devchain-cli 0.14.0 → 0.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (410) hide show
  1. package/README.md +6 -4
  2. package/dist/cli.js +5 -11
  3. package/dist/drizzle/0065_next_lady_bullseye.sql +11 -0
  4. package/dist/drizzle/meta/0065_snapshot.json +5691 -0
  5. package/dist/drizzle/meta/_journal.json +7 -0
  6. package/dist/node_modules/@devchain/codebase-overview/tsconfig.tsbuildinfo +1 -1
  7. package/dist/node_modules/@devchain/codebase-overview/types.d.ts.map +1 -1
  8. package/dist/node_modules/@devchain/shared/__fixtures__/phase2-frames.d.ts +20 -0
  9. package/dist/node_modules/@devchain/shared/__fixtures__/phase2-frames.d.ts.map +1 -0
  10. package/dist/node_modules/@devchain/shared/__fixtures__/phase2-frames.js +77 -0
  11. package/dist/node_modules/@devchain/shared/__fixtures__/phase2-frames.js.map +1 -0
  12. package/dist/node_modules/@devchain/shared/device-key/index.d.ts +2 -0
  13. package/dist/node_modules/@devchain/shared/device-key/index.d.ts.map +1 -0
  14. package/dist/node_modules/@devchain/shared/device-key/index.js +2 -0
  15. package/dist/node_modules/@devchain/shared/device-key/index.js.map +1 -0
  16. package/dist/node_modules/@devchain/shared/device-key/keypair.d.ts +23 -0
  17. package/dist/node_modules/@devchain/shared/device-key/keypair.d.ts.map +1 -0
  18. package/dist/node_modules/@devchain/shared/device-key/keypair.js +54 -0
  19. package/dist/node_modules/@devchain/shared/device-key/keypair.js.map +1 -0
  20. package/dist/node_modules/@devchain/shared/e2ee/aad.d.ts +3 -0
  21. package/dist/node_modules/@devchain/shared/e2ee/aad.d.ts.map +1 -0
  22. package/dist/node_modules/@devchain/shared/e2ee/aad.js +0 -0
  23. package/dist/node_modules/@devchain/shared/e2ee/aad.js.map +1 -0
  24. package/dist/node_modules/@devchain/shared/e2ee/base64.d.ts +6 -0
  25. package/dist/node_modules/@devchain/shared/e2ee/base64.d.ts.map +1 -0
  26. package/dist/node_modules/@devchain/shared/e2ee/base64.js +69 -0
  27. package/dist/node_modules/@devchain/shared/e2ee/base64.js.map +1 -0
  28. package/dist/node_modules/@devchain/shared/e2ee/crypto-envelope.service.d.ts +9 -0
  29. package/dist/node_modules/@devchain/shared/e2ee/crypto-envelope.service.d.ts.map +1 -0
  30. package/dist/node_modules/@devchain/shared/e2ee/crypto-envelope.service.js +78 -0
  31. package/dist/node_modules/@devchain/shared/e2ee/crypto-envelope.service.js.map +1 -0
  32. package/dist/node_modules/@devchain/shared/e2ee/envelope.d.ts +63 -0
  33. package/dist/node_modules/@devchain/shared/e2ee/envelope.d.ts.map +1 -0
  34. package/dist/node_modules/@devchain/shared/e2ee/envelope.js +64 -0
  35. package/dist/node_modules/@devchain/shared/e2ee/envelope.js.map +1 -0
  36. package/dist/node_modules/@devchain/shared/e2ee/index.d.ts +10 -0
  37. package/dist/node_modules/@devchain/shared/e2ee/index.d.ts.map +1 -0
  38. package/dist/node_modules/@devchain/shared/e2ee/index.js +10 -0
  39. package/dist/node_modules/@devchain/shared/e2ee/index.js.map +1 -0
  40. package/dist/node_modules/@devchain/shared/e2ee/key-exchange.d.ts +17 -0
  41. package/dist/node_modules/@devchain/shared/e2ee/key-exchange.d.ts.map +1 -0
  42. package/dist/node_modules/@devchain/shared/e2ee/key-exchange.js +72 -0
  43. package/dist/node_modules/@devchain/shared/e2ee/key-exchange.js.map +1 -0
  44. package/dist/node_modules/@devchain/shared/e2ee/keypair.d.ts +13 -0
  45. package/dist/node_modules/@devchain/shared/e2ee/keypair.d.ts.map +1 -0
  46. package/dist/node_modules/@devchain/shared/e2ee/keypair.js +34 -0
  47. package/dist/node_modules/@devchain/shared/e2ee/keypair.js.map +1 -0
  48. package/dist/node_modules/@devchain/shared/e2ee/negotiation.d.ts +30 -0
  49. package/dist/node_modules/@devchain/shared/e2ee/negotiation.d.ts.map +1 -0
  50. package/dist/node_modules/@devchain/shared/e2ee/negotiation.js +70 -0
  51. package/dist/node_modules/@devchain/shared/e2ee/negotiation.js.map +1 -0
  52. package/dist/node_modules/@devchain/shared/e2ee/safety-number.d.ts +3 -0
  53. package/dist/node_modules/@devchain/shared/e2ee/safety-number.d.ts.map +1 -0
  54. package/dist/node_modules/@devchain/shared/e2ee/safety-number.js +33 -0
  55. package/dist/node_modules/@devchain/shared/e2ee/safety-number.js.map +1 -0
  56. package/dist/node_modules/@devchain/shared/e2ee/trust.d.ts +22 -0
  57. package/dist/node_modules/@devchain/shared/e2ee/trust.d.ts.map +1 -0
  58. package/dist/node_modules/@devchain/shared/e2ee/trust.js +25 -0
  59. package/dist/node_modules/@devchain/shared/e2ee/trust.js.map +1 -0
  60. package/dist/node_modules/@devchain/shared/index.d.ts +3 -0
  61. package/dist/node_modules/@devchain/shared/index.d.ts.map +1 -1
  62. package/dist/node_modules/@devchain/shared/index.js +3 -0
  63. package/dist/node_modules/@devchain/shared/index.js.map +1 -1
  64. package/dist/node_modules/@devchain/shared/schemas/export-schema.d.ts +14 -6
  65. package/dist/node_modules/@devchain/shared/schemas/export-schema.d.ts.map +1 -1
  66. package/dist/node_modules/@devchain/shared/schemas/export-schema.js +1 -0
  67. package/dist/node_modules/@devchain/shared/schemas/export-schema.js.map +1 -1
  68. package/dist/node_modules/@devchain/shared/tsconfig.tsbuildinfo +1 -1
  69. package/dist/node_modules/@devchain/shared/tunnel-protocol.d.ts +99 -0
  70. package/dist/node_modules/@devchain/shared/tunnel-protocol.d.ts.map +1 -0
  71. package/dist/node_modules/@devchain/shared/tunnel-protocol.js +148 -0
  72. package/dist/node_modules/@devchain/shared/tunnel-protocol.js.map +1 -0
  73. package/dist/server/app.main.module.js +2 -0
  74. package/dist/server/app.main.module.js.map +1 -1
  75. package/dist/server/app.normal.module.js +2 -0
  76. package/dist/server/app.normal.module.js.map +1 -1
  77. package/dist/server/common/config/env.config.js +5 -7
  78. package/dist/server/common/config/env.config.js.map +1 -1
  79. package/dist/server/common/test/app-bootstrap.helper.js +5 -1
  80. package/dist/server/common/test/app-bootstrap.helper.js.map +1 -1
  81. package/dist/server/modules/agent-message-delivery/adapters/legacy-delivery-formatter.adapter.js +4 -0
  82. package/dist/server/modules/agent-message-delivery/adapters/legacy-delivery-formatter.adapter.js.map +1 -1
  83. package/dist/server/modules/agent-message-delivery/agent-message-delivery.service.d.ts +3 -1
  84. package/dist/server/modules/agent-message-delivery/agent-message-delivery.service.js +16 -3
  85. package/dist/server/modules/agent-message-delivery/agent-message-delivery.service.js.map +1 -1
  86. package/dist/server/modules/agent-message-delivery/dtos/delivery.types.d.ts +4 -0
  87. package/dist/server/modules/agents/agents.module.js +2 -1
  88. package/dist/server/modules/agents/agents.module.js.map +1 -1
  89. package/dist/server/modules/agents/controllers/agents.controller.d.ts +3 -1
  90. package/dist/server/modules/agents/controllers/agents.controller.js +12 -2
  91. package/dist/server/modules/agents/controllers/agents.controller.js.map +1 -1
  92. package/dist/server/modules/cloud/cloud.module.js +8 -1
  93. package/dist/server/modules/cloud/cloud.module.js.map +1 -1
  94. package/dist/server/modules/cloud/controllers/auth-callback.controller.js +5 -4
  95. package/dist/server/modules/cloud/controllers/auth-callback.controller.js.map +1 -1
  96. package/dist/server/modules/cloud/controllers/devices-proxy.controller.js +1 -1
  97. package/dist/server/modules/cloud/controllers/devices-proxy.controller.js.map +1 -1
  98. package/dist/server/modules/cloud/controllers/preferences-proxy.controller.js +1 -1
  99. package/dist/server/modules/cloud/controllers/preferences-proxy.controller.js.map +1 -1
  100. package/dist/server/modules/cloud/controllers/qr-initiate-proxy.controller.js +1 -1
  101. package/dist/server/modules/cloud/controllers/qr-initiate-proxy.controller.js.map +1 -1
  102. package/dist/server/modules/cloud/controllers/store-tokens-error.d.ts +4 -0
  103. package/dist/server/modules/cloud/controllers/store-tokens-error.js +103 -0
  104. package/dist/server/modules/cloud/controllers/store-tokens-error.js.map +1 -0
  105. package/dist/server/modules/cloud/services/cloud-session-manager.service.js +18 -8
  106. package/dist/server/modules/cloud/services/cloud-session-manager.service.js.map +1 -1
  107. package/dist/server/modules/cloud/services/egress-queue.service.js +2 -2
  108. package/dist/server/modules/cloud/services/egress-queue.service.js.map +1 -1
  109. package/dist/server/modules/cloud/services/event-mapper.service.d.ts +9 -1
  110. package/dist/server/modules/cloud/services/event-mapper.service.js +18 -2
  111. package/dist/server/modules/cloud/services/event-mapper.service.js.map +1 -1
  112. package/dist/server/modules/cloud/services/project-activity-reporter.service.js +1 -1
  113. package/dist/server/modules/cloud/services/project-activity-reporter.service.js.map +1 -1
  114. package/dist/server/modules/cloud-tunnel/cloud-tunnel.module.js +57 -2
  115. package/dist/server/modules/cloud-tunnel/cloud-tunnel.module.js.map +1 -1
  116. package/dist/server/modules/cloud-tunnel/services/ask-user-question-push-gate.service.d.ts +20 -0
  117. package/dist/server/modules/cloud-tunnel/services/ask-user-question-push-gate.service.js +84 -0
