wyrm-mcp 7.2.0 → 7.2.2

package/dist/vault.js

@@ -1,534 +1 @@
-/**
- * Wyrm secret vault — local-first, encrypted-at-rest secret storage.
- *
- * Secrets (npm tokens, API keys, signing keys, …) are stored AES-256-GCM
- * -encrypted in `~/.wyrm/vault.enc`. The thing that actually decides how SAFE
- * the vault is, is WHERE the 32-byte master key lives. Wyrm supports three
- * backends, resolved automatically (override with `WYRM_VAULT_BACKEND`):
- *
- *   keychain    — the master key lives in the OS secret store (Secret Service /
- *                 libsecret on Linux, Keychain on macOS), NEVER on disk. This is
- *                 the safe default on a desktop: a stolen copy of `~/.wyrm` (a
- *                 backup, a synced dotfiles repo, an exfiltrated tarball) has the
- *                 ciphertext but NOT the key, so the AES actually protects you.
- *   passphrase  — key derived from `WYRM_VAULT_PASSPHRASE` via scrypt; no key on
- *                 disk. Best for headless / CI where there's no desktop keyring.
- *   keyfile     — random key in `~/.wyrm/vault.key` (0600). LEGACY / last resort:
- *                 the key sits beside the ciphertext, so at-rest encryption only
- *                 protects against someone who gets `vault.enc` but not the dir.
- *                 `wyrm vault secure` migrates a keyfile vault to keychain.
- *
- * Threat model — honest boundaries. The keychain backend defeats OFFLINE theft
- * of `~/.wyrm` (the realistic risk: backups, rsync, cloud-synced dotfiles, a
- * leaked copy). It does NOT defend against a malicious process running AS YOU in
- * an UNLOCKED login session — that process can ask the Secret Service for the
- * key exactly like Wyrm does. Defending against that needs per-access prompts or
- * hardware confirmation (TPM/Secure Enclave), which break non-interactive use by
- * the agent. For the strongest at-rest posture in an untrusted environment, use
- * `passphrase` mode and don't cache the passphrase.
- *
- * GCM gives confidentiality AND integrity (tamper → decrypt throws). The only
- * runtime dep is the OS keyring CLI (`secret-tool`/`security`), invoked via
- * execFileSync (no shell). On LINUX the key is passed to `secret-tool` on STDIN —
- * never argv. On macOS the `security` CLI has no stdin mode for `add-generic-password
- * -w`, so the (random, non-user) master key is passed on argv, which is visible only
- * to a SAME-USER `ps` — and a same-user process is already outside the keychain
- * backend's threat model (it can read the keychain directly). Pure stdlib otherwise.
- *
- * @copyright 2026 Ghost Protocol (Pvt) Ltd.
- * @license AGPL-3.0-or-later — dual-licensed; commercial terms: ghosts.lk@proton.me. See LICENSE.
- */
-import { createCipheriv, createDecipheriv, randomBytes, scryptSync, timingSafeEqual } from 'node:crypto';
-import { existsSync, readFileSync, writeFileSync, mkdirSync, chmodSync, unlinkSync, statSync, copyFileSync, openSync, fsyncSync, closeSync, writeSync } from 'node:fs';
-import { execFileSync } from 'node:child_process';
-import { homedir, platform } from 'node:os';
-import { join } from 'node:path';
-const ALGO = 'aes-256-gcm';
-const IV_LEN = 12;
-const TAG_LEN = 16;
-/** Secret Service attributes that identify Wyrm's master key. */
-const KEYCHAIN_SERVICE = 'wyrm-vault';
-const KEYCHAIN_LABEL = 'Wyrm Vault master key';
-function vaultDir() { return process.env.WYRM_VAULT_DIR || join(homedir(), '.wyrm'); }
-function vaultFile() { return join(vaultDir(), 'vault.enc'); }
-function keyFile() { return join(vaultDir(), 'vault.key'); }
-function saltFile() { return join(vaultDir(), 'vault.salt'); }
-function markerFile() { return join(vaultDir(), 'vault.meta'); }
-// ── Salt for passphrase mode ──────────────────────────────────────────────────
-/** Per-install scrypt salt for passphrase mode. A single hardcoded global salt
- *  lets the same passphrase derive the same key across every install (rainbow /
