livybolt 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +54 -0
- package/package.json +43 -0
- package/scripts/agent-identity-store.mjs +43 -0
- package/scripts/agent-identity.mjs +230 -0
- package/scripts/balance.mjs +68 -0
- package/scripts/cli-prompt.mjs +38 -0
- package/scripts/livybolt-api.mjs +253 -0
- package/scripts/livybolt.mjs +93 -0
- package/scripts/pair.mjs +116 -0
- package/scripts/pending-store.mjs +70 -0
- package/scripts/seed-unlock.mjs +111 -0
- package/scripts/survey-create.mjs +175 -0
- package/scripts/survey-index-store.mjs +88 -0
- package/scripts/token-vault-store.mjs +52 -0
- package/scripts/token-vault.mjs +94 -0
- package/scripts/unlock.mjs +148 -0
- package/scripts/vault-decrypt.mjs +38 -0
- package/scripts/vault-open.mjs +44 -0
- package/scripts/vault-read.mjs +118 -0
- package/scripts/vault-rebuild.mjs +121 -0
- package/src/lib/crypto/agent-identity.js +85 -0
- package/src/lib/crypto/envelope.js +253 -0
- package/src/lib/crypto/recipient-key.js +111 -0
- package/src/lib/crypto/seed-store.js +164 -0
- package/src/lib/crypto/survey-key.js +97 -0
- package/src/lib/crypto/token-vault.js +116 -0
- package/src/lib/crypto/view-key.js +98 -0
package/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 cozzyland
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
package/README.md
ADDED
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
# livybolt (`livybolt`)
|
|
2
|
+
|
|
3
|
+
Accountless, self-custody, **end-to-end-encrypted** surveys over Lightning.
|
|
4
|
+
|
|
5
|
+
`livybolt` is the command-line client for [Livybolt](https://livybolt.com). You pay
|
|
6
|
+
one Lightning invoice to create a survey, respondents answer for free, and every
|
|
7
|
+
response is encrypted to a key only you hold. There are no accounts, and the server
|
|
8
|
+
can never read your data.
|
|
9
|
+
|
|
10
|
+
## Install
|
|
11
|
+
|
|
12
|
+
```bash
|
|
13
|
+
npm i -g livybolt # installs the `livybolt` command
|
|
14
|
+
livybolt --help
|
|
15
|
+
```
|
|
16
|
+
|
|
17
|
+
Requires **Node.js ≥ 20**.
|
|
18
|
+
|
|
19
|
+
## Quick start
|
|
20
|
+
|
|
21
|
+
```bash
|
|
22
|
+
livybolt id new --password "<a strong passphrase>" # self-custody key, shown once
|
|
23
|
+
livybolt create survey.json # → Lightning invoice + handle
|
|
24
|
+
# ...pay the invoice with any wallet...
|
|
25
|
+
livybolt create --resume <handle> --preimage <hex> # → public URL, sealed to your vault
|
|
26
|
+
livybolt balance --survey <id> # prepaid-pool accounting
|
|
27
|
+
livybolt vault read --survey <id> # pull + decrypt responses locally
|
|
28
|
+
livybolt unlock --survey <id> --count <n> # pay to read overage responses
|
|
29
|
+
```
|
|
30
|
+
|
|
31
|
+
A minimal `survey.json`:
|
|
32
|
+
|
|
33
|
+
```json
|
|
34
|
+
{
|
|
35
|
+
"title": "Launch feedback",
|
|
36
|
+
"expected_responses": 100,
|
|
37
|
+
"per_response_sats": 50,
|
|
38
|
+
"questions": [
|
|
39
|
+
{ "id": "q1", "text": "How did you hear about us?", "type": "short_text" },
|
|
40
|
+
{ "id": "q2", "text": "How likely are you to recommend us?", "type": "rating" }
|
|
41
|
+
]
|
|
42
|
+
}
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
## Self-custody
|
|
46
|
+
|
|
47
|
+
Your keys live only in `~/.livybolt/`. They are never sent to the server, which
|
|
48
|
+
stores ciphertext and public keys only. **Back up the seed words** printed by
|
|
49
|
+
`livybolt id new` — there is no recovery.
