forkoff 1.0.8 → 1.0.10

package/dist/__tests__/crypto/keyStorage.test.js

@@ -0,0 +1,133 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+const keyStorage_1 = require("../../crypto/keyStorage");
+// Mock keytar to avoid actual OS keychain operations during tests
+jest.mock('keytar', () => ({
+    setPassword: jest.fn(),
+    getPassword: jest.fn(),
+    deletePassword: jest.fn(),
+}));
+const keytar = __importStar(require("keytar"));
+describe('CLI Key Storage', () => {
+    const mockKeytar = keytar;
+    beforeEach(() => {
+        jest.clearAllMocks();
+        // Clear session keys between tests
+        (0, keyStorage_1.clearSessionKeys)();
+    });
+    describe('OS Keychain Operations', () => {
+        it('stores private key in OS keychain', async () => {
+            const deviceId = 'device-123';
+            const privateKey = 'AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQE=';
+            mockKeytar.setPassword.mockResolvedValue();
+            await (0, keyStorage_1.storePrivateKey)(deviceId, privateKey);
+            expect(mockKeytar.setPassword).toHaveBeenCalledWith('forkoff-cli', `e2ee-private-key-${deviceId}`, privateKey);
+        });
+        it('retrieves private key from OS keychain', async () => {
+            const deviceId = 'device-123';
+            const privateKey = 'AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQE=';
+            mockKeytar.getPassword.mockResolvedValue(privateKey);
+            const result = await (0, keyStorage_1.getPrivateKey)(deviceId);
+            expect(result).toBe(privateKey);
+            expect(mockKeytar.getPassword).toHaveBeenCalledWith('forkoff-cli', `e2ee-private-key-${deviceId}`);
+        });
+        it('returns null when no key exists', async () => {
+            const deviceId = 'device-123';
+            mockKeytar.getPassword.mockResolvedValue(null);
+            const result = await (0, keyStorage_1.getPrivateKey)(deviceId);
+            expect(result).toBeNull();
+        });
+        it('deletes keys from keychain', async () => {
+            const deviceId = 'device-123';
+            mockKeytar.deletePassword.mockResolvedValue(true);
+            await (0, keyStorage_1.deletePrivateKey)(deviceId);
+            expect(mockKeytar.deletePassword).toHaveBeenCalledWith('forkoff-cli', `e2ee-private-key-${deviceId}`);
+        });
+        it('handles keychain errors gracefully', async () => {
+            const deviceId = 'device-123';
+            mockKeytar.getPassword.mockRejectedValue(new Error('Keychain access denied'));
+            // Should not throw, should return null
+            const result = await (0, keyStorage_1.getPrivateKey)(deviceId);
+            expect(result).toBeNull();
+        });
+    });
+    describe('Session Key Storage (In-Memory)', () => {
+        it('stores session keys in memory', () => {
+            const deviceId = 'device-456';
+            const sessionKey = new Uint8Array(32).fill(1);
+            const sessionId = 'session-abc';
+            (0, keyStorage_1.storeSessionKey)(deviceId, sessionKey, sessionId);
+            const retrieved = (0, keyStorage_1.getSessionKey)(deviceId);
+            expect(retrieved).toEqual({
+                encryptionKey: sessionKey,
+                sessionId,
+            });
+        });
+        it('retrieves session keys by device ID', () => {
+            const deviceId = 'device-456';
+            const sessionKey = new Uint8Array(32).fill(2);
+            const sessionId = 'session-xyz';
+            (0, keyStorage_1.storeSessionKey)(deviceId, sessionKey, sessionId);
+            const retrieved = (0, keyStorage_1.getSessionKey)(deviceId);
