sigild 0.0.1

package/dist/src/audit/log.js

@@ -0,0 +1,229 @@
+import { closeSync, fsyncSync, openSync, readFileSync, writeSync } from 'node:fs';
+import { keccak256 } from '../eth/keccak.js';
+export const ZERO_HASH = '0'.repeat(64);
+export const HASH_HEX_LEN = 64;
+export class AuditChainError extends Error {
+    atSeq;
+    constructor(msg, atSeq) {
+        super(`audit chain error${atSeq !== undefined ? ` at seq=${atSeq}` : ''}: ${msg}`);
+        this.name = 'AuditChainError';
+        this.atSeq = atSeq;
+    }
+}
+/**
+ * Canonical JSON serialization: keys sorted lexicographically, recursive.
+ * This is what we hash, so it must be deterministic across engine
+ * versions and across re-serializations.
+ */
+export function canonicalJSON(value) {
+    if (value === null || value === undefined)
+        return 'null';
+    if (typeof value === 'boolean')
+        return value ? 'true' : 'false';
+    if (typeof value === 'number') {
+        if (!Number.isFinite(value)) {
+            throw new Error('canonicalJSON: non-finite numbers are not representable');
+        }
+        return JSON.stringify(value);
+    }
+    if (typeof value === 'bigint') {
+        // Store as a decimal string; up to caller to know the type.
+        return JSON.stringify(value.toString());
+    }
+    if (typeof value === 'string')
+        return JSON.stringify(value);
+    if (Array.isArray(value)) {
+        return '[' + value.map(canonicalJSON).join(',') + ']';
+    }
+    if (typeof value === 'object') {
+        const obj = value;
+        const keys = Object.keys(obj).filter((k) => obj[k] !== undefined).sort();
+        return '{' + keys.map((k) => JSON.stringify(k) + ':' + canonicalJSON(obj[k])).join(',') + '}';
+    }
+    throw new Error(`canonicalJSON: unsupported value type ${typeof value}`);
+}
+/**
+ * Compute the keccak256 hash of an entry (without the `hash` field).
+ * Returns lowercase hex.
+ */
+export function hashEntry(entry) {
+    return keccak256(Buffer.from(canonicalJSON(entry), 'utf8')).toString('hex');
+}
+/**
+ * Stamp an entry with its hash.
+ */
+export function sealEntry(entry) {
+    return { ...entry, hash: hashEntry(entry) };
+}
+/**
+ * Serialize a stored entry to a single JSON line (newline-terminated).
+ */
+export function serializeEntry(entry) {
+    return canonicalJSON(entry) + '\n';
+}
+/**
+ * Parse a single line and verify its self-hash. Does NOT check chain linkage.
+ */
+export function parseLine(line) {
+    let parsed;
+    try {
+        parsed = JSON.parse(line);
+    }
+    catch (err) {
+        throw new AuditChainError(`malformed JSON: ${err.message}`);
+    }
+    if (typeof parsed !== 'object' || parsed === null || Array.isArray(parsed)) {
+        throw new AuditChainError('line is not a JSON object');
+    }
+    const obj = parsed;
+    const hash = obj['hash'];
+    if (typeof hash !== 'string' || hash.length !== HASH_HEX_LEN) {
+        throw new AuditChainError('missing or malformed hash field');
+    }
+    // Validate required top-level fields exist and have the right shape.
+    for (const required of ['seq', 'ts', 'prev_hash', 'kind', 'portal', 'decision']) {
+        if (!(required in obj)) {
+            throw new AuditChainError(`missing required field: ${required}`);
+        }
+    }
+    if (typeof obj['seq'] !== 'number' || !Number.isInteger(obj['seq']) || obj['seq'] < 0) {
+        throw new AuditChainError('seq must be a non-negative integer');
+    }
+    if (typeof obj['prev_hash'] !== 'string' || obj['prev_hash'].length !== HASH_HEX_LEN) {
+        throw new AuditChainError('prev_hash must be 64-char hex');
+    }
+    // Re-hash without the hash field and compare.
+    const rest = {
+        seq: obj['seq'],
+        ts: obj['ts'],
+        prev_hash: obj['prev_hash'],
+        kind: obj['kind'],
+        portal: obj['portal'],
+        payload: obj['payload'],
+        decision: obj['decision'],
+        ...(obj['reason'] !== undefined ? { reason: obj['reason'] } : {}),
+        ...(obj['sig'] !== undefined ? { sig: obj['sig'] } : {}),
+    };
+    const expected = hashEntry(rest);
+    if (hash !== expected) {
+        throw new AuditChainError(`hash mismatch: stored=${hash} expected=${expected}`, rest.seq);
+    }
+    return { ...rest, hash };
+}
+/**
+ * Verify a buffer's worth of JSONL audit entries.
+ * - Empty buffer → empty chain.
+ * - Each entry must self-hash correctly.
+ * - Each entry's seq must be expected (0, 1, 2, ...).
+ * - Each entry's prev_hash must match the previous entry's hash.
+ * - A trailing non-empty fragment (no terminating newline) is a torn write.
+ *
+ * Returns the entries in order. Throws AuditChainError on any failure.
+ */
+export function verifyChain(buf) {
+    const text = typeof buf === 'string' ? buf : buf.toString('utf8');
+    if (text === '')
+        return [];
+    const lines = text.split('\n');
+    // Well-formed JSONL ends with a newline, so split yields a trailing empty string.
+    const last = lines[lines.length - 1];
+    if (last !== '') {
+        throw new AuditChainError(`torn write: trailing fragment of ${last.length} bytes without newline`);
+    }
+    lines.pop();
+    const entries = [];
+    let expectedPrevHash = ZERO_HASH;
+    let expectedSeq = 0;
+    for (const line of lines) {
+        const entry = parseLine(line);
+        if (entry.seq !== expectedSeq) {
+            throw new AuditChainError(`seq gap: expected ${expectedSeq}, got ${entry.seq}`, entry.seq);
+        }
+        if (entry.prev_hash !== expectedPrevHash) {
+            throw new AuditChainError(`prev_hash mismatch: expected ${expectedPrevHash}, got ${entry.prev_hash}`, entry.seq);
+        }
+        entries.push(entry);
+        expectedPrevHash = entry.hash;
+        expectedSeq++;
+    }
+    return entries;
+}
+/**
+ * Read the chain head from an existing audit file. Verifies the whole chain
+ * during read. If the file does not exist or is empty, returns the genesis head.
+ */
+export function readHead(path) {
+    let buf;
+    try {
+        buf = readFileSync(path);
+    }
+    catch (err) {
+        if (err.code === 'ENOENT') {
+            return { nextSeq: 0, prevHash: ZERO_HASH };
+        }
+        throw err;
+    }
+    const entries = verifyChain(buf);
+    if (entries.length === 0) {
+        return { nextSeq: 0, prevHash: ZERO_HASH };
+    }
+    const last = entries[entries.length - 1];
+    return { nextSeq: last.seq + 1, prevHash: last.hash };
+}
+/**
+ * Append-only audit writer with fsync after every write.
+ *
+ * Typical use:
+ *   const w = new AuditWriter('/path/to/audit.log');
+ *   w.append({ kind: 'eth_sign_message', portal: 'eth:bot', payload, decision: 'allow', sig });
+ *   w.close();
+ *
+ * The seq and prev_hash fields are managed by the writer; callers supply
+ * everything else.
+ */
+export class AuditWriter {
+    path;
+    #head;
+    #closed = false;
+    // Allow tests to inject a fixed clock. Defaults to Date.now.
+    #now;
+    constructor(path, opts = {}) {
+        this.path = path;
+        this.#head = readHead(path);
+        this.#now = opts.now ?? (() => Date.now());
+    }
+    get head() {
+        return { ...this.#head };
+    }
+    append(input) {
+        if (this.#closed)
+            throw new Error('AuditWriter is closed');
+        const entry = {
+            seq: this.#head.nextSeq,
+            ts: this.#now(),
+            prev_hash: this.#head.prevHash,
+            kind: input.kind,
+            portal: input.portal,
+            payload: input.payload,
+            decision: input.decision,
+            ...(input.reason !== undefined ? { reason: input.reason } : {}),
+            ...(input.sig !== undefined ? { sig: input.sig } : {}),
+        };
+        const stored = sealEntry(entry);
+        const line = serializeEntry(stored);
+        const fd = openSync(this.path, 'a', 0o600);
+        try {
+            writeSync(fd, line);
+            fsyncSync(fd);
+        }
+        finally {
+            closeSync(fd);
+        }
+        this.#head = { nextSeq: stored.seq + 1, prevHash: stored.hash };
+        return stored;
+    }
+    close() {
+        this.#closed = true;
+    }
+}
+//# sourceMappingURL=log.js.map

