devchain-cli 0.14.1 → 0.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -4
- package/dist/cli.js +5 -11
- package/dist/drizzle/0065_next_lady_bullseye.sql +11 -0
- package/dist/drizzle/meta/0065_snapshot.json +5691 -0
- package/dist/drizzle/meta/_journal.json +7 -0
- package/dist/node_modules/@devchain/codebase-overview/tsconfig.tsbuildinfo +1 -1
- package/dist/node_modules/@devchain/codebase-overview/types.d.ts.map +1 -1
- package/dist/node_modules/@devchain/shared/__fixtures__/phase2-frames.d.ts +20 -0
- package/dist/node_modules/@devchain/shared/__fixtures__/phase2-frames.d.ts.map +1 -0
- package/dist/node_modules/@devchain/shared/__fixtures__/phase2-frames.js +77 -0
- package/dist/node_modules/@devchain/shared/__fixtures__/phase2-frames.js.map +1 -0
- package/dist/node_modules/@devchain/shared/device-key/index.d.ts +2 -0
- package/dist/node_modules/@devchain/shared/device-key/index.d.ts.map +1 -0
- package/dist/node_modules/@devchain/shared/device-key/index.js +2 -0
- package/dist/node_modules/@devchain/shared/device-key/index.js.map +1 -0
- package/dist/node_modules/@devchain/shared/device-key/keypair.d.ts +23 -0
- package/dist/node_modules/@devchain/shared/device-key/keypair.d.ts.map +1 -0
- package/dist/node_modules/@devchain/shared/device-key/keypair.js +54 -0
- package/dist/node_modules/@devchain/shared/device-key/keypair.js.map +1 -0
- package/dist/node_modules/@devchain/shared/e2ee/aad.d.ts +3 -0
- package/dist/node_modules/@devchain/shared/e2ee/aad.d.ts.map +1 -0
- package/dist/node_modules/@devchain/shared/e2ee/aad.js +0 -0
- package/dist/node_modules/@devchain/shared/e2ee/aad.js.map +1 -0
- package/dist/node_modules/@devchain/shared/e2ee/base64.d.ts +6 -0
- package/dist/node_modules/@devchain/shared/e2ee/base64.d.ts.map +1 -0
- package/dist/node_modules/@devchain/shared/e2ee/base64.js +69 -0
- package/dist/node_modules/@devchain/shared/e2ee/base64.js.map +1 -0
- package/dist/node_modules/@devchain/shared/e2ee/crypto-envelope.service.d.ts +9 -0
- package/dist/node_modules/@devchain/shared/e2ee/crypto-envelope.service.d.ts.map +1 -0
- package/dist/node_modules/@devchain/shared/e2ee/crypto-envelope.service.js +78 -0
- package/dist/node_modules/@devchain/shared/e2ee/crypto-envelope.service.js.map +1 -0
- package/dist/node_modules/@devchain/shared/e2ee/envelope.d.ts +63 -0
- package/dist/node_modules/@devchain/shared/e2ee/envelope.d.ts.map +1 -0
- package/dist/node_modules/@devchain/shared/e2ee/envelope.js +64 -0
- package/dist/node_modules/@devchain/shared/e2ee/envelope.js.map +1 -0
- package/dist/node_modules/@devchain/shared/e2ee/index.d.ts +10 -0
- package/dist/node_modules/@devchain/shared/e2ee/index.d.ts.map +1 -0
- package/dist/node_modules/@devchain/shared/e2ee/index.js +10 -0
- package/dist/node_modules/@devchain/shared/e2ee/index.js.map +1 -0
- package/dist/node_modules/@devchain/shared/e2ee/key-exchange.d.ts +17 -0
- package/dist/node_modules/@devchain/shared/e2ee/key-exchange.d.ts.map +1 -0
- package/dist/node_modules/@devchain/shared/e2ee/key-exchange.js +72 -0
- package/dist/node_modules/@devchain/shared/e2ee/key-exchange.js.map +1 -0
- package/dist/node_modules/@devchain/shared/e2ee/keypair.d.ts +13 -0
- package/dist/node_modules/@devchain/shared/e2ee/keypair.d.ts.map +1 -0
- package/dist/node_modules/@devchain/shared/e2ee/keypair.js +34 -0
- package/dist/node_modules/@devchain/shared/e2ee/keypair.js.map +1 -0
- package/dist/node_modules/@devchain/shared/e2ee/negotiation.d.ts +30 -0
- package/dist/node_modules/@devchain/shared/e2ee/negotiation.d.ts.map +1 -0
- package/dist/node_modules/@devchain/shared/e2ee/negotiation.js +70 -0
- package/dist/node_modules/@devchain/shared/e2ee/negotiation.js.map +1 -0
- package/dist/node_modules/@devchain/shared/e2ee/safety-number.d.ts +3 -0
- package/dist/node_modules/@devchain/shared/e2ee/safety-number.d.ts.map +1 -0
- package/dist/node_modules/@devchain/shared/e2ee/safety-number.js +33 -0
- package/dist/node_modules/@devchain/shared/e2ee/safety-number.js.map +1 -0
- package/dist/node_modules/@devchain/shared/e2ee/trust.d.ts +22 -0
- package/dist/node_modules/@devchain/shared/e2ee/trust.d.ts.map +1 -0
- package/dist/node_modules/@devchain/shared/e2ee/trust.js +25 -0
- package/dist/node_modules/@devchain/shared/e2ee/trust.js.map +1 -0
- package/dist/node_modules/@devchain/shared/index.d.ts +3 -0
- package/dist/node_modules/@devchain/shared/index.d.ts.map +1 -1
- package/dist/node_modules/@devchain/shared/index.js +3 -0
- package/dist/node_modules/@devchain/shared/index.js.map +1 -1
- package/dist/node_modules/@devchain/shared/schemas/export-schema.d.ts +14 -6
- package/dist/node_modules/@devchain/shared/schemas/export-schema.d.ts.map +1 -1
- package/dist/node_modules/@devchain/shared/schemas/export-schema.js +1 -0
- package/dist/node_modules/@devchain/shared/schemas/export-schema.js.map +1 -1
- package/dist/node_modules/@devchain/shared/tsconfig.tsbuildinfo +1 -1
- package/dist/node_modules/@devchain/shared/tunnel-protocol.d.ts +99 -0
- package/dist/node_modules/@devchain/shared/tunnel-protocol.d.ts.map +1 -0
- package/dist/node_modules/@devchain/shared/tunnel-protocol.js +148 -0
- package/dist/node_modules/@devchain/shared/tunnel-protocol.js.map +1 -0
- package/dist/server/app.main.module.js +2 -0
- package/dist/server/app.main.module.js.map +1 -1
- package/dist/server/app.normal.module.js +2 -0
- package/dist/server/app.normal.module.js.map +1 -1
- package/dist/server/common/config/env.config.js +5 -7
- package/dist/server/common/config/env.config.js.map +1 -1
- package/dist/server/common/test/app-bootstrap.helper.js +5 -1
- package/dist/server/common/test/app-bootstrap.helper.js.map +1 -1
- package/dist/server/modules/agent-message-delivery/adapters/legacy-delivery-formatter.adapter.js +4 -0
- package/dist/server/modules/agent-message-delivery/adapters/legacy-delivery-formatter.adapter.js.map +1 -1
- package/dist/server/modules/agent-message-delivery/agent-message-delivery.service.d.ts +3 -1
- package/dist/server/modules/agent-message-delivery/agent-message-delivery.service.js +16 -3
- package/dist/server/modules/agent-message-delivery/agent-message-delivery.service.js.map +1 -1
- package/dist/server/modules/agent-message-delivery/dtos/delivery.types.d.ts +4 -0
- package/dist/server/modules/cloud/cloud.module.js +8 -1
- package/dist/server/modules/cloud/cloud.module.js.map +1 -1
- package/dist/server/modules/cloud/controllers/auth-callback.controller.js +5 -4
- package/dist/server/modules/cloud/controllers/auth-callback.controller.js.map +1 -1
- package/dist/server/modules/cloud/controllers/devices-proxy.controller.js +1 -1
- package/dist/server/modules/cloud/controllers/devices-proxy.controller.js.map +1 -1
- package/dist/server/modules/cloud/controllers/preferences-proxy.controller.js +1 -1
- package/dist/server/modules/cloud/controllers/preferences-proxy.controller.js.map +1 -1
- package/dist/server/modules/cloud/controllers/qr-initiate-proxy.controller.js +1 -1
- package/dist/server/modules/cloud/controllers/qr-initiate-proxy.controller.js.map +1 -1
- package/dist/server/modules/cloud/controllers/store-tokens-error.d.ts +4 -0
- package/dist/server/modules/cloud/controllers/store-tokens-error.js +103 -0
- package/dist/server/modules/cloud/controllers/store-tokens-error.js.map +1 -0
- package/dist/server/modules/cloud/services/cloud-session-manager.service.js +18 -8
- package/dist/server/modules/cloud/services/cloud-session-manager.service.js.map +1 -1
- package/dist/server/modules/cloud/services/egress-queue.service.js +2 -2
- package/dist/server/modules/cloud/services/egress-queue.service.js.map +1 -1
- package/dist/server/modules/cloud/services/event-mapper.service.d.ts +9 -1
- package/dist/server/modules/cloud/services/event-mapper.service.js +18 -2
- package/dist/server/modules/cloud/services/event-mapper.service.js.map +1 -1
- package/dist/server/modules/cloud/services/project-activity-reporter.service.js +1 -1
- package/dist/server/modules/cloud/services/project-activity-reporter.service.js.map +1 -1
- package/dist/server/modules/cloud-tunnel/cloud-tunnel.module.js +57 -2
- package/dist/server/modules/cloud-tunnel/cloud-tunnel.module.js.map +1 -1
- package/dist/server/modules/cloud-tunnel/services/ask-user-question-push-gate.service.d.ts +20 -0
- package/dist/server/modules/cloud-tunnel/services/ask-user-question-push-gate.service.js +84 -0
- package/dist/server/modules/cloud-tunnel/services/ask-user-question-push-gate.service.js.map +1 -0
- package/dist/server/modules/cloud-tunnel/services/epic-dto.util.d.ts +3 -0
- package/dist/server/modules/cloud-tunnel/services/epic-dto.util.js +43 -0
- package/dist/server/modules/cloud-tunnel/services/epic-dto.util.js.map +1 -0
- package/dist/server/modules/cloud-tunnel/services/jsonrpc-error.util.d.ts +11 -0
- package/dist/server/modules/cloud-tunnel/services/jsonrpc-error.util.js +32 -0
- package/dist/server/modules/cloud-tunnel/services/jsonrpc-error.util.js.map +1 -0