- *  precompute risk), so generate a random 16-byte salt once and persist it
- *  (non-secret). Back-compat: if a passphrase vault already exists from before
- *  per-install salts, keep its legacy global salt so existing secrets still
- *  decrypt. */
-function passphraseSalt() {
-    const sf = saltFile();
-    if (existsSync(sf))
-        return readFileSync(sf);
-    mkdirSync(vaultDir(), { recursive: true, mode: 0o700 });
-    const salt = existsSync(vaultFile()) ? Buffer.from('wyrm-vault-v1') : randomBytes(16);
-    writeFileSync(sf, salt, { mode: 0o600 });
-    try {
-        chmodSync(sf, 0o600);
-    }
-    catch { /* best-effort */ }
-    return salt;
-}
-// ── Backend marker (non-secret) ─────────────────────────────────────────────────
-/** A vault declares which backend it was created/secured under in `vault.meta`
- *  (non-secret JSON). Any build then resolves the RIGHT backend for an existing
- *  vault and can fail LOUDLY when that backend is unavailable — instead of
- *  silently minting a fresh key that can never decrypt the existing ciphertext
- *  (the exact footgun that orphans a vault when a keyring is locked/missing). */
-function readMarker() {
-    try {
-        const m = JSON.parse(readFileSync(markerFile(), 'utf8'));
-        if (m.backend === 'keychain' || m.backend === 'passphrase' || m.backend === 'keyfile')
-            return m.backend;
-    }
-    catch { /* absent / unreadable → legacy vault: fall back to heuristics + the existence guard */ }
-    return null;
-}
-function writeMarker(backend) {
-    try {
-        mkdirSync(vaultDir(), { recursive: true, mode: 0o700 });
-        writeFileSync(markerFile(), JSON.stringify({ backend, v: 1 }), { mode: 0o600 });
-        try {
-            chmodSync(markerFile(), 0o600);
-        }
-        catch { /* best-effort */ }
-    }
-    catch { /* non-fatal: the marker is an optimization; the vault.enc-exists guard still protects */ }
-}
-// ── OS keychain (Secret Service on Linux, Keychain on macOS) ────────────────────
-/** The keyring CLI to drive. Overridable for tests via WYRM_VAULT_SECRETTOOL. */
-function secretToolCmd() { return process.env.WYRM_VAULT_SECRETTOOL || 'secret-tool'; }
-/** A stable per-vault-dir account label so multiple WYRM_VAULT_DIRs don't collide. */
-function keychainAccount() { return vaultDir(); }
-function isENOENT(e) {
-    return !!e && typeof e === 'object' && e.code === 'ENOENT';
-}
-/** Read the master key from the OS keychain, or undefined if absent. */
-function keychainGet() {
-    try {
-        if (platform() === 'darwin') {
-            const out = execFileSync('security', ['find-generic-password', '-s', KEYCHAIN_SERVICE, '-a', keychainAccount(), '-w'], { timeout: 8000, encoding: 'utf8', stdio: ['ignore', 'pipe', 'ignore'] });
-            const b64 = out.trim();
-            return b64 ? Buffer.from(b64, 'base64') : undefined;
-        }
-        const out = execFileSync(secretToolCmd(), ['lookup', 'service', KEYCHAIN_SERVICE, 'path', keychainAccount()], { timeout: 8000, encoding: 'utf8', stdio: ['ignore', 'pipe', 'ignore'] });
-        const b64 = out.trim();
-        return b64 ? Buffer.from(b64, 'base64') : undefined;
-    }
-    catch (e) {
-        if (isENOENT(e))
-            throw new Error('OS keychain CLI not found (install libsecret/`secret-tool`), or use WYRM_VAULT_PASSPHRASE / `wyrm vault secure --backend passphrase`.');
-        // Non-ENOENT (e.g. "no such secret") → key simply isn't there.
-        return undefined;
-    }
-}
-/** Store the master key in the OS keychain. Secret goes via STDIN, never argv. */
-function keychainStore(key) {
-    const b64 = key.toString('base64');
-    if (platform() === 'darwin') {
-        // -U updates if present; -w reads the value from the arg, so feed via stdin-safe path:
-        // `security` has no stdin mode for -w, but the value is base64 of a random key (not the
-        // user secret itself) and the process is the user's own — acceptable. Prefer add w/ update.
