withub-cli 0.1.0 → 0.2.1

package/dist/lib/lit.js

@@ -0,0 +1,165 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LitService = exports.LIT_ACTION_CID = exports.LIT_ACTION_CODE = exports.LIT_NETWORK = void 0;
+const lit_node_client_1 = require("@lit-protocol/lit-node-client");
+// Use 'manhattan' as a default network for now, or 'datil-dev' / 'datil-test'
+// For this MVP we will target 'datil-test'
+exports.LIT_NETWORK = 'datil-test';
+exports.LIT_ACTION_CODE = `
+(async () => {
+    // --- Configuration ---
+    const RPC_URL = "https://rpc.mantle.xyz";
+  
+    // 1. Get params from accessControlConditions
+    const _cond = accessControlConditions.find(c => c.standardContractType === "LitAction");
+    const params = _cond.parameters;
+    const repoId = params[0];
+    const contractAddress = params[1];
+    const userAddress = params[2];
+
+    if (!repoId || !contractAddress || !userAddress) {
+        console.log("Missing required params");
+        LitActions.setResponse({ response: "false" });
+        return;
+    }
+  
+    const abi = [
+        "function hasAccess(uint256 repoId, address user) view returns (bool)"
+    ];
+    
+    const provider = new ethers.providers.JsonRpcProvider(RPC_URL);
+    const contract = new ethers.Contract(contractAddress, abi, provider);
+    
+    try {
+        console.log("Checking access for Repo " + repoId + " User " + userAddress);
+        const hasAccess = await contract.hasAccess(repoId, userAddress);
+        console.log("Result: " + hasAccess);
+        LitActions.setResponse({ response: hasAccess.toString() }); 
+    } catch (error) {
+        console.error("Error checking access:", error);
+        LitActions.setResponse({ response: "false" });
+    }
+})();
+`;
+exports.LIT_ACTION_CID = 'bafkreibbq3fltufjarcmk45426mhhssky5izkjuxio7im26q6lxlf2qbda';
+class LitService {
+    constructor(config = {}) {
+        this.connected = false;
+        this.litNodeClient = new lit_node_client_1.LitNodeClient({
+            litNetwork: exports.LIT_NETWORK,
+            debug: config.debug ?? false,
+        });
+    }
+    /**
+     * Generates the Access Control Conditions (ACC) for a specific repo.
+     * Use unifiedAccessControlConditions for evmContract type support.
+     *
+     * @param repoId The repository ID.
+     * @param contractAddress The Wit Repo Contract address.
+     * @returns The Unified ACC array compatible with Lit SDK.
+     */
+    getAccessControlConditions(repoId, contractAddress) {
+        return [
+            {
+                conditionType: 'evmContract',
+                contractAddress: contractAddress,
+                functionName: 'hasAccess',
+                functionParams: [repoId, ':userAddress'],
+                functionAbi: {
+                    name: "hasAccess",
+                    type: "function",
+                    stateMutability: "view",
+                    inputs: [
+                        { name: "repoId", type: "uint256" },
+                        { name: "user", type: "address" }
+                    ],
+                    outputs: [
+                        { name: "", type: "bool" }
+                    ]
+                },
+                chain: 'mantle',
+                returnValueTest: {
+                    key: '',
+                    comparator: '=',
+                    value: 'true',
+                },
+            },
+        ];
+    }
+    async connect() {
+        if (this.connected)
+            return;
+        await this.litNodeClient.connect();
+        this.connected = true;
+    }
+    async disconnect() {
+        if (!this.connected)
+            return;
+        if (typeof this.litNodeClient.disconnect === 'function') {
+            await this.litNodeClient.disconnect();
+        }
+        this.connected = false;
+    }
+    /**
+     * Encrypts a session key using Lit Protocol.
+     *
+     * @param sessionKey The 32-byte session key to encrypt.
+     * @param unifiedAccessControlConditions The Lit Unified Access Control Conditions.
+     * @returns The { ciphertext, dataToEncryptHash } from Lit encryption.
+     */
+    async encryptSessionKey(sessionKey, unifiedAccessControlConditions) {
+        await this.connect();
+        const { ciphertext, dataToEncryptHash } = await this.litNodeClient.encrypt({
+            dataToEncrypt: sessionKey,
+            unifiedAccessControlConditions,
+        });
+        return { ciphertext, dataToEncryptHash };
+    }
+    /**
+     * Decrypts the session key using Lit Protocol.
+     *
+     * @param ciphertext The encrypted session key from Lit.
+     * @param dataToEncryptHash The hash of the session key.
+     * @param unifiedAccessControlConditions The conditions used to encrypt.
+     * @param authSig The user's auth signature (e.g. from wallet).
+     * @returns The raw session key (Buffer).
+     */
+    async decryptSessionKey(ciphertext, dataToEncryptHash, unifiedAccessControlConditions, authSig) {
+        await this.connect();
+        const decryptedString = await this.litNodeClient.decrypt({
+            ciphertext,
+            dataToEncryptHash,
+            unifiedAccessControlConditions,
+            authSig,
+            chain: 'mantle',
+        });
+        return Buffer.from(decryptedString.decryptedData);
+    }
+    /**
+     * Generates a SIWE AuthSig using a local ethers Signer.
+     * This is required for Lit Protocol to authenticate the user and check access.
+     */
+    async getAuthSig(signer) {
+        const address = await signer.getAddress();
+        const domain = 'localhost';
+        const origin = 'https://localhost/login';
+        const statement = 'Sign in to Wit CLI to decrypt repository data.';
+        const now = new Date().toISOString();
+        const expiration = new Date(Date.now() + 1000 * 60 * 60 * 24).toISOString(); // 24 hours
+        const chainId = 5000; // Mantle Mainnet
+        // Construct SIWE Message (EIP-4361)
+        // Note: Newlines (\n) are critical.
+        const message = `${domain} wants you to sign in with your Ethereum account:\n${address}\n\n${statement}\n\nURI: ${origin}\nVersion: 1\nChain ID: ${chainId}\nNonce: ${this.randomNonce()}\nIssued At: ${now}\nExpiration Time: ${expiration}`;
+        const signature = await signer.signMessage(message);
+        return {
+            sig: signature,
+            derivedVia: 'web3.eth.personal.sign',
+            signedMessage: message,
+            address: address,
+        };
+    }
+    randomNonce() {
+        return Math.random().toString(36).substring(2, 12);
+    }
+}
+exports.LitService = LitService;