- package/dist/server/modules/cloud-tunnel/services/lifecycle-operation-tracker.d.ts +30 -0
- package/dist/server/modules/cloud-tunnel/services/lifecycle-operation-tracker.js +80 -0
- package/dist/server/modules/cloud-tunnel/services/lifecycle-operation-tracker.js.map +1 -0
- package/dist/server/modules/cloud-tunnel/services/mobile-board-rpc.service.d.ts +16 -0
- package/dist/server/modules/cloud-tunnel/services/mobile-board-rpc.service.js +78 -0
- package/dist/server/modules/cloud-tunnel/services/mobile-board-rpc.service.js.map +1 -0
- package/dist/server/modules/cloud-tunnel/services/mobile-chat-rpc.service.d.ts +112 -0
- package/dist/server/modules/cloud-tunnel/services/mobile-chat-rpc.service.js +457 -0
- package/dist/server/modules/cloud-tunnel/services/mobile-chat-rpc.service.js.map +1 -0
- package/dist/server/modules/cloud-tunnel/services/tunnel-client.service.d.ts +28 -2
- package/dist/server/modules/cloud-tunnel/services/tunnel-client.service.js +143 -5
- package/dist/server/modules/cloud-tunnel/services/tunnel-client.service.js.map +1 -1
- package/dist/server/modules/cloud-tunnel/services/tunnel-event-forwarder.service.d.ts +21 -0
- package/dist/server/modules/cloud-tunnel/services/tunnel-event-forwarder.service.js +171 -0
- package/dist/server/modules/cloud-tunnel/services/tunnel-event-forwarder.service.js.map +1 -0
- package/dist/server/modules/cloud-tunnel/services/tunnel-handler.service.d.ts +9 -4
- package/dist/server/modules/cloud-tunnel/services/tunnel-handler.service.js +194 -52
- package/dist/server/modules/cloud-tunnel/services/tunnel-handler.service.js.map +1 -1
- package/dist/server/modules/cloud-tunnel/services/tunnel-push-crypto.service.d.ts +21 -0
- package/dist/server/modules/cloud-tunnel/services/tunnel-push-crypto.service.js +117 -0
- package/dist/server/modules/cloud-tunnel/services/tunnel-push-crypto.service.js.map +1 -0
- package/dist/server/modules/cloud-tunnel/services/tunnel-rpc-crypto.service.d.ts +41 -0
- package/dist/server/modules/cloud-tunnel/services/tunnel-rpc-crypto.service.js +116 -0
- package/dist/server/modules/cloud-tunnel/services/tunnel-rpc-crypto.service.js.map +1 -0
- package/dist/server/modules/cloud-tunnel/services/tunnel-viewport-crypto.service.d.ts +20 -0
- package/dist/server/modules/cloud-tunnel/services/tunnel-viewport-crypto.service.js +114 -0
- package/dist/server/modules/cloud-tunnel/services/tunnel-viewport-crypto.service.js.map +1 -0
- package/dist/server/modules/cloud-tunnel/services/viewport-frame-sink.d.ts +6 -0
- package/dist/server/modules/cloud-tunnel/services/viewport-frame-sink.js +7 -0
- package/dist/server/modules/cloud-tunnel/services/viewport-frame-sink.js.map +1 -0
- package/dist/server/modules/cloud-tunnel/services/viewport-streamer.service.d.ts +30 -0
- package/dist/server/modules/cloud-tunnel/services/viewport-streamer.service.js +228 -0
- package/dist/server/modules/cloud-tunnel/services/viewport-streamer.service.js.map +1 -0
- package/dist/server/modules/e2ee/controllers/e2ee-pairing.controller.d.ts +18 -0
- package/dist/server/modules/e2ee/controllers/e2ee-pairing.controller.js +62 -0
- package/dist/server/modules/e2ee/controllers/e2ee-pairing.controller.js.map +1 -0
- package/dist/server/modules/e2ee/controllers/e2ee-trust.controller.d.ts +19 -0
- package/dist/server/modules/e2ee/controllers/e2ee-trust.controller.js +85 -0
- package/dist/server/modules/e2ee/controllers/e2ee-trust.controller.js.map +1 -0
- package/dist/server/modules/e2ee/e2ee.module.d.ts +2 -0
- package/dist/server/modules/e2ee/e2ee.module.js +27 -0
- package/dist/server/modules/e2ee/e2ee.module.js.map +1 -0
- package/dist/server/modules/e2ee/services/e2ee-device-store.service.d.ts +29 -0
- package/dist/server/modules/e2ee/services/e2ee-device-store.service.js +138 -0
- package/dist/server/modules/e2ee/services/e2ee-device-store.service.js.map +1 -0
- package/dist/server/modules/e2ee/services/e2ee-keypair.service.d.ts +21 -0
- package/dist/server/modules/e2ee/services/e2ee-keypair.service.js +152 -0
- package/dist/server/modules/e2ee/services/e2ee-keypair.service.js.map +1 -0
- package/dist/server/modules/e2ee/services/e2ee-pairing.service.d.ts +28 -0
- package/dist/server/modules/e2ee/services/e2ee-pairing.service.js +107 -0
- package/dist/server/modules/e2ee/services/e2ee-pairing.service.js.map +1 -0
- package/dist/server/modules/e2ee/services/e2ee-trust.service.d.ts +36 -0
- package/dist/server/modules/e2ee/services/e2ee-trust.service.js +118 -0
- package/dist/server/modules/e2ee/services/e2ee-trust.service.js.map +1 -0
- package/dist/server/modules/epics/services/epics.service.d.ts +1 -0
- package/dist/server/modules/epics/services/epics.service.js +10 -0
- package/dist/server/modules/epics/services/epics.service.js.map +1 -1
- package/dist/server/modules/events/catalog/broadcast-metadata.d.ts +6 -2
- package/dist/server/modules/events/catalog/broadcast-registry.d.ts +2 -2
- package/dist/server/modules/events/catalog/broadcast-registry.js +58 -1
- package/dist/server/modules/events/catalog/broadcast-registry.js.map +1 -1
- package/dist/server/modules/events/catalog/claude.hooks.ask_user_question.pending.d.ts +122 -0
- package/dist/server/modules/events/catalog/claude.hooks.ask_user_question.pending.js +28 -0
- package/dist/server/modules/events/catalog/claude.hooks.ask_user_question.pending.js.map +1 -0
- package/dist/server/modules/events/catalog/claude.hooks.ask_user_question.resolved.d.ts +18 -0
- package/dist/server/modules/events/catalog/claude.hooks.ask_user_question.resolved.js +13 -0
- package/dist/server/modules/events/catalog/claude.hooks.ask_user_question.resolved.js.map +1 -0
- package/dist/server/modules/events/catalog/index.d.ts +90 -0
- package/dist/server/modules/events/catalog/index.js +4 -0
- package/dist/server/modules/events/catalog/index.js.map +1 -1
- package/dist/server/modules/events/catalog/project-broadcast.d.ts +7 -0
- package/dist/server/modules/events/catalog/project-broadcast.js +10 -0
- package/dist/server/modules/events/catalog/project-broadcast.js.map +1 -0
- package/dist/server/modules/events/catalog/session.transcript.discovered.d.ts +3 -0
- package/dist/server/modules/events/catalog/session.transcript.discovered.js +1 -0
- package/dist/server/modules/events/catalog/session.transcript.discovered.js.map +1 -1
- package/dist/server/modules/events/services/catalog-broadcaster.service.js +3 -4
- package/dist/server/modules/events/services/catalog-broadcaster.service.js.map +1 -1
- package/dist/server/modules/hooks/dtos/ask-user-question.dto.d.ts +5 -0
- package/dist/server/modules/hooks/dtos/ask-user-question.dto.js +51 -0
- package/dist/server/modules/hooks/dtos/ask-user-question.dto.js.map +1 -0
- package/dist/server/modules/hooks/dtos/hook-event.dto.d.ts +206 -5
- package/dist/server/modules/hooks/dtos/hook-event.dto.js +40 -8
- package/dist/server/modules/hooks/dtos/hook-event.dto.js.map +1 -1
- package/dist/server/modules/hooks/hooks.module.js +3 -2
- package/dist/server/modules/hooks/hooks.module.js.map +1 -1
- package/dist/server/modules/hooks/services/hooks-config.service.d.ts +1 -0
- package/dist/server/modules/hooks/services/hooks-config.service.js +52 -33
- package/dist/server/modules/hooks/services/hooks-config.service.js.map +1 -1
- package/dist/server/modules/hooks/services/hooks.service.d.ts +5 -1
- package/dist/server/modules/hooks/services/hooks.service.js +68 -2
- package/dist/server/modules/hooks/services/hooks.service.js.map +1 -1
- package/dist/server/modules/hooks/services/pending-ask-user-question.service.d.ts +38 -0
- package/dist/server/modules/hooks/services/pending-ask-user-question.service.js +105 -0
- package/dist/server/modules/hooks/services/pending-ask-user-question.service.js.map +1 -0
- package/dist/server/modules/orchestrator/worktrees/services/worktrees.service.js +3 -0
- package/dist/server/modules/orchestrator/worktrees/services/worktrees.service.js.map +1 -1
- package/dist/server/modules/projects/controllers/projects.controller.d.ts +7 -0
- package/dist/server/modules/projects/dtos/export.dto.d.ts +8 -0
- package/dist/server/modules/projects/dtos/export.dto.js +1 -0
- package/dist/server/modules/projects/dtos/export.dto.js.map +1 -1
- package/dist/server/modules/projects/helpers/project-export.d.ts +1 -0
- package/dist/server/modules/projects/helpers/project-export.js +19 -5
- package/dist/server/modules/projects/helpers/project-export.js.map +1 -1
- package/dist/server/modules/projects/helpers/project-import-sessions.d.ts +11 -0
- package/dist/server/modules/projects/helpers/project-import-sessions.js +47 -0
- package/dist/server/modules/projects/helpers/project-import-sessions.js.map +1 -0
- package/dist/server/modules/projects/helpers/project-import.d.ts +4 -0
- package/dist/server/modules/projects/helpers/project-import.js +12 -2
- package/dist/server/modules/projects/helpers/project-import.js.map +1 -1