-        execFileSync('security', ['add-generic-password', '-U', '-s', KEYCHAIN_SERVICE, '-a', keychainAccount(), '-l', KEYCHAIN_LABEL, '-w', b64], { timeout: 8000, stdio: ['ignore', 'ignore', 'ignore'] });
-        return;
-    }
-    execFileSync(secretToolCmd(), ['store', '--label', KEYCHAIN_LABEL, 'service', KEYCHAIN_SERVICE, 'path', keychainAccount()], { timeout: 8000, input: b64, stdio: ['pipe', 'ignore', 'ignore'] });
-}
-/** Remove the master key from the OS keychain (best-effort). */
-function keychainClear() {
-    try {
-        if (platform() === 'darwin') {
-            execFileSync('security', ['delete-generic-password', '-s', KEYCHAIN_SERVICE, '-a', keychainAccount()], { timeout: 8000, stdio: ['ignore', 'ignore', 'ignore'] });
-        }
-        else {
-            execFileSync(secretToolCmd(), ['clear', 'service', KEYCHAIN_SERVICE, 'path', keychainAccount()], { timeout: 8000, stdio: ['ignore', 'ignore', 'ignore'] });
-        }
-    }
-    catch { /* nothing to clear / unavailable */ }
-}
-/** Is the OS keychain reachable at all (CLI present + responds)? */
-function keychainAvailable() {
-    try {
-        if (platform() === 'darwin') {
-            execFileSync('security', ['find-generic-password', '-s', KEYCHAIN_SERVICE, '-a', '__wyrm_probe__'], { timeout: 8000, stdio: ['ignore', 'ignore', 'ignore'] });
-            return true; // found (unlikely) → reachable
-        }
-        execFileSync(secretToolCmd(), ['lookup', 'service', KEYCHAIN_SERVICE, 'path', '__wyrm_probe__'], { timeout: 8000, stdio: ['ignore', 'ignore', 'ignore'] });
-        return true; // probe key absent but the CLI/daemon answered → reachable
-    }
-    catch (e) {
-        if (isENOENT(e))
-            return false; // CLI not installed
-        // Exit 1 = "no such secret" → service reachable. Any other failure → treat as available
-        // only if it's the benign not-found; a timeout/daemon error means NOT usable.
-        const status = e.status;
-        // libsecret returns 1 on a clean "not found"; macOS `security` returns 44
-        // (errSecItemNotFound). Either means the keyring is reachable but our probe key
-        // is absent. Anything else (timeout, daemon error, locked) → not usable.
-        return status === 1 || (platform() === 'darwin' && status === 44);
-    }
-}
-/** Does the keychain currently hold OUR master key? */
-function keychainHasKey() {
-    try {
-        return keychainGet() !== undefined;
-    }
-    catch {
-        return false;
-    }
-}
-// ── Backend resolution ──────────────────────────────────────────────────────────
-/** Decide which backend to use. `WYRM_VAULT_PASSPHRASE` always wins; otherwise
- *  honor an explicit `WYRM_VAULT_BACKEND`; otherwise auto-pick the safest backend
- *  that won't break an existing vault. */
-export function resolveBackend() {
-    if (process.env.WYRM_VAULT_PASSPHRASE)
-        return 'passphrase';
-    const explicit = (process.env.WYRM_VAULT_BACKEND || 'auto').toLowerCase();
-    if (explicit === 'passphrase' || explicit === 'keychain' || explicit === 'keyfile')
-        return explicit;
-    // auto: an EXISTING vault declares its backend in vault.meta — honor it so we never
-    // resolve to a DIFFERENT backend and mint a stray key. If the declared backend is
-    // unavailable, masterKey() fails loudly (it does NOT fall through to keyfile).
-    if (existsSync(vaultFile())) {
-        const marked = readMarker();
-        if (marked)
-            return marked;
-    }
-    if (keychainHasKey())
-        return 'keychain'; // already migrated / a keychain vault exists
-    if (existsSync(keyFile()))
-        return 'keyfile'; // legacy keyfile vault — keep it working (we warn elsewhere)
-    if (keychainAvailable())
-        return 'keychain'; // fresh box with a working keyring → safe by default
-    return 'keyfile'; // no keyring (headless) and no passphrase → last resort
-}
-/** The 32-byte master key for the resolved backend. A new key is minted ONLY for a
- *  brand-new vault (no `vault.enc` yet). If `vault.enc` already exists but no key is
- *  available for the resolved backend, we FAIL LOUDLY rather than mint a fresh key —
- *  a new key can never decrypt existing ciphertext, it can only orphan the vault and
- *  surface as a misleading "decrypt failed". */
-function masterKey() {
-    const backend = resolveBackend();
-    const vaultExists = existsSync(vaultFile());
-    if (backend === 'passphrase') {
-        const pass = process.env.WYRM_VAULT_PASSPHRASE;
-        if (!pass)
-            throw new Error('passphrase backend selected but WYRM_VAULT_PASSPHRASE is not set.');
-        if (!vaultExists)
-            writeMarker('passphrase');
-        return scryptSync(pass, passphraseSalt(), 32);
-    }
-    if (backend === 'keychain') {
-        let k = keychainGet();
-        if (!k) {
-            if (vaultExists)
-                throw new Error('vault.enc exists but its master key is not in the OS keychain (keyring locked/unavailable, or the key was cleared). ' +
