polyv-live-cli 1.1.5 → 1.1.8

package/dist/config/config-version-manager.js

@@ -0,0 +1,319 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.defaultConfigVersionManager = exports.ConfigVersionManager = exports.MINIMUM_SUPPORTED_VERSION = exports.CURRENT_VERSION = void 0;
+const SUPPORTED_VERSIONS = {
+    '1.0': {
+        version: '1.0',
+        description: 'Initial secure configuration format with AES-256-GCM encryption',
+        features: [
+            'AES-256-GCM encryption for appSecret',
+            'File permission management',
+            'Account metadata tracking',
+            'Environment variable key support'
+        ],
+        breakingChanges: []
+    },
+    '0.9': {
+        version: '0.9',
+        description: 'Legacy format with basic encryption (migration target)',
+        features: [
+            'Basic AES-256-CBC encryption',
+            'Simple account storage'
+        ],
+        breakingChanges: []
+    },
+    '0.8': {
+        version: '0.8',
+        description: 'Pre-encryption format (plain text storage)',
+        features: [
+            'Plain text account storage',
+            'Basic metadata'
+        ],
+        breakingChanges: []
+    }
+};
+exports.CURRENT_VERSION = '1.0';
+exports.MINIMUM_SUPPORTED_VERSION = '0.8';
+class ConfigVersionManager {
+    getCurrentVersion() {
+        return exports.CURRENT_VERSION;
+    }
+    getSupportedVersions() {
+        return Object.values(SUPPORTED_VERSIONS);
+    }
+    isVersionSupported(version) {
+        return version in SUPPORTED_VERSIONS;
+    }
+    getVersionInfo(version) {
+        return SUPPORTED_VERSIONS[version] || null;
+    }
+    compareVersions(version1, version2) {
+        const v1Parts = version1.split('.').map(Number);
+        const v2Parts = version2.split('.').map(Number);
+        const maxLength = Math.max(v1Parts.length, v2Parts.length);
+        for (let i = 0; i < maxLength; i++) {
+            const v1Part = v1Parts[i] || 0;
+            const v2Part = v2Parts[i] || 0;
+            if (v1Part < v2Part)
+                return -1;
+            if (v1Part > v2Part)
+                return 1;
+        }
+        return 0;
+    }
+    detectVersion(config) {
+        if (!config || typeof config !== 'object') {
+            throw new Error('Invalid configuration object');
+        }
+        const configObj = config;
+        if (configObj['version'] && typeof configObj['version'] === 'string') {
+            return configObj['version'];
+        }
+        if (configObj['accounts'] && configObj['metadata']) {
+            const accounts = configObj['accounts'];
+            const firstAccount = Object.values(accounts)[0];
+            if (firstAccount && typeof firstAccount.appSecret === 'object') {
+                return '1.0';
+            }
+            else if (firstAccount && typeof firstAccount.appSecret === 'string') {
+                try {
+                    const decoded = Buffer.from(firstAccount.appSecret, 'base64').toString('utf8');
+                    const parsed = JSON.parse(decoded);
+                    if (parsed.data && parsed.meta) {
+                        return '0.9';
+                    }
+                }
+                catch {
+                    return '0.8';
+                }
+            }
+        }
+        return exports.MINIMUM_SUPPORTED_VERSION;
+    }
+    validateVersion(config) {
+        try {
+            const detectedVersion = this.detectVersion(config);
+            const currentVersion = this.getCurrentVersion();
+            if (!this.isVersionSupported(detectedVersion)) {
+                return {
+                    isValid: false,
+                    message: `Unsupported configuration version: ${detectedVersion}`,
+                    detectedVersion,
+                    compatibility: 'incompatible',
+                    requiredActions: [
+                        'Configuration version is not supported',
+                        'Please create a new configuration or contact support'
+                    ]
+                };
+            }
+            const comparison = this.compareVersions(detectedVersion, currentVersion);
+            if (comparison === 0) {
+                return {
+                    isValid: true,
+                    message: `Configuration is using current version: ${detectedVersion}`,
+                    detectedVersion,