package/dist/src/audit/log.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"log.js","sourceRoot":"","sources":["../../../src/audit/log.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAClF,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAoB7C,MAAM,CAAC,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;AACxC,MAAM,CAAC,MAAM,YAAY,GAAG,EAAE,CAAC;AAE/B,MAAM,OAAO,eAAgB,SAAQ,KAAK;IAC/B,KAAK,CAAqB;IACnC,YAAY,GAAW,EAAE,KAAc;QACrC,KAAK,CAAC,oBAAoB,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,WAAW,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,GAAG,EAAE,CAAC,CAAC;QACnF,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;QAC9B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,KAAc;IAC1C,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC;IACzD,IAAI,OAAO,KAAK,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;IAChE,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;QAC7E,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,4DAA4D;QAC5D,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC1C,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAC5D,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IACxD,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,GAAG,GAAG,KAAgC,CAAC;QAC7C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC;QACzE,OAAO,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IAChG,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,yCAAyC,OAAO,KAAK,EAAE,CAAC,CAAC;AAC3E,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,SAAS,CAAC,KAAiB;IACzC,OAAO,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAC9E,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,KAAiB;IACzC,OAAO,EAAE,GAAG,KAAK,EAAE,IAAI,EAAE,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;AAC9C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,KAAuB;IACpD,OAAO,aAAa,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,IAAY;IACpC,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,eAAe,CAAC,mBAAoB,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3E,MAAM,IAAI,eAAe,CAAC,2BAA2B,CAAC,CAAC;IACzD,CAAC;IACD,MAAM,GAAG,GAAG,MAAiC,CAAC;IAC9C,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC;IACzB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;QAC7D,MAAM,IAAI,eAAe,CAAC,iCAAiC,CAAC,CAAC;IAC/D,CAAC;IACD,qEAAqE;IACrE,KAAK,MAAM,QAAQ,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAU,EAAE,CAAC;QACzF,IAAI,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,eAAe,CAAC,2BAA2B,QAAQ,EAAE,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,KAAK,CAAC,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACtF,MAAM,IAAI,eAAe,CAAC,oCAAoC,CAAC,CAAC;IAClE,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,WAAW,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;QACrF,MAAM,IAAI,eAAe,CAAC,+BAA+B,CAAC,CAAC;IAC7D,CAAC;IACD,8CAA8C;IAC9C,MAAM,IAAI,GAAe;QACvB,GAAG,EAAE,GAAG,CAAC,KAAK,CAAW;QACzB,EAAE,EAAE,GAAG,CAAC,IAAI,CAAW;QACvB,SAAS,EAAE,GAAG,CAAC,WAAW,CAAW;QACrC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAW;QAC3B,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAW;QAC/B,OAAO,EAAE,GAAG,CAAC,SAAS,CAAC;QACvB,QAAQ,EAAE,GAAG,CAAC,UAAU,CAAkB;QAC1C,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3E,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACnE,CAAC;IACF,MAAM,QAAQ,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IACjC,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,MAAM,IAAI,eAAe,CAAC,yBAAyB,IAAI,aAAa,QAAQ,EAAE,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IAC5F,CAAC;IACD,OAAO,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,WAAW,CAAC,GAAoB;IAC9C,MAAM,IAAI,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAClE,IAAI,IAAI,KAAK,EAAE;QAAE,OAAO,EAAE,CAAC;IAC3B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,kFAAkF;IAClF,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACrC,IAAI,IAAI,KAAK,EAAE,EAAE,CAAC;QAChB,MAAM,IAAI,eAAe,CAAC,oCAAoC,IAAK,CAAC,MAAM,wBAAwB,CAAC,CAAC;IACtG,CAAC;IACD,KAAK,CAAC,GAAG,EAAE,CAAC;IAEZ,MAAM,OAAO,GAAuB,EAAE,CAAC;IACvC,IAAI,gBAAgB,GAAG,SAAS,CAAC;IACjC,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;QAC9B,IAAI,KAAK,CAAC,GAAG,KAAK,WAAW,EAAE,CAAC;YAC9B,MAAM,IAAI,eAAe,CAAC,qBAAqB,WAAW,SAAS,KAAK,CAAC,GAAG,EAAE,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7F,CAAC;QACD,IAAI,KAAK,CAAC,SAAS,KAAK,gBAAgB,EAAE,CAAC;YACzC,MAAM,IAAI,eAAe,CACvB,gCAAgC,gBAAgB,SAAS,KAAK,CAAC,SAAS,EAAE,EAC1E,KAAK,CAAC,GAAG,CACV,CAAC;QACJ,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpB,gBAAgB,GAAG,KAAK,CAAC,IAAI,CAAC;QAC9B,WAAW,EAAE,CAAC;IAChB,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAUD;;;GAGG;AACH,MAAM,UAAU,QAAQ,CAAC,IAAY;IACnC,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACrD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;QAC7C,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IACD,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IACjC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IAC7C,CAAC;IACD,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC;IAC1C,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,GAAG,GAAG,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC;AACxD,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,OAAO,WAAW;IACb,IAAI,CAAS;IACtB,KAAK,CAAY;IACjB,OAAO,GAAG,KAAK,CAAC;IAChB,6DAA6D;IAC7D,IAAI,CAAe;IAEnB,YAAY,IAAY,EAAE,OAA+B,EAAE;QACzD,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,KAAK,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC5B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED,IAAI,IAAI;QACN,OAAO,EAAE,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;IAC3B,CAAC;IAED,MAAM,CAAC,KAON;QACC,IAAI,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC3D,MAAM,KAAK,GAAe;YACxB,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO;YACvB,EAAE,EAAE,IAAI,CAAC,IAAI,EAAE;YACf,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ;YAC9B,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,GAAG,CAAC,KAAK,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/D,GAAG,CAAC,KAAK,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACvD,CAAC;QACF,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;QAChC,MAAM,IAAI,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QAEpC,MAAM,EAAE,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;QAC3C,IAAI,CAAC;YACH,SAAS,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;YACpB,SAAS,CAAC,EAAE,CAAC,CAAC;QAChB,CAAC;gBAAS,CAAC;YACT,SAAS,CAAC,EAAE,CAAC,CAAC;QAChB,CAAC;QAED,IAAI,CAAC,KAAK,GAAG,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,GAAG,CAAC,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;QAChE,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK;QACH,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;IACtB,CAAC;CACF"}