-                    'Unlock your login keyring and retry, or set WYRM_VAULT_PASSPHRASE if this vault uses a passphrase. ' +
-                    'Refusing to mint a new key — it cannot decrypt your existing secrets and would orphan them.');
-            k = randomBytes(32);
-            keychainStore(k);
-            writeMarker('keychain');
-        }
-        if (k.length !== 32)
-            throw new Error('keychain holds a malformed master key (expected 32 bytes).');
-        return k;
-    }
-    // keyfile
-    const kf = keyFile();
-    if (!existsSync(kf)) {
-        if (vaultExists)
-            throw new Error('vault.enc exists but vault.key is missing — this vault was likely created under a different backend (keychain/passphrase). ' +
-                'Unlock your OS keyring or set WYRM_VAULT_PASSPHRASE. ' +
-                'Refusing to mint a new keyfile — it cannot decrypt your existing secrets and would orphan them.');
-        mkdirSync(vaultDir(), { recursive: true, mode: 0o700 });
-        const k = randomBytes(32);
-        writeFileSync(kf, k, { mode: 0o600 });
-        try {
-            chmodSync(kf, 0o600);
-        }
-        catch { /* best-effort on platforms w/o chmod */ }
-        writeMarker('keyfile');
-        return k;
-    }
-    return readFileSync(kf);
-}
-// ── Crypto core (explicit-key variants so migration can re-key) ─────────────────
-function decryptWith(raw, key) {
-    if (raw.length < IV_LEN + TAG_LEN)
-        throw new Error('vault file is corrupt (too short)');
-    const iv = raw.subarray(0, IV_LEN);
-    const tag = raw.subarray(IV_LEN, IV_LEN + TAG_LEN);
-    const ct = raw.subarray(IV_LEN + TAG_LEN);
-    const d = createDecipheriv(ALGO, key, iv);
-    d.setAuthTag(tag);
-    const pt = Buffer.concat([d.update(ct), d.final()]);
-    return JSON.parse(pt.toString('utf8'));
-}
-function encryptWith(secrets, key) {
-    const iv = randomBytes(IV_LEN);
-    const c = createCipheriv(ALGO, key, iv);
-    const ct = Buffer.concat([c.update(JSON.stringify(secrets), 'utf8'), c.final()]);
-    const tag = c.getAuthTag();
-    return Buffer.concat([iv, tag, ct]);
-}
-function loadWith(key) {
-    const vf = vaultFile();
-    if (!existsSync(vf))
-        return {};
-    try {
-        return decryptWith(readFileSync(vf), key);
-    }
-    catch {
-        throw new Error('vault decrypt failed — wrong key/passphrase, or the vault was tampered with.');
-    }
-}
-function persistWith(secrets, key) {
-    mkdirSync(vaultDir(), { recursive: true, mode: 0o700 });
-    writeFileSync(vaultFile(), encryptWith(secrets, key), { mode: 0o600 });
-    try {
-        chmodSync(vaultFile(), 0o600);
-    }
-    catch { /* best-effort */ }
-}
-function load() {
-    if (!existsSync(vaultFile()))
-        return {};
-    return loadWith(masterKey());
-}
-function persist(secrets) { persistWith(secrets, masterKey()); }
-// ── Public API ──────────────────────────────────────────────────────────────────
-export function vaultSet(name, value) {
-    if (!name || !/^[\w.\-:/@]+$/.test(name))
-        throw new Error('invalid secret name');
-    const s = load();
-    s[name] = value;
-    persist(s);
-}
-export function vaultGet(name) { return load()[name]; }
-export function vaultHas(name) { return name in load(); }
-export function vaultList() { return Object.keys(load()).sort(); }
-export function vaultRemove(name) {
-    const s = load();
-    if (!(name in s))
-        return false;
-    delete s[name];
-    persist(s);
-    return true;
-}
-/** Destroy the entire vault (encrypted store; keeps the key material). */
-export function vaultDestroy() {
-    try {
-        unlinkSync(vaultFile());
-    }
-    catch { /* already gone */ }
-    try {
-        unlinkSync(markerFile());
-    }
-    catch { /* marker describes a now-deleted vault */ }
-}
-/** Overwrite a file's bytes with random data, fsync, then unlink. Best-effort on
- *  copy-on-write filesystems (btrfs/APFS may relocate), which is why migration
- *  ROTATES the key — even a recovered keyfile decrypts nothing afterward. */
-function shredFile(path) {
-    try {
-        const size = statSync(path).size;
-        const fd = openSync(path, 'r+');
-        try {
-            if (size > 0) {
-                const junk = randomBytes(size);
-                writeSync(fd, junk, 0, size, 0);
-                fsyncSync(fd);
-            }
-        }
-        finally {
-            closeSync(fd);
-        }
-    }
-    catch { /* file gone / unwritable — fall through to unlink */ }
-    try {
-        unlinkSync(path);
-    }
-    catch { /* already gone */ }
-}
-/** Find the key that actually decrypts the CURRENT ciphertext, by trying every
- *  key we can construct (keyfile, keychain, passphrase) — used by migration so it
- *  works regardless of what backend the environment currently resolves to. */
-function detectCurrentKey() {
-    if (!existsSync(vaultFile()))
