npm - thevoidforge - Versions diffs - 21.0.0 - Mend

thevoidforge 21.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (328) hide show

package/dist/scripts/vault-read.d.ts +11 -0
package/dist/scripts/vault-read.js +89 -0
package/dist/scripts/voidforge.d.ts +20 -0
package/dist/scripts/voidforge.js +404 -0
package/dist/tsconfig.tsbuildinfo +1 -0
package/dist/wizard/api/auth.d.ts +5 -0
package/dist/wizard/api/auth.js +133 -0
package/dist/wizard/api/blueprint.d.ts +45 -0
package/dist/wizard/api/blueprint.js +184 -0
package/dist/wizard/api/cloud-providers.d.ts +16 -0
package/dist/wizard/api/cloud-providers.js +363 -0
package/dist/wizard/api/credentials.d.ts +1 -0
package/dist/wizard/api/credentials.js +258 -0
package/dist/wizard/api/danger-room.d.ts +18 -0
package/dist/wizard/api/danger-room.js +401 -0
package/dist/wizard/api/deploy.d.ts +4 -0
package/dist/wizard/api/deploy.js +164 -0
package/dist/wizard/api/prd.d.ts +1 -0
package/dist/wizard/api/prd.js +363 -0
package/dist/wizard/api/project.d.ts +1 -0
package/dist/wizard/api/project.js +239 -0
package/dist/wizard/api/projects.d.ts +6 -0
package/dist/wizard/api/projects.js +648 -0
package/dist/wizard/api/provision.d.ts +4 -0
package/dist/wizard/api/provision.js +535 -0
package/dist/wizard/api/terminal.d.ts +25 -0
package/dist/wizard/api/terminal.js +241 -0
package/dist/wizard/api/users.d.ts +6 -0
package/dist/wizard/api/users.js +244 -0
package/dist/wizard/api/war-room.d.ts +14 -0
package/dist/wizard/api/war-room.js +45 -0
package/dist/wizard/lib/ad-platform-core.d.ts +6 -0
package/dist/wizard/lib/ad-platform-core.js +1 -0
package/dist/wizard/lib/adapters/index.d.ts +52 -0
package/dist/wizard/lib/adapters/index.js +38 -0
package/dist/wizard/lib/adapters/sandbox-bank.d.ts +17 -0
package/dist/wizard/lib/adapters/sandbox-bank.js +77 -0
package/dist/wizard/lib/adapters/sandbox.d.ts +39 -0
package/dist/wizard/lib/adapters/sandbox.js +174 -0
package/dist/wizard/lib/adapters/stripe.d.ts +19 -0
package/dist/wizard/lib/adapters/stripe.js +143 -0
package/dist/wizard/lib/adapters/types.d.ts +9 -0
package/dist/wizard/lib/adapters/types.js +10 -0
package/dist/wizard/lib/agent-memory.d.ts +36 -0
package/dist/wizard/lib/agent-memory.js +114 -0
package/dist/wizard/lib/anomaly-detection.d.ts +59 -0
package/dist/wizard/lib/anomaly-detection.js +122 -0
package/dist/wizard/lib/anthropic.d.ts +21 -0
package/dist/wizard/lib/anthropic.js +105 -0
package/dist/wizard/lib/asset-scanner.d.ts +23 -0
package/dist/wizard/lib/asset-scanner.js +107 -0
package/dist/wizard/lib/audit-log.d.ts +23 -0
package/dist/wizard/lib/audit-log.js +70 -0
package/dist/wizard/lib/autonomy-controller.d.ts +76 -0
package/dist/wizard/lib/autonomy-controller.js +183 -0
package/dist/wizard/lib/body-parser.d.ts +2 -0
package/dist/wizard/lib/body-parser.js +36 -0
package/dist/wizard/lib/build-analytics.d.ts +39 -0
package/dist/wizard/lib/build-analytics.js +91 -0
package/dist/wizard/lib/build-step.d.ts +21 -0
package/dist/wizard/lib/build-step.js +104 -0
package/dist/wizard/lib/campaign-proposer.d.ts +39 -0