package/dist/src/bin/sigild.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=sigild.d.ts.map

package/dist/src/bin/sigild.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sigild.d.ts","sourceRoot":"","sources":["../../../src/bin/sigild.ts"],"names":[],"mappings":""}

package/dist/src/bin/sigild.js

@@ -0,0 +1,30 @@
+#!/usr/bin/env node
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+import { readPassphrase } from '../daemon/passphrase.js';
+import { runDaemon } from '../daemon/runtime.js';
+const sigilHome = process.env['SIGIL_HOME'] ?? join(homedir(), '.sigil');
+let shutting = false;
+async function main() {
+    const handle = await runDaemon({
+        sigilHome,
+        passphrase: () => readPassphrase('sigil passphrase: '),
+        onLog: (e) => process.stderr.write(JSON.stringify(e) + '\n'),
+    });
+    process.stderr.write(`sigild ready: ${handle.portals} portal(s) loaded, listening on ${handle.socketPath}\n`);
+    const shutdown = async (signal) => {
+        if (shutting)
+            return;
+        shutting = true;
+        process.stderr.write(`sigild: ${signal} received, shutting down\n`);
+        await handle.shutdown();
+        process.exit(0);
+    };
+    process.on('SIGINT', () => { void shutdown('SIGINT'); });
+    process.on('SIGTERM', () => { void shutdown('SIGTERM'); });
+}
+main().catch((err) => {
+    process.stderr.write(`sigild: ${err.message}\n`);
+    process.exit(1);
+});
+//# sourceMappingURL=sigild.js.map

package/dist/src/bin/sigild.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sigild.js","sourceRoot":"","sources":["../../../src/bin/sigild.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AAEjD,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,CAAC;AAEzE,IAAI,QAAQ,GAAG,KAAK,CAAC;AAErB,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC;QAC7B,SAAS;QACT,UAAU,EAAE,GAAG,EAAE,CAAC,cAAc,CAAC,oBAAoB,CAAC;QACtD,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;KAC7D,CAAC,CAAC;IAEH,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,iBAAiB,MAAM,CAAC,OAAO,mCAAmC,MAAM,CAAC,UAAU,IAAI,CACxF,CAAC;IAEF,MAAM,QAAQ,GAAG,KAAK,EAAE,MAAc,EAAiB,EAAE;QACvD,IAAI,QAAQ;YAAE,OAAO;QACrB,QAAQ,GAAG,IAAI,CAAC;QAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,MAAM,4BAA4B,CAAC,CAAC;QACpE,MAAM,MAAM,CAAC,QAAQ,EAAE,CAAC;QACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,GAAG,KAAK,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACzD,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,GAAG,KAAK,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAU,EAAE,EAAE;IAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,GAAG,CAAC,OAAO,IAAI,CAAC,CAAC;IACjD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/src/crypto/aead.d.ts