-        return { key: null, from: resolveBackend() };
-    const raw = readFileSync(vaultFile());
-    const candidates = [];
-    if (existsSync(keyFile()))
-        candidates.push({ from: 'keyfile', key: readFileSync(keyFile()) });
-    try {
-        const k = keychainGet();
-        if (k)
-            candidates.push({ from: 'keychain', key: k });
-    }
-    catch { /* keychain unreachable */ }
-    if (process.env.WYRM_VAULT_PASSPHRASE)
-        candidates.push({ from: 'passphrase', key: scryptSync(process.env.WYRM_VAULT_PASSPHRASE, passphraseSalt(), 32) });
-    for (const c of candidates) {
-        try {
-            decryptWith(raw, c.key);
-            return { key: c.key, from: c.from };
-        }
-        catch { /* try next */ }
-    }
-    throw new Error('could not decrypt the current vault with any available key (keyfile / keychain / passphrase).');
-}
-/** Migrate the vault to a safer backend: re-key under the OS keychain (default)
- *  or a passphrase, verify every secret still decrypts, then shred the plaintext
- *  `vault.key`. Backs up `vault.enc` first; restores it if verification fails. */
-export function vaultSecure(opts = {}) {
-    const to = opts.backend ?? 'keychain';
-    const rotate = opts.rotate ?? true;
-    // 1) Decrypt everything with the SOURCE key. We must NOT use load()/resolveBackend()
-    //    here: when migrating to passphrase, WYRM_VAULT_PASSPHRASE (the TARGET) is already
-    //    set, so resolveBackend would point at the target. Instead, try every key we can
-    //    construct and use whichever actually decrypts the existing ciphertext.
-    const { key: srcKey, from } = detectCurrentKey();
-    const current = srcKey ? decryptWith(readFileSync(vaultFile()), srcKey) : {};
-    const count = Object.keys(current).length;
-    // 2) Back up the ciphertext before touching anything.
-    let backup = '';
-    if (existsSync(vaultFile())) {
-        backup = vaultFile() + '.bak.' + new Date().toISOString().replace(/[:.]/g, '-');
-        copyFileSync(vaultFile(), backup);
-        try {
-            chmodSync(backup, 0o600);
-        }
-        catch { /* best-effort */ }
-    }
-    // 3) Establish the new key under the target backend. CAPTURE the prior keychain slot
-    //    FIRST: the keychain has a single service::path slot, so keychainStore overwrites
-    //    (destroys) any existing key — we must be able to put it back if migration fails.
-    let newKey;
-    let prevKeychain;
-    if (to === 'keychain') {
-        if (!keychainAvailable())
-            throw new Error('OS keychain not reachable — cannot migrate to keychain. Unlock your login keyring, or use `--backend passphrase`.');
-        prevKeychain = keychainGet(); // K_old when re-securing an existing keychain vault, else undefined
-        newKey = rotate ? randomBytes(32) : (prevKeychain ?? randomBytes(32));
-        keychainStore(newKey);
-    }
-    else {
-        const pass = process.env.WYRM_VAULT_PASSPHRASE;
-        if (!pass)
-            throw new Error('migrate to passphrase requires WYRM_VAULT_PASSPHRASE to be set.');
-        newKey = scryptSync(pass, passphraseSalt(), 32);
-    }
-    // Undo the keychain mutation we just made (restore prior key, or clear if none).
-    const restoreKeychain = () => {
-        if (to !== 'keychain')
-            return;
-        if (prevKeychain) {
-            try {
-                keychainStore(prevKeychain);
-            }
-            catch { /* best-effort */ }
-        }
-        else
-            keychainClear();
-    };
-    // 4) Re-encrypt under the new key and VERIFY (full contents, not just key names)
-    //    before we destroy anything. On ANY failure, fully roll back to the state we
-    //    found: restore the source ciphertext AND the prior keychain key.
-    try {
-        persistWith(current, newKey);
-        const check = decryptWith(readFileSync(vaultFile()), newKey);
-        const a = Buffer.from(JSON.stringify(check));
-        const b = Buffer.from(JSON.stringify(current));
-        if (a.length !== b.length || !timingSafeEqual(a, b))
-            throw new Error('post-migration verification mismatch');
-    }
-    catch (e) {
-        if (backup) {
-            // NEVER delete the backup unless the restore actually succeeded.
-            try {
-                copyFileSync(backup, vaultFile());
-            }
-            catch (err) {
-                restoreKeychain();
-                throw new Error(`CRITICAL: vault rollback failed — vault.enc may be partially written. Restore manually:  cp "${backup}" "${vaultFile()}"  (${err.message})`);
-            }
-            try {
-                unlinkSync(backup);
-            }
-            catch { /* best-effort */ }
-        }
-        restoreKeychain();
-        throw new Error('migration aborted (vault left unchanged): ' + e.message);
-    }
-    // 5) Record the new backend so any future build resolves it (and fails loudly if
-    //    it can't reach it) instead of minting a stray key.
