wolverine-ai 3.7.9 → 3.8.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wolverine-ai",
-  "version": "3.7.9",
+  "version": "3.8.1",
   "description": "Self-healing Node.js server framework powered by AI. Catches crashes, diagnoses errors, generates fixes, verifies, and restarts — automatically.",
   "main": "src/index.js",
   "bin": {

package/src/backup/backup-manager.js

@@ -32,6 +32,8 @@ const NEVER_ROLLBACK = [
   "server/lib/redis.js",
   ".env",
   ".env.local",
+  ".wolverine/vault/master.key",
+  ".wolverine/vault/eth.vault",
 ];
 
 class BackupManager {
@@ -78,6 +80,19 @@ class BackupManager {
       });
     }
 
+    // Also back up vault keys (catastrophic recovery)
+    try {
+      const vaultDir = path.join(this.projectRoot, ".wolverine", "vault");
+      for (const vaultFile of ["master.key", "eth.vault"]) {
+        const src = path.join(vaultDir, vaultFile);
+        if (fs.existsSync(src)) {
+          const dest = path.join(backupDir, ".wolverine__vault__" + vaultFile);
+          fs.copyFileSync(src, dest);
+          files.push({ original: src, relative: `.wolverine/vault/${vaultFile}`, backup: dest });
+        }
+      }
+    } catch {}
+
     const entry = {
       id: backupId,
       timestamp,

package/src/brain/brain.js

@@ -177,6 +177,10 @@ const SEED_DOCS = [
     text: "Notifications: detects human-required errors (expired keys, billing, service down, certs, permissions, disk). Classifies errors as AI-fixable vs human-required using pattern matching. Generates AI summary (CHAT_MODEL). Fires before wasting tokens on repair. Console alert + dashboard event + optional webhook. Categories: auth, billing, service, cert, permission, disk.",
     metadata: { topic: "notifications" },
   },
+  {
+    text: "Vault: encrypted key storage in .wolverine/vault/. AES-256-GCM encryption. master.key (32 bytes raw) encrypts eth.vault (Ethereum private key). Generated on first run if missing. Private key NEVER exists as a JS string — only Buffer, wiped after use. wallet-ops.js exposes getWalletAddress(), signTransaction(), signMessage() — all decrypt→use→wipe with generic error messages only. Injection detector blocks heal if 0x+64hex chars detected in error (key_leak_critical). Redactor scrubs all hex key patterns. Sandbox blocks agent access to vault paths. Backed up in every snapshot. Rollback-protected (NEVER_ROLLBACK list). Vault skill in src/skills/vault.js for agent discovery. Server code uses vault skill to earn/spend ETH without touching the private key.",
+    metadata: { topic: "vault-security" },
+  },
   {
     text: "MCP integration: connect external tools via Model Context Protocol. Configure in .wolverine/mcp.json with per-server tool allowlists. Security: arg sanitization (secrets redacted before sending to MCP servers), result injection scanning, rate limiting per server, audit logging. Tools appear as mcp__server__tool in the agent. Supports stdio and HTTP transports.",
     metadata: { topic: "mcp" },

package/src/core/runner.js

@@ -194,6 +194,23 @@ class WolverineRunner {
       console.log(chalk.yellow(`  ⚠️  MCP init failed (non-fatal): ${err.message}`));
     }
 
+    // Initialize vault (encrypted key storage)
+    try {
+      const { initVault, isVaultInitialized } = require("../vault/vault-manager");
+      const vaultResult = await initVault();
+      if (vaultResult.created) {
+        try {
+          const { getWalletAddress } = require("../vault/wallet-ops");
+          const addr = await getWalletAddress();
+          console.log(chalk.green(`  🔐 Vault initialized — wallet: ${addr}`));
+        } catch { console.log(chalk.green("  🔐 Vault initialized")); }
+      } else if (isVaultInitialized()) {
+        console.log(chalk.gray("  🔐 Vault: ready"));
+      }
+    } catch (err) {
+      console.log(chalk.yellow(`  ⚠️  Vault init failed (non-fatal): ${err.message}`));
+    }
+
     // Log redactor stats
     const redactorStats = this.redactor.getStats();
     console.log(chalk.gray(`  🔐 Secret redactor: ${redactorStats.trackedSecrets} secrets tracked from ${redactorStats.envFiles} env file(s)`));

package/src/notifications/notifier.js

@@ -57,9 +57,9 @@ const HUMAN_REQUIRED_PATTERNS = [
   { pattern: /EACCES/i, category: "permission", hint: "Permission denied on file system" },
   { pattern: /EPERM/i, category: "permission", hint: "Operation not permitted — check file/process permissions" },
 