package/dist/lib/manifest.js

@@ -1,12 +1,14 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildRootEntries = buildRootEntries;
 exports.computeRootHash = computeRootHash;
 exports.buildManifest = buildManifest;
+exports.buildSnapshotManifest = buildSnapshotManifest;
 const fs_1 = require("./fs");
 const serialize_1 = require("./serialize");
 const schema_1 = require("./schema");
-function computeRootHash(index) {
-    const entries = Object.keys(index)
+function buildRootEntries(index) {
+    return Object.keys(index)
         .sort()
         .map((rel) => {
         const meta = index[rel];
@@ -18,8 +20,10 @@ function computeRootHash(index) {
             mtime: meta.mtime,
         };
     });
-    const serialized = (0, serialize_1.canonicalStringify)(entries);
-    return (0, serialize_1.sha256Base64)(serialized);
+}
+function computeRootHash(index) {
+    const entries = buildRootEntries(index);
+    return (0, serialize_1.sha256Base64)((0, serialize_1.canonicalStringify)(entries));
 }
 function buildManifest(index, quiltId) {
     const files = {};
@@ -35,3 +39,17 @@ function buildManifest(index, quiltId) {
     };
     return schema_1.ManifestSchema.parse(manifest);
 }
+function buildSnapshotManifest(index, snapshotCid) {
+    const files = {};
+    for (const rel of Object.keys(index).sort()) {
+        const posix = (0, fs_1.pathToPosix)(rel);
+        files[posix] = index[rel];
+    }
+    const manifest = {
+        version: 1,
+        snapshot_cid: snapshotCid,
+        root_hash: computeRootHash(index),
+        files,
+    };
+    return schema_1.ManifestSchema.parse(manifest);
+}

