profile-manager-secure 1.0.0

package/dist/modules/vault/vault-storage.service.d.ts

@@ -0,0 +1,22 @@
+export declare class VaultStorageService {
+    /**
+     * Check if the vault file exists
+     */
+    exists(vaultPath: string): Promise<boolean>;
+    /**
+     * Get the password hint from the raw vault file without decrypting its contents
+     */
+    getHint(vaultPath: string): Promise<string | null>;
+    /**
+     * Read raw content from the vault file
+     */
+    read(vaultPath: string): Promise<{
+        salt: string;
+        ciphertext: string;
+        hint?: string;
+    }>;
+    /**
+     * Write content to the vault file atomically after creating a backup of the existing file
+     */
+    write(vaultPath: string, fileContent: string): Promise<void>;
+}

package/dist/modules/vault/vault-storage.service.js

@@ -0,0 +1,76 @@
+import fs from 'fs/promises';
+import path from 'path';
+import { logger } from '../../utils/logger.js';
+export class VaultStorageService {
+    /**
+     * Check if the vault file exists
+     */
+    async exists(vaultPath) {
+        try {
+            await fs.access(vaultPath);
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    /**
+     * Get the password hint from the raw vault file without decrypting its contents
+     */
+    async getHint(vaultPath) {
+        if (!(await this.exists(vaultPath))) {
+            return null;
+        }
+        try {
+            const rawContent = await fs.readFile(vaultPath, 'utf8');
+            const parsed = JSON.parse(rawContent);
+            return parsed.hint || null;
+        }
+        catch (error) {
+            logger.error('Failed to read password hint from vault file:', error.message);
+            return null;
+        }
+    }
+    /**
+     * Read raw content from the vault file
+     */
+    async read(vaultPath) {
+        try {
+            const rawContent = await fs.readFile(vaultPath, 'utf8');
+            return JSON.parse(rawContent);
+        }
+        catch (error) {
+            logger.error(`Failed to read vault file at ${vaultPath}:`, error.message);
+            throw error;
+        }
+    }
+    /**
+     * Write content to the vault file atomically after creating a backup of the existing file
+     */
+    async write(vaultPath, fileContent) {
+        try {
+            // 1. Create a backup of the existing vault file if it exists
+            if (await this.exists(vaultPath)) {
+                const backupPath = `${vaultPath}.bak`;
+                try {
+                    await fs.copyFile(vaultPath, backupPath);
+                    logger.info(`Vault backup created at ${backupPath}`);
+                }
+                catch (backupError) {
+                    logger.warn(`Failed to create vault backup: ${backupError.message}. Proceeding with save.`);
+                }
+            }
+            // 2. Write to a temporary file and rename it to target path for atomic update
+            const dir = path.dirname(vaultPath);
+            await fs.mkdir(dir, { recursive: true });
+            const tmpPath = `${vaultPath}.tmp`;
+            await fs.writeFile(tmpPath, fileContent, 'utf8');
+            await fs.rename(tmpPath, vaultPath);
+        }
+        catch (error) {
+            logger.error(`Failed to write vault file at ${vaultPath}:`, error.message);
+            throw error;
+        }
+    }
+}
+//# sourceMappingURL=vault-storage.service.js.map

package/dist/modules/vault/vault-storage.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"vault-storage.service.js","sourceRoot":"","sources":["../../../src/modules/vault/vault-storage.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,aAAa,CAAC;AAC7B,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C,MAAM,OAAO,mBAAmB;IAC9B;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,SAAiB;QAC5B,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC3B,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,SAAiB;QAC7B,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;YACpC,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YACxD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YACtC,OAAO,MAAM,CAAC,IAAI,IAAI,IAAI,CAAC;QAC7B,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,MAAM,CAAC,KAAK,CAAC,+CAA+C,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;YAC7E,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,SAAiB;QAC1B,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YACxD,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAChC,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,MAAM,CAAC,KAAK,CAAC,gCAAgC,SAAS,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;YAC1E,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,KAAK,CAAC,SAAiB,EAAE,WAAmB;QAChD,IAAI,CAAC;YACH,6DAA6D;YAC7D,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;gBACjC,MAAM,UAAU,GAAG,GAAG,SAAS,MAAM,CAAC;gBACtC,IAAI,CAAC;oBACH,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;oBACzC,MAAM,CAAC,IAAI,CAAC,2BAA2B,UAAU,EAAE,CAAC,CAAC;gBACvD,CAAC;gBAAC,OAAO,WAAgB,EAAE,CAAC;oBAC1B,MAAM,CAAC,IAAI,CAAC,kCAAkC,WAAW,CAAC,OAAO,yBAAyB,CAAC,CAAC;gBAC9F,CAAC;YACH,CAAC;YAED,8EAA8E;YAC9E,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YACpC,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAEzC,MAAM,OAAO,GAAG,GAAG,SAAS,MAAM,CAAC;YACnC,MAAM,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;YACjD,MAAM,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QACtC,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,MAAM,CAAC,KAAK,CAAC,iCAAiC,SAAS,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;YAC3E,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;CACF"}