package/dist/wizard/lib/campaign-proposer.js +180 -0
package/dist/wizard/lib/campaign-state-machine.d.ts +63 -0
package/dist/wizard/lib/campaign-state-machine.js +114 -0
package/dist/wizard/lib/ci-generator.d.ts +14 -0
package/dist/wizard/lib/ci-generator.js +187 -0
package/dist/wizard/lib/claude-merge.d.ts +38 -0
package/dist/wizard/lib/claude-merge.js +115 -0
package/dist/wizard/lib/codegen/erd-gen.d.ts +16 -0
package/dist/wizard/lib/codegen/erd-gen.js +98 -0
package/dist/wizard/lib/codegen/integrations.d.ts +18 -0
package/dist/wizard/lib/codegen/integrations.js +189 -0
package/dist/wizard/lib/codegen/openapi-gen.d.ts +15 -0
package/dist/wizard/lib/codegen/openapi-gen.js +79 -0
package/dist/wizard/lib/codegen/prisma-types.d.ts +15 -0
package/dist/wizard/lib/codegen/prisma-types.js +44 -0
package/dist/wizard/lib/codegen/seed-gen.d.ts +16 -0
package/dist/wizard/lib/codegen/seed-gen.js +128 -0
package/dist/wizard/lib/compliance.d.ts +51 -0
package/dist/wizard/lib/compliance.js +112 -0
package/dist/wizard/lib/correlation-engine.d.ts +59 -0
package/dist/wizard/lib/correlation-engine.js +151 -0
package/dist/wizard/lib/cost-estimator.d.ts +22 -0
package/dist/wizard/lib/cost-estimator.js +72 -0
package/dist/wizard/lib/cost-tracker.d.ts +27 -0
package/dist/wizard/lib/cost-tracker.js +37 -0
package/dist/wizard/lib/daemon-aggregator.d.ts +71 -0
package/dist/wizard/lib/daemon-aggregator.js +204 -0
package/dist/wizard/lib/daemon-core.d.ts +6 -0
package/dist/wizard/lib/daemon-core.js +5 -0
package/dist/wizard/lib/dashboard-data.d.ts +132 -0
package/dist/wizard/lib/dashboard-data.js +336 -0
package/dist/wizard/lib/dashboard-ws.d.ts +25 -0
package/dist/wizard/lib/dashboard-ws.js +91 -0
package/dist/wizard/lib/deep-current.d.ts +77 -0
package/dist/wizard/lib/deep-current.js +234 -0
package/dist/wizard/lib/deploy-coordinator.d.ts +40 -0
package/dist/wizard/lib/deploy-coordinator.js +86 -0
package/dist/wizard/lib/deploy-log.d.ts +28 -0
package/dist/wizard/lib/deploy-log.js +52 -0
package/dist/wizard/lib/desktop-notify.d.ts +27 -0
package/dist/wizard/lib/desktop-notify.js +98 -0
package/dist/wizard/lib/dns/cloudflare-dns.d.ts +35 -0
package/dist/wizard/lib/dns/cloudflare-dns.js +216 -0
package/dist/wizard/lib/dns/cloudflare-registrar.d.ts +31 -0
package/dist/wizard/lib/dns/cloudflare-registrar.js +148 -0
package/dist/wizard/lib/dns/types.d.ts +22 -0
package/dist/wizard/lib/dns/types.js +4 -0
package/dist/wizard/lib/document-discovery.d.ts +33 -0
package/dist/wizard/lib/document-discovery.js +145 -0
package/dist/wizard/lib/env-validator.d.ts +14 -0
package/dist/wizard/lib/env-validator.js +205 -0
package/dist/wizard/lib/env-writer.d.ts +13 -0
package/dist/wizard/lib/env-writer.js +26 -0
package/dist/wizard/lib/exec.d.ts +30 -0
package/dist/wizard/lib/exec.js +52 -0
package/dist/wizard/lib/experiment.d.ts +70 -0
package/dist/wizard/lib/experiment.js +169 -0
package/dist/wizard/lib/extensions.d.ts +20 -0
package/dist/wizard/lib/extensions.js +183 -0
package/dist/wizard/lib/financial/adapter-factory.d.ts +47 -0
package/dist/wizard/lib/financial/adapter-factory.js +225 -0