- package/dist/server/modules/projects/services/projects.service.d.ts +5 -0
- package/dist/server/modules/providers/adapters/claude.adapter.d.ts +1 -0
- package/dist/server/modules/providers/adapters/claude.adapter.js +1 -0
- package/dist/server/modules/providers/adapters/claude.adapter.js.map +1 -1
- package/dist/server/modules/providers/adapters/opencode.adapter.d.ts +4 -1
- package/dist/server/modules/providers/adapters/opencode.adapter.js +3 -0
- package/dist/server/modules/providers/adapters/opencode.adapter.js.map +1 -1
- package/dist/server/modules/providers/adapters/provider-adapter.interface.d.ts +2 -0
- package/dist/server/modules/providers/controllers/providers.controller.d.ts +50 -3
- package/dist/server/modules/providers/controllers/providers.controller.js +12 -3
- package/dist/server/modules/providers/controllers/providers.controller.js.map +1 -1
- package/dist/server/modules/providers/services/provider-state-manager.service.d.ts +2 -1
- package/dist/server/modules/providers/services/provider-state-manager.service.js +43 -1
- package/dist/server/modules/providers/services/provider-state-manager.service.js.map +1 -1
- package/dist/server/modules/registry/controllers/templates.controller.d.ts +2 -1
- package/dist/server/modules/registry/services/template-cache.service.d.ts +2 -0
- package/dist/server/modules/registry/services/template-cache.service.js +5 -0
- package/dist/server/modules/registry/services/template-cache.service.js.map +1 -1
- package/dist/server/modules/registry/services/unified-template.service.d.ts +1 -0
- package/dist/server/modules/registry/services/unified-template.service.js +9 -1
- package/dist/server/modules/registry/services/unified-template.service.js.map +1 -1
- package/dist/server/modules/session-reader/__fixtures__/opencode-fixture-db.d.ts +44 -0
- package/dist/server/modules/session-reader/__fixtures__/opencode-fixture-db.js +85 -0
- package/dist/server/modules/session-reader/__fixtures__/opencode-fixture-db.js.map +1 -0
- package/dist/server/modules/session-reader/adapters/opencode-session-reader.adapter.d.ts +23 -0
- package/dist/server/modules/session-reader/adapters/opencode-session-reader.adapter.js +150 -0
- package/dist/server/modules/session-reader/adapters/opencode-session-reader.adapter.js.map +1 -0
- package/dist/server/modules/session-reader/adapters/session-reader-adapter.interface.d.ts +16 -2
- package/dist/server/modules/session-reader/adapters/session-reader-adapter.interface.js +39 -0
- package/dist/server/modules/session-reader/adapters/session-reader-adapter.interface.js.map +1 -1
- package/dist/server/modules/session-reader/adapters/utils/coalesce-turns.d.ts +11 -0
- package/dist/server/modules/session-reader/adapters/utils/coalesce-turns.js +81 -0
- package/dist/server/modules/session-reader/adapters/utils/coalesce-turns.js.map +1 -0
- package/dist/server/modules/session-reader/adapters/utils/tool-result-fold.d.ts +2 -0
- package/dist/server/modules/session-reader/adapters/utils/tool-result-fold.js +9 -0
- package/dist/server/modules/session-reader/adapters/utils/tool-result-fold.js.map +1 -0
- package/dist/server/modules/session-reader/builders/chunk-builder.js +0 -2
- package/dist/server/modules/session-reader/builders/chunk-builder.js.map +1 -1
- package/dist/server/modules/session-reader/builders/semantic-step-extractor.js +2 -0
- package/dist/server/modules/session-reader/builders/semantic-step-extractor.js.map +1 -1
- package/dist/server/modules/session-reader/controllers/session-reader.controller.d.ts +1 -0
- package/dist/server/modules/session-reader/data/pricing.json +387 -34
- package/dist/server/modules/session-reader/dtos/unified-message.types.d.ts +1 -0
- package/dist/server/modules/session-reader/dtos/unified-session.types.js.map +1 -1
- package/dist/server/modules/session-reader/parsers/claude-jsonl.parser.js +46 -0
- package/dist/server/modules/session-reader/parsers/claude-jsonl.parser.js.map +1 -1
- package/dist/server/modules/session-reader/parsers/codex-jsonl.parser.js +35 -17
- package/dist/server/modules/session-reader/parsers/codex-jsonl.parser.js.map +1 -1
- package/dist/server/modules/session-reader/readers/opencode-sqlite.reader.d.ts +69 -0
- package/dist/server/modules/session-reader/readers/opencode-sqlite.reader.js +378 -0
- package/dist/server/modules/session-reader/readers/opencode-sqlite.reader.js.map +1 -0
- package/dist/server/modules/session-reader/services/session-cache.service.d.ts +12 -3
- package/dist/server/modules/session-reader/services/session-cache.service.js +104 -19
- package/dist/server/modules/session-reader/services/session-cache.service.js.map +1 -1
- package/dist/server/modules/session-reader/services/session-reader.service.d.ts +5 -0
- package/dist/server/modules/session-reader/services/session-reader.service.js +51 -16
- package/dist/server/modules/session-reader/services/session-reader.service.js.map +1 -1
- package/dist/server/modules/session-reader/services/transcript-path-validator.service.js +1 -0
- package/dist/server/modules/session-reader/services/transcript-path-validator.service.js.map +1 -1
- package/dist/server/modules/session-reader/services/transcript-persistence.listener.d.ts +3 -0
- package/dist/server/modules/session-reader/services/transcript-persistence.listener.js +70 -1
- package/dist/server/modules/session-reader/services/transcript-persistence.listener.js.map +1 -1
- package/dist/server/modules/session-reader/services/transcript-watcher-rehydrator.service.d.ts +10 -0
- package/dist/server/modules/session-reader/services/transcript-watcher-rehydrator.service.js +47 -0
- package/dist/server/modules/session-reader/services/transcript-watcher-rehydrator.service.js.map +1 -0
- package/dist/server/modules/session-reader/services/transcript-watcher.service.d.ts +7 -1
- package/dist/server/modules/session-reader/services/transcript-watcher.service.js +177 -28
- package/dist/server/modules/session-reader/services/transcript-watcher.service.js.map +1 -1
- package/dist/server/modules/session-reader/session-reader.module.d.ts +3 -1
- package/dist/server/modules/session-reader/session-reader.module.js +10 -2
- package/dist/server/modules/session-reader/session-reader.module.js.map +1 -1
- package/dist/server/modules/sessions/controllers/sessions.controller.js +2 -22
- package/dist/server/modules/sessions/controllers/sessions.controller.js.map +1 -1
- package/dist/server/modules/sessions/dtos/sessions.dto.d.ts +1 -0
- package/dist/server/modules/sessions/dtos/sessions.dto.js.map +1 -1
- package/dist/server/modules/sessions/services/active-session-lookup.service.d.ts +5 -0
- package/dist/server/modules/sessions/services/active-session-lookup.service.js +12 -0
- package/dist/server/modules/sessions/services/active-session-lookup.service.js.map +1 -1
- package/dist/server/modules/sessions/services/message-enqueue.service.d.ts +2 -0
- package/dist/server/modules/sessions/services/message-enqueue.service.js +2 -0
- package/dist/server/modules/sessions/services/message-enqueue.service.js.map +1 -1
- package/dist/server/modules/sessions/services/message-pool.types.d.ts +2 -0
- package/dist/server/modules/sessions/services/provider-launch-config/provider-launch-config.service.js +1 -1
- package/dist/server/modules/sessions/services/provider-launch-config/provider-launch-config.service.js.map +1 -1
- package/dist/server/modules/sessions/services/session-lifecycle-facade.service.d.ts +18 -0
- package/dist/server/modules/sessions/services/session-lifecycle-facade.service.js +74 -0
- package/dist/server/modules/sessions/services/session-lifecycle-facade.service.js.map +1 -0
- package/dist/server/modules/sessions/services/session-runtime/__test-utils__/pipeline-harness.d.ts +4 -2
- package/dist/server/modules/sessions/services/session-runtime/__test-utils__/pipeline-harness.js +4 -2
- package/dist/server/modules/sessions/services/session-runtime/__test-utils__/pipeline-harness.js.map +1 -1
- package/dist/server/modules/sessions/services/session-runtime/session-launch-pipeline.service.js +2 -2
- package/dist/server/modules/sessions/services/session-runtime/session-launch-pipeline.service.js.map +1 -1
- package/dist/server/modules/sessions/services/session-runtime/session-restore-pipeline.service.js +2 -2
- package/dist/server/modules/sessions/services/session-runtime/session-restore-pipeline.service.js.map +1 -1
- package/dist/server/modules/sessions/services/sessions-message-pool.service.js +15 -3
- package/dist/server/modules/sessions/services/sessions-message-pool.service.js.map +1 -1
- package/dist/server/modules/sessions/services/sessions.service.d.ts +8 -0
- package/dist/server/modules/sessions/services/sessions.service.js +52 -1
- package/dist/server/modules/sessions/services/sessions.service.js.map +1 -1
- package/dist/server/modules/sessions/sessions-lifecycle.module.d.ts +2 -0
- package/dist/server/modules/sessions/sessions-lifecycle.module.js +23 -0
