diff --git a/.DS_Store b/.DS_Store index 5fb4de8..a763035 100644 Binary files a/.DS_Store and b/.DS_Store differ diff --git a/clovis/.DS_Store b/clavis/.DS_Store similarity index 100% rename from clovis/.DS_Store rename to clavis/.DS_Store diff --git a/clovis/._.DS_Store b/clavis/._.DS_Store similarity index 100% rename from clovis/._.DS_Store rename to clavis/._.DS_Store diff --git a/clovis/Makefile b/clavis/Makefile similarity index 85% rename from clovis/Makefile rename to clavis/Makefile index fc67032..85b92b9 100644 --- a/clovis/Makefile +++ b/clavis/Makefile @@ -1,4 +1,4 @@ -# Clovis — build pipeline +# Clavis — build pipeline # FIPS 140-3: BoringCrypto via GOEXPERIMENT=boringcrypto # Requires Go 1.24+ (verified: go1.24.0) # @@ -11,12 +11,12 @@ GOEXPERIMENT := boringcrypto export GOEXPERIMENT -VAULT_DIR := clovis-vault -CLI_DIR := clovis-cli -CRYPTO_DIR := clovis-crypto +VAULT_DIR := clavis-vault +CLI_DIR := clavis-cli +CRYPTO_DIR := clavis-crypto VAULT_BIN := $(VAULT_DIR)/clavitor -CLI_BIN := $(CLI_DIR)/clovis-cli +CLI_BIN := $(CLI_DIR)/clavis-cli VAULT_ENTRY := ./cmd/clavitor @@ -64,21 +64,21 @@ verify-fips-vault: # --- process management --- stop-vault: - @pkill -f './clavitor$$' 2>/dev/null || pkill -f 'clovis-vault/clavitor$$' 2>/dev/null || true + @pkill -f './clavitor$$' 2>/dev/null || pkill -f 'clavis-vault/clavitor$$' 2>/dev/null || true @sleep 0.5 stop: stop-vault restart-vault: stop-vault - cd $(VAULT_DIR) && set -a && . ./.env && set +a && nohup ./clavitor > /tmp/clovis-vault.log 2>&1 & + cd $(VAULT_DIR) && set -a && . ./.env && set +a && nohup ./clavitor > /tmp/clavis-vault.log 2>&1 & @sleep 1 - @ss -tlnp | grep -q ':1984' && echo "vault running on :1984 ✓" || { echo "vault failed to start ✗"; cat /tmp/clovis-vault.log; exit 1; } + @ss -tlnp | grep -q ':1984' && echo "vault running on :1984 ✓" || { echo "vault failed to start ✗"; cat /tmp/clavis-vault.log; exit 1; } restart: restart-vault status: @echo "--- processes ---" - @ps aux | grep -E '(clavitor|clovis)' | grep -v grep || echo "nothing running" + @ps aux | grep -E '(clavitor|clavis)' | grep -v grep || echo "nothing running" @echo "--- ports ---" @ss -tlnp | grep -E ':1984' || echo "no vault port open" @echo "--- fips ---" @@ -87,7 +87,7 @@ status: # --- logs --- logs-vault: - @tail -f /tmp/clovis-vault.log + @tail -f /tmp/clavis-vault.log # --- clean --- diff --git a/clovis/README.md b/clavis/README.md similarity index 56% rename from clovis/README.md rename to clavis/README.md index 822d403..880c9a1 100644 --- a/clovis/README.md +++ b/clavis/README.md @@ -1,28 +1,28 @@ -# Clovis +# Clavis Secure vault platform with multi-client support. ## Architecture -**Clovis is the vault server.** Everything else is a client that talks to it. +**Clavis is the vault server.** Everything else is a client that talks to it. ## Structure ### Active Development | Directory | Purpose | Status | |-----------|---------|--------| -| `clovis-vault/` | Vault server with embedded UI (Go, FIPS 140-3) | **Active** | -| `clovis-crypto/` | JavaScript crypto layer | **Active** | -| `clovis-cli/` | CLI for agents | **Active** | -| `clovis-chrome/` | Chrome browser extension | **Active** | +| `clavis-vault/` | Vault server with embedded UI (Go, FIPS 140-3) | **Active** | +| `clavis-crypto/` | JavaScript crypto layer | **Active** | +| `clavis-cli/` | CLI for agents | **Active** | +| `clavis-chrome/` | Chrome browser extension | **Active** | ### Planned | Directory | Purpose | Status | |-----------|---------|--------| -| `clovis-firefox/` | Firefox browser extension | Announced | -| `clovis-safari/` | Safari browser extension | Announced | -| `clovis-ios/` | iOS native app | Announced | -| `clovis-android/` | Android native app | Announced | +| `clavis-firefox/` | Firefox browser extension | Announced | +| `clavis-safari/` | Safari browser extension | Announced | +| `clavis-ios/` | iOS native app | Announced | +| `clavis-android/` | Android native app | Announced | ## Build @@ -38,9 +38,9 @@ make logs-web # Tail web logs ## Clients The vault supports multiple client types: -- **Web**: Built-in UI served by vault (`clovis-vault/`) -- **CLI**: Command-line tool for automation/agents (`clovis-cli/`) -- **Browser Extension**: Auto-fill and TOTP in Chrome (`clovis-chrome/`) +- **Web**: Built-in UI served by vault (`clavis-vault/`) +- **CLI**: Command-line tool for automation/agents (`clavis-cli/`) +- **Browser Extension**: Auto-fill and TOTP in Chrome (`clavis-chrome/`) - **Mobile**: Native iOS/Android apps (planned) ## Security diff --git a/clovis/clovis-android/README.md b/clavis/clavis-android/README.md similarity index 100% rename from clovis/clovis-android/README.md rename to clavis/clavis-android/README.md diff --git a/clovis/clovis-chrome/README.md b/clavis/clavis-chrome/README.md similarity index 100% rename from clovis/clovis-chrome/README.md rename to clavis/clavis-chrome/README.md diff --git a/clavis/clavis-cli/CLAUDE.md b/clavis/clavis-cli/CLAUDE.md new file mode 100644 index 0000000..6bdc7dd --- /dev/null +++ b/clavis/clavis-cli/CLAUDE.md @@ -0,0 +1,55 @@ +# clavis-cli + +Pure C CLI for credential access by AI agents. Talks to a Clavitor vault over HTTPS, decrypts L2 fields locally. + +## Build + +``` +make # build for host +make strip # strip binary +make clean # remove artifacts +``` + +Target: `clavitor-cli` binary, <1MB stripped. Requires: C11 compiler, POSIX (Linux/macOS/FreeBSD/Windows). + +## Architecture + +- **src/main.c** — CLI entry point, argument parsing, commands (get, list, totp, test-crypto, test-roundtrip, eval, test-totp) +- **src/http.c** — HTTPS client using BearSSL. Loads system CA certs for TLS validation. Supports plain HTTP fallback. +- **src/keystore.c** — Config storage at `~/.config/clavitor/config`. AES-128-GCM encrypted + HMAC-SHA256 signed. Inconvenience barrier only — real security is vault-side. +- **src/jsbridge.c** — QuickJS bridge exposing BearSSL crypto primitives to JS. Loads `crypto/crypto.js` and `crypto/totp.js` from `../clavis-crypto/`. +- **src/util.c** — Base64 (standard + url-safe), URL encoding. + +## Vendored dependencies + +All in `vendor/`, no system package dependencies: +- **BearSSL** — TLS, AES-GCM, HKDF, HMAC, PRNG +- **QuickJS** — JS runtime for shared crypto logic +- **cJSON** — JSON parsing + +## Crypto design + +Three-tier encryption model: +- **L1** — first 8 bytes of L2 key, used as Bearer auth token +- **L2** — 16-byte AES-128-GCM key, client-side field encryption/decryption +- **L3** — requires hardware key (not handled by CLI) + +JS crypto in `../clavis-crypto/` is the single source of truth for encrypt/decrypt logic. The C code bridges BearSSL primitives into QuickJS so the same JS runs in CLI and browser. + +## Token format + +`--token` value is a base64url-encoded, AES-GCM encrypted blob containing: `vault_host \0 agent_name \0 l2_key_16_bytes`. Decrypted using HKDF-derived key from seed `clavitor-l2-`. + +## Vault communication + +All API calls go to `https://:1984` with `Authorization: Bearer ` and `X-Agent: ` headers. + +Endpoints used: `/api/entries`, `/api/search?q=`, `/api/entries/`, `/api/ext/totp/`. + +## Testing + +``` +./clavitor-cli test-crypto # BearSSL + JS crypto self-tests +./clavitor-cli test-totp # TOTP generation from base32 seed +./clavitor-cli test-roundtrip # runs crypto/test_crypto.js +``` diff --git a/clovis/clovis-cli/Makefile b/clavis/clavis-cli/Makefile similarity index 98% rename from clovis/clovis-cli/Makefile rename to clavis/clavis-cli/Makefile index 13a3f56..f260f5b 100644 --- a/clovis/clovis-cli/Makefile +++ b/clavis/clavis-cli/Makefile @@ -32,7 +32,7 @@ VENDOR_DIR := vendor BEARSSL_DIR := $(VENDOR_DIR)/bearssl QUICKJS_DIR := $(VENDOR_DIR)/quickjs CJSON_DIR := $(VENDOR_DIR)/cjson -CRYPTO_DIR := ../clovis-crypto +CRYPTO_DIR := ../clavis-crypto # Output binary BIN := clavitor-cli diff --git a/clovis/clovis-cli/src/http.c b/clavis/clavis-cli/src/http.c similarity index 98% rename from clovis/clovis-cli/src/http.c rename to clavis/clavis-cli/src/http.c index c89a423..16de49c 100644 --- a/clovis/clovis-cli/src/http.c +++ b/clavis/clavis-cli/src/http.c @@ -329,7 +329,7 @@ static int parse_url(const char *url, struct parsed_url *out) { /* --- parse HTTP response --- */ -static int parse_response(char *resp_buf, size_t resp_len, struct v84_response *resp) { +static int parse_response(char *resp_buf, size_t resp_len, struct clv_response *resp) { if (resp_len < 12 || strncmp(resp_buf, "HTTP/", 5) != 0) { fprintf(stderr, "error: invalid HTTP response\n"); free(resp_buf); @@ -362,7 +362,7 @@ static int parse_response(char *resp_buf, size_t resp_len, struct v84_response * /* --- HTTP GET (plain) --- */ static int http_get_plain(const struct parsed_url *pu, const char *bearer_token, - const char *agent_name, struct v84_response *resp) { + const char *agent_name, struct clv_response *resp) { SOCKET fd = tcp_connect(pu->host, pu->port); if (fd == INVALID_SOCKET) return -1; @@ -401,7 +401,7 @@ static int http_get_plain(const struct parsed_url *pu, const char *bearer_token, /* --- HTTPS GET (BearSSL TLS) --- */ static int http_get_tls(const struct parsed_url *pu, const char *bearer_token, - const char *agent_name, struct v84_response *resp) { + const char *agent_name, struct clv_response *resp) { SOCKET fd = tcp_connect(pu->host, pu->port); if (fd == INVALID_SOCKET) return -1; @@ -476,7 +476,7 @@ static int http_get_tls(const struct parsed_url *pu, const char *bearer_token, /* --- public API --- */ int http_get(const char *url, const char *bearer_token, const char *agent_name, - struct v84_response *resp) { + struct clv_response *resp) { memset(resp, 0, sizeof(*resp)); struct parsed_url pu; diff --git a/clovis/clovis-cli/src/http.h b/clavis/clavis-cli/src/http.h similarity index 80% rename from clovis/clovis-cli/src/http.h rename to clavis/clavis-cli/src/http.h index bf8cc8e..fc6d5d8 100644 --- a/clovis/clovis-cli/src/http.h +++ b/clavis/clavis-cli/src/http.h @@ -2,12 +2,12 @@ * clavitor CLI — HTTPS client (BearSSL) */ -#ifndef V84_HTTP_H -#define V84_HTTP_H +#ifndef CLV_HTTP_H +#define CLV_HTTP_H #include -struct v84_response { +struct clv_response { int status; /* HTTP status code */ char *body; /* response body (malloc'd, caller frees) */ size_t body_len; @@ -16,6 +16,6 @@ struct v84_response { /* Perform HTTPS GET with Bearer auth + optional X-Agent header. * agent_name can be NULL to omit the header. */ int http_get(const char *url, const char *bearer_token, const char *agent_name, - struct v84_response *resp); + struct clv_response *resp); #endif diff --git a/clovis/clovis-cli/src/jsbridge.c b/clavis/clavis-cli/src/jsbridge.c similarity index 96% rename from clovis/clovis-cli/src/jsbridge.c rename to clavis/clavis-cli/src/jsbridge.c index 0112fa7..315356b 100644 --- a/clovis/clovis-cli/src/jsbridge.c +++ b/clavis/clavis-cli/src/jsbridge.c @@ -73,7 +73,7 @@ static JSValue js_random_bytes(JSContext *ctx, JSValueConst this_val, uint8_t *buf = malloc((size_t)n); br_hmac_drbg_context drbg; - br_hmac_drbg_init(&drbg, &br_sha256_vtable, "vault1984-seed", 14); + br_hmac_drbg_init(&drbg, &br_sha256_vtable, "clavitor-seed", 13); /* Seed with system RNG */ uint8_t seed[32]; @@ -105,7 +105,7 @@ static JSValue js_aes_gcm_encrypt(JSContext *ctx, JSValueConst this_val, /* Generate random 12-byte nonce */ uint8_t nonce[12]; br_hmac_drbg_context drbg; - br_hmac_drbg_init(&drbg, &br_sha256_vtable, "vault1984-nonce", 15); + br_hmac_drbg_init(&drbg, &br_sha256_vtable, "clavitor-nonce", 14); br_prng_seeder seeder = br_prng_seeder_system(NULL); if (seeder) seeder(&drbg.vtable); br_hmac_drbg_generate(&drbg, nonce, 12); @@ -453,8 +453,8 @@ char *jsbridge_totp(const char *seed_b32) { if (!ctx) return NULL; JSValue global = JS_GetGlobalObject(ctx); - JSValue v84 = JS_GetPropertyStr(ctx, global, "vault1984"); - JSValue totp_obj = JS_GetPropertyStr(ctx, v84, "totp"); + JSValue clv = JS_GetPropertyStr(ctx, global, "clavitor"); + JSValue totp_obj = JS_GetPropertyStr(ctx, clv, "totp"); JSValue fn = JS_GetPropertyStr(ctx, totp_obj, "generate_totp"); JSValue args[1] = { JS_NewString(ctx, seed_b32) }; @@ -479,7 +479,7 @@ char *jsbridge_totp(const char *seed_b32) { JS_FreeValue(ctx, result); JS_FreeValue(ctx, fn); JS_FreeValue(ctx, totp_obj); - JS_FreeValue(ctx, v84); + JS_FreeValue(ctx, clv); JS_FreeValue(ctx, global); return out; } @@ -513,8 +513,8 @@ char *jsbridge_encrypt_field(const unsigned char *key, size_t key_len, if (!ctx) return NULL; JSValue global = JS_GetGlobalObject(ctx); - JSValue v84 = JS_GetPropertyStr(ctx, global, "vault1984"); - JSValue crypto_obj = JS_GetPropertyStr(ctx, v84, "crypto"); + JSValue clv = JS_GetPropertyStr(ctx, global, "clavitor"); + JSValue crypto_obj = JS_GetPropertyStr(ctx, clv, "crypto"); JSValue fn = JS_GetPropertyStr(ctx, crypto_obj, "encrypt_field"); JSValue