npm - memoir-cli - Versions diffs - 3.1.1 → 3.2.1 - Mend

memoir-cli 3.1.1 → 3.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/GAMEPLAN.md +235 -0
package/LAUNCH_POSTS.md +247 -0
package/MARKETING.md +143 -0
package/POSTS-READY-TO-GO.md +215 -0
package/README.md +95 -89
package/bin/memoir.js +78 -3
package/demo.svg +201 -0
package/landing-page-v2.html +690 -0
package/mcp-publisher +0 -0
package/package.json +28 -23
package/server.json +20 -0
package/src/commands/projects.js +240 -0
package/src/commands/push.js +5 -3
package/src/commands/restore.js +197 -3
package/src/commands/share.js +192 -0
package/src/commands/upgrade.js +107 -0
package/src/context/capture.js +77 -0
package/src/mcp.js +429 -0
package/src/providers/index.js +6 -6
package/src/security/encryption.js +98 -46
package/src/workspace/tracker.js +4 -4

package/src/security/encryption.js CHANGED Viewed

@@ -1,7 +1,10 @@
 import crypto from 'crypto';
+import { promisify } from 'util';
 import fs from 'fs-extra';
 import path from 'path';
+const scryptAsync = promisify(crypto.scrypt);
 // --- Constants ---
 const ALGORITHM = 'aes-256-gcm';
 const IV_LENGTH = 12;          // 96 bits, recommended for GCM
@@ -14,11 +17,11 @@ const MAGIC = Buffer.from('MEMOIR01');  // 8-byte header for format versioning
 // --- Key Derivation ---
 /**
- * Derive a 256-bit key from a passphrase using scrypt.
+ * Derive a 256-bit key from a passphrase using scrypt (async, non-blocking).
  */
-export function deriveKey(passphrase, salt = null) {
+export async function deriveKey(passphrase, salt = null) {
   if (!salt) salt = crypto.randomBytes(SALT_LENGTH);
-  const key = crypto.scryptSync(passphrase, salt, KEY_LENGTH, {
+  const key = await scryptAsync(passphrase, salt, KEY_LENGTH, {
     N: SCRYPT_COST,
     r: 8,
     p: 1,
@@ -32,8 +35,8 @@ export function deriveKey(passphrase, salt = null) {
  * Encrypt a buffer with AES-256-GCM.
  * Output format: MEMOIR01 | salt (32) | iv (12) | authTag (16) | ciphertext
  */
-export function encryptBuffer(plaintext, passphrase) {
-  const { key, salt } = deriveKey(passphrase);
+export async function encryptBuffer(plaintext, passphrase) {
+  const { key, salt } = await deriveKey(passphrase);
   const iv = crypto.randomBytes(IV_LENGTH);
   const cipher = crypto.createCipheriv(ALGORITHM, key, iv, { authTagLength: TAG_LENGTH });
@@ -46,7 +49,7 @@ export function encryptBuffer(plaintext, passphrase) {
 /**
  * Decrypt a buffer. Throws on wrong passphrase or tampered data.
  */
-export function decryptBuffer(data, passphrase) {
+export async function decryptBuffer(data, passphrase) {
   const magic = data.subarray(0, 8);
   if (!magic.equals(MAGIC)) {
     throw new Error('Not a memoir-encrypted file (bad header)');
@@ -58,7 +61,7 @@ export function decryptBuffer(data, passphrase) {
   const tag = data.subarray(offset, offset + TAG_LENGTH);         offset += TAG_LENGTH;
   const ciphertext = data.subarray(offset);
-  const { key } = deriveKey(passphrase, salt);
+  const { key } = await deriveKey(passphrase, salt);
   const decipher = crypto.createDecipheriv(ALGORITHM, key, iv, { authTagLength: TAG_LENGTH });
   decipher.setAuthTag(tag);
@@ -72,76 +75,116 @@ export function decryptBuffer(data, passphrase) {
  * Encrypt all files in srcDir → destDir.
  * File names are HMAC-hashed (hidden). Manifest maps hashes → real paths.
  */
-export async function encryptDirectory(srcDir, destDir, passphrase) {
-  const { key, salt } = deriveKey(passphrase);
+export async function encryptDirectory(srcDir, destDir, passphrase, spinner = null) {
+  const startTime = Date.now();
+  // Phase 1: Derive encryption key
+  if (spinner) spinner.text = 'Deriving encryption key (scrypt)...';
+  const { key, salt } = await deriveKey(passphrase);
   const dataDir = path.join(destDir, 'data');
   await fs.ensureDir(dataDir);
-  const manifest = {};
-  let count = 0;
-  async function walk(dir, relBase = '') {
+  // Phase 2: Index files
+  if (spinner) spinner.text = 'Indexing files...';
+  const fileList = [];
+  async function index(dir, relBase = '') {
     const entries = await fs.readdir(dir, { withFileTypes: true });
     for (const entry of entries) {
       const fullPath = path.join(dir, entry.name);
       const relPath = path.join(relBase, entry.name);
       if (entry.isDirectory()) {
-        await walk(fullPath, relPath);
+        await index(fullPath, relPath);
       } else {
-        // Hash filename so it's opaque
-        const hashedName = crypto
-          .createHmac('sha256', key)
-          .update(relPath)
-          .digest('hex')
-          .slice(0, 24);
-        const plaintext = await fs.readFile(fullPath);
-        const iv = crypto.randomBytes(IV_LENGTH);
-        const cipher = crypto.createCipheriv(ALGORITHM, key, iv, { authTagLength: TAG_LENGTH });
-        const encrypted = Buffer.concat([cipher.update(plaintext), cipher.final()]);
-        const tag = cipher.getAuthTag();
-        // Write: iv | tag | ciphertext (salt shared via manifest file)
-        await fs.writeFile(
-          path.join(dataDir, `${hashedName}.enc`),
-          Buffer.concat([iv, tag, encrypted])