- package/dist/server/modules/sessions/sessions-lifecycle.module.js.map +1 -0
- package/dist/server/modules/settings/local/delegates/core-settings.delegate.js.map +1 -1
- package/dist/server/modules/storage/db/schema.d.ts +83 -0
- package/dist/server/modules/storage/db/schema.js +15 -2
- package/dist/server/modules/storage/db/schema.js.map +1 -1
- package/dist/server/modules/storage/interfaces/storage.interface.d.ts +13 -2
- package/dist/server/modules/storage/interfaces/storage.interface.js.map +1 -1
- package/dist/server/modules/storage/local/delegates/epic.delegate.d.ts +1 -0
- package/dist/server/modules/storage/local/delegates/epic.delegate.js +8 -0
- package/dist/server/modules/storage/local/delegates/epic.delegate.js.map +1 -1
- package/dist/server/modules/storage/local/delegates/provider.delegate.d.ts +5 -1
- package/dist/server/modules/storage/local/delegates/provider.delegate.js +122 -0
- package/dist/server/modules/storage/local/delegates/provider.delegate.js.map +1 -1
- package/dist/server/modules/storage/local/delegates/session.delegate.d.ts +9 -0
- package/dist/server/modules/storage/local/delegates/session.delegate.js +115 -0
- package/dist/server/modules/storage/local/delegates/session.delegate.js.map +1 -0
- package/dist/server/modules/storage/local/local-storage.service.d.ts +10 -0
- package/dist/server/modules/storage/local/local-storage.service.js +20 -0
- package/dist/server/modules/storage/local/local-storage.service.js.map +1 -1
- package/dist/server/modules/storage/models/domain.models.d.ts +1 -0
- package/dist/server/modules/subscribers/services/automation-scheduler.service.js.map +1 -1
- package/dist/server/modules/teams/services/teams.service.d.ts +28 -2
- package/dist/server/modules/teams/services/teams.service.js +175 -0
- package/dist/server/modules/teams/services/teams.service.js.map +1 -1
- package/dist/server/modules/teams/storage/teams.store.d.ts +5 -0
- package/dist/server/modules/teams/storage/teams.store.js +34 -0
- package/dist/server/modules/teams/storage/teams.store.js.map +1 -1
- package/dist/server/modules/terminal/gateways/terminal.gateway.d.ts +5 -0
- package/dist/server/modules/terminal/gateways/terminal.gateway.js +38 -0
- package/dist/server/modules/terminal/gateways/terminal.gateway.js.map +1 -1
- package/dist/server/modules/terminal/services/pty.service.js +11 -3
- package/dist/server/modules/terminal/services/pty.service.js.map +1 -1
- package/dist/server/modules/terminal/services/terminal-io/terminal-io.service.d.ts +1 -1
- package/dist/server/modules/terminal/services/terminal-io/terminal-io.service.js +9 -2
- package/dist/server/modules/terminal/services/terminal-io/terminal-io.service.js.map +1 -1
- package/dist/server/modules/terminal/services/terminal-io/viewport-capture.d.ts +12 -0
- package/dist/server/modules/terminal/services/terminal-io/viewport-capture.js +50 -0
- package/dist/server/modules/terminal/services/terminal-io/viewport-capture.js.map +1 -0
- package/dist/server/modules/terminal/services/terminal-session/terminal-session.d.ts +2 -0
- package/dist/server/modules/terminal/services/terminal-session/terminal-session.js +10 -4
- package/dist/server/modules/terminal/services/terminal-session/terminal-session.js.map +1 -1
- package/dist/server/modules/terminal/services/terminal-viewport/terminal-viewport.facade.d.ts +12 -0
- package/dist/server/modules/terminal/services/terminal-viewport/terminal-viewport.facade.js +55 -0
- package/dist/server/modules/terminal/services/terminal-viewport/terminal-viewport.facade.js.map +1 -0
- package/dist/server/modules/terminal/terminal-viewport.module.d.ts +2 -0
- package/dist/server/modules/terminal/terminal-viewport.module.js +24 -0
- package/dist/server/modules/terminal/terminal-viewport.module.js.map +1 -0
- package/dist/server/templates/3-agents-dev.json +33 -28
- package/dist/server/templates/teams-dev.json +42 -70
- package/dist/server/tsconfig.tsbuildinfo +1 -1
- package/dist/server/ui/assets/{ReviewDetailPage-CobRKQBn.js → ReviewDetailPage-BpPjTAgL.js} +1 -1
- package/dist/server/ui/assets/{ReviewsPage-Bb6ZmriH.js → ReviewsPage-CAs14WVx.js} +1 -1
- package/dist/server/ui/assets/index-CzMrWNAV.css +32 -0
- package/dist/server/ui/assets/index-DhGz-UAr.js +1100 -0
- package/dist/server/ui/assets/{useReviewSubscription-DzaIaXy7.js → useReviewSubscription-CscSQD7B.js} +1 -1
- package/dist/server/ui/favicon.svg +2 -16
- package/dist/server/ui/index.html +2 -2
- package/dist/templates/3-agents-dev.json +33 -28
- package/dist/templates/teams-dev.json +42 -70
- package/package.json +23 -8
- package/dist/server/ui/assets/index-BV_-Jlz8.js +0 -1095
- package/dist/server/ui/assets/index-C_ZOt0it.css +0 -32
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import { E2eeTrustService, type DeviceSafetyNumberResult, type DeviceTrustResult, type PairedDeviceSummary } from '../services/e2ee-trust.service';
|
|
2
|
+
interface AdoptBody {
|
|
3
|
+
kid?: string;
|
|
4
|
+
publicKeyB64?: string;
|
|
5
|
+
label?: string;
|
|
6
|
+
}
|
|
7
|
+
export declare class E2eeTrustController {
|
|
8
|
+
private readonly trust;
|
|
9
|
+
constructor(trust: E2eeTrustService);
|
|
10
|
+
listDevices(): PairedDeviceSummary[];
|
|
11
|
+
safetyNumber(kid: string): Promise<DeviceSafetyNumberResult>;
|
|
12
|
+
verify(kid: string): DeviceTrustResult;
|
|
13
|
+
revokeDevice(kid: string): {
|
|
14
|
+
kid: string;
|
|
15
|
+
removed: boolean;
|
|
16
|
+
};
|
|
17
|
+
adopt(body: AdoptBody): DeviceTrustResult;
|
|
18
|
+
}
|
|
19
|
+
export {};
|
|
@@ -0,0 +1,85 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
12
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.E2eeTrustController = void 0;
|
|
16
|
+
const common_1 = require("@nestjs/common");
|
|
17
|
+
const error_types_1 = require("../../../common/errors/error-types");
|
|
18
|
+
const e2ee_trust_service_1 = require("../services/e2ee-trust.service");
|
|
19
|
+
let E2eeTrustController = class E2eeTrustController {
|
|
20
|
+
constructor(trust) {
|
|
21
|
+
this.trust = trust;
|
|
22
|
+
}
|
|
23
|
+
listDevices() {
|
|
24
|
+
return this.trust.listDevices();
|
|
25
|
+
}
|
|
26
|
+
async safetyNumber(kid) {
|
|
27
|
+
return this.trust.getSafetyNumber(kid);
|
|
28
|
+
}
|
|
29
|
+
verify(kid) {
|
|
30
|
+
return this.trust.verifyDevice(kid);
|
|
31
|
+
}
|
|
32
|
+
revokeDevice(kid) {
|
|
33
|
+
return this.trust.revokeDevice(kid);
|
|
34
|
+
}
|
|
35
|
+
adopt(body) {
|
|
36
|
+
if (!body?.kid || !body.publicKeyB64) {
|
|
37
|
+
throw new error_types_1.ValidationError('kid and publicKeyB64 are required');
|
|
38
|
+
}
|
|
39
|
+
return this.trust.adoptPeerKeyTofu({
|
|
40
|
+
kid: body.kid,
|
|
41
|
+
publicKeyB64: body.publicKeyB64,
|
|
42
|
+
...(body.label !== undefined ? { label: body.label } : {}),
|
|
43
|
+
});
|
|
44
|
+
}
|
|
45
|
+
};
|
|
46
|
+
exports.E2eeTrustController = E2eeTrustController;
|
|
47
|
+
__decorate([
|
|
48
|
+
(0, common_1.Get)(),
|
|
49
|
+
__metadata("design:type", Function),
|
|
50
|
+
__metadata("design:paramtypes", []),
|
|
51
|
+
__metadata("design:returntype", Array)
|
|
52
|
+
], E2eeTrustController.prototype, "listDevices", null);
|
|
53
|
+
__decorate([
|
|
54
|
+
(0, common_1.Get)(':kid/safety-number'),
|
|
55
|
+
__param(0, (0, common_1.Param)('kid')),
|
|
56
|
+
__metadata("design:type", Function),
|
|
57
|
+
__metadata("design:paramtypes", [String]),
|
|
58
|
+
__metadata("design:returntype", Promise)
|
|
59
|
+
], E2eeTrustController.prototype, "safetyNumber", null);
|
|
60
|
+
__decorate([
|
|
61
|
+
(0, common_1.Post)(':kid/verify'),
|
|
62
|
+
__param(0, (0, common_1.Param)('kid')),
|
|
63
|
+
__metadata("design:type", Function),
|
|
64
|
+
__metadata("design:paramtypes", [String]),
|
|
65
|
+
__metadata("design:returntype", Object)
|
|
66
|
+
], E2eeTrustController.prototype, "verify", null);
|
|
67
|
+
__decorate([
|
|
68
|
+
(0, common_1.Delete)(':kid'),
|
|
69
|
+
__param(0, (0, common_1.Param)('kid')),
|
|
70
|
+
__metadata("design:type", Function),
|
|
71
|
+
__metadata("design:paramtypes", [String]),
|
|
72
|
+
__metadata("design:returntype", Object)
|
|
73
|
+
], E2eeTrustController.prototype, "revokeDevice", null);
|
|
74
|
+
__decorate([
|
|
75
|
+
(0, common_1.Post)('adopt'),
|
|
76
|
+
__param(0, (0, common_1.Body)()),
|
|
77
|
+
__metadata("design:type", Function),
|
|
78
|
+
__metadata("design:paramtypes", [Object]),
|
|
79
|
+
__metadata("design:returntype", Object)
|
|
80
|
+
], E2eeTrustController.prototype, "adopt", null);
|
|
81
|
+
exports.E2eeTrustController = E2eeTrustController = __decorate([
|
|
82
|
+
(0, common_1.Controller)('api/e2ee/devices'),
|
|
83
|
+
__metadata("design:paramtypes", [e2ee_trust_service_1.E2eeTrustService])
|
|
84
|
+
], E2eeTrustController);
|
|
85
|
+
