kynjal-cli 4.0.0 → 4.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/src/appliance/gguf-engine.d.ts +91 -0
- package/dist/src/appliance/gguf-engine.d.ts.map +1 -0
- package/dist/src/appliance/gguf-engine.js +286 -525
- package/dist/src/appliance/gguf-engine.js.map +1 -1
- package/dist/src/appliance/ruvllm-bridge.d.ts +102 -0
- package/dist/src/appliance/ruvllm-bridge.d.ts.map +1 -0
- package/dist/src/appliance/ruvllm-bridge.js +203 -403
- package/dist/src/appliance/ruvllm-bridge.js.map +1 -1
- package/dist/src/appliance/rvfa-builder.d.ts +44 -0
- package/dist/src/appliance/rvfa-builder.d.ts.map +1 -0
- package/dist/src/appliance/rvfa-builder.js +154 -208
- package/dist/src/appliance/rvfa-builder.js.map +1 -1
- package/dist/src/appliance/rvfa-distribution.d.ts +97 -0
- package/dist/src/appliance/rvfa-distribution.d.ts.map +1 -0
- package/dist/src/appliance/rvfa-distribution.js +260 -423
- package/dist/src/appliance/rvfa-distribution.js.map +1 -1
- package/dist/src/appliance/rvfa-format.d.ts +111 -0
- package/dist/src/appliance/rvfa-format.d.ts.map +1 -0
- package/dist/src/appliance/rvfa-format.js +128 -200
- package/dist/src/appliance/rvfa-format.js.map +1 -1
- package/dist/src/appliance/rvfa-runner.d.ts +69 -0
- package/dist/src/appliance/rvfa-runner.d.ts.map +1 -0
- package/dist/src/appliance/rvfa-runner.js +168 -304
- package/dist/src/appliance/rvfa-runner.js.map +1 -1
- package/dist/src/appliance/rvfa-signing.d.ts +123 -0
- package/dist/src/appliance/rvfa-signing.d.ts.map +1 -0
- package/dist/src/appliance/rvfa-signing.js +173 -295
- package/dist/src/appliance/rvfa-signing.js.map +1 -1
- package/dist/src/benchmarks/pretrain/index.d.ts +58 -0
- package/dist/src/benchmarks/pretrain/index.d.ts.map +1 -0
- package/dist/src/benchmarks/pretrain/index.js +331 -542
- package/dist/src/benchmarks/pretrain/index.js.map +1 -1
- package/dist/src/commands/agent.js +574 -697
- package/dist/src/commands/agent.js.map +1 -1
- package/dist/src/commands/analyze.js +1218 -1548
- package/dist/src/commands/analyze.js.map +1 -1
- package/dist/src/commands/appliance-advanced.js +158 -267
- package/dist/src/commands/appliance-advanced.js.map +1 -1
- package/dist/src/commands/appliance.js +318 -493
- package/dist/src/commands/appliance.js.map +1 -1
- package/dist/src/commands/benchmark.js +372 -523
- package/dist/src/commands/benchmark.js.map +1 -1
- package/dist/src/commands/claims.js +274 -364
- package/dist/src/commands/claims.js.map +1 -1
- package/dist/src/commands/cleanup.js +113 -157
- package/dist/src/commands/cleanup.js.map +1 -1
- package/dist/src/commands/completions.js +477 -118
- package/dist/src/commands/completions.js.map +1 -1
- package/dist/src/commands/config.js +237 -303
- package/dist/src/commands/config.js.map +1 -1
- package/dist/src/commands/daemon.js +487 -596
- package/dist/src/commands/daemon.js.map +1 -1
- package/dist/src/commands/deployment.js +194 -275
- package/dist/src/commands/deployment.js.map +1 -1
- package/dist/src/commands/doctor.js +504 -686
- package/dist/src/commands/doctor.js.map +1 -1
- package/dist/src/commands/embeddings.js +1293 -1543
- package/dist/src/commands/embeddings.js.map +1 -1
- package/dist/src/commands/guidance.js +449 -596
- package/dist/src/commands/guidance.js.map +1 -1
- package/dist/src/commands/hive-mind.js +854 -938
- package/dist/src/commands/hive-mind.js.map +1 -1
- package/dist/src/commands/hooks.js +3112 -3519
- package/dist/src/commands/hooks.js.map +1 -1
- package/dist/src/commands/index.d.ts +115 -0
- package/dist/src/commands/index.d.ts.map +1 -0
- package/dist/src/commands/index.js +126 -308
- package/dist/src/commands/index.js.map +1 -1
- package/dist/src/commands/init.js +788 -940
- package/dist/src/commands/init.js.map +1 -1
- package/dist/src/commands/issues.js +383 -558
- package/dist/src/commands/issues.js.map +1 -1
- package/dist/src/commands/mcp.js +493 -605
- package/dist/src/commands/mcp.js.map +1 -1
- package/dist/src/commands/memory.js +833 -1026
- package/dist/src/commands/memory.js.map +1 -1
- package/dist/src/commands/migrate.js +282 -347
- package/dist/src/commands/migrate.js.map +1 -1
- package/dist/src/commands/neural.js +1289 -1563
- package/dist/src/commands/neural.js.map +1 -1
- package/dist/src/commands/performance.js +497 -643
- package/dist/src/commands/performance.js.map +1 -1
- package/dist/src/commands/plugins.js +668 -841
- package/dist/src/commands/plugins.js.map +1 -1
- package/dist/src/commands/process.js +392 -447
- package/dist/src/commands/process.js.map +1 -1
- package/dist/src/commands/progress.js +162 -256
- package/dist/src/commands/progress.js.map +1 -1
- package/dist/src/commands/providers.js +150 -220
- package/dist/src/commands/providers.js.map +1 -1
- package/dist/src/commands/route.js +520 -665
- package/dist/src/commands/route.js.map +1 -1
- package/dist/src/commands/ruvector/backup.js +505 -651
- package/dist/src/commands/ruvector/backup.js.map +1 -1
- package/dist/src/commands/ruvector/benchmark.js +349 -401
- package/dist/src/commands/ruvector/benchmark.js.map +1 -1
- package/dist/src/commands/ruvector/import.js +224 -266
- package/dist/src/commands/ruvector/import.js.map +1 -1
- package/dist/src/commands/ruvector/index.js +37 -75
- package/dist/src/commands/ruvector/index.js.map +1 -1
- package/dist/src/commands/ruvector/init.js +336 -359
- package/dist/src/commands/ruvector/init.js.map +1 -1
- package/dist/src/commands/ruvector/migrate.js +335 -322
- package/dist/src/commands/ruvector/migrate.js.map +1 -1
- package/dist/src/commands/ruvector/optimize.js +375 -431
- package/dist/src/commands/ruvector/optimize.js.map +1 -1
- package/dist/src/commands/ruvector/setup.js +703 -117
- package/dist/src/commands/ruvector/setup.js.map +1 -1
- package/dist/src/commands/ruvector/status.js +364 -419
- package/dist/src/commands/ruvector/status.js.map +1 -1
- package/dist/src/commands/security.js +485 -608
- package/dist/src/commands/security.js.map +1 -1
- package/dist/src/commands/session.js +504 -626
- package/dist/src/commands/session.js.map +1 -1
- package/dist/src/commands/start.js +267 -364
- package/dist/src/commands/start.js.map +1 -1
- package/dist/src/commands/status.js +380 -486
- package/dist/src/commands/status.js.map +1 -1
- package/dist/src/commands/swarm.js +408 -488