-    writeMarker(to);
-    // 6) Success — retire the old key material.
-    let keyfileShredded = false;
-    if (existsSync(keyFile())) {
-        shredFile(keyFile());
-        keyfileShredded = true;
-    }
-    if (to === 'passphrase')
-        keychainClear(); // ensure no stale keychain copy lingers
-    // 7) Remove the transient backup. When the key was rotated the old ciphertext is now
-    //    UNDECRYPTABLE (old key destroyed), so the backup is dead weight, not a safety net.
-    //    The verified live vault is the source of truth; for real backups use `wyrm sync export`.
-    if (backup) {
-        try {
-            unlinkSync(backup);
-        }
-        catch { /* best-effort */ }
-        backup = '';
-    }
-    return { from, to, rotated: rotate, secrets: count, backup, keyfileShredded };
-}
-/** Where things live + the security posture (for `vault info`; never prints secrets). */
-export function vaultPaths() {
-    const backend = resolveBackend();
-    let count = 0;
-    try {
-        count = vaultList().length;
-    }
-    catch { /* locked */ }
-    const keyfileOnDisk = existsSync(keyFile());
-    const kcAvail = backend === 'keychain' ? true : (() => { try {
-        return keychainAvailable();
-    }
-    catch {
-        return false;
-    } })();
-    // "secure" = the master key is NOT a plaintext file sitting next to the ciphertext.
-    const secure = (backend === 'keychain' || backend === 'passphrase') && !keyfileOnDisk;
-    return { dir: vaultDir(), vault: vaultFile(), key: keyFile(), backend, mode: backend, count, keyfileOnDisk, keychainAvailable: kcAvail, secure };
-}
-/** A short, actionable advisory for a connecting AI/operator — empty when the vault
- *  is already secure, so it self-resolves once `wyrm vault setup` has been run. Used
- *  by `wyrm_session_prime` to AUTOMATICALLY guide the client AI to set credential
- *  storage up properly. Never contains secret values. */
-export function vaultAdvisory() {
-    let p;
-    try {
-        p = vaultPaths();
-    }
-    catch {
-        return [];
-    }
-    if (p.secure)
-        return []; // already safe — don't nag
-    const lines = [];
-    lines.push(p.count > 0
-        ? `⚠️ The credential vault holds ${p.count} secret(s) but the master key is a PLAINTEXT file (\`${p.key}\`) sitting beside the ciphertext — at-rest encryption is effectively defeated against anyone who can read \`${p.dir}\` (a backup, a synced dotfiles repo, an exfiltrated tarball).`
-        : `⚠️ The credential vault's master key would be stored as a plaintext file beside the ciphertext.`);
-    lines.push(p.keychainAvailable
-        ? 'Fix in one step — run **`wyrm vault setup`** (moves the key into the OS keychain, rotates it, shreds the plaintext key). Then store secrets with `printf %s "$TOKEN" | wyrm vault set <name>` and use them via `wyrm vault exec <name> -- <cmd>` (never echoed).'
-        : 'No OS keychain on this host — set `WYRM_VAULT_PASSPHRASE`, then run **`wyrm vault setup`** (derives the key from the passphrase; nothing on disk).');
-    return lines;
-}
-//# sourceMappingURL=vault.js.map
+import{createCipheriv as X,createDecipheriv as Q,randomBytes as d,scryptSync as U,timingSafeEqual as Z}from"node:crypto";import{existsSync as o,readFileSync as u,writeFileSync as R,mkdirSync as T,chmodSync as S,unlinkSync as g,statSync as ee,copyFileSync as I,openSync as te,fsyncSync as re,closeSync as ne,writeSync as ie}from"node:fs";import{execFileSync as f}from"node:child_process";import{homedir as oe,platform as w}from"node:os";import{join as A}from"node:path";const $="aes-256-gcm",k=12,V=16,y="wyrm-vault",D="Wyrm Vault master key";function c(){return process.env.WYRM_VAULT_DIR||A(oe(),".wyrm")}function i(){return A(c(),"vault.enc")}function l(){return A(c(),"vault.key")}function se(){return A(c(),"vault.salt")}function x(){return A(c(),"vault.meta")}function M(){const e=se();if(o(e))return