+            expect(retrieved?.encryptionKey).toEqual(sessionKey);
+            expect(retrieved?.sessionId).toBe(sessionId);
+        });
+        it('returns null for non-existent session keys', () => {
+            const result = (0, keyStorage_1.getSessionKey)('nonexistent-device');
+            expect(result).toBeNull();
+        });
+        it('clears all session keys', () => {
+            const device1 = 'device-1';
+            const device2 = 'device-2';
+            (0, keyStorage_1.storeSessionKey)(device1, new Uint8Array(32).fill(1), 'session-1');
+            (0, keyStorage_1.storeSessionKey)(device2, new Uint8Array(32).fill(2), 'session-2');
+            (0, keyStorage_1.clearSessionKeys)();
+            expect((0, keyStorage_1.getSessionKey)(device1)).toBeNull();
+            expect((0, keyStorage_1.getSessionKey)(device2)).toBeNull();
+        });
+        it('overwrites existing session key for same device', () => {
+            const deviceId = 'device-123';
+            const firstKey = new Uint8Array(32).fill(1);
+            const secondKey = new Uint8Array(32).fill(2);
+            (0, keyStorage_1.storeSessionKey)(deviceId, firstKey, 'session-1');
+            (0, keyStorage_1.storeSessionKey)(deviceId, secondKey, 'session-2');
+            const retrieved = (0, keyStorage_1.getSessionKey)(deviceId);
+            expect(retrieved?.encryptionKey).toEqual(secondKey);
+            expect(retrieved?.sessionId).toBe('session-2');
+        });
+    });
+});
+//# sourceMappingURL=keyStorage.test.js.map

package/dist/__tests__/crypto/keyStorage.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keyStorage.test.js","sourceRoot":"","sources":["../../../src/__tests__/crypto/keyStorage.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wDAOiC;AAEjC,kEAAkE;AAClE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,CAAC;IACzB,WAAW,EAAE,IAAI,CAAC,EAAE,EAAE;IACtB,WAAW,EAAE,IAAI,CAAC,EAAE,EAAE;IACtB,cAAc,EAAE,IAAI,CAAC,EAAE,EAAE;CAC1B,CAAC,CAAC,CAAC;AAEJ,+CAAiC;AAEjC,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;IAC/B,MAAM,UAAU,GAAG,MAAoC,CAAC;IAExD,UAAU,CAAC,GAAG,EAAE;QACd,IAAI,CAAC,aAAa,EAAE,CAAC;QACrB,mCAAmC;QACnC,IAAA,6BAAgB,GAAE,CAAC;IACrB,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;QACtC,EAAE,CAAC,mCAAmC,EAAE,KAAK,IAAI,EAAE;YACjD,MAAM,QAAQ,GAAG,YAAY,CAAC;YAC9B,MAAM,UAAU,GAAG,8CAA8C,CAAC;YAElE,UAAU,CAAC,WAAW,CAAC,iBAAiB,EAAE,CAAC;YAE3C,MAAM,IAAA,4BAAe,EAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;YAE5C,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,oBAAoB,CACjD,aAAa,EACb,oBAAoB,QAAQ,EAAE,EAC9B,UAAU,CACX,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;YACtD,MAAM,QAAQ,GAAG,YAAY,CAAC;YAC9B,MAAM,UAAU,GAAG,8CAA8C,CAAC;YAElE,UAAU,CAAC,WAAW,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;YAErD,MAAM,MAAM,GAAG,MAAM,IAAA,0BAAa,EAAC,QAAQ,CAAC,CAAC;YAE7C,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAChC,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,oBAAoB,CACjD,aAAa,EACb,oBAAoB,QAAQ,EAAE,CAC/B,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;YAC/C,MAAM,QAAQ,GAAG,YAAY,CAAC;YAE9B,UAAU,CAAC,WAAW,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAE/C,MAAM,MAAM,GAAG,MAAM,IAAA,0BAAa,EAAC,QAAQ,CAAC,CAAC;YAE7C,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC5B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4BAA4B,EAAE,KAAK,IAAI,EAAE;YAC1C,MAAM,QAAQ,GAAG,YAAY,CAAC;YAE9B,UAAU,CAAC,cAAc,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAElD,MAAM,IAAA,6BAAgB,EAAC,QAAQ,CAAC,CAAC;YAEjC,MAAM,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,oBAAoB,CACpD,aAAa,EACb,oBAAoB,QAAQ,EAAE,CAC/B,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;YAClD,MAAM,QAAQ,GAAG,YAAY,CAAC;YAE9B,UAAU,CAAC,WAAW,