- package/dist/src/commands/swarm.js.map +1 -1
- package/dist/src/commands/task.js +423 -538
- package/dist/src/commands/task.js.map +1 -1
- package/dist/src/commands/transfer-store.js +322 -412
- package/dist/src/commands/transfer-store.js.map +1 -1
- package/dist/src/commands/update.js +196 -291
- package/dist/src/commands/update.js.map +1 -1
- package/dist/src/commands/workflow.js +386 -486
- package/dist/src/commands/workflow.js.map +1 -1
- package/dist/src/config-adapter.d.ts +15 -0
- package/dist/src/config-adapter.d.ts.map +1 -0
- package/dist/src/config-adapter.js +38 -39
- package/dist/src/config-adapter.js.map +1 -1
- package/dist/src/index.d.ts +77 -0
- package/dist/src/index.d.ts.map +1 -0
- package/dist/src/index.js +309 -411
- package/dist/src/index.js.map +1 -1
- package/dist/src/infrastructure/in-memory-repositories.d.ts +68 -0
- package/dist/src/infrastructure/in-memory-repositories.d.ts.map +1 -0
- package/dist/src/infrastructure/in-memory-repositories.js +246 -507
- package/dist/src/infrastructure/in-memory-repositories.js.map +1 -1
- package/dist/src/init/claudemd-generator.d.ts +25 -0
- package/dist/src/init/claudemd-generator.d.ts.map +1 -0
- package/dist/src/init/claudemd-generator.js +368 -78
- package/dist/src/init/claudemd-generator.js.map +1 -1
- package/dist/src/init/executor.d.ts +41 -0
- package/dist/src/init/executor.d.ts.map +1 -0
- package/dist/src/init/executor.js +1307 -996
- package/dist/src/init/executor.js.map +1 -1
- package/dist/src/init/helpers-generator.d.ts +60 -0
- package/dist/src/init/helpers-generator.d.ts.map +1 -0
- package/dist/src/init/helpers-generator.js +657 -12
- package/dist/src/init/helpers-generator.js.map +1 -1
- package/dist/src/init/index.d.ts +1 -1
- package/dist/src/init/index.d.ts.map +1 -1
- package/dist/src/init/index.js +1 -1
- package/dist/src/init/index.js.map +1 -1
- package/dist/src/init/mcp-generator.js +33 -37
- package/dist/src/init/mcp-generator.js.map +1 -1
- package/dist/src/init/settings-generator.js +76 -77
- package/dist/src/init/settings-generator.js.map +1 -1
- package/dist/src/init/statusline-generator.js +801 -3
- package/dist/src/init/statusline-generator.js.map +1 -1
- package/dist/src/init/types.d.ts +1 -1
- package/dist/src/init/types.d.ts.map +1 -1
- package/dist/src/init/types.js +76 -59
- package/dist/src/init/types.js.map +1 -1
- package/dist/src/mcp-client.d.ts +92 -0
- package/dist/src/mcp-client.d.ts.map +1 -0
- package/dist/src/mcp-client.js +81 -125
- package/dist/src/mcp-client.js.map +1 -1
- package/dist/src/mcp-server.d.ts +161 -0
- package/dist/src/mcp-server.d.ts.map +1 -0
- package/dist/src/mcp-server.js +470 -757
- package/dist/src/mcp-server.js.map +1 -1
- package/dist/src/mcp-tools/agent-tools.js +391 -492
- package/dist/src/mcp-tools/agent-tools.js.map +1 -1
- package/dist/src/mcp-tools/agentdb-tools.js +332 -533
- package/dist/src/mcp-tools/agentdb-tools.js.map +1 -1
- package/dist/src/mcp-tools/analyze-tools.js +172 -236
- package/dist/src/mcp-tools/analyze-tools.js.map +1 -1
- package/dist/src/mcp-tools/auto-install.d.ts +83 -0
- package/dist/src/mcp-tools/auto-install.d.ts.map +1 -0
- package/dist/src/mcp-tools/auto-install.js +80 -142
- package/dist/src/mcp-tools/auto-install.js.map +1 -1
- package/dist/src/mcp-tools/browser-tools.js +252 -375
- package/dist/src/mcp-tools/browser-tools.js.map +1 -1
- package/dist/src/mcp-tools/claims-tools.js +473 -565
- package/dist/src/mcp-tools/claims-tools.js.map +1 -1
- package/dist/src/mcp-tools/config-tools.js +197 -272
- package/dist/src/mcp-tools/config-tools.js.map +1 -1
- package/dist/src/mcp-tools/coordination-tools.js +500 -572
- package/dist/src/mcp-tools/coordination-tools.js.map +1 -1
- package/dist/src/mcp-tools/daa-tools.js +286 -364
- package/dist/src/mcp-tools/daa-tools.js.map +1 -1
- package/dist/src/mcp-tools/embeddings-tools.js +582 -693
- package/dist/src/mcp-tools/embeddings-tools.js.map +1 -1
- package/dist/src/mcp-tools/github-tools.js +260 -311
- package/dist/src/mcp-tools/github-tools.js.map +1 -1
- package/dist/src/mcp-tools/hive-mind-tools.js +573 -640
- package/dist/src/mcp-tools/hive-mind-tools.js.map +1 -1
- package/dist/src/mcp-tools/hooks-tools.js +2215 -2648
- package/dist/src/mcp-tools/hooks-tools.js.map +1 -1
- package/dist/src/mcp-tools/memory-tools.js +350 -505
- package/dist/src/mcp-tools/memory-tools.js.map +1 -1
- package/dist/src/mcp-tools/neural-tools.js +315 -412
- package/dist/src/mcp-tools/neural-tools.js.map +1 -1
- package/dist/src/mcp-tools/performance-tools.js +420 -480
- package/dist/src/mcp-tools/performance-tools.js.map +1 -1
- package/dist/src/mcp-tools/progress-tools.js +204 -278
- package/dist/src/mcp-tools/progress-tools.js.map +1 -1
- package/dist/src/mcp-tools/ruvllm-tools.js +163 -279
- package/dist/src/mcp-tools/ruvllm-tools.js.map +1 -1
- package/dist/src/mcp-tools/security-tools.js +297 -429
- package/dist/src/mcp-tools/security-tools.js.map +1 -1
- package/dist/src/mcp-tools/session-tools.js +185 -234
- package/dist/src/mcp-tools/session-tools.js.map +1 -1
- package/dist/src/mcp-tools/swarm-tools.js +207 -260
- package/dist/src/mcp-tools/swarm-tools.js.map +1 -1
- package/dist/src/mcp-tools/system-tools.js +276 -325
- package/dist/src/mcp-tools/system-tools.js.map +1 -1
- package/dist/src/mcp-tools/task-tools.js +270 -336
- package/dist/src/mcp-tools/task-tools.js.map +1 -1
- package/dist/src/mcp-tools/terminal-tools.js +148 -196
- package/dist/src/mcp-tools/terminal-tools.js.map +1 -1
- package/dist/src/mcp-tools/transfer-tools.js +186 -333
- package/dist/src/mcp-tools/transfer-tools.js.map +1 -1
- package/dist/src/mcp-tools/types.d.ts +31 -0
- package/dist/src/mcp-tools/types.d.ts.map +1 -0
- package/dist/src/mcp-tools/wasm-agent-tools.js +133 -280
- package/dist/src/mcp-tools/wasm-agent-tools.js.map +1 -1
- package/dist/src/mcp-tools/workflow-tools.js +405 -450
- package/dist/src/mcp-tools/workflow-tools.js.map +1 -1
- package/dist/src/memory/ewc-consolidation.d.ts +295 -0
- package/dist/src/memory/ewc-consolidation.d.ts.map +1 -0
- package/dist/src/memory/ewc-consolidation.js +190 -303
- package/dist/src/memory/ewc-consolidation.js.map +1 -1
- package/dist/src/memory/intelligence.d.ts +338 -0
- package/dist/src/memory/intelligence.d.ts.map +1 -0
