npm - chainlesschain - Versions diffs - 0.37.8 → 0.37.10 - Mend

chainlesschain 0.37.8 → 0.37.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

package/README.md +403 -8
package/bin/chainlesschain.js +4 -0
package/package.json +7 -2
package/src/commands/agent.js +30 -0
package/src/commands/ask.js +114 -0
package/src/commands/audit.js +286 -0
package/src/commands/auth.js +387 -0
package/src/commands/browse.js +184 -0
package/src/commands/chat.js +35 -0
package/src/commands/db.js +152 -0
package/src/commands/did.js +376 -0
package/src/commands/encrypt.js +233 -0
package/src/commands/export.js +125 -0
package/src/commands/git.js +215 -0
package/src/commands/import.js +259 -0
package/src/commands/instinct.js +202 -0
package/src/commands/llm.js +288 -0
package/src/commands/mcp.js +302 -0
package/src/commands/memory.js +282 -0
package/src/commands/note.js +489 -0
package/src/commands/org.js +505 -0
package/src/commands/p2p.js +274 -0
package/src/commands/plugin.js +398 -0
package/src/commands/search.js +237 -0
package/src/commands/session.js +238 -0
package/src/commands/skill.js +479 -0
package/src/commands/sync.js +249 -0
package/src/commands/tokens.js +214 -0
package/src/commands/wallet.js +416 -0
package/src/index.js +65 -0
package/src/lib/audit-logger.js +364 -0
package/src/lib/bm25-search.js +322 -0
package/src/lib/browser-automation.js +216 -0
package/src/lib/crypto-manager.js +246 -0
package/src/lib/did-manager.js +270 -0
package/src/lib/ensure-utf8.js +59 -0
package/src/lib/git-integration.js +220 -0
package/src/lib/instinct-manager.js +190 -0
package/src/lib/knowledge-exporter.js +302 -0
package/src/lib/knowledge-importer.js +293 -0
package/src/lib/llm-providers.js +325 -0
package/src/lib/mcp-client.js +413 -0
package/src/lib/memory-manager.js +211 -0
package/src/lib/note-versioning.js +244 -0
package/src/lib/org-manager.js +424 -0
package/src/lib/p2p-manager.js +317 -0
package/src/lib/pdf-parser.js +96 -0
package/src/lib/permission-engine.js +374 -0
package/src/lib/plan-mode.js +333 -0
package/src/lib/platform.js +15 -0
package/src/lib/plugin-manager.js +312 -0
package/src/lib/response-cache.js +156 -0
package/src/lib/session-manager.js +189 -0
package/src/lib/sync-manager.js +347 -0
package/src/lib/token-tracker.js +200 -0
package/src/lib/wallet-manager.js +348 -0
package/src/repl/agent-repl.js +912 -0
package/src/repl/chat-repl.js +262 -0
package/src/runtime/bootstrap.js +159 -0

package/src/commands/audit.js ADDED Viewed

@@ -0,0 +1,286 @@
+/**
+ * Audit log commands
+ * chainlesschain audit log|search|stats|export|purge
+ */
+import chalk from "chalk";
+import fs from "fs";
+import { logger } from "../lib/logger.js";
+import { bootstrap, shutdown } from "../runtime/bootstrap.js";
+import {
+  getRecentEvents,
+  queryLogs,
+  getStatistics,
+  exportLogs,
+  purgeLogs,
+  EVENT_TYPES,
+  RISK_LEVELS,
+} from "../lib/audit-logger.js";
+const RISK_COLORS = {
+  low: chalk.gray,
+  medium: chalk.yellow,
+  high: chalk.red,
+  critical: chalk.bgRed.white,
+};
+function formatLogEntry(log) {
+  const riskColor = RISK_COLORS[log.risk_level] || chalk.gray;
+  const status = log.success ? chalk.green("OK") : chalk.red("FAIL");
+  const time = log.created_at || "";
+  return [
+    `  ${chalk.gray(log.id.slice(0, 8))} ${chalk.gray(time)}`,
+    `    ${chalk.cyan(log.event_type.padEnd(12))} ${chalk.white(log.operation)} ${status} ${riskColor(`[${log.risk_level}]`)}`,
+    log.actor ? `    ${chalk.gray("actor:")} ${log.actor}` : null,
+    log.target ? `    ${chalk.gray("target:")} ${log.target}` : null,
+    log.error_message
+      ? `    ${chalk.red("error:")} ${log.error_message}`
+      : null,
+  ]
+    .filter(Boolean)
+    .join("\n");
+}
+export function registerAuditCommand(program) {
+  const audit = program
+    .command("audit")
+    .description("Audit log — security event tracking and compliance");
+  // audit log (default)
+  audit
+    .command("log", { isDefault: true })
+    .description("Show recent audit events")
+    .option("-n, --limit <n>", "Number of events to show", "20")
+    .option("--type <type>", "Filter by event type")
+    .option("--risk <level>", "Filter by risk level")
+    .option("--json", "Output as JSON")
+    .action(async (options) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        const filters = {
+          limit: parseInt(options.limit) || 20,
+        };
+        if (options.type) filters.eventType = options.type;
+        if (options.risk) filters.riskLevel = options.risk;
+        const logs = queryLogs(db, filters);
+        if (options.json) {
+          console.log(JSON.stringify(logs, null, 2));
+        } else if (logs.length === 0) {
+          logger.info("No audit events found");
+        } else {
+          logger.log(chalk.bold(`Audit Log (${logs.length} events):\n`));
+          for (const log of logs) {
+            logger.log(formatLogEntry(log));
+          }
+        }
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+  // audit search