key_arr = js_new_uint8array(ctx, key, key_len); @@ -542,7 +542,7 @@ char *jsbridge_encrypt_field(const unsigned char *key, size_t key_len, JS_FreeValue(ctx, result); JS_FreeValue(ctx, fn); JS_FreeValue(ctx, crypto_obj); - JS_FreeValue(ctx, v84); + JS_FreeValue(ctx, clv); JS_FreeValue(ctx, global); return out; } @@ -552,8 +552,8 @@ char *jsbridge_decrypt_field(const unsigned char *key, size_t key_len, if (!ctx) return NULL; JSValue global = JS_GetGlobalObject(ctx); - JSValue v84 = JS_GetPropertyStr(ctx, global, "vault1984"); - JSValue crypto_obj = JS_GetPropertyStr(ctx, v84, "crypto"); + JSValue clv = JS_GetPropertyStr(ctx, global, "clavitor"); + JSValue crypto_obj = JS_GetPropertyStr(ctx, clv, "crypto"); JSValue fn = JS_GetPropertyStr(ctx, crypto_obj, "decrypt_field"); JSValue key_arr = js_new_uint8array(ctx, key, key_len); @@ -581,7 +581,7 @@ char *jsbridge_decrypt_field(const unsigned char *key, size_t key_len, JS_FreeValue(ctx, result); JS_FreeValue(ctx, fn); JS_FreeValue(ctx, crypto_obj); - JS_FreeValue(ctx, v84); + JS_FreeValue(ctx, clv); JS_FreeValue(ctx, global); return out; } diff --git a/clovis/clovis-cli/src/jsbridge.h b/clavis/clavis-cli/src/jsbridge.h similarity index 96% rename from clovis/clovis-cli/src/jsbridge.h rename to clavis/clavis-cli/src/jsbridge.h index 6a3a59b..a58cca6 100644 --- a/clovis/clovis-cli/src/jsbridge.h +++ b/clavis/clavis-cli/src/jsbridge.h @@ -3,8 +3,8 @@ * Exposes BearSSL crypto primitives to JavaScript. */ -#ifndef V84_JSBRIDGE_H -#define V84_JSBRIDGE_H +#ifndef CLV_JSBRIDGE_H +#define CLV_JSBRIDGE_H #include diff --git a/clovis/clovis-cli/src/keystore.c b/clavis/clavis-cli/src/keystore.c similarity index 96% rename from clovis/clovis-cli/src/keystore.c rename to clavis/clavis-cli/src/keystore.c index a4216b5..005f5af 100644 --- a/clovis/clovis-cli/src/keystore.c +++ b/clavis/clavis-cli/src/keystore.c @@ -1,5 +1,5 @@ /* - * v1984 CLI — config and key storage + * clavitor CLI — config and key storage * * Config file format (binary): * [4 bytes] magic "V19\x01" @@ -35,7 +35,7 @@ #endif /* Config encryption key — derived from a string that also appears in the web UI */ -static const char CONFIG_SEED[] = "vault1984-l2-"; +static const char CONFIG_SEED[] = "clavitor-l2-"; static const unsigned char CONFIG_MAGIC[4] = { 'V', '1', '9', 0x01 }; /* Derive 16-byte config encryption key from seed */ @@ -74,7 +74,7 @@ static int get_config_dir(char *buf, size_t len) { fprintf(stderr, "error: cannot determine home directory\n"); return -1; } - snprintf(buf, len, "%s/.config/v1984", home); + snprintf(buf, len, "%s/.config/clavitor", home); return 0; } @@ -127,7 +127,7 @@ int keystore_init(const char *vault_url, const char *agent_name, /* Generate nonce */ unsigned char nonce[12]; br_hmac_drbg_context drbg; - br_hmac_drbg_init(&drbg, &br_sha256_vtable, "v1984-init", 10); + br_hmac_drbg_init(&drbg, &br_sha256_vtable, "clavitor-init", 13); br_prng_seeder seeder = br_prng_seeder_system(NULL); if (seeder) seeder(&drbg.vtable); br_hmac_drbg_generate(&drbg, nonce, 12); @@ -177,14 +177,14 @@ int keystore_init(const char *vault_url, const char *agent_name, memset(enc_key, 0, 16); memset(hmac_key, 0, 16); - fprintf(stderr, "v1984: initialized\n"); + fprintf(stderr, "clavitor: initialized\n"); fprintf(stderr, " vault: %s\n", vault_url); fprintf(stderr, " agent: %s\n", agent_name); fprintf(stderr, " config: %s/config\n", dir); return 0; } -int keystore_load(struct v84_config *cfg) { +int keystore_load(struct clv_config *cfg) { memset(cfg, 0, sizeof(*cfg)); char dir[512]; @@ -194,7 +194,7 @@ int keystore_load(struct v84_config *cfg) { snprintf(path, sizeof(path), "%s/config", dir); FILE *f = fopen(path, "rb"); if (!f) { - fprintf(stderr, "error: not initialized. Run: v1984 init\n"); + fprintf(stderr, "error: not initialized. Run: clavitor init\n"); return -1; } diff --git a/clovis/clovis-cli/src/keystore.h b/clavis/clavis-cli/src/keystore.h similarity index 65% rename from clovis/clovis-cli/src/keystore.h rename to clavis/clavis-cli/src/keystore.h index 12afbfb..1b0a435 100644 --- a/clovis/clovis-cli/src/keystore.h +++ b/clavis/clavis-cli/src/keystore.h @@ -1,5 +1,5 @@ /* - * v1984 CLI — config and key storage + * clavitor CLI — config and key storage * * Config is encrypted with a static key (inconvenience barrier) * and signed with HMAC (tamper detection). Not security theater — @@ -7,22 +7,22 @@ * and lockout. */ -#ifndef V84_KEYSTORE_H -#define V84_KEYSTORE_H +#ifndef CLV_KEYSTORE_H +#define CLV_KEYSTORE_H #include -struct v84_config { - char vault_url[512]; /* e.g. https://use.vault1984.com:1984 */ +struct clv_config { + char vault_url[512]; /* e.g. https://use.clavitor.com:1984 */ char agent_name[128]; /* e.g. claude-code-forge */ unsigned char l2_key[16]; /* L2 encryption key (16 bytes) */ }; -/* Initialize config: encrypt and write to ~/.config/v1984/config */ +/* Initialize config: encrypt and write to ~/.config/clavitor/config */ int keystore_init(const char *vault_url, const char *agent_name, const unsigned char *l2_key, size_t l2_key_len); /* Load config: read, verify signature, decrypt */ -int keystore_load(struct v84_config *cfg); +int keystore_load(struct clv_config *cfg); #endif diff --git a/clovis/clovis-cli/src/main.c b/clavis/clavis-cli/src/main.c similarity index 96% rename from clovis/clovis-cli/src/main.c rename to clavis/clavis-cli/src/main.c index 6f33622..29b4e12 100644 --- a/clovis/clovis-cli/src/main.c +++ b/clavis/clavis-cli/src/main.c @@ -38,11 +38,11 @@ static void usage(void) { /* --- URL + auth helpers --- */ -static void build_url(char *buf, size_t len, const struct v84_config *cfg, const char *path) { +static void build_url(char *buf, size_t len, const struct clv_config *cfg, const char *path) { snprintf(buf, len, "%s%s", cfg->vault_url, path); } -static void get_bearer(const struct v84_config *cfg, char *buf, size_t len) { +static void get_bearer(const struct clv_config *cfg, char *buf, size_t len) { base64_encode(cfg->l2_key, 8, buf, len); /* L1 = first 8 bytes */ } @@ -118,8 +118,8 @@ static int cmd_test_crypto(void) { { /* L2 field roundtrip */ char *r = jsbridge_eval( "var k = new Uint8Array([1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16]);" - "var ct = vault1984.crypto.l2_encrypt_field(k, 'abcdef01', 'pw', 'secret');" - "var pt = vault1984.crypto.l2_decrypt_field(k, 'abcdef01', 'pw', ct);" + "var ct = clavitor.crypto.l2_encrypt_field(k, 'abcdef01', 'pw', 'secret');" + "var pt = clavitor.crypto.l2_decrypt_field(k, 'abcdef01', 'pw', ct);" "'l2 roundtrip: ' + (pt === 'secret' ? 'OK' : 'FAIL');"); if (r) { fprintf(stderr, " [JS] %s\n", r); free(r); } } @@ -150,7 +150,7 @@ static int cmd_test_crypto(void) { /* TOTP RFC 6238 test vector */ char *code = jsbridge_eval( - "vault1984.totp.generate_totp('GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ', 59, 30, 6);"); + "clavitor.totp.generate_totp('GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ', 59, 30, 6);"); if (!code || strcmp(code, "287082") != 0) { fprintf(stderr, "FAIL: TOTP (got %s, expect 287082)\n", code ? code : "null"); free(code); jsbridge_cleanup(); return 1; @@ -184,7 +184,7 @@ int main(int argc, char **argv) { jsbridge_cleanup(); return 1; } - char *r = jsbridge_eval("globalThis._v1984_test_result"); + char *r = jsbridge_eval("globalThis._clavitor_test_result"); if (r) { printf("%s\n", r); } int ok = (r && strstr(r, "FAILED") == NULL); free(r); @@ -241,7 +241,7 @@ int main(int argc, char **argv) { char js_code[2048]; snprintf(js_code, sizeof(js_code), "(function() {" - " var seed = native_encode_utf8('vault1984-l2-');" + " var seed = native_encode_utf8('clavitor-l2-');" " var encKey = native_hkdf_sha256(seed, null, native_encode_utf8('token'), 16);" " var ct = native_base64_decode('%s');" " var pt = native_aes_gcm_decrypt_blob(encKey, ct);" @@ -288,7 +288,7 @@ int main(int argc, char **argv) { } /* Build config from token */ - struct v84_config cfg; + struct clv_config cfg; memset(&cfg, 0, sizeof(cfg)); snprintf(cfg.vault_url, sizeof(cfg.vault_url), "https://%s:1984", vault_host); snprintf(cfg.agent_name, sizeof(cfg.agent_name), "%s", agent_name); @@ -314,7 +314,7 @@ int main(int argc, char **argv) { build_url(url, sizeof(url), &cfg, "/api/entries"); } - struct v84_response resp; + struct clv_response resp; if (http_get(url, bearer, cfg.agent_name, &resp) != 0) { fprintf(stderr, "error: request failed\n"); return 1; } if (resp.status != 200) { fprintf(stderr, "error: server returned %d\n", resp.status); free(resp.body); return 1; } if (json_output) { printf("%s\n", resp.body); free(resp.body); return 0; } @@ -348,7 +348,7 @@ int main(int argc, char **argv) { snprintf(path, sizeof(path), "/api/search?q=%s", encoded); build_url(url, sizeof(url), &cfg, path); - struct v84_response resp; + struct clv_response resp; if (http_get(url, bearer, cfg.agent_name, &resp) != 0) { fprintf(stderr, "error: search failed\n"); return 1; } if (resp.status != 200) { fprintf(stderr, "error: server returned %d\n", resp.status); free(resp.body); return 1; } diff --git a/clovis/clovis-cli/src/util.c b/clavis/clavis-cli/src/util.c similarity index 100% rename from clovis/clovis-cli/src/util.c rename to clavis/clavis-cli/src/util.c diff --git a/clovis/clovis-cli/src/util.h b/clavis/clavis-cli/src/util.h similarity index 92% rename from clovis/clovis-cli/src/util.h rename to clavis/clavis-cli/src/util.h index 10f84c2..7038de3 100644 --- a/clovis/clovis-cli/src/util.h +++ b/clavis/clavis-cli/src/util.h @@ -2,8 +2,8 @@ * clavitor CLI — utility functions */ -#ifndef V84_UTIL_H -#define V84_UTIL_H +#ifndef CLV_UTIL_H +#define CLV_UTIL_H #include diff --git a/clovis/clovis-cli/vendor/bearssl b/clavis/clavis-cli/vendor/bearssl similarity index 100% rename from clovis/clovis-cli/vendor/bearssl rename to clavis/clavis-cli/vendor/bearssl diff --git a/clovis/clovis-cli/vendor/cjson b/clavis/clavis-cli/vendor/cjson similarity index 100% rename from clovis/clovis-cli/vendor/cjson rename to clavis/clavis-cli/vendor/cjson diff --git a/clovis/clovis-cli/vendor/quickjs b/clavis/clavis-cli/vendor/quickjs similarity index 100% rename from clovis/clovis-cli/vendor/quickjs rename to clavis/clavis-cli/vendor/quickjs diff --git a/clovis/clovis-crypto/README.md b/clavis/clavis-crypto/README.md similarity index 100% rename from clovis/clovis-crypto/README.md rename to clavis/clavis-crypto/README.md diff --git a/clovis/clovis-vault/cmd/clavitor/web/crypto.js b/clavis/clavis-crypto/crypto.js similarity index 100% rename from clovis/clovis-vault/cmd/clavitor/web/crypto.js rename to clavis/clavis-crypto/crypto.js diff --git a/clovis/clovis-vault/cmd/clavitor/web/test_crypto.js b/clavis/clavis-crypto/test_crypto.js similarity index 98% rename from clovis/clovis-vault/cmd/clavitor/web/test_crypto.js rename to clavis/clavis-crypto/test_crypto.js index eab77ae..c1e6c7f 100644 --- a/clovis/clovis-vault/cmd/clavitor/web/test_crypto.js +++ b/clavis/clavis-crypto/test_crypto.js @@ -290,7 +290,7 @@ } /* Return result string (for QuickJS eval or browser display) */ - globalThis._v1984_test_result = summary; + globalThis._clavitor_test_result = summary; return; } tests[idx](function() { run(idx + 1); }); @@ -299,10 +299,10 @@ run(0); /* For sync environments (QuickJS), result is available immediately */ - if (typeof globalThis._v1984_test_result !== 'undefined') { + if (typeof globalThis._clavitor_test_result !