-  // Environment
+  // Environment — only match system-level env issues, not app config files the agent can create
   { pattern: /not\s+set|undefined.*env|missing.*env/i, category: "env", hint: "Environment variable not configured" },
-  { pattern: /missing.*config/i, category: "env", hint: "Configuration file or value missing" },
+  { pattern: /missing.*(\.env|environment|env\s*var)/i, category: "env", hint: "Environment variable or .env file missing" },
 
   // Disk
   { pattern: /ENOSPC/i, category: "disk", hint: "Disk space full" },

package/src/security/injection-detector.js

@@ -41,6 +41,9 @@ const INJECTION_PATTERNS = [
   { pattern: /fs\.(unlink|rmdir|rm)Sync/i, label: "destructive-fs" },
   { pattern: /rimraf/i, label: "destructive-fs" },
   { pattern: /rm\s+-rf/i, label: "destructive-fs" },
+  // Vault key material leak — CRITICAL: block heal entirely
+  { pattern: /0x[0-9a-fA-F]{64}/i, label: "key-leak-critical" },
+  { pattern: /master\.key|eth\.vault|\.wolverine\/vault/i, label: "vault-path-leak" },
 ];
 
 /**

package/src/security/sandbox.js

@@ -12,11 +12,27 @@ class Sandbox {
     this.rootDir = path.resolve(rootDir);
   }
 
+  // Paths the agent can NEVER read, write, or delete — even within the sandbox
+  static PROTECTED_PATHS = [
+    ".wolverine/vault/master.key",
+    ".wolverine/vault/eth.vault",
+    ".wolverine/vault",
+  ];
+
   /**
-   * Resolve and validate a file path. Throws if the path escapes the sandbox.
+   * Resolve and validate a file path. Throws if the path escapes the sandbox
+   * or targets a protected vault path.
    * Returns the resolved absolute path.
    */
   resolve(filePath) {
+    // Block vault access before any resolution
+    const normalized = filePath.replace(/\\/g, "/").toLowerCase();
+    for (const p of Sandbox.PROTECTED_PATHS) {
+      if (normalized.includes(p.toLowerCase())) {
+        throw new SandboxViolationError(`Access denied: "${filePath}" is a protected vault path`);
+      }
+    }
+
     // Resolve relative to sandbox root
     const resolved = path.isAbsolute(filePath)
       ? path.resolve(filePath)
@@ -32,6 +48,13 @@ class Sandbox {
       );
     }
 
+    // Double-check resolved path against vault
+    for (const p of Sandbox.PROTECTED_PATHS) {
+      if (normalizedResolved.includes(p.toLowerCase())) {
+        throw new SandboxViolationError(`Access denied: resolved path targets protected vault`);
+      }
+    }
+
     // Check for symlink escape
     if (fs.existsSync(resolved)) {
       const real = fs.realpathSync(resolved);

package/src/security/secret-redactor.js

@@ -40,6 +40,11 @@ const SECRET_PATTERNS = [
   { pattern: /(?:password|secret|token|key|credential|auth)['"`]?\s*[:=]\s*['"`]([a-zA-Z0-9+/=_-]{32,})['"`]/gi, label: null }, // handled specially
   // JWT tokens
   { pattern: /eyJ[a-zA-Z0-9_-]{10,}\.eyJ[a-zA-Z0-9_-]{10,}\.[a-zA-Z0-9_-]{10,}/g, label: "[REDACTED_JWT]" },
+  // Vault: Ethereum private keys and encryption key material
+  { pattern: /0x[0-9a-fA-F]{64}/g, label: "[REDACTED_PRIVATE_KEY]" },
+  { pattern: /(?<![0-9a-fA-F])[0-9a-fA-F]{64}(?![0-9a-fA-F])/g, label: "[REDACTED_HEX_KEY]" },
+  // Vault file paths — prevent path disclosure that could guide file reads
+  { pattern: /master\.key|eth\.vault|\.wolverine\/vault/g, label: "[VAULT_REDACTED]" },
 ];
 
