genlayer 0.26.0 → 0.27.0

package/esbuild.config.dev.js

@@ -11,7 +11,7 @@ export default {
     banner: {
       js: `const _importMetaUrl = new URL(import.meta.url).pathname;`,
     },
-    external: ["commander", "dockerode", "dotenv", "ethers", "inquirer", "update-check", "ssh2", "fs-extra", "esbuild"]
+    external: ["commander", "dockerode", "dotenv", "ethers", "inquirer", "update-check", "ssh2", "fs-extra", "esbuild", "keytar"]
   },
   watch: true,
 };

package/esbuild.config.prod.js

@@ -11,7 +11,7 @@ export default {
     banner: {
       js: `const _importMetaUrl = new URL(import.meta.url).pathname;`,
     },
-    external: ["commander", "dockerode", "dotenv", "ethers", "inquirer", "update-check", "ssh2", "fs-extra", "esbuild"]
+    external: ["commander", "dockerode", "dotenv", "ethers", "inquirer", "update-check", "ssh2", "fs-extra", "esbuild", "keytar"]
   },
   watch: false,
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "genlayer",
-  "version": "0.26.0",
+  "version": "0.27.0",
   "description": "GenLayer Command Line Tool",
   "main": "src/index.ts",
   "type": "module",
@@ -66,6 +66,7 @@
     "fs-extra": "^11.3.0",
     "genlayer-js": "^0.11.0",
     "inquirer": "^12.0.0",
+    "keytar": "^7.9.0",
     "node-fetch": "^3.0.0",
     "open": "^10.1.0",
     "ora": "^8.2.0",

package/src/commands/keygen/index.ts

@@ -1,5 +1,7 @@
 import { Command } from "commander";
 import { CreateKeypairOptions, KeypairCreator } from "./create";
+import { UnlockAction } from "./unlock";
+import { LockAction } from "./lock";
 
 export function initializeKeygenCommands(program: Command) {
 
@@ -17,5 +19,21 @@ export function initializeKeygenCommands(program: Command) {
       await keypairCreator.createKeypairAction(options);
     });
 
+  keygenCommand
+    .command("unlock")
+    .description("Unlock your wallet by storing the decrypted private key in OS keychain")
+    .action(async () => {
+      const unlockAction = new UnlockAction();
+      await unlockAction.execute();
+    });
+
+  keygenCommand
+    .command("lock")
+    .description("Lock your wallet by removing the decrypted private key from OS keychain")
+    .action(async () => {
+      const lockAction = new LockAction();
+      await lockAction.execute();
+    });
+
   return program;
 }

package/src/commands/keygen/lock.ts

@@ -0,0 +1,31 @@
+import { BaseAction } from "../../lib/actions/BaseAction";
+
+export class LockAction extends BaseAction {
+  async execute(): Promise<void> {
+    this.startSpinner("Checking keychain availability...");
+
+    const keychainAvailable = await this.keychainManager.isKeychainAvailable();
+    if (!keychainAvailable) {
+      this.failSpinner("OS keychain is not available. This command requires a supported keychain (e.g. macOS Keychain, Windows Credential Manager, or GNOME Keyring).");
+      return;
+    }
+
+    this.setSpinnerText("Checking for cached private key...");
+
+    const hasCachedKey = await this.keychainManager.getPrivateKey();
+    if (!hasCachedKey) {
+      this.succeedSpinner("Wallet is already locked (no cached key found in OS keychain).");
+      return;
+    }
+
+    this.setSpinnerText("Removing private key from OS keychain...");
+
+    try {
+      await this.keychainManager.removePrivateKey();
+      
+      this.succeedSpinner("Wallet locked successfully! Your private key has been removed from the OS keychain.");
+    } catch (error) {
+      this.failSpinner("Failed to lock wallet.", error);
+    }
+  }
+} 