+  audit
+    .command("search")
+    .description("Search audit logs")
+    .argument("<query>", "Search query")
+    .option("-n, --limit <n>", "Max results", "50")
+    .option("--type <type>", "Filter by event type")
+    .option("--risk <level>", "Filter by risk level")
+    .option("--from <date>", "Start date (ISO 8601)")
+    .option("--to <date>", "End date (ISO 8601)")
+    .option("--failures", "Show only failed events")
+    .option("--json", "Output as JSON")
+    .action(async (query, options) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        const filters = {
+          search: query,
+          limit: parseInt(options.limit) || 50,
+        };
+        if (options.type) filters.eventType = options.type;
+        if (options.risk) filters.riskLevel = options.risk;
+        if (options.from) filters.startDate = options.from;
+        if (options.to) filters.endDate = options.to;
+        if (options.failures) filters.success = false;
+        const logs = queryLogs(db, filters);
+        if (options.json) {
+          console.log(JSON.stringify(logs, null, 2));
+        } else if (logs.length === 0) {
+          logger.info(`No audit events matching "${query}"`);
+        } else {
+          logger.log(chalk.bold(`Search Results (${logs.length}):\n`));
+          for (const log of logs) {
+            logger.log(formatLogEntry(log));
+          }
+        }
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+  // audit stats
+  audit
+    .command("stats")
+    .description("Show audit statistics")
+    .option("--from <date>", "Start date")
+    .option("--to <date>", "End date")
+    .option("--json", "Output as JSON")
+    .action(async (options) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        const stats = getStatistics(db, options.from, options.to);
+        if (options.json) {
+          console.log(JSON.stringify(stats, null, 2));
+        } else {
+          logger.log(chalk.bold("Audit Statistics:\n"));
+          logger.log(`  ${chalk.bold("Total events:")}   ${stats.total}`);
+          logger.log(
+            `  ${chalk.bold("Failures:")}       ${chalk.red(stats.failures)}`,
+          );
+          logger.log(
+            `  ${chalk.bold("High risk:")}      ${chalk.red(stats.highRisk)}`,
+          );
+          if (Object.keys(stats.byEventType).length > 0) {
+            logger.log(`\n  ${chalk.bold("By Event Type:")}`);
+            for (const [type, count] of Object.entries(stats.byEventType)) {
+              logger.log(`    ${chalk.cyan(type.padEnd(15))} ${count}`);
+            }
+          }
+          if (Object.keys(stats.byRiskLevel).length > 0) {
+            logger.log(`\n  ${chalk.bold("By Risk Level:")}`);
+            for (const [level, count] of Object.entries(stats.byRiskLevel)) {
+              const color = RISK_COLORS[level] || chalk.gray;
+              logger.log(`    ${color(level.padEnd(15))} ${count}`);
+            }
+          }
+        }
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+  // audit export
+  audit
+    .command("export")
+    .description("Export audit logs to file")
+    .option("-o, --output <path>", "Output file path")
+    .option("-f, --format <fmt>", "Format: json or csv", "json")
+    .option("--from <date>", "Start date")
+    .option("--to <date>", "End date")
+    .option("-n, --limit <n>", "Max events", "10000")
+    .action(async (options) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        const filters = { limit: parseInt(options.limit) || 10000 };
+        if (options.from) filters.startDate = options.from;
+        if (options.to) filters.endDate = options.to;
+        const data = exportLogs(db, options.format, filters);
+        if (options.output) {
+          fs.writeFileSync(options.output, data, "utf8");
+          logger.success(`Exported to ${options.output}`);
+        } else {
+          console.log(data);
+        }
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+  // audit purge
+  audit
+    .command("purge")
+    .description("Delete old audit logs")
+    .option("--days <n>", "Keep logs from last N days", "90")
+    .option("--force", "Skip confirmation")
+    .action(async (options) => {
+      try {
+        const days = parseInt(options.days) || 90;
+        if (!options.force) {
+          const { confirm } = await import("@inquirer/prompts");
+          const ok = await confirm({
+            message: `Delete audit logs older than ${days} days? This cannot be undone.`,
+          });
+          if (!ok) {
+            logger.info("Cancelled");
+            return;
+          }
+        }
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        const deleted = purgeLogs(db, days);
+        logger.success(`Purged ${deleted} old audit events`);
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+  // audit types
+  audit
+    .command("types")
+    .description("List available event types and risk levels")
+    .action(async () => {