u(e);T(c(),{recursive:!0,mode:448});const t=o(i())?Buffer.from("wyrm-vault-v1"):d(16);R(e,t,{mode:384});try{S(e,384)}catch{}return t}function ce(){try{const e=JSON.parse(u(x(),"utf8"));if(e.backend==="keychain"||e.backend==="passphrase"||e.backend==="keyfile")return e.backend}catch{}return null}function L(e){try{T(c(),{recursive:!0,mode:448}),R(x(),JSON.stringify({backend:e,v:1}),{mode:384});try{S(x(),384)}catch{}}catch{}}function P(){return process.env.WYRM_VAULT_SECRETTOOL||"secret-tool"}function m(){return c()}function J(e){return!!e&&typeof e=="object"&&e.code==="ENOENT"}function O(){try{if(w()==="darwin"){const n=f("security",["find-generic-password","-s",y,"-a",m(),"-w"],{timeout:8e3,encoding:"utf8",stdio:["ignore","pipe","ignore"]}).trim();return n?Buffer.from(n,"base64"):void 0}const t=f(P(),["lookup","service",y,"path",m()],{timeout:8e3,encoding:"utf8",stdio:["ignore","pipe","ignore"]}).trim();return t?Buffer.from(t,"base64"):void 0}catch(e){if(J(e))throw new Error("OS keychain CLI not found (install libsecret/`secret-tool`), or use WYRM_VAULT_PASSPHRASE / `wyrm vault secure --backend passphrase`.");return}}function Y(e){const t=e.toString("base64");if(w()==="darwin"){f("security",["add-generic-password","-U","-s",y,"-a",m(),"-l",D,"-w",t],{timeout:8e3,stdio:["ignore","ignore","ignore"]});return}f(P(),["store","--label",D,"service",y,"path",m()],{timeout:8e3,input:t,stdio:["pipe","ignore","ignore"]})}function j(){try{w()==="darwin"?f("security",["delete-generic-password","-s",y,"-a",m()],{timeout:8e3,stdio:["ignore","ignore","ignore"]}):f(P(),["clear","service",y,"path",m()],{timeout:8e3,stdio:["ignore","ignore","ignore"]})}catch{}}function H(){try{return w()==="darwin"?(f("security",["find-generic-password","-s",y,"-a","__wyrm_probe__"],{timeout:8e3,stdio:["ignore","ignore","ignore"]}),!0):(f(P(),["lookup","service",y,"path","__wyrm_probe__"],{timeout:8e3,stdio:["ignore","ignore","ignore"]}),!0)}catch(e){if(J(e))return!1;const t=e.status;return t===1||w()==="darwin"&&t===44}}function ae(){try{return O()!==void 0}catch{return!1}}function C(){if(process.env.WYRM_VAULT_PASSPHRASE)return"passphrase";const e=(process.env.WYRM_VAULT_BACKEND||"auto").toLowerCase();if(e==="passphrase"||e==="keychain"||e==="keyfile")return e;if(o(i())){const t=ce();if(t)return t}return ae()?"keychain":o(l())?"keyfile":H()?"keychain":"keyfile"}function G(){const e=C(),t=o(i());if(e==="passphrase"){const n=process.env.WYRM_VAULT_PASSPHRASE;if(!n)throw new Error("passphrase backend selected but WYRM_VAULT_PASSPHRASE is not set.");return t||L("passphrase"),U(n,M(),32)}if(e==="keychain"){let n=O();if(!n){if(t)throw new Error("vault.enc exists but its master key is not in the OS keychain (keyring locked/unavailable, or the key was cleared). Unlock your login keyring and retry, or set WYRM_VAULT_PASSPHRASE if this vault uses a passphrase. Refusing to mint a new key \u2014 it cannot decrypt your existing secrets and would orphan them.");n=d(32),Y(n),L("keychain")}if(n.length!==32)throw new Error("keychain holds a malformed master key (expected 32 bytes).");return n}const r=l();if(!o(r)){if(t)throw new Error("vault.enc exists but vault.key is missing \u2014 this vault was likely created under a different backend (keychain/passphrase). Unlock your OS keyring or set WYRM_VAULT_PASSPHRASE. Refusing to mint a new keyfile \u2014 it cannot decrypt your existing secrets and would orphan them.");T(c(),{recursive:!0,mode:448});const n=d(32);R(r,n,{mode:384});try{S(r,384)}catch{}return L("keyfile"),n}return u(r)}function W(e,t){if(e.length<k+V)throw new Error("vault file is corrupt (too short)");const r=e.subarray(0,k),n=e.subarray(k,k+V),h=e.subarray(k+V),a=Q($,t,r);a.setAuthTag(n);const N=Buffer.concat([a.update(h),a.final()]);return JSON.parse(N.toString("utf8"))}function ue(e,t){const r=d(k),n=X($,t,r),h=Buffer.concat([n.update(JSON.stringify(e),"utf8"),n.final()]),a=n.getAuthTag();return Buffer.concat([r,a,h])}function fe(e){const t=i();if(!o(t))return{};try{return W(u(t),e)}catch{throw new Error("vault decrypt failed \u2014 wrong key/passphrase, or the vault was tampered with.")