@@ -0,0 +1,9 @@
+export declare const AEAD_KEY_LEN = 32;
+export declare const AEAD_NONCE_LEN = 24;
+export declare const AEAD_TAG_LEN = 16;
+export declare class AeadVerifyError extends Error {
+    constructor(cause?: unknown);
+}
+export declare function aeadEncrypt(key: Buffer | Uint8Array, nonce: Buffer | Uint8Array, plaintext: Buffer | Uint8Array, aad?: Buffer | Uint8Array): Buffer;
+export declare function aeadDecrypt(key: Buffer | Uint8Array, nonce: Buffer | Uint8Array, ciphertext: Buffer | Uint8Array, aad?: Buffer | Uint8Array): Buffer;
+//# sourceMappingURL=aead.d.ts.map

package/dist/src/crypto/aead.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"aead.d.ts","sourceRoot":"","sources":["../../../src/crypto/aead.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,YAAY,KAAK,CAAC;AAC/B,eAAO,MAAM,cAAc,KAAK,CAAC;AACjC,eAAO,MAAM,YAAY,KAAK,CAAC;AAE/B,qBAAa,eAAgB,SAAQ,KAAK;gBAC5B,KAAK,CAAC,EAAE,OAAO;CAK5B;AAED,wBAAgB,WAAW,CACzB,GAAG,EAAE,MAAM,GAAG,UAAU,EACxB,KAAK,EAAE,MAAM,GAAG,UAAU,EAC1B,SAAS,EAAE,MAAM,GAAG,UAAU,EAC9B,GAAG,CAAC,EAAE,MAAM,GAAG,UAAU,GACxB,MAAM,CASR;AAED,wBAAgB,WAAW,CACzB,GAAG,EAAE,MAAM,GAAG,UAAU,EACxB,KAAK,EAAE,MAAM,GAAG,UAAU,EAC1B,UAAU,EAAE,MAAM,GAAG,UAAU,EAC/B,GAAG,CAAC,EAAE,MAAM,GAAG,UAAU,GACxB,MAAM,CAaR"}

package/dist/src/crypto/aead.js

@@ -0,0 +1,38 @@
+import { xchacha20poly1305 } from '@noble/ciphers/chacha.js';
+export const AEAD_KEY_LEN = 32;
+export const AEAD_NONCE_LEN = 24;
+export const AEAD_TAG_LEN = 16;
+export class AeadVerifyError extends Error {
+    constructor(cause) {
+        super('AEAD verification failed (wrong key, wrong nonce, tampered ciphertext, or mismatched AAD)');
+        this.name = 'AeadVerifyError';
+        if (cause !== undefined)
+            this.cause = cause;
+    }
+}
+export function aeadEncrypt(key, nonce, plaintext, aad) {
+    if (key.length !== AEAD_KEY_LEN) {
+        throw new Error(`key must be ${AEAD_KEY_LEN} bytes, got ${key.length}`);
+    }
+    if (nonce.length !== AEAD_NONCE_LEN) {
+        throw new Error(`nonce must be ${AEAD_NONCE_LEN} bytes, got ${nonce.length}`);
+    }
+    const cipher = xchacha20poly1305(key, nonce, aad);
+    return Buffer.from(cipher.encrypt(plaintext));
+}
+export function aeadDecrypt(key, nonce, ciphertext, aad) {
+    if (key.length !== AEAD_KEY_LEN) {
+        throw new Error(`key must be ${AEAD_KEY_LEN} bytes, got ${key.length}`);
+    }
+    if (nonce.length !== AEAD_NONCE_LEN) {
+        throw new Error(`nonce must be ${AEAD_NONCE_LEN} bytes, got ${nonce.length}`);
+    }
+    const cipher = xchacha20poly1305(key, nonce, aad);
+    try {
+        return Buffer.from(cipher.decrypt(ciphertext));
+    }
+    catch (err) {
+        throw new AeadVerifyError(err);
+    }
+}
+//# sourceMappingURL=aead.js.map

package/dist/src/crypto/aead.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aead.js","sourceRoot":"","sources":["../../../src/crypto/aead.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAE7D,MAAM,CAAC,MAAM,YAAY,GAAG,EAAE,CAAC;AAC/B,MAAM,CAAC,MAAM,cAAc,GAAG,EAAE,CAAC;AACjC,MAAM,CAAC,MAAM,YAAY,GAAG,EAAE,CAAC;AAE/B,MAAM,OAAO,eAAgB,SAAQ,KAAK;IACxC,YAAY,KAAe;QACzB,KAAK,CAAC,2FAA2F,CAAC,CAAC;QACnG,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;QAC9B,IAAI,KAAK,KAAK,SAAS;YAAE,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IAC9C,CAAC;CACF;AAED,MAAM,UAAU,WAAW,CACzB,GAAwB,EACxB,KAA0B,EAC1B,SAA8B,EAC9B,GAAyB;IAEzB,IAAI,GAAG,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,eAAe,YAAY,eAAe,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC1E,CAAC;IACD,IAAI,KAAK,CAAC,MAAM,KAAK,cAAc,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,iBAAiB,cAAc,eAAe,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IAChF,CAAC;IACD,MAAM,MAAM,GAAG,iBAAiB,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;IAClD,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC;AAChD,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,GAAwB,EACxB,KAA0B,EAC1B,UAA+B,EAC/B,GAAyB;IAEzB,IAAI,GAAG,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,eAAe,YAAY,eAAe,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC1E,CAAC;IACD,IAAI,KAAK,CAAC,MAAM,KAAK,cAAc,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,iBAAiB,cAAc,eAAe,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IAChF,CAAC;IACD,MAAM,MAAM,GAAG,iBAAiB,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;IAClD,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC;IACjD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;AACH,CAAC"}