//# sourceMappingURL=e2ee-trust.controller.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"e2ee-trust.controller.js","sourceRoot":"","sources":["../../../../src/modules/e2ee/controllers/e2ee-trust.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAA4E;AAC5E,oEAAqE;AACrE,uEAKwC;AAmBjC,IAAM,mBAAmB,GAAzB,MAAM,mBAAmB;IAC9B,YAA6B,KAAuB;QAAvB,UAAK,GAAL,KAAK,CAAkB;IAAG,CAAC;IAGxD,WAAW;QACT,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;IAClC,CAAC;IAGK,AAAN,KAAK,CAAC,YAAY,CAAe,GAAW;QAC1C,OAAO,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;IACzC,CAAC;IAGD,MAAM,CAAe,GAAW;QAC9B,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;IACtC,CAAC;IAGD,YAAY,CAAe,GAAW;QACpC,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;IACtC,CAAC;IAGD,KAAK,CAAS,IAAe;QAC3B,IAAI,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACrC,MAAM,IAAI,6BAAe,CAAC,mCAAmC,CAAC,CAAC;QACjE,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC;YACjC,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,GAAG,CAAC,IAAI,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC3D,CAAC,CAAC;IACL,CAAC;CACF,CAAA;AAlCY,kDAAmB;AAI9B;IADC,IAAA,YAAG,GAAE;;;;sDAGL;AAGK;IADL,IAAA,YAAG,EAAC,oBAAoB,CAAC;IACN,WAAA,IAAA,cAAK,EAAC,KAAK,CAAC,CAAA;;;;uDAE/B;AAGD;IADC,IAAA,aAAI,EAAC,aAAa,CAAC;IACZ,WAAA,IAAA,cAAK,EAAC,KAAK,CAAC,CAAA;;;;iDAEnB;AAGD;IADC,IAAA,eAAM,EAAC,MAAM,CAAC;IACD,WAAA,IAAA,cAAK,EAAC,KAAK,CAAC,CAAA;;;;uDAEzB;AAGD;IADC,IAAA,aAAI,EAAC,OAAO,CAAC;IACP,WAAA,IAAA,aAAI,GAAE,CAAA;;;;gDASZ;8BAjCU,mBAAmB;IAD/B,IAAA,mBAAU,EAAC,kBAAkB,CAAC;qCAEO,qCAAgB;GADzC,mBAAmB,CAkC/B"}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
|
+
exports.E2eeModule = void 0;
|
|
10
|
+
const common_1 = require("@nestjs/common");
|
|
11
|
+
const e2ee_keypair_service_1 = require("./services/e2ee-keypair.service");
|
|
12
|
+
const e2ee_device_store_service_1 = require("./services/e2ee-device-store.service");
|
|
13
|
+
const e2ee_pairing_service_1 = require("./services/e2ee-pairing.service");
|
|
14
|
+
const e2ee_trust_service_1 = require("./services/e2ee-trust.service");
|
|
15
|
+
const e2ee_pairing_controller_1 = require("./controllers/e2ee-pairing.controller");
|
|
16
|
+
const e2ee_trust_controller_1 = require("./controllers/e2ee-trust.controller");
|
|
17
|
+
let E2eeModule = class E2eeModule {
|
|
18
|
+
};
|
|
19
|
+
exports.E2eeModule = E2eeModule;
|
|
20
|
+
exports.E2eeModule = E2eeModule = __decorate([
|
|
21
|
+
(0, common_1.Module)({
|
|
22
|
+
controllers: [e2ee_pairing_controller_1.E2eePairingController, e2ee_trust_controller_1.E2eeTrustController],
|
|
23
|
+
providers: [e2ee_keypair_service_1.E2eeKeypairService, e2ee_device_store_service_1.E2eeDeviceStoreService, e2ee_pairing_service_1.E2eePairingService, e2ee_trust_service_1.E2eeTrustService],
|
|
24
|
+
exports: [e2ee_keypair_service_1.E2eeKeypairService, e2ee_device_store_service_1.E2eeDeviceStoreService, e2ee_pairing_service_1.E2eePairingService, e2ee_trust_service_1.E2eeTrustService],
|
|
25
|
+
})
|
|
26
|
+
], E2eeModule);
|
|
27
|
+
//# sourceMappingURL=e2ee.module.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"e2ee.module.js","sourceRoot":"","sources":["../../../src/modules/e2ee/e2ee.module.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAAwC;AACxC,0EAAqE;AACrE,oFAA8E;AAC9E,0EAAqE;AACrE,sEAAiE;AACjE,mFAA8E;AAC9E,+EAA0E;AAgBnE,IAAM,UAAU,GAAhB,MAAM,UAAU;CAAG,CAAA;AAAb,gCAAU;qBAAV,UAAU;IALtB,IAAA,eAAM,EAAC;QACN,WAAW,EAAE,CAAC,+CAAqB,EAAE,2CAAmB,CAAC;QACzD,SAAS,EAAE,CAAC,yCAAkB,EAAE,kDAAsB,EAAE,yCAAkB,EAAE,qCAAgB,CAAC;QAC7F,OAAO,EAAE,CAAC,yCAAkB,EAAE,kDAAsB,EAAE,yCAAkB,EAAE,qCAAgB,CAAC;KAC5F,CAAC;GACW,UAAU,CAAG"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
import { BetterSQLite3Database } from 'drizzle-orm/better-sqlite3';
|
|
2
|
+
import { type E2eeTrustStatus, type E2eeVerificationMethod, type E2eeAdoptionMethod, type IncomingPeerKey } from '@devchain/shared';
|
|
3
|
+
export interface E2eePeerDevice {
|
|
4
|
+
kid: string;
|
|
5
|
+
publicKeyB64: string;
|
|
6
|
+
addedAt: string;
|
|
7
|
+
trust: E2eeTrustStatus;
|
|
8
|
+
adoptedVia?: E2eeAdoptionMethod;
|
|
9
|
+
verifiedVia?: E2eeVerificationMethod;
|
|
10
|
+
verifiedAt?: string;
|
|
11
|
+
label?: string;
|
|
12
|
+
}
|
|
13
|
+
export declare class E2eeDeviceStoreService {
|
|
14
|
+
private readonly db;
|
|
15
|
+
private sqlite;
|
|
16
|
+
constructor(db: BetterSQLite3Database);
|
|
17
|
+
add(device: Omit<E2eePeerDevice, 'addedAt' | 'trust'> & {
|
|
18
|
+
addedAt?: string;
|
|
19
|
+
trust?: E2eeTrustStatus;
|
|
20
|
+
}): E2eePeerDevice;
|
|
21
|
+
reconcile(incoming: IncomingPeerKey, now?: string): E2eePeerDevice;
|
|
22
|
+
markVerified(kid: string, now?: string): E2eePeerDevice | null;
|
|
23
|
+
private toDevice;
|
|
24
|
+
get(kid: string): E2eePeerDevice | null;
|
|
25
|
+
revoke(kid: string): boolean;
|
|
26
|
+
list(): E2eePeerDevice[];
|
|
27
|
+
private load;
|
|
28
|
+
private save;
|
|
29
|
+
}
|
|
@@ -0,0 +1,138 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
12
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.E2eeDeviceStoreService = void 0;
|
|
16
|
+
const common_1 = require("@nestjs/common");
|
|
17
|
+
const crypto_1 = require("crypto");
|
|
18
|
+
const better_sqlite3_1 = require("drizzle-orm/better-sqlite3");
|
|
19
|
+
const shared_1 = require("@devchain/shared");
|
|
20
|
+
const db_provider_1 = require("../../storage/db/db.provider");
|
|
21
|
+
const sqlite_raw_1 = require("../../storage/db/sqlite-raw");
|
|
22
|
+
const logger_1 = require("../../../common/logging/logger");
|
|
23
|
+
const logger = (0, logger_1.createLogger)('E2eeDeviceStore');
|
|
24
|
+
const SETTINGS_KEY = 'cloud.e2ee.devices';
|
|
25
|
+
const STORE_VERSION = 1;
|
|
26
|
+
let E2eeDeviceStoreService = class E2eeDeviceStoreService {
|
|
27
|
+
constructor(db) {
|
|
28
|
+
this.db = db;
|
|
29
|
+
this.sqlite = (0, sqlite_raw_1.getRawSqliteClient)(this.db);
|
|
30
|
+
}
|
|
31
|
+
add(device) {
|
|
32
|
+
const dir = this.load();
|
|
33
|
+
const record = {
|
|
34
|
+
kid: device.kid,
|
|
35
|
+
publicKeyB64: device.publicKeyB64,
|
|
36
|
+
addedAt: device.addedAt ?? new Date().toISOString(),
|
|
37
|
+
trust: device.trust ?? 'unverified',
|
|
38
|
+
...(device.adoptedVia !== undefined ? { adoptedVia: device.adoptedVia } : {}),
|
|
39
|
+
...(device.verifiedVia !== undefined ? { verifiedVia: device.verifiedVia } : {}),
|
|
40
|
+
...(device.verifiedAt !== undefined ? { verifiedAt: device.verifiedAt } : {}),
|
|
41
|
+
...(device.label !== undefined ? { label: device.label } : {}),
|
|
42
|
+
};
|
|
43
|
+
dir.devices[record.kid] = record;
|
|
44
|
+
this.save(dir);
|
|
45
|
+
logger.info({ kid: record.kid, trust: record.trust }, 'Peer E2EE device public key added');
|
|
46
|
+
return record;
|
|
47
|
+
}
|
|
48
|
+
reconcile(incoming, now = new Date().toISOString()) {
|
|
49
|
+
const dir = this.load();
|
|
50
|
+
const existing = (dir.devices[incoming.kid] ?? null);
|
|
51
|
+
const prior = existing ??
|
|
52
|
+
Object.values(dir.devices).find((d) => d.publicKeyB64 === incoming.publicKeyB64) ??
|
|
53
|
+
null;
|
|
54
|
+
const reconciled = (0, shared_1.reconcilePeerKey)(prior, incoming, now);
|
|
55
|
+
const record = this.toDevice(reconciled);
|
|
56
|
+
dir.devices[record.kid] = record;
|
|
57
|
+
this.save(dir);
|
|
58
|
+
logger.info({ kid: record.kid, trust: record.trust, adoptedVia: record.adoptedVia }, 'Peer E2EE device reconciled (TOFU adopt / rotation)');
|
|
59
|
+
return record;
|
|
60
|
+
}
|
|
61
|
+
markVerified(kid, now = new Date().toISOString()) {
|
|
62
|
+
const dir = this.load();
|
|
63
|
+
const existing = dir.devices[kid];
|
|
64
|
+
if (!existing)
|
|
65
|
+
return null;
|
|
66
|
+
const record = this.toDevice((0, shared_1.markVerifiedViaSafetyNumber)(existing, now));
|
|
67
|
+
dir.devices[kid] = record;
|
|
68
|
+
this.save(dir);
|
|
69
|
+
logger.info({ kid }, 'Peer E2EE device marked VERIFIED via safety-number');
|
|
70
|
+
return record;
|
|
71
|
+
}
|
|
72
|
+
toDevice(rec) {
|
|
73
|
+
return {
|
|
74
|
+
kid: rec.kid,
|
|
75
|
+
publicKeyB64: rec.publicKeyB64,
|
|
76
|
+
addedAt: rec.addedAt,
|
|
77
|
+
trust: rec.trust,
|
|
78
|
+
...(rec.adoptedVia !== undefined ? { adoptedVia: rec.adoptedVia } : {}),
|
|
79
|
+
...(rec.verifiedVia !== undefined ? { verifiedVia: rec.verifiedVia } : {}),
|
|
80
|
+
...(rec.verifiedAt !== undefined ? { verifiedAt: rec.verifiedAt } : {}),
|
|
81
|
+
...(rec.label !== undefined ? { label: rec.label } : {}),
|
|
82
|
+
};
|
|
83
|
+
}
|
|
84
|
+
get(kid) {
|
|
85
|
+
return this.load().devices[kid] ?? null;
|
|
86
|
+
}
|
|
87
|
+
revoke(kid) {
|
|
88
|
+
const dir = this.load();
|
|
89
|
+
if (!dir.devices[kid])
|
|
90
|
+
return false;
|
|
91
|
+
delete dir.devices[kid];
|
|
92
|
+
this.save(dir);
|
|
93
|
+
logger.info({ kid }, 'Peer E2EE device public key revoked');
|
|
94
|
+
return true;
|
|
95
|
+
}
|
|
96
|
+
list() {
|
|
97
|
+
return Object.values(this.load().devices);
|
|
98
|
+
}
|
|
99
|
+
load() {
|
|
100
|
+
const row = this.sqlite
|
|
101
|
+
.prepare('SELECT value FROM settings WHERE key = ?')