  118. package/dist/server/modules/cloud-tunnel/services/ask-user-question-push-gate.service.js.map +1 -0
  119. package/dist/server/modules/cloud-tunnel/services/epic-dto.util.d.ts +3 -0
  120. package/dist/server/modules/cloud-tunnel/services/epic-dto.util.js +43 -0
  121. package/dist/server/modules/cloud-tunnel/services/epic-dto.util.js.map +1 -0
  122. package/dist/server/modules/cloud-tunnel/services/jsonrpc-error.util.d.ts +11 -0
  123. package/dist/server/modules/cloud-tunnel/services/jsonrpc-error.util.js +32 -0
  124. package/dist/server/modules/cloud-tunnel/services/jsonrpc-error.util.js.map +1 -0
  125. package/dist/server/modules/cloud-tunnel/services/lifecycle-operation-tracker.d.ts +30 -0
  126. package/dist/server/modules/cloud-tunnel/services/lifecycle-operation-tracker.js +80 -0
  127. package/dist/server/modules/cloud-tunnel/services/lifecycle-operation-tracker.js.map +1 -0
  128. package/dist/server/modules/cloud-tunnel/services/mobile-board-rpc.service.d.ts +16 -0
  129. package/dist/server/modules/cloud-tunnel/services/mobile-board-rpc.service.js +78 -0
  130. package/dist/server/modules/cloud-tunnel/services/mobile-board-rpc.service.js.map +1 -0
  131. package/dist/server/modules/cloud-tunnel/services/mobile-chat-rpc.service.d.ts +112 -0
  132. package/dist/server/modules/cloud-tunnel/services/mobile-chat-rpc.service.js +457 -0
  133. package/dist/server/modules/cloud-tunnel/services/mobile-chat-rpc.service.js.map +1 -0
  134. package/dist/server/modules/cloud-tunnel/services/tunnel-client.service.d.ts +28 -2
  135. package/dist/server/modules/cloud-tunnel/services/tunnel-client.service.js +143 -5
  136. package/dist/server/modules/cloud-tunnel/services/tunnel-client.service.js.map +1 -1
  137. package/dist/server/modules/cloud-tunnel/services/tunnel-event-forwarder.service.d.ts +21 -0
  138. package/dist/server/modules/cloud-tunnel/services/tunnel-event-forwarder.service.js +171 -0
  139. package/dist/server/modules/cloud-tunnel/services/tunnel-event-forwarder.service.js.map +1 -0
  140. package/dist/server/modules/cloud-tunnel/services/tunnel-handler.service.d.ts +9 -4
  141. package/dist/server/modules/cloud-tunnel/services/tunnel-handler.service.js +194 -52
  142. package/dist/server/modules/cloud-tunnel/services/tunnel-handler.service.js.map +1 -1
  143. package/dist/server/modules/cloud-tunnel/services/tunnel-push-crypto.service.d.ts +21 -0
  144. package/dist/server/modules/cloud-tunnel/services/tunnel-push-crypto.service.js +117 -0
  145. package/dist/server/modules/cloud-tunnel/services/tunnel-push-crypto.service.js.map +1 -0
  146. package/dist/server/modules/cloud-tunnel/services/tunnel-rpc-crypto.service.d.ts +41 -0
  147. package/dist/server/modules/cloud-tunnel/services/tunnel-rpc-crypto.service.js +116 -0
  148. package/dist/server/modules/cloud-tunnel/services/tunnel-rpc-crypto.service.js.map +1 -0
  149. package/dist/server/modules/cloud-tunnel/services/tunnel-viewport-crypto.service.d.ts +20 -0
  150. package/dist/server/modules/cloud-tunnel/services/tunnel-viewport-crypto.service.js +114 -0
  151. package/dist/server/modules/cloud-tunnel/services/tunnel-viewport-crypto.service.js.map +1 -0
  152. package/dist/server/modules/cloud-tunnel/services/viewport-frame-sink.d.ts +6 -0
  153. package/dist/server/modules/cloud-tunnel/services/viewport-frame-sink.js +7 -0
  154. package/dist/server/modules/cloud-tunnel/services/viewport-frame-sink.js.map +1 -0
  155. package/dist/server/modules/cloud-tunnel/services/viewport-streamer.service.d.ts +30 -0
  156. package/dist/server/modules/cloud-tunnel/services/viewport-streamer.service.js +228 -0
  157. package/dist/server/modules/cloud-tunnel/services/viewport-streamer.service.js.map +1 -0
  158. package/dist/server/modules/e2ee/controllers/e2ee-pairing.controller.d.ts +18 -0
  159. package/dist/server/modules/e2ee/controllers/e2ee-pairing.controller.js +62 -0
  160. package/dist/server/modules/e2ee/controllers/e2ee-pairing.controller.js.map +1 -0
  161. package/dist/server/modules/e2ee/controllers/e2ee-trust.controller.d.ts +19 -0
  162. package/dist/server/modules/e2ee/controllers/e2ee-trust.controller.js +85 -0
  163. package/dist/server/modules/e2ee/controllers/e2ee-trust.controller.js.map +1 -0
  164. package/dist/server/modules/e2ee/e2ee.module.d.ts +2 -0
  165. package/dist/server/modules/e2ee/e2ee.module.js +27 -0
  166. package/dist/server/modules/e2ee/e2ee.module.js.map +1 -0
  167. package/dist/server/modules/e2ee/services/e2ee-device-store.service.d.ts +29 -0
  168. package/dist/server/modules/e2ee/services/e2ee-device-store.service.js +138 -0
  169. package/dist/server/modules/e2ee/services/e2ee-device-store.service.js.map +1 -0
  170. package/dist/server/modules/e2ee/services/e2ee-keypair.service.d.ts +21 -0
  171. package/dist/server/modules/e2ee/services/e2ee-keypair.service.js +152 -0
  172. package/dist/server/modules/e2ee/services/e2ee-keypair.service.js.map +1 -0
  173. package/dist/server/modules/e2ee/services/e2ee-pairing.service.d.ts +28 -0
  174. package/dist/server/modules/e2ee/services/e2ee-pairing.service.js +107 -0
  175. package/dist/server/modules/e2ee/services/e2ee-pairing.service.js.map +1 -0
  176. package/dist/server/modules/e2ee/services/e2ee-trust.service.d.ts +36 -0
  177. package/dist/server/modules/e2ee/services/e2ee-trust.service.js +118 -0
  178. package/dist/server/modules/e2ee/services/e2ee-trust.service.js.map +1 -0
  179. package/dist/server/modules/epics/services/epics.service.d.ts +1 -0
  180. package/dist/server/modules/epics/services/epics.service.js +10 -0
  181. package/dist/server/modules/epics/services/epics.service.js.map +1 -1
  182. package/dist/server/modules/events/catalog/broadcast-metadata.d.ts +6 -2
  183. package/dist/server/modules/events/catalog/broadcast-registry.d.ts +2 -2
  184. package/dist/server/modules/events/catalog/broadcast-registry.js +58 -1
  185. package/dist/server/modules/events/catalog/broadcast-registry.js.map +1 -1
  186. package/dist/server/modules/events/catalog/claude.hooks.ask_user_question.pending.d.ts +122 -0
  187. package/dist/server/modules/events/catalog/claude.hooks.ask_user_question.pending.js +28 -0
  188. package/dist/server/modules/events/catalog/claude.hooks.ask_user_question.pending.js.map +1 -0
  189. package/dist/server/modules/events/catalog/claude.hooks.ask_user_question.resolved.d.ts +18 -0
  190. package/dist/server/modules/events/catalog/claude.hooks.ask_user_question.resolved.js +13 -0
  191. package/dist/server/modules/events/catalog/claude.hooks.ask_user_question.resolved.js.map +1 -0
  192. package/dist/server/modules/events/catalog/index.d.ts +90 -0
  193. package/dist/server/modules/events/catalog/index.js +4 -0
  194. package/dist/server/modules/events/catalog/index.js.map +1 -1
  195. package/dist/server/modules/events/catalog/project-broadcast.d.ts +7 -0
  196. package/dist/server/modules/events/catalog/project-broadcast.js +10 -0
  197. package/dist/server/modules/events/catalog/project-broadcast.js.map +1 -0
  198. package/dist/server/modules/events/catalog/session.transcript.discovered.d.ts +3 -0
  199. package/dist/server/modules/events/catalog/session.transcript.discovered.js +1 -0
  200. package/dist/server/modules/events/catalog/session.transcript.discovered.js.map +1 -1
  201. package/dist/server/modules/events/services/catalog-broadcaster.service.js +3 -4
  202. package/dist/server/modules/events/services/catalog-broadcaster.service.js.map +1 -1
  203. package/dist/server/modules/hooks/dtos/ask-user-question.dto.d.ts +5 -0
  204. package/dist/server/modules/hooks/dtos/ask-user-question.dto.js +51 -0
  205. package/dist/server/modules/hooks/dtos/ask-user-question.dto.js.map +1 -0
  206. package/dist/server/modules/hooks/dtos/hook-event.dto.d.ts +206 -5
  207. package/dist/server/modules/hooks/dtos/hook-event.dto.js +40 -8
  208. package/dist/server/modules/hooks/dtos/hook-event.dto.js.map +1 -1
  209. package/dist/server/modules/hooks/hooks.module.js +3 -2
  210. package/dist/server/modules/hooks/hooks.module.js.map +1 -1
  211. package/dist/server/modules/hooks/services/hooks-config.service.d.ts +1 -0
  212. package/dist/server/modules/hooks/services/hooks-config.service.js +52 -33
  213. package/dist/server/modules/hooks/services/hooks-config.service.js.map +1 -1
  214. package/dist/server/modules/hooks/services/hooks.service.d.ts +5 -1
  215. package/dist/server/modules/hooks/services/hooks.service.js +68 -2
  216. package/dist/server/modules/hooks/services/hooks.service.js.map +1 -1
  217. package/dist/server/modules/hooks/services/pending-ask-user-question.service.d.ts +38 -0
  218. package/dist/server/modules/hooks/services/pending-ask-user-question.service.js +105 -0
  219. package/dist/server/modules/hooks/services/pending-ask-user-question.service.js.map +1 -0
  220. package/dist/server/modules/orchestrator/worktrees/services/worktrees.service.js +3 -0
  221. package/dist/server/modules/orchestrator/worktrees/services/worktrees.service.js.map +1 -1
  222. package/dist/server/modules/projects/controllers/projects.controller.d.ts +7 -0
  223. package/dist/server/modules/projects/dtos/export.dto.d.ts +8 -0
  224. package/dist/server/modules/projects/dtos/export.dto.js +1 -0