}}function q(e,t){T(c(),{recursive:!0,mode:448}),R(i(),ue(e,t),{mode:384});try{S(i(),384)}catch{}}function b(){return o(i())?fe(G()):{}}function z(e){q(e,G())}function ge(e,t){if(!e||!/^[\w.\-:/@]+$/.test(e))throw new Error("invalid secret name");const r=b();r[e]=t,z(r)}function we(e){return b()[e]}function Ae(e){return e in b()}function ye(){return Object.keys(b()).sort()}function be(e){const t=b();return e in t?(delete t[e],z(t),!0):!1}function Ee(){try{g(i())}catch{}try{g(x())}catch{}}function le(e){try{const t=ee(e).size,r=te(e,"r+");try{if(t>0){const n=d(t);ie(r,n,0,t,0),re(r)}}finally{ne(r)}}catch{}try{g(e)}catch{}}function he(){if(!o(i()))return{key:null,from:C()};const e=u(i()),t=[];o(l())&&t.push({from:"keyfile",key:u(l())});try{const r=O();r&&t.push({from:"keychain",key:r})}catch{}process.env.WYRM_VAULT_PASSPHRASE&&t.push({from:"passphrase",key:U(process.env.WYRM_VAULT_PASSPHRASE,M(),32)});for(const r of t)try{return W(e,r.key),{key:r.key,from:r.from}}catch{}throw new Error("could not decrypt the current vault with any available key (keyfile / keychain / passphrase).")}function _e(e={}){const t=e.backend??"keychain",r=e.rotate??!0,{key:n,from:h}=he(),a=n?W(u(i()),n):{},N=Object.keys(a).length;let s="";if(o(i())){s=i()+".bak."+new Date().toISOString().replace(/[:.]/g,"-"),I(i(),s);try{S(s,384)}catch{}}let v,E;if(t==="keychain"){if(!H())throw new Error("OS keychain not reachable \u2014 cannot migrate to keychain. Unlock your login keyring, or use `--backend passphrase`.");E=O(),v=r?d(32):E??d(32),Y(v)}else{const p=process.env.WYRM_VAULT_PASSPHRASE;if(!p)throw new Error("migrate to passphrase requires WYRM_VAULT_PASSPHRASE to be set.");v=U(p,M(),32)}const B=()=>{if(t==="keychain")if(E)try{Y(E)}catch{}else j()};try{q(a,v);const p=W(u(i()),v),_=Buffer.from(JSON.stringify(p)),F=Buffer.from(JSON.stringify(a));if(_.length!==F.length||!Z(_,F))throw new Error("post-migration verification mismatch")}catch(p){if(s){try{I(s,i())}catch(_){throw B(),new Error(`CRITICAL: vault rollback failed \u2014 vault.enc may be partially written. Restore manually:  cp "${s}" "${i()}"  (${_.message})`)}try{g(s)}catch{}}throw B(),new Error("migration aborted (vault left unchanged): "+p.message)}L(t);let K=!1;if(o(l())&&(le(l()),K=!0),t==="passphrase"&&j(),s){try{g(s)}catch{}s=""}return{from:h,to:t,rotated:r,secrets:N,backup:s,keyfileShredded:K}}function de(){const e=C();let t=0;try{t=ye().length}catch{}const r=o(l()),n=e==="keychain"?!0:(()=>{try{return H()}catch{return!1}})(),h=(e==="keychain"||e==="passphrase")&&!r;return{dir:c(),vault:i(),key:l(),backend:e,mode:e,count:t,keyfileOnDisk:r,keychainAvailable:n,secure:h}}function Re(){let e;try{e=de()}catch{return[]}if(e.secure)return[];const t=[];return t.push(e.count>0?`\u26A0\uFE0F The credential vault holds ${e.count} secret(s) but the master key is a PLAINTEXT file (\`${e.key}\`) sitting beside the ciphertext \u2014 at-rest encryption is effectively defeated against anyone who can read \`${e.dir}\` (a backup, a synced dotfiles repo, an exfiltrated tarball).`:"\u26A0\uFE0F The credential vault's master key would be stored as a plaintext file beside the ciphertext."),t.push(e.keychainAvailable?'Fix in one step \u2014 run **`wyrm vault setup`** (moves the key into the OS keychain, rotates it, shreds the plaintext key). Then store secrets with `printf %s "$TOKEN" | wyrm vault set <name>` and use them via `wyrm vault exec <name> -- <cmd>` (never echoed).':"No OS keychain on this host \u2014 set `WYRM_VAULT_PASSPHRASE`, then run **`wyrm vault setup`** (derives the key from the passphrase; nothing on disk)."),t}export{C as resolveBackend,Re as vaultAdvisory,Ee as vaultDestroy,we as vaultGet,Ae as vaultHas,ye as vaultList,de as vaultPaths,be as vaultRemove,_e as vaultSecure,ge as vaultSet};