package/dist/wizard/lib/financial/billing/base.d.ts +6 -0
package/dist/wizard/lib/financial/billing/base.js +1 -0
package/dist/wizard/lib/financial/billing/google-billing.d.ts +56 -0
package/dist/wizard/lib/financial/billing/google-billing.js +298 -0
package/dist/wizard/lib/financial/billing/meta-billing.d.ts +54 -0
package/dist/wizard/lib/financial/billing/meta-billing.js +243 -0
package/dist/wizard/lib/financial/billing/tiktok-billing.d.ts +54 -0
package/dist/wizard/lib/financial/billing/tiktok-billing.js +260 -0
package/dist/wizard/lib/financial/campaign/base.d.ts +13 -0
package/dist/wizard/lib/financial/campaign/base.js +1 -0
package/dist/wizard/lib/financial/campaign/google-campaign.d.ts +42 -0
package/dist/wizard/lib/financial/campaign/google-campaign.js +388 -0
package/dist/wizard/lib/financial/campaign/meta-campaign.d.ts +41 -0
package/dist/wizard/lib/financial/campaign/meta-campaign.js +311 -0
package/dist/wizard/lib/financial/campaign/sandbox-campaign.d.ts +45 -0
package/dist/wizard/lib/financial/campaign/sandbox-campaign.js +261 -0
package/dist/wizard/lib/financial/campaign/tiktok-campaign.d.ts +40 -0
package/dist/wizard/lib/financial/campaign/tiktok-campaign.js +350 -0
package/dist/wizard/lib/financial/funding-auto.d.ts +44 -0
package/dist/wizard/lib/financial/funding-auto.js +52 -0
package/dist/wizard/lib/financial/funding-policy.d.ts +60 -0
package/dist/wizard/lib/financial/funding-policy.js +179 -0
package/dist/wizard/lib/financial/platform-planner.d.ts +47 -0
package/dist/wizard/lib/financial/platform-planner.js +134 -0
package/dist/wizard/lib/financial/reconciliation-engine.d.ts +78 -0
package/dist/wizard/lib/financial/reconciliation-engine.js +193 -0
package/dist/wizard/lib/financial/registry.d.ts +22 -0
package/dist/wizard/lib/financial/registry.js +26 -0
package/dist/wizard/lib/financial/reporting.d.ts +96 -0
package/dist/wizard/lib/financial/reporting.js +198 -0
package/dist/wizard/lib/financial/stablecoin/base.d.ts +6 -0
package/dist/wizard/lib/financial/stablecoin/base.js +1 -0
package/dist/wizard/lib/financial/stablecoin/circle.d.ts +54 -0
package/dist/wizard/lib/financial/stablecoin/circle.js +367 -0
package/dist/wizard/lib/financial/stablecoin/mercury.d.ts +24 -0
package/dist/wizard/lib/financial/stablecoin/mercury.js +171 -0
package/dist/wizard/lib/financial/stablecoin/sandbox-stablecoin.d.ts +47 -0
package/dist/wizard/lib/financial/stablecoin/sandbox-stablecoin.js +202 -0
package/dist/wizard/lib/financial/treasury-planner.d.ts +52 -0
package/dist/wizard/lib/financial/treasury-planner.js +128 -0
package/dist/wizard/lib/financial-core.d.ts +6 -0
package/dist/wizard/lib/financial-core.js +5 -0
package/dist/wizard/lib/financial-vault.d.ts +34 -0
package/dist/wizard/lib/financial-vault.js +199 -0
package/dist/wizard/lib/frontmatter.d.ts +30 -0
package/dist/wizard/lib/frontmatter.js +96 -0
package/dist/wizard/lib/gap-analysis.d.ts +37 -0
package/dist/wizard/lib/gap-analysis.js +218 -0
package/dist/wizard/lib/github.d.ts +22 -0
package/dist/wizard/lib/github.js +261 -0