  225. package/dist/server/modules/projects/dtos/export.dto.js.map +1 -1
  226. package/dist/server/modules/projects/helpers/project-export.d.ts +1 -0
  227. package/dist/server/modules/projects/helpers/project-export.js +19 -5
  228. package/dist/server/modules/projects/helpers/project-export.js.map +1 -1
  229. package/dist/server/modules/projects/helpers/project-import-sessions.d.ts +11 -0
  230. package/dist/server/modules/projects/helpers/project-import-sessions.js +47 -0
  231. package/dist/server/modules/projects/helpers/project-import-sessions.js.map +1 -0
  232. package/dist/server/modules/projects/helpers/project-import.d.ts +4 -0
  233. package/dist/server/modules/projects/helpers/project-import.js +12 -2
  234. package/dist/server/modules/projects/helpers/project-import.js.map +1 -1
  235. package/dist/server/modules/projects/services/projects.service.d.ts +5 -0
  236. package/dist/server/modules/providers/adapters/claude.adapter.d.ts +1 -0
  237. package/dist/server/modules/providers/adapters/claude.adapter.js +1 -0
  238. package/dist/server/modules/providers/adapters/claude.adapter.js.map +1 -1
  239. package/dist/server/modules/providers/adapters/opencode.adapter.d.ts +4 -1
  240. package/dist/server/modules/providers/adapters/opencode.adapter.js +3 -0
  241. package/dist/server/modules/providers/adapters/opencode.adapter.js.map +1 -1
  242. package/dist/server/modules/providers/adapters/provider-adapter.interface.d.ts +2 -0
  243. package/dist/server/modules/providers/controllers/providers.controller.d.ts +50 -3
  244. package/dist/server/modules/providers/controllers/providers.controller.js +12 -3
  245. package/dist/server/modules/providers/controllers/providers.controller.js.map +1 -1
  246. package/dist/server/modules/providers/services/provider-state-manager.service.d.ts +2 -1
  247. package/dist/server/modules/providers/services/provider-state-manager.service.js +43 -1
  248. package/dist/server/modules/providers/services/provider-state-manager.service.js.map +1 -1
  249. package/dist/server/modules/registry/controllers/templates.controller.d.ts +2 -1
  250. package/dist/server/modules/registry/services/template-cache.service.d.ts +2 -0
  251. package/dist/server/modules/registry/services/template-cache.service.js +5 -0
  252. package/dist/server/modules/registry/services/template-cache.service.js.map +1 -1
  253. package/dist/server/modules/registry/services/unified-template.service.d.ts +1 -0
  254. package/dist/server/modules/registry/services/unified-template.service.js +9 -1
  255. package/dist/server/modules/registry/services/unified-template.service.js.map +1 -1
  256. package/dist/server/modules/session-reader/__fixtures__/opencode-fixture-db.d.ts +44 -0
  257. package/dist/server/modules/session-reader/__fixtures__/opencode-fixture-db.js +85 -0
  258. package/dist/server/modules/session-reader/__fixtures__/opencode-fixture-db.js.map +1 -0
  259. package/dist/server/modules/session-reader/adapters/opencode-session-reader.adapter.d.ts +23 -0
  260. package/dist/server/modules/session-reader/adapters/opencode-session-reader.adapter.js +150 -0
  261. package/dist/server/modules/session-reader/adapters/opencode-session-reader.adapter.js.map +1 -0
  262. package/dist/server/modules/session-reader/adapters/session-reader-adapter.interface.d.ts +16 -2
  263. package/dist/server/modules/session-reader/adapters/session-reader-adapter.interface.js +39 -0
  264. package/dist/server/modules/session-reader/adapters/session-reader-adapter.interface.js.map +1 -1
  265. package/dist/server/modules/session-reader/adapters/utils/coalesce-turns.d.ts +11 -0
  266. package/dist/server/modules/session-reader/adapters/utils/coalesce-turns.js +81 -0
  267. package/dist/server/modules/session-reader/adapters/utils/coalesce-turns.js.map +1 -0
  268. package/dist/server/modules/session-reader/adapters/utils/tool-result-fold.d.ts +2 -0
  269. package/dist/server/modules/session-reader/adapters/utils/tool-result-fold.js +9 -0
  270. package/dist/server/modules/session-reader/adapters/utils/tool-result-fold.js.map +1 -0
  271. package/dist/server/modules/session-reader/builders/chunk-builder.js +0 -2
  272. package/dist/server/modules/session-reader/builders/chunk-builder.js.map +1 -1
  273. package/dist/server/modules/session-reader/builders/semantic-step-extractor.js +2 -0
  274. package/dist/server/modules/session-reader/builders/semantic-step-extractor.js.map +1 -1
  275. package/dist/server/modules/session-reader/controllers/session-reader.controller.d.ts +1 -0
  276. package/dist/server/modules/session-reader/data/pricing.json +387 -34
  277. package/dist/server/modules/session-reader/dtos/unified-message.types.d.ts +1 -0
  278. package/dist/server/modules/session-reader/dtos/unified-session.types.js.map +1 -1
  279. package/dist/server/modules/session-reader/parsers/claude-jsonl.parser.js +46 -0
  280. package/dist/server/modules/session-reader/parsers/claude-jsonl.parser.js.map +1 -1
  281. package/dist/server/modules/session-reader/parsers/codex-jsonl.parser.js +35 -17
  282. package/dist/server/modules/session-reader/parsers/codex-jsonl.parser.js.map +1 -1
  283. package/dist/server/modules/session-reader/readers/opencode-sqlite.reader.d.ts +69 -0
  284. package/dist/server/modules/session-reader/readers/opencode-sqlite.reader.js +378 -0
  285. package/dist/server/modules/session-reader/readers/opencode-sqlite.reader.js.map +1 -0
  286. package/dist/server/modules/session-reader/services/session-cache.service.d.ts +12 -3
  287. package/dist/server/modules/session-reader/services/session-cache.service.js +104 -19
  288. package/dist/server/modules/session-reader/services/session-cache.service.js.map +1 -1
  289. package/dist/server/modules/session-reader/services/session-reader.service.d.ts +5 -0
  290. package/dist/server/modules/session-reader/services/session-reader.service.js +51 -16
  291. package/dist/server/modules/session-reader/services/session-reader.service.js.map +1 -1
  292. package/dist/server/modules/session-reader/services/transcript-path-validator.service.js +1 -0
  293. package/dist/server/modules/session-reader/services/transcript-path-validator.service.js.map +1 -1
  294. package/dist/server/modules/session-reader/services/transcript-persistence.listener.d.ts +3 -0
  295. package/dist/server/modules/session-reader/services/transcript-persistence.listener.js +70 -1
  296. package/dist/server/modules/session-reader/services/transcript-persistence.listener.js.map +1 -1
  297. package/dist/server/modules/session-reader/services/transcript-watcher-rehydrator.service.d.ts +10 -0
  298. package/dist/server/modules/session-reader/services/transcript-watcher-rehydrator.service.js +47 -0
  299. package/dist/server/modules/session-reader/services/transcript-watcher-rehydrator.service.js.map +1 -0
  300. package/dist/server/modules/session-reader/services/transcript-watcher.service.d.ts +7 -1
  301. package/dist/server/modules/session-reader/services/transcript-watcher.service.js +177 -28
  302. package/dist/server/modules/session-reader/services/transcript-watcher.service.js.map +1 -1
  303. package/dist/server/modules/session-reader/session-reader.module.d.ts +3 -1
  304. package/dist/server/modules/session-reader/session-reader.module.js +10 -2
  305. package/dist/server/modules/session-reader/session-reader.module.js.map +1 -1
  306. package/dist/server/modules/sessions/controllers/sessions.controller.js +2 -22
  307. package/dist/server/modules/sessions/controllers/sessions.controller.js.map +1 -1
  308. package/dist/server/modules/sessions/dtos/sessions.dto.d.ts +1 -0
  309. package/dist/server/modules/sessions/dtos/sessions.dto.js.map +1 -1
  310. package/dist/server/modules/sessions/services/active-session-lookup.service.d.ts +5 -0
  311. package/dist/server/modules/sessions/services/active-session-lookup.service.js +12 -0
  312. package/dist/server/modules/sessions/services/active-session-lookup.service.js.map +1 -1
  313. package/dist/server/modules/sessions/services/message-enqueue.service.d.ts +2 -0
  314. package/dist/server/modules/sessions/services/message-enqueue.service.js +2 -0
  315. package/dist/server/modules/sessions/services/message-enqueue.service.js.map +1 -1
  316. package/dist/server/modules/sessions/services/message-pool.types.d.ts +2 -0
  317. package/dist/server/modules/sessions/services/provider-launch-config/provider-launch-config.service.js +1 -1
  318. package/dist/server/modules/sessions/services/provider-launch-config/provider-launch-config.service.js.map +1 -1
  319. package/dist/server/modules/sessions/services/session-lifecycle-facade.service.d.ts +18 -0
  320. package/dist/server/modules/sessions/services/session-lifecycle-facade.service.js +74 -0
  321. package/dist/server/modules/sessions/services/session-lifecycle-facade.service.js.map +1 -0
  322. package/dist/server/modules/sessions/services/session-runtime/__test-utils__/pipeline-harness.d.ts +4 -2
  323. package/dist/server/modules/sessions/services/session-runtime/__test-utils__/pipeline-harness.js +4 -2
  324. package/dist/server/modules/sessions/services/session-runtime/__test-utils__/pipeline-harness.js.map +1 -1
  325. package/dist/server/modules/sessions/services/session-runtime/session-launch-pipeline.service.js +2 -2