package/dist/lib/repo.js

@@ -6,12 +6,20 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.requireWitDir = requireWitDir;
 exports.readRepoConfig = readRepoConfig;
 exports.writeRepoConfig = writeRepoConfig;
+exports.getRepoChainMismatch = getRepoChainMismatch;
+exports.resolveChainConfig = resolveChainConfig;
+exports.resolveChainAuthor = resolveChainAuthor;
+exports.resolveSuiConfig = resolveSuiConfig;
+exports.resolveSuiSealPolicyId = resolveSuiSealPolicyId;
+exports.setSuiSealPolicyId = setSuiSealPolicyId;
+exports.setChainAuthor = setChainAuthor;
 exports.readRemoteState = readRemoteState;
 exports.writeRemoteState = writeRemoteState;
 exports.readRemoteRef = readRemoteRef;
 exports.writeRemoteRef = writeRemoteRef;
 const promises_1 = __importDefault(require("fs/promises"));
 const path_1 = __importDefault(require("path"));
+const chain_1 = require("./chain");
 const DEFAULT_REMOTE_REF = path_1.default.join('refs', 'remotes', 'main');
 async function requireWitDir(cwd = process.cwd()) {
     const dir = path_1.default.join(cwd, '.wit');
@@ -32,6 +40,92 @@ async function writeRepoConfig(witPath, cfg) {
     const file = path_1.default.join(witPath, 'config.json');
     await promises_1.default.writeFile(file, JSON.stringify(cfg, null, 2) + '\n', 'utf8');
 }
+async function getRepoChainMismatch(cfg) {
+    let repoChain;
+    try {
+        repoChain = (0, chain_1.normalizeChain)(cfg.chain ?? 'sui');
+    }
+    catch (err) {
+        return { error: err?.message || 'Unknown chain in repository config.' };
+    }
+    const activeChain = await (0, chain_1.readActiveChain)();
+    if (repoChain !== activeChain) {
+        return { repoChain, activeChain };
+    }
+    return null;
+}
+function resolveChainConfig(cfg, chain) {
+    if (!chain)
+        return null;
+    const entry = cfg.chains?.[chain];
+    if (!entry || typeof entry !== 'object')
+        return null;
+    return entry;
+}
+function resolveChainAuthor(cfg) {
+    const chainAuthor = resolveChainConfig(cfg, cfg.chain)?.author;
+    return chainAuthor || cfg.author || 'unknown';
+}
+function resolveSuiConfig(cfg) {
+    const chainCfg = resolveChainConfig(cfg, 'sui');
+    if (chainCfg)
+        return chainCfg;
+    const hasLegacy = cfg.network !== undefined ||
+        (Array.isArray(cfg.relays) && cfg.relays.length > 0) ||
+        Object.prototype.hasOwnProperty.call(cfg, 'seal_policy_id');
+    if (!hasLegacy)
+        return null;
+    return {
+        author: cfg.author || 'unknown',
+        key_alias: cfg.key_alias,
+        network: cfg.network,
+        relays: cfg.relays,
+        seal_policy_id: cfg.seal_policy_id ?? null,
+        storage_backend: 'walrus',
+    };
+}
+function resolveSuiSealPolicyId(cfg) {
+    const chainCfg = resolveSuiConfig(cfg);
+    if (chainCfg?.seal_policy_id !== undefined) {
+        return chainCfg.seal_policy_id ?? null;
+    }
+    if (Object.prototype.hasOwnProperty.call(cfg, 'seal_policy_id')) {
+        return cfg.seal_policy_id ?? null;
+    }
+    return null;
+}
+function setSuiSealPolicyId(cfg, value) {
+    if (cfg.chain && cfg.chain !== 'sui')
+        return;
+    if (!cfg.chains)
+        cfg.chains = {};
+    if (!cfg.chains.sui) {
+        cfg.chains.sui = {
+            author: cfg.author || 'unknown',
+            key_alias: cfg.key_alias,
+            storage_backend: 'walrus',
+        };
+    }
+    cfg.chains.sui.seal_policy_id = value;
+    if (Object.prototype.hasOwnProperty.call(cfg, 'seal_policy_id')) {
+        cfg.seal_policy_id = value ?? null;
+    }
+}
+function setChainAuthor(cfg, chain, author) {
+    if (chain) {
+        if (!cfg.chains)
+            cfg.chains = {};
+        if (!cfg.chains[chain]) {
+            cfg.chains[chain] = { author };
+        }
+        else {
+            cfg.chains[chain].author = author;
+        }
+    }
+    if (Object.prototype.hasOwnProperty.call(cfg, 'author')) {
+        cfg.author = author;
+    }
+}
 async function readRemoteState(witPath) {
     const file = path_1.default.join(witPath, 'state', 'remote.json');
     try {