CAAC,iBAAiB,CAAC,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC;YAE9E,uCAAuC;YACvC,MAAM,MAAM,GAAG,MAAM,IAAA,0BAAa,EAAC,QAAQ,CAAC,CAAC;YAE7C,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC5B,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,iCAAiC,EAAE,GAAG,EAAE;QAC/C,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACvC,MAAM,QAAQ,GAAG,YAAY,CAAC;YAC9B,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC9C,MAAM,SAAS,GAAG,aAAa,CAAC;YAEhC,IAAA,4BAAe,EAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;YAEjD,MAAM,SAAS,GAAG,IAAA,0BAAa,EAAC,QAAQ,CAAC,CAAC;YAE1C,MAAM,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC;gBACxB,aAAa,EAAE,UAAU;gBACzB,SAAS;aACV,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,MAAM,QAAQ,GAAG,YAAY,CAAC;YAC9B,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC9C,MAAM,SAAS,GAAG,aAAa,CAAC;YAEhC,IAAA,4BAAe,EAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;YAEjD,MAAM,SAAS,GAAG,IAAA,0BAAa,EAAC,QAAQ,CAAC,CAAC;YAE1C,MAAM,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YACrD,MAAM,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC/C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;YACpD,MAAM,MAAM,GAAG,IAAA,0BAAa,EAAC,oBAAoB,CAAC,CAAC;YAEnD,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC5B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;YACjC,MAAM,OAAO,GAAG,UAAU,CAAC;YAC3B,MAAM,OAAO,GAAG,UAAU,CAAC;YAE3B,IAAA,4BAAe,EAAC,OAAO,EAAE,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;YAClE,IAAA,4BAAe,EAAC,OAAO,EAAE,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;YAElE,IAAA,6BAAgB,GAAE,CAAC;YAEnB,MAAM,CAAC,IAAA,0BAAa,EAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;YAC1C,MAAM,CAAC,IAAA,0BAAa,EAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC5C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;YACzD,MAAM,QAAQ,GAAG,YAAY,CAAC;YAC9B,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC5C,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAE7C,IAAA,4BAAe,EAAC,QAAQ,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC;YACjD,IAAA,4BAAe,EAAC,QAAQ,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;YAElD,MAAM,SAAS,GAAG,IAAA,0BAAa,EAAC,QAAQ,CAAC,CAAC;YAE1C,MAAM,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YACpD,MAAM,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/crypto/websocketIntegration.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=websocketIntegration.test.d.ts.map

package/dist/__tests__/crypto/websocketIntegration.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"websocketIntegration.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/crypto/websocketIntegration.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/crypto/websocketIntegration.test.js

@@ -0,0 +1,259 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const e2eeManager_1 = require("../../crypto/e2eeManager");
+const keyStorage = __importStar(require("../../crypto/keyStorage"));
+// Mock socket.io-client
+jest.mock('socket.io-client', () => ({
+    io: jest.fn(),
+}));
+// Mock keytar
+jest.mock('keytar');
+// Mock axios
+jest.mock('axios');
+const axios_1 = __importDefault(require("axios"));
+const mockAxios = axios_1.default;
+describe('CLI WebSocket E2EE Integration', () => {
+    let wsClient;
+    let e2eeManager;
+    let mockSocket;
+    const deviceId = 'cli-device-123';
+    const mobileDeviceId = 'mobile-device-456';
+    const apiUrl = 'https://api.forkoff.app/api';
+    const authToken = 'mock-token';
+    // Mock axios instance
+    const mockAxiosInstance = {
+        put: jest.fn(),
+        get: jest.fn(),
+    };
+    beforeEach(async () => {
+        jest.clearAllMocks();
+        keyStorage.clearSessionKeys();
+        // Mock axios.create