== 'undefined') { /* Used by CLI eval */ } })(); /* Return result for jsbridge_eval */ -globalThis._v1984_test_result || 'RUNNING (async — check console)'; +globalThis._clavitor_test_result || 'RUNNING (async — check console)'; diff --git a/clovis/clovis-vault/cmd/clavitor/web/totp.js b/clavis/clavis-crypto/totp.js similarity index 100% rename from clovis/clovis-vault/cmd/clavitor/web/totp.js rename to clavis/clavis-crypto/totp.js diff --git a/clavis/clavis-firefox/README.md b/clavis/clavis-firefox/README.md new file mode 100644 index 0000000..d1bd7b4 --- /dev/null +++ b/clavis/clavis-firefox/README.md @@ -0,0 +1,7 @@ +# Clavis Firefox Extension + +Browser extension for Firefox. + +**Status:** Planned, not yet implemented. + +This extension will share the core logic with clavis-chrome. diff --git a/clovis/clovis-ios/README.md b/clavis/clavis-ios/README.md similarity index 100% rename from clovis/clovis-ios/README.md rename to clavis/clavis-ios/README.md diff --git a/clovis/clovis-safari/README.md b/clavis/clavis-safari/README.md similarity index 100% rename from clovis/clovis-safari/README.md rename to clavis/clavis-safari/README.md diff --git a/clovis/clovis-vault/._README.md b/clavis/clavis-vault/._README.md similarity index 100% rename from clovis/clovis-vault/._README.md rename to clavis/clavis-vault/._README.md diff --git a/clavis/clavis-vault/.claude/scheduled_tasks.lock b/clavis/clavis-vault/.claude/scheduled_tasks.lock new file mode 100644 index 0000000..101e3b3 --- /dev/null +++ b/clavis/clavis-vault/.claude/scheduled_tasks.lock @@ -0,0 +1 @@ +{"sessionId":"43d3cb50-0614-4ad7-aa41-58df69624a39","pid":221635,"acquiredAt":1774423023146} \ No newline at end of file diff --git a/clovis/clovis-vault/.gitignore b/clavis/clavis-vault/.gitignore similarity index 100% rename from clovis/clovis-vault/.gitignore rename to clavis/clavis-vault/.gitignore diff --git a/clovis/clovis-vault/LICENSE b/clavis/clavis-vault/LICENSE similarity index 100% rename from clovis/clovis-vault/LICENSE rename to clavis/clavis-vault/LICENSE diff --git a/clavis/clavis-vault/Makefile b/clavis/clavis-vault/Makefile new file mode 100644 index 0000000..50554c2 --- /dev/null +++ b/clavis/clavis-vault/Makefile @@ -0,0 +1,47 @@ +GO := /usr/local/go/bin/go +BINARY := clavitor +VERSION := $(shell git describe --tags --always --dirty 2>/dev/null || echo dev) +COMMIT := $(shell git rev-parse --short HEAD 2>/dev/null || echo unknown) +DATE := $(shell date -u +%Y%m%d-%H%M) + +LDFLAGS := -s -w -X main.version=$(VERSION) -X main.commit=$(COMMIT) -X main.buildDate=$(DATE) + +# Deploy targets +REMOTE := clavitor-hq +REMOTE_PATH := /opt/clavitor/bin + +export GOFIPS140 := latest + +# --- Build targets --- + +.PHONY: build build-all linux-amd64 linux-arm64 release test clean deploy + +build: linux-amd64 + +build-all: linux-amd64 linux-arm64 + +linux-amd64: + CGO_ENABLED=1 GOOS=linux GOARCH=amd64 \ + $(GO) build -ldflags "$(LDFLAGS)" -o $(BINARY)-linux-amd64 ./cmd/clavitor + +linux-arm64: + CGO_ENABLED=1 GOOS=linux GOARCH=arm64 CC=aarch64-linux-gnu-gcc \ + $(GO) build -ldflags "$(LDFLAGS)" -o $(BINARY)-linux-arm64 ./cmd/clavitor + +release: + ./scripts/release.sh + +test: + $(GO) test ./... + +clean: + rm -f $(BINARY)-linux-amd64 $(BINARY)-linux-arm64 + +# --- Deploy --- + +deploy: linux-amd64 + scp $(BINARY)-linux-amd64 $(REMOTE):/tmp/$(BINARY)-new + ssh $(REMOTE) 'sudo systemctl stop clavitor && mv /tmp/$(BINARY)-new $(REMOTE_PATH)/$(BINARY) && chmod +x $(REMOTE_PATH)/$(BINARY) && sudo systemctl start clavitor' + @echo "Deployed. Verifying..." + @sleep 2 + @ssh $(REMOTE) 'sudo systemctl is-active clavitor' diff --git a/clovis/clovis-vault/README.md b/clavis/clavis-vault/README.md similarity index 99% rename from clovis/clovis-vault/README.md rename to clavis/clavis-vault/README.md index 011991a..b7ca95d 100644 --- a/clovis/clovis-vault/README.md +++ b/clavis/clavis-vault/README.md @@ -53,7 +53,7 @@ One root of trust: your hardware authenticator. One tap unlocks both Credential ## Quick start ```bash -go build -o clavitor ./cmd/vault1984/ +go build -o clavitor ./cmd/clavitor/ ./clavitor # Open http://localhost:1984/app/ # Register a passkey → vault is ready @@ -73,7 +73,7 @@ Create a token in the web UI (Tokens page), then add to your MCP client config: "clavitor": { "url": "http://localhost:1984/mcp", "headers": { - "Authorization": "Bearer v1984_..." + "Authorization": "Bearer clavitor_..." } } } diff --git a/clovis/clovis-vault/SPEC.md b/clavis/clavis-vault/SPEC.md similarity index 100% rename from clovis/clovis-vault/SPEC.md rename to clavis/clavis-vault/SPEC.md diff --git a/clovis/clovis-vault/api/handlers.go b/clavis/clavis-vault/api/handlers.go similarity index 99% rename from clovis/clovis-vault/api/handlers.go rename to clavis/clavis-vault/api/handlers.go index 7dc82f1..aa96ca8 100644 --- a/clovis/clovis-vault/api/handlers.go +++ b/clavis/clavis-vault/api/handlers.go @@ -13,7 +13,6 @@ import ( "log" "net" "net/http" - "os" "path/filepath" "strconv" "strings" @@ -21,7 +20,7 @@ import ( "time" "github.com/go-chi/chi/v5" - "github.com/johanj/vault1984/lib" + "github.com/johanj/clavitor/lib" "github.com/pquerna/otp/totp" ) @@ -106,18 +105,8 @@ func (h *Handlers) VaultInfo(w http.ResponseWriter, r *http.Request) { JSONResponse(w, http.StatusOK, map[string]string{"vault_id": vaultID}) } -// Version is derived from the binary's modification time. -var Version = func() string { - exe, err := os.Executable() - if err != nil { - return "dev" - } - info, err := os.Stat(exe) - if err != nil { - return "dev" - } - return info.ModTime().UTC().Format("20060102-1504") -}() +// Version is set by main via ldflags at build time. +var Version = "dev" // Health returns server status. func (h *Handlers) Health(w http.ResponseWriter, r *http.Request) { @@ -221,7 +210,7 @@ func (h *Handlers) AuthRegisterBegin(w http.ResponseWriter, r *http.Request) { "challenge": challengeBytes, "rp": map[string]string{"name": "Clavitor", "id": rpID(r)}, "user": map[string]any{ - "id": []byte("vault1984-owner"), + "id": []byte("clavitor-owner"), "name": "vault-owner", "displayName": "Vault Owner", }, @@ -272,14 +261,14 @@ func (h *Handlers) AuthRegisterComplete(w http.ResponseWriter, r *http.Request) // First passkey → create DB if db == nil && len(req.PublicKey) > 0 { - // DB named from L1 key: vault1984-XXXXXX (base64url of first 4 bytes, no extension) + // DB named from L1 key: clavitor-XXXXXX (base64url of first 4 bytes, no extension) var dbName string if len(req.L1Key) >= 4 { - dbName = "vault1984-" + base64UrlEncode(req.L1Key[:4]) + dbName = "clavitor-" + base64UrlEncode(req.L1Key[:4]) } else { - // Fallback: derive from public key hash (legacy compat) + // Fallback: derive from public key hash hash := sha256.Sum256(req.PublicKey) - dbName = "vault1984-" + base64UrlEncode(hash[:4]) + dbName = "clavitor-" + base64UrlEncode(hash[:4]) } dbPath := filepath.Join(h.Cfg.DataDir, dbName) newDB, err := lib.OpenDB(dbPath) @@ -1699,7 +1688,7 @@ func (h *Handlers) HandleWebAuthnRegisterBegin(w http.ResponseWriter, r *http.Re "challenge": challenge, "rp": map[string]string{"name": "Clavitor", "id": rpID(r)}, "user": map[string]any{ - "id": []byte("vault1984-owner"), + "id": []byte("clavitor-owner"), "name": "vault-owner", "displayName": "Clavitor Owner", }, diff --git a/clovis/clovis-vault/api/integration_test.go b/clavis/clavis-vault/api/integration_test.go similarity index 99% rename from clovis/clovis-vault/api/integration_test.go rename to clavis/clavis-vault/api/integration_test.go index dd64e14..77660d7 100644 --- a/clovis/clovis-vault/api/integration_test.go +++ b/clavis/clavis-vault/api/integration_test.go @@ -19,7 +19,7 @@ import ( "testing" "embed" - "github.com/johanj/vault1984/lib" + "github.com/johanj/clavitor/lib" ) // --- test helpers --- diff --git a/clovis/clovis-vault/api/middleware.go b/clavis/clavis-vault/api/middleware.go similarity index 98% rename from clovis/clovis-vault/api/middleware.go rename to clavis/clavis-vault/api/middleware.go index ed27c6a..1a64321 100644 --- a/clovis/clovis-vault/api/middleware.go +++ b/clavis/clavis-vault/api/middleware.go @@ -13,7 +13,7 @@ import ( "sync" "time" - "github.com/johanj/vault1984/lib" + "github.com/johanj/clavitor/lib" ) // base64Decode handles both standard and url-safe base64 (with or without padding). @@ -93,7 +93,7 @@ func VaultIDFromContext(ctx context.Context) int64 { // Fully stateless: L1 arrives with every request, is used, then forgotten. // No sessions, no stored keys. The server has zero keys of its own. // -// Self-hosted mode: finds vault DB by globbing vault1984-* files. +// Self-hosted mode: finds vault DB by globbing clavitor-* files. // Hosted mode: finds vault DB by base64url(L1[0:4]) → filename. func L1Middleware(dataDir string) func(http.Handler) http.Handler { return func(next http.Handler) http.Handler { @@ -103,7 +103,7 @@ func L1Middleware(dataDir string) func(http.Handler) http.Handler { // No auth = unauthenticated request (registration, login begin, etc.) if auth == "" || !strings.HasPrefix(auth, "Bearer ") { // Try to open vault DB without L1 (for unauthenticated endpoints) - matches, _ := filepath.Glob(filepath.Join(dataDir, "vault1984-*")) + matches, _ := filepath.Glob(filepath.Join(dataDir, "clavitor-*")) if len(matches) > 0 { db, err := lib.OpenDB(matches[0]) if err == nil { @@ -141,7 +141,7 @@ func L1Middleware(dataDir string) func(http.Handler) http.Handler { // Find vault DB by first 4 bytes of L1 vaultPrefix := base64UrlEncode(l1Raw[:4]) - dbPath := filepath.Join(dataDir, "vault1984-"+vaultPrefix) + dbPath := filepath.Join(dataDir, "clavitor-"+vaultPrefix) log.Printf("L1 auth: l1_hex=%x prefix=%s path=%s", l1Raw, vaultPrefix, dbPath) var db *lib.DB diff --git a/clovis/clovis-vault/api/routes.go b/clavis/clavis-vault/api/routes.go similarity index 98% rename from clovis/clovis-vault/api/routes.go rename to clavis/clavis-vault/api/routes.go index 04b4dc2..b7a6467 100644 --- a/clovis/clovis-vault/api/routes.go +++ b/clavis/clavis-vault/api/routes.go @@ -8,7 +8,7 @@ import ( "net/http" "github.com/go-chi/chi/v5" - "github.com/johanj/vault1984/lib" + "github.com/johanj/clavitor/lib" ) // NewRouter creates the main router with all routes registered. @@ -93,7 +93,7 @@ func NewRouter(cfg *lib.Config, webFS embed.FS, templateFS embed.FS) *chi.Mux { w.Write(data) } } - r.Get("/vault1984.css", serveEmbedded("vault1984.css", "text/css; charset=utf-8")) + r.Get("/clavitor.css", serveEmbedded("clavitor.css", "text/css; charset=utf-8")) r.Get("/worldmap.svg", serveEmbedded("worldmap.svg", "image/svg+xml")) r.Get("/favicon.svg", serveEmbedded("favicon.svg", "image/svg+xml")) diff --git a/clovis/clovis-vault/api/tier_test.go b/clavis/clavis-vault/api/tier_test.go similarity index 98% rename from clovis/clovis-vault/api/tier_test.go rename to clavis/clavis-vault/api/tier_test.go index 5c91521..710be65 100644 --- a/clovis/clovis-vault/api/tier_test.go +++ b/clavis/clavis-vault/api/tier_test.go @@ -6,7 +6,7 @@ import ( "strings" "testing" - "github.com/johanj/vault1984/lib" + "github.com/johanj/clavitor/lib" ) /* @@ -261,8 +261,8 @@ func TestTierIsolationDB(t *testing.T) { func TestCLICrypto(t *testing.T) { // Find CLI binary via absolute path home := os.Getenv("HOME") - cliBin := home + "/dev/clavitor/clovis/clovis-cli/clovis-cli" - cliDir := home + "/dev/clavitor/clovis/clovis-cli" + cliBin := home + "/dev/clavitor/clavis/clavis-cli/clavis-cli" + cliDir := home + "/dev/clavitor/clavis/clavis-cli" if _, err := os.Stat(cliBin); err != nil { t.Skip("clavitor-cli not found — run 'make cli' first") } diff --git a/clavis/clavis-vault/clavitor-linux-amd64 b/clavis/clavis-vault/clavitor-linux-amd64 new file mode 100755 index 0000000..7900656 Binary files /dev/null and b/clavis/clavis-vault/clavitor-linux-amd64 differ diff --git a/clovis/clovis-vault/clavitor-linux-arm64 b/clavis/clavis-vault/clavitor-linux-arm64 similarity index 99% rename from clovis/clovis-vault/clavitor-linux-arm64 rename to clavis/clavis-vault/clavitor-linux-arm64 index 76f8477..a1eb944 100755 Binary files a/clovis/clovis-vault/clavitor-linux-arm64 and b/clavis/clavis-vault/clavitor-linux-arm64 differ diff --git a/clovis/clovis-vault/cmd/clavitor/main.go b/clavis/clavis-vault/cmd/clavitor/main.go similarity index 85% rename from clovis/clovis-vault/cmd/clavitor/main.go rename to clavis/clavis-vault/cmd/clavitor/main.go index a217640..61f81f7 100644 --- a/clovis/clovis-vault/cmd/clavitor/main.go +++ b/clavis/clavis-vault/cmd/clavitor/main.go @@ -8,8 +8,8 @@ import ( "os" "strconv" - "github.com/johanj/vault1984/api" - "github.com/johanj/vault1984/lib" + "github.com/johanj/clavitor/api" + "github.com/johanj/clavitor/lib" ) //go:embed web @@ -18,7 +18,15 @@ var webFS embed.FS //go:embed templates var templateFS embed.FS +// Set via -ldflags at build time. +var ( + version = "dev" + commit = "unknown" + buildDate = "unknown" +) + func main() { + api.Version = version + " (" + commit + " " + buildDate + ")" // Telemetry flags (all optional — without them, no telemetry runs). telemetryFreq := flag.Int("telemetry-freq", envInt("TELEMETRY_FREQ", 0), "Telemetry POST interval in seconds (0 = disabled)") telemetryHost := flag.String("telemetry-host", envStr("TELEMETRY_HOST", ""), "Telemetry endpoint URL") @@ -37,6 +45,7 @@ func main() { Token: *telemetryToken, DataDir: cfg.DataDir, Mode: cfg.Mode, + Version: version, }) // Start automatic backup scheduler (3 weekly + 3 monthly, rotated) diff --git a/clovis/clovis-vault/cmd/clavitor/templates/base.html b/clavis/clavis-vault/cmd/clavitor/templates/base.html similarity index 100% rename from clovis/clovis-vault/cmd/clavitor/templates/base.html rename to clavis/clavis-vault/cmd/clavitor/templates/base.html diff --git a/clovis/clovis-vault/cmd/clavitor/templates/claude-code.html b/clavis/clavis-vault/cmd/clavitor/templates/claude-code.html similarity index 98% rename from clovis/clovis-vault/cmd/clavitor/templates/claude-code.html rename to clavis/clavis-vault/cmd/clavitor/templates/claude-code.html index b0af541..b0d223f 100644 --- a/clovis/clovis-vault/cmd/clavitor/templates/claude-code.html +++ b/clavis/clavis-vault/cmd/clavitor/templates/claude-code.html @@ -50,7 +50,7 @@