package/dist/wizard/lib/headless-deploy.d.ts +14 -0
package/dist/wizard/lib/headless-deploy.js +452 -0
package/dist/wizard/lib/health-monitor.d.ts +15 -0
package/dist/wizard/lib/health-monitor.js +91 -0
package/dist/wizard/lib/health-poller.d.ts +9 -0
package/dist/wizard/lib/health-poller.js +123 -0
package/dist/wizard/lib/heartbeat.d.ts +15 -0
package/dist/wizard/lib/heartbeat.js +827 -0
package/dist/wizard/lib/http-helpers.d.ts +9 -0
package/dist/wizard/lib/http-helpers.js +24 -0
package/dist/wizard/lib/image-gen.d.ts +56 -0
package/dist/wizard/lib/image-gen.js +159 -0
package/dist/wizard/lib/instance-sizing.d.ts +26 -0
package/dist/wizard/lib/instance-sizing.js +51 -0
package/dist/wizard/lib/kongo/analytics.d.ts +29 -0
package/dist/wizard/lib/kongo/analytics.js +179 -0
package/dist/wizard/lib/kongo/campaigns.d.ts +52 -0
package/dist/wizard/lib/kongo/campaigns.js +91 -0
package/dist/wizard/lib/kongo/client.d.ts +58 -0
package/dist/wizard/lib/kongo/client.js +221 -0
package/dist/wizard/lib/kongo/jobs.d.ts +57 -0
package/dist/wizard/lib/kongo/jobs.js +122 -0
package/dist/wizard/lib/kongo/pages.d.ts +60 -0
package/dist/wizard/lib/kongo/pages.js +150 -0
package/dist/wizard/lib/kongo/provisioner.d.ts +64 -0
package/dist/wizard/lib/kongo/provisioner.js +116 -0
package/dist/wizard/lib/kongo/seed.d.ts +49 -0
package/dist/wizard/lib/kongo/seed.js +237 -0
package/dist/wizard/lib/kongo/types.d.ts +323 -0
package/dist/wizard/lib/kongo/types.js +11 -0
package/dist/wizard/lib/kongo/variants.d.ts +57 -0
package/dist/wizard/lib/kongo/variants.js +88 -0
package/dist/wizard/lib/kongo/webhooks.d.ts +41 -0
package/dist/wizard/lib/kongo/webhooks.js +112 -0
package/dist/wizard/lib/marker.d.ts +28 -0
package/dist/wizard/lib/marker.js +79 -0
package/dist/wizard/lib/migrator.d.ts +35 -0
package/dist/wizard/lib/migrator.js +190 -0
package/dist/wizard/lib/natural-language-deploy.d.ts +30 -0
package/dist/wizard/lib/natural-language-deploy.js +186 -0
package/dist/wizard/lib/network.d.ts +22 -0
package/dist/wizard/lib/network.js +72 -0
package/dist/wizard/lib/oauth-core.d.ts +6 -0
package/dist/wizard/lib/oauth-core.js +5 -0
package/dist/wizard/lib/open-browser.d.ts +1 -0
package/dist/wizard/lib/open-browser.js +26 -0
package/dist/wizard/lib/patterns/ad-billing-adapter.d.ts +209 -0
package/dist/wizard/lib/patterns/ad-billing-adapter.js +269 -0
package/dist/wizard/lib/patterns/ad-platform-adapter.d.ts +200 -0
package/dist/wizard/lib/patterns/ad-platform-adapter.js +212 -0
package/dist/wizard/lib/patterns/daemon-process.d.ts +88 -0
package/dist/wizard/lib/patterns/daemon-process.js +271 -0
package/dist/wizard/lib/patterns/financial-transaction.d.ts +161 -0
package/dist/wizard/lib/patterns/financial-transaction.js +132 -0
package/dist/wizard/lib/patterns/funding-plan.d.ts +136 -0
package/dist/wizard/lib/patterns/funding-plan.js +200 -0
package/dist/wizard/lib/patterns/oauth-token-lifecycle.d.ts +94 -0
package/dist/wizard/lib/patterns/oauth-token-lifecycle.js +139 -0
package/dist/wizard/lib/patterns/outbound-rate-limiter.d.ts +67 -0