+        mockAxios.create = jest.fn().mockReturnValue(mockAxiosInstance);
+        // Mock successful API responses
+        mockAxiosInstance.put.mockResolvedValue({ data: { success: true, keyVersion: 1 } });
+        mockAxiosInstance.get.mockResolvedValue({
+            data: {
+                publicKey: 'AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQE=',
+                keyVersion: 1,
+            },
+        });
+        // Create mock socket
+        mockSocket = {
+            on: jest.fn(),
+            emit: jest.fn(),
+            connected: true,
+            disconnect: jest.fn(),
+        };
+        // Mock io to return our mock socket
+        const { io } = require('socket.io-client');
+        io.mockReturnValue(mockSocket);
+        // Mock key storage
+        jest.spyOn(keyStorage, 'getPrivateKey').mockResolvedValue(null);
+        jest.spyOn(keyStorage, 'storePrivateKey').mockResolvedValue();
+        // Initialize E2EE manager
+        e2eeManager = new e2eeManager_1.E2EEManager(deviceId, apiUrl, authToken);
+        await e2eeManager.initialize();
+    });
+    describe('Key Exchange Events', () => {
+        it('emits encrypted_key_exchange_init when starting encrypted session', async () => {
+            const initPayload = await e2eeManager.initiateKeyExchange(mobileDeviceId);
+            // Simulate emitting via WebSocket
+            mockSocket.emit('encrypted_key_exchange_init', {
+                recipientDeviceId: mobileDeviceId,
+                ...initPayload,
+            });
+            expect(mockSocket.emit).toHaveBeenCalledWith('encrypted_key_exchange_init', expect.objectContaining({
+                senderDeviceId: deviceId,
+                recipientDeviceId: mobileDeviceId,
+                ephemeralPublicKey: expect.any(String),
+            }));
+        });
+        it('handles incoming encrypted_key_exchange_init', async () => {
+            const incomingInit = {
+                senderDeviceId: mobileDeviceId,
+                ephemeralPublicKey: 'AgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI=',
+            };
+            // Handle key exchange init
+            const ackPayload = await e2eeManager.handleKeyExchangeInit(incomingInit.senderDeviceId, incomingInit.ephemeralPublicKey);
+            expect(ackPayload).toHaveProperty('recipientDeviceId', deviceId);
+            expect(ackPayload).toHaveProperty('ephemeralPublicKey');
+            expect(e2eeManager.hasSessionKey(mobileDeviceId)).toBe(true);
+        });
+        it('emits encrypted_key_exchange_ack after key derivation', async () => {
+            const incomingInit = {
+                senderDeviceId: mobileDeviceId,
+                ephemeralPublicKey: 'AgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI=',
+            };
+            const ackPayload = await e2eeManager.handleKeyExchangeInit(incomingInit.senderDeviceId, incomingInit.ephemeralPublicKey);
+            // Simulate emitting ack via WebSocket
+            mockSocket.emit('encrypted_key_exchange_ack', {
+                senderDeviceId: deviceId,
+                ...ackPayload,
+            });
+            expect(mockSocket.emit).toHaveBeenCalledWith('encrypted_key_exchange_ack', expect.objectContaining({
+                senderDeviceId: deviceId,
+                recipientDeviceId: deviceId,
+                ephemeralPublicKey: expect.any(String),
+            }));
+        });
+        it('handles incoming encrypted_key_exchange_ack', async () => {
+            // First initiate
+            await e2eeManager.initiateKeyExchange(mobileDeviceId);
+            // Then handle ack
+            const incomingAck = {