2. Connect Claude Code

In your terminal, run:

claude mcp add clavitor --transport http --url http://localhost:1984/mcp \ - --header "Authorization: Bearer v1984_your_token_here"
+ --header "Authorization: Bearer clavitor_your_token_here"

That’s it. Claude Code picks up the new server automatically.

@@ -60,7 +60,7 @@ 
Name:   clavitor
 URL:    http://localhost:1984/mcp

Click Add, then expand the entry and add a header:

- 
Authorization: Bearer v1984_your_token_here
+ 
Authorization: Bearer clavitor_your_token_here
diff --git a/clovis/clovis-vault/cmd/clavitor/templates/codex.html b/clavis/clavis-vault/cmd/clavitor/templates/codex.html similarity index 96% rename from clovis/clovis-vault/cmd/clavitor/templates/codex.html rename to clavis/clavis-vault/cmd/clavitor/templates/codex.html index c1e572e..a241170 100644 --- a/clovis/clovis-vault/cmd/clavitor/templates/codex.html +++ b/clavis/clavis-vault/cmd/clavitor/templates/codex.html @@ -49,14 +49,14 @@ url = "http://localhost:1984/mcp" [mcp_servers.clavitor.headers] -Authorization = "Bearer v1984_your_token_here"
+Authorization = "Bearer clavitor_your_token_here"
Option B

REST API + Function Calling

Define clavitor endpoints as functions. Works with any LLM that supports function calling.

curl http://localhost:1984/api/search?q=github \
-  -H "Authorization: Bearer v1984_your_token_here"
+  -H "Authorization: Bearer clavitor_your_token_here"
 
 # Returns entries with credentials, URLs, TOTP codes
 # Personal fields return: {"value":"[REDACTED]","l2":true}
@@ -82,7 +82,7 @@ GET /api/ext/totp/{id} # get live TOTP code GET /api/generate?length=32 # generate random password
-

All endpoints require Authorization: Bearer v1984_...

+

All endpoints require Authorization: Bearer clavitor_...

diff --git a/clovis/clovis-vault/cmd/clavitor/templates/footer.html b/clavis/clavis-vault/cmd/clavitor/templates/footer.html similarity index 100% rename from clovis/clovis-vault/cmd/clavitor/templates/footer.html rename to clavis/clavis-vault/cmd/clavitor/templates/footer.html diff --git a/clovis/clovis-vault/cmd/clavitor/templates/geo-pops.html b/clavis/clavis-vault/cmd/clavitor/templates/geo-pops.html similarity index 100% rename from clovis/clovis-vault/cmd/clavitor/templates/geo-pops.html rename to clavis/clavis-vault/cmd/clavitor/templates/geo-pops.html diff --git a/clovis/clovis-vault/cmd/clavitor/templates/hosted.html b/clavis/clavis-vault/cmd/clavitor/templates/hosted.html similarity index 100% rename from clovis/clovis-vault/cmd/clavitor/templates/hosted.html rename to clavis/clavis-vault/cmd/clavitor/templates/hosted.html diff --git a/clovis/clovis-vault/cmd/clavitor/templates/index.html b/clavis/clavis-vault/cmd/clavitor/templates/index.html similarity index 100% rename from clovis/clovis-vault/cmd/clavitor/templates/index.html rename to clavis/clavis-vault/cmd/clavitor/templates/index.html diff --git a/clovis/clovis-vault/cmd/clavitor/templates/install.html b/clavis/clavis-vault/cmd/clavitor/templates/install.html similarity index 100% rename from clovis/clovis-vault/cmd/clavitor/templates/install.html rename to clavis/clavis-vault/cmd/clavitor/templates/install.html diff --git a/clovis/clovis-vault/cmd/clavitor/templates/landing.html b/clavis/clavis-vault/cmd/clavitor/templates/landing.html similarity index 100% rename from clovis/clovis-vault/cmd/clavitor/templates/landing.html rename to clavis/clavis-vault/cmd/clavitor/templates/landing.html diff --git a/clovis/clovis-vault/cmd/clavitor/templates/openclaw-cn.html b/clavis/clavis-vault/cmd/clavitor/templates/openclaw-cn.html similarity index 99% rename from clovis/clovis-vault/cmd/clavitor/templates/openclaw-cn.html rename to clavis/clavis-vault/cmd/clavitor/templates/openclaw-cn.html index cf9ed0a..6e39200 100644 --- a/clovis/clovis-vault/cmd/clavitor/templates/openclaw-cn.html +++ b/clavis/clavis-vault/cmd/clavitor/templates/openclaw-cn.html @@ -48,7 +48,7 @@

2. 配置令牌

clavitor 网页界面创建令牌,然后配置:

claw config set clavitor.url "http://localhost:1984/mcp"
-claw config set clavitor.token "v1984_your_token_here"
+claw config set clavitor.token "clavitor_your_token_here"
diff --git a/clovis/clovis-vault/cmd/clavitor/templates/openclaw.html b/clavis/clavis-vault/cmd/clavitor/templates/openclaw.html similarity index 99% rename from clovis/clovis-vault/cmd/clavitor/templates/openclaw.html rename to clavis/clavis-vault/cmd/clavitor/templates/openclaw.html index 8680703..2471355 100644 --- a/clovis/clovis-vault/cmd/clavitor/templates/openclaw.html +++ b/clavis/clavis-vault/cmd/clavitor/templates/openclaw.html @@ -48,7 +48,7 @@

2. Configure your token

Create a token in the clavitor web UI, then set it in your OpenClaw config:

claw config set clavitor.url "http://localhost:1984/mcp"
-claw config set clavitor.token "v1984_your_token_here"
+claw config set clavitor.token "clavitor_your_token_here"
diff --git a/clovis/clovis-vault/cmd/clavitor/templates/pricing.html b/clavis/clavis-vault/cmd/clavitor/templates/pricing.html similarity index 100% rename from clovis/clovis-vault/cmd/clavitor/templates/pricing.html rename to clavis/clavis-vault/cmd/clavitor/templates/pricing.html diff --git a/clovis/clovis-vault/cmd/clavitor/templates/privacy.html b/clavis/clavis-vault/cmd/clavitor/templates/privacy.html similarity index 100% rename from clovis/clovis-vault/cmd/clavitor/templates/privacy.html rename to clavis/clavis-vault/cmd/clavitor/templates/privacy.html diff --git a/clovis/clovis-vault/cmd/clavitor/templates/sources.html b/clavis/clavis-vault/cmd/clavitor/templates/sources.html similarity index 100% rename from clovis/clovis-vault/cmd/clavitor/templates/sources.html rename to clavis/clavis-vault/cmd/clavitor/templates/sources.html diff --git a/clovis/clovis-vault/cmd/clavitor/templates/terms.html b/clavis/clavis-vault/cmd/clavitor/templates/terms.html similarity index 100% rename from clovis/clovis-vault/cmd/clavitor/templates/terms.html rename to clavis/clavis-vault/cmd/clavitor/templates/terms.html diff --git a/clovis/clovis-vault/cmd/clavitor/web/agents.html b/clavis/clavis-vault/cmd/clavitor/web/agents.html similarity index 100% rename from clovis/clovis-vault/cmd/clavitor/web/agents.html rename to clavis/clavis-vault/cmd/clavitor/web/agents.html diff --git a/clovis/clovis-vault/cmd/clavitor/web/clavitor-app.css b/clavis/clavis-vault/cmd/clavitor/web/clavitor-app.css similarity index 100% rename from clovis/clovis-vault/cmd/clavitor/web/clavitor-app.css rename to clavis/clavis-vault/cmd/clavitor/web/clavitor-app.css diff --git a/clovis/clovis-vault/cmd/clavitor/web/clavitor.css b/clavis/clavis-vault/cmd/clavitor/web/clavitor.css similarity index 100% rename from clovis/clovis-vault/cmd/clavitor/web/clavitor.css rename to clavis/clavis-vault/cmd/clavitor/web/clavitor.css diff --git a/clovis/clovis-crypto/crypto.js b/clavis/clavis-vault/cmd/clavitor/web/crypto.js similarity index 97% rename from clovis/clovis-crypto/crypto.js rename to clavis/clavis-vault/cmd/clavitor/web/crypto.js index b619fe8..8125a3d 100644 --- a/clovis/clovis-crypto/crypto.js +++ b/clavis/clavis-vault/cmd/clavitor/web/crypto.js @@ -147,7 +147,7 @@ function normalize_key(key) { } function encrypt_field(key, field_label, plaintext) { - var info_str = 'vault1984-field-' + field_label; + var info_str = 'clavitor-field-' + field_label; var nkey = normalize_key(key); var aes_len = nkey.length; /* 16 or 32 */ @@ -177,7 +177,7 @@ function encrypt_field(key, field_label, plaintext) { * @returns {string|Promise} plaintext */ function decrypt_field(key, field_label, ciphertext_b64) { - var info_str = 'vault1984-field-' + field_label; + var info_str = 'clavitor-field-' + field_label; var nkey = normalize_key(key); var aes_len = nkey.length; @@ -205,8 +205,8 @@ function l2_encrypt_field(key, entry_id, label, pt) { return encrypt_field(key, function l2_decrypt_field(key, entry_id, label, ct) { return decrypt_field(key, label, ct); } /* Export for both environments */ -if (typeof globalThis.vault1984 === 'undefined') globalThis.vault1984 = {}; -globalThis.vault1984.crypto = { +if (typeof globalThis.clavitor === 'undefined') globalThis.clavitor = {}; +globalThis.clavitor.crypto = { aes_gcm_encrypt: aes_gcm_encrypt, aes_gcm_decrypt: aes_gcm_decrypt, hkdf_sha256: hkdf_sha256, diff --git a/clovis/clovis-vault/cmd/clavitor/web/design-system/styleguide.html b/clavis/clavis-vault/cmd/clavitor/web/design-system/styleguide.html similarity index 100% rename from clovis/clovis-vault/cmd/clavitor/web/design-system/styleguide.html rename to clavis/clavis-vault/cmd/clavitor/web/design-system/styleguide.html diff --git a/clovis/clovis-vault/cmd/clavitor/web/favicon.svg b/clavis/clavis-vault/cmd/clavitor/web/favicon.svg similarity index 100% rename from clovis/clovis-vault/cmd/clavitor/web/favicon.svg rename to clavis/clavis-vault/cmd/clavitor/web/favicon.svg diff --git a/clovis/clovis-vault/cmd/clavitor/web/homepage2.html b/clavis/clavis-vault/cmd/clavitor/web/homepage2.html similarity index 100% rename from clovis/clovis-vault/cmd/clavitor/web/homepage2.html rename to clavis/clavis-vault/cmd/clavitor/web/homepage2.html diff --git a/clovis/clovis-vault/cmd/clavitor/web/index.html b/clavis/clavis-vault/cmd/clavitor/web/index.html similarity index 99% rename from clovis/clovis-vault/cmd/clavitor/web/index.html rename to clavis/clavis-vault/cmd/clavitor/web/index.html index 805f42a..772bb3c 100644 --- a/clovis/clovis-vault/cmd/clavitor/web/index.html +++ b/clavis/clavis-vault/cmd/clavitor/web/index.html @@ -31,7 +31,7 @@ var BUILD = '20260321-stateless'; console.log('clavitor build: ' + BUILD); - // Stateless auth: no token variable. Auth state = sessionStorage has v1984_master. + // Stateless auth: no token variable. Auth state = sessionStorage has clavitor_master. var entries = []; var currentEntry = null; @@ -60,7 +60,7 @@ async function init() { // Stateless: either we have the master key from a PRF tap, or we don't. - if (sessionStorage.getItem('v1984_master')) { + if (sessionStorage.getItem('clavitor_master')) { restoreAppLayout(); loadEntries(true); return; @@ -87,7 +87,7 @@ // isAdditional: true when adding another passkey after first registration function showDevicePicker(isAdditional) { - var heading = isAdditional ? 'Add another passkey' : 'Welcome to vault1984'; + var heading = isAdditional ? 'Add another passkey' : 'Welcome to clavitor'; var sub = isAdditional ? 'Register a backup device. You can always add more later from Security settings.' : 'Your personal password vault. No accounts, no cloud. Just you and your passkey.'; @@ -334,7 +334,7 @@ document.getElementById('app').innerHTML = '
' + '
' + - '
vault1984
' + + '
clavitor
' + '