package/dist/wizard/lib/patterns/outbound-rate-limiter.js +216 -0
package/dist/wizard/lib/patterns/revenue-source-adapter.d.ts +96 -0
package/dist/wizard/lib/patterns/revenue-source-adapter.js +182 -0
package/dist/wizard/lib/patterns/stablecoin-adapter.d.ts +218 -0
package/dist/wizard/lib/patterns/stablecoin-adapter.js +264 -0
package/dist/wizard/lib/prd-validator.d.ts +39 -0
package/dist/wizard/lib/prd-validator.js +137 -0
package/dist/wizard/lib/project-init.d.ts +24 -0
package/dist/wizard/lib/project-init.js +193 -0
package/dist/wizard/lib/project-registry.d.ts +86 -0
package/dist/wizard/lib/project-registry.js +359 -0
package/dist/wizard/lib/provision-manifest.d.ts +44 -0
package/dist/wizard/lib/provision-manifest.js +164 -0
package/dist/wizard/lib/provisioner-registry.d.ts +15 -0
package/dist/wizard/lib/provisioner-registry.js +34 -0
package/dist/wizard/lib/provisioners/aws-vps.d.ts +6 -0
package/dist/wizard/lib/provisioners/aws-vps.js +643 -0
package/dist/wizard/lib/provisioners/cloudflare.d.ts +6 -0
package/dist/wizard/lib/provisioners/cloudflare.js +300 -0
package/dist/wizard/lib/provisioners/docker.d.ts +6 -0
package/dist/wizard/lib/provisioners/docker.js +75 -0
package/dist/wizard/lib/provisioners/http-client.d.ts +20 -0
package/dist/wizard/lib/provisioners/http-client.js +79 -0
package/dist/wizard/lib/provisioners/railway.d.ts +6 -0
package/dist/wizard/lib/provisioners/railway.js +413 -0
package/dist/wizard/lib/provisioners/scripts/caddyfile.d.ts +10 -0
package/dist/wizard/lib/provisioners/scripts/caddyfile.js +54 -0
package/dist/wizard/lib/provisioners/scripts/deploy-vps.d.ts +10 -0
package/dist/wizard/lib/provisioners/scripts/deploy-vps.js +112 -0
package/dist/wizard/lib/provisioners/scripts/docker-compose.d.ts +11 -0
package/dist/wizard/lib/provisioners/scripts/docker-compose.js +91 -0
package/dist/wizard/lib/provisioners/scripts/dockerfile.d.ts +5 -0
package/dist/wizard/lib/provisioners/scripts/dockerfile.js +185 -0
package/dist/wizard/lib/provisioners/scripts/ecosystem-config.d.ts +10 -0
package/dist/wizard/lib/provisioners/scripts/ecosystem-config.js +36 -0
package/dist/wizard/lib/provisioners/scripts/provision-vps.d.ts +14 -0
package/dist/wizard/lib/provisioners/scripts/provision-vps.js +202 -0
package/dist/wizard/lib/provisioners/scripts/rollback-vps.d.ts +10 -0
package/dist/wizard/lib/provisioners/scripts/rollback-vps.js +67 -0
package/dist/wizard/lib/provisioners/self-deploy.d.ts +41 -0
package/dist/wizard/lib/provisioners/self-deploy.js +185 -0
package/dist/wizard/lib/provisioners/static-s3.d.ts +6 -0
package/dist/wizard/lib/provisioners/static-s3.js +235 -0
package/dist/wizard/lib/provisioners/types.d.ts +40 -0
package/dist/wizard/lib/provisioners/types.js +4 -0
package/dist/wizard/lib/provisioners/vercel.d.ts +6 -0
package/dist/wizard/lib/provisioners/vercel.js +287 -0
package/dist/wizard/lib/pty-manager.d.ts +42 -0
package/dist/wizard/lib/pty-manager.js +231 -0
package/dist/wizard/lib/rate-limiter-core.d.ts +5 -0
package/dist/wizard/lib/rate-limiter-core.js +5 -0
package/dist/wizard/lib/reconciliation.d.ts +43 -0