+      logger.log(chalk.bold("Event Types:\n"));
+      for (const [key, value] of Object.entries(EVENT_TYPES)) {
+        logger.log(`  ${chalk.cyan(value.padEnd(15))} ${chalk.gray(key)}`);
+      }
+      logger.log(chalk.bold("\nRisk Levels:\n"));
+      for (const [key, value] of Object.entries(RISK_LEVELS)) {
+        const color = RISK_COLORS[value] || chalk.gray;
+        logger.log(`  ${color(value.padEnd(15))} ${chalk.gray(key)}`);
+      }
+    });
+}

package/src/commands/auth.js ADDED Viewed

@@ -0,0 +1,387 @@
+/**
+ * Auth / RBAC commands
+ * chainlesschain auth roles|grant|revoke|check|permissions|users
+ */
+import chalk from "chalk";
+import { logger } from "../lib/logger.js";
+import { bootstrap, shutdown } from "../runtime/bootstrap.js";
+import {
+  getRoles,
+  createRole,
+  deleteRole,
+  grantRole,
+  revokeRole,
+  grantPermission,
+  revokePermission,
+  getUserPermissions,
+  checkPermission,
+  listUserRoles,
+  PERMISSION_SCOPES,
+} from "../lib/permission-engine.js";
+export function registerAuthCommand(program) {
+  const auth = program
+    .command("auth")
+    .description("RBAC permission management");
+  // auth roles
+  auth
+    .command("roles", { isDefault: true })
+    .description("List all roles")
+    .option("--json", "Output as JSON")
+    .action(async (options) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        const roles = getRoles(db);
+        if (options.json) {
+          console.log(JSON.stringify(roles, null, 2));
+        } else if (roles.length === 0) {
+          logger.info("No roles defined");
+        } else {
+          logger.log(chalk.bold(`Roles (${roles.length}):\n`));
+          for (const role of roles) {
+            const tag = role.isBuiltin
+              ? chalk.gray(" [built-in]")
+              : chalk.blue(" [custom]");
+            logger.log(
+              `  ${chalk.cyan(role.name.padEnd(15))}${tag}  ${role.description || ""}`,
+            );
+            logger.log(
+              `    ${chalk.gray("permissions:")} ${role.permissions.join(", ")}`,
+            );
+          }
+        }
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+  // auth create-role
+  auth
+    .command("create-role")
+    .description("Create a custom role")
+    .argument("<name>", "Role name")
+    .option("-d, --description <desc>", "Role description")
+    .option("-p, --permissions <perms>", "Comma-separated permissions")
+    .action(async (name, options) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        const perms = options.permissions
+          ? options.permissions.split(",").map((s) => s.trim())
+          : [];
+        const role = createRole(db, name, options.description, perms);
+        logger.success(`Role created: ${role.name}`);
+        if (role.permissions.length > 0) {
+          logger.log(
+            `  ${chalk.bold("Permissions:")} ${role.permissions.join(", ")}`,
+          );
+        }
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+  // auth delete-role
+  auth
+    .command("delete-role")
+    .description("Delete a custom role")
+    .argument("<name>", "Role name")
+    .option("--force", "Skip confirmation")
+    .action(async (name, options) => {
+      try {
+        if (!options.force) {
+          const { confirm } = await import("@inquirer/prompts");
+          const ok = await confirm({
+            message: `Delete role "${name}"? All grants for this role will be removed.`,
+          });
+          if (!ok) {
+            logger.info("Cancelled");
+            return;
+          }
+        }
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        const ok = deleteRole(db, name);
+        if (ok) {
+          logger.success(`Role deleted: ${name}`);
+        } else {
+          logger.error(`Role not found or is built-in: ${name}`);
+        }
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+  // auth grant
+  auth
+    .command("grant")
+    .description("Grant a role to a user")
+    .argument("<user-did>", "User DID")
+    .argument("<role>", "Role name")
+    .option("--expires <date>", "Expiration date (ISO 8601)")
+    .action(async (userDid, role, options) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        const grant = grantRole(db, userDid, role, null, options.expires);
+        logger.success(`Granted role "${role}" to ${userDid}`);
+        if (grant.expiresAt) {
+          logger.log(`  ${chalk.bold("Expires:")} ${grant.expiresAt}`);
+        }
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+  // auth revoke
+  auth
+    .command("revoke")
+    .description("Revoke a role from a user")
+    .argument("<user-did>", "User DID")
+    .argument("<role>", "Role name")
+    .action(async (userDid, role) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        const ok = revokeRole(db, userDid, role);
+        if (ok) {
+          logger.success(`Revoked role "${role}" from ${userDid}`);
+        } else {