+                    compatibility: 'compatible',
+                    requiredActions: []
+                };
+            }
+            else if (comparison < 0) {
+                return {
+                    isValid: true,
+                    message: `Configuration is using older version: ${detectedVersion}. Migration is available.`,
+                    detectedVersion,
+                    compatibility: 'upgradeable',
+                    requiredActions: [
+                        `Run: polyv-cli config migrate --from ${detectedVersion} --to ${currentVersion}`,
+                        'Backup your configuration before migration'
+                    ]
+                };
+            }
+            else {
+                return {
+                    isValid: false,
+                    message: `Configuration is using newer version: ${detectedVersion}. Please update the CLI.`,
+                    detectedVersion,
+                    compatibility: 'incompatible',
+                    requiredActions: [
+                        'Update PolyV CLI to the latest version',
+                        'Check for CLI updates: npm update -g polyv-live-cli'
+                    ]
+                };
+            }
+        }
+        catch (error) {
+            return {
+                isValid: false,
+                message: `Failed to validate version: ${error instanceof Error ? error.message : 'Unknown error'}`,
+                compatibility: 'incompatible',
+                requiredActions: [
+                    'Check configuration file format',
+                    'Verify file is not corrupted'
+                ]
+            };
+        }
+    }
+    migrateConfiguration(config, fromVersion, toVersion) {
+        const steps = [];
+        const warnings = [];
+        try {
+            if (!this.isVersionSupported(fromVersion)) {
+                return {
+                    success: false,
+                    message: `Source version ${fromVersion} is not supported`,
+                    fromVersion,
+                    toVersion,
+                    steps: [],
+                    warnings: []
+                };
+            }
+            if (!this.isVersionSupported(toVersion)) {
+                return {
+                    success: false,
+                    message: `Target version ${toVersion} is not supported`,
+                    fromVersion,
+                    toVersion,
+                    steps: [],
+                    warnings: []
+                };
+            }
+            if (fromVersion === toVersion) {
+                return {
+                    success: true,
+                    message: 'No migration needed - versions are the same',
+                    fromVersion,
+                    toVersion,
+                    steps: ['No migration required'],
+                    warnings: [],
+                    migratedConfig: config
+                };
+            }
+            let migratedConfig = this.deepClone(config);
+            if (fromVersion === '0.8' && this.compareVersions(toVersion, '0.9') >= 0) {
+                migratedConfig = this.migrateFrom08To09(migratedConfig);
+                steps.push('Migrated from v0.8 to v0.9: Added basic encryption');
+                warnings.push('App secrets have been encrypted using basic encryption');
+            }
+            if ((fromVersion === '0.8' || fromVersion === '0.9') && toVersion === '1.0') {
+                migratedConfig = this.migrateFrom09To10(migratedConfig);
+                steps.push('Migrated from v0.9 to v1.0: Upgraded to AES-256-GCM encryption');
+                warnings.push('Encryption has been upgraded to AES-256-GCM for better security');
+            }
+            if (typeof migratedConfig === 'object' && migratedConfig !== null) {
+                migratedConfig.version = toVersion;
+                steps.push(`Set configuration version to ${toVersion}`);
+            }
+            return {
+                success: true,
+                message: `Successfully migrated configuration from ${fromVersion} to ${toVersion}`,
+                fromVersion,
+                toVersion,
+                steps,
+                warnings,
+                migratedConfig: migratedConfig
+            };
+        }
+        catch (error) {
+            return {
+                success: false,