+                recipientDeviceId: deviceId,
+                ephemeralPublicKey: 'AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM=',
+            };
+            await e2eeManager.handleKeyExchangeAck(mobileDeviceId, incomingAck.ephemeralPublicKey);
+            expect(e2eeManager.hasSessionKey(mobileDeviceId)).toBe(true);
+        });
+    });
+    describe('Message Encryption', () => {
+        beforeEach(async () => {
+            // Set up E2EE session
+            await e2eeManager.initiateKeyExchange(mobileDeviceId);
+            await e2eeManager.handleKeyExchangeAck(mobileDeviceId, 'AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM=');
+        });
+        it('encrypts user_message before sending when E2EE established', () => {
+            const plaintext = 'Hello from CLI';
+            const sessionId = 'session-abc';
+            const encryptedMessage = e2eeManager.encryptMessage(plaintext, mobileDeviceId, sessionId);
+            // Simulate emitting encrypted message via WebSocket
+            mockSocket.emit('encrypted_message', encryptedMessage);
+            expect(mockSocket.emit).toHaveBeenCalledWith('encrypted_message', expect.objectContaining({
+                senderDeviceId: deviceId,
+                recipientDeviceId: mobileDeviceId,
+                sessionId,
+                payload: expect.objectContaining({
+                    ciphertext: expect.any(String),
+                    nonce: expect.any(String),
+                    authTag: expect.any(String),
+                }),
+                messageCounter: expect.any(Number),
+                timestamp: expect.any(String),
+            }));
+        });
+        it('falls back to plaintext if E2EE not established', () => {
+            const unknownDeviceId = 'unknown-device';
+            const plaintext = 'Hello';
+            // Should throw because no session key exists
+            expect(() => e2eeManager.encryptMessage(plaintext, unknownDeviceId, 'session-123')).toThrow(/No session key found/);
+        });
+    });
+    describe('Message Decryption', () => {
+        beforeEach(async () => {
+            // Set up E2EE session as recipient
+            const ephemeralPublicKey = 'AgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI=';
+            await e2eeManager.handleKeyExchangeInit(mobileDeviceId, ephemeralPublicKey);
+        });
+        it('decrypts incoming encrypted_message', () => {
+            const plaintext = 'Secret message from mobile';
+            const sessionId = 'session-xyz';
+            // Get session key
+            const sessionKeys = keyStorage.getSessionKey(mobileDeviceId);
+            if (!sessionKeys) {
+                throw new Error('Session key not found');
+            }
+            // Create encrypted message (simulating what mobile would send)
+            const { encrypt } = require('../../crypto/encryption');
+            const encryptedPayload = encrypt(plaintext, sessionKeys.encryptionKey);
+            const encryptedMessage = {
+                senderDeviceId: mobileDeviceId,
+                recipientDeviceId: deviceId,
+                sessionId,
+                payload: encryptedPayload,
+                messageCounter: 1,
+                timestamp: new Date().toISOString(),
+            };
+            // Decrypt
+            const decrypted = e2eeManager.decryptMessage(encryptedMessage, mobileDeviceId);
+            expect(decrypted).toBe(plaintext);
+        });
+        it('rejects tampered encrypted messages', () => {
+            const sessionKeys = keyStorage.getSessionKey(mobileDeviceId);
+            if (!sessionKeys) {
+                throw new Error('Session key not found');