  326. package/dist/server/modules/sessions/services/session-runtime/session-launch-pipeline.service.js.map +1 -1
  327. package/dist/server/modules/sessions/services/session-runtime/session-restore-pipeline.service.js +2 -2
  328. package/dist/server/modules/sessions/services/session-runtime/session-restore-pipeline.service.js.map +1 -1
  329. package/dist/server/modules/sessions/services/sessions-message-pool.service.js +15 -3
  330. package/dist/server/modules/sessions/services/sessions-message-pool.service.js.map +1 -1
  331. package/dist/server/modules/sessions/services/sessions.service.d.ts +8 -0
  332. package/dist/server/modules/sessions/services/sessions.service.js +52 -1
  333. package/dist/server/modules/sessions/services/sessions.service.js.map +1 -1
  334. package/dist/server/modules/sessions/sessions-lifecycle.module.d.ts +2 -0
  335. package/dist/server/modules/sessions/sessions-lifecycle.module.js +23 -0
  336. package/dist/server/modules/sessions/sessions-lifecycle.module.js.map +1 -0
  337. package/dist/server/modules/settings/local/delegates/core-settings.delegate.js.map +1 -1
  338. package/dist/server/modules/settings/local/delegates/preset-settings.delegate.d.ts +1 -0
  339. package/dist/server/modules/settings/local/delegates/preset-settings.delegate.js +36 -0
  340. package/dist/server/modules/settings/local/delegates/preset-settings.delegate.js.map +1 -1
  341. package/dist/server/modules/settings/services/settings.service.d.ts +1 -0
  342. package/dist/server/modules/settings/services/settings.service.js +3 -0
  343. package/dist/server/modules/settings/services/settings.service.js.map +1 -1
  344. package/dist/server/modules/storage/db/schema.d.ts +83 -0
  345. package/dist/server/modules/storage/db/schema.js +15 -2
  346. package/dist/server/modules/storage/db/schema.js.map +1 -1
  347. package/dist/server/modules/storage/interfaces/storage.interface.d.ts +13 -2
  348. package/dist/server/modules/storage/interfaces/storage.interface.js.map +1 -1
  349. package/dist/server/modules/storage/local/delegates/epic.delegate.d.ts +1 -0
  350. package/dist/server/modules/storage/local/delegates/epic.delegate.js +8 -0
  351. package/dist/server/modules/storage/local/delegates/epic.delegate.js.map +1 -1
  352. package/dist/server/modules/storage/local/delegates/provider.delegate.d.ts +5 -1
  353. package/dist/server/modules/storage/local/delegates/provider.delegate.js +122 -0
  354. package/dist/server/modules/storage/local/delegates/provider.delegate.js.map +1 -1
  355. package/dist/server/modules/storage/local/delegates/session.delegate.d.ts +9 -0
  356. package/dist/server/modules/storage/local/delegates/session.delegate.js +115 -0
  357. package/dist/server/modules/storage/local/delegates/session.delegate.js.map +1 -0
  358. package/dist/server/modules/storage/local/local-storage.service.d.ts +10 -0
  359. package/dist/server/modules/storage/local/local-storage.service.js +20 -0
  360. package/dist/server/modules/storage/local/local-storage.service.js.map +1 -1
  361. package/dist/server/modules/storage/models/domain.models.d.ts +1 -0
  362. package/dist/server/modules/subscribers/services/automation-scheduler.service.js.map +1 -1
  363. package/dist/server/modules/teams/services/teams.service.d.ts +31 -3
  364. package/dist/server/modules/teams/services/teams.service.js +193 -2
  365. package/dist/server/modules/teams/services/teams.service.js.map +1 -1
  366. package/dist/server/modules/teams/storage/teams.store.d.ts +5 -0
  367. package/dist/server/modules/teams/storage/teams.store.js +34 -0
  368. package/dist/server/modules/teams/storage/teams.store.js.map +1 -1
  369. package/dist/server/modules/teams/teams.module.js +2 -1
  370. package/dist/server/modules/teams/teams.module.js.map +1 -1
  371. package/dist/server/modules/terminal/gateways/terminal.gateway.d.ts +5 -0
  372. package/dist/server/modules/terminal/gateways/terminal.gateway.js +45 -7
  373. package/dist/server/modules/terminal/gateways/terminal.gateway.js.map +1 -1
  374. package/dist/server/modules/terminal/services/pty.service.js +11 -3
  375. package/dist/server/modules/terminal/services/pty.service.js.map +1 -1
  376. package/dist/server/modules/terminal/services/terminal-io/terminal-io.service.d.ts +1 -1
  377. package/dist/server/modules/terminal/services/terminal-io/terminal-io.service.js +9 -2
  378. package/dist/server/modules/terminal/services/terminal-io/terminal-io.service.js.map +1 -1
  379. package/dist/server/modules/terminal/services/terminal-io/viewport-capture.d.ts +12 -0
  380. package/dist/server/modules/terminal/services/terminal-io/viewport-capture.js +50 -0
  381. package/dist/server/modules/terminal/services/terminal-io/viewport-capture.js.map +1 -0
  382. package/dist/server/modules/terminal/services/terminal-seed.service.js +1 -1
  383. package/dist/server/modules/terminal/services/terminal-seed.service.js.map +1 -1
  384. package/dist/server/modules/terminal/services/terminal-session/terminal-session.d.ts +9 -0
  385. package/dist/server/modules/terminal/services/terminal-session/terminal-session.js +24 -7
  386. package/dist/server/modules/terminal/services/terminal-session/terminal-session.js.map +1 -1
  387. package/dist/server/modules/terminal/services/terminal-viewport/terminal-viewport.facade.d.ts +12 -0
  388. package/dist/server/modules/terminal/services/terminal-viewport/terminal-viewport.facade.js +55 -0
  389. package/dist/server/modules/terminal/services/terminal-viewport/terminal-viewport.facade.js.map +1 -0
  390. package/dist/server/modules/terminal/terminal-viewport.module.d.ts +2 -0
  391. package/dist/server/modules/terminal/terminal-viewport.module.js +24 -0
  392. package/dist/server/modules/terminal/terminal-viewport.module.js.map +1 -0
  393. package/dist/server/modules/terminal/utils/normalize-line-endings.d.ts +1 -0
  394. package/dist/server/modules/terminal/utils/normalize-line-endings.js +8 -0
  395. package/dist/server/modules/terminal/utils/normalize-line-endings.js.map +1 -1
  396. package/dist/server/templates/3-agents-dev.json +33 -28
  397. package/dist/server/templates/teams-dev.json +189 -261
  398. package/dist/server/tsconfig.tsbuildinfo +1 -1
  399. package/dist/server/ui/assets/{ReviewDetailPage-C_XRFo7X.js → ReviewDetailPage-BpPjTAgL.js} +1 -1
  400. package/dist/server/ui/assets/{ReviewsPage-DUxJp7iE.js → ReviewsPage-CAs14WVx.js} +1 -1
  401. package/dist/server/ui/assets/index-CzMrWNAV.css +32 -0
  402. package/dist/server/ui/assets/index-DhGz-UAr.js +1100 -0
  403. package/dist/server/ui/assets/{useReviewSubscription-DJzltHrV.js → useReviewSubscription-CscSQD7B.js} +1 -1
  404. package/dist/server/ui/favicon.svg +2 -16
  405. package/dist/server/ui/index.html +2 -2
  406. package/dist/templates/3-agents-dev.json +33 -28
  407. package/dist/templates/teams-dev.json +189 -261
  408. package/package.json +28 -8
  409. package/dist/server/ui/assets/index-C_ZOt0it.css +0 -32
  410. package/dist/server/ui/assets/index-DS51wECY.js +0 -1095
@@ -0,0 +1,19 @@
1
+ import { E2eeTrustService, type DeviceSafetyNumberResult, type DeviceTrustResult, type PairedDeviceSummary } from '../services/e2ee-trust.service';
2
+ interface AdoptBody {
3
+ kid?: string;
4
+ publicKeyB64?: string;
5
+ label?: string;
6
+ }
7
+ export declare class E2eeTrustController {
8
+ private readonly trust;
9
+ constructor(trust: E2eeTrustService);
10
+ listDevices(): PairedDeviceSummary[];
11
+ safetyNumber(kid: string): Promise<DeviceSafetyNumberResult>;
12
+ verify(kid: string): DeviceTrustResult;
13
+ revokeDevice(kid: string): {
14
+ kid: string;
15
+ removed: boolean;
16
+ };
17
+ adopt(body: AdoptBody): DeviceTrustResult;
18
+ }
19
+ export {};
@@ -0,0 +1,85 @@
1
+ "use strict";
2
+ var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
3
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
4
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
5
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
6
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
7
+ };
8
+ var __metadata = (this && this.__metadata) || function (k, v) {
9
+ if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
10
+ };
11
+ var __param = (this && this.__param) || function (paramIndex, decorator) {
12
+ return function (target, key) { decorator(target, key, paramIndex); }
13
+ };
14
+ Object.defineProperty(exports, "__esModule", { value: true });
15
+ exports.E2eeTrustController = void 0;
16
+ const common_1 = require("@nestjs/common");
17
+ const error_types_1 = require("../../../common/errors/error-types");
18
+ const e2ee_trust_service_1 = require("../services/e2ee-trust.service");
19
+ let E2eeTrustController = class E2eeTrustController {
20
+ constructor(trust) {
21
+ this.trust = trust;
22
+ }
23
+ listDevices() {
24
+ return this.trust.listDevices();
25
+ }
26
+ async safetyNumber(kid) {
27
+ return this.trust.getSafetyNumber(kid);
28
+ }
29
+ verify(kid) {
30
+ return this.trust.verifyDevice(kid);
31
+ }
32
+ revokeDevice(kid) {
33
+ return this.trust.revokeDevice(kid);
34
+ }
35
+ adopt(body) {
36
+ if (!body?.kid || !body.publicKeyB64) {
37
+ throw new error_types_1.ValidationError('kid and publicKeyB64 are required');
38
+ }
39
+ return this.trust.adoptPeerKeyTofu({