- package/dist/src/memory/intelligence.js +569 -794
- package/dist/src/memory/intelligence.js.map +1 -1
- package/dist/src/memory/memory-bridge.d.ts +407 -0
- package/dist/src/memory/memory-bridge.d.ts.map +1 -0
- package/dist/src/memory/memory-bridge.js +1170 -1640
- package/dist/src/memory/memory-bridge.js.map +1 -1
- package/dist/src/memory/memory-initializer.d.ts +412 -0
- package/dist/src/memory/memory-initializer.d.ts.map +1 -0
- package/dist/src/memory/memory-initializer.js +1836 -1851
- package/dist/src/memory/memory-initializer.js.map +1 -1
- package/dist/src/memory/sona-optimizer.d.ts +227 -0
- package/dist/src/memory/sona-optimizer.d.ts.map +1 -0
- package/dist/src/memory/sona-optimizer.js +199 -329
- package/dist/src/memory/sona-optimizer.js.map +1 -1
- package/dist/src/output.d.ts +2 -2
- package/dist/src/output.d.ts.map +1 -1
- package/dist/src/output.js +242 -272
- package/dist/src/output.js.map +1 -1
- package/dist/src/parser.d.ts +51 -0
- package/dist/src/parser.d.ts.map +1 -0
- package/dist/src/parser.js +140 -187
- package/dist/src/parser.js.map +1 -1
- package/dist/src/plugins/manager.d.ts +133 -0
- package/dist/src/plugins/manager.d.ts.map +1 -0
- package/dist/src/plugins/manager.js +285 -521
- package/dist/src/plugins/manager.js.map +1 -1
- package/dist/src/plugins/store/discovery.d.ts +88 -0
- package/dist/src/plugins/store/discovery.d.ts.map +1 -0
- package/dist/src/plugins/store/discovery.js +271 -358
- package/dist/src/plugins/store/discovery.js.map +1 -1
- package/dist/src/plugins/store/index.d.ts +76 -0
- package/dist/src/plugins/store/index.d.ts.map +1 -0
- package/dist/src/plugins/store/index.js +48 -105
- package/dist/src/plugins/store/index.js.map +1 -1
- package/dist/src/plugins/store/search.d.ts +46 -0
- package/dist/src/plugins/store/search.d.ts.map +1 -0
- package/dist/src/plugins/store/search.js +69 -107
- package/dist/src/plugins/store/search.js.map +1 -1
- package/dist/src/plugins/store/types.d.ts +274 -0
- package/dist/src/plugins/store/types.d.ts.map +1 -0
- package/dist/src/plugins/tests/demo-plugin-store.js +113 -160
- package/dist/src/plugins/tests/demo-plugin-store.js.map +1 -1
- package/dist/src/plugins/tests/standalone-test.js +172 -223
- package/dist/src/plugins/tests/standalone-test.js.map +1 -1
- package/dist/src/plugins/tests/test-plugin-store.js +190 -228
- package/dist/src/plugins/tests/test-plugin-store.js.map +1 -1
- package/dist/src/production/circuit-breaker.d.ts +101 -0
- package/dist/src/production/circuit-breaker.d.ts.map +1 -0
- package/dist/src/production/circuit-breaker.js +62 -126
- package/dist/src/production/circuit-breaker.js.map +1 -1
- package/dist/src/production/error-handler.d.ts +92 -0
- package/dist/src/production/error-handler.d.ts.map +1 -0
- package/dist/src/production/error-handler.js +86 -156
- package/dist/src/production/error-handler.js.map +1 -1
- package/dist/src/production/monitoring.d.ts +161 -0
- package/dist/src/production/monitoring.d.ts.map +1 -0
- package/dist/src/production/monitoring.js +139 -220
- package/dist/src/production/monitoring.js.map +1 -1
- package/dist/src/production/rate-limiter.d.ts +80 -0
- package/dist/src/production/rate-limiter.d.ts.map +1 -0
- package/dist/src/production/rate-limiter.js +74 -93
- package/dist/src/production/rate-limiter.js.map +1 -1
- package/dist/src/production/retry.d.ts +48 -0
- package/dist/src/production/retry.d.ts.map +1 -0
- package/dist/src/production/retry.js +75 -167
- package/dist/src/production/retry.js.map +1 -1
- package/dist/src/prompt.d.ts +44 -0
- package/dist/src/prompt.d.ts.map +1 -0
- package/dist/src/prompt.js +436 -560
- package/dist/src/prompt.js.map +1 -1
- package/dist/src/runtime/headless.d.ts +60 -0
- package/dist/src/runtime/headless.d.ts.map +1 -0
- package/dist/src/runtime/headless.js +197 -286
- package/dist/src/runtime/headless.js.map +1 -1
- package/dist/src/ruvector/agent-wasm.d.ts +182 -0
- package/dist/src/ruvector/agent-wasm.d.ts.map +1 -0
- package/dist/src/ruvector/agent-wasm.js +156 -351
- package/dist/src/ruvector/agent-wasm.js.map +1 -1
- package/dist/src/ruvector/ast-analyzer.d.ts +67 -0
- package/dist/src/ruvector/ast-analyzer.d.ts.map +1 -0
- package/dist/src/ruvector/ast-analyzer.js +145 -232
- package/dist/src/ruvector/ast-analyzer.js.map +1 -1
- package/dist/src/ruvector/coverage-router.d.ts +160 -0
- package/dist/src/ruvector/coverage-router.d.ts.map +1 -0
- package/dist/src/ruvector/coverage-router.js +287 -419
- package/dist/src/ruvector/coverage-router.js.map +1 -1
- package/dist/src/ruvector/coverage-tools.js +56 -101
- package/dist/src/ruvector/coverage-tools.js.map +1 -1
- package/dist/src/ruvector/diff-classifier.d.ts +175 -0
- package/dist/src/ruvector/diff-classifier.d.ts.map +1 -0
- package/dist/src/ruvector/diff-classifier.js +324 -451
- package/dist/src/ruvector/diff-classifier.js.map +1 -1
- package/dist/src/ruvector/enhanced-model-router.d.ts +146 -0
- package/dist/src/ruvector/enhanced-model-router.d.ts.map +1 -0
- package/dist/src/ruvector/enhanced-model-router.js +260 -336
- package/dist/src/ruvector/enhanced-model-router.js.map +1 -1
- package/dist/src/ruvector/flash-attention.d.ts +195 -0
- package/dist/src/ruvector/flash-attention.d.ts.map +1 -0
- package/dist/src/ruvector/flash-attention.js +223 -254
- package/dist/src/ruvector/flash-attention.js.map +1 -1
- package/dist/src/ruvector/graph-analyzer.d.ts +187 -0
- package/dist/src/ruvector/graph-analyzer.d.ts.map +1 -0
- package/dist/src/ruvector/graph-analyzer.js +486 -680
- package/dist/src/ruvector/graph-analyzer.js.map +1 -1
- package/dist/src/ruvector/index.d.ts +40 -0
- package/dist/src/ruvector/index.d.ts.map +1 -0
- package/dist/src/ruvector/index.js +36 -106
- package/dist/src/ruvector/index.js.map +1 -1
- package/dist/src/ruvector/lora-adapter.d.ts +218 -0
- package/dist/src/ruvector/lora-adapter.d.ts.map +1 -0
- package/dist/src/ruvector/lora-adapter.js +155 -248
- package/dist/src/ruvector/lora-adapter.js.map +1 -1
- package/dist/src/ruvector/model-router.d.ts +220 -0
- package/dist/src/ruvector/model-router.d.ts.map +1 -0
- package/dist/src/ruvector/model-router.js +175 -248
- package/dist/src/ruvector/model-router.js.map +1 -1
- package/dist/src/ruvector/moe-router.d.ts +206 -0