package/dist/src/crypto/index.d.ts

@@ -0,0 +1,5 @@
+export { SecretBuffer, SecretBufferDisposedError, SecretBufferSerializeError, } from './secret-buffer.js';
+export { DEFAULT_KDF_PARAMS, SALT_LEN, DERIVED_KEY_LEN, deriveKey, type KdfParams, } from './kdf.js';
+export { AEAD_KEY_LEN, AEAD_NONCE_LEN, AEAD_TAG_LEN, AeadVerifyError, aeadEncrypt, aeadDecrypt, } from './aead.js';
+export { HEADER_LEN, KeyfileFormatError, WrongPassphraseError, sealKey, unsealKey, } from './keyfile.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/crypto/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/crypto/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,yBAAyB,EACzB,0BAA0B,GAC3B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,kBAAkB,EAClB,QAAQ,EACR,eAAe,EACf,SAAS,EACT,KAAK,SAAS,GACf,MAAM,UAAU,CAAC;AAClB,OAAO,EACL,YAAY,EACZ,cAAc,EACd,YAAY,EACZ,eAAe,EACf,WAAW,EACX,WAAW,GACZ,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,UAAU,EACV,kBAAkB,EAClB,oBAAoB,EACpB,OAAO,EACP,SAAS,GACV,MAAM,cAAc,CAAC"}

package/dist/src/crypto/index.js

@@ -0,0 +1,5 @@
+export { SecretBuffer, SecretBufferDisposedError, SecretBufferSerializeError, } from './secret-buffer.js';
+export { DEFAULT_KDF_PARAMS, SALT_LEN, DERIVED_KEY_LEN, deriveKey, } from './kdf.js';
+export { AEAD_KEY_LEN, AEAD_NONCE_LEN, AEAD_TAG_LEN, AeadVerifyError, aeadEncrypt, aeadDecrypt, } from './aead.js';
+export { HEADER_LEN, KeyfileFormatError, WrongPassphraseError, sealKey, unsealKey, } from './keyfile.js';
+//# sourceMappingURL=index.js.map

package/dist/src/crypto/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/crypto/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,yBAAyB,EACzB,0BAA0B,GAC3B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,kBAAkB,EAClB,QAAQ,EACR,eAAe,EACf,SAAS,GAEV,MAAM,UAAU,CAAC;AAClB,OAAO,EACL,YAAY,EACZ,cAAc,EACd,YAAY,EACZ,eAAe,EACf,WAAW,EACX,WAAW,GACZ,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,UAAU,EACV,kBAAkB,EAClB,oBAAoB,EACpB,OAAO,EACP,SAAS,GACV,MAAM,cAAc,CAAC"}

package/dist/src/crypto/kdf.d.ts

@@ -0,0 +1,10 @@
+export interface KdfParams {
+    m: number;
+    t: number;
+    p: number;
+}
+export declare const DEFAULT_KDF_PARAMS: KdfParams;
+export declare const SALT_LEN = 16;
+export declare const DERIVED_KEY_LEN = 32;
+export declare function deriveKey(passphrase: Buffer | Uint8Array, salt: Buffer | Uint8Array, params?: KdfParams): Buffer;
+//# sourceMappingURL=kdf.d.ts.map

package/dist/src/crypto/kdf.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"kdf.d.ts","sourceRoot":"","sources":["../../../src/crypto/kdf.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,SAAS;IACxB,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;CACX;AAED,eAAO,MAAM,kBAAkB,EAAE,SAIhC,CAAC;AAEF,eAAO,MAAM,QAAQ,KAAK,CAAC;AAC3B,eAAO,MAAM,eAAe,KAAK,CAAC;AAElC,wBAAgB,SAAS,CACvB,UAAU,EAAE,MAAM,GAAG,UAAU,EAC/B,IAAI,EAAE,MAAM,GAAG,UAAU,EACzB,MAAM,GAAE,SAA8B,GACrC,MAAM,CAeR"}

package/dist/src/crypto/kdf.js

@@ -0,0 +1,27 @@
+import { argon2id } from '@noble/hashes/argon2.js';
+export const DEFAULT_KDF_PARAMS = {
+    m: 64 * 1024,
+    t: 3,
+    p: 4,
+};
+export const SALT_LEN = 16;
+export const DERIVED_KEY_LEN = 32;
+export function deriveKey(passphrase, salt, params = DEFAULT_KDF_PARAMS) {
+    if (salt.length !== SALT_LEN) {
+        throw new Error(`salt must be ${SALT_LEN} bytes, got ${salt.length}`);
+    }
+    if (params.m < 8)
+        throw new Error('argon2id m must be >= 8 KiB');
+    if (params.t < 1)
+        throw new Error('argon2id t must be >= 1');
+    if (params.p < 1)
+        throw new Error('argon2id p must be >= 1');
+    const out = argon2id(passphrase, salt, {
+        m: params.m,
+        t: params.t,
+        p: params.p,
+        dkLen: DERIVED_KEY_LEN,
+    });
+    return Buffer.from(out);
+}
+//# sourceMappingURL=kdf.js.map

package/dist/src/crypto/kdf.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"kdf.js","sourceRoot":"","sources":["../../../src/crypto/kdf.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AAQnD,MAAM,CAAC,MAAM,kBAAkB,GAAc;IAC3C,CAAC,EAAE,EAAE,GAAG,IAAI;IACZ,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,CAAC;CACL,CAAC;AAEF,MAAM,CAAC,MAAM,QAAQ,GAAG,EAAE,CAAC;AAC3B,MAAM,CAAC,MAAM,eAAe,GAAG,EAAE,CAAC;AAElC,MAAM,UAAU,SAAS,CACvB,UAA+B,EAC/B,IAAyB,EACzB,SAAoB,kBAAkB;IAEtC,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,gBAAgB,QAAQ,eAAe,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACxE,CAAC;IACD,IAAI,MAAM,CAAC,CAAC,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjE,IAAI,MAAM,CAAC,CAAC,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7D,IAAI,MAAM,CAAC,CAAC,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAE7D,MAAM,GAAG,GAAG,QAAQ,CAAC,UAAU,EAAE,IAAI,EAAE;QACrC,CAAC,EAAE,MAAM,CAAC,CAAC;QACX,CAAC,EAAE,MAAM,CAAC,CAAC;QACX,CAAC,EAAE,MAAM,CAAC,CAAC;QACX,KAAK,EAAE,eAAe;KACvB,CAAC,CAAC;IACH,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC"}