40
+ kid: body.kid,
41
+ publicKeyB64: body.publicKeyB64,
42
+ ...(body.label !== undefined ? { label: body.label } : {}),
43
+ });
44
+ }
45
+ };
46
+ exports.E2eeTrustController = E2eeTrustController;
47
+ __decorate([
48
+ (0, common_1.Get)(),
49
+ __metadata("design:type", Function),
50
+ __metadata("design:paramtypes", []),
51
+ __metadata("design:returntype", Array)
52
+ ], E2eeTrustController.prototype, "listDevices", null);
53
+ __decorate([
54
+ (0, common_1.Get)(':kid/safety-number'),
55
+ __param(0, (0, common_1.Param)('kid')),
56
+ __metadata("design:type", Function),
57
+ __metadata("design:paramtypes", [String]),
58
+ __metadata("design:returntype", Promise)
59
+ ], E2eeTrustController.prototype, "safetyNumber", null);
60
+ __decorate([
61
+ (0, common_1.Post)(':kid/verify'),
62
+ __param(0, (0, common_1.Param)('kid')),
63
+ __metadata("design:type", Function),
64
+ __metadata("design:paramtypes", [String]),
65
+ __metadata("design:returntype", Object)
66
+ ], E2eeTrustController.prototype, "verify", null);
67
+ __decorate([
68
+ (0, common_1.Delete)(':kid'),
69
+ __param(0, (0, common_1.Param)('kid')),
70
+ __metadata("design:type", Function),
71
+ __metadata("design:paramtypes", [String]),
72
+ __metadata("design:returntype", Object)
73
+ ], E2eeTrustController.prototype, "revokeDevice", null);
74
+ __decorate([
75
+ (0, common_1.Post)('adopt'),
76
+ __param(0, (0, common_1.Body)()),
77
+ __metadata("design:type", Function),
78
+ __metadata("design:paramtypes", [Object]),
79
+ __metadata("design:returntype", Object)
80
+ ], E2eeTrustController.prototype, "adopt", null);
81
+ exports.E2eeTrustController = E2eeTrustController = __decorate([
82
+ (0, common_1.Controller)('api/e2ee/devices'),
83
+ __metadata("design:paramtypes", [e2ee_trust_service_1.E2eeTrustService])
84
+ ], E2eeTrustController);
85
+ //# sourceMappingURL=e2ee-trust.controller.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"e2ee-trust.controller.js","sourceRoot":"","sources":["../../../../src/modules/e2ee/controllers/e2ee-trust.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAA4E;AAC5E,oEAAqE;AACrE,uEAKwC;AAmBjC,IAAM,mBAAmB,GAAzB,MAAM,mBAAmB;IAC9B,YAA6B,KAAuB;QAAvB,UAAK,GAAL,KAAK,CAAkB;IAAG,CAAC;IAGxD,WAAW;QACT,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;IAClC,CAAC;IAGK,AAAN,KAAK,CAAC,YAAY,CAAe,GAAW;QAC1C,OAAO,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;IACzC,CAAC;IAGD,MAAM,CAAe,GAAW;QAC9B,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;IACtC,CAAC;IAGD,YAAY,CAAe,GAAW;QACpC,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;IACtC,CAAC;IAGD,KAAK,CAAS,IAAe;QAC3B,IAAI,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACrC,MAAM,IAAI,6BAAe,CAAC,mCAAmC,CAAC,CAAC;QACjE,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC;YACjC,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,GAAG,CAAC,IAAI,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC3D,CAAC,CAAC;IACL,CAAC;CACF,CAAA;AAlCY,kDAAmB;AAI9B;IADC,IAAA,YAAG,GAAE;;;;sDAGL;AAGK;IADL,IAAA,YAAG,EAAC,oBAAoB,CAAC;IACN,WAAA,IAAA,cAAK,EAAC,KAAK,CAAC,CAAA;;;;uDAE/B;AAGD;IADC,IAAA,aAAI,EAAC,aAAa,CAAC;IACZ,WAAA,IAAA,cAAK,EAAC,KAAK,CAAC,CAAA;;;;iDAEnB;AAGD;IADC,IAAA,eAAM,EAAC,MAAM,CAAC;IACD,WAAA,IAAA,cAAK,EAAC,KAAK,CAAC,CAAA;;;;uDAEzB;AAGD;IADC,IAAA,aAAI,EAAC,OAAO,CAAC;IACP,WAAA,IAAA,aAAI,GAAE,CAAA;;;;gDASZ;8BAjCU,mBAAmB;IAD/B,IAAA,mBAAU,EAAC,kBAAkB,CAAC;qCAEO,qCAAgB;GADzC,mBAAmB,CAkC/B"}
@@ -0,0 +1,2 @@
1
+ export declare class E2eeModule {
2
+ }
@@ -0,0 +1,27 @@
1
+ "use strict";
2
+ var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
3
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
4
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
5
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
6
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
7
+ };
8
+ Object.defineProperty(exports, "__esModule", { value: true });
9
+ exports.E2eeModule = void 0;
10
+ const common_1 = require("@nestjs/common");
11
+ const e2ee_keypair_service_1 = require("./services/e2ee-keypair.service");
12
+ const e2ee_device_store_service_1 = require("./services/e2ee-device-store.service");
13
+ const e2ee_pairing_service_1 = require("./services/e2ee-pairing.service");
14
+ const e2ee_trust_service_1 = require("./services/e2ee-trust.service");
15
+ const e2ee_pairing_controller_1 = require("./controllers/e2ee-pairing.controller");
16
+ const e2ee_trust_controller_1 = require("./controllers/e2ee-trust.controller");
17
+ let E2eeModule = class E2eeModule {
18
+ };
19
+ exports.E2eeModule = E2eeModule;
20
+ exports.E2eeModule = E2eeModule = __decorate([
21
+ (0, common_1.Module)({
22
+ controllers: [e2ee_pairing_controller_1.E2eePairingController, e2ee_trust_controller_1.E2eeTrustController],
23
+ providers: [e2ee_keypair_service_1.E2eeKeypairService, e2ee_device_store_service_1.E2eeDeviceStoreService, e2ee_pairing_service_1.E2eePairingService, e2ee_trust_service_1.E2eeTrustService],
24
+ exports: [e2ee_keypair_service_1.E2eeKeypairService, e2ee_device_store_service_1.E2eeDeviceStoreService, e2ee_pairing_service_1.E2eePairingService, e2ee_trust_service_1.E2eeTrustService],
25
+ })
26
+ ], E2eeModule);
27
+ //# sourceMappingURL=e2ee.module.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"e2ee.module.js","sourceRoot":"","sources":["../../../src/modules/e2ee/e2ee.module.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAAwC;AACxC,0EAAqE;AACrE,oFAA8E;AAC9E,0EAAqE;AACrE,sEAAiE;AACjE,mFAA8E;AAC9E,+EAA0E;AAgBnE,IAAM,UAAU,GAAhB,MAAM,UAAU;CAAG,CAAA;AAAb,gCAAU;qBAAV,UAAU;IALtB,IAAA,eAAM,EAAC;QACN,WAAW,EAAE,CAAC,+CAAqB,EAAE,2CAAmB,CAAC;QACzD,SAAS,EAAE,CAAC,yCAAkB,EAAE,kDAAsB,EAAE,yCAAkB,EAAE,qCAAgB,CAAC;QAC7F,OAAO,EAAE,CAAC,yCAAkB,EAAE,kDAAsB,EAAE,yCAAkB,EAAE,qCAAgB,CAAC;KAC5F,CAAC;GACW,UAAU,CAAG"}
@@ -0,0 +1,29 @@
1
+ import { BetterSQLite3Database } from 'drizzle-orm/better-sqlite3';
2
+ import { type E2eeTrustStatus, type E2eeVerificationMethod, type E2eeAdoptionMethod, type IncomingPeerKey } from '@devchain/shared';
3
+ export interface E2eePeerDevice {
4
+ kid: string;
5
+ publicKeyB64: string;
6
+ addedAt: string;
7
+ trust: E2eeTrustStatus;
8
+ adoptedVia?: E2eeAdoptionMethod;
9
+ verifiedVia?: E2eeVerificationMethod;
10
+ verifiedAt?: string;
11
+ label?: string;
12
+ }
13
+ export declare class E2eeDeviceStoreService {
14
+ private readonly db;
15
+ private sqlite;
16
+ constructor(db: BetterSQLite3Database);
17
+ add(device: Omit<E2eePeerDevice, 'addedAt' | 'trust'> & {
18
+ addedAt?: string;
19
+ trust?: E2eeTrustStatus;
20
+ }): E2eePeerDevice;
21
+ reconcile(incoming: IncomingPeerKey, now?: string): E2eePeerDevice;
22
+ markVerified(kid: string, now?: string): E2eePeerDevice | null;
23
+ private toDevice;
24
+ get(kid: string): E2eePeerDevice | null;
25
+ revoke(kid: string): boolean;
26
+ list(): E2eePeerDevice[];
27
+ private load;
28
+ private save;
29
+ }
@@ -0,0 +1,138 @@
1
+ "use strict";
2
+ var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
3
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
4
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
5
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
6
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
7
+ };
8
+ var __metadata = (this && this.__metadata) || function (k, v) {
9
+ if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
10
+ };
11
+ var __param = (this && this.__param) || function (paramIndex, decorator) {
12
+ return function (target, key) { decorator(target, key, paramIndex); }
13
+ };
14
+ Object.defineProperty(exports, "__esModule", { value: true });
15
+ exports.E2eeDeviceStoreService = void 0;
16
+ const common_1 = require("@nestjs/common");
17
+ const crypto_1 = require("crypto");
18
+ const better_sqlite3_1 = require("drizzle-orm/better-sqlite3");
19
+ const shared_1 = require("@devchain/shared");
20
+ const db_provider_1 = require("../../storage/db/db.provider");
21
+ const sqlite_raw_1 = require("../../storage/db/sqlite-raw");
22
+ const logger_1 = require("../../../common/logging/logger");
23
+ const logger = (0, logger_1.createLogger)('E2eeDeviceStore');
24
+ const SETTINGS_KEY = 'cloud.e2ee.devices';
25
+ const STORE_VERSION = 1;
26
+ let E2eeDeviceStoreService = class E2eeDeviceStoreService {
27
+ constructor(db) {
28
+ this.db = db;
29
+ this.sqlite = (0, sqlite_raw_1.getRawSqliteClient)(this.db);
30
+ }
31
+ add(device) {
32
+ const dir = this.load();
33
+ const record = {
34
+ kid: device.kid,
35
+ publicKeyB64: device.publicKeyB64,
36
+ addedAt: device.addedAt ?? new Date().toISOString(),
37
+ trust: device.trust ?? 'unverified',
38
+ ...(device.adoptedVia !== undefined ? { adoptedVia: device.adoptedVia } : {}),
39
+ ...(device.verifiedVia !== undefined ? { verifiedVia: device.verifiedVia } : {}),
40
+ ...(device.verifiedAt !== undefined ? { verifiedAt: device.verifiedAt } : {}),
41
+ ...(device.label !== undefined ? { label: device.label } : {}),
42
+ };
43
+ dir.devices[record.kid] = record;
44
+ this.save(dir);
45
+ logger.info({ kid: record.kid, trust: record.trust }, 'Peer E2EE device public key added');
46
+ return record;
47
+ }
48
+ reconcile(incoming, now = new Date().toISOString()) {
49
+ const dir = this.load();
50
+ const existing = (dir.devices[incoming.kid] ?? null);
51
+ const prior = existing ??