package/dist/modules/vault/vault.service.d.ts

@@ -0,0 +1,66 @@
+import type { Category, Platform, CustomField, Credential, ApiKey, Proxy, VaultData } from './types.js';
+export type { Category, Platform, CustomField, Credential, ApiKey, Proxy, VaultData };
+declare class VaultService {
+    private get vaultPath();
+    private isUnlocked;
+    private encryptionKey;
+    private vaultData;
+    private apiKeysService;
+    private storageService;
+    private migrationService;
+    constructor();
+    /**
+     * Check if vault file exists
+     */
+    exists(): Promise<boolean>;
+    /**
+     * Check if the vault is unlocked
+     */
+    unlocked(): boolean;
+    /**
+     * Get decrypted vault data (only if unlocked)
+     */
+    getData(): VaultData;
+    /**
+     * Initialize a new vault with a master password
+     */
+    initialize(password: string, hint?: string): Promise<void>;
+    /**
+     * Unlock the vault with the master password
+     */
+    unlock(password: string): Promise<boolean>;
+    /**
+     * Lock the vault and wipe memory
+     */
+    lock(): void;
+    /**
+     * Get password hint from vault file without unlocking
+     */
+    getHint(): Promise<string | null>;
+    /**
+     * Save the in-memory vault data back to disk encrypted
+     */
+    save(): Promise<void>;
+    /**
+     * Change master password and re-encrypt vault database
+     */
+    changePassword(currentPassword: string, newPassword: string, hint?: string): Promise<boolean>;
+    /**
+     * Get vault stats and storage file path info
+     */
+    getVaultInfo(): {
+        path: string;
+        credentialsCount: number;
+        categoriesCount: number;
+    };
+    getApiKeys(): ApiKey[];
+    createApiKey(name: string): Promise<string>;
+    toggleApiKey(id: string, enabled: boolean): Promise<void>;
+    deleteApiKey(id: string): Promise<void>;
+    validateApiKey(key: string): boolean;
+    /**
+     * Automatically initializes the vault with default password '180823' if it does not exist
+     */
+    autoInitializeIfMissing(): Promise<void>;
+}
+export declare const vaultService: VaultService;