+          logger.error("Grant not found");
+        }
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+  // auth grant-permission (direct permission)
+  auth
+    .command("grant-permission")
+    .description("Grant a direct permission to a user")
+    .argument("<user-did>", "User DID")
+    .argument("<permission>", "Permission scope (e.g., note:read)")
+    .action(async (userDid, permission) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        grantPermission(db, userDid, permission);
+        logger.success(`Granted permission "${permission}" to ${userDid}`);
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+  // auth revoke-permission
+  auth
+    .command("revoke-permission")
+    .description("Revoke a direct permission from a user")
+    .argument("<user-did>", "User DID")
+    .argument("<permission>", "Permission scope")
+    .action(async (userDid, permission) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        const ok = revokePermission(db, userDid, permission);
+        if (ok) {
+          logger.success(`Revoked permission "${permission}" from ${userDid}`);
+        } else {
+          logger.error("Permission grant not found");
+        }
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+  // auth check
+  auth
+    .command("check")
+    .description("Check if a user has a specific permission")
+    .argument("<user-did>", "User DID")
+    .argument("<permission>", "Permission to check")
+    .option("--json", "Output as JSON")
+    .action(async (userDid, permission, options) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        const allowed = checkPermission(db, userDid, permission);
+        if (options.json) {
+          console.log(
+            JSON.stringify({ userDid, permission, allowed }, null, 2),
+          );
+        } else if (allowed) {
+          logger.success(
+            `${chalk.green("ALLOWED")} — ${userDid} has permission: ${permission}`,
+          );
+        } else {
+          logger.log(
+            `${chalk.red("DENIED")} — ${userDid} does not have permission: ${permission}`,
+          );
+        }
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+  // auth permissions
+  auth
+    .command("permissions")
+    .description("Show all permissions for a user")
+    .argument("<user-did>", "User DID")
+    .option("--json", "Output as JSON")
+    .action(async (userDid, options) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        const perms = getUserPermissions(db, userDid);
+        if (options.json) {
+          console.log(JSON.stringify(perms, null, 2));
+        } else {
+          logger.log(chalk.bold(`Permissions for ${chalk.cyan(userDid)}:\n`));
+          if (perms.isAdmin) {
+            logger.log(`  ${chalk.green("ADMIN")} — Full access (wildcard *)`);
+          }
+          if (perms.roles.length > 0) {
+            logger.log(`  ${chalk.bold("Roles:")} ${perms.roles.join(", ")}`);
+          }
+          if (perms.directPermissions.length > 0) {
+            logger.log(
+              `  ${chalk.bold("Direct:")} ${perms.directPermissions.join(", ")}`,
+            );
+          }
+          if (perms.effectivePermissions.length > 0) {
+            logger.log(
+              `  ${chalk.bold("Effective:")} ${perms.effectivePermissions.join(", ")}`,
+            );
+          } else {
+            logger.log(`  ${chalk.gray("No permissions assigned")}`);
+          }
+        }
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+  // auth users
+  auth
+    .command("users")
+    .description("List all users with role assignments")
+    .option("--json", "Output as JSON")
+    .action(async (options) => {
+      try {
+        const ctx = await bootstrap({ verbose: program.opts().verbose });
+        if (!ctx.db) {
+          logger.error("Database not available");
+          process.exit(1);
+        }
+        const db = ctx.db.getDatabase();
+        const users = listUserRoles(db);
+        if (options.json) {
+          console.log(JSON.stringify(users, null, 2));
+        } else if (users.length === 0) {
+          logger.info("No role assignments yet");
+        } else {
+          logger.log(chalk.bold(`Users with roles (${users.length}):\n`));
+          for (const u of users) {
+            logger.log(`  ${chalk.cyan(u.userDid)}`);
+            logger.log(`    ${chalk.gray("roles:")} ${u.roles.join(", ")}`);
+          }
+        }
+        await shutdown();
+      } catch (err) {
+        logger.error(`Failed: ${err.message}`);
+        process.exit(1);
+      }
+    });
+  // auth scopes
+  auth
+    .command("scopes")
+    .description("List all available permission scopes")
+    .action(async () => {
+      logger.log(chalk.bold("Available Permission Scopes:\n"));
+      for (const scope of PERMISSION_SCOPES) {
+        const [resource, action] = scope.split(":");
+        logger.log(
+          `  ${chalk.cyan(resource.padEnd(12))}:${chalk.white(action)}`,
+        );
+      }
+    });
+}