package/src/commands/keygen/unlock.ts

@@ -0,0 +1,41 @@
+import { BaseAction } from "../../lib/actions/BaseAction";
+import { readFileSync, existsSync } from "fs";
+import { ethers } from "ethers";
+
+export class UnlockAction extends BaseAction {
+  async execute(): Promise<void> {
+    this.startSpinner("Checking keychain availability...");
+
+    const keychainAvailable = await this.keychainManager.isKeychainAvailable();
+    if (!keychainAvailable) {
+      this.failSpinner("OS keychain is not available. This command requires a supported keychain (e.g. macOS Keychain, Windows Credential Manager, or GNOME Keyring).");
+      return;
+    }
+
+    this.setSpinnerText("Checking for existing keystore...");
+
+    const keypairPath = this.getConfigByKey("keyPairPath");
+    if (!keypairPath || !existsSync(keypairPath)) {
+      this.failSpinner("No keystore file found. Please create a keypair first using 'genlayer keygen create'.");
+      return;
+    }
+
+    const keystoreData = JSON.parse(readFileSync(keypairPath, "utf-8"));
+    if (!this.isValidKeystoreFormat(keystoreData)) {
+      this.failSpinner("Invalid keystore format. Expected encrypted keystore file.");
+      return;
+    }
+
+    this.stopSpinner();
+
+    try {
+      const password = await this.promptPassword("Enter password to decrypt keystore:");
+      const wallet = await ethers.Wallet.fromEncryptedJson(keystoreData.encrypted, password);
+      
+      await this.keychainManager.storePrivateKey(wallet.privateKey);
+      this.succeedSpinner("Wallet unlocked successfully! Your private key is now stored securely in the OS keychain.");
+    } catch (error) {
+      this.failSpinner("Failed to unlock wallet.", error);
+    }
+  }
+} 

package/src/lib/actions/BaseAction.ts

@@ -1,4 +1,5 @@
 import {ConfigFileManager} from "../../lib/config/ConfigFileManager";
+import {KeychainManager} from "../../lib/config/KeychainManager";
 import ora, {Ora} from "ora";
 import chalk from "chalk";
 import inquirer from "inquirer";
@@ -14,15 +15,15 @@ export class BaseAction extends ConfigFileManager {
   private static readonly DEFAULT_KEYSTORE_PATH = "./keypair.json";
   private static readonly MAX_PASSWORD_ATTEMPTS = 3;
   private static readonly MIN_PASSWORD_LENGTH = 8;
-  private static readonly TEMP_KEY_FILENAME = "decrypted_private_key";
 
   private spinner: Ora;
   private _genlayerClient: GenLayerClient<GenLayerChain> | null = null;
+  protected keychainManager: KeychainManager;
 
   constructor() {
     super();
     this.spinner = ora({text: "", spinner: "dots"});
-    this.cleanupExpiredTempFiles();
+    this.keychainManager = new KeychainManager();
   }
 
   private async decryptKeystore(keystoreData: KeystoreData, attempt: number = 1): Promise<string> {
@@ -33,8 +34,6 @@ export class BaseAction extends ConfigFileManager {
       const password = await this.promptPassword(message);
       const wallet = await ethers.Wallet.fromEncryptedJson(keystoreData.encrypted, password);
       
-      this.storeTempFile(BaseAction.TEMP_KEY_FILENAME, wallet.privateKey);
-      
       return wallet.privateKey;
     } catch (error) {
       if (attempt >= BaseAction.MAX_PASSWORD_ATTEMPTS) {
@@ -45,7 +44,7 @@ export class BaseAction extends ConfigFileManager {
     }
   }
 
-  private isValidKeystoreFormat(data: any): data is KeystoreData {
+  protected isValidKeystoreFormat(data: any): data is KeystoreData {
     return Boolean(
       data && 
       data.version === 1 && 
@@ -101,7 +100,7 @@ export class BaseAction extends ConfigFileManager {
     }
     
     if (!decryptedPrivateKey) {
-      const cachedKey = this.getTempFile(BaseAction.TEMP_KEY_FILENAME);
+      const cachedKey = await this.keychainManager.getPrivateKey();
       decryptedPrivateKey = cachedKey ? cachedKey : await this.decryptKeystore(keystoreData);
     }
     return createAccount(decryptedPrivateKey as Hash);
@@ -146,7 +145,7 @@ export class BaseAction extends ConfigFileManager {
     writeFileSync(finalOutputPath, JSON.stringify(keystoreData, null, 2));
     this.writeConfig('keyPairPath', finalOutputPath);
     