package/dist/modules/vault/vault.service.js

@@ -0,0 +1,229 @@
+import path from 'path';
+import os from 'os';
+import { deriveKey, encrypt, decrypt, generateSalt, hashPassword } from '../../utils/crypto.js';
+import { logger } from '../../utils/logger.js';
+import { defaultPlatforms } from './constants.js';
+import { ApiKeyService } from './apikey.service.js';
+import { VaultStorageService } from './vault-storage.service.js';
+import { VaultMigrationService } from './vault-migration.service.js';
+class VaultService {
+    get vaultPath() {
+        const defaultDir = path.join(os.homedir(), '.account-manager');
+        return process.env.DB_PATH || path.join(defaultDir, 'vault.enc');
+    }
+    isUnlocked = false;
+    encryptionKey = null;
+    vaultData = null;
+    apiKeysService;
+    storageService;
+    migrationService;
+    constructor() {
+        this.storageService = new VaultStorageService();
+        this.migrationService = new VaultMigrationService();
+        this.apiKeysService = new ApiKeyService(() => this.getData(), () => this.save(), () => this.unlocked());
+    }
+    /**
+     * Check if vault file exists
+     */
+    async exists() {
+        return this.storageService.exists(this.vaultPath);
+    }
+    /**
+     * Check if the vault is unlocked
+     */
+    unlocked() {
+        return this.isUnlocked;
+    }
+    /**
+     * Get decrypted vault data (only if unlocked)
+     */
+    getData() {
+        if (!this.isUnlocked || !this.vaultData) {
+            throw new Error('Vault is locked');
+        }
+        return this.vaultData;
+    }
+    /**
+     * Initialize a new vault with a master password
+     */
+    async initialize(password, hint) {
+        if (await this.exists()) {
+            throw new Error('Vault already exists');
+        }
+        logger.info('Initializing new vault...');
+        const salt = generateSalt();
+        const storageSalt = generateSalt();
+        const passwordHash = hashPassword(password, storageSalt);
+        const initialData = {
+            schemaVersion: 2, // Initialize with latest version
+            user: {
+                password_hash: passwordHash,
+                password_salt: storageSalt,
+                password_hint: hint
+            },
+            categories: [],
+            credentials: [],
+            platforms: defaultPlatforms
+        };
+        // Derive key and encrypt
+        const key = deriveKey(password, salt);
+        const ciphertext = encrypt(JSON.stringify(initialData), key);
+        // Save file
+        const fileContent = JSON.stringify({
+            salt,
+            ciphertext,
+            hint
+        });
+        await this.storageService.write(this.vaultPath, fileContent);
+        // Auto-unlock
+        this.encryptionKey = key;
+        this.vaultData = initialData;
+        this.isUnlocked = true;
+        logger.info('Vault initialized and unlocked successfully');
+    }
+    /**
+     * Unlock the vault with the master password
+     */
+    async unlock(password) {
+        if (!(await this.exists())) {
+            throw new Error('Vault has not been initialized');
+        }
+        try {
+            const { salt, ciphertext } = await this.storageService.read(this.vaultPath);
+            const key = deriveKey(password, salt);
+            const decryptedDataRaw = decrypt(ciphertext, key);
+            const data = JSON.parse(decryptedDataRaw);
+            // Verify password hash for double safety
+            const computedHash = hashPassword(password, data.user.password_salt);
+            if (computedHash !== data.user.password_hash) {
+                logger.warn('Password hash verification failed');
+                return false;
+            }
+            this.encryptionKey = key;
+            this.vaultData = data;
+            this.isUnlocked = true;
+            // Run sequential migrations
+            const { migratedData, needsSave } = await this.migrationService.migrate(this.vaultData);
+            this.vaultData = migratedData;
+            if (needsSave) {
+                await this.save();
+            }
+            logger.info('Vault unlocked successfully');
+            return true;
+        }
+        catch (error) {
+            logger.error('Failed to unlock vault:', error.message);
+            return false;
+        }
+    }
+    /**
+     * Lock the vault and wipe memory
+     */
+    lock() {
+        this.isUnlocked = false;
+        this.encryptionKey = null;
+        this.vaultData = null;
+        logger.info('Vault locked');
+    }
+    /**
+     * Get password hint from vault file without unlocking
+     */
+    async getHint() {
+        return this.storageService.getHint(this.vaultPath);
+    }
+    /**
+     * Save the in-memory vault data back to disk encrypted
+     */
+    async save() {
+        if (!this.isUnlocked || !this.encryptionKey || !this.vaultData) {
+            throw new Error('Vault is locked, cannot save');
+        }
+        const { salt } = await this.storageService.read(this.vaultPath);
+        const ciphertext = encrypt(JSON.stringify(this.vaultData), this.encryptionKey);
+        const fileContent = JSON.stringify({
+            salt,
+            ciphertext,
+            hint: this.vaultData.user.password_hint
+        });
+        await this.storageService.write(this.vaultPath, fileContent);
+    }
+    /**
+     * Change master password and re-encrypt vault database
+     */
+    async changePassword(currentPassword, newPassword, hint) {
+        if (!this.isUnlocked || !this.encryptionKey || !this.vaultData) {
+            throw new Error('Vault is locked');
+        }
+        // 1. Verify current password hash
+        const computedHash = hashPassword(currentPassword, this.vaultData.user.password_salt);
+        if (computedHash !== this.vaultData.user.password_hash) {
+            logger.warn('Change password failed: current password incorrect');
+            return false;
+        }
+        // 2. Generate new storage salt and hash new password
+        const newStorageSalt = generateSalt();
+        const newPasswordHash = hashPassword(newPassword, newStorageSalt);
+        // 3. Update vaultData user info
+        this.vaultData.user = {
+            password_hash: newPasswordHash,
+            password_salt: newStorageSalt,
+            password_hint: hint
+        };
+        // 4. Generate new salt for file encryption and derive new key
+        const newSalt = generateSalt();
+        const newKey = deriveKey(newPassword, newSalt);
+        // 5. Encrypt vault data with the new key
+        const ciphertext = encrypt(JSON.stringify(this.vaultData), newKey);
+        const fileContent = JSON.stringify({
+            salt: newSalt,
+            ciphertext,
+            hint
+        });
+        // 6. Save to disk atomically
+        await this.storageService.write(this.vaultPath, fileContent);
+        // 7. Update in-memory keys
+        this.encryptionKey = newKey;
+        logger.info('Master password changed successfully');
+        return true;
+    }
+    /**
+     * Get vault stats and storage file path info
+     */
+    getVaultInfo() {
+        if (!this.isUnlocked || !this.vaultData) {
+            throw new Error('Vault is locked');
+        }
+        return {
+            path: this.vaultPath,
+            credentialsCount: this.vaultData.credentials.length,
+            categoriesCount: this.vaultData.categories.length
+        };
+    }
+    getApiKeys() {
+        return this.apiKeysService.getApiKeys();
+    }
+    async createApiKey(name) {
+        return this.apiKeysService.createApiKey(name);
+    }
+    async toggleApiKey(id, enabled) {
+        return this.apiKeysService.toggleApiKey(id, enabled);
+    }
+    async deleteApiKey(id) {
+        return this.apiKeysService.deleteApiKey(id);
+    }
+    validateApiKey(key) {
+        return this.apiKeysService.validateApiKey(key);
+    }
+    /**
+     * Automatically initializes the vault with default password '180823' if it does not exist
+     */
+    async autoInitializeIfMissing() {
+        if (!(await this.exists())) {
+            logger.info('Vault database not found. Auto-initializing with default password...');
+            await this.initialize('180823', 'Mật khẩu mặc định là 180823');
+            this.lock(); // Lock it immediately so the user has to unlock it!
+        }
+    }
+}
+export const vaultService = new VaultService();
+//# sourceMappingURL=vault.service.js.map