 class SecretRedactor {

package/src/skills/vault.js

@@ -0,0 +1,69 @@
+/**
+ * Vault Skill — secure wallet operations for the agent and server.
+ *
+ * Exposes wallet functionality (sign, address, status) through the
+ * skill registry so agents and server code can use the wallet WITHOUT
+ * ever touching the private key directly.
+ *
+ * The private key is decrypted in-memory, used, and wiped. Error messages
+ * are always generic to prevent key leakage through the AI repair pipeline.
+ */
+
+const SKILL_NAME = "vault";
+const SKILL_DESCRIPTION = "Secure Ethereum wallet — sign transactions, get address, check balance. Private key encrypted at rest, never exposed in code or errors.";
+const SKILL_KEYWORDS = ["wallet", "ethereum", "eth", "sign", "transaction", "vault", "private key", "address", "crypto", "blockchain", "send", "transfer"];
+const SKILL_USAGE = `
+  vault.status()           — check if vault is initialized, show address
+  vault.address()          — get the wallet's Ethereum address
+  vault.sign_tx(tx)        — sign a transaction { to, value, chainId, nonce, gasLimit }
+  vault.sign_message(msg)  — sign an arbitrary message
+  vault.public_key()       — get compressed public key hex
+
+  SECURITY: The private key never leaves the vault. All operations decrypt
+  in-memory, use, and wipe. Error messages are generic — no key material
+  can leak into the AI repair pipeline.
+`;
+
+/**
+ * Execute a vault action. Called by skill registry when matched.
+ * @param {string} action — "status" | "address" | "sign_tx" | "sign_message" | "public_key"
+ * @param {object} params — action-specific parameters
+ */
+async function execute(action, params = {}) {
+  const { getWalletAddress, getPublicKeyHex, signMessage, signTransaction, getVaultStatus } = require("../vault/wallet-ops");
+
+  switch (action) {
+    case "status": {
+      const status = getVaultStatus();
+      if (status.initialized) {
+        try {
+          status.address = await getWalletAddress();
+        } catch {
+          status.address = null;
+        }
+      }
+      return status;
+    }
+
+    case "address":
+      return { address: await getWalletAddress() };
+
+    case "public_key":
+      return { publicKey: await getPublicKeyHex() };
+
+    case "sign_message":
+      if (!params.message) return { error: "message required" };
+      return { signature: await signMessage(params.message) };
+
+    case "sign_tx": {
+      if (!params.to || !params.chainId) return { error: "to and chainId required" };
+      const signed = await signTransaction(params);
+      return { signedTransaction: signed };
+    }
+
+    default:
+      return { error: `Unknown vault action: ${action}. Use: status, address, sign_tx, sign_message, public_key` };
+  }
+}
+
+module.exports = { SKILL_NAME, SKILL_DESCRIPTION, SKILL_KEYWORDS, SKILL_USAGE, execute };