package/dist/src/crypto/keyfile.d.ts

@@ -0,0 +1,12 @@
+import { type KdfParams } from './kdf.js';
+import { SecretBuffer } from './secret-buffer.js';
+export declare const HEADER_LEN: number;
+export declare class KeyfileFormatError extends Error {
+    constructor(reason: string);
+}
+export declare class WrongPassphraseError extends Error {
+    constructor();
+}
+export declare function sealKey(plainKey: Buffer | Uint8Array, passphrase: Buffer | Uint8Array, params?: KdfParams): Buffer;
+export declare function unsealKey(keyfileBytes: Buffer, passphrase: Buffer | Uint8Array): SecretBuffer;
+//# sourceMappingURL=keyfile.d.ts.map

package/dist/src/crypto/keyfile.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"keyfile.d.ts","sourceRoot":"","sources":["../../../src/crypto/keyfile.ts"],"names":[],"mappings":"AAEA,OAAO,EAA2C,KAAK,SAAS,EAAE,MAAM,UAAU,CAAC;AACnF,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAOlD,eAAO,MAAM,UAAU,QAUP,CAAC;AAGjB,qBAAa,kBAAmB,SAAQ,KAAK;gBAC/B,MAAM,EAAE,MAAM;CAI3B;AAED,qBAAa,oBAAqB,SAAQ,KAAK;;CAK9C;AA6DD,wBAAgB,OAAO,CACrB,QAAQ,EAAE,MAAM,GAAG,UAAU,EAC7B,UAAU,EAAE,MAAM,GAAG,UAAU,EAC/B,MAAM,GAAE,SAA8B,GACrC,MAAM,CAWR;AAED,wBAAgB,SAAS,CACvB,YAAY,EAAE,MAAM,EACpB,UAAU,EAAE,MAAM,GAAG,UAAU,GAC9B,YAAY,CAcd"}

package/dist/src/crypto/keyfile.js

@@ -0,0 +1,114 @@
+import { randomBytes } from 'node:crypto';
+import { AEAD_NONCE_LEN, aeadDecrypt, aeadEncrypt, AeadVerifyError } from './aead.js';
+import { DEFAULT_KDF_PARAMS, deriveKey, SALT_LEN } from './kdf.js';
+import { SecretBuffer } from './secret-buffer.js';
+const MAGIC = Buffer.from('SIGIL', 'ascii');
+const FORMAT_VERSION = 0x01;
+const KDF_ARGON2ID = 0x01;
+const AEAD_XCHACHA20POLY1305 = 0x01;
+export const HEADER_LEN = MAGIC.length + // 5
+    1 + // format version
+    1 + // kdf type
+    4 + // kdf.m (uint32 BE, KiB)
+    1 + // kdf.t
+    1 + // kdf.p
+    1 + // aead type
+    2 + // reserved
+    SALT_LEN + // 16
+    AEAD_NONCE_LEN; // 24
+// total: 56
+export class KeyfileFormatError extends Error {
+    constructor(reason) {
+        super(`keyfile format error: ${reason}`);
+        this.name = 'KeyfileFormatError';
+    }
+}
+export class WrongPassphraseError extends Error {
+    constructor() {
+        super('wrong passphrase or tampered keyfile');
+        this.name = 'WrongPassphraseError';
+    }
+}
+function buildHeader(salt, nonce, params) {
+    const h = Buffer.alloc(HEADER_LEN);
+    let off = 0;
+    MAGIC.copy(h, off);
+    off += MAGIC.length;
+    h.writeUInt8(FORMAT_VERSION, off++);
+    h.writeUInt8(KDF_ARGON2ID, off++);
+    h.writeUInt32BE(params.m, off);
+    off += 4;
+    h.writeUInt8(params.t, off++);
+    h.writeUInt8(params.p, off++);
+    h.writeUInt8(AEAD_XCHACHA20POLY1305, off++);
+    h.writeUInt16BE(0, off);
+    off += 2;
+    salt.copy(h, off);
+    off += SALT_LEN;
+    nonce.copy(h, off);
+    off += AEAD_NONCE_LEN;
+    return h;
+}
+function parseHeader(buf) {
+    if (buf.length < HEADER_LEN) {
+        throw new KeyfileFormatError(`truncated: need at least ${HEADER_LEN} bytes, got ${buf.length}`);
+    }
+    let off = 0;
+    if (!buf.subarray(off, off + MAGIC.length).equals(MAGIC)) {
+        throw new KeyfileFormatError('bad magic');
+    }
+    off += MAGIC.length;
+    const ver = buf.readUInt8(off++);
+    if (ver !== FORMAT_VERSION) {
+        throw new KeyfileFormatError(`unsupported format version ${ver}`);
+    }
+    const kdfType = buf.readUInt8(off++);
+    if (kdfType !== KDF_ARGON2ID) {
+        throw new KeyfileFormatError(`unsupported kdf type ${kdfType}`);
+    }
+    const m = buf.readUInt32BE(off);
+    off += 4;
+    const t = buf.readUInt8(off++);
+    const p = buf.readUInt8(off++);
+    const aeadType = buf.readUInt8(off++);
+    if (aeadType !== AEAD_XCHACHA20POLY1305) {
+        throw new KeyfileFormatError(`unsupported aead type ${aeadType}`);
+    }
+    off += 2; // reserved
+    const salt = Buffer.from(buf.subarray(off, off + SALT_LEN));
+    off += SALT_LEN;
+    const nonce = Buffer.from(buf.subarray(off, off + AEAD_NONCE_LEN));
+    return { kdf: { m, t, p }, salt, nonce };
+}
+export function sealKey(plainKey, passphrase, params = DEFAULT_KDF_PARAMS) {
+    const salt = randomBytes(SALT_LEN);
+    const nonce = randomBytes(AEAD_NONCE_LEN);
+    const header = buildHeader(salt, nonce, params);
+    const derivedKey = deriveKey(passphrase, salt, params);
+    try {
+        const ciphertext = aeadEncrypt(derivedKey, nonce, plainKey, header);
+        return Buffer.concat([header, ciphertext]);
+    }
+    finally {
+        derivedKey.fill(0);
+    }
+}
+export function unsealKey(keyfileBytes, passphrase) {
+    const { kdf, salt, nonce } = parseHeader(keyfileBytes);
+    const header = keyfileBytes.subarray(0, HEADER_LEN);
+    const ciphertext = keyfileBytes.subarray(HEADER_LEN);
+    const derivedKey = deriveKey(passphrase, salt, kdf);
+    try {
+        const plain = aeadDecrypt(derivedKey, nonce, ciphertext, header);
+        return new SecretBuffer(plain);
+    }
+    catch (err) {
+        if (err instanceof AeadVerifyError)
+            throw new WrongPassphraseError();
+        throw err;
+    }
+    finally {
+        derivedKey.fill(0);
+    }
+}
+//# sourceMappingURL=keyfile.js.map