52
+ Object.values(dir.devices).find((d) => d.publicKeyB64 === incoming.publicKeyB64) ??
53
+ null;
54
+ const reconciled = (0, shared_1.reconcilePeerKey)(prior, incoming, now);
55
+ const record = this.toDevice(reconciled);
56
+ dir.devices[record.kid] = record;
57
+ this.save(dir);
58
+ logger.info({ kid: record.kid, trust: record.trust, adoptedVia: record.adoptedVia }, 'Peer E2EE device reconciled (TOFU adopt / rotation)');
59
+ return record;
60
+ }
61
+ markVerified(kid, now = new Date().toISOString()) {
62
+ const dir = this.load();
63
+ const existing = dir.devices[kid];
64
+ if (!existing)
65
+ return null;
66
+ const record = this.toDevice((0, shared_1.markVerifiedViaSafetyNumber)(existing, now));
67
+ dir.devices[kid] = record;
68
+ this.save(dir);
69
+ logger.info({ kid }, 'Peer E2EE device marked VERIFIED via safety-number');
70
+ return record;
71
+ }
72
+ toDevice(rec) {
73
+ return {
74
+ kid: rec.kid,
75
+ publicKeyB64: rec.publicKeyB64,
76
+ addedAt: rec.addedAt,
77
+ trust: rec.trust,
78
+ ...(rec.adoptedVia !== undefined ? { adoptedVia: rec.adoptedVia } : {}),
79
+ ...(rec.verifiedVia !== undefined ? { verifiedVia: rec.verifiedVia } : {}),
80
+ ...(rec.verifiedAt !== undefined ? { verifiedAt: rec.verifiedAt } : {}),
81
+ ...(rec.label !== undefined ? { label: rec.label } : {}),
82
+ };
83
+ }
84
+ get(kid) {
85
+ return this.load().devices[kid] ?? null;
86
+ }
87
+ revoke(kid) {
88
+ const dir = this.load();
89
+ if (!dir.devices[kid])
90
+ return false;
91
+ delete dir.devices[kid];
92
+ this.save(dir);
93
+ logger.info({ kid }, 'Peer E2EE device public key revoked');
94
+ return true;
95
+ }
96
+ list() {
97
+ return Object.values(this.load().devices);
98
+ }
99
+ load() {
100
+ const row = this.sqlite
101
+ .prepare('SELECT value FROM settings WHERE key = ?')
102
+ .get(SETTINGS_KEY);
103
+ if (!row)
104
+ return { v: STORE_VERSION, devices: {} };
105
+ try {
106
+ const parsed = JSON.parse(row.value);
107
+ if (parsed.v !== STORE_VERSION || typeof parsed.devices !== 'object') {
108
+ logger.warn('E2EE device directory has unexpected shape — resetting');
109
+ return { v: STORE_VERSION, devices: {} };
110
+ }
111
+ for (const rec of Object.values(parsed.devices)) {
112
+ if (rec && typeof rec === 'object' && rec.trust === undefined) {
113
+ rec.trust = 'unverified';
114
+ }
115
+ }
116
+ return parsed;
117
+ }
118
+ catch {
119
+ logger.warn('Failed to parse E2EE device directory — resetting');
120
+ return { v: STORE_VERSION, devices: {} };
121
+ }
122
+ }
123
+ save(dir) {
124
+ const now = new Date().toISOString();
125
+ this.sqlite
126
+ .prepare(`INSERT INTO settings (id, key, value, created_at, updated_at)
127
+ VALUES (?, ?, ?, ?, ?)
128
+ ON CONFLICT(key) DO UPDATE SET value = excluded.value, updated_at = excluded.updated_at`)
129
+ .run((0, crypto_1.randomUUID)(), SETTINGS_KEY, JSON.stringify(dir), now, now);
130
+ }
131
+ };
132
+ exports.E2eeDeviceStoreService = E2eeDeviceStoreService;
133
+ exports.E2eeDeviceStoreService = E2eeDeviceStoreService = __decorate([
134
+ (0, common_1.Injectable)(),
135
+ __param(0, (0, common_1.Inject)(db_provider_1.DB_CONNECTION)),
136
+ __metadata("design:paramtypes", [better_sqlite3_1.BetterSQLite3Database])
137
+ ], E2eeDeviceStoreService);
138
+ //# sourceMappingURL=e2ee-device-store.service.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"e2ee-device-store.service.js","sourceRoot":"","sources":["../../../../src/modules/e2ee/services/e2ee-device-store.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAoD;AACpD,mCAAoC;AACpC,+DAAmE;AAEnE,6CAQ0B;AAC1B,8DAA6D;AAC7D,4DAAiE;AACjE,2DAA8D;AAE9D,MAAM,MAAM,GAAG,IAAA,qBAAY,EAAC,iBAAiB,CAAC,CAAC;AAE/C,MAAM,YAAY,GAAG,oBAAoB,CAAC;AAkC1C,MAAM,aAAa,GAAG,CAAC,CAAC;AAUjB,IAAM,sBAAsB,GAA5B,MAAM,sBAAsB;IAGjC,YAAoD,EAAyB;QAAzB,OAAE,GAAF,EAAE,CAAuB;QAC3E,IAAI,CAAC,MAAM,GAAG,IAAA,+BAAkB,EAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC5C,CAAC;IAOD,GAAG,CACD,MAGC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACxB,MAAM,MAAM,GAAmB;YAC7B,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnD,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,YAAY;YACnC,GAAG,CAAC,MAAM,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7E,GAAG,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAChF,GAAG,CAAC,MAAM,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7E,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC/D,CAAC;QACF,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC;QACjC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,EAAE,mCAAmC,CAAC,CAAC;QAC3F,OAAO,MAAM,CAAC;IAChB,CAAC;IAUD,SAAS,CAAC,QAAyB,EAAE,MAAc,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACzE,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACxB,MAAM,QAAQ,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,IAAI,CAA2B,CAAC;QAG/E,MAAM,KAAK,GACT,QAAQ;YACR,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,QAAQ,CAAC,YAAY,CAAC;YAChF,IAAI,CAAC;QACP,MAAM,UAAU,GAAG,IAAA,yBAAgB,EAAC,KAA+B,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;QACpF,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QACzC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC;QACjC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACf,MAAM,CAAC,IAAI,CACT,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,EACvE,qDAAqD,CACtD,CAAC;QACF,OAAO,MAAM,CAAC;IAChB,CAAC;IAMD,YAAY,CAAC,GAAW,EAAE,MAAc,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC9D,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACxB,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC;QAC3B,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAA,oCAA2B,EAAC,QAA2B,EAAE,GAAG,CAAC,CAAC,CAAC;QAC5F,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC;QAC1B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,EAAE,oDAAoD,CAAC,CAAC;QAC3E,OAAO,MAAM,CAAC;IAChB,CAAC;IAGO,QAAQ,CAAC,GAAoB;QACnC,OAAO;YACL,GAAG,EAAE,GAAG,CAAC,GAAG;YACZ,YAAY,EAAE,GAAG,CAAC,YAAY;YAC9B,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,GAAG,CAAC,GAAG,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvE,GAAG,CAAC,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1E,GAAG,CAAC,GAAG,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvE,GAAG,CAAC,GAAG,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACzD,CAAC;IACJ,CAAC;IAGD,GAAG,CAAC,GAAW;QACb,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC;IAC1C,CAAC;IAGD,MAAM,CAAC,GAAW;QAChB,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACxB,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;YAAE,OAAO,KAAK,CAAC;QACpC,OAAO,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACxB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,EAAE,qCAAqC,CAAC,CAAC;QAC5D,OAAO,IAAI,CAAC;IACd,CAAC;IAGD,IAAI;QACF,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,CAAC;IAC5C,CAAC;IAEO,IAAI;QACV,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM;aACpB,OAAO,CAAC,0CAA0C,CAAC;aACnD,GAAG,CAAC,YAAY,CAAkC,CAAC;QACtD,IAAI,CAAC,GAAG;YAAE,OAAO,EAAE,CAAC,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QACnD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAoB,CAAC;YACxD,IAAI,MAAM,CAAC,CAAC,KAAK,aAAa,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;gBACrE,MAAM,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;gBACtE,OAAO,EAAE,CAAC,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;YAC3C,CAAC;YAGD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;gBAChD,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;oBAC9D,GAAG,CAAC,KAAK,GAAG,YAAY,CAAC;gBAC3B,CAAC;YACH,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;YACjE,OAAO,EAAE,CAAC,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QAC3C,CAAC;IACH,CAAC;IAEO,IAAI,CAAC,GAAoB;QAC/B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,IAAI,CAAC,MAAM;aACR,OAAO,CACN;;iGAEyF,CAC1F;aACA,GAAG,CAAC,IAAA,mBAAU,GAAE,EAAE,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;IACpE,CAAC;CACF,CAAA;AAnJY,wDAAsB;iCAAtB,sBAAsB;IADlC,IAAA,mBAAU,GAAE;IAIE,WAAA,IAAA,eAAM,EAAC,2BAAa,CAAC,CAAA;qCAAsB,sCAAqB;GAHlE,sBAAsB,CAmJlC"}
@@ -0,0 +1,21 @@
1
+ import { BetterSQLite3Database } from 'drizzle-orm/better-sqlite3';
2
+ import { type E2eeKeyPair } from '@devchain/shared';
3
+ export interface E2eePublicKeyExport {
4
+ kid: string;
5
+ publicKeyB64: string;
6
+ }
7
+ export declare class E2eeKeypairService {
8
+ private readonly db;
9
+ private sqlite;
10
+ private encryptionKey;
11
+ private cache;
12
+ constructor(db: BetterSQLite3Database);
13
+ getOrCreate(): Promise<E2eeKeyPair>;
14
+ exportPublic(): Promise<E2eePublicKeyExport>;
15
+ private persist;
16
+ private retrieve;
17
+ private getEncryptionKey;
18
+ private getOrCreateSecret;
19
+ private encrypt;
20
+ private decrypt;
21
+ }
@@ -0,0 +1,152 @@
1
+ "use strict";
2
+ var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
3
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
4
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
5
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
6
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
7
+ };
8
+ var __metadata = (this && this.__metadata) || function (k, v) {
9
+ if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
10
+ };
11
+ var __param = (this && this.__param) || function (paramIndex, decorator) {
12
+ return function (target, key) { decorator(target, key, paramIndex); }
13
+ };
14
+ Object.defineProperty(exports, "__esModule", { value: true });
15
+ exports.E2eeKeypairService = void 0;
16
+ const common_1 = require("@nestjs/common");
17
+ const crypto_1 = require("crypto");
18
+ const fs_1 = require("fs");
19
+ const path_1 = require("path");
20
+ const os_1 = require("os");
21
+ const better_sqlite3_1 = require("drizzle-orm/better-sqlite3");
22
+ const shared_1 = require("@devchain/shared");
23
+ const db_provider_1 = require("../../storage/db/db.provider");
24
+ const sqlite_raw_1 = require("../../storage/db/sqlite-raw");
25
+ const logger_1 = require("../../../common/logging/logger");
26
+ const logger = (0, logger_1.createLogger)('E2eeKeypair');
27
+ const SETTINGS_KEY = 'cloud.e2ee.keypair';
28
+ const APP_SALT = Buffer.from('devchain-e2ee-keypair-store-v1-salt', 'utf8');
29
+ const STORE_VERSION = 1;
30
+ const SECRET_DIR = (0, path_1.join)((0, os_1.homedir)(), '.devchain', 'cloud');
31
+ const SECRET_FILE = (0, path_1.join)(SECRET_DIR, 'secret.key');
32
+ const SECRET_LENGTH = 32;
33
+ const KEY_LENGTH = 32;
34
+ const IV_LENGTH = 12;
35
+ const AUTH_TAG_LENGTH = 16;
36
+ const SCRYPT_COST = 16384;
37
+ const SCRYPT_BLOCK_SIZE = 8;
38
+ const SCRYPT_PARALLELIZATION = 1;
39
+ let E2eeKeypairService = class E2eeKeypairService {
40
+ constructor(db) {
41
+ this.db = db;
42
+ this.encryptionKey = null;
43
+ this.cache = null;
44
+ this.sqlite = (0, sqlite_raw_1.getRawSqliteClient)(this.db);
45
+ }
46
+ async getOrCreate() {
47
+ if (this.cache)
48
+ return this.cache;
49
+ const stored = this.retrieve();
50
+ if (stored) {
51
+ this.cache = stored;
52
+ return stored;
53
+ }
54
+ const generated = (0, shared_1.generateX25519KeyPair)((n) => (0, crypto_1.randomBytes)(n));
55
+ this.persist(generated.privateKey);
56
+ this.cache = generated;
57
+ logger.info('Generated new X25519 E2EE keypair');
58
+ return generated;
59
+ }
60
+ async exportPublic() {
61
+ const kp = await this.getOrCreate();
62
+ return {
63
+ kid: kp.kid,
64
+ publicKeyB64: Buffer.from(kp.publicKey).toString('base64'),
65
+ };
66
+ }
67
+ persist(privateKey) {
68
+ const record = {
69
+ v: STORE_VERSION,
70
+ priv: Buffer.from(privateKey).toString('base64'),
71
+ };
72
+ const encrypted = this.encrypt(JSON.stringify(record));
73
+ const now = new Date().toISOString();
74
+ this.sqlite
75
+ .prepare(`INSERT INTO settings (id, key, value, created_at, updated_at)
76
+ VALUES (lower(hex(randomblob(16))), ?, ?, ?, ?)