-    this.clearTempFile(BaseAction.TEMP_KEY_FILENAME);
+    await this.keychainManager.removePrivateKey();
     
     return wallet.privateKey;
   }

package/src/lib/config/ConfigFileManager.ts

@@ -2,24 +2,15 @@ import path from "path";
 import os from "os";
 import fs from "fs";
 
-interface TempFileData {
-  content: string;
-  timestamp: number;
-}
-
 export class ConfigFileManager {
   private folderPath: string;
   private configFilePath: string;
-  private tempFolderPath: string;
-  private static readonly TEMP_FILE_EXPIRATION_MS = 5 * 60 * 1000; // 5 minutes
 
   constructor(baseFolder: string = ".genlayer/", configFileName: string = "genlayer-config.json") {
     this.folderPath = path.resolve(os.homedir(), baseFolder);
     this.configFilePath = path.resolve(this.folderPath, configFileName);
-    this.tempFolderPath = path.resolve(os.tmpdir(), "genlayer-temp");
     this.ensureFolderExists();
     this.ensureConfigFileExists();
-    this.ensureTempFolderExists();
   }
 
   private ensureFolderExists(): void {
@@ -34,12 +25,6 @@ export class ConfigFileManager {
     }
   }
 
-  private ensureTempFolderExists(): void {
-    if (!fs.existsSync(this.tempFolderPath)) {
-      fs.mkdirSync(this.tempFolderPath, { recursive: true, mode: 0o700 }); // Owner-only access
-    }
-  }
-
   getFolderPath(): string {
     return this.folderPath;
   }
@@ -63,67 +48,4 @@ export class ConfigFileManager {
     config[key] = value;
     fs.writeFileSync(this.configFilePath, JSON.stringify(config, null, 2));
   }
-
-  storeTempFile(fileName: string, content: string): void {
-    this.ensureTempFolderExists();
-    const filePath = path.resolve(this.tempFolderPath, fileName);
-    const tempData: TempFileData = {
-      content,
-      timestamp: Date.now()
-    };
-    fs.writeFileSync(filePath, JSON.stringify(tempData), { mode: 0o600 }); // Owner-only access
-  }
-
-  getTempFile(fileName: string): string | null {
-    const filePath = path.resolve(this.tempFolderPath, fileName);
-    
-    if (!fs.existsSync(filePath)) {
-      return null;
-    }
-
-    const fileContent = fs.readFileSync(filePath, "utf-8");
-    const tempData: TempFileData = JSON.parse(fileContent);
-    
-    if (Date.now() - tempData.timestamp > ConfigFileManager.TEMP_FILE_EXPIRATION_MS) {
-      this.clearTempFile(fileName);
-      return null;
-    }
-
-    return tempData.content;
-  }
-
-  hasTempFile(fileName: string): boolean {
-    return this.getTempFile(fileName) !== null;
-  }
-
-  clearTempFile(fileName: string): void {
-    const filePath = path.resolve(this.tempFolderPath, fileName);
-    if (fs.existsSync(filePath)) {
-      fs.unlinkSync(filePath);
-    }
-  }
-
-  cleanupExpiredTempFiles(): void {
-    if (!fs.existsSync(this.tempFolderPath)) {
-      return;
-    }
-
-    const files = fs.readdirSync(this.tempFolderPath);
-    const now = Date.now();
-
-    for (const file of files) {
-      const filePath = path.resolve(this.tempFolderPath, file);
-
-      try {
-        const fileContent = fs.readFileSync(filePath, "utf-8");
-        const tempData: TempFileData = JSON.parse(fileContent);
-        
-        if (now - tempData.timestamp > ConfigFileManager.TEMP_FILE_EXPIRATION_MS) {
-          fs.unlinkSync(filePath);
-        }
-      } catch (error) {
-        fs.unlinkSync(filePath);
-      }
-    }
-  }
 }