package/dist/src/crypto/keyfile.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keyfile.js","sourceRoot":"","sources":["../../../src/crypto/keyfile.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AACtF,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,QAAQ,EAAkB,MAAM,UAAU,CAAC;AACnF,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AAC5C,MAAM,cAAc,GAAG,IAAI,CAAC;AAC5B,MAAM,YAAY,GAAG,IAAI,CAAC;AAC1B,MAAM,sBAAsB,GAAG,IAAI,CAAC;AAEpC,MAAM,CAAC,MAAM,UAAU,GACrB,KAAK,CAAC,MAAM,GAAG,IAAI;IACnB,CAAC,GAAG,iBAAiB;IACrB,CAAC,GAAG,WAAW;IACf,CAAC,GAAG,yBAAyB;IAC7B,CAAC,GAAG,QAAQ;IACZ,CAAC,GAAG,QAAQ;IACZ,CAAC,GAAG,YAAY;IAChB,CAAC,GAAG,WAAW;IACf,QAAQ,GAAG,KAAK;IAChB,cAAc,CAAC,CAAC,KAAK;AACvB,YAAY;AAEZ,MAAM,OAAO,kBAAmB,SAAQ,KAAK;IAC3C,YAAY,MAAc;QACxB,KAAK,CAAC,yBAAyB,MAAM,EAAE,CAAC,CAAC;QACzC,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;IACnC,CAAC;CACF;AAED,MAAM,OAAO,oBAAqB,SAAQ,KAAK;IAC7C;QACE,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC9C,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;IACrC,CAAC;CACF;AAQD,SAAS,WAAW,CAAC,IAAY,EAAE,KAAa,EAAE,MAAiB;IACjE,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IACnC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,CAAC,IAAI,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACnB,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC;IACpB,CAAC,CAAC,UAAU,CAAC,cAAc,EAAE,GAAG,EAAE,CAAC,CAAC;IACpC,CAAC,CAAC,UAAU,CAAC,YAAY,EAAE,GAAG,EAAE,CAAC,CAAC;IAClC,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC/B,GAAG,IAAI,CAAC,CAAC;IACT,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;IAC9B,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;IAC9B,CAAC,CAAC,UAAU,CAAC,sBAAsB,EAAE,GAAG,EAAE,CAAC,CAAC;IAC5C,CAAC,CAAC,aAAa,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACxB,GAAG,IAAI,CAAC,CAAC;IACT,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAClB,GAAG,IAAI,QAAQ,CAAC;IAChB,KAAK,CAAC,IAAI,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACnB,GAAG,IAAI,cAAc,CAAC;IACtB,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,IAAI,GAAG,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;QAC5B,MAAM,IAAI,kBAAkB,CAAC,4BAA4B,UAAU,eAAe,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAClG,CAAC;IACD,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,GAAG,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QACzD,MAAM,IAAI,kBAAkB,CAAC,WAAW,CAAC,CAAC;IAC5C,CAAC;IACD,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC;IACpB,MAAM,GAAG,GAAG,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,CAAC;IACjC,IAAI,GAAG,KAAK,cAAc,EAAE,CAAC;QAC3B,MAAM,IAAI,kBAAkB,CAAC,8BAA8B,GAAG,EAAE,CAAC,CAAC;IACpE,CAAC;IACD,MAAM,OAAO,GAAG,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,CAAC;IACrC,IAAI,OAAO,KAAK,YAAY,EAAE,CAAC;QAC7B,MAAM,IAAI,kBAAkB,CAAC,wBAAwB,OAAO,EAAE,CAAC,CAAC;IAClE,CAAC;IACD,MAAM,CAAC,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;IAChC,GAAG,IAAI,CAAC,CAAC;IACT,MAAM,CAAC,GAAG,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,CAAC;IAC/B,MAAM,CAAC,GAAG,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,CAAC;IAC/B,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,CAAC;IACtC,IAAI,QAAQ,KAAK,sBAAsB,EAAE,CAAC;QACxC,MAAM,IAAI,kBAAkB,CAAC,yBAAyB,QAAQ,EAAE,CAAC,CAAC;IACpE,CAAC;IACD,GAAG,IAAI,CAAC,CAAC,CAAC,WAAW;IACrB,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC;IAC5D,GAAG,IAAI,QAAQ,CAAC;IAChB,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,GAAG,GAAG,cAAc,CAAC,CAAC,CAAC;IACnE,OAAO,EAAE,GAAG,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AAC3C,CAAC;AAED,MAAM,UAAU,OAAO,CACrB,QAA6B,EAC7B,UAA+B,EAC/B,SAAoB,kBAAkB;IAEtC,MAAM,IAAI,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;IACnC,MAAM,KAAK,GAAG,WAAW,CAAC,cAAc,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAChD,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;IACvD,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,WAAW,CAAC,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;QACpE,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC;IAC7C,CAAC;YAAS,CAAC;QACT,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACrB,CAAC;AACH,CAAC;AAED,MAAM,UAAU,SAAS,CACvB,YAAoB,EACpB,UAA+B;IAE/B,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;IACvD,MAAM,MAAM,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IACpD,MAAM,UAAU,GAAG,YAAY,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;IACpD,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,WAAW,CAAC,UAAU,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;QACjE,OAAO,IAAI,YAAY,CAAC,KAAK,CAAC,CAAC;IACjC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,eAAe;YAAE,MAAM,IAAI,oBAAoB,EAAE,CAAC;QACrE,MAAM,GAAG,CAAC;IACZ,CAAC;YAAS,CAAC;QACT,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACrB,CAAC;AACH,CAAC"}