package/dist/modules/vault/vault.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"vault.service.js","sourceRoot":"","sources":["../../../src/modules/vault/vault.service.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAChG,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AAIrE,MAAM,YAAY;IAChB,IAAY,SAAS;QACnB,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,kBAAkB,CAAC,CAAC;QAC/D,OAAO,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IACnE,CAAC;IACO,UAAU,GAAY,KAAK,CAAC;IAC5B,aAAa,GAAkB,IAAI,CAAC;IACpC,SAAS,GAAqB,IAAI,CAAC;IACnC,cAAc,CAAgB;IAC9B,cAAc,CAAsB;IACpC,gBAAgB,CAAwB;IAEhD;QACE,IAAI,CAAC,cAAc,GAAG,IAAI,mBAAmB,EAAE,CAAC;QAChD,IAAI,CAAC,gBAAgB,GAAG,IAAI,qBAAqB,EAAE,CAAC;QACpD,IAAI,CAAC,cAAc,GAAG,IAAI,aAAa,CACrC,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,EACpB,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,EACjB,GAAG,EAAE,CAAC,IAAI,CAAC,QAAQ,EAAE,CACtB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM;QACV,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;IAED;;OAEG;IACH,QAAQ;QACN,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,OAAO;QACL,IAAI,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;QACrC,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,QAAgB,EAAE,IAAa;QAC9C,IAAI,MAAM,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC1C,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;QAEzC,MAAM,IAAI,GAAG,YAAY,EAAE,CAAC;QAC5B,MAAM,WAAW,GAAG,YAAY,EAAE,CAAC;QACnC,MAAM,YAAY,GAAG,YAAY,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAEzD,MAAM,WAAW,GAAc;YAC7B,aAAa,EAAE,CAAC,EAAE,iCAAiC;YACnD,IAAI,EAAE;gBACJ,aAAa,EAAE,YAAY;gBAC3B,aAAa,EAAE,WAAW;gBAC1B,aAAa,EAAE,IAAI;aACpB;YACD,UAAU,EAAE,EAAE;YACd,WAAW,EAAE,EAAE;YACf,SAAS,EAAE,gBAAgB;SAC5B,CAAC;QAEF,yBAAyB;QACzB,MAAM,GAAG,GAAG,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QACtC,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE,GAAG,CAAC,CAAC;QAE7D,YAAY;QACZ,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC;YACjC,IAAI;YACJ,UAAU;YACV,IAAI;SACL,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QAE7D,cAAc;QACd,IAAI,CAAC,aAAa,GAAG,GAAG,CAAC;QACzB,IAAI,CAAC,SAAS,GAAG,WAAW,CAAC;QAC7B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QAEvB,MAAM,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC;IAC7D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,QAAgB;QAC3B,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QAED,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAE5E,MAAM,GAAG,GAAG,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;YACtC,MAAM,gBAAgB,GAAG,OAAO,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;YAClD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAc,CAAC;YAEvD,yCAAyC;YACzC,MAAM,YAAY,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YACrE,IAAI,YAAY,KAAK,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;gBAC7C,MAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;gBACjD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC,aAAa,GAAG,GAAG,CAAC;YACzB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;YACtB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;YAEvB,4BAA4B;YAC5B,MAAM,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACxF,IAAI,CAAC,SAAS,GAAG,YAAY,CAAC;YAE9B,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YACpB,CAAC;YAED,MAAM,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;YAC3C,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;YACvD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACH,IAAI;QACF,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC;QACxB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;QAC1B,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;QACtB,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO;QACX,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACrD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YAC/D,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;QAED,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAEhE,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QAC/E,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC;YACjC,IAAI;YACJ,UAAU;YACV,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,aAAa;SACxC,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;IAC/D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,eAAuB,EAAE,WAAmB,EAAE,IAAa;QAC9E,IAAI,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YAC/D,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;QACrC,CAAC;QAED,kCAAkC;QAClC,MAAM,YAAY,GAAG,YAAY,CAAC,eAAe,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACtF,IAAI,YAAY,KAAK,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACvD,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;YAClE,OAAO,KAAK,CAAC;QACf,CAAC;QAED,qDAAqD;QACrD,MAAM,cAAc,GAAG,YAAY,EAAE,CAAC;QACtC,MAAM,eAAe,GAAG,YAAY,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;QAElE,gCAAgC;QAChC,IAAI,CAAC,SAAS,CAAC,IAAI,GAAG;YACpB,aAAa,EAAE,eAAe;YAC9B,aAAa,EAAE,cAAc;YAC7B,aAAa,EAAE,IAAI;SACpB,CAAC;QAEF,8DAA8D;QAC9D,MAAM,OAAO,GAAG,YAAY,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,SAAS,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAE/C,yCAAyC;QACzC,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,CAAC;QACnE,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC;YACjC,IAAI,EAAE,OAAO;YACb,UAAU;YACV,IAAI;SACL,CAAC,CAAC;QAEH,6BAA6B;QAC7B,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QAE7D,2BAA2B;QAC3B,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC;QAE5B,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QACpD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,YAAY;QACV,IAAI,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;QACrC,CAAC;QACD,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,SAAS;YACpB,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,MAAM;YACnD,eAAe,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,MAAM;SAClD,CAAC;IACJ,CAAC;IAED,UAAU;QACR,OAAO,IAAI,CAAC,cAAc,CAAC,UAAU,EAAE,CAAC;IAC1C,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,IAAY;QAC7B,OAAO,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,EAAU,EAAE,OAAgB;QAC7C,OAAO,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;IACvD,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,EAAU;QAC3B,OAAO,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;IAC9C,CAAC;IAED,cAAc,CAAC,GAAW;QACxB,OAAO,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;IACjD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,uBAAuB;QAC3B,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC;YAC3B,MAAM,CAAC,IAAI,CAAC,sEAAsE,CAAC,CAAC;YACpF,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,6BAA6B,CAAC,CAAC;YAC/D,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,oDAAoD;QACnE,CAAC;IACH,CAAC;CACF;AAED,MAAM,CAAC,MAAM,YAAY,GAAG,IAAI,YAAY,EAAE,CAAC"}