+            }
+            const { encrypt } = require('../../crypto/encryption');
+            const encryptedPayload = encrypt('Original message', sessionKeys.encryptionKey);
+            // Tamper with ciphertext
+            const tamperedCiphertext = Buffer.from(encryptedPayload.ciphertext, 'base64');
+            tamperedCiphertext[0] ^= 0xff;
+            encryptedPayload.ciphertext = tamperedCiphertext.toString('base64');
+            const encryptedMessage = {
+                senderDeviceId: mobileDeviceId,
+                recipientDeviceId: deviceId,
+                sessionId: 'session-xyz',
+                payload: encryptedPayload,
+                messageCounter: 1,
+                timestamp: new Date().toISOString(),
+            };
+            // Should throw on decryption
+            expect(() => e2eeManager.decryptMessage(encryptedMessage, mobileDeviceId)).toThrow();
+        });
+    });
+    describe('E2EE Session Status', () => {
+        it('tracks E2EE session status per device', async () => {
+            expect(e2eeManager.hasSessionKey(mobileDeviceId)).toBe(false);
+            // Set up session
+            const ephemeralPublicKey = 'AgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI=';
+            await e2eeManager.handleKeyExchangeInit(mobileDeviceId, ephemeralPublicKey);
+            expect(e2eeManager.hasSessionKey(mobileDeviceId)).toBe(true);
+        });
+        it('indicates when message should be encrypted', async () => {
+            // No session - should not be able to encrypt
+            expect(e2eeManager.hasSessionKey(mobileDeviceId)).toBe(false);
+            // Set up session
+            await e2eeManager.initiateKeyExchange(mobileDeviceId);
+            await e2eeManager.handleKeyExchangeAck(mobileDeviceId, 'AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM=');
+            // Now should be able to encrypt
+            expect(e2eeManager.hasSessionKey(mobileDeviceId)).toBe(true);
+        });
+        it('cleans up E2EE sessions on disconnect', () => {
+            // Set up session
+            keyStorage.storeSessionKey(mobileDeviceId, new Uint8Array(32), 'session-abc');
+            expect(e2eeManager.hasSessionKey(mobileDeviceId)).toBe(true);
+            // Cleanup
+            e2eeManager.cleanup();
+            expect(e2eeManager.hasSessionKey(mobileDeviceId)).toBe(false);
+        });
+    });
+});
+//# sourceMappingURL=websocketIntegration.test.js.map

package/dist/__tests__/crypto/websocketIntegration.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"websocketIntegration.test.js","sourceRoot":"","sources":["../../../src/__tests__/crypto/websocketIntegration.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,0DAAuD;AACvD,oEAAsD;AAEtD,wBAAwB;AACxB,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,GAAG,EAAE,CAAC,CAAC;IACnC,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;CACd,CAAC,CAAC,CAAC;AAEJ,cAAc;AACd,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAEpB,aAAa;AACb,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AACnB,kDAA0B;AAC1B,MAAM,SAAS,GAAG,eAAkC,CAAC;AAErD,QAAQ,CAAC,gCAAgC,EAAE,GAAG,EAAE;IAC9C,IAAI,QAAyB,CAAC;IAC9B,IAAI,WAAwB,CAAC;IAC7B,IAAI,UAAe,CAAC;IAEpB,MAAM,QAAQ,GAAG,gBAAgB,CAAC;IAClC,MAAM,cAAc,GAAG,mBAAmB,CAAC;IAC3C,MAAM,MAAM,GAAG,6BAA6B,CAAC;IAC7C,MAAM,SAAS,GAAG,YAAY,CAAC;IAE/B,sBAAsB;IACtB,MAAM,iBAAiB,GAAG;QACxB,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE;QACd,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE;KACf,CAAC;IAEF,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,IAAI,CAAC,aAAa,EAAE,CAAC;QACrB,UAAU,CAAC,gBAAgB,EAAE,CAAC;QAE9B,oBAAoB;QACpB,SAAS,CAAC,MAAM,GAAG,IAAI,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