|
|
50
|
+
|
|
51
|
+
## Docs
|
|
52
|
+
|
|
53
|
+
- CLI reference: https://livybolt.com/docs/cli
|
|
54
|
+
- HTTP API reference: https://livybolt.com/docs/api
|
package/package.json
ADDED
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "livybolt",
|
|
3
|
+
"version": "0.1.0",
|
|
4
|
+
"description": "livybolt — accountless, self-custody, end-to-end-encrypted surveys over Lightning. CLI client for Livybolt (Nostr edition).",
|
|
5
|
+
"type": "module",
|
|
6
|
+
"bin": {
|
|
7
|
+
"livybolt": "scripts/livybolt.mjs"
|
|
8
|
+
},
|
|
9
|
+
"engines": {
|
|
10
|
+
"node": ">=20.0.0"
|
|
11
|
+
},
|
|
12
|
+
"files": [
|
|
13
|
+
"scripts",
|
|
14
|
+
"src",
|
|
15
|
+
"README.md"
|
|
16
|
+
],
|
|
17
|
+
"dependencies": {
|
|
18
|
+
"nostr-tools": "^2.23.5"
|
|
19
|
+
},
|
|
20
|
+
"scripts": {
|
|
21
|
+
"prepack": "node prepack.mjs"
|
|
22
|
+
},
|
|
23
|
+
"keywords": [
|
|
24
|
+
"survey",
|
|
25
|
+
"lightning",
|
|
26
|
+
"bitcoin",
|
|
27
|
+
"nostr",
|
|
28
|
+
"l402",
|
|
29
|
+
"end-to-end-encryption",
|
|
30
|
+
"self-custody",
|
|
31
|
+
"cli"
|
|
32
|
+
],
|
|
33
|
+
"license": "MIT",
|
|
34
|
+
"homepage": "https://livybolt.com",
|
|
35
|
+
"repository": {
|
|
36
|
+
"type": "git",
|
|
37
|
+
"url": "git+https://github.com/cozzyland/lightsurvey-nostr-edition.git",
|
|
38
|
+
"directory": "cli"
|
|
39
|
+
},
|
|
40
|
+
"bugs": {
|
|
41
|
+
"url": "https://github.com/cozzyland/lightsurvey-nostr-edition/issues"
|
|
42
|
+
}
|
|
43
|
+
}
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
// Local at-rest store for the Agent Identity Key (node-only: fs/os/perms).
|
|
2
|
+
//
|
|
3
|
+
// Kept OUT of src/lib/crypto/agent-identity.ts on purpose — that module is
|
|
4
|
+
// isomorphic (browser + node), this one touches the filesystem. The store holds
|
|
5
|
+
// only public fields in the clear; the secret is the SEED — a NIP-49 `ncryptsec`
|
|
6
|
+
// of the BIP-39 entropy (encrypted default, `secretKind: seed-entropy-nip49`) or,
|
|
7
|
+
// with --plaintext, the bare seed words (`secretKind: seed-plaintext`, the one
|
|
8
|
+
// path where the secret rests in cleartext). Storing the seed (not the account-0
|
|
9
|
+
// privkey) is what lets per-survey keys derive from it. Default location:
|
|
10
|
+
// ~/.livybolt/identity.json (override with LIVYBOLT_IDENTITY_HOME).
|
|
11
|
+
// Dir 0700, file 0600.
|
|
12
|
+
|
|
13
|
+
import { homedir } from 'node:os'
|
|
14
|
+
import { join } from 'node:path'
|
|
15
|
+
import { mkdirSync, writeFileSync, readFileSync, existsSync, chmodSync } from 'node:fs'
|
|
16
|
+
|
|
17
|
+
// v2: seed-bearing store (v1 stored the account-0 privkey, which could not derive
|
|
18
|
+
// per-survey keys). Greenfield — no v1 stores exist to migrate.
|
|
19
|
+
export const STORE_VERSION = 2
|
|
20
|
+
|
|
21
|
+
export function storeHome() {
|
|
22
|
+
return process.env.LIVYBOLT_IDENTITY_HOME ?? join(homedir(), '.livybolt')
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
export function storePath() {
|
|
26
|
+
return join(storeHome(), 'identity.json')
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
export function readStore() {
|
|
30
|
+
const path = storePath()
|
|
31
|
+
if (!existsSync(path)) return null
|
|
32
|
+
return JSON.parse(readFileSync(path, 'utf8'))
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
export function writeStore(record) {
|
|
36
|
+
const home = storeHome()
|
|
37
|
+
mkdirSync(home, { recursive: true, mode: 0o700 })
|
|
38
|
+
const path = storePath()
|
|
39
|
+
writeFileSync(path, JSON.stringify(record, null, 2) + '\n', { mode: 0o600 })
|
|
40
|
+
// writeFileSync only applies mode on create — force it on overwrite too.