- package/dist/src/ruvector/moe-router.d.ts.map +1 -0
- package/dist/src/ruvector/moe-router.js +228 -286
- package/dist/src/ruvector/moe-router.js.map +1 -1
- package/dist/src/ruvector/q-learning-router.d.ts +211 -0
- package/dist/src/ruvector/q-learning-router.d.ts.map +1 -0
- package/dist/src/ruvector/q-learning-router.js +257 -338
- package/dist/src/ruvector/q-learning-router.js.map +1 -1
- package/dist/src/ruvector/ruvllm-wasm.d.ts +179 -0
- package/dist/src/ruvector/ruvllm-wasm.d.ts.map +1 -0
- package/dist/src/ruvector/ruvllm-wasm.js +270 -434
- package/dist/src/ruvector/ruvllm-wasm.js.map +1 -1
- package/dist/src/ruvector/semantic-router.d.ts +77 -0
- package/dist/src/ruvector/semantic-router.d.ts.map +1 -0
- package/dist/src/ruvector/semantic-router.js +60 -67
- package/dist/src/ruvector/semantic-router.js.map +1 -1
- package/dist/src/ruvector/vector-db.d.ts +69 -0
- package/dist/src/ruvector/vector-db.d.ts.map +1 -0
- package/dist/src/ruvector/vector-db.js +119 -205
- package/dist/src/ruvector/vector-db.js.map +1 -1
- package/dist/src/services/agentic-flow-bridge.d.ts +50 -0
- package/dist/src/services/agentic-flow-bridge.d.ts.map +1 -0
- package/dist/src/services/agentic-flow-bridge.js +32 -105
- package/dist/src/services/agentic-flow-bridge.js.map +1 -1
- package/dist/src/services/claim-service.d.ts +204 -0
- package/dist/src/services/claim-service.d.ts.map +1 -0
- package/dist/src/services/claim-service.js +615 -940
- package/dist/src/services/claim-service.js.map +1 -1
- package/dist/src/services/container-worker-pool.d.ts +197 -0
- package/dist/src/services/container-worker-pool.d.ts.map +1 -0
- package/dist/src/services/container-worker-pool.js +398 -666
- package/dist/src/services/container-worker-pool.js.map +1 -1
- package/dist/src/services/headless-worker-executor.d.ts +304 -0
- package/dist/src/services/headless-worker-executor.d.ts.map +1 -0
- package/dist/src/services/headless-worker-executor.js +441 -467
- package/dist/src/services/headless-worker-executor.js.map +1 -1
- package/dist/src/services/index.d.ts +4 -4
- package/dist/src/services/index.d.ts.map +1 -1
- package/dist/src/services/index.js +4 -4
- package/dist/src/services/index.js.map +1 -1
- package/dist/src/services/registry-api.d.ts +58 -0
- package/dist/src/services/registry-api.d.ts.map +1 -0
- package/dist/src/services/registry-api.js +92 -200
- package/dist/src/services/registry-api.js.map +1 -1
- package/dist/src/services/ruvector-training.d.ts +222 -0
- package/dist/src/services/ruvector-training.d.ts.map +1 -0
- package/dist/src/services/ruvector-training.js +257 -337
- package/dist/src/services/ruvector-training.js.map +1 -1
- package/dist/src/services/worker-daemon.d.ts +228 -0
- package/dist/src/services/worker-daemon.d.ts.map +1 -0
- package/dist/src/services/worker-daemon.js +591 -849
- package/dist/src/services/worker-daemon.js.map +1 -1
- package/dist/src/services/worker-queue.d.ts +194 -0
- package/dist/src/services/worker-queue.d.ts.map +1 -0
- package/dist/src/services/worker-queue.js +331 -548
- package/dist/src/services/worker-queue.js.map +1 -1
- package/dist/src/suggest.d.ts +53 -0
- package/dist/src/suggest.d.ts.map +1 -0
- package/dist/src/suggest.js +45 -55
- package/dist/src/suggest.js.map +1 -1
- package/dist/src/transfer/anonymization/index.js +29 -37
- package/dist/src/transfer/anonymization/index.js.map +1 -1
- package/dist/src/transfer/deploy-seraphine.js +128 -155
- package/dist/src/transfer/deploy-seraphine.js.map +1 -1
- package/dist/src/transfer/export.d.ts +25 -0
- package/dist/src/transfer/export.d.ts.map +1 -0
- package/dist/src/transfer/export.js +84 -142
- package/dist/src/transfer/export.js.map +1 -1
- package/dist/src/transfer/index.d.ts +1 -1
- package/dist/src/transfer/index.d.ts.map +1 -1
- package/dist/src/transfer/index.js +0 -2
- package/dist/src/transfer/index.js.map +1 -1
- package/dist/src/transfer/ipfs/client.d.ts +109 -0
- package/dist/src/transfer/ipfs/client.d.ts.map +1 -0
- package/dist/src/transfer/ipfs/client.js +187 -337
- package/dist/src/transfer/ipfs/client.js.map +1 -1
- package/dist/src/transfer/ipfs/upload.d.ts +95 -0
- package/dist/src/transfer/ipfs/upload.d.ts.map +1 -0
- package/dist/src/transfer/ipfs/upload.js +288 -434
- package/dist/src/transfer/ipfs/upload.js.map +1 -1
- package/dist/src/transfer/models/seraphine.d.ts +72 -0
- package/dist/src/transfer/models/seraphine.d.ts.map +1 -0
- package/dist/src/transfer/models/seraphine.js +55 -55
- package/dist/src/transfer/models/seraphine.js.map +1 -1
- package/dist/src/transfer/serialization/cfp.d.ts +49 -0
- package/dist/src/transfer/serialization/cfp.d.ts.map +1 -0
- package/dist/src/transfer/serialization/cfp.js +30 -31
- package/dist/src/transfer/serialization/cfp.js.map +1 -1
- package/dist/src/transfer/storage/gcs.d.ts +82 -0
- package/dist/src/transfer/storage/gcs.d.ts.map +1 -0
- package/dist/src/transfer/storage/gcs.js +165 -232
- package/dist/src/transfer/storage/gcs.js.map +1 -1
- package/dist/src/transfer/store/discovery.d.ts +84 -0
- package/dist/src/transfer/store/discovery.d.ts.map +1 -0
- package/dist/src/transfer/store/discovery.js +239 -349
- package/dist/src/transfer/store/discovery.js.map +1 -1
- package/dist/src/transfer/store/download.d.ts +70 -0
- package/dist/src/transfer/store/download.d.ts.map +1 -0
- package/dist/src/transfer/store/download.js +243 -365
- package/dist/src/transfer/store/download.js.map +1 -1
- package/dist/src/transfer/store/index.d.ts +84 -0
- package/dist/src/transfer/store/index.d.ts.map +1 -0
- package/dist/src/transfer/store/index.js +63 -130
- package/dist/src/transfer/store/index.js.map +1 -1
- package/dist/src/transfer/store/publish.d.ts +76 -0
- package/dist/src/transfer/store/publish.d.ts.map +1 -0
- package/dist/src/transfer/store/publish.js +184 -258
- package/dist/src/transfer/store/publish.js.map +1 -1
- package/dist/src/transfer/store/registry.js +50 -72
- package/dist/src/transfer/store/registry.js.map +1 -1
- package/dist/src/transfer/store/search.d.ts +54 -0
- package/dist/src/transfer/store/search.d.ts.map +1 -0
- package/dist/src/transfer/store/search.js +64 -96
- package/dist/src/transfer/store/search.js.map +1 -1
- package/dist/src/transfer/store/tests/standalone-test.js +174 -231