|
|
102
|
+
.get(SETTINGS_KEY);
|
|
103
|
+
if (!row)
|
|
104
|
+
return { v: STORE_VERSION, devices: {} };
|
|
105
|
+
try {
|
|
106
|
+
const parsed = JSON.parse(row.value);
|
|
107
|
+
if (parsed.v !== STORE_VERSION || typeof parsed.devices !== 'object') {
|
|
108
|
+
logger.warn('E2EE device directory has unexpected shape — resetting');
|
|
109
|
+
return { v: STORE_VERSION, devices: {} };
|
|
110
|
+
}
|
|
111
|
+
for (const rec of Object.values(parsed.devices)) {
|
|
112
|
+
if (rec && typeof rec === 'object' && rec.trust === undefined) {
|
|
113
|
+
rec.trust = 'unverified';
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
return parsed;
|
|
117
|
+
}
|
|
118
|
+
catch {
|
|
119
|
+
logger.warn('Failed to parse E2EE device directory — resetting');
|
|
120
|
+
return { v: STORE_VERSION, devices: {} };
|
|
121
|
+
}
|
|
122
|
+
}
|
|
123
|
+
save(dir) {
|
|
124
|
+
const now = new Date().toISOString();
|
|
125
|
+
this.sqlite
|
|
126
|
+
.prepare(`INSERT INTO settings (id, key, value, created_at, updated_at)
|
|
127
|
+
VALUES (?, ?, ?, ?, ?)
|
|
128
|
+
ON CONFLICT(key) DO UPDATE SET value = excluded.value, updated_at = excluded.updated_at`)
|
|
129
|
+
.run((0, crypto_1.randomUUID)(), SETTINGS_KEY, JSON.stringify(dir), now, now);
|
|
130
|
+
}
|
|
131
|
+
};
|
|
132
|
+
exports.E2eeDeviceStoreService = E2eeDeviceStoreService;
|
|
133
|
+
exports.E2eeDeviceStoreService = E2eeDeviceStoreService = __decorate([
|
|
134
|
+
(0, common_1.Injectable)(),
|
|
135
|
+
__param(0, (0, common_1.Inject)(db_provider_1.DB_CONNECTION)),
|
|
136
|
+
__metadata("design:paramtypes", [better_sqlite3_1.BetterSQLite3Database])
|
|
137
|
+
], E2eeDeviceStoreService);
|
|
138
|
+
//# sourceMappingURL=e2ee-device-store.service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"e2ee-device-store.service.js","sourceRoot":"","sources":["../../../../src/modules/e2ee/services/e2ee-device-store.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAoD;AACpD,mCAAoC;AACpC,+DAAmE;AAEnE,6CAQ0B;AAC1B,8DAA6D;AAC7D,4DAAiE;AACjE,2DAA8D;AAE9D,MAAM,MAAM,GAAG,IAAA,qBAAY,EAAC,iBAAiB,CAAC,CAAC;AAE/C,MAAM,YAAY,GAAG,oBAAoB,CAAC;AAkC1C,MAAM,aAAa,GAAG,CAAC,CAAC;AAUjB,IAAM,sBAAsB,GAA5B,MAAM,sBAAsB;IAGjC,YAAoD,EAAyB;QAAzB,OAAE,GAAF,EAAE,CAAuB;QAC3E,IAAI,CAAC,MAAM,GAAG,IAAA,+BAAkB,EAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC5C,CAAC;IAOD,GAAG,CACD,MAGC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACxB,MAAM,MAAM,GAAmB;YAC7B,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnD,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,YAAY;YACnC,GAAG,CAAC,MAAM,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7E,GAAG,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAChF,GAAG,CAAC,MAAM,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7E,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC/D,CAAC;QACF,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC;QACjC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,EAAE,mCAAmC,CAAC,CAAC;QAC3F,OAAO,MAAM,CAAC;IAChB,CAAC;IAUD,SAAS,CAAC,QAAyB,EAAE,MAAc,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACzE,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACxB,MAAM,QAAQ,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,IAAI,CAA2B,CAAC;QAG/E,MAAM,KAAK,GACT,QAAQ;YACR,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,QAAQ,CAAC,YAAY,CAAC;YAChF,IAAI,CAAC;QACP,MAAM,UAAU,GAAG,IAAA,yBAAgB,EAAC,KAA+B,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;QACpF,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QACzC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC;QACjC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACf,MAAM,CAAC,IAAI,CACT,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,EACvE,qDAAqD,CACtD,CAAC;QACF,OAAO,MAAM,CAAC;IAChB,CAAC;IAMD,YAAY,CAAC,GAAW,EAAE,MAAc,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC9D,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACxB,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC;QAC3B,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAA,oCAA2B,EAAC,QAA2B,EAAE,GAAG,CAAC,CAAC,CAAC;QAC5F,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC;QAC1B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,EAAE,oDAAoD,CAAC,CAAC;QAC3E,OAAO,MAAM,CAAC;IAChB,CAAC;IAGO,QAAQ,CAAC,GAAoB;QACnC,OAAO;YACL,GAAG,EAAE,GAAG,CAAC,GAAG;YACZ,YAAY,EAAE,GAAG,CAAC,YAAY;YAC9B,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,GAAG,CAAC,GAAG,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvE,GAAG,CAAC,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1E,GAAG,CAAC,GAAG,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvE,GAAG,CAAC,GAAG,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACzD,CAAC;IACJ,CAAC;IAGD,GAAG,CAAC,GAAW;QACb,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC;IAC1C,CAAC;IAGD,MAAM,CAAC,GAAW;QAChB,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACxB,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;YAAE,OAAO,KAAK,CAAC;QACpC,OAAO,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACxB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,EAAE,qCAAqC,CAAC,CAAC;QAC5D,OAAO,IAAI,CAAC;IACd,CAAC;IAGD,IAAI;QACF,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,CAAC;IAC5C,CAAC;IAEO,IAAI;QACV,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM;aACpB,OAAO,CAAC,0CAA0C,CAAC;aACnD,GAAG,CAAC,YAAY,CAAkC,CAAC;QACtD,IAAI,CAAC,GAAG;YAAE,OAAO,EAAE,CAAC,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QACnD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAoB,CAAC;YACxD,IAAI,MAAM,CAAC,CAAC,KAAK,aAAa,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;gBACrE,MAAM,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;gBACtE,OAAO,EAAE,CAAC,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;YAC3C,CAAC;YAGD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;gBAChD,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;oBAC9D,GAAG,CAAC,KAAK,GAAG,YAAY,CAAC;gBAC3B,CAAC;YACH,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;YACjE,OAAO,EAAE,CAAC,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QAC3C,CAAC;IACH,CAAC;IAEO,IAAI,CAAC,GAAoB;QAC/B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,IAAI,CAAC,MAAM;aACR,OAAO,CACN;;iGAEyF,CAC1F;aACA,GAAG,CAAC,IAAA,mBAAU,GAAE,EAAE,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;IACpE,CAAC;CACF,CAAA;AAnJY,wDAAsB;iCAAtB,sBAAsB;IADlC,IAAA,mBAAU,GAAE;IAIE,WAAA,IAAA,eAAM,EAAC,2BAAa,CAAC,CAAA;qCAAsB,sCAAqB;GAHlE,sBAAsB,CAmJlC"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import { BetterSQLite3Database } from 'drizzle-orm/better-sqlite3';
|
|
2
|
+
import { type E2eeKeyPair } from '@devchain/shared';
|
|
3
|
+
export interface E2eePublicKeyExport {
|
|
4
|
+
kid: string;
|
|
5
|
+
publicKeyB64: string;
|
|
6
|
+
}
|
|
7
|
+
export declare class E2eeKeypairService {
|
|
8
|
+
private readonly db;
|
|
9
|
+
private sqlite;
|
|
10
|
+
private encryptionKey;
|
|
11
|
+
private cache;
|
|
12
|
+
constructor(db: BetterSQLite3Database);
|
|
13
|
+
getOrCreate(): Promise<E2eeKeyPair>;
|
|
14
|
+
exportPublic(): Promise<E2eePublicKeyExport>;
|
|
15
|
+
private persist;
|
|
16
|
+
private retrieve;
|
|
17
|
+
private getEncryptionKey;
|
|
18
|
+
private getOrCreateSecret;
|
|
19
|
+
private encrypt;
|
|
20
|
+
private decrypt;
|
|
21
|
+
}
|
|
@@ -0,0 +1,152 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
12
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.E2eeKeypairService = void 0;
|
|
16
|
+
const common_1 = require("@nestjs/common");
|
|
17
|
+
const crypto_1 = require("crypto");
|
|
18
|
+
const fs_1 = require("fs");
|
|
19
|
+
const path_1 = require("path");
|
|
20
|
+
const os_1 = require("os");
|
|
21
|
+
const better_sqlite3_1 = require("drizzle-orm/better-sqlite3");
|
|
22
|
+
const shared_1 = require("@devchain/shared");
|
|
23
|
+
const db_provider_1 = require("../../storage/db/db.provider");
|
|
24
|
+
const sqlite_raw_1 = require("../../storage/db/sqlite-raw");
|
|
25
|
+
const logger_1 = require("../../../common/logging/logger");
|
|
26
|
+
const logger = (0, logger_1.createLogger)('E2eeKeypair');
|
|
27
|
+
const SETTINGS_KEY = 'cloud.e2ee.keypair';
|
|
28
|
+
const APP_SALT = Buffer.from('devchain-e2ee-keypair-store-v1-salt', 'utf8');
|
|
29
|
+
const STORE_VERSION = 1;
|
|
30
|
+
const SECRET_DIR = (0, path_1.join)((0, os_1.homedir)(), '.devchain', 'cloud');
|
|
31
|
+
const SECRET_FILE = (0, path_1.join)(SECRET_DIR, 'secret.key');
|
|
32
|
+
const SECRET_LENGTH = 32;
|
|
33
|
+
const KEY_LENGTH = 32;
|
|
34
|
+
const IV_LENGTH = 12;
|
|
35
|
+
const AUTH_TAG_LENGTH = 16;
|
|
36
|
+
const SCRYPT_COST = 16384;
|
|
37
|
+
const SCRYPT_BLOCK_SIZE = 8;
|
|
38
|
+
const SCRYPT_PARALLELIZATION = 1;
|
|
39
|
+
let E2eeKeypairService = class E2eeKeypairService {
|
|
40
|
+
constructor(db) {
|
|
41
|
+
this.db = db;
|
|
42
|
+
this.encryptionKey = null;
|
|
43
|
+
this.cache = null;
|
|
44
|
+
this.sqlite = (0, sqlite_raw_1.getRawSqliteClient)(this.db);
|
|
45
|
+
}
|
|
46
|
+
async getOrCreate() {
|
|
47
|
+
if (this.cache)
|
|
48
|
+
return this.cache;
|
|
49
|
+
const stored = this.retrieve();
|
|
50
|
+
if (stored) {
|
|
51
|
+
this.cache = stored;
|
|
52
|
+
return stored;
|
|
53
|
+
}
|
|
54
|
+
const generated = (0, shared_1.generateX25519KeyPair)((n) => (0, crypto_1.randomBytes)(n));
|
|
55
|
+
this.persist(generated.privateKey);
|
|
56
|
+
this.cache = generated;
|
|
57
|
+
logger.info('Generated new X25519 E2EE keypair');
|
|
58
|
+
return generated;
|
|
59
|
+
}
|
|
60
|
+
async exportPublic() {
|
|
61
|
+
const kp = await this.getOrCreate();
|
|
62
|
+
return {
|
|
63
|
+
kid: kp.kid,
|
|
64
|
+
publicKeyB64: Buffer.from(kp.publicKey).toString('base64'),
|
|
65
|
+
};
|
|
66
|
+
}
|
|
67
|
+
persist(privateKey) {
|
|
68
|
+
const record = {
|
|
69
|
+
v: STORE_VERSION,
|
|
70
|
+
priv: Buffer.from(privateKey).toString('base64'),
|
|
71
|
+
};
|
|
72
|
+
const encrypted = this.encrypt(JSON.stringify(record));
|
|
73
|
+
const now = new Date().toISOString();
|
|
74
|
+
this.sqlite
|
|
75
|
+
.prepare(`INSERT INTO settings (id, key, value, created_at, updated_at)
|
|
76
|
+
VALUES (lower(hex(randomblob(16))), ?, ?, ?, ?)