|
|
41
|
+
chmodSync(path, 0o600)
|
|
42
|
+
return path
|
|
43
|
+
}
|
|
@@ -0,0 +1,230 @@
|
|
|
1
|
+
// Provision and manage an Agent Identity Key — entirely client-side.
|
|
2
|
+
//
|
|
3
|
+
// This is the executable TWIN of the canonical inline recipe (see
|
|
4
|
+
// docs/reference/agent-identity.md). A code-capable agent can run this script if
|
|
5
|
+
// it has the repo, or paste the equivalent ~15-line recipe; either way the
|
|
6
|
+
// secret is generated and held locally and NEVER sent to the server.
|
|
7
|
+
//
|
|
8
|
+
// It imports the REAL isomorphic identity lib (src/lib/crypto/agent-identity.ts)
|
|
9
|
+
// so the CLI and any inline reimplementation produce byte-identical keys.
|
|
10
|
+
//
|
|
11
|
+
// Commands:
|
|
12
|
+
// new Generate a fresh identity. Prints npub + seed words ONCE, seals it
|
|
13
|
+
// to the local store (encrypted by default), prints the ncryptsec backup.
|
|
14
|
+
// show Print the stored npub/pubkey (never the secret).
|
|
15
|
+
// export Print the ncryptsec backup blob (for off-machine backup).
|
|
16
|
+
// restore Rebuild the store from --seed "<words>" or --ncryptsec <blob>.
|
|
17
|
+
// unlock Verify the store opens (password if encrypted); prints npub.
|
|
18
|
+
//
|
|
19
|
+
// Flags:
|
|
20
|
+
// --plaintext Store the bare seed words at 0600 instead of an ncryptsec
|
|
21
|
+
// (zero-friction for headless agents; secret rests in cleartext).
|
|
22
|
+
// --password <pw> Password for the ncryptsec. Else LIVYBOLT_IDENTITY_PASSWORD,
|
|
23
|
+
// else an interactive (hidden) prompt.
|
|
24
|
+
// --seed "<words>" BIP-39 mnemonic (restore).
|
|
25
|
+
// --ncryptsec <blob> ncryptsec1… backup blob (restore).
|
|
26
|
+
//
|
|
27
|
+
// Store location: ~/.livybolt/identity.json (override LIVYBOLT_IDENTITY_HOME).
|
|
28
|
+
//
|
|
29
|
+
// Usage:
|
|
30
|
+
// node scripts/agent-identity.mjs new --password "hunter2"
|
|
31
|
+
// node scripts/agent-identity.mjs new --plaintext
|
|
32
|
+
// node scripts/agent-identity.mjs show
|
|
33
|
+
// node scripts/agent-identity.mjs export > backup.ncryptsec
|
|
34
|
+
// node scripts/agent-identity.mjs restore --seed "word1 word2 …" --password "hunter2"
|
|
35
|
+
|
|
36
|
+
import {
|
|
37
|
+
generateAgentIdentity,
|
|
38
|
+
agentIdentityFromSeedWords,
|
|
39
|
+
AgentIdentityError,
|
|
40
|
+
} from '../src/lib/crypto/agent-identity.js'
|
|
41
|
+
import { sealSeed, unlockSeed, SeedStoreError } from '../src/lib/crypto/seed-store.js'
|
|
42
|
+
import { readStore, writeStore, storePath, STORE_VERSION } from './agent-identity-store.mjs'
|
|
43
|
+
import { resolveIdentityPassword } from './cli-prompt.mjs'
|
|
44
|
+
|
|
45
|
+
function fail(msg) {
|
|
46
|
+
console.error(`error: ${msg}`)
|
|
47
|
+
process.exit(1)
|
|
48
|
+
}
|
|
49
|
+
|
|
50
|
+
// --- flag parsing (no framework) ---------------------------------------------
|
|
51
|
+
function parseFlags(argv) {
|
|
52
|
+
const flags = {}
|
|
53
|
+
for (let i = 0; i < argv.length; i++) {
|
|
54
|
+
const a = argv[i]
|
|
55
|
+
if (a === '--plaintext') flags.plaintext = true
|
|
56
|
+
else if (a === '--password') flags.password = argv[++i]
|
|
57
|
+
else if (a === '--seed') flags.seed = argv[++i]
|
|
58
|
+
else if (a === '--ncryptsec') flags.ncryptsec = argv[++i]
|
|
59
|
+
else fail(`unknown argument: ${a}`)
|
|
60
|
+
}
|
|
61
|
+
return flags
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
async function resolvePassword(flags, purpose) {
|
|
65
|
+
const pw = await resolveIdentityPassword(flags, fail, purpose)
|
|
66
|
+
if (!pw) fail('empty password')
|
|
67
|
+
return pw
|
|
68
|
+
}
|
|
69
|
+
|
|
70
|
+
// --- store sealing + self-check ----------------------------------------------
|
|
71
|
+
// The persisted secret is the SEED, so per-survey keys can derive from it. We
|
|
72
|
+
// store the seed words (plaintext mode) or a NIP-49 ncryptsec of the BIP-39
|
|
73
|
+
// entropy (encrypted default). `secretKind` tags the payload so the seed entropy
|
|
74
|
+
// is never misread as an nsec.