- package/dist/src/transfer/store/tests/standalone-test.js.map +1 -1
- package/dist/src/transfer/test-seraphine.js +95 -130
- package/dist/src/transfer/test-seraphine.js.map +1 -1
- package/dist/src/transfer/tests/test-store.js +194 -239
- package/dist/src/transfer/tests/test-store.js.map +1 -1
- package/dist/src/transfer/types.d.ts +245 -0
- package/dist/src/transfer/types.d.ts.map +1 -0
- package/dist/src/types.d.ts +198 -0
- package/dist/src/types.d.ts.map +1 -0
- package/dist/src/types.js +26 -55
- package/dist/src/types.js.map +1 -1
- package/dist/src/update/checker.d.ts +34 -0
- package/dist/src/update/checker.d.ts.map +1 -0
- package/dist/src/update/checker.js +106 -183
- package/dist/src/update/checker.js.map +1 -1
- package/dist/src/update/executor.d.ts +32 -0
- package/dist/src/update/executor.d.ts.map +1 -0
- package/dist/src/update/executor.js +135 -198
- package/dist/src/update/executor.js.map +1 -1
- package/dist/src/update/index.d.ts +33 -0
- package/dist/src/update/index.d.ts.map +1 -0
- package/dist/src/update/index.js +38 -85
- package/dist/src/update/index.js.map +1 -1
- package/dist/src/update/rate-limiter.d.ts +20 -0
- package/dist/src/update/rate-limiter.d.ts.map +1 -0
- package/dist/src/update/rate-limiter.js +19 -31
- package/dist/src/update/rate-limiter.js.map +1 -1
- package/dist/src/update/validator.d.ts +17 -0
- package/dist/src/update/validator.d.ts.map +1 -0
- package/dist/src/update/validator.js +38 -64
- package/dist/src/update/validator.js.map +1 -1
- package/dist/tsconfig.tsbuildinfo +1 -1
- package/package.json +1 -1
|
@@ -6,59 +6,12 @@
|
|
|
6
6
|
*
|
|
7
7
|
* @module @claude-flow/cli/appliance/rvfa-signing
|
|
8
8
|
*/
|
|
9
|
-
var __assign = (this && this.__assign) || function () {
|
|
10
|
-
__assign = Object.assign || function(t) {
|
|
11
|
-
for (var s, i = 1, n = arguments.length; i < n; i++) {
|
|
12
|
-
s = arguments[i];
|
|
13
|
-
for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
|
|
14
|
-
t[p] = s[p];
|
|
15
|
-
}
|
|
16
|
-
return t;
|
|
17
|
-
};
|
|
18
|
-
return __assign.apply(this, arguments);
|
|
19
|
-
};
|
|
20
|
-
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
21
|
-
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
22
|
-
return new (P || (P = Promise))(function (resolve, reject) {
|
|
23
|
-
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
24
|
-
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
25
|
-
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
26
|
-
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
27
|
-
});
|
|
28
|
-
};
|
|
29
|
-
var __generator = (this && this.__generator) || function (thisArg, body) {
|
|
30
|
-
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
|
|
31
|
-
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
|
|
32
|
-
function verb(n) { return function (v) { return step([n, v]); }; }
|
|
33
|
-
function step(op) {
|
|
34
|
-
if (f) throw new TypeError("Generator is already executing.");
|
|
35
|
-
while (_) try {
|
|
36
|
-
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
|
|
37
|
-
if (y = 0, t) op = [op[0] & 2, t.value];
|
|
38
|
-
switch (op[0]) {
|
|
39
|
-
case 0: case 1: t = op; break;
|
|
40
|
-
case 4: _.label++; return { value: op[1], done: false };
|
|
41
|
-
case 5: _.label++; y = op[1]; op = [0]; continue;
|
|
42
|
-
case 7: op = _.ops.pop(); _.trys.pop(); continue;
|
|
43
|
-
default:
|
|
44
|
-
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
|
|
45
|
-
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
|
|
46
|
-
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
|
|
47
|
-
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
|
|
48
|
-
if (t[2]) _.ops.pop();
|
|
49
|
-
_.trys.pop(); continue;
|
|
50
|
-
}
|
|
51
|
-
op = body.call(thisArg, _);
|
|
52
|
-
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
|
|
53
|
-
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
|
|
54
|
-
}
|
|
55
|
-
};
|
|
56
9
|
import { generateKeyPairSync, createHash, sign, verify, createPublicKey, createPrivateKey, } from 'node:crypto';
|
|
57
10
|
import { readFile, writeFile, stat, chmod, mkdir } from 'node:fs/promises';
|
|
58
11
|
// ── Constants ────────────────────────────────────────────────
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
12
|
+
const PREAMBLE_SIZE = 12; // 4B magic + 4B version + 4B header_len
|
|
13
|
+
const SHA256_SIZE = 32;
|
|
14
|
+
const KEY_FILE_MODE = 0o600;
|
|
62
15
|
// ── Key Management ───────────────────────────────────────────
|
|
63
16
|
/** Compute the fingerprint of a public key: first 16 hex chars of its SHA256. */
|
|
64
17
|
function computeFingerprint(publicKeyPem) {
|
|
@@ -70,20 +23,15 @@ function computeFingerprint(publicKeyPem) {
|
|
|
70
23
|
/**
|
|
71
24
|
* Generate a new Ed25519 key pair for RVFA signing.
|
|
72
25
|
*/
|
|
73
|
-
export function generateKeyPair() {
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
_a = generateKeyPairSync('ed25519', {
|
|
78
|
-
publicKeyEncoding: { type: 'spki', format: 'pem' },
|
|
79
|
-
privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
|
|
80
|
-
}), publicKey = _a.publicKey, privateKey = _a.privateKey;
|
|
81
|
-
pubBuf = Buffer.from(publicKey, 'utf-8');
|
|
82
|
-
privBuf = Buffer.from(privateKey, 'utf-8');
|
|
83
|
-
fingerprint = computeFingerprint(publicKey);
|
|
84
|
-
return [2 /*return*/, { publicKey: pubBuf, privateKey: privBuf, fingerprint: fingerprint }];
|
|
85
|
-
});
|
|
26
|
+
export async function generateKeyPair() {
|
|
27
|
+
const { publicKey, privateKey } = generateKeyPairSync('ed25519', {
|
|
28
|
+
publicKeyEncoding: { type: 'spki', format: 'pem' },
|
|
29
|
+
privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
|
|
86
30
|
});
|
|
31
|
+
const pubBuf = Buffer.from(publicKey, 'utf-8');
|
|
32
|
+
const privBuf = Buffer.from(privateKey, 'utf-8');
|
|
33
|
+
const fingerprint = computeFingerprint(publicKey);
|
|
34
|
+
return { publicKey: pubBuf, privateKey: privBuf, fingerprint };
|
|
87
35
|
}
|
|
88
36
|
/**
|
|
89
37
|
* Save a key pair to disk as PEM files.
|
|
@@ -93,32 +41,15 @@ export function generateKeyPair() {
|
|
|
93
41
|
* @param name Base name for the key files (default: 'rvfa-signing').
|
|
94
42
|
* @returns Paths to the written public and private key files.