Unlock Vault

' + '

Authenticate with your passkey to access your vault.

' + '' + @@ -402,7 +402,7 @@ await ClavitorWebAuthn.storeMasterKey(extResults.prf.results.first); } - if (!sessionStorage.getItem('v1984_master')) { + if (!sessionStorage.getItem('clavitor_master')) { throw new Error('PRF output not available — cannot derive encryption keys'); } console.log('clavitor: L1 bearer =', getL1Bearer()); @@ -466,7 +466,7 @@ } function lockVault() { - sessionStorage.removeItem('v1984_master'); + sessionStorage.removeItem('clavitor_master'); showUnlock(); } @@ -482,7 +482,7 @@ } catch (e) { if (e.message !== 'Unauthorized') { // Vault not found (deleted/new device) — clear stale session - sessionStorage.removeItem('v1984_master'); + sessionStorage.removeItem('clavitor_master'); init(); } } @@ -1781,7 +1781,7 @@ try { var info = await fetch('/health').then(function(r) { return r.json(); }); var html = '
' + - '
vault1984
' + + '
clavitor
' + '

Password manager for humans with AI assistants

' + '
' + '
Version ' + escapeHtml(info.version) + '
' + diff --git a/clovis/clovis-vault/cmd/clavitor/web/jsqr.min.js b/clavis/clavis-vault/cmd/clavitor/web/jsqr.min.js similarity index 100% rename from clovis/clovis-vault/cmd/clavitor/web/jsqr.min.js rename to clavis/clavis-vault/cmd/clavitor/web/jsqr.min.js diff --git a/clovis/clovis-vault/cmd/clavitor/web/security.html b/clavis/clavis-vault/cmd/clavitor/web/security.html similarity index 100% rename from clovis/clovis-vault/cmd/clavitor/web/security.html rename to clavis/clavis-vault/cmd/clavitor/web/security.html diff --git a/clovis/clovis-crypto/test_crypto.js b/clavis/clavis-vault/cmd/clavitor/web/test_crypto.js similarity index 76% rename from clovis/clovis-crypto/test_crypto.js rename to clavis/clavis-vault/cmd/clavitor/web/test_crypto.js index ea2f786..c1e6c7f 100644 --- a/clovis/clovis-crypto/test_crypto.js +++ b/clavis/clavis-vault/cmd/clavitor/web/test_crypto.js @@ -55,9 +55,9 @@ /* --- Test 1: L1 (8-byte) roundtrip --- */ tests.push(function(done) { var name = 'L1 (8B) encrypt/decrypt roundtrip'; - resolve(vault1984.crypto.encrypt_field(K8, 'username', 'johanj'), function(ct, err) { + resolve(clavitor.crypto.encrypt_field(K8, 'username', 'johanj'), function(ct, err) { if (err) { fail(name, err.message); done(); return; } - resolve(vault1984.crypto.decrypt_field(K8, 'username', ct), function(pt, err2) { + resolve(clavitor.crypto.decrypt_field(K8, 'username', ct), function(pt, err2) { if (err2) fail(name, err2.message); else if (pt === 'johanj') pass(name); else fail(name, 'got "' + pt + '"'); @@ -69,9 +69,9 @@ /* --- Test 2: L2 (16-byte) roundtrip --- */ tests.push(function(done) { var name = 'L2 (16B) encrypt/decrypt roundtrip'; - resolve(vault1984.crypto.encrypt_field(K16, 'password', 's3cret!P@ss'), function(ct, err) { + resolve(clavitor.crypto.encrypt_field(K16, 'password', 's3cret!P@ss'), function(ct, err) { if (err) { fail(name, err.message); done(); return; } - resolve(vault1984.crypto.decrypt_field(K16, 'password', ct), function(pt, err2) { + resolve(clavitor.crypto.decrypt_field(K16, 'password', ct), function(pt, err2) { if (err2) fail(name, err2.message); else if (pt === 's3cret!P@ss') pass(name); else fail(name, 'got "' + pt + '"'); @@ -83,9 +83,9 @@ /* --- Test 3: L3 (32-byte) roundtrip --- */ tests.push(function(done) { var name = 'L3 (32B) encrypt/decrypt roundtrip'; - resolve(vault1984.crypto.encrypt_field(K32, 'passport', 'NL12345678'), function(ct, err) { + resolve(clavitor.crypto.encrypt_field(K32, 'passport', 'NL12345678'), function(ct, err) { if (err) { fail(name, err.message); done(); return; } - resolve(vault1984.crypto.decrypt_field(K32, 'passport', ct), function(pt, err2) { + resolve(clavitor.crypto.decrypt_field(K32, 'passport', ct), function(pt, err2) { if (err2) fail(name, err2.message); else if (pt === 'NL12345678') pass(name); else fail(name, 'got "' + pt + '"'); @@ -97,9 +97,9 @@ /* --- Test 4: L2 key cannot decrypt L3 ciphertext --- */ tests.push(function(done) { var name = 'L2 key rejects L3 ciphertext'; - resolve(vault1984.crypto.encrypt_field(K32, 'passport', 'NL12345678'), function(ct, err) { + resolve(clavitor.crypto.encrypt_field(K32, 'passport', 'NL12345678'), function(ct, err) { if (err) { fail(name, 'encrypt failed: ' + err.message); done(); return; } - safe(function() { return vault1984.crypto.decrypt_field(K16, 'passport', ct); }, function(pt, err2) { + safe(function() { return clavitor.crypto.decrypt_field(K16, 'passport', ct); }, function(pt, err2) { if (err2) pass(name); else fail(name, 'L2 key decrypted L3 data to "' + pt + '"'); done(); @@ -110,9 +110,9 @@ /* --- Test 5: L3 key cannot decrypt L2 ciphertext --- */ tests.push(function(done) { var name = 'L3 key rejects L2 ciphertext'; - resolve(vault1984.crypto.encrypt_field(K16, 'password', 'secret'), function(ct, err) { + resolve(clavitor.crypto.encrypt_field(K16, 'password', 'secret'), function(ct, err) { if (err) { fail(name, 'encrypt failed: ' + err.message); done(); return; } - safe(function() { return vault1984.crypto.decrypt_field(K32, 'password', ct); }, function(pt, err2) { + safe(function() { return clavitor.crypto.decrypt_field(K32, 'password', ct); }, function(pt, err2) { if (err2) pass(name); else fail(name, 'L3 key decrypted L2 data to "' + pt + '"'); done(); @@ -123,9 +123,9 @@ /* --- Test 6: Wrong key rejection --- */ tests.push(function(done) { var name = 'wrong key rejected'; - resolve(vault1984.crypto.encrypt_field(K16, 'secret', 'value'), function(ct, err) { + resolve(clavitor.crypto.encrypt_field(K16, 'secret', 'value'), function(ct, err) { if (err) { fail(name, 'encrypt failed'); done(); return; } - safe(function() { return vault1984.crypto.decrypt_field(WRONG_K16, 'secret', ct); }, function(pt, err2) { + safe(function() { return clavitor.crypto.decrypt_field(WRONG_K16, 'secret', ct); }, function(pt, err2) { if (err2) pass(name); else fail(name, 'wrong key decrypted to "' + pt + '"'); done(); @@ -136,9 +136,9 @@ /* --- Test 7: Wrong label rejection --- */ tests.push(function(done) { var name = 'wrong label rejected'; - resolve(vault1984.crypto.encrypt_field(K16, 'labelA', 'value'), function(ct, err) { + resolve(clavitor.crypto.encrypt_field(K16, 'labelA', 'value'), function(ct, err) { if (err) { fail(name, 'encrypt failed'); done(); return; } - safe(function() { return vault1984.crypto.decrypt_field(K16, 'labelB', ct); }, function(pt, err2) { + safe(function() { return clavitor.crypto.decrypt_field(K16, 'labelB', ct); }, function(pt, err2) { if (err2) pass(name); else fail(name, 'wrong label decrypted to "' + pt + '"'); done(); @@ -149,9 +149,9 @@ /* --- Test 8: Empty string roundtrip --- */ tests.push(function(done) { var name = 'empty string roundtrip'; - resolve(vault1984.crypto.encrypt_field(K16, 'empty', ''), function(ct, err) { + resolve(clavitor.crypto.encrypt_field(K16, 'empty', ''), function(ct, err) { if (err) { fail(name, err.message); done(); return; } - resolve(vault1984.crypto.decrypt_field(K16, 'empty', ct), function(pt, err2) { + resolve(clavitor.crypto.decrypt_field(K16, 'empty', ct), function(pt, err2) { if (err2) fail(name, err2.message); else if (pt === '') pass(name); else fail(name, 'got "' + pt + '"'); @@ -164,9 +164,9 @@ tests.push(function(done) { var name = 'unicode roundtrip'; var unicode = 'pässwörd 密码 🔑'; - resolve(vault1984.crypto.encrypt_field(K16, 'intl', unicode), function(ct, err) { + resolve(clavitor.crypto.encrypt_field(K16, 'intl', unicode), function(ct, err) { if (err) { fail(name, err.message); done(); return; } - resolve(vault1984.crypto.decrypt_field(K16, 'intl', ct), function(pt, err2) { + resolve(clavitor.crypto.decrypt_field(K16, 'intl', ct), function(pt, err2) { if (err2) fail(name, err2.message); else if (pt === unicode) pass(name); else fail(name, 'mismatch'); @@ -182,9 +182,9 @@ * K16 = [11,22,33,44,55,66,77,88,99,110,111,112,113,114,115,116] * These are different keys after normalization, so HKDF produces different field keys. * L1 ciphertext must NOT be decryptable with L2 key. */ - resolve(vault1984.crypto.encrypt_field(K8, 'field', 'test'), function(ct1, err) { + resolve(clavitor.crypto.encrypt_field(K8, 'field', 'test'), function(ct1, err) { if (err) { fail(name, 'L1 encrypt: ' + err.message); done(); return; } - safe(function() { return vault1984.crypto.decrypt_field(K16, 'field', ct1); }, function(pt, err2) { + safe(function() { return clavitor.crypto.decrypt_field(K16, 'field', ct1); }, function(pt, err2) { if (err2) pass(name); else fail(name, 'L2 key decrypted L1 data'); done(); @@ -195,7 +195,7 @@ /* --- Test 11: TOTP generation (RFC 6238 test vector) --- */ tests.push(function(done) { var name = 'TOTP RFC 6238 test vector'; - var result = vault1984.totp.generate_totp('GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ', 59, 30, 6); + var result = clavitor.totp.generate_totp('GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ', 59, 30, 6); resolve(result, function(code, err) { if (err) fail(name, err.message); else if (code === '287082') pass(name); @@ -207,7 +207,7 @@ /* --- Test 12: TOTP second test vector (time=1111111109) --- */ tests.push(function(done) { var name = 'TOTP RFC 6238 test vector #2'; - var result = vault1984.totp.generate_totp('GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ', 1111111109, 30, 8); + var result = clavitor.totp.generate_totp('GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ', 1111111109, 30, 8); resolve(result, function(code, err) { if (err) fail(name, err.message); else if (code === '07081804') pass(name); @@ -220,10 +220,10 @@ tests.push(function(done) { var name = 'L3 TOTP seed inaccessible to agent (L2 key)'; var seed = 'JBSWY3DPEHPK3PXP'; // a TOTP seed - resolve(vault1984.crypto.encrypt_field(K32, 'totp', seed), function(ct, err) { + resolve(clavitor.crypto.encrypt_field(K32, 'totp', seed), function(ct, err) { if (err) { fail(name, 'encrypt failed'); done(); return; } // Agent has K16 (L2), tries to decrypt L3 TOTP seed - safe(function() { return vault1984.crypto.decrypt_field(K16, 'totp', ct); }, function(pt, err2) { + safe(function() { return clavitor.crypto.decrypt_field(K16, 'totp', ct); }, function(pt, err2) { if (err2) pass(name); else fail(name, 'L2 key decrypted L3 TOTP seed to "' + pt + '"'); done(); @@ -235,9 +235,9 @@ tests.push(function(done) { var name = 'L2 TOTP seed accessible to agent (L2 key)'; var seed = 'JBSWY3DPEHPK3PXP'; - resolve(vault1984.crypto.encrypt_field(K16, 'totp', seed), function(ct, err) { + resolve(clavitor.crypto.encrypt_field(K16, 'totp', seed), function(ct, err) { if (err) { fail(name, 'encrypt failed'); done(); return; } - resolve(vault1984.crypto.decrypt_field(K16, 'totp', ct), function(pt, err2) { + resolve(clavitor.crypto.decrypt_field(K16, 'totp', ct), function(pt, err2) { if (err2) fail(name, err2.message); else if (pt === seed) pass(name); else fail(name, 'got "' + pt + '"'); @@ -249,9 +249,9 @@ /* --- Test 15: L3 card number cannot be read with L2 key --- */ tests.push(function(done) { var name = 'L3 card number inaccessible to agent (L2 key)'; - resolve(vault1984.crypto.encrypt_field(K32, 'Number', '5452120017212208'), function(ct, err) { + resolve(clavitor.crypto.encrypt_field(K32, 'Number', '5452120017212208'), function(ct, err) { if (err) { fail(name, 'encrypt failed'); done(); return; } - safe(function() { return vault1984.crypto.decrypt_field(K16, 'Number', ct); }, function(pt, err2) { + safe(function() { return clavitor.crypto.decrypt_field(K16, 'Number', ct); }, function(pt, err2) { if (err2) pass(name); else fail(name, 'L2 key decrypted L3 card number'); done(); @@ -263,9 +263,9 @@ tests.push(function(done) { var name = 'truncation: L2 prefix of L3, still cannot decrypt L3'; // K16 = K32[0..16] by design. Encrypt with full K32, try with K16. - resolve(vault1984.crypto.encrypt_field(K32, 'secret', 'classified'), function(ct, err) { + resolve(clavitor.crypto.encrypt_field(K32, 'secret', 'classified'), function(ct, err) { if (err) { fail(name, 'encrypt failed'); done(); return; } - safe(function() { return vault1984.crypto.decrypt_field(K16, 'secret', ct); }, function(pt, err2) { + safe(function() { return clavitor.crypto.decrypt_field(K16, 'secret', ct); }, function(pt, err2) { if (err2) pass(name); else fail(name, 'L2 (prefix of L3) decrypted L3 data'); done(); @@ -290,7 +290,7 @@ } /* Return result string (for QuickJS eval or browser display) */ - globalThis._v1984_test_result = summary; + globalThis._clavitor_test_result = summary; return; } tests[idx](function() { run(idx + 1); }); @@ -299,10 +299,10 @@ run(0); /* For sync environments (QuickJS), result is available immediately */ - if (typeof globalThis._v1984_test_result !