|
|
75
|
+
function sealRecord(id, { plaintext, password }) {
|
|
76
|
+
if (!id.seedWords) {
|
|
77
|
+
fail('cannot store a seed-bearing identity without seed words (use restore --seed or --ncryptsec)')
|
|
78
|
+
}
|
|
79
|
+
const base = {
|
|
80
|
+
v: STORE_VERSION,
|
|
81
|
+
npub: id.npub,
|
|
82
|
+
pubkey: id.pubkeyHex,
|
|
83
|
+
createdAt: new Date().toISOString(),
|
|
84
|
+
}
|
|
85
|
+
if (plaintext) return { ...base, secretKind: 'seed-plaintext', seedWords: id.seedWords }
|
|
86
|
+
return { ...base, secretKind: 'seed-entropy-nip49', ncryptsec: sealSeed(id.seedWords, password) }
|
|
87
|
+
}
|
|
88
|
+
|
|
89
|
+
// Recover the seed mnemonic from a stored record (plaintext words, or the
|
|
90
|
+
// NIP-49 ncryptsec-of-entropy under the given password). Fails loud on a missing
|
|
91
|
+
// or unrecognized secretKind (e.g. an old pre-v2 store) rather than silently
|
|
92
|
+
// misreading the secret.
|
|
93
|
+
function seedFromRecord(record, password) {
|
|
94
|
+
if (record.secretKind === 'seed-plaintext') {
|
|
95
|
+
if (!record.seedWords) fail('corrupt store: seed-plaintext record is missing seedWords')
|
|
96
|
+
return record.seedWords
|
|
97
|
+
}
|
|
98
|
+
if (record.secretKind === 'seed-entropy-nip49') {
|
|
99
|
+
return unlockSeed(record.ncryptsec, password)
|
|
100
|
+
}
|
|
101
|
+
fail(
|
|
102
|
+
`unrecognized identity store (secretKind=${record.secretKind ?? 'none'}) — ` +
|
|
103
|
+
'likely an old (pre-v2) store; re-provision with `livybolt id new`'
|
|
104
|
+
)
|
|
105
|
+
}
|
|
106
|
+
|
|
107
|
+
// Re-open what we just wrote and confirm the re-derived npub matches — catches a
|
|
108
|
+
// mis-seal before the key is ever trusted. This is the agent's correctness oracle.
|
|
109
|
+
function selfCheck(record, password) {
|
|
110
|
+
const reopened = agentIdentityFromSeedWords(seedFromRecord(record, password))
|
|
111
|
+
if (reopened.npub !== record.npub) {
|
|
112
|
+
fail('self-check FAILED: re-derived npub does not match the stored npub')
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
|
|
116
|
+
// --- commands ----------------------------------------------------------------
|
|
117
|
+
async function cmdNew(flags) {
|
|
118
|
+
if (readStore()) {
|
|
119
|
+
fail(`an identity already exists at ${storePath()} — refusing to overwrite. Move it aside first.`)
|
|
120
|
+
}
|
|
121
|
+
const id = generateAgentIdentity()
|
|
122
|
+
const password = flags.plaintext ? null : await resolvePassword(flags, 'encrypt the new identity')
|
|
123
|
+
const record = sealRecord(id, { plaintext: flags.plaintext, password })
|
|
124
|
+
writeStore(record)
|
|
125
|
+
selfCheck(record, password)
|
|
126
|
+
|
|
127
|
+
console.error('')
|
|
128
|
+
console.error(' ⚠ BACK UP THESE SEED WORDS NOW — shown once, never sent to the server.')