,iBAAwB,CAAC,CAAC;QAEvE,gCAAgC;QAChC,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,CAAC,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QACpF,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,CAAC;YACtC,IAAI,EAAE;gBACJ,SAAS,EAAE,8CAA8C;gBACzD,UAAU,EAAE,CAAC;aACd;SACF,CAAC,CAAC;QAEH,qBAAqB;QACrB,UAAU,GAAG;YACX,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;YACb,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE;YACf,SAAS,EAAE,IAAI;YACf,UAAU,EAAE,IAAI,CAAC,EAAE,EAAE;SACtB,CAAC;QAEF,oCAAoC;QACpC,MAAM,EAAE,EAAE,EAAE,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAC3C,EAAE,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;QAE/B,mBAAmB;QACnB,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAChE,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,iBAAiB,CAAC,CAAC,iBAAiB,EAAE,CAAC;QAE9D,0BAA0B;QAC1B,WAAW,GAAG,IAAI,yBAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;QAC3D,MAAM,WAAW,CAAC,UAAU,EAAE,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACnC,EAAE,CAAC,mEAAmE,EAAE,KAAK,IAAI,EAAE;YACjF,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,mBAAmB,CAAC,cAAc,CAAC,CAAC;YAE1E,kCAAkC;YAClC,UAAU,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBAC7C,iBAAiB,EAAE,cAAc;gBACjC,GAAG,WAAW;aACf,CAAC,CAAC;YAEH,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,oBAAoB,CAC1C,6BAA6B,EAC7B,MAAM,CAAC,gBAAgB,CAAC;gBACtB,cAAc,EAAE,QAAQ;gBACxB,iBAAiB,EAAE,cAAc;gBACjC,kBAAkB,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;aACvC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;YAC5D,MAAM,YAAY,GAAG;gBACnB,cAAc,EAAE,cAAc;gBAC9B,kBAAkB,EAAE,8CAA8C;aACnE,CAAC;YAEF,2BAA2B;YAC3B,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,qBAAqB,CACxD,YAAY,CAAC,cAAc,EAC3B,YAAY,CAAC,kBAAkB,CAChC,CAAC;YAEF,MAAM,CAAC,UAAU,CAAC,CAAC,cAAc,CAAC,mBAAmB,EAAE,QAAQ,CAAC,CAAC;YACjE,MAAM,CAAC,UAAU,CAAC,CAAC,cAAc,CAAC,oBAAoB,CAAC,CAAC;YACxD,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uDAAuD,EAAE,KAAK,IAAI,EAAE;YACrE,MAAM,YAAY,GAAG;gBACnB,cAAc,EAAE,cAAc;gBAC9B,kBAAkB,EAAE,8CAA8C;aACnE,CAAC;YAEF,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,qBAAqB,CACxD,YAAY,CAAC,cAAc,EAC3B,YAAY,CAAC,kBAAkB,CAChC,CAAC;YAEF,sCAAsC;YACtC,UAAU,CAAC,IAAI,CAAC,4BAA4B,EAAE;gBAC5C,cAAc,EAAE,QAAQ;gBACxB,GAAG,UAAU;aACd,CAAC,CAAC;YAEH,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,oBAAoB,CAC1C,4BAA4B,EAC5B,MAAM,CAAC,gBAAgB,CAAC;gBACtB,cAAc,EAAE,QAAQ;gBACxB,iBAAiB,EAAE,QAAQ;gBAC3B,kBAAkB,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;aACvC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;YAC3D,iBAAiB;YACjB,MAAM,WAAW,CAAC,mBAAmB,CAAC,cAAc,CAAC,CAAC;YAEtD,kBAAkB;YAClB,MAAM,WAAW,GAAG;gBAClB,iBAAiB,EAAE,QAAQ;gBAC3B,kBAAkB,EAAE,8CAA8C;aACnE,CAAC;YAEF,MAAM,WAAW,CAAC,oBAAoB,CACpC,cAAc,EACd,WAAW,CAAC,kBAAkB,CAC/B,CAAC;YAEF,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAClC,UAAU,CAAC,KAAK,IAAI,EAAE;YACpB,sBAAsB;YACtB,MAAM,WAAW,CAAC,mBAAmB,CAAC,cAAc,CAAC,CAAC;YACtD,MAAM,WAAW,CAAC,oBAAoB,CACpC,cAAc,EACd,8CAA8C,CAC/C,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4DAA4D,EAAE,GAAG,EAAE;YACpE,MAAM,SAAS,GAAG,gBAAgB,CAAC;YACnC,MAAM,SAAS,GAAG,aAAa,CAAC;YAEhC,MAAM,gBAAgB,GAAG,WAAW,CAAC,cAAc,CACjD,SAAS,EACT,cAAc,EACd,SAAS,CACV,CAAC;YAEF,oDAAoD;YACpD,UAAU,CAAC,IAAI,CAAC,mBAAmB,EAAE,gBAAgB,CAAC,CAAC;YAEvD,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,oBAAoB,CAC1C,mBAAmB,EACnB,MAAM,CAAC,gBAAgB,CAAC;gBACtB,cAAc,EAAE,QAAQ;gBACxB,iBAAiB,EAAE,cAAc;gBACjC,SAAS;gBACT,OAAO,EAAE,MAAM,CAAC,gBAAgB,CAAC;oBAC/B,UAAU,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;oBAC9B,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;oBACzB,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;iBAC5B,CAAC;gBACF,cAAc,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;gBAClC,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;aAC9B,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;YACzD,MAAM,eAAe,GAAG,gBAAgB,CAAC;YACzC,MAAM,SAAS,GAAG,OAAO,CAAC;YAE1B,6CAA6C;YAC7C,MAAM,CAAC,GAAG,EAAE,CACV,WAAW,CAAC,cAAc,CAAC,SAAS,EAAE,eAAe,EAAE,aAAa,CAAC,CACtE,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAClC,UAAU,CAAC,KAAK,IAAI,EAAE;YACpB,mCAAmC;YACnC,MAAM,kBAAkB,GAAG,8CAA8C,CAAC;YAC1E,MAAM,WAAW,CAAC,qBAAqB,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;QAC9E,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,MAAM,SAAS,GAAG,4BAA4B,CAAC;YAC/C,MAAM,SAAS,GAAG,aAAa,CAAC;YAEhC,kBAAkB;YAClB,MAAM,WAAW,GAAG,UAAU,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC;YAC7D,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;YAC3C,CAAC;YAED,+DAA+D;YAC/D,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,yBAAyB,CAAC,CAAC;YACvD,MAAM,gBAAgB,GAAG,OAAO,CAAC,SAAS,EAAE,WAAW,CAAC,aAAa,CAAC,CAAC;YAEvE,MAAM,gBAAgB,GAAG;gBACvB,cAAc,EAAE,cAAc;gBAC9B,iBAAiB,EAAE,QAAQ;gBAC3B,SAAS;gBACT,OAAO,EAAE,gBAAgB;gBACzB,cAAc,EAAE,CAAC;gBACjB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACpC,CAAC;YAEF,UAAU;YACV,MAAM,SAAS,GAAG,WAAW,CAAC,cAAc,CAAC,gBAAgB,EAAE,cAAc,CAAC,CAAC;YAE/E,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,MAAM,WAAW,GAAG,UAAU,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC;YAC7D,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;YAC3C,CAAC;YAED,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,yBAAyB,CAAC,CAAC;YACvD,MAAM,gBAAgB,GAAG,OAAO,CAAC,kBAAkB,EAAE,WAAW,CAAC,aAAa,CAAC,CAAC;YAEhF,yBAAyB;YACzB,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;YAC9E,kBAAkB,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;YAC9B,gBAAgB,CAAC,UAAU,GAAG,kBAAkB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAEpE,MAAM,gBAAgB,GAAG;gBACvB,cAAc,EAAE,cAAc;gBAC9B,iBAAiB,EAAE,QAAQ;gBAC3B,SAAS,EAAE,aAAa;gBACxB,OAAO,EAAE,gBAAgB;gBACzB,cAAc,EAAE,CAAC;gBACjB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACpC,CAAC;YAEF,6BAA6B;YAC7B,MAAM,CAAC,GAAG,EAAE,CACV,WAAW,CAAC,cAAc,CAAC,gBAAgB,EAAE,cAAc,CAAC,CAC7D,CAAC,OAAO,EAAE,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACnC,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;YACrD,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAE9D,iBAAiB;YACjB,MAAM,kBAAkB,GAAG,8CAA8C,CAAC;YAC1E,MAAM,WAAW,CAAC,qBAAqB,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;YAE5E,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;YAC1D,6CAA6C;YAC7C,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAE9D,iBAAiB;YACjB,MAAM,WAAW,CAAC,mBAAmB,CAAC,cAAc,CAAC,CAAC;YACtD,MAAM,WAAW,CAAC,oBAAoB,CACpC,cAAc,EACd,8CAA8C,CAC/C,CAAC;YAEF,gCAAgC;YAChC,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,iBAAiB;YACjB,UAAU,CAAC,eAAe,CACxB,cAAc,EACd,IAAI,UAAU,CAAC,EAAE,CAAC,EAClB,aAAa,CACd,CAAC;YAEF,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAE7D,UAAU;YACV,WAAW,CAAC,OAAO,EAAE,CAAC;YAEtB,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/tools/claude-process.test.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Tests for Claude Process Manager
+ * Covers:
+ * - Bug 1: dangerouslySkipPermissions threading through startSession, resumeSession, sendInput, registerSession
+ * - Bug 2: tool_activity event instead of claude_approval_request for SDK tool_use, disabled regex approval, guarded stdin writes
+ */
+export {};
+//# sourceMappingURL=claude-process.test.d.ts.map

package/dist/__tests__/tools/claude-process.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"claude-process.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/tools/claude-process.test.ts"],"names":[],"mappings":"AAAA;;;;;GAKG"}