package/src/lib/config/KeychainManager.ts

@@ -0,0 +1,29 @@
+import {default as keytar} from 'keytar';
+
+export class KeychainManager {
+  private static readonly SERVICE = 'genlayer-cli';
+  private static readonly ACCOUNT = 'default-user';
+
+  constructor() {}
+
+  async isKeychainAvailable(): Promise<boolean> {
+    try {
+      await keytar.findCredentials('test-service');
+      return true;
+    } catch {
+      return false;
+    }
+  }
+
+  async storePrivateKey(privateKey: string): Promise<void> {
+      return await keytar.setPassword(KeychainManager.SERVICE, KeychainManager.ACCOUNT, privateKey);
+  }
+
+  async getPrivateKey(): Promise<string | null> {
+    return await keytar.getPassword(KeychainManager.SERVICE, KeychainManager.ACCOUNT);
+  }
+
+  async removePrivateKey(): Promise<boolean> {
+    return await keytar.deletePassword(KeychainManager.SERVICE, KeychainManager.ACCOUNT);
+  }
+} 

package/tests/actions/lock.test.ts

@@ -0,0 +1,66 @@
+import {describe, test, vi, beforeEach, afterEach, expect} from "vitest";
+import {LockAction} from "../../src/commands/keygen/lock";
+
+describe("LockAction", () => {
+  let lockAction: LockAction;
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+    lockAction = new LockAction();
+    
+    // Mock the BaseAction methods
+    vi.spyOn(lockAction as any, "startSpinner").mockImplementation(() => {});
+    vi.spyOn(lockAction as any, "setSpinnerText").mockImplementation(() => {});
+    vi.spyOn(lockAction as any, "succeedSpinner").mockImplementation(() => {});
+    vi.spyOn(lockAction as any, "failSpinner").mockImplementation(() => {});
+    
+    // Mock keychainManager
+    vi.spyOn(lockAction["keychainManager"], "isKeychainAvailable").mockResolvedValue(true);
+    vi.spyOn(lockAction["keychainManager"], "getPrivateKey").mockResolvedValue("test-private-key");
+    vi.spyOn(lockAction["keychainManager"], "removePrivateKey").mockResolvedValue(true);
+  });
+
+  afterEach(() => {
+    vi.restoreAllMocks();
+  });
+
+  test("successfully locks wallet when keychain is available and key exists", async () => {
+    await lockAction.execute();
+
+    expect(lockAction["startSpinner"]).toHaveBeenCalledWith("Checking keychain availability...");
+    expect(lockAction["keychainManager"].isKeychainAvailable).toHaveBeenCalled();
+    expect(lockAction["setSpinnerText"]).toHaveBeenCalledWith("Checking for cached private key...");
+    expect(lockAction["keychainManager"].getPrivateKey).toHaveBeenCalled();
+    expect(lockAction["setSpinnerText"]).toHaveBeenCalledWith("Removing private key from OS keychain...");
+    expect(lockAction["keychainManager"].removePrivateKey).toHaveBeenCalled();
+    expect(lockAction["succeedSpinner"]).toHaveBeenCalledWith("Wallet locked successfully! Your private key has been removed from the OS keychain.");
+  });
+
+  test("fails when keychain is not available", async () => {
+    vi.spyOn(lockAction["keychainManager"], "isKeychainAvailable").mockResolvedValue(false);
+
+    await lockAction.execute();
+
+    expect(lockAction["failSpinner"]).toHaveBeenCalledWith("OS keychain is not available. This command requires a supported keychain (e.g. macOS Keychain, Windows Credential Manager, or GNOME Keyring).");
+    expect(lockAction["keychainManager"].getPrivateKey).not.toHaveBeenCalled();
+    expect(lockAction["keychainManager"].removePrivateKey).not.toHaveBeenCalled();
+  });
+
+  test("succeeds when wallet is already locked (no cached key)", async () => {
+    vi.spyOn(lockAction["keychainManager"], "getPrivateKey").mockResolvedValue(null);
+
+    await lockAction.execute();
+
+    expect(lockAction["succeedSpinner"]).toHaveBeenCalledWith("Wallet is already locked (no cached key found in OS keychain).");
+    expect(lockAction["keychainManager"].removePrivateKey).not.toHaveBeenCalled();
+  });
+
+  test("handles error during key removal", async () => {
+    const mockError = new Error("Keychain error");
+    vi.spyOn(lockAction["keychainManager"], "removePrivateKey").mockRejectedValue(mockError);
+
+    await lockAction.execute();
+
+    expect(lockAction["failSpinner"]).toHaveBeenCalledWith("Failed to lock wallet.", mockError);
+  });
+}); 