package/dist/wizard/lib/reconciliation.js +173 -0
package/dist/wizard/lib/revenue-types.d.ts +5 -0
package/dist/wizard/lib/revenue-types.js +1 -0
package/dist/wizard/lib/route-optimizer.d.ts +28 -0
package/dist/wizard/lib/route-optimizer.js +93 -0
package/dist/wizard/lib/s3-deploy.d.ts +19 -0
package/dist/wizard/lib/s3-deploy.js +156 -0
package/dist/wizard/lib/safety-tiers.d.ts +76 -0
package/dist/wizard/lib/safety-tiers.js +134 -0
package/dist/wizard/lib/sentry-generator.d.ts +15 -0
package/dist/wizard/lib/sentry-generator.js +116 -0
package/dist/wizard/lib/server-config.d.ts +13 -0
package/dist/wizard/lib/server-config.js +23 -0
package/dist/wizard/lib/service-install.d.ts +18 -0
package/dist/wizard/lib/service-install.js +182 -0
package/dist/wizard/lib/site-scanner.d.ts +80 -0
package/dist/wizard/lib/site-scanner.js +262 -0
package/dist/wizard/lib/ssh-deploy.d.ts +25 -0
package/dist/wizard/lib/ssh-deploy.js +225 -0
package/dist/wizard/lib/templates.d.ts +24 -0
package/dist/wizard/lib/templates.js +219 -0
package/dist/wizard/lib/totp.d.ts +35 -0
package/dist/wizard/lib/totp.js +276 -0
package/dist/wizard/lib/tower-auth.d.ts +43 -0
package/dist/wizard/lib/tower-auth.js +352 -0
package/dist/wizard/lib/tower-rate-limit.d.ts +14 -0
package/dist/wizard/lib/tower-rate-limit.js +61 -0
package/dist/wizard/lib/tower-session.d.ts +28 -0
package/dist/wizard/lib/tower-session.js +119 -0
package/dist/wizard/lib/treasury-backup.d.ts +23 -0
package/dist/wizard/lib/treasury-backup.js +126 -0
package/dist/wizard/lib/treasury-heartbeat.d.ts +82 -0
package/dist/wizard/lib/treasury-heartbeat.js +1104 -0
package/dist/wizard/lib/updater.d.ts +29 -0
package/dist/wizard/lib/updater.js +190 -0
package/dist/wizard/lib/user-manager.d.ts +39 -0
package/dist/wizard/lib/user-manager.js +182 -0
package/dist/wizard/lib/vault.d.ts +26 -0
package/dist/wizard/lib/vault.js +161 -0
package/dist/wizard/router.d.ts +5 -0
package/dist/wizard/router.js +15 -0
package/dist/wizard/server.d.ts +18 -0
package/dist/wizard/server.js +436 -0
package/package.json +59 -0

package/dist/wizard/lib/treasury-backup.js ADDED Viewed

@@ -0,0 +1,126 @@
+/**
+ * Treasury Backup — Encrypted daily snapshots (§9.17, §9.19.13).
+ *
+ * Daily snapshot of ~/.voidforge/treasury/ + growth state.
+ * Encrypted with vault password (AES-256-GCM).
+ * Retain 30 days. Runs as a heartbeat daemon scheduled job.
+ *
+ * PRD Reference: §9.17 (Backup Strategy), §9.19.13 (scope extension)
+ */
+import { readdir, readFile, mkdir, unlink } from 'node:fs/promises';
+import { createCipheriv, randomBytes, scrypt } from 'node:crypto';
+import { join } from 'node:path';
+import { existsSync } from 'node:fs';
+import { homedir } from 'node:os';
+const TREASURY_DIR = join(homedir(), '.voidforge', 'treasury');
+const BACKUP_DIR = join(homedir(), '.voidforge', 'backups');
+const RETENTION_DAYS = 30;
+/**
+ * Create an encrypted daily backup of the treasury directory.
+ * The backup is a gzipped tar-like concatenation of files, encrypted with AES-256-GCM.
+ * The vault password is the encryption key (via scrypt).