77
+ ON CONFLICT(key) DO UPDATE SET value = excluded.value, updated_at = excluded.updated_at`)
78
+ .run(SETTINGS_KEY, encrypted, now, now);
79
+ }
80
+ retrieve() {
81
+ const row = this.sqlite
82
+ .prepare('SELECT value FROM settings WHERE key = ?')
83
+ .get(SETTINGS_KEY);
84
+ if (!row)
85
+ return null;
86
+ try {
87
+ const record = JSON.parse(this.decrypt(row.value));
88
+ if (record.v !== STORE_VERSION || typeof record.priv !== 'string') {
89
+ logger.warn('E2EE keypair record has unexpected shape — will regenerate');
90
+ return null;
91
+ }
92
+ const privateKey = Buffer.from(record.priv, 'base64');
93
+ if (privateKey.length !== shared_1.X25519_PRIVATE_KEY_BYTES) {
94
+ logger.warn('E2EE private key has wrong byte length — will regenerate');
95
+ return null;
96
+ }
97
+ return (0, shared_1.fromX25519PrivateKey)(new Uint8Array(privateKey));
98
+ }
99
+ catch {
100
+ logger.warn('Failed to decrypt E2EE keypair — will regenerate');
101
+ return null;
102
+ }
103
+ }
104
+ getEncryptionKey() {
105
+ if (this.encryptionKey)
106
+ return this.encryptionKey;
107
+ const secret = this.getOrCreateSecret();
108
+ const machineComponent = Buffer.from(`${(0, os_1.hostname)()}:${(0, os_1.userInfo)().username}`, 'utf8');
109
+ const password = Buffer.concat([secret, machineComponent]);
110
+ this.encryptionKey = (0, crypto_1.scryptSync)(password, APP_SALT, KEY_LENGTH, {
111
+ N: SCRYPT_COST,
112
+ r: SCRYPT_BLOCK_SIZE,
113
+ p: SCRYPT_PARALLELIZATION,
114
+ });
115
+ return this.encryptionKey;
116
+ }
117
+ getOrCreateSecret() {
118
+ if ((0, fs_1.existsSync)(SECRET_FILE))
119
+ return (0, fs_1.readFileSync)(SECRET_FILE);
120
+ if (!(0, fs_1.existsSync)(SECRET_DIR))
121
+ (0, fs_1.mkdirSync)(SECRET_DIR, { recursive: true, mode: 0o700 });
122
+ const secret = (0, crypto_1.randomBytes)(SECRET_LENGTH);
123
+ (0, fs_1.writeFileSync)(SECRET_FILE, secret, { mode: 0o600 });
124
+ (0, fs_1.chmodSync)(SECRET_FILE, 0o600);
125
+ return secret;
126
+ }
127
+ encrypt(plaintext) {
128
+ const key = this.getEncryptionKey();
129
+ const iv = (0, crypto_1.randomBytes)(IV_LENGTH);
130
+ const cipher = (0, crypto_1.createCipheriv)('aes-256-gcm', key, iv, { authTagLength: AUTH_TAG_LENGTH });
131
+ const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);
132
+ const authTag = cipher.getAuthTag();
133
+ return Buffer.concat([iv, authTag, encrypted]).toString('base64');
134
+ }
135
+ decrypt(ciphertext) {
136
+ const key = this.getEncryptionKey();
137
+ const data = Buffer.from(ciphertext, 'base64');
138
+ const iv = data.subarray(0, IV_LENGTH);
139
+ const authTag = data.subarray(IV_LENGTH, IV_LENGTH + AUTH_TAG_LENGTH);
140
+ const encrypted = data.subarray(IV_LENGTH + AUTH_TAG_LENGTH);
141
+ const decipher = (0, crypto_1.createDecipheriv)('aes-256-gcm', key, iv, { authTagLength: AUTH_TAG_LENGTH });
142
+ decipher.setAuthTag(authTag);
143
+ return decipher.update(encrypted) + decipher.final('utf8');
144
+ }
145
+ };
146
+ exports.E2eeKeypairService = E2eeKeypairService;
147
+ exports.E2eeKeypairService = E2eeKeypairService = __decorate([
148
+ (0, common_1.Injectable)(),
149
+ __param(0, (0, common_1.Inject)(db_provider_1.DB_CONNECTION)),
150
+ __metadata("design:paramtypes", [better_sqlite3_1.BetterSQLite3Database])
151
+ ], E2eeKeypairService);
152
+ //# sourceMappingURL=e2ee-keypair.service.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"e2ee-keypair.service.js","sourceRoot":"","sources":["../../../../src/modules/e2ee/services/e2ee-keypair.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAoD;AACpD,mCAAmF;AACnF,2BAAmF;AACnF,+BAA4B;AAC5B,2BAAiD;AACjD,+DAAmE;AAEnE,6CAK0B;AAC1B,8DAA6D;AAC7D,4DAAiE;AACjE,2DAA8D;AAE9D,MAAM,MAAM,GAAG,IAAA,qBAAY,EAAC,aAAa,CAAC,CAAC;AAM3C,MAAM,YAAY,GAAG,oBAAoB,CAAC;AAC1C,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,qCAAqC,EAAE,MAAM,CAAC,CAAC;AAC5E,MAAM,aAAa,GAAG,CAAC,CAAC;AACxB,MAAM,UAAU,GAAG,IAAA,WAAI,EAAC,IAAA,YAAO,GAAE,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;AACzD,MAAM,WAAW,GAAG,IAAA,WAAI,EAAC,UAAU,EAAE,YAAY,CAAC,CAAC;AACnD,MAAM,aAAa,GAAG,EAAE,CAAC;AACzB,MAAM,UAAU,GAAG,EAAE,CAAC;AACtB,MAAM,SAAS,GAAG,EAAE,CAAC;AACrB,MAAM,eAAe,GAAG,EAAE,CAAC;AAC3B,MAAM,WAAW,GAAG,KAAK,CAAC;AAC1B,MAAM,iBAAiB,GAAG,CAAC,CAAC;AAC5B,MAAM,sBAAsB,GAAG,CAAC,CAAC;AA2B1B,IAAM,kBAAkB,GAAxB,MAAM,kBAAkB;IAK7B,YAAmC,EAA0C;QAAzB,OAAE,GAAF,EAAE,CAAuB;QAHrE,kBAAa,GAAkB,IAAI,CAAC;QACpC,UAAK,GAAuB,IAAI,CAAC;QAGvC,IAAI,CAAC,MAAM,GAAG,IAAA,+BAAkB,EAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC5C,CAAC;IAMD,KAAK,CAAC,WAAW;QACf,IAAI,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC;QAClC,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC/B,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC;YACpB,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,MAAM,SAAS,GAAG,IAAA,8BAAqB,EAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,oBAAW,EAAC,CAAC,CAAC,CAAC,CAAC;QAC/D,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QACnC,IAAI,CAAC,KAAK,GAAG,SAAS,CAAC;QACvB,MAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;QACjD,OAAO,SAAS,CAAC;IACnB,CAAC;IAGD,KAAK,CAAC,YAAY;QAChB,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QACpC,OAAO;YACL,GAAG,EAAE,EAAE,CAAC,GAAG;YACX,YAAY,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;SAC3D,CAAC;IACJ,CAAC;IAEO,OAAO,CAAC,UAAsB;QACpC,MAAM,MAAM,GAAsB;YAChC,CAAC,EAAE,aAAa;YAChB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;SACjD,CAAC;QACF,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;QACvD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,IAAI,CAAC,MAAM;aACR,OAAO,CACN;;iGAEyF,CAC1F;aACA,GAAG,CAAC,YAAY,EAAE,SAAS,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;IAC5C,CAAC;IAEO,QAAQ;QACd,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM;aACpB,OAAO,CAAC,0CAA0C,CAAC;aACnD,GAAG,CAAC,YAAY,CAAkC,CAAC;QACtD,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QACtB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAsB,CAAC;YACxE,IAAI,MAAM,CAAC,CAAC,KAAK,aAAa,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAClE,MAAM,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;gBAC1E,OAAO,IAAI,CAAC;YACd,CAAC;YACD,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;YACtD,IAAI,UAAU,CAAC,MAAM,KAAK,iCAAwB,EAAE,CAAC;gBACnD,MAAM,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC;gBACxE,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,IAAA,6BAAoB,EAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;QAC1D,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAEO,gBAAgB;QACtB,IAAI,IAAI,CAAC,aAAa;YAAE,OAAO,IAAI,CAAC,aAAa,CAAC;QAClD,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACxC,MAAM,gBAAgB,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,IAAA,aAAQ,GAAE,IAAI,IAAA,aAAQ,GAAE,CAAC,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;QACrF,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC,CAAC;QAC3D,IAAI,CAAC,aAAa,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE;YAC9D,CAAC,EAAE,WAAW;YACd,CAAC,EAAE,iBAAiB;YACpB,CAAC,EAAE,sBAAsB;SAC1B,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IAEO,iBAAiB;QACvB,IAAI,IAAA,eAAU,EAAC,WAAW,CAAC;YAAE,OAAO,IAAA,iBAAY,EAAC,WAAW,CAAC,CAAC;QAC9D,IAAI,CAAC,IAAA,eAAU,EAAC,UAAU,CAAC;YAAE,IAAA,cAAS,EAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACrF,MAAM,MAAM,GAAG,IAAA,oBAAW,EAAC,aAAa,CAAC,CAAC;QAC1C,IAAA,kBAAa,EAAC,WAAW,