package/tests/actions/unlock.test.ts

@@ -0,0 +1,121 @@
+import {describe, test, vi, beforeEach, afterEach, expect} from "vitest";
+import {UnlockAction} from "../../src/commands/keygen/unlock";
+import {readFileSync, existsSync} from "fs";
+import {ethers} from "ethers";
+import inquirer from "inquirer";
+
+vi.mock("fs");
+vi.mock("ethers");
+vi.mock("inquirer");
+
+describe("UnlockAction", () => {
+  let unlockAction: UnlockAction;
+  const mockKeystoreData = {
+    version: 1,
+    encrypted: '{"address":"test","crypto":{"cipher":"aes-128-ctr"}}',
+    address: "0x1234567890123456789012345678901234567890"
+  };
+  const mockWallet = {
+    privateKey: "0xabcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890"
+  };
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+    unlockAction = new UnlockAction();
+    
+    // Mock the BaseAction methods
+    vi.spyOn(unlockAction as any, "startSpinner").mockImplementation(() => {});
+    vi.spyOn(unlockAction as any, "setSpinnerText").mockImplementation(() => {});
+    vi.spyOn(unlockAction as any, "stopSpinner").mockImplementation(() => {});
+    vi.spyOn(unlockAction as any, "succeedSpinner").mockImplementation(() => {});
+    vi.spyOn(unlockAction as any, "failSpinner").mockImplementation(() => {});
+    vi.spyOn(unlockAction as any, "promptPassword").mockResolvedValue("test-password");
+    vi.spyOn(unlockAction as any, "getConfigByKey").mockReturnValue("./test-keypair.json");
+    vi.spyOn(unlockAction as any, "isValidKeystoreFormat").mockReturnValue(true);
+    
+    // Mock keychainManager
+    vi.spyOn(unlockAction["keychainManager"], "isKeychainAvailable").mockResolvedValue(true);
+    vi.spyOn(unlockAction["keychainManager"], "storePrivateKey").mockResolvedValue();
+    
+    // Mock fs and ethers
+    vi.mocked(existsSync).mockReturnValue(true);
+    vi.mocked(readFileSync).mockReturnValue(JSON.stringify(mockKeystoreData));
+    vi.mocked(ethers.Wallet.fromEncryptedJson).mockResolvedValue(mockWallet as any);
+  });
+
+  afterEach(() => {
+    vi.restoreAllMocks();
+  });
+
+  test("successfully unlocks wallet when all conditions are met", async () => {
+    await unlockAction.execute();
+
+    expect(unlockAction["startSpinner"]).toHaveBeenCalledWith("Checking keychain availability...");
+    expect(unlockAction["keychainManager"].isKeychainAvailable).toHaveBeenCalled();
+    expect(unlockAction["setSpinnerText"]).toHaveBeenCalledWith("Checking for existing keystore...");
+    expect(unlockAction["getConfigByKey"]).toHaveBeenCalledWith("keyPairPath");
+    expect(existsSync).toHaveBeenCalledWith("./test-keypair.json");
+    expect(unlockAction["stopSpinner"]).toHaveBeenCalled();
+    expect(unlockAction["promptPassword"]).toHaveBeenCalledWith("Enter password to decrypt keystore:");
+    expect(readFileSync).toHaveBeenCalledWith("./test-keypair.json", "utf-8");
+    expect(ethers.Wallet.fromEncryptedJson).toHaveBeenCalledWith(mockKeystoreData.encrypted, "test-password");
+    expect(unlockAction["keychainManager"].storePrivateKey).toHaveBeenCalledWith(mockWallet.privateKey);
+    expect(unlockAction["succeedSpinner"]).toHaveBeenCalledWith("Wallet unlocked successfully! Your private key is now stored securely in the OS keychain.");
+  });
+
+  test("fails when keychain is not available", async () => {
+    vi.spyOn(unlockAction["keychainManager"], "isKeychainAvailable").mockResolvedValue(false);
+
+    await unlockAction.execute();
+
+    expect(unlockAction["failSpinner"]).toHaveBeenCalledWith("OS keychain is not available. This command requires a supported keychain (e.g. macOS Keychain, Windows Credential Manager, or GNOME Keyring).");
+    expect(unlockAction["promptPassword"]).not.toHaveBeenCalled();
+    expect(unlockAction["keychainManager"].storePrivateKey).not.toHaveBeenCalled();
+  });
+
+  test("fails when no keystore file is found", async () => {
+    vi.spyOn(unlockAction as any, "getConfigByKey").mockReturnValue(null);
+
+    await unlockAction.execute();
+
+    expect(unlockAction["failSpinner"]).toHaveBeenCalledWith("No keystore file found. Please create a keypair first using 'genlayer keygen create'.");
+    expect(unlockAction["promptPassword"]).not.toHaveBeenCalled();
+  });
+
+  test("fails when keystore file does not exist", async () => {
+    vi.mocked(existsSync).mockReturnValue(false);
+
+    await unlockAction.execute();
+
+    expect(unlockAction["failSpinner"]).toHaveBeenCalledWith("No keystore file found. Please create a keypair first using 'genlayer keygen create'.");
+    expect(unlockAction["promptPassword"]).not.toHaveBeenCalled();
+  });
+
+  test("fails when keystore format is invalid", async () => {
+    vi.spyOn(unlockAction as any, "isValidKeystoreFormat").mockReturnValue(false);
+
+    await unlockAction.execute();
+
+    expect(unlockAction["failSpinner"]).toHaveBeenCalledWith("Invalid keystore format. Expected encrypted keystore file.");
+    expect(unlockAction["promptPassword"]).not.toHaveBeenCalled();
+  });
+
+  test("handles error during wallet decryption", async () => {
+    const mockError = new Error("Decryption failed");
+    vi.mocked(ethers.Wallet.fromEncryptedJson).mockRejectedValue(mockError);
+
+    await unlockAction.execute();
+
+    expect(unlockAction["failSpinner"]).toHaveBeenCalledWith("Failed to unlock wallet.", mockError);
+    expect(unlockAction["keychainManager"].storePrivateKey).not.toHaveBeenCalled();
+  });
+
+  test("handles error during key storage", async () => {
+    const mockError = new Error("Storage failed");
+    vi.spyOn(unlockAction["keychainManager"], "storePrivateKey").mockRejectedValue(mockError);
+
+    await unlockAction.execute();
+
+    expect(unlockAction["failSpinner"]).toHaveBeenCalledWith("Failed to unlock wallet.", mockError);
+  });
+}); 