+                message: `Migration failed: ${error instanceof Error ? error.message : 'Unknown error'}`,
+                fromVersion,
+                toVersion,
+                steps,
+                warnings
+            };
+        }
+    }
+    migrateFrom08To09(config) {
+        if (!config.accounts) {
+            return config;
+        }
+        for (const accountName in config.accounts) {
+            const account = config.accounts[accountName];
+            if (typeof account.appSecret === 'string' && !account.appSecret.includes('base64')) {
+                account._needsEncryption = true;
+            }
+        }
+        config.version = '0.9';
+        return config;
+    }
+    migrateFrom09To10(config) {
+        if (!config.accounts) {
+            return config;
+        }
+        if (!config.metadata) {
+            const now = new Date().toISOString();
+            config.metadata = {
+                createdAt: now,
+                updatedAt: now
+            };
+        }
+        for (const accountName in config.accounts) {
+            const account = config.accounts[accountName];
+            account._needsReencryption = true;
+        }
+        config.version = '1.0';
+        return config;
+    }
+    getMigrationPath(fromVersion, toVersion) {
+        if (fromVersion === toVersion) {
+            return [];
+        }
+        const path = [];
+        if (fromVersion === '0.8' && toVersion === '0.9') {
+            path.push('0.8 → 0.9: Encrypt plain text secrets');
+        }
+        else if (fromVersion === '0.9' && toVersion === '1.0') {
+            path.push('0.9 → 1.0: Upgrade to AES-256-GCM encryption');
+        }
+        else if (fromVersion === '0.8' && toVersion === '1.0') {
+            path.push('0.8 → 0.9: Encrypt plain text secrets');
+            path.push('0.9 → 1.0: Upgrade to AES-256-GCM encryption');
+        }
+        return path;
+    }
+    createNewConfiguration() {
+        const now = new Date().toISOString();
+        return {
+            version: this.getCurrentVersion(),
+            accounts: {},
+            metadata: {
+                createdAt: now,
+                updatedAt: now
+            }
+        };
+    }
+    deepClone(obj) {
+        return JSON.parse(JSON.stringify(obj));
+    }
+    isMigrationRequired(config) {
+        try {
+            const detectedVersion = this.detectVersion(config);
+            const currentVersion = this.getCurrentVersion();
+            return this.compareVersions(detectedVersion, currentVersion) < 0;
+        }
+        catch {
+            return false;
+        }
+    }
+    getBreakingChanges(fromVersion, toVersion) {
+        const changes = [];
+        const versions = Object.keys(SUPPORTED_VERSIONS).sort(this.compareVersions.bind(this));
+        const fromIndex = versions.indexOf(fromVersion);
+        const toIndex = versions.indexOf(toVersion);
+        if (fromIndex === -1 || toIndex === -1 || fromIndex >= toIndex) {
+            return changes;
+        }
+        for (let i = fromIndex + 1; i <= toIndex; i++) {
+            const version = versions[i];
+            if (version && SUPPORTED_VERSIONS[version]) {
+                const versionInfo = SUPPORTED_VERSIONS[version];
+                changes.push(...versionInfo.breakingChanges);
+            }
+        }
+        return changes;
+    }
+}
+exports.ConfigVersionManager = ConfigVersionManager;
+exports.defaultConfigVersionManager = new ConfigVersionManager();
+//# sourceMappingURL=config-version-manager.js.map

package/dist/config/config-version-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config-version-manager.js","sourceRoot":"","sources":["../../src/config/config-version-manager.ts"],"names":[],"mappings":";;;AAsEA,MAAM,kBAAkB,GAAgC;IACtD,KAAK,EAAE;QACL,OAAO,EAAE,KAAK;QACd,WAAW,EAAE,iEAAiE;QAC9E,QAAQ,EAAE;YACR,sCAAsC;YACtC,4BAA4B;YAC5B,2BAA2B;YAC3B,kCAAkC;SACnC;QACD,eAAe,EAAE,EAAE;KACpB;IACD,KAAK,EAAE;QACL,OAAO,EAAE,KAAK;QACd,WAAW,EAAE,wDAAwD;QACrE,QAAQ,EAAE;YACR,8BAA8B;YAC9B,wBAAwB;SACzB;QACD,eAAe,EAAE,EAAE;KACpB;IACD,KAAK,EAAE;QACL,OAAO,EAAE,KAAK;QACd,WAAW,EAAE,4CAA4C;QACzD,QAAQ,EAAE;YACR,4BAA4B;YAC5B,gBAAgB;SACjB;QACD,eAAe,EAAE,EAAE;KACpB;CACO,CAAC;AAKE,QAAA,eAAe,GAAG,KAAK,CAAC;AAKxB,QAAA,yBAAyB,GAAG,KAAK,CAAC;AAK/C,MAAa,oBAAoB;IAKxB,iBAAiB;QACtB,OAAO,uBAAe,CAAC;IACzB,CAAC;IAMM,oBAAoB;QACzB,OAAO,MAAM,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;IAC3C,CAAC;IAOM,kBAAkB,CAAC,OAAe;QACvC,OAAO,OAAO,IAAI,kBAAkB,CAAC;IACvC,CAAC;IAOM,cAAc,CAAC,OAAe;QACnC,OAAO,kBAAkB,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC;IAC7C,CAAC;IAQM,eAAe,CAAC,QAAgB,EAAE,QAAgB;QACvD,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAChD,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAEhD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QAE3D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,EAAE,EAAE,CAAC;YACnC,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAC/B,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAE/B,IAAI,MAAM,GAAG,MAAM;gBAAE,OAAO,CAAC,CAAC,CAAC;YAC/B,IAAI,MAAM,GAAG,MAAM;gBAAE,OAAO,CAAC,CAAC;QAChC,CAAC;QAED,OAAO,CAAC,CAAC;IACX,CAAC;IAOM,aAAa,CAAC,MAAe;QAClC,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC1C,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;QAED,MAAM,SAAS,GAAG,MAA6B,CAAC;QAGhD,IAAI,SAAS,CAAC,SAAS,CAAC,IAAI,OAAO,SAAS,CAAC,SAAS,CAAC,KAAK,QAAQ,EAAE,CAAC;YACrE,OAAO,SAAS,CAAC,SAAS,CAAC,CAAC;QAC9B,CAAC;QAGD,IAAI,SAAS,CAAC,UAAU,CAAC,IAAI,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;YAEnD,MAAM,QAAQ,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;YACvC,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAQ,CAAC;YAEvD,IAAI,YAAY,IAAI,OAAO,YAAY,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;gBAE/D,OAAO,KAAK,CAAC;YACf,CAAC;iBAAM,IAAI,YAAY,IAAI,OAAO,YAAY,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;gBAEtE,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;oBAC/E,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;oBACnC,IAAI,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;wBAC/B,OAAO,KAAK,CAAC;oBACf,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBAEP,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;QACH,CAAC;QAGD,OAAO,iCAAyB,CAAC;IACnC,CAAC;IAOM,eAAe,CAAC,MAAe;QACpC,IAAI,CAAC;YACH,MAAM,eAAe,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;YACnD,MAAM,cAAc,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAEhD,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC,EAAE,CAAC;gBAC9C,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,sCAAsC,eAAe,EAAE;oBAChE,eAAe;oBACf,aAAa,EAAE,cAAc;oBAC7B,eAAe,EAAE;wBACf,wCAAwC;wBACxC,sDAAsD;qBACvD;iBACF,CAAC;YACJ,CAAC;YAED,MAAM,UAAU,GAAG,IAAI,CAAC,eAAe,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC;YAEzE,IAAI,UAAU,KAAK,CAAC,EAAE,CAAC;gBACrB,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE,2CAA2C,eAAe,EAAE;oBACrE,eAAe;oBACf,aAAa,EAAE,YAAY;oBAC3B,eAAe,EAAE,EAAE;iBACpB,CAAC;YACJ,CAAC;iBAAM,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;gBAC1B,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE,yCAAyC,eAAe,2BAA2B;oBAC5F,eAAe;oBACf,aAAa,EAAE,aAAa;oBAC5B,eAAe,EAAE;wBACf,wCAAwC,eAAe,SAAS,cAAc,EAAE;wBAChF,4CAA4C;qBAC7C;iBACF,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,yCAAyC,eAAe,0BAA0B;oBAC3F,eAAe;oBACf,aAAa,EAAE,cAAc;oBAC7B,eAAe,EAAE;wBACf,wCAAwC;wBACxC,qDAAqD;qBACtD;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,+BAA+B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;gBAClG,aAAa,EAAE,cAAc;gBAC7B,eAAe,EAAE;oBACf,iCAAiC;oBACjC,8BAA8B;iBAC/B;aACF,CAAC;QACJ,CAAC;IACH,CAAC;IASM,oBAAoB,CACzB,MAAe,EACf,WAAmB,EACnB,SAAiB;QAEjB,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,MAAM,QAAQ,GAAa,EAAE,CAAC;QAE9B,IAAI,CAAC;YAEH,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC1C,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,kBAAkB,WAAW,mBAAmB;oBACzD,WAAW;oBACX,SAAS;oBACT,KAAK,EAAE,EAAE;oBACT,QAAQ,EAAE,EAAE;iBACb,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC;gBACxC,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,kBAAkB,SAAS,mBAAmB;oBACvD,WAAW;oBACX,SAAS;oBACT,KAAK,EAAE,EAAE;oBACT,QAAQ,EAAE,EAAE;iBACb,CAAC;YACJ,CAAC;YAGD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;gBAC9B,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE,6CAA6C;oBACtD,WAAW;oBACX,SAAS;oBACT,KAAK,EAAE,CAAC,uBAAuB,CAAC;oBAChC,QAAQ,EAAE,EAAE;oBACZ,cAAc,EAAE,MAAuB;iBACxC,CAAC;YACJ,CAAC;YAED,IAAI,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YAG5C,IAAI,WAAW,KAAK,KAAK,IAAI,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzE,cAAc,GAAG,IAAI,CAAC,iBAAiB,CAAC,cAAc,CAAC,CAAC;gBACxD,KAAK,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;gBACjE,QAAQ,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;YAC1E,CAAC;YAED,IAAI,CAAC,WAAW,KAAK,KAAK,IAAI,WAAW,KAAK,KAAK,CAAC,IAAI,SAAS,KAAK,KAAK,EAAE,CAAC;gBAC5E,cAAc,GAAG,IAAI,CAAC,iBAAiB,CAAC,cAAc,CAAC,CAAC;gBACxD,KAAK,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAC;gBAC7E,QAAQ,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;YACnF,CAAC;YAGD,IAAI,OAAO,cAAc,KAAK,QAAQ,IAAI,cAAc,KAAK,IAAI,EAAE,CAAC;gBACjE,cAAsB,CAAC,OAAO,GAAG,SAAS,CAAC;gBAC5C,KAAK,CAAC,IAAI,CAAC,gCAAgC,SAAS,EAAE,CAAC,CAAC;YAC1D,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,4CAA4C,WAAW,OAAO,SAAS,EAAE;gBAClF,WAAW;gBACX,SAAS;gBACT,KAAK;gBACL,QAAQ;gBACR,cAAc,EAAE,cAA+B;aAChD,CAAC;QAEJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,qBAAqB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;gBACxF,WAAW;gBACX,SAAS;gBACT,KAAK;gBACL,QAAQ;aACT,CAAC;QACJ,CAAC;IACH,CAAC;IAOO,iBAAiB,CAAC,MAAW;QACnC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACrB,OAAO,MAAM,CAAC;QAChB,CAAC;QAID,KAAK,MAAM,WAAW,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YAC1C,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAC7C,IAAI,OAAO,OAAO,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAEnF,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;YAClC,CAAC;QACH,CAAC;QAED,MAAM,CAAC,OAAO,GAAG,KAAK,CAAC;QACvB,OAAO,MAAM,CAAC;IAChB,CAAC;IAOO,iBAAiB,CAAC,MAAW;QACnC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACrB,OAAO,MAAM,CAAC;QAChB,CAAC;QAGD,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACrB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YACrC,MAAM,CAAC,QAAQ,GAAG;gBAChB,SAAS,EAAE,GAAG;gBACd,SAAS,EAAE,GAAG;aACf,CAAC;QACJ,CAAC;QAGD,KAAK,MAAM,WAAW,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YAC1C,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAC7C,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;QACpC,CAAC;QAED,MAAM,CAAC,OAAO,GAAG,KAAK,CAAC;QACvB,OAAO,MAAM,CAAC;IAChB,CAAC;IAQM,gBAAgB,CAAC,WAAmB,EAAE,SAAiB;QAC5D,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,IAAI,GAAa,EAAE,CAAC;QAG1B,IAAI,WAAW,KAAK,KAAK,IAAI,SAAS,KAAK,KAAK,EAAE,CAAC;YACjD,IAAI,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;QACrD,CAAC;aAAM,IAAI,WAAW,KAAK,KAAK,IAAI,SAAS,KAAK,KAAK,EAAE,CAAC;YACxD,IAAI,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;QAC5D,CAAC;aAAM,IAAI,WAAW,KAAK,KAAK,IAAI,SAAS,KAAK,KAAK,EAAE,CAAC;YACxD,IAAI,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;YACnD,IAAI,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;QAC5D,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAMM,sBAAsB;QAC3B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,iBAAiB,EAAE;YACjC,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE;gBACR,SAAS,EAAE,GAAG;gBACd,SAAS,EAAE,GAAG;aACf;SACF,CAAC;IACJ,CAAC;IAOO,SAAS,CAAC,GAAY;QAC5B,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;IACzC,CAAC;IAOM,mBAAmB,CAAC,MAAe;QACxC,IAAI,CAAC;YACH,MAAM,eAAe,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;YACnD,MAAM,cAAc,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAChD,OAAO,IAAI,CAAC,eAAe,CAAC,eAAe,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC;QACnE,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAQM,kBAAkB,CAAC,WAAmB,EAAE,SAAiB;QAC9D,MAAM,OAAO,GAAa,EAAE,CAAC;QAE7B,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QACvF,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QAChD,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAE5C,IAAI,SAAS,KAAK,CAAC,CAAC,IAAI,OAAO,KAAK,CAAC,CAAC,IAAI,SAAS,IAAI,OAAO,EAAE,CAAC;YAC/D,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,KAAK,IAAI,CAAC,GAAG,SAAS,GAAG,CAAC,EAAE,CAAC,IAAI,OAAO,EAAE,CAAC,EAAE,EAAE,CAAC;YAC9C,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;YAC5B,IAAI,OAAO,IAAI,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3C,MAAM,WAAW,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;gBAChD,OAAO,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,eAAe,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AA7ZD,oDA6ZC;AAKY,QAAA,2BAA2B,GAAG,IAAI,oBAAoB,EAAE,CAAC"}

package/dist/config/file-permission-manager.d.ts

@@ -0,0 +1,41 @@
+export interface FilePermissionInfo {
+    path: string;
+    mode: number;
+    isSecure: boolean;
+    description: string;
+    warnings: string[];
+}
+export interface PermissionValidationResult {
+    isValid: boolean;
+    message: string;
+    recommendations: string[];
+    permissionInfo?: FilePermissionInfo;
+}
+export interface PermissionRepairResult {
+    success: boolean;
+    message: string;
+    before?: FilePermissionInfo;
+    after?: FilePermissionInfo;
+}
+export declare class FilePermissionManager {
+    private readonly platform;
