UNPKG

@kya-os/cli

Version:

CLI for MCP-I setup and management

github.com/kya-os/cli

kya-os/cli

159 lines 5.26 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
/** * Identity management utilities for key rotation and archiving */ import { existsSync, mkdirSync, writeFileSync, readFileSync, unlinkSync, } from "fs"; import { join } from "path"; import crypto from "crypto"; /** * Generate a new Ed25519 keypair */ export function generateKeyPair() { // Generate Ed25519 keypair const { privateKey, publicKey } = crypto.generateKeyPairSync("ed25519", { privateKeyEncoding: { type: "pkcs8", format: "der" }, publicKeyEncoding: { type: "spki", format: "der" }, }); // Convert to base64 const privateKeyBase64 = Buffer.from(privateKey).toString("base64"); const publicKeyBase64 = Buffer.from(publicKey).toString("base64"); // Generate key ID (first 8 chars of public key hash) const kid = `key-${crypto.createHash("sha256").update(publicKey).digest("hex").slice(0, 8)}`; return { privateKey: privateKeyBase64, publicKey: publicKeyBase64, kid, }; } /** * Generate a new DID based on the current environment */ export function generateDID(kid) { const isDev = !process.env.AGENT_PRIVATE_KEY; if (isDev) { // Development DID return `did:web:localhost:3000:agents:${kid}`; } else { // Production DID - should be configured via environment const existingDID = process.env.AGENT_DID; if (existingDID) { return existingDID; } throw new Error("AGENT_DID environment variable is required in production"); } } /** * Load current identity from file or environment */ export function loadCurrentIdentity() { const isDev = !process.env.AGENT_PRIVATE_KEY; if (isDev) { // Load from .mcpi/identity.json const identityFile = join(process.cwd(), ".mcpi", "identity.json"); if (!existsSync(identityFile)) { return null; } try { const data = JSON.parse(readFileSync(identityFile, "utf-8")); return data; } catch (error) { console.warn(`Warning: Could not load identity file: ${error}`); return null; } } else { // Load from environment variables const privateKey = process.env.AGENT_PRIVATE_KEY; const kid = process.env.AGENT_KEY_ID; const did = process.env.AGENT_DID; if (!privateKey || !kid || !did) { return null; } // We don't have public key in env, but we can derive it from private key if needed return { version: "1.0", did, kid, privateKey, publicKey: "", // Not available from env createdAt: new Date().toISOString(), lastRotated: new Date().toISOString(), }; } } /** * Archive old key to .mcpi/keys/YYYY-MM-DD.json */ export function archiveOldKey(identity, reason) { const keysDir = join(process.cwd(), ".mcpi", "keys"); if (!existsSync(keysDir)) { mkdirSync(keysDir, { recursive: true }); } // Create archive filename with timestamp const timestamp = new Date().toISOString().split("T")[0]; // YYYY-MM-DD let archiveFile = join(keysDir, `${timestamp}.json`); // If file exists, add a counter let counter = 1; while (existsSync(archiveFile)) { archiveFile = join(keysDir, `${timestamp}-${counter}.json`); counter++; } const archiveData = { did: identity.did, kid: identity.kid, privateKey: identity.privateKey, publicKey: identity.publicKey, archivedAt: new Date().toISOString(), reason: reason || "Key rotation", originalCreatedAt: identity.createdAt, originalLastRotated: identity.lastRotated, }; writeFileSync(archiveFile, JSON.stringify(archiveData, null, 2)); return archiveFile; } /** * Generate new identity with optional DID preservation */ export function generateNewIdentity(preserveDID) { const { privateKey, publicKey, kid } = generateKeyPair(); const did = preserveDID || generateDID(kid); const now = new Date().toISOString(); return { version: "1.0", did, kid, privateKey, publicKey, createdAt: now, lastRotated: now, }; } /** * Save identity to development file */ export function saveIdentityToDev(identity) { const mcpiDir = join(process.cwd(), ".mcpi"); if (!existsSync(mcpiDir)) { mkdirSync(mcpiDir, { recursive: true }); } const identityFile = join(mcpiDir, "identity.json"); writeFileSync(identityFile, JSON.stringify(identity, null, 2)); } /** * Clear development identity file */ export function clearDevIdentity() { const identityFile = join(process.cwd(), ".mcpi", "identity.json"); if (existsSync(identityFile)) { unlinkSync(identityFile); } } /** * Generate audit line for key rotation */ export function generateAuditLine(oldKeyId, newKeyId, did, mode, delegated, forced) { const ts = Math.floor(Date.now() / 1000); return `keys.rotate.v1 ts=${ts} did=${did} oldKid=${oldKeyId} newKid=${newKeyId} mode=${mode} delegated=${delegated ? "yes" : "no"} force=${forced ? "yes" : "no"}`; } //# sourceMappingURL=identity-manager.js.map