package/src/vault/vault-manager.js

@@ -0,0 +1,185 @@
+const crypto = require("crypto");
+const fs = require("fs");
+const path = require("path");
+
+/**
+ * Vault Manager — encrypted key storage for the wolverine framework.
+ *
+ * Two files in .wolverine/vault/:
+ *   master.key  — 32 bytes raw AES-256 key (chmod 0600)
+ *   eth.vault   — JSON with AES-256-GCM encrypted Ethereum private key
+ *
+ * Design principles:
+ * - Private keys NEVER exist as JavaScript strings (only Buffers, wipe-able)
+ * - Generic errors only — wallet-ops swallows details before they reach AI
+ * - master.key is the single secret on disk — everything else is encrypted
+ * - Survives git pull, npm install, auto-update (lives in .wolverine/)
+ */
+
+const VAULT_DIR = () => path.join(process.cwd(), ".wolverine", "vault");
+const MASTER_KEY_PATH = () => path.join(VAULT_DIR(), "master.key");
+const ETH_VAULT_PATH = () => path.join(VAULT_DIR(), "eth.vault");
+
+const ALGORITHM = "aes-256-gcm";
+const IV_LENGTH = 16;
+const AUTH_TAG_LENGTH = 16;
+
+/**
+ * Initialize the vault. Idempotent — creates keys only if missing.
+ * Called during runner startup before any server code runs.
+ */
+async function initVault() {
+  const vaultDir = VAULT_DIR();
+  fs.mkdirSync(vaultDir, { recursive: true });
+
+  let created = false;
+
+  // Master encryption key
+  if (!fs.existsSync(MASTER_KEY_PATH())) {
+    const masterKey = crypto.randomBytes(32);
+    fs.writeFileSync(MASTER_KEY_PATH(), masterKey);
+    try { fs.chmodSync(MASTER_KEY_PATH(), 0o600); } catch {}
+    masterKey.fill(0);
+    created = true;
+    console.log("  🔐 Vault: master encryption key generated");
+  }
+
+  // Ethereum private key (encrypted)
+  if (!fs.existsSync(ETH_VAULT_PATH())) {
+    const ethKey = crypto.randomBytes(32);
+    await encryptAndStore(ethKey);
+    ethKey.fill(0);
+    created = true;
+    console.log("  🔐 Vault: ethereum wallet created");
+  }
+
+  return { created };
+}
+
+/**
+ * Check if vault is fully initialized.
+ */
+function isVaultInitialized() {
+  return fs.existsSync(MASTER_KEY_PATH()) && fs.existsSync(ETH_VAULT_PATH());
+}
+
+/**
+ * Encrypt a private key Buffer and write to eth.vault.
+ * Wipes the master key from memory after use.
+ */
+async function encryptAndStore(keyBuf) {
+  let masterKey = null;
+  try {
+    masterKey = fs.readFileSync(MASTER_KEY_PATH());
+    const iv = crypto.randomBytes(IV_LENGTH);
+    const cipher = crypto.createCipheriv(ALGORITHM, masterKey, iv);
+    const encrypted = Buffer.concat([cipher.update(keyBuf), cipher.final()]);
+    const authTag = cipher.getAuthTag();
+
+    const vault = {
+      version: 1,
+      algorithm: ALGORITHM,
+      iv: iv.toString("hex"),
+      authTag: authTag.toString("hex"),
+      ciphertext: encrypted.toString("hex"),
+      created: new Date().toISOString(),
+      rotated: null,