|
|
77
|
+
ON CONFLICT(key) DO UPDATE SET value = excluded.value, updated_at = excluded.updated_at`)
|
|
78
|
+
.run(SETTINGS_KEY, encrypted, now, now);
|
|
79
|
+
}
|
|
80
|
+
retrieve() {
|
|
81
|
+
const row = this.sqlite
|
|
82
|
+
.prepare('SELECT value FROM settings WHERE key = ?')
|
|
83
|
+
.get(SETTINGS_KEY);
|
|
84
|
+
if (!row)
|
|
85
|
+
return null;
|
|
86
|
+
try {
|
|
87
|
+
const record = JSON.parse(this.decrypt(row.value));
|
|
88
|
+
if (record.v !== STORE_VERSION || typeof record.priv !== 'string') {
|
|
89
|
+
logger.warn('E2EE keypair record has unexpected shape — will regenerate');
|
|
90
|
+
return null;
|
|
91
|
+
}
|
|
92
|
+
const privateKey = Buffer.from(record.priv, 'base64');
|
|
93
|
+
if (privateKey.length !== shared_1.X25519_PRIVATE_KEY_BYTES) {
|
|
94
|
+
logger.warn('E2EE private key has wrong byte length — will regenerate');
|
|
95
|
+
return null;
|
|
96
|
+
}
|
|
97
|
+
return (0, shared_1.fromX25519PrivateKey)(new Uint8Array(privateKey));
|
|
98
|
+
}
|
|
99
|
+
catch {
|
|
100
|
+
logger.warn('Failed to decrypt E2EE keypair — will regenerate');
|
|
101
|
+
return null;
|
|
102
|
+
}
|
|
103
|
+
}
|
|
104
|
+
getEncryptionKey() {
|
|
105
|
+
if (this.encryptionKey)
|
|
106
|
+
return this.encryptionKey;
|
|
107
|
+
const secret = this.getOrCreateSecret();
|
|
108
|
+
const machineComponent = Buffer.from(`${(0, os_1.hostname)()}:${(0, os_1.userInfo)().username}`, 'utf8');
|
|
109
|
+
const password = Buffer.concat([secret, machineComponent]);
|
|
110
|
+
this.encryptionKey = (0, crypto_1.scryptSync)(password, APP_SALT, KEY_LENGTH, {
|
|
111
|
+
N: SCRYPT_COST,
|
|
112
|
+
r: SCRYPT_BLOCK_SIZE,
|
|
113
|
+
p: SCRYPT_PARALLELIZATION,
|
|
114
|
+
});
|
|
115
|
+
return this.encryptionKey;
|
|
116
|
+
}
|
|
117
|
+
getOrCreateSecret() {
|
|
118
|
+
if ((0, fs_1.existsSync)(SECRET_FILE))
|
|
119
|
+
return (0, fs_1.readFileSync)(SECRET_FILE);
|
|
120
|
+
if (!(0, fs_1.existsSync)(SECRET_DIR))
|
|
121
|
+
(0, fs_1.mkdirSync)(SECRET_DIR, { recursive: true, mode: 0o700 });
|
|
122
|
+
const secret = (0, crypto_1.randomBytes)(SECRET_LENGTH);
|
|
123
|
+
(0, fs_1.writeFileSync)(SECRET_FILE, secret, { mode: 0o600 });
|
|
124
|
+
(0, fs_1.chmodSync)(SECRET_FILE, 0o600);
|
|
125
|
+
return secret;
|
|
126
|
+
}
|
|
127
|
+
encrypt(plaintext) {
|
|
128
|
+
const key = this.getEncryptionKey();
|
|
129
|
+
const iv = (0, crypto_1.randomBytes)(IV_LENGTH);
|
|
130
|
+
const cipher = (0, crypto_1.createCipheriv)('aes-256-gcm', key, iv, { authTagLength: AUTH_TAG_LENGTH });
|
|
131
|
+
const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);
|
|
132
|
+
const authTag = cipher.getAuthTag();
|
|
133
|
+
return Buffer.concat([iv, authTag, encrypted]).toString('base64');
|
|
134
|
+
}
|
|
135
|
+
decrypt(ciphertext) {
|
|
136
|
+
const key = this.getEncryptionKey();
|
|
137
|
+
const data = Buffer.from(ciphertext, 'base64');
|
|
138
|
+
const iv = data.subarray(0, IV_LENGTH);
|
|
139
|
+
const authTag = data.subarray(IV_LENGTH, IV_LENGTH + AUTH_TAG_LENGTH);
|
|
140
|
+
const encrypted = data.subarray(IV_LENGTH + AUTH_TAG_LENGTH);
|
|
141
|
+
const decipher = (0, crypto_1.createDecipheriv)('aes-256-gcm', key, iv, { authTagLength: AUTH_TAG_LENGTH });
|
|
142
|
+
decipher.setAuthTag(authTag);
|
|
143
|
+
return decipher.update(encrypted) + decipher.final('utf8');
|
|
144
|
+
}
|
|
145
|
+
};
|
|
146
|
+
exports.E2eeKeypairService = E2eeKeypairService;
|
|
147
|
+
exports.E2eeKeypairService = E2eeKeypairService = __decorate([
|
|
148
|
+
(0, common_1.Injectable)(),
|
|
149
|
+
__param(0, (0, common_1.Inject)(db_provider_1.DB_CONNECTION)),
|
|
150
|
+
__metadata("design:paramtypes", [better_sqlite3_1.BetterSQLite3Database])
|
|
151
|
+
], E2eeKeypairService);
|
|
152
|
+
//# sourceMappingURL=e2ee-keypair.service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"e2ee-keypair.service.js","sourceRoot":"","sources":["../../../../src/modules/e2ee/services/e2ee-keypair.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAoD;AACpD,mCAAmF;AACnF,2BAAmF;AACnF,+BAA4B;AAC5B,2BAAiD;AACjD,+DAAmE;AAEnE,6CAK0B;AAC1B,8DAA6D;AAC7D,4DAAiE;AACjE,2DAA8D;AAE9D,MAAM,MAAM,GAAG,IAAA,qBAAY,EAAC,aAAa,CAAC,CAAC;AAM3C,MAAM,YAAY,GAAG,oBAAoB,CAAC;AAC1C,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,qCAAqC,EAAE,MAAM,CAAC,CAAC;AAC5E,MAAM,aAAa,GAAG,CAAC,CAAC;AACxB,MAAM,UAAU,GAAG,IAAA,WAAI,EAAC,IAAA,YAAO,GAAE,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;AACzD,MAAM,WAAW,GAAG,IAAA,WAAI,EAAC,UAAU,EAAE,YAAY,CAAC,CAAC;AACnD,MAAM,aAAa,GAAG,EAAE,CAAC;AACzB,MAAM,UAAU,GAAG,EAAE,CAAC;AACtB,MAAM,SAAS,GAAG,EAAE,CAAC;AACrB,MAAM,eAAe,GAAG,EAAE,CAAC;AAC3B,MAAM,WAAW,GAAG,KAAK,CAAC;AAC1B,MAAM,iBAAiB,GAAG,CAAC,CAAC;AAC5B,MAAM,sBAAsB,GAAG,CAAC,CAAC;AA2B1B,IAAM,kBAAkB,GAAxB,MAAM,kBAAkB;IAK7B,YAAmC,EAA0C;QAAzB,OAAE,GAAF,EAAE,CAAuB;QAHrE,kBAAa,GAAkB,IAAI,CAAC;QACpC,UAAK,GAAuB,IAAI,CAAC;QAGvC,IAAI,CAAC,MAAM,GAAG,IAAA,+BAAkB,EAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC5C,CAAC;IAMD,KAAK,CAAC,WAAW;QACf,IAAI,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC;QAClC,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC/B,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC;YACpB,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,MAAM,SAAS,GAAG,IAAA,8BAAqB,EAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,oBAAW,EAAC,CAAC,CAAC,CAAC,CAAC;QAC/D,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QACnC,IAAI,CAAC,KAAK,GAAG,SAAS,CAAC;QACvB,MAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;QACjD,OAAO,SAAS,CAAC;IACnB,CAAC;IAGD,KAAK,CAAC,YAAY;QAChB,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QACpC,OAAO;YACL,GAAG,EAAE,EAAE,CAAC,GAAG;YACX,YAAY,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;SAC3D,CAAC;IACJ,CAAC;IAEO,OAAO,CAAC,UAAsB;QACpC,MAAM,MAAM,GAAsB;YAChC,CAAC,EAAE,aAAa;YAChB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;SACjD,CAAC;QACF,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;QACvD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,IAAI,CAAC,MAAM;aACR,OAAO,CACN;;iGAEyF,CAC1F;aACA,GAAG,CAAC,YAAY,EAAE,SAAS,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;IAC5C,CAAC;IAEO,QAAQ;QACd,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM;aACpB,OAAO,CAAC,0CAA0C,CAAC;aACnD,GAAG,CAAC,YAAY,CAAkC,CAAC;QACtD,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QACtB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAsB,CAAC;YACxE,IAAI,MAAM,CAAC,CAAC,KAAK,aAAa,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAClE,MAAM,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;gBAC1E,OAAO,IAAI,CAAC;YACd,CAAC;YACD,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;YACtD,IAAI,UAAU,CAAC,MAAM,KAAK,iCAAwB,EAAE,CAAC;gBACnD,MAAM,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC;gBACxE,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,IAAA,6BAAoB,EAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;QAC1D,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAEO,gBAAgB;QACtB,IAAI,IAAI,CAAC,aAAa;YAAE,OAAO,IAAI,CAAC,aAAa,CAAC;QAClD,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACxC,MAAM,gBAAgB,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,IAAA,aAAQ,GAAE,IAAI,IAAA,aAAQ,GAAE,CAAC,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;QACrF,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC,CAAC;QAC3D,IAAI,CAAC,aAAa,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE;YAC9D,CAAC,EAAE,WAAW;YACd,CAAC,EAAE,iBAAiB;YACpB,CAAC,EAAE,sBAAsB;SAC1B,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IAEO,iBAAiB;QACvB,IAAI,IAAA,eAAU,EAAC,WAAW,CAAC;YAAE,OAAO,IAAA,iBAAY,EAAC,WAAW,CAAC,CAAC;QAC9D,IAAI,CAAC,IAAA,eAAU,EAAC,UAAU,CAAC;YAAE,IAAA,cAAS,EAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACrF,MAAM,MAAM,GAAG,