+    constructor();
+    private supportsUnixPermissions;
+    getPermissionInfo(filePath: string): FilePermissionInfo;
+    private isPermissionSecure;
+    private describePermissions;
+    private formatPermissionGroup;
+    private generatePermissionWarnings;
+    validatePermissions(filePath: string): PermissionValidationResult;
+    setSecurePermissions(filePath: string, isDirectory?: boolean): PermissionRepairResult;
+    ensureSecureDirectory(dirPath: string): PermissionRepairResult;
+    repairConfigurationFile(filePath: string): PermissionRepairResult;
+    detectPotentialTampering(filePath: string): {
+        isTampered: boolean;
+        reasons: string[];
+        recommendations: string[];
+    };
+    getSecurityRecommendations(): string[];
+}
+export declare const defaultFilePermissionManager: FilePermissionManager;
+//# sourceMappingURL=file-permission-manager.d.ts.map

package/dist/config/file-permission-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"file-permission-manager.d.ts","sourceRoot":"","sources":["../../src/config/file-permission-manager.ts"],"names":[],"mappings":"AAqBA,MAAM,WAAW,kBAAkB;IAEjC,IAAI,EAAE,MAAM,CAAC;IAEb,IAAI,EAAE,MAAM,CAAC;IAEb,QAAQ,EAAE,OAAO,CAAC;IAElB,WAAW,EAAE,MAAM,CAAC;IAEpB,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAKD,MAAM,WAAW,0BAA0B;IAEzC,OAAO,EAAE,OAAO,CAAC;IAEjB,OAAO,EAAE,MAAM,CAAC;IAEhB,eAAe,EAAE,MAAM,EAAE,CAAC;IAE1B,cAAc,CAAC,EAAE,kBAAkB,CAAC;CACrC;AAKD,MAAM,WAAW,sBAAsB;IAErC,OAAO,EAAE,OAAO,CAAC;IAEjB,OAAO,EAAE,MAAM,CAAC;IAEhB,MAAM,CAAC,EAAE,kBAAkB,CAAC;IAE5B,KAAK,CAAC,EAAE,kBAAkB,CAAC;CAC5B;AAeD,qBAAa,qBAAqB;IAChC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAkB;;IAa3C,OAAO,CAAC,uBAAuB;IASxB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,kBAAkB;IAwB9D,OAAO,CAAC,kBAAkB;IAiB1B,OAAO,CAAC,mBAAmB;IAiB3B,OAAO,CAAC,qBAAqB;IAa7B,OAAO,CAAC,0BAA0B;IAqC3B,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,0BAA0B;IAkDjE,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,GAAE,OAAe,GAAG,sBAAsB;IA+C5F,qBAAqB,CAAC,OAAO,EAAE,MAAM,GAAG,sBAAsB;IA0B9D,uBAAuB,CAAC,QAAQ,EAAE,MAAM,GAAG,sBAAsB;IAmCjE,wBAAwB,CAAC,QAAQ,EAAE,MAAM,GAAG;QACjD,UAAU,EAAE,OAAO,CAAC;QACpB,OAAO,EAAE,MAAM,EAAE,CAAC;QAClB,eAAe,EAAE,MAAM,EAAE,CAAC;KAC3B;IAwDM,0BAA0B,IAAI,MAAM,EAAE;CAuB9C;AAKD,eAAO,MAAM,4BAA4B,uBAA8B,CAAC"}

package/dist/config/file-permission-manager.js

@@ -0,0 +1,290 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.defaultFilePermissionManager = exports.FilePermissionManager = void 0;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const SECURE_PERMISSIONS = {
+    OWNER_RW: 0o600,
+    OWNER_RWX: 0o700
+};
+class FilePermissionManager {
+    constructor() {
+        this.platform = os.platform();
+    }
+    supportsUnixPermissions() {
+        return this.platform !== 'win32';
+    }
+    getPermissionInfo(filePath) {
+        try {
+            const stats = fs.statSync(filePath);
+            const mode = stats.mode & parseInt('777', 8);
+            const isSecure = this.isPermissionSecure(mode, stats.isDirectory());
+            return {
+                path: filePath,
+                mode,
+                isSecure,
+                description: this.describePermissions(mode),
+                warnings: this.generatePermissionWarnings(mode, stats.isDirectory())
+            };
+        }
+        catch (error) {
+            throw new Error(`Failed to get permission info for ${filePath}: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+    isPermissionSecure(mode, isDirectory) {
+        if (!this.supportsUnixPermissions()) {
+            return true;
+        }
+        const expectedMode = isDirectory ? SECURE_PERMISSIONS.OWNER_RWX : SECURE_PERMISSIONS.OWNER_RW;
+        return mode === expectedMode;
+    }
+    describePermissions(mode) {
+        if (!this.supportsUnixPermissions()) {
+            return 'Windows NTFS permissions (managed by system)';
+        }
+        const owner = this.formatPermissionGroup((mode >> 6) & 7);
+        const group = this.formatPermissionGroup((mode >> 3) & 7);
+        const others = this.formatPermissionGroup(mode & 7);
+        return `Owner: ${owner}, Group: ${group}, Others: ${others} (${mode.toString(8)})`;
+    }
+    formatPermissionGroup(perms) {
+        const read = (perms & 4) ? 'r' : '-';
+        const write = (perms & 2) ? 'w' : '-';
+        const execute = (perms & 1) ? 'x' : '-';
+        return `${read}${write}${execute}`;