|
|
95
43
|
*/
|
|
96
|
-
export function saveKeyPair(keyPair, dir, name) {
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
pubPath = dir + "/" + name + ".pub";
|
|
106
|
-
privPath = dir + "/" + name + ".key";
|
|
107
|
-
return [4 /*yield*/, writeFile(pubPath, keyPair.publicKey)];
|
|
108
|
-
case 2:
|
|
109
|
-
_a.sent();
|
|
110
|
-
return [4 /*yield*/, writeFile(privPath, keyPair.privateKey, { mode: KEY_FILE_MODE })];
|
|
111
|
-
case 3:
|
|
112
|
-
_a.sent();
|
|
113
|
-
// Ensure private key has restrictive permissions even on existing files
|
|
114
|
-
return [4 /*yield*/, chmod(privPath, KEY_FILE_MODE)];
|
|
115
|
-
case 4:
|
|
116
|
-
// Ensure private key has restrictive permissions even on existing files
|
|
117
|
-
_a.sent();
|
|
118
|
-
return [2 /*return*/, { publicKeyPath: pubPath, privateKeyPath: privPath }];
|
|
119
|
-
}
|
|
120
|
-
});
|
|
121
|
-
});
|
|
44
|
+
export async function saveKeyPair(keyPair, dir, name = 'rvfa-signing') {
|
|
45
|
+
await mkdir(dir, { recursive: true });
|
|
46
|
+
const pubPath = `${dir}/${name}.pub`;
|
|
47
|
+
const privPath = `${dir}/${name}.key`;
|
|
48
|
+
await writeFile(pubPath, keyPair.publicKey);
|
|
49
|
+
await writeFile(privPath, keyPair.privateKey, { mode: KEY_FILE_MODE });
|
|
50
|
+
// Ensure private key has restrictive permissions even on existing files
|
|
51
|
+
await chmod(privPath, KEY_FILE_MODE);
|
|
52
|
+
return { publicKeyPath: pubPath, privateKeyPath: privPath };
|
|
122
53
|
}
|
|
123
54
|
/**
|
|
124
55
|
* Load a key pair from PEM files on disk.
|
|
@@ -126,44 +57,26 @@ export function saveKeyPair(keyPair, dir, name) {
|
|
|
126
57
|
* @param dir Directory containing the key files.
|
|
127
58
|
* @param name Base name for the key files (default: 'rvfa-signing').
|
|
128
59
|
*/
|
|
129
|
-
export function loadKeyPair(dir, name) {
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
privateKey = _a.sent();
|
|
144
|
-
return [4 /*yield*/, stat(privPath)];
|
|
145
|
-
case 3:
|
|
146
|
-
privStat = _a.sent();
|
|
147
|
-
mode = privStat.mode & 511;
|
|
148
|
-
if (mode & 63) {
|
|
149
|
-
console.warn("[rvfa-signing] WARNING: Private key " + privPath + " has open permissions " +
|
|
150
|
-
("(" + mode.toString(8) + "). Consider running: chmod 600 " + privPath));
|
|
151
|
-
}
|
|
152
|
-
fingerprint = computeFingerprint(publicKey.toString('utf-8'));
|
|
153
|
-
return [2 /*return*/, { publicKey: publicKey, privateKey: privateKey, fingerprint: fingerprint }];
|
|
154
|
-
}
|
|
155
|
-
});
|
|
156
|
-
});
|
|
60
|
+
export async function loadKeyPair(dir, name = 'rvfa-signing') {
|
|
61
|
+
const pubPath = `${dir}/${name}.pub`;
|
|
62
|
+
const privPath = `${dir}/${name}.key`;
|
|
63
|
+
const publicKey = await readFile(pubPath);
|
|
64
|
+
const privateKey = await readFile(privPath);
|
|
65
|
+
// Warn if private key permissions are too open
|
|
66
|
+
const privStat = await stat(privPath);
|
|
67
|
+
const mode = privStat.mode & 0o777;
|
|
68
|
+
if (mode & 0o077) {
|
|
69
|
+
console.warn(`[rvfa-signing] WARNING: Private key ${privPath} has open permissions ` +
|
|
70
|
+
`(${mode.toString(8)}). Consider running: chmod 600 ${privPath}`);
|
|
71
|
+
}
|
|
72
|
+
const fingerprint = computeFingerprint(publicKey.toString('utf-8'));
|
|
73
|
+
return { publicKey, privateKey, fingerprint };
|
|
157
74
|
}
|
|
158
75
|
/**
|
|
159
76
|
* Load a public key from a single PEM file.
|
|
160
77
|
*/
|
|
161
|
-
export function loadPublicKey(path) {
|
|
162
|
-
return
|
|
163
|
-
return __generator(this, function (_a) {
|
|
164
|
-
return [2 /*return*/, readFile(path)];
|
|
165
|
-
});
|
|
166
|
-
});
|
|
78
|
+
export async function loadPublicKey(path) {
|
|
79
|
+
return readFile(path);
|
|
167
80
|
}
|
|
168
81
|
// ── Internal Helpers ─────────────────────────────────────────
|
|
169
82
|
/**
|
|
@@ -171,11 +84,10 @@ export function loadPublicKey(path) {
|
|
|
171
84
|
* Produces deterministic output regardless of insertion order.
|
|
172
85
|
*/
|
|
173
86
|
function canonicalJson(value) {
|
|
174
|
-
return JSON.stringify(value,
|
|
87
|
+
return JSON.stringify(value, (_key, val) => {
|
|
175
88
|
if (val !== null && typeof val === 'object' && !Array.isArray(val) && !Buffer.isBuffer(val)) {
|
|
176
|
-
|
|
177
|
-
for (
|
|
178
|
-
var k = _a[_i];
|
|
89
|
+
const sorted = {};
|
|
90
|
+
for (const k of Object.keys(val).sort()) {
|
|
179
91
|
sorted[k] = val[k];
|
|
180
92
|
}
|
|
181
93
|
return sorted;
|
|
@@ -191,27 +103,27 @@ function parseRvfaBinary(buf) {
|
|
|
191
103
|
if (buf.length < PREAMBLE_SIZE + SHA256_SIZE) {
|
|
192
104
|
throw new Error('Buffer too small to be a valid RVFA file');
|
|
193
105
|
}
|
|
194
|
-
|
|
106
|
+
const magic = buf.subarray(0, 4).toString('ascii');
|
|
195
107
|
if (magic !== 'RVFA') {
|
|
196
|
-
throw new Error(
|
|
108
|
+
throw new Error(`Invalid RVFA magic: expected "RVFA", got "${magic}"`);
|
|
197
109
|
}
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
110
|
+
const headerLen = buf.readUInt32LE(8);
|
|
111
|
+
const headerStart = PREAMBLE_SIZE;
|
|
112
|
+
const headerEnd = headerStart + headerLen;
|
|
201
113
|
if (headerEnd > buf.length - SHA256_SIZE) {
|
|
202
114
|
throw new Error('Header length extends beyond buffer');
|
|
203
115
|
}
|
|
204
|
-
|
|
205
|
-
|
|
116
|
+
const headerJson = buf.subarray(headerStart, headerEnd).toString('utf-8');
|
|
117
|
+
let header;
|
|
206
118
|
try {
|
|
207
119
|
header = JSON.parse(headerJson);
|
|
208
120
|
}
|
|
209
|
-
catch
|
|
121
|
+
catch {
|
|
210
122
|
throw new Error('Failed to parse RVFA header JSON');
|
|
211
123
|
}
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
return { header
|
|
124
|
+
const footer = buf.subarray(buf.length - SHA256_SIZE);
|
|
125
|
+
const sectionData = buf.subarray(headerEnd, buf.length - SHA256_SIZE);
|
|
126
|
+
return { header, headerStart, headerEnd, sectionData, footer };
|
|
215
127
|
}
|
|
216
128
|
/**
|
|
217
129
|
* Compute the signing digest for an RVFA file.