== 'undefined') { + if (typeof globalThis._clavitor_test_result !== 'undefined') { /* Used by CLI eval */ } })(); /* Return result for jsbridge_eval */ -globalThis._v1984_test_result || 'RUNNING (async — check console)'; +globalThis._clavitor_test_result || 'RUNNING (async — check console)'; diff --git a/clovis/clovis-vault/cmd/clavitor/web/tokens.html b/clavis/clavis-vault/cmd/clavitor/web/tokens.html similarity index 100% rename from clovis/clovis-vault/cmd/clavitor/web/tokens.html rename to clavis/clavis-vault/cmd/clavitor/web/tokens.html diff --git a/clovis/clovis-vault/cmd/clavitor/web/topbar.js b/clavis/clavis-vault/cmd/clavitor/web/topbar.js similarity index 88% rename from clovis/clovis-vault/cmd/clavitor/web/topbar.js rename to clavis/clavis-vault/cmd/clavitor/web/topbar.js index d2a962a..ef63a62 100644 --- a/clovis/clovis-vault/cmd/clavitor/web/topbar.js +++ b/clavis/clavis-vault/cmd/clavitor/web/topbar.js @@ -1,18 +1,18 @@ // Theme management (before anything else so it applies immediately, no flash) var _themes = ['', 'theme-light', 'theme-midnight']; -var _currentTheme = localStorage.getItem('v1984_theme') || ''; +var _currentTheme = localStorage.getItem('clavitor_theme') || ''; if (_currentTheme) document.body.className = _currentTheme; function cycleTheme() { var idx = _themes.indexOf(_currentTheme); _currentTheme = _themes[(idx + 1) % _themes.length]; document.body.className = _currentTheme; - localStorage.setItem('v1984_theme', _currentTheme); + localStorage.setItem('clavitor_theme', _currentTheme); } // Stateless auth: L1 Bearer from master key in sessionStorage. function getL1Bearer() { - var masterB64 = sessionStorage.getItem('v1984_master'); + var masterB64 = sessionStorage.getItem('clavitor_master'); if (!masterB64) return null; var bin = atob(masterB64); var l1 = new Uint8Array(8); @@ -29,7 +29,7 @@ async function api(method, path, body) { if (body) opts.body = JSON.stringify(body); var res = await fetch(path, opts); if (res.status === 401) { - sessionStorage.removeItem('v1984_master'); + sessionStorage.removeItem('clavitor_master'); location.href = '/app/'; throw new Error('Unauthorized'); } @@ -42,7 +42,7 @@ var _countdownTimer = null; var _countdownVal = 0; function _resetIdle() { - if (!sessionStorage.getItem('v1984_master')) return; + if (!sessionStorage.getItem('clavitor_master')) return; clearTimeout(_idleTimer); _clearCountdown(); _idleTimer = setTimeout(_startCountdown, 60000); @@ -60,7 +60,7 @@ function _startCountdown() { _countdownVal--; if (_countdownVal <= 0) { _clearCountdown(); - sessionStorage.removeItem('v1984_master'); + sessionStorage.removeItem('clavitor_master'); window.location.href = '/app/'; } else { var el = document.getElementById('lockCountdownSec'); @@ -94,11 +94,11 @@ function initTopbar() { }); nav += ''; - nav += ''; + nav += ''; var logo = isVault - ? '' - : ''; + ? '' + : ''; var el = document.getElementById('topbar'); if (el) { diff --git a/clovis/clovis-crypto/totp.js b/clavis/clavis-vault/cmd/clavitor/web/totp.js similarity index 96% rename from clovis/clovis-crypto/totp.js rename to clavis/clavis-vault/cmd/clavitor/web/totp.js index 8ea5dc4..a437be0 100644 --- a/clovis/clovis-crypto/totp.js +++ b/clavis/clavis-vault/cmd/clavitor/web/totp.js @@ -107,8 +107,8 @@ function totp_remaining(period) { } /* Export */ -if (typeof globalThis.vault1984 === 'undefined') globalThis.vault1984 = {}; -globalThis.vault1984.totp = { +if (typeof globalThis.clavitor === 'undefined') globalThis.clavitor = {}; +globalThis.clavitor.totp = { generate_totp: generate_totp, totp_remaining: totp_remaining, base32_decode: base32_decode diff --git a/clovis/clovis-vault/cmd/clavitor/web/webauthn.js b/clavis/clavis-vault/cmd/clavitor/web/webauthn.js similarity index 99% rename from clovis/clovis-vault/cmd/clavitor/web/webauthn.js rename to clavis/clavis-vault/cmd/clavitor/web/webauthn.js index a625a34..e913dd4 100644 --- a/clovis/clovis-vault/cmd/clavitor/web/webauthn.js +++ b/clavis/clavis-vault/cmd/clavitor/web/webauthn.js @@ -11,7 +11,7 @@ (function(window) { 'use strict'; - var SESSION_KEY = 'v1984_master'; + var SESSION_KEY = 'clavitor_master'; var HKDF_SALT = new TextEncoder().encode('clavitor-master-v2'); // Derive master key from raw PRF output and store in sessionStorage. diff --git a/clovis/clovis-vault/cmd/clavitor/web/worldmap.svg b/clavis/clavis-vault/cmd/clavitor/web/worldmap.svg similarity index 100% rename from clovis/clovis-vault/cmd/clavitor/web/worldmap.svg rename to clavis/clavis-vault/cmd/clavitor/web/worldmap.svg diff --git a/clavis/clavis-vault/data/clavitor-hTfaig b/clavis/clavis-vault/data/clavitor-hTfaig new file mode 100644 index 0000000..a7ff50a Binary files /dev/null and b/clavis/clavis-vault/data/clavitor-hTfaig differ diff --git a/clovis/clovis-vault/extension/background.js b/clavis/clavis-vault/extension/background.js similarity index 100% rename from clovis/clovis-vault/extension/background.js rename to clavis/clavis-vault/extension/background.js diff --git a/clovis/clovis-vault/extension/content.js b/clavis/clavis-vault/extension/content.js similarity index 100% rename from clovis/clovis-vault/extension/content.js rename to clavis/clavis-vault/extension/content.js diff --git a/clovis/clovis-vault/extension/icon128.png b/clavis/clavis-vault/extension/icon128.png similarity index 100% rename from clovis/clovis-vault/extension/icon128.png rename to clavis/clavis-vault/extension/icon128.png diff --git a/clovis/clovis-vault/extension/icon16.png b/clavis/clavis-vault/extension/icon16.png similarity index 100% rename from clovis/clovis-vault/extension/icon16.png rename to clavis/clavis-vault/extension/icon16.png diff --git a/clovis/clovis-vault/extension/icon48.png b/clavis/clavis-vault/extension/icon48.png similarity index 100% rename from clovis/clovis-vault/extension/icon48.png rename to clavis/clavis-vault/extension/icon48.png diff --git a/clovis/clovis-vault/extension/manifest.json b/clavis/clavis-vault/extension/manifest.json similarity index 100% rename from clovis/clovis-vault/extension/manifest.json rename to clavis/clavis-vault/extension/manifest.json diff --git a/clovis/clovis-vault/extension/popup.html b/clavis/clavis-vault/extension/popup.html similarity index 100% rename from clovis/clovis-vault/extension/popup.html rename to clavis/clavis-vault/extension/popup.html diff --git a/clovis/clovis-vault/extension/popup.js b/clavis/clavis-vault/extension/popup.js similarity index 100% rename from clovis/clovis-vault/extension/popup.js rename to clavis/clavis-vault/extension/popup.js diff --git a/clovis/clovis-vault/go.mod b/clavis/clavis-vault/go.mod similarity index 89% rename from clovis/clovis-vault/go.mod rename to clavis/clavis-vault/go.mod index 974d945..b7aa827 100644 --- a/clovis/clovis-vault/go.mod +++ b/clavis/clavis-vault/go.mod @@ -1,4 +1,4 @@ -module github.com/johanj/vault1984 +module github.com/johanj/clavitor go 1.24.0 diff --git a/clovis/clovis-vault/go.sum b/clavis/clavis-vault/go.sum similarity index 100% rename from clovis/clovis-vault/go.sum rename to clavis/clavis-vault/go.sum diff --git a/clovis/clovis-vault/lib/backup.go b/clavis/clavis-vault/lib/backup.go similarity index 100% rename from clovis/clovis-vault/lib/backup.go rename to clavis/clavis-vault/lib/backup.go diff --git a/clovis/clovis-vault/lib/config.go b/clavis/clavis-vault/lib/config.go similarity index 100% rename from clovis/clovis-vault/lib/config.go rename to clavis/clavis-vault/lib/config.go diff --git a/clovis/clovis-vault/lib/crypto.go b/clavis/clavis-vault/lib/crypto.go similarity index 97% rename from clovis/clovis-vault/lib/crypto.go rename to clavis/clavis-vault/lib/crypto.go index 4e2c361..3ab3ba0 100644 --- a/clovis/clovis-vault/lib/crypto.go +++ b/clavis/clavis-vault/lib/crypto.go @@ -35,7 +35,7 @@ func NormalizeKey(key []byte) []byte { // L1 (8 bytes) is normalized to 16 → derives 16-byte key → AES-128-GCM. func DeriveEntryKey(l1Key []byte, entryID int64) ([]byte, error) { normalized := NormalizeKey(l1Key) - info := []byte("vault1984-entry-" + IDToHex(entryID)) + info := []byte("clavitor-entry-" + IDToHex(entryID)) reader := hkdf.New(sha256.New, normalized, nil, info) key := make([]byte, len(normalized)) // 16 bytes for AES-128 if _, err := io.ReadFull(reader, key); err != nil { @@ -47,7 +47,7 @@ func DeriveEntryKey(l1Key []byte, entryID int64) ([]byte, error) { // DeriveHMACKey derives a separate HMAC key for blind indexes from L1. func DeriveHMACKey(l1Key []byte) ([]byte, error) { normalized := NormalizeKey(l1Key) - info := []byte("vault1984-hmac-index") + info := []byte("clavitor-hmac-index") reader := hkdf.New(sha256.New, normalized, nil, info) key := make([]byte, 32) if _, err := io.ReadFull(reader, key); err != nil { diff --git a/clovis/clovis-vault/lib/dbcore.go b/clavis/clavis-vault/lib/dbcore.go similarity index 100% rename from clovis/clovis-vault/lib/dbcore.go rename to clavis/clavis-vault/lib/dbcore.go diff --git a/clovis/clovis-vault/lib/id.go b/clavis/clavis-vault/lib/id.go similarity index 100% rename from clovis/clovis-vault/lib/id.go rename to clavis/clavis-vault/lib/id.go diff --git a/clovis/clovis-vault/lib/importers.go b/clavis/clavis-vault/lib/importers.go similarity index 100% rename from clovis/clovis-vault/lib/importers.go rename to clavis/clavis-vault/lib/importers.go diff --git a/clovis/clovis-vault/lib/l2labels.go b/clavis/clavis-vault/lib/l2labels.go similarity index 100% rename from clovis/clovis-vault/lib/l2labels.go rename to clavis/clavis-vault/lib/l2labels.go diff --git a/clovis/clovis-vault/lib/telemetry.go b/clavis/clavis-vault/lib/telemetry.go similarity index 98% rename from clovis/clovis-vault/lib/telemetry.go rename to clavis/clavis-vault/lib/telemetry.go index 2c0a88d..ecfa97a 100644 --- a/clovis/clovis-vault/lib/telemetry.go +++ b/clavis/clavis-vault/lib/telemetry.go @@ -20,10 +20,11 @@ import ( // All fields zero/empty = telemetry disabled. type TelemetryConfig struct { FreqSeconds int // interval between POSTs (0 = disabled) - Host string // e.g. https://hq.vault1984.com/telemetry + Host string // e.g. https://hq.clavitor.com/telemetry Token string // Bearer token for auth DataDir string // vault data directory (to scan DBs) Mode string // "self-hosted" or "hosted" + Version string // build version string } // TelemetryPayload is the