package/dist/server.d.ts

@@ -0,0 +1 @@
+export declare function startServer(port: number, callback: () => void): Promise<import("http").Server<typeof import("http").IncomingMessage, typeof import("http").ServerResponse>>;

package/dist/server.js

@@ -0,0 +1,67 @@
+import express from 'express';
+import cors from 'cors';
+import helmet from 'helmet';
+import path from 'path';
+import { fileURLToPath } from 'url';
+import { authRouter } from './modules/auth/auth.controller.js';
+import { credentialRouter } from './modules/credential/credential.controller.js';
+import { tailscaleRouter } from './modules/tailscale/tailscale.controller.js';
+import { proxyRouter } from './modules/proxy/proxy.controller.js';
+import { totpRouter } from './modules/totp/totp.controller.js';
+import { authMiddleware } from './middleware/auth.middleware.js';
+import { errorMiddleware } from './middleware/error.middleware.js';
+import { logger } from './utils/logger.js';
+import { vaultService } from './modules/vault/vault.service.js';
+import fs from 'fs';
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+const app = express();
+// Apply global middlewares
+app.use(helmet({
+    contentSecurityPolicy: false, // Disabled to allow loading external platform icons and dynamic assets
+    crossOriginEmbedderPolicy: false,
+    crossOriginResourcePolicy: false
+}));
+app.use(cors());
+app.use(express.json({ limit: '10mb' }));
+// Request logging middleware
+app.use((req, res, next) => {
+    logger.info(`${req.method} ${req.path}`);
+    next();
+});
+// API Routes
+app.use('/api/auth', authRouter);
+app.use('/api/credentials', authMiddleware, credentialRouter);
+app.use('/api/tailscale', authMiddleware, tailscaleRouter);
+app.use('/api/proxy', authMiddleware, proxyRouter);
+app.use('/api/totp', authMiddleware, totpRouter);
+// Serve Frontend Static Assets
+const frontendDistPath = fs.existsSync(path.resolve(__dirname, './frontend'))
+    ? path.resolve(__dirname, './frontend')
+    : path.resolve(__dirname, '../../frontend/dist');
+app.use(express.static(frontendDistPath));
+// Wildcard handler for Single Page Application (React Router)
+app.get('*', (req, res) => {
+    res.sendFile(path.join(frontendDistPath, 'index.html'));
+});
+// Global Error Handler
+app.use(errorMiddleware);
+export async function startServer(port, callback) {
+    logger.info('Starting server in HTTP mode');
+    try {
+        await vaultService.autoInitializeIfMissing();
+    }
+    catch (error) {
+        logger.error('Failed to auto-initialize vault:', error);
+    }
+    return app.listen(port, callback);
+}
+// Support running directly (e.g. during development with tsx)
+if (process.argv[1] && (process.argv[1].endsWith('server.ts') || process.argv[1].endsWith('server.js'))) {
+    const port = parseInt(process.env.PORT || '18823', 10);
+    startServer(port, () => {
+        logger.info(`Server running directly on port ${port}`);
+    });
+}
+// Trigger restart
+//# sourceMappingURL=server.js.map