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACpD,IAAA,cAAS,EAAC,WAAW,EAAE,KAAK,CAAC,CAAC;QAC9B,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,OAAO,CAAC,SAAiB;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACpC,MAAM,EAAE,GAAG,IAAA,oBAAW,EAAC,SAAS,CAAC,CAAC;QAClC,MAAM,MAAM,GAAG,IAAA,uBAAc,EAAC,aAAa,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,aAAa,EAAE,eAAe,EAAE,CAAC,CAAC;QAC1F,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACpF,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QACpC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACpE,CAAC;IAEO,OAAO,CAAC,UAAkB;QAChC,MAAM,GAAG,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACpC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAC/C,MAAM,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,SAAS,GAAG,eAAe,CAAC,CAAC;QACtE,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,GAAG,eAAe,CAAC,CAAC;QAC7D,MAAM,QAAQ,GAAG,IAAA,yBAAgB,EAAC,aAAa,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,aAAa,EAAE,eAAe,EAAE,CAAC,CAAC;QAC9F,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAC7B,OAAO,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC7D,CAAC;CACF,CAAA;AApHY,gDAAkB;6BAAlB,kBAAkB;IAD9B,IAAA,mBAAU,GAAE;IAME,WAAA,IAAA,eAAM,EAAC,2BAAa,CAAC,CAAA;qCAAsB,sCAAqB;GALlE,kBAAkB,CAoH9B"}
@@ -0,0 +1,28 @@
1
+ import { type E2eeTrustStatus } from '@devchain/shared';
2
+ import { E2eeKeypairService } from './e2ee-keypair.service';
3
+ import { E2eeDeviceStoreService } from './e2ee-device-store.service';
4
+ export interface BeginQrPairingResult {
5
+ pcEncPubKey: string;
6
+ pcEncKid: string;
7
+ pairingSecret: string;
8
+ }
9
+ export interface CompleteQrPairingInput {
10
+ channelId: string;
11
+ deviceEncPubKey: string;
12
+ deviceEncKid: string;
13
+ pairingMac: string;
14
+ label?: string;
15
+ }
16
+ export interface CompleteQrPairingResult {
17
+ kid: string;
18
+ trust: E2eeTrustStatus;
19
+ }
20
+ export declare class E2eePairingService {
21
+ private readonly keypair;
22
+ private readonly deviceStore;
23
+ private readonly pending;
24
+ constructor(keypair: E2eeKeypairService, deviceStore: E2eeDeviceStoreService);
25
+ beginQrPairing(channelId: string): Promise<BeginQrPairingResult>;
26
+ completeQrPairing(input: CompleteQrPairingInput): Promise<CompleteQrPairingResult>;
27
+ private evictExpired;
28
+ }
@@ -0,0 +1,107 @@
1
+ "use strict";
2
+ var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
3
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
4
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
5
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
6
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
7
+ };
8
+ var __metadata = (this && this.__metadata) || function (k, v) {
9
+ if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
10
+ };
11
+ Object.defineProperty(exports, "__esModule", { value: true });
12
+ exports.E2eePairingService = void 0;
13
+ const common_1 = require("@nestjs/common");
14
+ const crypto_1 = require("crypto");
15
+ const shared_1 = require("@devchain/shared");
16
+ const error_types_1 = require("../../../common/errors/error-types");
17
+ const logger_1 = require("../../../common/logging/logger");
18
+ const e2ee_keypair_service_1 = require("./e2ee-keypair.service");
19
+ const e2ee_device_store_service_1 = require("./e2ee-device-store.service");
20
+ const logger = (0, logger_1.createLogger)('E2eePairing');
21
+ const PENDING_TTL_MS = 5 * 60 * 1000;
22
+ let E2eePairingService = class E2eePairingService {
23
+ constructor(keypair, deviceStore) {
24
+ this.keypair = keypair;
25
+ this.deviceStore = deviceStore;
26
+ this.pending = new Map();
27
+ }
28
+ async beginQrPairing(channelId) {
29
+ if (!channelId)
30
+ throw new error_types_1.ValidationError('channelId is required');
31
+ this.evictExpired();
32
+ const pub = await this.keypair.exportPublic();
33
+ const secret = Uint8Array.from((0, crypto_1.randomBytes)(shared_1.PAIRING_SECRET_BYTES));
34
+ this.pending.set(channelId, { secret, createdAt: Date.now() });
35
+ return {
36
+ pcEncPubKey: pub.publicKeyB64,
37
+ pcEncKid: pub.kid,
38
+ pairingSecret: (0, shared_1.bytesToBase64)(secret),
39
+ };
40
+ }
41
+ async completeQrPairing(input) {
42
+ this.evictExpired();
43
+ const pending = this.pending.get(input.channelId);
44
+ if (!pending) {
45
+ throw new error_types_1.NotFoundError('Pairing session', input.channelId);
46
+ }
47
+ if (!input.deviceEncPubKey || !input.deviceEncKid || !input.pairingMac) {
48
+ throw new error_types_1.ValidationError('deviceEncPubKey, deviceEncKid and pairingMac are required');
49
+ }
50
+ let devicePublicKey;
51
+ let mac;
52
+ try {
53
+ devicePublicKey = (0, shared_1.base64ToBytes)(input.deviceEncPubKey);
54
+ mac = (0, shared_1.base64ToBytes)(input.pairingMac);
55
+ }
56
+ catch {
57
+ throw new error_types_1.ValidationError('deviceEncPubKey / pairingMac are not valid base64');
58
+ }
59
+ if (devicePublicKey.length !== shared_1.X25519_PUBLIC_KEY_BYTES) {
60
+ throw new error_types_1.ValidationError(`deviceEncPubKey must decode to ${shared_1.X25519_PUBLIC_KEY_BYTES} bytes`);
61
+ }
62
+ if ((0, shared_1.deriveKid)(devicePublicKey) !== input.deviceEncKid) {
63
+ this.pending.delete(input.channelId);
64
+ logger.warn({ channelId: input.channelId, suppliedKid: input.deviceEncKid }, 'E2EE QR pairing rejected — deviceEncKid does not match deviceEncPubKey (possible substitution)');
65
+ throw new error_types_1.ForbiddenError('E2EE pairing verification failed');
66
+ }
67
+ const pc = await this.keypair.getOrCreate();
68
+ const transcript = (0, shared_1.buildPairingTranscript)({
69
+ pcPublicKey: pc.publicKey,
70
+ pcKid: pc.kid,
71
+ mobilePublicKey: devicePublicKey,
72
+ mobileKid: input.deviceEncKid,
73
+ channelId: input.channelId,
74
+ });
75
+ if (!(0, shared_1.verifyPairingMac)(pending.secret, transcript, mac)) {
76
+ this.pending.delete(input.channelId);
77
+ logger.warn({ channelId: input.channelId, deviceKid: input.deviceEncKid }, 'E2EE QR pairing MAC verification failed — rejecting (possible key-substituting relay)');
78
+ throw new error_types_1.ForbiddenError('E2EE pairing verification failed');
79
+ }
80
+ (0, shared_1.deriveSharedKey)(pc.privateKey, devicePublicKey);
81
+ const record = this.deviceStore.add({
82
+ kid: input.deviceEncKid,
83
+ publicKeyB64: input.deviceEncPubKey,
84
+ trust: 'verified',
85
+ verifiedVia: 'qr',
86
+ verifiedAt: new Date().toISOString(),
87
+ ...(input.label !== undefined ? { label: input.label } : {}),
88
+ });
89
+ this.pending.delete(input.channelId);
90
+ logger.info({ channelId: input.channelId, deviceKid: record.kid }, 'E2EE QR pairing verified — peer device marked VERIFIED');
91
+ return { kid: record.kid, trust: record.trust };
92
+ }
93
+ evictExpired() {
94
+ const cutoff = Date.now() - PENDING_TTL_MS;
95
+ for (const [channelId, entry] of this.pending) {
96
+ if (entry.createdAt < cutoff)
97
+ this.pending.delete(channelId);
98
+ }
99
+ }
100
+ };
101
+ exports.E2eePairingService = E2eePairingService;
102
+ exports.E2eePairingService = E2eePairingService = __decorate([
103
+ (0, common_1.Injectable)(),
104
+ __metadata("design:paramtypes", [e2ee_keypair_service_1.E2eeKeypairService,
105
+ e2ee_device_store_service_1.E2eeDeviceStoreService])
106
+ ], E2eePairingService);
107
+ //# sourceMappingURL=e2ee-pairing.service.js.map