|
|
@@ -222,9 +134,9 @@ function parseRvfaBinary(buf) {
|
|
|
222
134
|
*/
|
|
223
135
|
function computeSigningDigest(header, sectionData, footer) {
|
|
224
136
|
// Strip signature field from header for digest computation
|
|
225
|
-
|
|
137
|
+
const stripped = { ...header };
|
|
226
138
|
delete stripped.signature;
|
|
227
|
-
|
|
139
|
+
const canonical = Buffer.from(canonicalJson(stripped), 'utf-8');
|
|
228
140
|
return createHash('sha256')
|
|
229
141
|
.update(canonical)
|
|
230
142
|
.update(sectionData)
|
|
@@ -233,12 +145,12 @@ function computeSigningDigest(header, sectionData, footer) {
|
|
|
233
145
|
}
|
|
234
146
|
/** Convert a Buffer or PEM string into a KeyObject. */
|
|
235
147
|
function toPrivateKeyObject(key) {
|
|
236
|
-
|
|
148
|
+
const pem = Buffer.isBuffer(key) ? key.toString('utf-8') : key;
|
|
237
149
|
return createPrivateKey(pem);
|
|
238
150
|
}
|
|
239
151
|
/** Convert a Buffer or PEM string into a KeyObject. */
|
|
240
152
|
function toPublicKeyObject(key) {
|
|
241
|
-
|
|
153
|
+
const pem = Buffer.isBuffer(key) ? key.toString('utf-8') : key;
|
|
242
154
|
return createPublicKey(pem);
|
|
243
155
|
}
|
|
244
156
|
/**
|
|
@@ -248,9 +160,9 @@ function toPublicKeyObject(key) {
|
|
|
248
160
|
* and keeps section data and footer intact.
|
|
249
161
|
*/
|
|
250
162
|
function rebuildRvfa(originalBuf, newHeader, sectionData, footer) {
|
|
251
|
-
|
|
163
|
+
const headerJson = Buffer.from(JSON.stringify(newHeader), 'utf-8');
|
|
252
164
|
// Preamble: magic + version + new header length
|
|
253
|
-
|
|
165
|
+
const preamble = Buffer.alloc(PREAMBLE_SIZE);
|
|
254
166
|
originalBuf.copy(preamble, 0, 0, 8); // magic + version unchanged
|
|
255
167
|
preamble.writeUInt32LE(headerJson.length, 8);
|
|
256
168
|
return Buffer.concat([preamble, headerJson, sectionData, footer]);
|
|
@@ -259,11 +171,14 @@ function rebuildRvfa(originalBuf, newHeader, sectionData, footer) {
|
|
|
259
171
|
/**
|
|
260
172
|
* Signs RVFA appliance files and data with Ed25519.
|
|
261
173
|
*/
|
|
262
|
-
|
|
263
|
-
|
|
174
|
+
export class RvfaSigner {
|
|
175
|
+
keyObj;
|
|
176
|
+
fingerprint;
|
|
177
|
+
constructor(privateKey) {
|
|
264
178
|
this.keyObj = toPrivateKeyObject(privateKey);
|
|
265
179
|
// Derive public key to compute fingerprint
|
|
266
|
-
|
|
180
|
+
const pubPem = createPublicKey(this.keyObj)
|
|
181
|
+
.export({ type: 'spki', format: 'pem' });
|
|
267
182
|
this.fingerprint = computeFingerprint(pubPem);
|
|
268
183
|
}
|
|
269
184
|
/**
|
|
@@ -281,81 +196,62 @@ var RvfaSigner = /** @class */ (function () {
|
|
|
281
196
|
* @param signedBy Optional publisher name.
|
|
282
197
|
* @returns The signature metadata that was embedded.
|
|
283
198
|
*/
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
|
|
294
|
-
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
rebuilt = rebuildRvfa(buf, header, sectionData, footer);
|
|
306
|
-
return [4 /*yield*/, writeFile(rvfaPath, rebuilt)];
|
|
307
|
-
case 2:
|
|
308
|
-
_b.sent();
|
|
309
|
-
return [2 /*return*/, metadata];
|
|
310
|
-
}
|
|
311
|
-
});
|
|
312
|
-
});
|
|
313
|
-
};
|
|
199
|
+
async signAppliance(rvfaPath, signedBy) {
|
|
200
|
+
const buf = await readFile(rvfaPath);
|
|
201
|
+
const { header, sectionData, footer } = parseRvfaBinary(buf);
|
|
202
|
+
// Compute digest over header (without signature) + sections + footer
|
|
203
|
+
const digest = computeSigningDigest(header, sectionData, footer);
|
|
204
|
+
// Ed25519 sign
|
|
205
|
+
const sig = sign(null, digest, this.keyObj);
|
|
206
|
+
const metadata = {
|
|
207
|
+
algorithm: 'ed25519',
|
|
208
|
+
publicKeyFingerprint: this.fingerprint,
|
|
209
|
+
signature: sig.toString('hex'),
|
|
210
|
+
signedAt: new Date().toISOString(),
|
|
211
|
+
signedBy,
|
|
212
|
+
scope: 'full',
|
|
213
|
+
};
|
|
214
|
+
// Embed signature in header and rebuild
|
|
215
|
+
header.signature = metadata;
|
|
216
|
+
const rebuilt = rebuildRvfa(buf, header, sectionData, footer);
|
|
217
|
+
await writeFile(rvfaPath, rebuilt);
|
|
218
|
+
return metadata;
|
|
219
|
+
}
|
|
314
220
|
/**
|
|
315
221
|
* Sign a section footer hash (detached signature).
|
|
316
222
|
*
|
|
317
223
|
* @param footerHash The 32-byte SHA256 footer hash from an RVFA file.
|
|
318
224
|
* @returns Hex-encoded Ed25519 signature.
|
|
319
225
|
*/
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
sig = sign(null, footerHash, this.keyObj);
|
|
328
|
-
return [2 /*return*/, sig.toString('hex')];
|
|
329
|
-
});
|
|
330
|
-
});
|
|
331
|
-
};
|
|
226
|
+
async signSections(footerHash) {
|
|
227
|
+
if (footerHash.length !== SHA256_SIZE) {
|
|
228
|
+
throw new Error(`Footer hash must be ${SHA256_SIZE} bytes, got ${footerHash.length}`);
|
|
229
|
+
}
|
|
230
|
+
const sig = sign(null, footerHash, this.keyObj);
|
|
231
|
+
return sig.toString('hex');
|
|
232
|
+
}
|
|
332
233
|
/**
|
|
333
234
|
* Sign an RVFP patch file (detached signature).
|
|
334
235
|
*
|
|
335
236
|
* @param patchData The raw patch binary data.
|
|
336
237
|
* @returns Hex-encoded Ed25519 signature.
|
|
337
238
|
*/
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
|
|
342
|
-
|
|
343
|
-
|
|
344
|
-
return [2 /*return*/, sig.toString('hex')];
|
|
345
|
-
});
|
|
346
|
-
});
|
|
347
|
-
};
|
|
348
|
-
return RvfaSigner;
|
|
349
|
-
}());
|
|
350
|
-
export { RvfaSigner };
|
|
239
|
+
async signPatch(patchData) {
|
|
240
|
+
const digest = createHash('sha256').update(patchData).digest();
|
|
241
|
+
const sig = sign(null, digest, this.keyObj);
|
|
242
|
+
return sig.toString('hex');
|
|
243
|
+
}
|
|
244
|
+
}
|
|
351
245
|
// ── RvfaVerifier ─────────────────────────────────────────────
|
|
352
246
|
/**
|
|
353
247
|
* Verifies Ed25519 signatures on RVFA appliance files and data.