package/dist/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA,OAAO,OAAO,MAAM,SAAS,CAAC;AAC9B,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,aAAa,EAAE,MAAM,KAAK,CAAC;AACpC,OAAO,EAAE,UAAU,EAAE,MAAM,mCAAmC,CAAC;AAC/D,OAAO,EAAE,gBAAgB,EAAE,MAAM,+CAA+C,CAAC;AACjF,OAAO,EAAE,eAAe,EAAE,MAAM,6CAA6C,CAAC;AAC9E,OAAO,EAAE,WAAW,EAAE,MAAM,qCAAqC,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,mCAAmC,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AACnE,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,kCAAkC,CAAC;AAChE,OAAO,EAAE,MAAM,IAAI,CAAC;AAGpB,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;AAE3C,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;AAEtB,2BAA2B;AAC3B,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC;IACb,qBAAqB,EAAE,KAAK,EAAE,uEAAuE;IACrG,yBAAyB,EAAE,KAAK;IAChC,yBAAyB,EAAE,KAAK;CACjC,CAAC,CAAC,CAAC;AACJ,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;AAChB,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;AAEzC,6BAA6B;AAC7B,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;IACzB,MAAM,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACzC,IAAI,EAAE,CAAC;AACT,CAAC,CAAC,CAAC;AAEH,aAAa;AACb,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;AACjC,GAAG,CAAC,GAAG,CAAC,kBAAkB,EAAE,cAAc,EAAE,gBAAgB,CAAC,CAAC;AAC9D,GAAG,CAAC,GAAG,CAAC,gBAAgB,EAAE,cAAc,EAAE,eAAe,CAAC,CAAC;AAC3D,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,cAAc,EAAE,WAAW,CAAC,CAAC;AACnD,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,cAAc,EAAE,UAAU,CAAC,CAAC;AAEjD,+BAA+B;AAC/B,MAAM,gBAAgB,GAAG,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;IAC3E,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,YAAY,CAAC;IACvC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,qBAAqB,CAAC,CAAC;AAEnD,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC;AAE1C,8DAA8D;AAC9D,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACxB,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,YAAY,CAAC,CAAC,CAAC;AAC1D,CAAC,CAAC,CAAC;AAEH,uBAAuB;AACvB,GAAG,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;AAEzB,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,IAAY,EAAE,QAAoB;IAClE,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;IAC5C,IAAI,CAAC;QACH,MAAM,YAAY,CAAC,uBAAuB,EAAE,CAAC;IAC/C,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,MAAM,CAAC,KAAK,CAAC,kCAAkC,EAAE,KAAK,CAAC,CAAC;IAC1D,CAAC;IACD,OAAO,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;AACpC,CAAC;AAED,8DAA8D;AAC9D,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;IACxG,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,EAAE,EAAE,CAAC,CAAC;IACvD,WAAW,CAAC,IAAI,EAAE,GAAG,EAAE;QACrB,MAAM,CAAC,IAAI,CAAC,mCAAmC,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;AACL,CAAC;AACD,kBAAkB"}

package/dist/utils/crypto.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Derive an encryption key from the master password and a salt
+ */
+export declare function deriveKey(password: string, salt: string): Buffer;
+/**
+ * Encrypt plain text using AES-256-GCM with a derived key
+ */
+export declare function encrypt(text: string, key: Buffer): string;
+/**
+ * Decrypt cipher text using AES-256-GCM with a derived key
+ */
+export declare function decrypt(encryptedText: string, key: Buffer): string;
+/**
+ * Generate a cryptographically secure random salt
+ */
+export declare function generateSalt(): string;
+/**
+ * Hash a password for storage verification (different salt/iterations from encryption key)
+ */
+export declare function hashPassword(password: string, salt: string): string;