package/dist/lib/schema.js

@@ -8,9 +8,14 @@ const fileMeta = zod_1.z.object({
     mode: zod_1.z.string().regex(/^\d{6}$/),
     mtime: zod_1.z.number().int().nonnegative(),
     id: zod_1.z.string().min(1).optional(),
+    cid: zod_1.z.string().min(1).optional(),
     enc: zod_1.z
         .object({
-        alg: zod_1.z.union([zod_1.z.literal('aes-256-gcm'), zod_1.z.literal('seal-aes-256-gcm')]),
+        alg: zod_1.z.union([
+            zod_1.z.literal('aes-256-gcm'),
+            zod_1.z.literal('seal-aes-256-gcm'),
+            zod_1.z.literal('lit-aes-256-gcm'),
+        ]),
         iv: zod_1.z.string().min(1),
         tag: zod_1.z.string().min(1),
         policy: zod_1.z.string().min(1).optional(),
@@ -18,21 +23,36 @@ const fileMeta = zod_1.z.object({
         package_id: zod_1.z.string().min(1).optional(),
         sealed_session_key: zod_1.z.string().min(1).optional(),
         cipher_size: zod_1.z.number().int().nonnegative().optional(),
+        // Lit Protocol specific fields
+        lit_encrypted_key: zod_1.z.string().min(1).optional(),
+        lit_hash: zod_1.z.string().min(1).optional(),
+        access_control_conditions: zod_1.z.array(zod_1.z.any()).optional(),
+        unified_access_control_conditions: zod_1.z.array(zod_1.z.any()).optional(),
+        lit_chain: zod_1.z.string().min(1).optional(),
+        lit_network: zod_1.z.string().min(1).optional(),
     })
         .optional(),
 });
-exports.ManifestSchema = zod_1.z.object({
+exports.ManifestSchema = zod_1.z
+    .object({
     version: zod_1.z.literal(1),
-    quilt_id: zod_1.z.string().min(1),
+    quilt_id: zod_1.z.string().min(1).optional(),
+    snapshot_cid: zod_1.z.string().min(1).optional(),
     root_hash: zod_1.z.string().min(1),
     files: zod_1.z.record(fileMeta),
 });
 exports.CommitSchema = zod_1.z.object({
-    tree: zod_1.z.object({
-        quilt_id: zod_1.z.string().min(1).nullable(),
-        manifest_id: zod_1.z.string().min(1).nullable(),
+    tree: zod_1.z
+        .object({
+        quilt_id: zod_1.z.string().min(1).nullable().optional(),
+        manifest_id: zod_1.z.string().min(1).nullable().optional(),
+        manifest_cid: zod_1.z.string().min(1).nullable().optional(),
+        snapshot_cid: zod_1.z.string().min(1).nullable().optional(),
         root_hash: zod_1.z.string().min(1),
         files: zod_1.z.record(fileMeta).optional(),
+    })
+        .refine((tree) => Boolean(tree.files || tree.manifest_id || tree.manifest_cid), {
+        message: 'Commit tree must include files or manifest id',
     }),
     parent: zod_1.z.string().min(1).nullable(),
     author: zod_1.z.string().min(1),

package/dist/lib/walrus.js

@@ -38,6 +38,15 @@ async function readJsonIfExists(file) {
         throw err;
     }
 }
+function resolveRepoWalrusConfig(repoCfg) {
+    if (!repoCfg)
+        return null;
+    const chainCfg = repoCfg.chains?.sui;
+    if (chainCfg && typeof chainCfg === 'object') {
+        return { ...repoCfg, ...chainCfg };
+    }
+    return repoCfg;
+}
 function normalizeNetwork(network) {
     if (network === 'mainnet')
         return 'mainnet';
@@ -81,7 +90,8 @@ function pickAggregatorHost(network, repoCfg, globalCfg) {
 }
 async function resolveWalrusConfig(cwd = process.cwd()) {
     const witDir = path_1.default.join(cwd, '.wit');
-    const repoCfg = await readJsonIfExists(path_1.default.join(witDir, 'config.json'));
+    const repoCfgRaw = await readJsonIfExists(path_1.default.join(witDir, 'config.json'));
+    const repoCfg = resolveRepoWalrusConfig(repoCfgRaw);
     if (!repoCfg) {
         throw new Error('Not a wit repository (missing .wit/config.json). Run `wit init` first.');
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "withub-cli",
-  "version": "0.1.0",
+  "version": "0.2.1",
   "description": "wit CLI (Commander + Ink) skeleton",
   "repository": {
     "type": "git",
@@ -22,14 +22,26 @@
     "prepublishOnly": "npm run build && npm run test:smoke"
   },
   "dependencies": {
+    "@lighthouse-web3/sdk": "^0.4.3",
+    "@lit-protocol/auth-helpers": "^8.2.0",
+    "@lit-protocol/constants": "^9.0.0",
+    "@lit-protocol/contracts-sdk": "^7.4.0",
+    "@lit-protocol/encryption": "^7.4.0",
+    "@lit-protocol/lit-node-client": "^7.4.0",
+    "@lit-protocol/types": "^8.0.2",
     "@mysten/seal": "^0.9.4",
     "@mysten/sui": "^1.45.0",
     "@mysten/walrus": "^0.8.4",
+    "@web3-storage/car-block-validator": "^1.2.2",
     "chalk": "^4.1.2",
     "commander": "^12.1.0",
     "diff": "^5.2.0",
+    "dotenv": "^17.2.3",
+    "ethers": "^6.16.0",
     "ignore": "^5.3.1",
     "ink": "^4.4.1",
+    "ipfs-car": "3.1.0",
+    "ipfs-only-hash": "^4.0.0",
     "isbinaryfile": "^5.0.2",
     "react": "^18.2.0",
     "zod": "^3.23.8"
@@ -44,6 +56,10 @@
   "engines": {
     "node": ">=18"
   },
+  "overrides": {
+    "@lit-protocol/constants": "^9.0.0",
+    "@lit-protocol/contracts": "^0.9.0"
+  },
   "license": "Apache-2.0",
   "files": [
     "dist/**",
@@ -54,4 +70,4 @@
   "publishConfig": {
     "access": "public"
   }
-}
+}