|
|
129
|
+
console.error(' They are the canonical recovery for this identity.')
|
|
130
|
+
console.error(` Stored ${flags.plaintext ? 'in CLEARTEXT (--plaintext)' : 'encrypted'} at ${storePath()} (0600).`)
|
|
131
|
+
console.error('')
|
|
132
|
+
|
|
133
|
+
console.log(`npub=${id.npub}`)
|
|
134
|
+
console.log(`pubkey=${id.pubkeyHex}`)
|
|
135
|
+
console.log(`seed_words=${id.seedWords}`)
|
|
136
|
+
if (record.ncryptsec) console.log(`ncryptsec=${record.ncryptsec}`)
|
|
137
|
+
}
|
|
138
|
+
|
|
139
|
+
function cmdShow() {
|
|
140
|
+
const rec = readStore()
|
|
141
|
+
if (!rec) fail(`no identity at ${storePath()}. Run: node scripts/agent-identity.mjs new`)
|
|
142
|
+
console.log(`npub=${rec.npub}`)
|
|
143
|
+
console.log(`pubkey=${rec.pubkey}`)
|
|
144
|
+
console.log(`mode=${rec.secretKind === 'seed-plaintext' ? 'plaintext' : 'encrypted'}`)
|
|
145
|
+
console.log(`created=${rec.createdAt}`)
|
|
146
|
+
}
|
|
147
|
+
|
|
148
|
+
async function cmdExport(flags) {
|
|
149
|
+
const rec = readStore()
|
|
150
|
+
if (!rec) fail(`no identity at ${storePath()}. Run: node scripts/agent-identity.mjs new`)
|
|
151
|
+
// The exported blob is a NIP-49 ncryptsec of the seed entropy — restore it with
|
|
152
|
+
// `restore --ncryptsec`. It is NOT a portable nsec; the seed words are the
|
|
153
|
+
// canonical cross-tool backup.
|
|
154
|
+
if (rec.secretKind === 'seed-entropy-nip49') {
|
|
155
|
+
console.log(rec.ncryptsec)
|
|
156
|
+
return
|
|
157
|
+
}
|
|
158
|
+
// Plaintext store: derive an encrypted seed backup on demand.
|
|
159
|
+
const password = await resolvePassword(flags, 'encrypt the backup')
|
|
160
|
+
console.log(sealSeed(rec.seedWords, password))
|
|
161
|
+
}
|
|
162
|
+
|
|
163
|
+
async function cmdRestore(flags) {
|
|
164
|
+
if (readStore()) {
|
|
165
|
+
fail(`an identity already exists at ${storePath()} — refusing to overwrite. Move it aside first.`)
|
|
166
|
+
}
|
|
167
|
+
let id
|
|
168
|
+
if (flags.seed) {
|
|
169
|
+
id = agentIdentityFromSeedWords(flags.seed)
|
|
170
|
+
} else if (flags.ncryptsec) {
|
|
171
|
+
const password = await resolvePassword(flags, 'open the ncryptsec')
|
|
172
|
+
// The blob is a seed-entropy ncryptsec (see cmdExport); recover the seed words.