package/dist/utils/crypto.js

@@ -0,0 +1,54 @@
+import crypto from 'crypto';
+const PBKDF2_ITERATIONS = 100000;
+const KEY_LEN = 32; // 256 bits
+const DIGEST = 'sha256';
+/**
+ * Derive an encryption key from the master password and a salt
+ */
+export function deriveKey(password, salt) {
+    return crypto.pbkdf2Sync(password, salt, PBKDF2_ITERATIONS, KEY_LEN, DIGEST);
+}
+/**
+ * Encrypt plain text using AES-256-GCM with a derived key
+ */
+export function encrypt(text, key) {
+    const iv = crypto.randomBytes(12);
+    const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
+    let encrypted = cipher.update(text, 'utf8', 'hex');
+    encrypted += cipher.final('hex');
+    const authTag = cipher.getAuthTag().toString('hex');
+    // Format: iv:authTag:ciphertext
+    return `${iv.toString('hex')}:${authTag}:${encrypted}`;
+}
+/**
+ * Decrypt cipher text using AES-256-GCM with a derived key
+ */
+export function decrypt(encryptedText, key) {
+    const parts = encryptedText.split(':');
+    if (parts.length !== 3) {
+        throw new Error('Invalid encrypted text format');
+    }
+    const iv = Buffer.from(parts[0], 'hex');
+    const authTag = Buffer.from(parts[1], 'hex');
+    const ciphertext = Buffer.from(parts[2], 'hex');
+    const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv);
+    decipher.setAuthTag(authTag);
+    let decrypted = decipher.update(ciphertext);
+    decrypted = Buffer.concat([decrypted, decipher.final()]);
+    return decrypted.toString('utf8');
+}
+/**
+ * Generate a cryptographically secure random salt
+ */
+export function generateSalt() {
+    return crypto.randomBytes(16).toString('hex');
+}
+/**
+ * Hash a password for storage verification (different salt/iterations from encryption key)
+ */
+export function hashPassword(password, salt) {
+    // Use more iterations for storage hashing
+    const hash = crypto.pbkdf2Sync(password, salt, PBKDF2_ITERATIONS * 2, KEY_LEN, DIGEST);
+    return hash.toString('hex');
+}
+//# sourceMappingURL=crypto.js.map

package/dist/utils/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/utils/crypto.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAC;AAE5B,MAAM,iBAAiB,GAAG,MAAM,CAAC;AACjC,MAAM,OAAO,GAAG,EAAE,CAAC,CAAC,WAAW;AAC/B,MAAM,MAAM,GAAG,QAAQ,CAAC;AAExB;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,QAAgB,EAAE,IAAY;IACtD,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;AAC/E,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,OAAO,CAAC,IAAY,EAAE,GAAW;IAC/C,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IAClC,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IAE7D,IAAI,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IACnD,SAAS,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAEjC,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAEpD,gCAAgC;IAChC,OAAO,GAAG,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,OAAO,IAAI,SAAS,EAAE,CAAC;AACzD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,OAAO,CAAC,aAAqB,EAAE,GAAW;IACxD,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACvC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;IAED,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACxC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAC7C,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAEhD,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IACjE,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAE7B,IAAI,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAC5C,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAEzD,OAAO,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY;IAC1B,OAAO,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAChD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,IAAY;IACzD,0CAA0C;IAC1C,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,IAAI,EAAE,iBAAiB,GAAG,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACvF,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAC9B,CAAC"}

package/dist/utils/crypto.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/utils/crypto.test.js