-        );
-        manifest[hashedName] = relPath;
-        count++;
+        const stat = await fs.stat(fullPath);
+        fileList.push({ fullPath, relPath, size: stat.size });
       }
     }
   }
+  await index(srcDir);
+  const totalFiles = fileList.length;
+  const totalBytes = fileList.reduce((sum, f) => sum + f.size, 0);
+  // Phase 3: Encrypt files
+  const manifest = {};
+  let count = 0;
+  let bytesProcessed = 0;
+  for (const { fullPath, relPath, size } of fileList) {
+    const hashedName = crypto
+      .createHmac('sha256', key)
+      .update(relPath)
+      .digest('hex')
+      .slice(0, 24);
+    const plaintext = await fs.readFile(fullPath);
+    const iv = crypto.randomBytes(IV_LENGTH);
+    const cipher = crypto.createCipheriv(ALGORITHM, key, iv, { authTagLength: TAG_LENGTH });
+    const encrypted = Buffer.concat([cipher.update(plaintext), cipher.final()]);
+    const tag = cipher.getAuthTag();
+    await fs.writeFile(
+      path.join(dataDir, `${hashedName}.enc`),
+      Buffer.concat([iv, tag, encrypted])
+    );
+    manifest[hashedName] = relPath;
+    count++;
+    bytesProcessed += size;
-  await walk(srcDir);
+    if (spinner) {
+      const pct = Math.round((count / totalFiles) * 100);
+      const sizeStr = formatBytes(bytesProcessed);
+      const totalStr = formatBytes(totalBytes);
+      spinner.text = `Encrypting (AES-256-GCM) ${count}/${totalFiles} files — ${sizeStr}/${totalStr} [${pct}%]`;
+    }
+  }
-  // Encrypt the manifest (it contains real file names)
+  // Phase 4: Encrypt manifest
+  if (spinner) spinner.text = 'Encrypting file manifest...';
   const manifestJson = Buffer.from(JSON.stringify(manifest));
-  const manifestEncrypted = encryptBuffer(manifestJson, passphrase);
+  const manifestEncrypted = await encryptBuffer(manifestJson, passphrase);
   await fs.writeFile(path.join(destDir, 'manifest.enc'), manifestEncrypted);
   // Salt is not secret — store it so decrypt can re-derive the same key
   await fs.writeFile(path.join(destDir, 'salt'), salt);
+  const elapsed = ((Date.now() - startTime) / 1000).toFixed(1);
+  if (spinner) spinner.text = `Encrypted ${count} files (${formatBytes(totalBytes)}) in ${elapsed}s`;
   return count;
 }
+function formatBytes(bytes) {
+  if (bytes < 1024) return `${bytes} B`;
+  if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)} KB`;
+  return `${(bytes / (1024 * 1024)).toFixed(1)} MB`;
+}
 /**
  * Decrypt an encrypted directory back to plaintext.
  */
-export async function decryptDirectory(encDir, destDir, passphrase) {
-  // Decrypt manifest first
+export async function decryptDirectory(encDir, destDir, passphrase, spinner = null) {
+  const startTime = Date.now();
+  // Phase 1: Decrypt manifest
+  if (spinner) spinner.text = 'Decrypting file manifest...';
   const manifestData = await fs.readFile(path.join(encDir, 'manifest.enc'));
-  const manifestJson = decryptBuffer(manifestData, passphrase);
+  const manifestJson = await decryptBuffer(manifestData, passphrase);
   const manifest = JSON.parse(manifestJson.toString('utf8'));
-  // Re-derive key with stored salt
+  // Phase 2: Derive key
+  if (spinner) spinner.text = 'Deriving decryption key (scrypt)...';
   const salt = await fs.readFile(path.join(encDir, 'salt'));
-  const { key } = deriveKey(passphrase, salt);
+  const { key } = await deriveKey(passphrase, salt);
   const dataDir = path.join(encDir, 'data');
+  const totalFiles = Object.keys(manifest).length;
   let count = 0;
+  let bytesProcessed = 0;
+  // Phase 3: Decrypt files
   for (const [hashedName, relPath] of Object.entries(manifest)) {
     const encFilePath = path.join(dataDir, `${hashedName}.enc`);
     if (!(await fs.pathExists(encFilePath))) continue;
@@ -159,8 +202,17 @@ export async function decryptDirectory(encDir, destDir, passphrase) {
     await fs.ensureDir(path.dirname(outPath));
     await fs.writeFile(outPath, decrypted);
     count++;
+    bytesProcessed += decrypted.length;
+    if (spinner) {
+      const pct = Math.round((count / totalFiles) * 100);
+      spinner.text = `Decrypting ${count}/${totalFiles} files — ${formatBytes(bytesProcessed)} [${pct}%]`;
+    }
   }
+  const elapsed = ((Date.now() - startTime) / 1000).toFixed(1);
+  if (spinner) spinner.text = `Decrypted ${count} files (${formatBytes(bytesProcessed)}) in ${elapsed}s`;
   return count;
 }
@@ -168,13 +220,13 @@ export async function decryptDirectory(encDir, destDir, passphrase) {
  * Quick passphrase verification token — encrypt a known string,
  * try to decrypt it to check if passphrase is correct before decrypting everything.
  */
-export function createVerifyToken(passphrase) {
+export async function createVerifyToken(passphrase) {
   return encryptBuffer(Buffer.from('memoir-ok'), passphrase);
 }
-export function verifyPassphrase(token, passphrase) {
+export async function verifyPassphrase(token, passphrase) {
   try {
-    const result = decryptBuffer(token, passphrase);
+    const result = await decryptBuffer(token, passphrase);
     return result.toString('utf8') === 'memoir-ok';
   } catch {
     return false;