JSON body posted to the telemetry endpoint. @@ -84,7 +85,7 @@ func CollectPayload(cfg TelemetryConfig, startTime time.Time) TelemetryPayload { hostname, _ := os.Hostname() return TelemetryPayload{ - Version: "0.1.0", + Version: cfg.Version, Hostname: hostname, UptimeSeconds: int64(time.Since(startTime).Seconds()), Timestamp: time.Now().UTC().Format(time.RFC3339), diff --git a/clovis/clovis-vault/lib/telemetry_test.go b/clavis/clavis-vault/lib/telemetry_test.go similarity index 100% rename from clovis/clovis-vault/lib/telemetry_test.go rename to clavis/clavis-vault/lib/telemetry_test.go diff --git a/clovis/clovis-vault/lib/tls.go b/clavis/clavis-vault/lib/tls.go similarity index 94% rename from clovis/clovis-vault/lib/tls.go rename to clavis/clavis-vault/lib/tls.go index aaccf5e..591880d 100644 --- a/clovis/clovis-vault/lib/tls.go +++ b/clavis/clavis-vault/lib/tls.go @@ -36,13 +36,13 @@ func EnsureTLSCert(certPath, keyPath string) error { tmpl := x509.Certificate{ SerialNumber: serial, - Subject: pkix.Name{Organization: []string{"Vault1984"}, CommonName: "vault1984"}, + Subject: pkix.Name{Organization: []string{"Clavitor"}, CommonName: "clavitor"}, NotBefore: time.Now().Add(-time.Hour), NotAfter: time.Now().Add(10 * 365 * 24 * time.Hour), KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, - DNSNames: []string{"localhost", "vault1984.local"}, + DNSNames: []string{"localhost", "clavitor.local"}, IPAddresses: []net.IP{net.IPv4(127, 0, 0, 1), net.IPv6loopback}, } diff --git a/clovis/clovis-vault/lib/tokenmap.go b/clavis/clavis-vault/lib/tokenmap.go similarity index 100% rename from clovis/clovis-vault/lib/tokenmap.go rename to clavis/clavis-vault/lib/tokenmap.go diff --git a/clovis/clovis-vault/lib/types.go b/clavis/clavis-vault/lib/types.go similarity index 100% rename from clovis/clovis-vault/lib/types.go rename to clavis/clavis-vault/lib/types.go diff --git a/clavis/clavis-vault/scripts/release.sh b/clavis/clavis-vault/scripts/release.sh new file mode 100755 index 0000000..41dce0b --- /dev/null +++ b/clavis/clavis-vault/scripts/release.sh @@ -0,0 +1,74 @@ +#!/usr/bin/env bash +set -euo pipefail + +cd "$(dirname "$0")/.." + +GO="${GO:-/usr/local/go/bin/go}" +MAC_HOST="${MAC_HOST:-johanjongsma@192.168.1.14}" +MAC_PROJECT="${MAC_PROJECT:-~/dev/clavitor/clavis/clavis-vault}" +OUT="dist" + +VERSION=$(git describe --tags --always --dirty 2>/dev/null || echo dev) +COMMIT=$(git rev-parse --short HEAD 2>/dev/null || echo unknown) +DATE=$(date -u +%Y%m%d-%H%M) +LDFLAGS="-s -w -X main.version=${VERSION} -X main.commit=${COMMIT} -X main.buildDate=${DATE}" + +mkdir -p "$OUT" + +echo "=== Clavitor release build ===" +echo " version: ${VERSION} (${COMMIT}) ${DATE}" +echo "" + +# --- Linux amd64 (native) --- +echo "[1/4] linux/amd64 ..." +CGO_ENABLED=1 GOOS=linux GOARCH=amd64 GOFIPS140=latest \ + $GO build -ldflags "$LDFLAGS" -o "${OUT}/clavitor-linux-amd64" ./cmd/clavitor +echo " done" + +# --- Linux arm64 (cross) --- +echo "[2/4] linux/arm64 ..." +if ! command -v aarch64-linux-gnu-gcc &>/dev/null; then + echo " aarch64-linux-gnu-gcc not found." + echo " Install with: sudo apt install gcc-aarch64-linux-gnu" + echo " SKIPPED" +else + CGO_ENABLED=1 GOOS=linux GOARCH=arm64 CC=aarch64-linux-gnu-gcc GOFIPS140=latest \ + $GO build -ldflags "$LDFLAGS" -o "${OUT}/clavitor-linux-arm64" ./cmd/clavitor + echo " done" +fi + +# --- Darwin arm64 + amd64 (via SSH to Mac) --- +echo "[3/4] darwin/arm64 (via Mac SSH) ..." +echo "[4/4] darwin/amd64 (via Mac SSH) ..." +if ssh -o ConnectTimeout=5 -o BatchMode=yes "$MAC_HOST" true 2>/dev/null; then + ssh "$MAC_HOST" bash -s </dev/null || true + + VERSION=\$(git describe --tags --always --dirty 2>/dev/null || echo dev) + COMMIT=\$(git rev-parse --short HEAD 2>/dev/null || echo unknown) + DATE=\$(date -u +%Y%m%d-%H%M) + LDFLAGS="-s -w -X main.version=\${VERSION} -X main.commit=\${COMMIT} -X main.buildDate=\${DATE}" + + CGO_ENABLED=1 GOOS=darwin GOARCH=arm64 \ + go build -ldflags "\$LDFLAGS" -o /tmp/clavitor-darwin-arm64 ./cmd/clavitor + CGO_ENABLED=1 GOOS=darwin GOARCH=amd64 \ + go build -ldflags "\$LDFLAGS" -o /tmp/clavitor-darwin-amd64 ./cmd/clavitor +REMOTE + scp "$MAC_HOST":/tmp/clavitor-darwin-arm64 "${OUT}/clavitor-darwin-arm64" + scp "$MAC_HOST":/tmp/clavitor-darwin-amd64 "${OUT}/clavitor-darwin-amd64" + echo " done" +else + echo " Mac unreachable at ${MAC_HOST} — SKIPPED" +fi + +# --- Summary --- +echo "" +echo "=== Built artifacts ===" +for f in "${OUT}"/clavitor-*; do + [ -f "$f" ] || continue + size=$(du -h "$f" | cut -f1) + arch=$(file -b "$f" | head -c 80) + printf " %-30s %6s %s\n" "$(basename "$f")" "$size" "$arch" +done diff --git a/clavitor.com/._clavitor-logo.svg b/clavitor.com/._clavitor-logo.svg new file mode 100644 index 0000000..1a09082 Binary files /dev/null and b/clavitor.com/._clavitor-logo.svg differ diff --git a/clavitor.com/CLAUDE.md b/clavitor.com/CLAUDE.md index 04eca2b..076f1fb 100644 --- a/clavitor.com/CLAUDE.md +++ b/clavitor.com/CLAUDE.md @@ -10,19 +10,19 @@ ## Deployment -### Dev (localhost — Florida) +### Dev (forge = 192.168.1.16, Florida — dev.clavitor.ai) ``` make dev # build + restart locally make deploy-dev # same thing ``` +Dev runs on forge (localhost). `dev.clavitor.ai` DNS points to home IP. -### Prod (Zürich — zurich.inou.com) +### Prod (Zürich — zurich.inou.com — clavitor.ai) ``` make deploy-prod # cross-compile amd64, scp to Zürich, restart systemd ``` - Prod runs at `/opt/clavitor-web/` as systemd service `clavitor-web`. -Caddy reverse proxies `clavitor.ai`, `clavitor.com`, `dev.clavitor.ai` → `localhost:8099`. +Caddy reverse proxies `clavitor.ai`, `clavitor.com`, `www.clavitor.ai`, `www.clavitor.com` → `localhost:8099`. ### First-time setup (already done) ``` diff --git a/clavitor.com/Makefile b/clavitor.com/Makefile index de7dfd2..60f01b3 100644 --- a/clavitor.com/Makefile +++ b/clavitor.com/Makefile @@ -1,39 +1,39 @@ BINARY = clavitor-web PROD_HOST = root@zurich.inou.com PROD_DIR = /opt/clavitor-web -PROD_PORT = 8099 +PORT = 8099 .PHONY: build dev deploy-dev deploy-prod setup-prod -# Build for local (dev) +# Build for local (dev on forge/localhost) build: CGO_ENABLED=1 go build -o $(BINARY) . # Run locally (dev mode — templates reload from disk) dev: build - pkill -f $(BINARY) 2>/dev/null || true + pkill -f ./$(BINARY) 2>/dev/null || true sleep 0.5 ./$(BINARY) & - @echo "→ http://localhost:$(PROD_PORT)" + @echo "→ dev.clavitor.ai / http://localhost:$(PORT)" -# Deploy to dev (localhost — just rebuild and restart) +# Deploy to dev (forge = localhost, dev.clavitor.ai points here) deploy-dev: build - pkill -f $(BINARY) 2>/dev/null || true + pkill -f ./$(BINARY) 2>/dev/null || true sleep 0.5 ./$(BINARY) & - @echo "✓ dev deployed → http://localhost:$(PROD_PORT)" + @echo "✓ dev deployed → dev.clavitor.ai / http://localhost:$(PORT)" # Build for prod (linux/amd64 for Zürich) build-prod: GOOS=linux GOARCH=amd64 CGO_ENABLED=1 go build -o $(BINARY)-linux-amd64 . -# Deploy to prod (Zürich) +# Deploy to prod (Zürich — clavitor.ai) deploy-prod: build-prod scp $(BINARY)-linux-amd64 clavitor.db $(PROD_HOST):$(PROD_DIR)/ ssh $(PROD_HOST) "cd $(PROD_DIR) && mv $(BINARY)-linux-amd64 $(BINARY) && systemctl restart clavitor-web" @echo "✓ prod deployed → https://clavitor.ai" -# First-time prod setup: create dir, systemd service, update Caddy +# First-time prod setup (already done) setup-prod: ssh $(PROD_HOST) "mkdir -p $(PROD_DIR)" scp $(BINARY)-linux-amd64 clavitor.db $(PROD_HOST):$(PROD_DIR)/ @@ -49,10 +49,10 @@ WorkingDirectory=$(PROD_DIR)\n\ ExecStart=$(PROD_DIR)/$(BINARY)\n\ Restart=always\n\ RestartSec=5\n\ -Environment=PORT=$(PROD_PORT)\n\ +Environment=PORT=$(PORT)\n\ \n\ [Install]\n\ WantedBy=multi-user.target\n\ EOF' ssh $(PROD_HOST) "systemctl daemon-reload && systemctl enable --now clavitor-web" - @echo "✓ prod setup complete — now update Caddyfile to reverse_proxy localhost:$(PROD_PORT)" + @echo "✓ prod setup complete" diff --git a/clavitor.com/clavitor-web b/clavitor.com/clavitor-web index b322726..cbb4325 100755 Binary files a/clavitor.com/clavitor-web and b/clavitor.com/clavitor-web differ diff --git a/clovis/clovis-vault/clavitor-linux-amd64 b/clavitor.com/clavitor-web-linux-amd64 similarity index 66% rename from clovis/clovis-vault/clavitor-linux-amd64 rename to clavitor.com/clavitor-web-linux-amd64 index 0b2c1ad..682fb05 100755 Binary files a/clovis/clovis-vault/clavitor-linux-amd64 and b/clavitor.com/clavitor-web-linux-amd64 differ diff --git a/clavitor.com/clavitor.css b/clavitor.com/clavitor.css index c59c308..db7aced 100644 --- a/clavitor.com/clavitor.css +++ b/clavitor.com/clavitor.css @@ -88,8 +88,8 @@ code { font-size: 0.875em; } .logo-lockup-nav { transform: scale(0.65); transform-origin: left center; } /* === NAV === */ -.nav { position: fixed; top: 0; width: 100%; z-index: 50; background: rgba(255,255,255,0.92); backdrop-filter: blur(12px); border-bottom: 1px solid var(--border); } -.nav-inner { height: 64px; display: flex; align-items: center; justify-content: space-between; } +.nav { position: fixed; top: 0; width: 100%; z-index: 50; background: rgba(255,255,255,0.92); backdrop-filter: blur(12px); } +.nav-inner { height: 64px; display: flex; align-items: center; justify-content: space-between; border-bottom: 1px solid var(--border); } .nav-logo { line-height: 1; } .nav-links { display: flex; align-items: center; gap: 1.5rem; font-size: 0.875rem; } .nav-link { color: var(--text-secondary); font-weight: 500; transition: color 100ms ease; } @@ -216,12 +216,12 @@ code { font-size: 0.875em; } .prose a:hover { text-decoration: underline; } /* === FOOTER === */ -.footer { border-top: 1px solid var(--border); padding: 3rem 0; } -.footer-inner { display: flex; align-items: center; justify-content: space-between; flex-wrap: wrap; gap: 1.5rem; } +.footer { padding: 1.5rem 0; } +.footer-inner { display: flex; align-items: center; justify-content: space-between; flex-wrap: wrap; gap: 1.5rem; border-top: 1px solid var(--border); padding-top: 1.5rem; } .footer-links { display: flex; align-items: center; gap: 1rem; font-size: 0.875rem; color: var(--text-tertiary); } .footer-links a { color: var(--text-tertiary); transition: color 100ms ease; } .footer-links a:hover { color: var(--text-secondary); } -.footer-copy { text-align: center; font-size: 0.75rem; color: var(--text-tertiary); margin-top: 2rem; } +.footer-copy { text-align: center; font-size: 0.75rem; color: var(--text-tertiary); margin-top: 0.75rem; } /* === UTILITIES: Spacing === */ .mt-2 { margin-top: 0.5rem; } .mb-2 { margin-bottom: 0.5rem; } diff --git a/clavitor.com/clavitor.db-shm b/clavitor.com/clavitor.db-shm index 0af8095..51a6cf3 100644 Binary files a/clavitor.com/clavitor.db-shm and b/clavitor.com/clavitor.db-shm differ diff --git a/clavitor.com/clavitor.db-wal b/clavitor.com/clavitor.db-wal index 6ef4f45..60ed1b4 100644 Binary files a/clavitor.com/clavitor.db-wal and b/clavitor.com/clavitor.db-wal differ diff --git a/clavitor.com/main.go b/clavitor.com/main.go index c2b1b2f..687778c 100644 --- a/clavitor.com/main.go +++ b/clavitor.com/main.go @@ -5,6 +5,7 @@ import ( "embed" "encoding/json" "fmt" + "net/smtp" "html/template" "io" "io/fs" @@ -59,7 +60,7 @@ func loadTemplates() { } func loadPops() []Pop { - rows, err := db.Query("SELECT pop_id, city, country, lat, lon, region_name, ip, dns, status, provider FROM pops ORDER BY pop_id") + rows, err := db.Query("SELECT pop_id, city, country, lat, lon, region_name, ip, dns, status, provider FROM pops ORDER BY CASE status WHEN 'live' THEN 0 ELSE 1 END, lon") if err != nil { log.Printf("pops query error: %v", err) return nil @@ -168,16 +169,57 @@ func main() { http.HandleFunc("/sources", func(w http.ResponseWriter, r *http.Request) { render(w, PageData{Page: "sources", Title: "Sources — clavitor"}) }) + // Notify — sends signup interest email + http.HandleFunc("/notify", func(w http.ResponseWriter, r *http.Request) { + if r.Method != "POST" { + w.WriteHeader(405) + return + } + var req struct { + Email string `json:"email"` + } + if err := json.NewDecoder(r.Body).Decode(&req); err != nil || req.Email == "" { + w.Header().Set("Content-Type", "application/json") + w.Write([]byte(`{"error":"invalid email"}`)) + return + } + smtpUser := os.Getenv("SMTP_USER") + smtpPass := os.Getenv("SMTP_PASS") + if smtpUser == "" || smtpPass == "" { + log.Printf("notify: SMTP not configured, email from %s", req.Email) + w.Header().Set("Content-Type", "application/json") + w.Write([]byte(`{"ok":true}`)) + return + } + go func() { + msg := fmt.Sprintf("From: %s\r\nTo: johan@clavitor.ai\r\nSubject: Clavitor signup interest: %s\r\n\r\n%s wants to be notified when signups open.