@@ -0,0 +1,66 @@
+import { deriveKey, encrypt, decrypt, generateSalt, hashPassword } from './crypto.js';
+import { logger } from './logger.js';
+function runTests() {
+    logger.info('Starting unit tests for crypto module...');
+    try {
+        const password = 'myMasterPassword123!';
+        const salt = generateSalt();
+        // Test 1: Key Derivation
+        logger.info('Test 1: Testing key derivation...');
+        const key1 = deriveKey(password, salt);
+        const key2 = deriveKey(password, salt);
+        if (key1.toString('hex') !== key2.toString('hex')) {
+            throw new Error('Key derivation is not deterministic');
+        }
+        logger.info('Test 1 Passed: Key derivation is deterministic and matches.');
+        // Test 2: Symmetric Encryption & Decryption (AES-256-GCM)
+        logger.info('Test 2: Testing encryption & decryption...');
+        const originalText = 'Highly secret credentials: username=admin, password=secret';
+        const ciphertext = encrypt(originalText, key1);
+        logger.info(`Ciphertext format (iv:tag:cipher): ${ciphertext.substring(0, 40)}...`);
+        const decryptedText = decrypt(ciphertext, key1);
+        if (decryptedText !== originalText) {
+            throw new Error(`Decrypted text does not match original! Expected: "${originalText}", Got: "${decryptedText}"`);
+        }
+        logger.info('Test 2 Passed: Decryption recovers original text.');
+        // Test 3: Authenticated Tamper Proofing
+        logger.info('Test 3: Testing decryption integrity with tampered ciphertext...');
+        const parts = ciphertext.split(':');
+        // Tamper with the ciphertext content
+        parts[2] = parts[2].substring(0, parts[2].length - 2) + (parts[2].endsWith('a') ? 'b' : 'a');
+        const tamperedCiphertext = parts.join(':');
+        try {
+            decrypt(tamperedCiphertext, key1);
+            throw new Error('Decryption did not fail on tampered ciphertext (integrity check failed)');
+        }
+        catch (err) {
+            if (err.message.includes('Unsupported state or key size') || err.message.includes('BAD_DECRYPT') || err.message.includes('Unsupported state') || err.message.includes('integrity') || err.message.includes('Unsupported') || err.message.includes('AuthTag') || err.message.includes('decrypt') || err.message.includes('MAC')) {
+                logger.info('Test 3 Passed: Tampered ciphertext was successfully rejected (throws error).');
+            }
+            else {
+                // GCM decryption throw is generic (Unsupported state or key size / decrypt pending etc)
+                logger.info(`Test 3 Passed: Rejected with error: ${err.message}`);
+            }
+        }
+        // Test 4: Password Hashing
+        logger.info('Test 4: Testing storage password hashing...');
+        const storageSalt = generateSalt();
+        const hash1 = hashPassword(password, storageSalt);
+        const hash2 = hashPassword(password, storageSalt);
+        const hash3 = hashPassword('differentPassword', storageSalt);
+        if (hash1 !== hash2) {
+            throw new Error('Password hashing is not deterministic');
+        }
+        if (hash1 === hash3) {
+            throw new Error('Different passwords produced the same hash');
+        }
+        logger.info('Test 4 Passed: Password hashing works as expected.');
+        logger.info('🎉 All crypto unit tests completed successfully!');
+    }
+    catch (error) {
+        logger.error('❌ Crypto unit test failed:', error.message);
+        process.exit(1);
+    }
+}
+runTests();
+//# sourceMappingURL=crypto.test.js.map

package/dist/utils/crypto.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.test.js","sourceRoot":"","sources":["../../src/utils/crypto.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACtF,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAErC,SAAS,QAAQ;IACf,MAAM,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;IAExD,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,sBAAsB,CAAC;QACxC,MAAM,IAAI,GAAG,YAAY,EAAE,CAAC;QAE5B,yBAAyB;QACzB,MAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;QACjD,MAAM,IAAI,GAAG,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QACvC,MAAM,IAAI,GAAG,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAEvC,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACzD,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,6DAA6D,CAAC,CAAC;QAE3E,0DAA0D;QAC1D,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;QAC1D,MAAM,YAAY,GAAG,4DAA4D,CAAC;QAClF,MAAM,UAAU,GAAG,OAAO,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;QAE/C,MAAM,CAAC,IAAI,CAAC,sCAAsC,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC;QAEpF,MAAM,aAAa,GAAG,OAAO,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;QAChD,IAAI,aAAa,KAAK,YAAY,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CAAC,sDAAsD,YAAY,YAAY,aAAa,GAAG,CAAC,CAAC;QAClH,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QAEjE,wCAAwC;QACxC,MAAM,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAChF,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACpC,qCAAqC;QACrC,KAAK,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QAC7F,MAAM,kBAAkB,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAE3C,IAAI,CAAC;YACH,OAAO,CAAC,kBAAkB,EAAE,IAAI,CAAC,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;QAC7F,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,+BAA+B,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC/T,MAAM,CAAC,IAAI,CAAC,8EAA8E,CAAC,CAAC;YAC9F,CAAC;iBAAM,CAAC;gBACN,wFAAwF;gBACxF,MAAM,CAAC,IAAI,CAAC,uCAAuC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YACpE,CAAC;QACH,CAAC;QAED,2BAA2B;QAC3B,MAAM,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC;QAC3D,MAAM,WAAW,GAAG,YAAY,EAAE,CAAC;QACnC,MAAM,KAAK,GAAG,YAAY,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAClD,MAAM,KAAK,GAAG,YAAY,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAClD,MAAM,KAAK,GAAG,YAAY,CAAC,mBAAmB,EAAE,WAAW,CAAC,CAAC;QAE7D,IAAI,KAAK,KAAK,KAAK,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QACD,IAAI,KAAK,KAAK,KAAK,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QAElE,MAAM,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;IAClE,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,MAAM,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;QAC1D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,QAAQ,EAAE,CAAC"}

package/dist/utils/logger.d.ts

@@ -0,0 +1,5 @@
+export declare const logger: {
+    info: (message: string, ...args: any[]) => void;
+    warn: (message: string, ...args: any[]) => void;
+    error: (message: string, ...args: any[]) => void;
+};