package/tests/commands/keygen.test.ts

@@ -2,8 +2,12 @@ import { Command } from "commander";
 import { vi, describe, beforeEach, afterEach, test, expect } from "vitest";
 import { initializeKeygenCommands } from "../../src/commands/keygen";
 import { KeypairCreator } from "../../src/commands/keygen/create";
+import { UnlockAction } from "../../src/commands/keygen/unlock";
+import { LockAction } from "../../src/commands/keygen/lock";
 
 vi.mock("../../src/commands/keygen/create");
+vi.mock("../../src/commands/keygen/unlock");
+vi.mock("../../src/commands/keygen/lock");
 
 describe("keygen create command", () => {
   let program: Command;
@@ -59,15 +63,7 @@ describe("keygen create command", () => {
     expect(KeypairCreator).toHaveBeenCalledTimes(1);
   });
 
-  test("throws error for unrecognized options", async () => {
-    const keygenCommand = program.commands.find((cmd) => cmd.name() === "keygen");
-    const createCommand = keygenCommand?.commands.find((cmd) => cmd.name() === "create");
 
-    createCommand?.exitOverride();
-    expect(() => program.parse(["node", "test", "keygen", "create", "--unknown"])).toThrowError(
-      "error: unknown option '--unknown'"
-    );
-  });
 
