2707fca32b
Phase 1-5 complete per .agents/specs/u6u-core-mvp/: **Phase 1 — Cherry-pick & cleanup** - Create arcrun/ from cypher-executor, credentials, builtins, registry - Remove 9 InkStone Service Bindings (KBDB, REGISTRY, CLINIC_*, AICEO, MINI_ME) - Rewrite component-loader: 3-layer (builtin → WASM_BUCKET R2 → error) - Remove autoPublishMissing.ts, proxy.ts (AICEO), execution-logger.ts (KBDB) - Clean all KV namespace IDs and InkStone internal URLs from config files **Phase 2 — contract.yaml completeness** - Add credentials_required to gmail, google_sheets, telegram, line_notify - Add config_example to all 21 components with annotated field descriptions **Phase 3 — Credential injection** - Add credential-injector.ts: AES-GCM decrypt from CREDENTIALS_KV - Integrate into GraphExecutor before WASM execution - Structured errors with repair instructions when credential missing **Phase 4 — CLI (acr)** - cli/package.json: arcrun package, bin: acr, deps: commander/js-yaml/chalk/ora - 8 commands: init, creds push, push, run, validate, parts, list, logs - Standard mode: writes directly to user's CF KV via CF REST API - acr init: interactive setup with arcrun.dev API Key registration **Phase 5 — Open source release prep** - README.md: 5-minute quickstart, component table, workflow YAML syntax - CONTRIBUTING.md: TinyGo dev env, component scaffolding, submission flow - Security audit: no InkStone internal URLs/IDs in committed files - .gitignore: exclude credentials.yaml, .wrangler, *.wasm https://claude.ai/code/session_01BnCdSLVH8tUed9VrrPavgT
29 lines
1.3 KiB
TypeScript
29 lines
1.3 KiB
TypeScript
// crypto:AES-GCM 加解密工具(Web Crypto API)
|
||
|
||
/** 從 hex 字串匯入 AES-GCM key */
|
||
async function importKey(hexKey: string): Promise<CryptoKey> {
|
||
const raw = new Uint8Array(hexKey.match(/.{1,2}/g)!.map(b => parseInt(b, 16)));
|
||
return crypto.subtle.importKey('raw', raw, { name: 'AES-GCM' }, false, ['encrypt', 'decrypt']);
|
||
}
|
||
|
||
/** 加密 plaintext,回傳 { encrypted, iv }(均為 base64) */
|
||
export async function encrypt(plaintext: string, hexKey: string): Promise<{ encrypted: string; iv: string }> {
|
||
const key = await importKey(hexKey);
|
||
const iv = crypto.getRandomValues(new Uint8Array(12));
|
||
const encoded = new TextEncoder().encode(plaintext);
|
||
const cipherBuf = await crypto.subtle.encrypt({ name: 'AES-GCM', iv }, key, encoded);
|
||
return {
|
||
encrypted: btoa(String.fromCharCode(...new Uint8Array(cipherBuf))),
|
||
iv: btoa(String.fromCharCode(...iv)),
|
||
};
|
||
}
|
||
|
||
/** 解密,回傳 plaintext */
|
||
export async function decrypt(encrypted: string, iv: string, hexKey: string): Promise<string> {
|
||
const key = await importKey(hexKey);
|
||
const ivBuf = Uint8Array.from(atob(iv), c => c.charCodeAt(0));
|
||
const cipherBuf = Uint8Array.from(atob(encrypted), c => c.charCodeAt(0));
|
||
const plainBuf = await crypto.subtle.decrypt({ name: 'AES-GCM', iv: ivBuf }, key, cipherBuf);
|
||
return new TextDecoder().decode(plainBuf);
|
||
}
|