+ */
+export async function createDailyBackup(vaultPassword) {
+    const date = new Date().toISOString().split('T')[0]; // YYYY-MM-DD
+    const backupPath = join(BACKUP_DIR, `treasury-${date}.backup.enc`);
+    await mkdir(BACKUP_DIR, { recursive: true });
+    // Skip if today's backup already exists
+    if (existsSync(backupPath)) {
+        return { path: backupPath, files: 0 };
+    }
+    // Collect all files from treasury directory
+    const files = [];
+    if (existsSync(TREASURY_DIR)) {
+        await collectFiles(TREASURY_DIR, TREASURY_DIR, files);
+    }
+    if (files.length === 0) {
+        return { path: '', files: 0 };
+    }
+    // Serialize file manifest
+    const manifest = files.map(f => ({
+        path: f.relativePath,
+        size: f.content.length,
+    }));
+    // Create a simple archive format: manifest JSON + file contents
+    const archiveData = Buffer.concat([
+        Buffer.from(JSON.stringify(manifest) + '\n---MANIFEST_END---\n'),
+        ...files.map(f => Buffer.concat([
+            Buffer.from(`---FILE:${f.relativePath}:${f.content.length}---\n`),
+            f.content,
+            Buffer.from('\n'),
+        ])),
+    ]);
+    // Encrypt the archive (§9.19.13: encrypted with vault password)
+    const salt = randomBytes(32);
+    const iv = randomBytes(16);
+    const key = await deriveKey(vaultPassword, salt);
+    const cipher = createCipheriv('aes-256-gcm', key, iv);
+    const encrypted = Buffer.concat([cipher.update(archiveData), cipher.final()]);
+    const authTag = cipher.getAuthTag();
+    // Format: salt (32) + iv (16) + authTag (16) + ciphertext
+    const output = Buffer.concat([salt, iv, authTag, encrypted]);
+    // Write atomically
+    const tmpPath = backupPath + '.tmp';
+    const { writeFile: writeFileAsync, rename: renameAsync } = await import('node:fs/promises');
+    await writeFileAsync(tmpPath, output, { mode: 0o600 });
+    await renameAsync(tmpPath, backupPath);
+    // Prune old backups
+    await pruneOldBackups();
+    return { path: backupPath, files: files.length };
+}
+async function collectFiles(dir, baseDir, result) {
+    const entries = await readdir(dir, { withFileTypes: true });
+    for (const entry of entries) {
+        const fullPath = join(dir, entry.name);
+        if (entry.isDirectory()) {
+            await collectFiles(fullPath, baseDir, result);
+        }
+        else if (entry.isFile()) {
+            // v17.0: Size limit to prevent unbounded memory allocation
+            const fileStat = await import('node:fs/promises').then(m => m.stat(fullPath));
+            if (fileStat.size > 100 * 1024 * 1024) {
+                console.warn(`Treasury backup: skipping ${entry.name} (${fileStat.size} bytes > 100MB limit)`);
+                continue;
+            }
+            const relativePath = fullPath.replace(baseDir + '/', '');
+            const content = await readFile(fullPath);
+            result.push({ relativePath, content });
+        }
+    }
+}
+async function deriveKey(password, salt) {
+    return new Promise((resolve, reject) => {
+        scrypt(password.slice(0, 256), salt, 32, { N: 131072, r: 8, p: 1 }, (err, key) => {
+            if (err)
+                reject(err);
+            else
+                resolve(key);
+        });
+    });
+}
+async function pruneOldBackups() {
+    if (!existsSync(BACKUP_DIR))
+        return;
+    const entries = await readdir(BACKUP_DIR);
+    const cutoff = Date.now() - RETENTION_DAYS * 24 * 60 * 60 * 1000;
+    for (const entry of entries) {
+        if (!entry.startsWith('treasury-') || !entry.endsWith('.backup.enc'))
+            continue;
+        const dateStr = entry.replace('treasury-', '').replace('.backup.enc', '');
+        const fileDate = new Date(dateStr).getTime();
+        if (fileDate < cutoff) {
+            await unlink(join(BACKUP_DIR, entry));
+        }
+    }
+}
+/**
+ * Export all financial data (encrypted with vault password).
+ * Used by /treasury --export and uninstall safety.