|
|
354
248
|
*/
|
|
355
|
-
|
|
356
|
-
|
|
249
|
+
export class RvfaVerifier {
|
|
250
|
+
keyObj;
|
|
251
|
+
fingerprint;
|
|
252
|
+
constructor(publicKey) {
|
|
357
253
|
this.keyObj = toPublicKeyObject(publicKey);
|
|
358
|
-
|
|
254
|
+
const pem = Buffer.isBuffer(publicKey) ? publicKey.toString('utf-8') : publicKey;
|
|
359
255
|
this.fingerprint = computeFingerprint(pem);
|
|
360
256
|
}
|
|
361
257
|
/**
|
|
@@ -364,106 +260,88 @@ var RvfaVerifier = /** @class */ (function () {
|
|
|
364
260
|
* @param rvfaPath Path to the .rvf appliance file.
|
|
365
261
|
* @returns Verification result with details and any errors.
|
|
366
262
|
*/
|
|
367
|
-
|
|
368
|
-
|
|
369
|
-
|
|
370
|
-
|
|
371
|
-
|
|
372
|
-
|
|
373
|
-
|
|
374
|
-
|
|
375
|
-
|
|
376
|
-
|
|
377
|
-
|
|
378
|
-
|
|
379
|
-
|
|
380
|
-
|
|
381
|
-
|
|
382
|
-
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
|
|
390
|
-
|
|
391
|
-
|
|
392
|
-
|
|
393
|
-
|
|
394
|
-
|
|
395
|
-
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
|
|
399
|
-
|
|
400
|
-
|
|
401
|
-
|
|
402
|
-
|
|
403
|
-
|
|
404
|
-
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
errors: errors
|
|
429
|
-
}];
|
|
430
|
-
}
|
|
431
|
-
});
|
|
432
|
-
});
|
|
433
|
-
};
|
|
263
|
+
async verifyAppliance(rvfaPath) {
|
|
264
|
+
const errors = [];
|
|
265
|
+
let buf;
|
|
266
|
+
try {
|
|
267
|
+
buf = await readFile(rvfaPath);
|
|
268
|
+
}
|
|
269
|
+
catch (err) {
|
|
270
|
+
return { valid: false, errors: [`Failed to read file: ${err.message}`] };
|
|
271
|
+
}
|
|
272
|
+
let parsed;
|
|
273
|
+
try {
|
|
274
|
+
parsed = parseRvfaBinary(buf);
|
|
275
|
+
}
|
|
276
|
+
catch (err) {
|
|
277
|
+
return { valid: false, errors: [`Invalid RVFA file: ${err.message}`] };
|
|
278
|
+
}
|
|
279
|
+
const { header, sectionData, footer } = parsed;
|
|
280
|
+
// Extract signature metadata from header
|
|
281
|
+
const sigRaw = header.signature;
|
|
282
|
+
if (!sigRaw || typeof sigRaw !== 'object') {
|
|
283
|
+
return { valid: false, errors: ['No signature found in RVFA header'] };
|
|
284
|
+
}
|
|
285
|
+
const sigMeta = sigRaw;
|
|
286
|
+
if (sigMeta.algorithm !== 'ed25519') {
|
|
287
|
+
errors.push(`Unsupported algorithm: ${String(sigMeta.algorithm)}`);
|
|
288
|
+
return { valid: false, errors };
|
|
289
|
+
}
|
|
290
|
+
if (typeof sigMeta.signature !== 'string' || !sigMeta.signature) {
|
|
291
|
+
errors.push('Signature field is missing or empty');
|
|
292
|
+
return { valid: false, errors };
|
|
293
|
+
}
|
|
294
|
+
// Recompute the digest the same way the signer did
|
|
295
|
+
const digest = computeSigningDigest(header, sectionData, footer);
|
|
296
|
+
// Verify
|
|
297
|
+
let sigBuf;
|
|
298
|
+
try {
|
|
299
|
+
sigBuf = Buffer.from(sigMeta.signature, 'hex');
|
|
300
|
+
}
|
|
301
|
+
catch {
|
|
302
|
+
errors.push('Signature is not valid hex');
|
|
303
|
+
return { valid: false, errors };
|
|
304
|
+
}
|
|
305
|
+
let valid;
|
|
306
|
+
try {
|
|
307
|
+
valid = verify(null, digest, this.keyObj, sigBuf);
|
|
308
|
+
}
|
|
309
|
+
catch (err) {
|
|
310
|
+
errors.push(`Verification error: ${err.message}`);
|
|
311
|
+
return { valid: false, errors };
|
|
312
|
+
}
|
|
313
|
+
if (!valid) {
|
|
314
|
+
errors.push('Ed25519 signature verification failed: data may be tampered');
|
|
315
|
+
}
|
|
316
|
+
return {
|
|
317
|
+
valid,
|
|
318
|
+
signerFingerprint: sigMeta.publicKeyFingerprint,
|
|
319
|
+
signedAt: sigMeta.signedAt,
|
|
320
|
+
signedBy: sigMeta.signedBy,
|
|
321
|
+
errors,
|
|
322
|
+
};
|
|
323
|
+
}
|
|
434
324
|
/**
|
|
435
325
|
* Verify a detached Ed25519 signature over arbitrary data.
|
|
436
326
|
*
|
|
437
327
|
* @param data The data that was signed.
|
|
438
328
|
* @param signature Hex-encoded Ed25519 signature.
|
|
439
329
|
*/
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
|
|
445
|
-
sigBuf = Buffer.from(signature, 'hex');
|
|
446
|
-
return [2 /*return*/, verify(null, digest, this.keyObj, sigBuf)];
|
|
447
|
-
});
|
|
448
|
-
});
|
|
449
|
-
};
|
|
330
|
+
async verifyDetached(data, signature) {
|
|
331
|
+
const digest = createHash('sha256').update(data).digest();
|
|
332
|
+
const sigBuf = Buffer.from(signature, 'hex');
|
|
333
|
+
return verify(null, digest, this.keyObj, sigBuf);
|
|
334
|
+
}
|
|
450
335
|
/**
|
|
451
336
|
* Verify an RVFP patch file signature.
|
|
452
337
|
*
|
|
453
338
|
* @param patchData The raw patch binary data.
|
|
454
339
|
* @param signature Hex-encoded Ed25519 signature.
|
|
455
340
|
*/
|
|
456
|
-
|
|
457
|
-
|
|
458
|
-
|
|
459
|
-
|
|
460
|
-
|
|
461
|
-
|
|
462
|
-
return [2 /*return*/, verify(null, digest, this.keyObj, sigBuf)];
|
|
463
|
-
});
|
|
464
|
-
});
|
|
465
|
-
};
|
|
466
|
-
return RvfaVerifier;
|
|
467
|
-
}());
|
|
468
|
-
export { RvfaVerifier };
|
|
341
|
+
async verifyPatch(patchData, signature) {
|
|
342
|
+
const digest = createHash('sha256').update(patchData).digest();
|
|
343
|
+
const sigBuf = Buffer.from(signature, 'hex');
|
|
344
|
+
return verify(null, digest, this.keyObj, sigBuf);
|
|
345
|
+
}
|
|
346
|
+
}
|
|
469
347
|
//# sourceMappingURL=rvfa-signing.js.map
|