
+    .action(async (roomId, options) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        ensureMatrixTables(db);
+
+        const messages = getMessages(roomId, {
+          limit: parseInt(options.limit),
+        });
+        if (options.json) {
+          console.log(JSON.stringify(messages, null, 2));
+        } else if (messages.length === 0) {
+          logger.info("No messages found.");
+        } else {
+          for (const m of messages) {
+            logger.log(`  ${chalk.gray(m.sender)} ${m.content.body}`);
+          }
+        }
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+
+  matrix
+    .command("join <room-id>")
+    .description("Join a Matrix room")
+    .action(async (roomId) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        ensureMatrixTables(db);
+
+        const result = joinRoom(db, roomId);
+        logger.success(`Joined room ${chalk.cyan(result.room.roomId)}`);
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+}

package/src/commands/nostr.js

@@ -0,0 +1,185 @@
+/**
+ * Nostr commands
+ * chainlesschain nostr relays|add-relay|publish|events|keygen|map-did
+ */
+
+import chalk from "chalk";
+import { logger } from "../lib/logger.js";
+import { bootstrap, shutdown } from "../runtime/bootstrap.js";
+import {
+  ensureNostrTables,
+  listRelays,
+  addRelay,
+  publishEvent,
+  getEvents,
+  generateKeypair,
+  mapDid,
+} from "../lib/nostr-bridge.js";
+
+export function registerNostrCommand(program) {
+  const nostr = program
+    .command("nostr")
+    .description("Nostr bridge — relays, events, keypairs, DID mapping");
+
+  nostr
+    .command("relays")
+    .description("List configured Nostr relays")
+    .option("--json", "Output as JSON")
+    .action(async (options) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        ensureNostrTables(db);
+
+        const relays = listRelays();
+        if (options.json) {
+          console.log(JSON.stringify(relays, null, 2));
+        } else if (relays.length === 0) {
+          logger.info(
+            "No relays configured. Use `nostr add-relay <url>` to add one.",
+          );
+        } else {
+          for (const r of relays) {
+            logger.log(
+              `  ${chalk.cyan(r.url)} [${r.status}] events=${r.eventCount}`,
+            );
+          }
+        }
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+
+  nostr
+    .command("add-relay <url>")
+    .description("Add a Nostr relay")
+    .action(async (url) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        ensureNostrTables(db);
+
+        const relay = addRelay(db, url);
+        logger.success(`Relay added: ${chalk.cyan(relay.url)}`);
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+
+  nostr
+    .command("publish <content>")
+    .description("Publish a text note event")
+    .option("-k, --kind <n>", "Event kind", "1")
+    .option("-p, --pubkey <key>", "Author public key")
+    .action(async (content, options) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        ensureNostrTables(db);
+
+        const result = publishEvent(
+          db,
+          parseInt(options.kind),
+          content,
+          options.pubkey,
+        );
+        logger.success("Event published");
+        logger.log(
+          `  ${chalk.bold("ID:")}   ${chalk.cyan(result.event.id.slice(0, 16))}...`,
+        );
+        logger.log(`  ${chalk.bold("Sent:")} ${result.sentCount} relay(s)`);
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+
+  nostr
+    .command("events")
+    .description("List events")
+    .option("-k, --kind <n>", "Filter by event kind")
+    .option("-n, --limit <n>", "Max results", "50")
+    .option("--json", "Output as JSON")
+    .action(async (options) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        ensureNostrTables(db);
+
+        const filter = { limit: parseInt(options.limit) };
+        if (options.kind) filter.kinds = [parseInt(options.kind)];
+        const events = getEvents(filter);
+        if (options.json) {
+          console.log(JSON.stringify(events, null, 2));
+        } else if (events.length === 0) {
+          logger.info("No events found.");
+        } else {
+          for (const e of events) {
+            logger.log(
+              `  ${chalk.cyan(e.id.slice(0, 12))} kind=${e.kind} "${e.content.slice(0, 60)}"`,
+            );
+          }
+        }
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+
+  nostr
+    .command("keygen")
+    .description("Generate a Nostr keypair")
+    .option("--json", "Output as JSON")
+    .action(async (options) => {
+      try {
+        const kp = generateKeypair();
+        if (options.json) {
+          console.log(JSON.stringify(kp, null, 2));
+        } else {
+          logger.success("Keypair generated");
+          logger.log(`  ${chalk.bold("Public:")}  ${chalk.cyan(kp.publicKey)}`);
+          logger.log(
+            `  ${chalk.bold("Private:")} ${kp.privateKey.slice(0, 16)}...`,
+          );
+        }
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+
+  nostr
+    .command("map-did <did> <pubkey>")
+    .description("Map a DID identity to a Nostr pubkey")
+    .action(async (did, pubkey) => {
+      try {
+        const result = mapDid(did, pubkey);
+        logger.success(`DID ${chalk.cyan(did)} mapped to Nostr pubkey`);
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+}