package/dist/src/crypto/secret-buffer.d.ts

@@ -0,0 +1,19 @@
+import { inspect } from 'node:util';
+export declare class SecretBufferDisposedError extends Error {
+    constructor();
+}
+export declare class SecretBufferSerializeError extends Error {
+    constructor();
+}
+export declare class SecretBuffer {
+    #private;
+    constructor(source: Buffer | Uint8Array);
+    bytes(): Buffer;
+    get length(): number;
+    dispose(): void;
+    get isDisposed(): boolean;
+    toString(): never;
+    toJSON(): never;
+    [inspect.custom](): string;
+}
+//# sourceMappingURL=secret-buffer.d.ts.map

package/dist/src/crypto/secret-buffer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-buffer.d.ts","sourceRoot":"","sources":["../../../src/crypto/secret-buffer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,qBAAa,yBAA0B,SAAQ,KAAK;;CAKnD;AAED,qBAAa,0BAA2B,SAAQ,KAAK;;CAKpD;AAED,qBAAa,YAAY;;gBAGX,MAAM,EAAE,MAAM,GAAG,UAAU;IAIvC,KAAK,IAAI,MAAM;IAKf,IAAI,MAAM,IAAI,MAAM,CAGnB;IAED,OAAO,IAAI,IAAI;IAOf,IAAI,UAAU,IAAI,OAAO,CAExB;IAED,QAAQ,IAAI,KAAK;IAIjB,MAAM,IAAI,KAAK;IAIf,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM;CAG3B"}

package/dist/src/crypto/secret-buffer.js

@@ -0,0 +1,48 @@
+import { inspect } from 'node:util';
+export class SecretBufferDisposedError extends Error {
+    constructor() {
+        super('SecretBuffer has been disposed');
+        this.name = 'SecretBufferDisposedError';
+    }
+}
+export class SecretBufferSerializeError extends Error {
+    constructor() {
+        super('SecretBuffer cannot be serialized; use .bytes() if you really need the value');
+        this.name = 'SecretBufferSerializeError';
+    }
+}
+export class SecretBuffer {
+    #buf;
+    constructor(source) {
+        this.#buf = Buffer.from(source);
+    }
+    bytes() {
+        if (this.#buf === null)
+            throw new SecretBufferDisposedError();
+        return this.#buf;
+    }
+    get length() {
+        if (this.#buf === null)
+            throw new SecretBufferDisposedError();
+        return this.#buf.length;
+    }
+    dispose() {
+        if (this.#buf !== null) {
+            this.#buf.fill(0);
+            this.#buf = null;
+        }
+    }
+    get isDisposed() {
+        return this.#buf === null;
+    }
+    toString() {
+        throw new SecretBufferSerializeError();
+    }
+    toJSON() {
+        throw new SecretBufferSerializeError();
+    }
+    [inspect.custom]() {
+        return this.#buf === null ? '<SecretBuffer disposed>' : '<SecretBuffer redacted>';
+    }
+}
+//# sourceMappingURL=secret-buffer.js.map

package/dist/src/crypto/secret-buffer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-buffer.js","sourceRoot":"","sources":["../../../src/crypto/secret-buffer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,MAAM,OAAO,yBAA0B,SAAQ,KAAK;IAClD;QACE,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACxC,IAAI,CAAC,IAAI,GAAG,2BAA2B,CAAC;IAC1C,CAAC;CACF;AAED,MAAM,OAAO,0BAA2B,SAAQ,KAAK;IACnD;QACE,KAAK,CAAC,8EAA8E,CAAC,CAAC;QACtF,IAAI,CAAC,IAAI,GAAG,4BAA4B,CAAC;IAC3C,CAAC;CACF;AAED,MAAM,OAAO,YAAY;IACvB,IAAI,CAAgB;IAEpB,YAAY,MAA2B;QACrC,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAClC,CAAC;IAED,KAAK;QACH,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI;YAAE,MAAM,IAAI,yBAAyB,EAAE,CAAC;QAC9D,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED,IAAI,MAAM;QACR,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI;YAAE,MAAM,IAAI,yBAAyB,EAAE,CAAC;QAC9D,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC;IAC1B,CAAC;IAED,OAAO;QACL,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;YACvB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACnB,CAAC;IACH,CAAC;IAED,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC;IAC5B,CAAC;IAED,QAAQ;QACN,MAAM,IAAI,0BAA0B,EAAE,CAAC;IACzC,CAAC;IAED,MAAM;QACJ,MAAM,IAAI,0BAA0B,EAAE,CAAC;IACzC,CAAC;IAED,CAAC,OAAO,CAAC,MAAM,CAAC;QACd,OAAO,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,yBAAyB,CAAC,CAAC,CAAC,yBAAyB,CAAC;IACpF,CAAC;CACF"}