   test("keypairCreator.createKeypairAction is called without throwing errors for default options", async () => {
     program.parse(["node", "test", "keygen", "create"]);
@@ -75,3 +71,53 @@ describe("keygen create command", () => {
     expect(() => program.parse(["node", "test", "keygen", "create"])).not.toThrow();
   });
 });
+
+describe("keygen unlock command", () => {
+  let program: Command;
+
+  beforeEach(() => {
+    program = new Command();
+    initializeKeygenCommands(program);
+    vi.clearAllMocks();
+  });
+
+  afterEach(() => {
+    vi.restoreAllMocks();
+  });
+
+  test("UnlockAction is instantiated and execute is called", async () => {
+    program.parse(["node", "test", "keygen", "unlock"]);
+    expect(UnlockAction).toHaveBeenCalledTimes(1);
+    expect(UnlockAction.prototype.execute).toHaveBeenCalled();
+  });
+
+  test("UnlockAction.execute is called without throwing errors", async () => {
+    vi.mocked(UnlockAction.prototype.execute).mockResolvedValue();
+    expect(() => program.parse(["node", "test", "keygen", "unlock"])).not.toThrow();
+  });
+});
+
+describe("keygen lock command", () => {
+  let program: Command;
+
+  beforeEach(() => {
+    program = new Command();
+    initializeKeygenCommands(program);
+    vi.clearAllMocks();
+  });
+
+  afterEach(() => {
+    vi.restoreAllMocks();
+  });
+
+  test("LockAction is instantiated and execute is called", async () => {
+    program.parse(["node", "test", "keygen", "lock"]);
+    expect(LockAction).toHaveBeenCalledTimes(1);
+    expect(LockAction.prototype.execute).toHaveBeenCalled();
+  });
+
+  test("LockAction.execute is called without throwing errors", async () => {
+    vi.mocked(LockAction.prototype.execute).mockResolvedValue();
+    expect(() => program.parse(["node", "test", "keygen", "lock"])).not.toThrow();
+  });
+});

package/tests/libs/baseAction.test.ts

@@ -83,11 +83,12 @@ describe("BaseAction", () => {
     vi.spyOn(baseAction as any, "writeConfig").mockImplementation(() => {});
     vi.spyOn(baseAction as any, "getConfig").mockReturnValue({});
     
-    // Mock temp file methods
-    vi.spyOn(baseAction as any, "storeTempFile").mockImplementation(() => {});
-    vi.spyOn(baseAction as any, "getTempFile").mockReturnValue(null);
-    vi.spyOn(baseAction as any, "clearTempFile").mockImplementation(() => {});
-    vi.spyOn(baseAction as any, "cleanupExpiredTempFiles").mockImplementation(() => {});
+    // Mock keychainManager methods
+    vi.spyOn(baseAction["keychainManager"], "isKeychainAvailable").mockResolvedValue(false);
+    vi.spyOn(baseAction["keychainManager"], "getPrivateKey").mockResolvedValue(null);
+    vi.spyOn(baseAction["keychainManager"], "storePrivateKey").mockResolvedValue();
+    vi.spyOn(baseAction["keychainManager"], "removePrivateKey").mockResolvedValue(true);
+
   });
 
   afterEach(() => {
@@ -291,12 +292,13 @@ describe("BaseAction", () => {
   });
 
   test("should use cached key when available", async () => {
-    vi.spyOn(baseAction as any, "getTempFile").mockReturnValue(mockWallet.privateKey);
+    vi.spyOn(baseAction["keychainManager"], "isKeychainAvailable").mockResolvedValue(true);
+    vi.spyOn(baseAction["keychainManager"], "getPrivateKey").mockResolvedValue(mockWallet.privateKey);
 
     const account = await baseAction["getAccount"](false);
 
     expect((account as any).privateKey).toBe(mockWallet.privateKey);
-    expect(baseAction["getTempFile"]).toHaveBeenCalledWith("decrypted_private_key");
+    expect(baseAction["keychainManager"].getPrivateKey).toHaveBeenCalled();
     expect(inquirer.prompt).not.toHaveBeenCalled();
   });
 
@@ -368,6 +370,7 @@ describe("BaseAction", () => {
     expect(ethers.Wallet.createRandom).toHaveBeenCalled();
     expect(mockWallet.encrypt).toHaveBeenCalledWith("test-password");
     expect(writeFileSync).toHaveBeenCalled();
+    expect(baseAction["keychainManager"].removePrivateKey).toHaveBeenCalled();
   });
 
   test("should fail when file exists and overwrite is false", async () => {
@@ -412,6 +415,7 @@ describe("BaseAction", () => {
 
     expect(result).toBe(mockWallet.privateKey);
     expect(writeFileSync).toHaveBeenCalled();
+    expect(baseAction["keychainManager"].removePrivateKey).toHaveBeenCalled();
   });
 
   test("should return true for valid keystore format", () => {