+ */
+export async function exportTreasuryData(vaultPassword, outputPath) {
+    const result = await createDailyBackup(vaultPassword);
+    if (result.path) {
+        const { copyFile } = await import('node:fs/promises');
+        await copyFile(result.path, outputPath);
+    }
+}

package/dist/wizard/lib/treasury-heartbeat.d.ts ADDED Viewed

@@ -0,0 +1,82 @@
+/**
+ * Treasury Heartbeat — heartbeat jobs, socket handlers, and circuit breakers
+ * for stablecoin funding operations.
+ *
+ * Wires the pure-logic modules (treasury-planner, funding-policy, reconciliation-engine)
+ * into the heartbeat daemon's job scheduler and socket API.
+ *
+ * Only activates when stablecoin funding is configured (funding-config.json.enc exists).
+ *
+ * PRD Reference: S10.4, S12, S13.2, S15, S16
+ * Agents: Dockson (treasury), Heartbeat daemon
+ */
+import type { JobScheduler } from './daemon-core.js';
+/** Logger interface matching heartbeat's createLogger output. */
+interface Logger {
+    log(message: string): void;
+}
+/** Callback to write current daemon state to heartbeat.json. */
+type WriteStateFn = () => Promise<void>;
+/** Callback to trigger a freeze from circuit breaker. */
+type FreezeFn = (reason: string) => Promise<void>;
+interface TreasuryHeartbeatState {
+    stablecoinBalanceCents: number;
+    bankBalanceCents: number;
+    pendingTransferCount: number;
+    lastOfframpAt: string | null;
+    lastReconciliationAt: string | null;
+    runwayDays: number;
+    fundingFrozen: boolean;
+    freezeReason: string | null;
+    consecutiveMismatches: number;
+    consecutiveProviderFailures: number;
+    lastCircuitBreakerCheck: string | null;
+    dailyMovementCents: number;
+    dailyMovementDate: string;
+    /** Pending obligations from billing scans (invoices + expected debits). */
+    pendingObligationsCents: number;
+    /** Google invoice data from last scan. */
+    googleInvoiceDueSoon: boolean;
+    googleInvoiceCents: number;
+    /** Meta debit data from last scan. */
+    metaDebitFailed: boolean;
+    metaPaymentRisk: boolean;
+    metaForecast7DayCents: number;
+}
+export declare function isStablecoinConfigured(): boolean;
+interface PendingTransfer {
+    id: string;
+    fundingPlanId: string;
+    providerTransferId: string;
+    amountCents: number;
+    status: 'pending' | 'processing' | 'completed' | 'failed' | 'cancelled';
+    initiatedAt: string;
+    lastPolledAt: string;
+}
+interface CircuitBreakerResult {
+    shouldFreeze: boolean;
+    reasons: string[];
+}
+export declare function evaluateCircuitBreakers(state: TreasuryHeartbeatState): CircuitBreakerResult;
+/** Evaluate CB-2 specifically for pending transfers beyond SLA. */
+export declare function evaluateTransferSlaBreaker(transfers: PendingTransfer[], slaHours?: number): CircuitBreakerResult;
+/** Evaluate CB-4 and CB-5 from billing adapter state. */
+export declare function evaluateBillingBreakers(opts: {
+    googleInvoiceDueSoon: boolean;
+    googleInvoiceCents: number;
+    bankBalanceCents: number;
+    minimumBufferCents: number;
+    metaDebitFailed: boolean;
+    metaPaymentRisk: boolean;
+}): CircuitBreakerResult;
+export declare function registerTreasuryJobs(scheduler: JobScheduler, logger: Logger, writeCurrentState: WriteStateFn, triggerFreeze: FreezeFn, vaultKey: string | null): void;
+export declare function handleTreasuryRequest(method: string, path: string, _body: unknown, auth: {
+    vaultVerified: boolean;
+    totpVerified: boolean;
+}, logger: Logger, triggerFreeze: FreezeFn, vaultKey: string | null): Promise<{
+    status: number;
+    body: unknown;
+} | null>;
+export declare function executeTreasuryFreeze(reason: string, logger: Logger): Promise<void>;
+export declare function getTreasuryStateSnapshot(): TreasuryHeartbeatState;
+export type { TreasuryHeartbeatState, CircuitBreakerResult, PendingTransfer, Logger, WriteStateFn, FreezeFn, };