IAAA,oBAAW,EAAC,aAAa,CAAC,CAAC;QAC1C,IAAA,kBAAa,EAAC,WAAW,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACpD,IAAA,cAAS,EAAC,WAAW,EAAE,KAAK,CAAC,CAAC;QAC9B,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,OAAO,CAAC,SAAiB;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACpC,MAAM,EAAE,GAAG,IAAA,oBAAW,EAAC,SAAS,CAAC,CAAC;QAClC,MAAM,MAAM,GAAG,IAAA,uBAAc,EAAC,aAAa,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,aAAa,EAAE,eAAe,EAAE,CAAC,CAAC;QAC1F,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACpF,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QACpC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACpE,CAAC;IAEO,OAAO,CAAC,UAAkB;QAChC,MAAM,GAAG,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACpC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAC/C,MAAM,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,SAAS,GAAG,eAAe,CAAC,CAAC;QACtE,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,GAAG,eAAe,CAAC,CAAC;QAC7D,MAAM,QAAQ,GAAG,IAAA,yBAAgB,EAAC,aAAa,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,aAAa,EAAE,eAAe,EAAE,CAAC,CAAC;QAC9F,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAC7B,OAAO,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC7D,CAAC;CACF,CAAA;AApHY,gDAAkB;6BAAlB,kBAAkB;IAD9B,IAAA,mBAAU,GAAE;IAME,WAAA,IAAA,eAAM,EAAC,2BAAa,CAAC,CAAA;qCAAsB,sCAAqB;GALlE,kBAAkB,CAoH9B"}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
import { type E2eeTrustStatus } from '@devchain/shared';
|
|
2
|
+
import { E2eeKeypairService } from './e2ee-keypair.service';
|
|
3
|
+
import { E2eeDeviceStoreService } from './e2ee-device-store.service';
|
|
4
|
+
export interface BeginQrPairingResult {
|
|
5
|
+
pcEncPubKey: string;
|
|
6
|
+
pcEncKid: string;
|
|
7
|
+
pairingSecret: string;
|
|
8
|
+
}
|
|
9
|
+
export interface CompleteQrPairingInput {
|
|
10
|
+
channelId: string;
|
|
11
|
+
deviceEncPubKey: string;
|
|
12
|
+
deviceEncKid: string;
|
|
13
|
+
pairingMac: string;
|
|
14
|
+
label?: string;
|
|
15
|
+
}
|
|
16
|
+
export interface CompleteQrPairingResult {
|
|
17
|
+
kid: string;
|
|
18
|
+
trust: E2eeTrustStatus;
|
|
19
|
+
}
|
|
20
|
+
export declare class E2eePairingService {
|
|
21
|
+
private readonly keypair;
|
|
22
|
+
private readonly deviceStore;
|
|
23
|
+
private readonly pending;
|
|
24
|
+
constructor(keypair: E2eeKeypairService, deviceStore: E2eeDeviceStoreService);
|
|
25
|
+
beginQrPairing(channelId: string): Promise<BeginQrPairingResult>;
|
|
26
|
+
completeQrPairing(input: CompleteQrPairingInput): Promise<CompleteQrPairingResult>;
|
|
27
|
+
private evictExpired;
|
|
28
|
+
}
|
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.E2eePairingService = void 0;
|
|
13
|
+
const common_1 = require("@nestjs/common");
|
|
14
|
+
const crypto_1 = require("crypto");
|
|
15
|
+
const shared_1 = require("@devchain/shared");
|
|
16
|
+
const error_types_1 = require("../../../common/errors/error-types");
|
|
17
|
+
const logger_1 = require("../../../common/logging/logger");
|
|
18
|
+
const e2ee_keypair_service_1 = require("./e2ee-keypair.service");
|
|
19
|
+
const e2ee_device_store_service_1 = require("./e2ee-device-store.service");
|
|
20
|
+
const logger = (0, logger_1.createLogger)('E2eePairing');
|
|
21
|
+
const PENDING_TTL_MS = 5 * 60 * 1000;
|
|
22
|
+
let E2eePairingService = class E2eePairingService {
|
|
23
|
+
constructor(keypair, deviceStore) {
|
|
24
|
+
this.keypair = keypair;
|
|
25
|
+
this.deviceStore = deviceStore;
|
|
26
|
+
this.pending = new Map();
|
|
27
|
+
}
|
|
28
|
+
async beginQrPairing(channelId) {
|
|
29
|
+
if (!channelId)
|
|
30
|
+
throw new error_types_1.ValidationError('channelId is required');
|
|
31
|
+
this.evictExpired();
|
|
32
|
+
const pub = await this.keypair.exportPublic();
|
|
33
|
+
const secret = Uint8Array.from((0, crypto_1.randomBytes)(shared_1.PAIRING_SECRET_BYTES));
|
|
34
|
+
this.pending.set(channelId, { secret, createdAt: Date.now() });
|
|
35
|
+
return {
|
|
36
|
+
pcEncPubKey: pub.publicKeyB64,
|
|
37
|
+
pcEncKid: pub.kid,
|
|
38
|
+
pairingSecret: (0, shared_1.bytesToBase64)(secret),
|
|
39
|
+
};
|
|
40
|
+
}
|
|
41
|
+
async completeQrPairing(input) {
|
|
42
|
+
this.evictExpired();
|
|
43
|
+
const pending = this.pending.get(input.channelId);
|
|
44
|
+
if (!pending) {
|
|
45
|
+
throw new error_types_1.NotFoundError('Pairing session', input.channelId);
|
|
46
|
+
}
|
|
47
|
+
if (!input.deviceEncPubKey || !input.deviceEncKid || !input.pairingMac) {
|
|
48
|
+
throw new error_types_1.ValidationError('deviceEncPubKey, deviceEncKid and pairingMac are required');
|
|
49
|
+
}
|
|
50
|
+
let devicePublicKey;
|
|
51
|
+
let mac;
|
|
52
|
+
try {
|
|
53
|
+
devicePublicKey = (0, shared_1.base64ToBytes)(input.deviceEncPubKey);
|
|
54
|
+
mac = (0, shared_1.base64ToBytes)(input.pairingMac);
|
|
55
|
+
}
|
|
56
|
+
catch {
|
|
57
|
+
throw new error_types_1.ValidationError('deviceEncPubKey / pairingMac are not valid base64');
|
|
58
|
+
}
|
|
59
|
+
if (devicePublicKey.length !== shared_1.X25519_PUBLIC_KEY_BYTES) {
|
|
60
|
+
throw new error_types_1.ValidationError(`deviceEncPubKey must decode to ${shared_1.X25519_PUBLIC_KEY_BYTES} bytes`);
|
|
61
|
+
}
|
|
62
|
+
if ((0, shared_1.deriveKid)(devicePublicKey) !== input.deviceEncKid) {
|
|
63
|
+
this.pending.delete(input.channelId);
|
|
64
|
+
logger.warn({ channelId: input.channelId, suppliedKid: input.deviceEncKid }, 'E2EE QR pairing rejected — deviceEncKid does not match deviceEncPubKey (possible substitution)');
|
|
65
|
+
throw new error_types_1.ForbiddenError('E2EE pairing verification failed');
|
|
66
|
+
}
|
|
67
|
+
const pc = await this.keypair.getOrCreate();
|
|
68
|
+
const transcript = (0, shared_1.buildPairingTranscript)({
|
|
69
|
+
pcPublicKey: pc.publicKey,
|
|
70
|
+
pcKid: pc.kid,
|
|
71
|
+
mobilePublicKey: devicePublicKey,
|
|
72
|
+
mobileKid: input.deviceEncKid,
|
|
73
|
+
channelId: input.channelId,
|
|
74
|
+
});
|
|
75
|
+
if (!(0, shared_1.verifyPairingMac)(pending.secret, transcript, mac)) {
|
|
76
|
+
this.pending.delete(input.channelId);
|
|
77
|
+
logger.warn({ channelId: input.channelId, deviceKid: input.deviceEncKid }, 'E2EE QR pairing MAC verification failed — rejecting (possible key-substituting relay)');
|
|
78
|
+
throw new error_types_1.ForbiddenError('E2EE pairing verification failed');
|
|
79
|
+
}
|
|
80
|
+
(0, shared_1.deriveSharedKey)(pc.privateKey, devicePublicKey);
|
|
81
|
+
const record = this.deviceStore.add({
|
|
82
|
+
kid: input.deviceEncKid,
|
|
83
|
+
publicKeyB64: input.deviceEncPubKey,
|
|
84
|
+
trust: 'verified',
|
|
85
|
+
verifiedVia: 'qr',
|
|
86
|
+
verifiedAt: new Date().toISOString(),
|
|
87
|
+
...(input.label !== undefined ? { label: input.label } : {}),
|
|
88
|
+
});
|
|
89
|
+
this.pending.delete(input.channelId);
|
|
90
|
+
logger.info({ channelId: input.channelId, deviceKid: record.kid }, 'E2EE QR pairing verified — peer device marked VERIFIED');
|
|
91
|
+
return { kid: record.kid, trust: record.trust };
|
|
92
|
+
}
|
|
93
|
+
evictExpired() {
|
|
94
|
+
const cutoff = Date.now() - PENDING_TTL_MS;
|
|
95
|
+
for (const [channelId, entry] of this.pending) {
|
|
96
|
+
if (entry.createdAt < cutoff)
|
|
97
|
+
this.pending.delete(channelId);
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
};
|
|
101
|
+
exports.E2eePairingService = E2eePairingService;
|
|
102
|
+
exports.E2eePairingService = E2eePairingService = __decorate([
|
|
103
|
+
(0, common_1.Injectable)(),
|
|
104
|
+
__metadata("design:paramtypes", [e2ee_keypair_service_1.E2eeKeypairService,
|
|
105
|
+
e2ee_device_store_service_1.E2eeDeviceStoreService])
|
|
106
|
+
], E2eePairingService);
|
|
107
|
+
//# sourceMappingURL=e2ee-pairing.service.js.map
|