+    }
+    generatePermissionWarnings(mode, _isDirectory) {
+        const warnings = [];
+        if (!this.supportsUnixPermissions()) {
+            return warnings;
+        }
+        const groupPerms = (mode >> 3) & 7;
+        if (groupPerms > 0) {
+            warnings.push('Group has access permissions - configuration file should be accessible only by owner');
+        }
+        const otherPerms = mode & 7;
+        if (otherPerms > 0) {
+            warnings.push('Others have access permissions - configuration file should be accessible only by owner');
+        }
+        if (otherPerms & 4) {
+            warnings.push('SECURITY RISK: Configuration file is world-readable');
+        }
+        if (otherPerms & 2) {
+            warnings.push('CRITICAL SECURITY RISK: Configuration file is world-writable');
+        }
+        return warnings;
+    }
+    validatePermissions(filePath) {
+        try {
+            if (!fs.existsSync(filePath)) {
+                return {
+                    isValid: false,
+                    message: `File does not exist: ${filePath}`,
+                    recommendations: ['Create the configuration file first']
+                };
+            }
+            const permissionInfo = this.getPermissionInfo(filePath);
+            const recommendations = [];
+            if (!permissionInfo.isSecure) {
+                if (this.supportsUnixPermissions()) {
+                    recommendations.push(`Run: chmod 600 ${filePath}`);
+                    recommendations.push('Or use: polyv-cli config fix-permissions');
+                }
+                else {
+                    recommendations.push('Ensure only your user account has access to the configuration file');
+                    recommendations.push('Check Windows file properties and remove other users\' access');
+                }
+            }
+            if (permissionInfo.warnings.length > 0) {
+                recommendations.push('Review and fix permission warnings above');
+            }
+            return {
+                isValid: permissionInfo.isSecure && permissionInfo.warnings.length === 0,
+                message: permissionInfo.isSecure
+                    ? 'File permissions are secure'
+                    : 'File permissions are not secure - configuration file should only be accessible by owner',
+                recommendations,
+                permissionInfo
+            };
+        }
+        catch (error) {
+            return {
+                isValid: false,
+                message: `Failed to validate permissions: ${error instanceof Error ? error.message : 'Unknown error'}`,
+                recommendations: ['Check if file exists and is accessible']
+            };
+        }
+    }
+    setSecurePermissions(filePath, isDirectory = false) {
+        try {
+            if (!fs.existsSync(filePath)) {
+                return {
+                    success: false,
+                    message: `Cannot set permissions: File does not exist: ${filePath}`
+                };
+            }
+            const before = this.getPermissionInfo(filePath);
+            if (!this.supportsUnixPermissions()) {
+                return {
+                    success: true,
+                    message: 'Windows NTFS permissions are managed by the system. Ensure only your user account has access.',
+                    before,
+                    after: before
+                };
+            }
+            const targetMode = isDirectory ? SECURE_PERMISSIONS.OWNER_RWX : SECURE_PERMISSIONS.OWNER_RW;
+            fs.chmodSync(filePath, targetMode);
+            const after = this.getPermissionInfo(filePath);
+            return {
+                success: true,
+                message: `Successfully set secure permissions (${targetMode.toString(8)}) on ${filePath}`,
+                before,
+                after
+            };
+        }
+        catch (error) {
+            return {
+                success: false,
+                message: `Failed to set secure permissions: ${error instanceof Error ? error.message : 'Unknown error'}`
+            };
+        }
+    }
+    ensureSecureDirectory(dirPath) {
+        try {
+            if (!fs.existsSync(dirPath)) {
+                const parentDir = path.dirname(dirPath);
+                if (!fs.existsSync(parentDir)) {