|
|
173
|
+
id = agentIdentityFromSeedWords(unlockSeed(flags.ncryptsec, password))
|
|
174
|
+
} else {
|
|
175
|
+
fail('restore needs --seed "<words>" or --ncryptsec <blob>')
|
|
176
|
+
}
|
|
177
|
+
const password = flags.plaintext ? null : await resolvePassword(flags, 'encrypt the restored identity')
|
|
178
|
+
const record = sealRecord(id, { plaintext: flags.plaintext, password })
|
|
179
|
+
writeStore(record)
|
|
180
|
+
selfCheck(record, password)
|
|
181
|
+
console.log(`npub=${id.npub}`)
|
|
182
|
+
}
|
|
183
|
+
|
|
184
|
+
async function cmdUnlock(flags) {
|
|
185
|
+
const rec = readStore()
|
|
186
|
+
if (!rec) fail(`no identity at ${storePath()}. Run: node scripts/agent-identity.mjs new`)
|
|
187
|
+
const password =
|
|
188
|
+
rec.secretKind === 'seed-plaintext'
|
|
189
|
+
? undefined
|
|
190
|
+
: await resolvePassword(flags, 'unlock the identity')
|
|
191
|
+
const id = agentIdentityFromSeedWords(seedFromRecord(rec, password))
|
|
192
|
+
if (id.npub !== rec.npub) fail('unlock FAILED: re-derived npub does not match the stored npub')
|
|
193
|
+
console.error('unlocked OK')
|
|
194
|
+
console.log(`npub=${id.npub}`)
|
|
195
|
+
}
|
|
196
|
+
|
|
197
|
+
// --- main --------------------------------------------------------------------
|
|
198
|
+
const [command, ...rest] = process.argv.slice(2)
|
|
199
|
+
const flags = parseFlags(rest)
|
|
200
|
+
|
|
201
|
+
try {
|
|
202
|
+
switch (command) {
|
|
203
|
+
case 'new':
|
|
204
|
+
await cmdNew(flags)
|
|
205
|
+
break
|
|
206
|
+
case 'show':
|
|
207
|
+
cmdShow()
|
|
208
|
+
break
|
|
209
|
+
case 'export':
|
|
210
|
+
await cmdExport(flags)
|
|
211
|
+
break
|
|
212
|
+
case 'restore':
|
|
213
|
+
await cmdRestore(flags)
|
|
214
|
+
break
|
|
215
|
+
case 'unlock':
|
|
216
|
+
await cmdUnlock(flags)
|
|
217
|
+
break
|
|
218
|
+
default:
|
|
219
|
+
fail(
|
|
220
|
+
`unknown command: ${command ?? '(none)'}\n` +
|
|
221
|
+
' commands: new | show | export | restore | unlock\n' +
|
|
222
|
+
' e.g. node scripts/agent-identity.mjs new --password "hunter2"'
|
|
223
|
+
)
|
|
224
|
+
}
|
|
225
|
+
} catch (err) {
|
|
226
|
+
if (err instanceof AgentIdentityError || err instanceof SeedStoreError) {
|
|
227
|
+
fail(`${err.code}: ${err.message}`)
|
|
228
|
+
}
|
|
229
|
+
throw err
|
|
230
|
+
}
|
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
// `livybolt balance --survey <id>` — show a survey's prepaid-pool accounting:
|
|
2
|
+
// how many of the prepaid responses are consumed / remaining, and how many
|
|
3
|
+
// overage responses are locked awaiting unlock.
|
|
4
|
+
//
|
|
5
|
+
// NIP-98 gated: opens the local vault to derive the survey key, signs the
|
|
6
|
+
// request, then GETs the balance. No payment.
|
|
7
|
+
|
|
8
|
+
import { fetchBalance, DEFAULT_HOST } from './livybolt-api.mjs'
|
|
9
|
+
import { openVaultEntry } from './vault-open.mjs'
|
|
10
|
+
import { signNip98Token } from '../src/lib/nip98.js'
|
|
11
|
+
|
|
12
|
+
function fail(msg) {
|
|
13
|
+
console.error(`error: ${msg}`)
|
|
14
|
+
process.exit(1)
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
function parseFlags(argv) {
|
|
18
|
+
const flags = {}
|
|
19
|
+
for (let i = 0; i < argv.length; i++) {
|
|
20
|
+
const a = argv[i]
|
|
21
|
+
if (a === '--survey') flags.survey = argv[++i]
|
|
22
|
+
else if (a === '--host') flags.host = argv[++i]
|
|
23
|
+
else if (a === '--password') flags.password = argv[++i]
|
|
24
|
+
else if (a === '--json') flags.json = true
|
|
25
|
+
else fail(`unknown argument: ${a}`)
|
|
26
|
+
}
|
|