+    };
+
+    const tmpPath = ETH_VAULT_PATH() + ".tmp";
+    fs.writeFileSync(tmpPath, JSON.stringify(vault, null, 2), "utf-8");
+    fs.renameSync(tmpPath, ETH_VAULT_PATH());
+    try { fs.chmodSync(ETH_VAULT_PATH(), 0o600); } catch {}
+  } finally {
+    if (masterKey) masterKey.fill(0);
+  }
+}
+
+/**
+ * Decrypt the Ethereum private key. Returns a Buffer.
+ * CALLER MUST call .fill(0) on the returned Buffer when done.
+ */
+function decryptPrivateKey() {
+  if (!isVaultInitialized()) {
+    throw new Error("vault not initialized");
+  }
+
+  let masterKey = null;
+  try {
+    masterKey = fs.readFileSync(MASTER_KEY_PATH());
+    const vault = JSON.parse(fs.readFileSync(ETH_VAULT_PATH(), "utf-8"));
+
+    if (vault.version !== 1) throw new Error("unsupported vault version");
+
+    const iv = Buffer.from(vault.iv, "hex");
+    const authTag = Buffer.from(vault.authTag, "hex");
+    const ciphertext = Buffer.from(vault.ciphertext, "hex");
+
+    const decipher = crypto.createDecipheriv(ALGORITHM, masterKey, iv);
+    decipher.setAuthTag(authTag);
+
+    return Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+  } finally {
+    if (masterKey) masterKey.fill(0);
+  }
+}
+
+/**
+ * Re-encrypt with a fresh IV. Defensive measure if key material was
+ * potentially exposed in an error message.
+ */
+async function rotateEncryption() {
+  let keyBuf = null;
+  try {
+    keyBuf = decryptPrivateKey();
+    await encryptAndStore(keyBuf);
+
+    // Update rotated timestamp
+    const vault = JSON.parse(fs.readFileSync(ETH_VAULT_PATH(), "utf-8"));
+    vault.rotated = new Date().toISOString();
+    fs.writeFileSync(ETH_VAULT_PATH(), JSON.stringify(vault, null, 2), "utf-8");
+  } finally {
+    if (keyBuf) keyBuf.fill(0);
+  }
+}
+
+/**
+ * Export vault contents for backup. Returns raw Buffers.
+ * Caller MUST wipe masterKey after writing to backup.
+ */
+function exportVaultForBackup() {
+  if (!isVaultInitialized()) return null;
+  return {
+    masterKey: fs.readFileSync(MASTER_KEY_PATH()),
+    vaultFile: fs.readFileSync(ETH_VAULT_PATH(), "utf-8"),
+  };
+}
+
+/**
+ * Import vault from backup. Only used during catastrophic recovery
+ * when both vault files are missing.
+ */
+function importVaultFromBackup(masterKeyBuf, vaultFileStr) {
+  const vaultDir = VAULT_DIR();
+  fs.mkdirSync(vaultDir, { recursive: true });
+
+  fs.writeFileSync(MASTER_KEY_PATH(), masterKeyBuf);
+  try { fs.chmodSync(MASTER_KEY_PATH(), 0o600); } catch {}
+
+  fs.writeFileSync(ETH_VAULT_PATH(), vaultFileStr, "utf-8");
+  try { fs.chmodSync(ETH_VAULT_PATH(), 0o600); } catch {}
+}
+
+function getVaultPath() { return VAULT_DIR(); }
+
+module.exports = {
+  initVault,
+  isVaultInitialized,
+  decryptPrivateKey,
+  rotateEncryption,
+  exportVaultForBackup,
+  importVaultFromBackup,
+  getVaultPath,
+  MASTER_KEY_PATH,
+  ETH_VAULT_PATH,
+};