+                    fs.mkdirSync(parentDir, { recursive: true, mode: SECURE_PERMISSIONS.OWNER_RWX });
+                }
+                fs.mkdirSync(dirPath, { mode: SECURE_PERMISSIONS.OWNER_RWX });
+            }
+            return this.setSecurePermissions(dirPath, true);
+        }
+        catch (error) {
+            return {
+                success: false,
+                message: `Failed to ensure secure directory: ${error instanceof Error ? error.message : 'Unknown error'}`
+            };
+        }
+    }
+    repairConfigurationFile(filePath) {
+        try {
+            const dirPath = path.dirname(filePath);
+            const dirResult = this.ensureSecureDirectory(dirPath);
+            if (!dirResult.success) {
+                return {
+                    success: false,
+                    message: `Failed to secure parent directory: ${dirResult.message}`
+                };
+            }
+            if (fs.existsSync(filePath)) {
+                return this.setSecurePermissions(filePath, false);
+            }
+            else {
+                return {
+                    success: true,
+                    message: `Parent directory secured. Configuration file ${filePath} will be created with secure permissions.`
+                };
+            }
+        }
+        catch (error) {
+            return {
+                success: false,
+                message: `Failed to repair configuration file permissions: ${error instanceof Error ? error.message : 'Unknown error'}`
+            };
+        }
+    }
+    detectPotentialTampering(filePath) {
+        const reasons = [];
+        const recommendations = [];
+        try {
+            if (!fs.existsSync(filePath)) {
+                return {
+                    isTampered: false,
+                    reasons: ['File does not exist'],
+                    recommendations: ['Create configuration file if needed']
+                };
+            }
+            const permissionInfo = this.getPermissionInfo(filePath);
+            if (permissionInfo.warnings.length > 0) {
+                reasons.push('Insecure file permissions detected');
+                reasons.push(...permissionInfo.warnings);
+                recommendations.push('Run permission repair: polyv-cli config fix-permissions');
+            }
+            if (this.supportsUnixPermissions()) {
+                const mode = permissionInfo.mode;
+                if (mode & 2) {
+                    reasons.push('File is world-writable - possible tampering risk');
+                    recommendations.push('Immediately secure the file with: chmod 600 ' + filePath);
+                }
+                if (mode & 0o020) {
+                    reasons.push('File is group-writable - possible unauthorized access');
+                    recommendations.push('Remove group write access');
+                }
+            }
+            return {
+                isTampered: reasons.length > 0,
+                reasons,
+                recommendations
+            };
+        }
+        catch (error) {
+            return {
+                isTampered: true,
+                reasons: [`Error checking file permissions: ${error instanceof Error ? error.message : 'Unknown error'}`],
+                recommendations: ['Verify file exists and is accessible']
+            };
+        }
+    }
+    getSecurityRecommendations() {
+        const recommendations = [
+            'Keep your configuration file in a secure location',
+            'Regularly backup your configuration file',
+            'Use the POLYV_MASTER_KEY environment variable for additional security'
+        ];
+        if (this.supportsUnixPermissions()) {
+            recommendations.push('Ensure configuration file permissions are set to 600 (owner read/write only)', 'Configuration directory permissions should be 700 (owner access only)', 'Use "ls -la" to check file permissions');
+        }
+        else {
+            recommendations.push('On Windows, ensure only your user account has access to the configuration file', 'Use Windows file properties to review and manage access permissions', 'Consider using Windows folder encryption for additional security');
+        }
+        return recommendations;
+    }
+}
+exports.FilePermissionManager = FilePermissionManager;
+exports.defaultFilePermissionManager = new FilePermissionManager();
+//# sourceMappingURL=file-permission-manager.js.map