27
|
+
return flags
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
export async function main(argv) {
|
|
31
|
+
const flags = parseFlags(argv)
|
|
32
|
+
if (!flags.survey) fail('usage: livybolt balance --survey <id>')
|
|
33
|
+
|
|
34
|
+
const { entry, surveyPrivkey } = await openVaultEntry(flags.survey, flags)
|
|
35
|
+
const host = flags.host ?? DEFAULT_HOST
|
|
36
|
+
const authorization = surveyPrivkey
|
|
37
|
+
? await signNip98Token(
|
|
38
|
+
`${host}/api/surveys/${encodeURIComponent(entry.surveyId)}/balance`,
|
|
39
|
+
'GET',
|
|
40
|
+
surveyPrivkey
|
|
41
|
+
)
|
|
42
|
+
: undefined
|
|
43
|
+
const bal = await fetchBalance({
|
|
44
|
+
host,
|
|
45
|
+
surveyId: entry.surveyId,
|
|
46
|
+
ownerToken: entry.ownerToken,
|
|
47
|
+
authorization,
|
|
48
|
+
})
|
|
49
|
+
|
|
50
|
+
if (flags.json) {
|
|
51
|
+
console.log(JSON.stringify(bal, null, 2))
|
|
52
|
+
return
|
|
53
|
+
}
|
|
54
|
+
|
|
55
|
+
console.log(`survey: ${bal.surveyId}`)
|
|
56
|
+
console.log(`prepaid: ${bal.prepaid_responses}`)
|
|
57
|
+
console.log(`consumed: ${bal.consumed_responses}`)
|
|
58
|
+
console.log(`remaining: ${bal.remaining_responses} (${bal.remaining_sats} sats of credit)`)
|
|
59
|
+
console.log(`locked: ${bal.overage_responses} (overage awaiting unlock)`)
|
|
60
|
+
if (bal.expires_at) console.log(`expires: ${bal.expires_at}`)
|
|
61
|
+
}
|
|
62
|
+
|
|
63
|
+
if (import.meta.url === `file://${process.argv[1]}`) {
|
|
64
|
+
main(process.argv.slice(2)).catch((err) => {
|
|
65
|
+
console.error(`error: ${err.message}`)
|
|
66
|
+
process.exit(1)
|
|
67
|
+
})
|
|
68
|
+
}
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
// Shared identity-password resolution for the CLI scripts that unlock the seed.
|
|
2
|
+
// Centralizes what were four byte-identical copies (agent-identity, vault-read,
|
|
3
|
+
// vault-open, survey-create) so the resolution ladder lives in one place.
|
|
4
|
+
|
|
5
|
+
import { createInterface } from 'node:readline'
|
|
6
|
+
|
|
7
|
+
/** Read a line without echoing it (for passwords). */
|
|
8
|
+
export function promptHidden(query) {
|
|
9
|
+
return new Promise((resolve) => {
|
|
10
|
+
const rl = createInterface({ input: process.stdin, output: process.stdout })
|
|
11
|
+
// Mute echo so the password is not displayed as it is typed.
|
|
12
|
+
rl._writeToOutput = () => {}
|
|
13
|
+
process.stdout.write(query)
|
|
14
|
+
rl.question('', (answer) => {
|
|
15
|
+
rl.close()
|
|
16
|
+
process.stdout.write('\n')
|
|
17
|
+
resolve(answer)
|
|
18
|
+
})
|
|
19
|
+
})
|
|
20
|
+
}
|
|
21
|
+
|
|
22
|
+
/**
|
|
23
|
+
* Resolve the identity password: --password flag, else LIVYBOLT_IDENTITY_PASSWORD,
|
|
24
|
+
* else an interactive (hidden) prompt. When there is no password and no TTY, calls
|
|
25
|
+
* `onMissing(message)` — pass the caller's fail() (which exits). `purpose` tunes
|
|
26
|
+
* the wording (e.g. 'unlock the identity', 'encrypt the new identity').
|
|
27
|
+
*/
|
|
28
|
+
export async function resolveIdentityPassword(flags, onMissing, purpose = 'unlock the identity') {
|
|
29
|
+
if (flags.password != null) return flags.password
|
|
30
|
+
if (process.env.LIVYBOLT_IDENTITY_PASSWORD) return process.env.LIVYBOLT_IDENTITY_PASSWORD
|
|
31
|
+
if (!process.stdin.isTTY) {
|
|
32
|
+
onMissing(
|
|
33
|
+
`no password to ${purpose}. Pass --password, set LIVYBOLT_IDENTITY_PASSWORD, or run interactively.`
|
|
34
|
+
)
|
|
35
|
+
return undefined
|
|
36
|
+
}
|
|
37
|
+
return await promptHidden(`Password to ${purpose}: `)
|
|
38
|
+
}
|