package/src/vault/wallet-ops.js

@@ -0,0 +1,167 @@
+const { decryptPrivateKey } = require("./vault-manager");
+
+/**
+ * Wallet Operations — safe Ethereum wallet interactions.
+ *
+ * Every function follows the same pattern:
+ * 1. Decrypt private key into Buffer
+ * 2. Use it (sign, derive address, etc.)
+ * 3. Wipe Buffer in finally block
+ * 4. Catch block swallows real error, throws generic message
+ *
+ * The private key NEVER exists as a JavaScript string.
+ * Error messages are always generic — no hex, no key material, no details
+ * that could leak through the AI repair pipeline.
+ */
+
+/**
+ * Derive the Ethereum address from the vault's private key.
+ * Address is not secret — safe to return as string.
+ */
+async function getWalletAddress() {
+  let keyBuf = null;
+  try {
+    keyBuf = decryptPrivateKey();
+    const { keccak256, getPublicKey } = _getCrypto();
+    const pubKey = getPublicKey(keyBuf);
+    const address = _pubKeyToAddress(pubKey, keccak256);
+    return address;
+  } catch {
+    throw new Error("wallet operation failed: could not derive address");
+  } finally {
+    if (keyBuf) keyBuf.fill(0);
+  }
+}
+
+/**
+ * Get the compressed public key hex. Not secret.
+ */
+async function getPublicKeyHex() {
+  let keyBuf = null;
+  try {
+    keyBuf = decryptPrivateKey();
+    const { getPublicKey } = _getCrypto();
+    const pubKey = getPublicKey(keyBuf, true); // compressed
+    return Buffer.from(pubKey).toString("hex");
+  } catch {
+    throw new Error("wallet operation failed: could not derive public key");
+  } finally {
+    if (keyBuf) keyBuf.fill(0);
+  }
+}
+
+/**
+ * Sign an arbitrary message. Returns signature hex string.
+ * @param {string|Buffer} message — the message to sign
+ */
+async function signMessage(message) {
+  let keyBuf = null;
+  try {
+    keyBuf = decryptPrivateKey();
+    const { keccak256, sign } = _getCrypto();
+    const msgBuf = typeof message === "string" ? Buffer.from(message) : message;
+    // Ethereum signed message prefix
+    const prefix = Buffer.from(`\x19Ethereum Signed Message:\n${msgBuf.length}`);
+    const hash = keccak256(Buffer.concat([prefix, msgBuf]));
+    const sig = sign(hash, keyBuf);
+    return sig;
+  } catch {
+    throw new Error("wallet operation failed: could not sign message");
+  } finally {
+    if (keyBuf) keyBuf.fill(0);
+  }
+}
+
+/**
+ * Sign a transaction object. Returns signed transaction hex.
+ * @param {object} tx — { to, value, data?, nonce, gasLimit, gasPrice?, maxFeePerGas?, maxPriorityFeePerGas?, chainId }
+ */
+async function signTransaction(tx) {
+  // Validate BEFORE decrypting — don't touch the key for bad input
+  if (!tx || typeof tx !== "object") throw new Error("wallet operation failed: invalid transaction");
+  if (!tx.to || !tx.chainId) throw new Error("wallet operation failed: missing required fields");
+
+  let keyBuf = null;
+  try {
+    keyBuf = decryptPrivateKey();
+    // Use ethers for tx serialization + signing, but feed it a raw signer
+    const { Wallet } = require("ethers");
+    const wallet = new Wallet(keyBuf);
+    const signed = await wallet.signTransaction(tx);
+    return signed;
+  } catch {
+    throw new Error("wallet operation failed: could not sign transaction");
+  } finally {
+    if (keyBuf) keyBuf.fill(0);
+  }
+}
+
+/**
+ * Get vault status — safe metadata only, no key material.
+ */
+function getVaultStatus() {
+  const { isVaultInitialized, getVaultPath } = require("./vault-manager");
+  const fs = require("fs");
+  const masterExists = fs.existsSync(require("./vault-manager").MASTER_KEY_PATH());
+  const ethExists = fs.existsSync(require("./vault-manager").ETH_VAULT_PATH());
+
+  return {
+    initialized: isVaultInitialized(),
+    vaultPath: getVaultPath(),
+    masterKeyExists: masterExists,
+    ethVaultExists: ethExists,
+  };
+}
+
+// ── Crypto helpers (use @noble/secp256k1 or built-in) ──
+
+function _getCrypto() {
+  const crypto = require("crypto");
+
+  function keccak256(data) {
+    return crypto.createHash("sha3-256").update(data).digest();
+  }
+
+  function getPublicKey(privKeyBuf, compressed = false) {
+    const ecdh = crypto.createECDH("secp256k1");
+    ecdh.setPrivateKey(privKeyBuf);
+    return compressed ? ecdh.getPublicKey("buffer", "compressed") : ecdh.getPublicKey("buffer", "uncompressed");
+  }
+
+  function sign(hash, privKeyBuf) {
+    const sig = crypto.sign(null, hash, {
+      key: crypto.createPrivateKey({
+        key: Buffer.concat([
+          // DER-encode secp256k1 private key
+          Buffer.from("302e0201010420", "hex"),
+          privKeyBuf,
+          Buffer.from("a00706052b8104000a", "hex"),
+        ]),
+        format: "der",
+        type: "sec1",
+      }),
+      dsaEncoding: "ieee-p1363",
+    });
+    return sig.toString("hex");
+  }
+
+  return { keccak256, getPublicKey, sign };
+}
+
+function _pubKeyToAddress(uncompressedPubKey, keccak256) {
+  // Skip the 0x04 prefix byte, hash the rest, take last 20 bytes
+  const pubBytes = uncompressedPubKey.slice(1);
+  const hash = keccak256(pubBytes);
+  const addrBytes = hash.slice(hash.length - 20);
+  const addr = "0x" + addrBytes.toString("hex");
+  // EIP-55 checksum
+  const addrLower = addr.slice(2).toLowerCase();
+  const hashHex = keccak256(Buffer.from(addrLower)).toString("hex");
+  let checksummed = "0x";
+  for (let i = 0; i < 40; i++) {
+    checksummed += parseInt(hashHex[i], 16) >= 8 ? addrLower[i].toUpperCase() : addrLower[i];
+  }
+  return checksummed;
+}
+
+module.exports = { getWalletAddress, getPublicKeyHex, signMessage, signTransaction, getVaultStatus };