package/src/workspace/tracker.js CHANGED Viewed

@@ -293,23 +293,23 @@ async function getProjectInfo(dir) {
     info.hasGit = true;
     try {
       const remote = execFileSync('git', ['remote', 'get-url', 'origin'], {
-        cwd: dir, stdio: ['pipe', 'pipe', 'ignore']
+        cwd: dir, stdio: ['pipe', 'pipe', 'ignore'], timeout: 5000
       }).toString().trim();
       info.gitRemote = remote;
     } catch {}
     try {
       info.branch = execFileSync('git', ['branch', '--show-current'], {
-        cwd: dir, stdio: ['pipe', 'pipe', 'ignore']
+        cwd: dir, stdio: ['pipe', 'pipe', 'ignore'], timeout: 5000
       }).toString().trim();
     } catch {}
     try {
       info.lastCommit = execFileSync('git', ['log', '-1', '--format=%H'], {
-        cwd: dir, stdio: ['pipe', 'pipe', 'ignore']
+        cwd: dir, stdio: ['pipe', 'pipe', 'ignore'], timeout: 5000
       }).toString().trim();
       info.lastCommitMessage = execFileSync('git', ['log', '-1', '--format=%s'], {
-        cwd: dir, stdio: ['pipe', 'pipe', 'ignore']
+        cwd: dir, stdio: ['pipe', 'pipe', 'ignore'], timeout: 5000
       }).toString().trim();
     } catch {}