\r\n", smtpUser, req.Email, req.Email) + auth := smtp.PlainAuth("", smtpUser, smtpPass, "smtp.protonmail.ch") + if err := smtp.SendMail("smtp.protonmail.ch:587", auth, smtpUser, []string{"johan@clavitor.ai"}, []byte(msg)); err != nil { + log.Printf("notify: smtp error: %v", err) + } else { + log.Printf("notify: sent for %s", req.Email) + } + }() + w.Header().Set("Content-Type", "application/json") + w.Write([]byte(`{"ok":true}`)) + }) + + http.HandleFunc("/signup", func(w http.ResponseWriter, r *http.Request) { + render(w, PageData{Page: "signup", Title: "Sign up — clavitor"}) + }) http.HandleFunc("/styleguide", func(w http.ResponseWriter, r *http.Request) { render(w, PageData{Page: "styleguide", Title: "clavitor — Styleguide"}) }) // NOC telemetry ingest — agents POST here + // Accepts both flat format (node_id, cpu_percent, ...) and nested vault format + // (hostname, system.cpu_percent, vaults.count, ...) http.HandleFunc("/telemetry", func(w http.ResponseWriter, r *http.Request) { if r.Method != "POST" { w.WriteHeader(405) return } var t struct { + // Flat fields (legacy/direct) NodeID string `json:"node_id"` Version string `json:"version"` Hostname string `json:"hostname"` @@ -192,16 +234,68 @@ func main() { VaultSizeMB float64 `json:"vault_size_mb"` VaultEntries int `json:"vault_entries"` Mode string `json:"mode"` + // Nested fields (clovis-vault TelemetryPayload) + System struct { + OS string `json:"os"` + Arch string `json:"arch"` + CPUs int `json:"cpus"` + CPUPercent float64 `json:"cpu_percent"` + MemTotalMB int64 `json:"memory_total_mb"` + MemUsedMB int64 `json:"memory_used_mb"` + DiskTotalMB int64 `json:"disk_total_mb"` + DiskUsedMB int64 `json:"disk_used_mb"` + Load1m float64 `json:"load_1m"` + } `json:"system"` + Vaults struct { + Count int `json:"count"` + TotalSizeMB int64 `json:"total_size_mb"` + TotalEntries int64 `json:"total_entries"` + } `json:"vaults"` } - if err := json.NewDecoder(r.Body).Decode(&t); err != nil || t.NodeID == "" { + if err := json.NewDecoder(r.Body).Decode(&t); err != nil { http.Error(w, `{"error":"bad payload"}`, 400) return } + // Use hostname as node_id if node_id not provided + if t.NodeID == "" { + t.NodeID = t.Hostname + } + if t.NodeID == "" { + http.Error(w, `{"error":"missing node_id or hostname"}`, 400) + return + } + // Merge nested fields into flat fields if flat is zero + if t.CPUPercent == 0 && t.System.CPUPercent != 0 { + t.CPUPercent = t.System.CPUPercent + } + if t.MemTotalMB == 0 { t.MemTotalMB = t.System.MemTotalMB } + if t.MemUsedMB == 0 { t.MemUsedMB = t.System.MemUsedMB } + if t.DiskTotalMB == 0 { t.DiskTotalMB = t.System.DiskTotalMB } + if t.DiskUsedMB == 0 { t.DiskUsedMB = t.System.DiskUsedMB } + if t.Load1m == 0 { t.Load1m = t.System.Load1m } + if t.VaultCount == 0 { t.VaultCount = int(t.Vaults.Count) } + if t.VaultSizeMB == 0 { t.VaultSizeMB = float64(t.Vaults.TotalSizeMB) } + if t.VaultEntries == 0 { t.VaultEntries = int(t.Vaults.TotalEntries) } + db.Exec(`INSERT INTO telemetry (node_id, version, hostname, uptime_seconds, cpu_percent, memory_total_mb, memory_used_mb, disk_total_mb, disk_used_mb, load_1m, vault_count, vault_size_mb, vault_entries, mode) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?)`, t.NodeID, t.Version, t.Hostname, t.UptimeSeconds, t.CPUPercent, t.MemTotalMB, t.MemUsedMB, t.DiskTotalMB, t.DiskUsedMB, t.Load1m, t.VaultCount, t.VaultSizeMB, t.VaultEntries, t.Mode) - // Update daily uptime + + // Uptime span tracking: extend existing span or create new one + // Gap threshold: 60s (2x the 30s interval, allows one missed beat) + now := time.Now().Unix() + var spanID int64 + var spanEnd int64 + err = db.QueryRow(`SELECT id, end_at FROM uptime_spans WHERE node_id = ? ORDER BY end_at DESC LIMIT 1`, t.NodeID).Scan(&spanID, &spanEnd) + if err == nil && (now-spanEnd) <= 60 { + db.Exec(`UPDATE uptime_spans SET end_at = ? WHERE id = ?`, now, spanID) + } else { + db.Exec(`INSERT INTO uptime_spans (node_id, start_at, end_at) VALUES (?, ?, ?)`, t.NodeID, now, now) + } + + // Legacy daily uptime (kept for backwards compat) today := time.Now().Format("2006-01-02") db.Exec(`INSERT OR REPLACE INTO uptime (node_id, date, status) VALUES (?, ?, 'operational')`, t.NodeID, today) + w.Header().Set("Content-Type", "application/json") w.Write([]byte(`{"ok":true}`)) }) @@ -249,11 +343,19 @@ func main() { pops := loadPops() type N struct { ID string `json:"ID"` + City string `json:"City"` Status string `json:"Status"` } var nodes []N for _, p := range pops { - nodes = append(nodes, N{ID: p.City, Status: p.Status}) + id := p.DNS + if idx := strings.Index(id, "."); idx > 0 { + id = id[:idx] // "use1.clavitor.ai" -> "use1" + } + if id == "" { + id = p.City + } + nodes = append(nodes, N{ID: id, City: p.City, Status: p.Status}) } w.Header().Set("Content-Type", "application/json") json.NewEncoder(w).Encode(map[string]any{"nodes": nodes}) @@ -301,6 +403,265 @@ func main() { render(w, data) }) + // --- Uptime rollup helper --- + // Calculates uptime % for a node on a given date from spans + maintenance windows. + // Caches result in uptime_daily. Only recalculates if date is today (ongoing) or not cached. + rollupDay := func(nodeID, date string) float64 { + // Check cache (skip today — always recalculate) + today := time.Now().Format("2006-01-02") + if date != today { + var cached float64 + if db.QueryRow(`SELECT uptime_pct FROM uptime_daily WHERE node_id = ? AND date = ?`, nodeID, date).Scan(&cached) == nil { + return cached + } + } + + // Parse day boundaries + dayStart, _ := time.Parse("2006-01-02", date) + dayEnd := dayStart.Add(24 * time.Hour) + dsUnix := dayStart.Unix() + deUnix := dayEnd.Unix() + + // If day is in the future, return -1 (no data) + if dsUnix > time.Now().Unix() { + return -1 + } + // Cap end to now if today + if deUnix > time.Now().Unix() { + deUnix = time.Now().Unix() + } + totalSeconds := deUnix - dsUnix + if totalSeconds <= 0 { + return -1 + } + + // Sum span overlap with this day + var upSeconds int64 + var hasSpans bool + if rows, err := db.Query(`SELECT start_at, end_at FROM uptime_spans WHERE node_id = ? AND end_at > ? AND start_at < ? ORDER BY start_at`, + nodeID, dsUnix, deUnix); err == nil { + for rows.Next() { + hasSpans = true + var s, e int64 + rows.Scan(&s, &e) + if s < dsUnix { s = dsUnix } + if e > deUnix { e = deUnix } + if e > s { upSeconds += e - s } + } + rows.Close() + } + + // No spans at all for this day = no data (node didn't exist yet) + if !hasSpans { + return -1 + } + + // Subtract maintenance windows from denominator + var maintSeconds int64 + if mRows, err := db.Query(`SELECT start_at, COALESCE(end_at, ?) FROM maintenance WHERE end_at IS NULL OR (end_at >= ? AND start_at <= ?)`, + deUnix, dsUnix, deUnix); err == nil { + for mRows.Next() { + var s, e int64 + mRows.Scan(&s, &e) + if s < dsUnix { s = dsUnix } + if e > deUnix { e = deUnix } + if e > s { maintSeconds += e - s } + } + mRows.Close() + } + + effectiveTotal := totalSeconds - maintSeconds + if effectiveTotal <= 0 { + effectiveTotal = 1 + upSeconds = 1 + } + + pct := float64(upSeconds) / float64(effectiveTotal) * 100 + if pct > 100 { pct = 100 } + + // Cache (don't cache today since it changes) + if date != today { + db.Exec(`INSERT OR REPLACE INTO uptime_daily (node_id, date, up_seconds, total_seconds, uptime_pct) VALUES (?,?,?,?,?)`, + nodeID, date, upSeconds, effectiveTotal, pct) + } + return pct + } + + // --- Maintenance API --- + http.HandleFunc("/noc/api/maintenance", func(w http.ResponseWriter, r *http.Request) { + if !nocPin(r) { http.NotFound(w, r); return } + w.Header().Set("Content-Type", "application/json") + + switch r.Method { + case "POST": + var req struct { + Action string `json:"action"` // "start" or "stop" + Reason string `json:"reason"` + By string `json:"by"` + } + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + http.Error(w, `{"error":"bad request"}`, 400) + return + } + if req.Action == "start" { + db.Exec(`INSERT INTO maintenance (reason, started_by) VALUES (?, ?)`, req.Reason, req.By) + w.Write([]byte(`{"ok":true,"status":"maintenance started"}`)) + } else if req.Action == "stop" { + now := time.Now().Unix() + db.Exec(`UPDATE maintenance SET end_at = ?, ended_by = ? WHERE end_at IS NULL`, now, req.By) + w.Write([]byte(`{"ok":true,"status":"maintenance ended"}`)) + } else { + http.Error(w, `{"error":"action must be start or stop"}`, 400) + } + case "GET": + rows, _ := db.Query(`SELECT id, start_at, end_at, reason, started_by, ended_by FROM maintenance ORDER BY id DESC LIMIT 20`) + type M struct { + ID int `json:"id"` + StartAt int64 `json:"start_at"` + EndAt *int64 `json:"end_at"` + Reason string `json:"reason"` + StartBy string `json:"started_by"` + EndBy string `json:"ended_by"` + } + var list []M + if rows != nil { + defer rows.Close() + for rows.Next() { + var m M + rows.Scan(&m.ID, &m.StartAt, &m.EndAt, &m.Reason, &m.StartBy, &m.EndBy) + list = append(list, m) + } + } + // Check if currently in maintenance + var active bool + db.QueryRow(`SELECT COUNT(*) > 0 FROM maintenance WHERE end_at IS NULL`).Scan(&active) + json.NewEncoder(w).Encode(map[string]any{"active": active, "windows": list}) + } + }) + + // Public status page + http.HandleFunc("/status", func(w http.ResponseWriter, r *http.Request) { + data := PageData{Page: "status", Title: "Status — clavitor"} + data.Pops = loadPops() + render(w, data) + }) + + // Status API — public, no PIN needed + http.HandleFunc("/status/api", func(w http.ResponseWriter, r *http.Request) { + pops := loadPops() + + type DayUptime struct { + Date string `json:"date"` + Pct float64 `json:"pct"` // 0-100, -1 = no data + } + type NodeStatus struct { + ID string `json:"id"` + City string `json:"city"` + Country string `json:"country"` + Region string `json:"region"` + Status string `json:"status"` + Health string `json:"health"` + Uptime []DayUptime `json:"uptime_90"` + } + + // Get latest telemetry per node + tRows, _ := db.Query(`SELECT t.node_id, t.received_at FROM telemetry t INNER JOIN (SELECT node_id, MAX(id) as max_id FROM telemetry GROUP BY node_id) latest ON t.id = latest.max_id`) + lastSeen := map[string]int64{} + if tRows != nil { + defer tRows.Close() + for tRows.Next() { + var nid string + var ts int64 + tRows.Scan(&nid, &ts) + lastSeen[nid] = ts + } + } + + // Build 90-day date list + now := time.Now() + var dates []string + for i := 89; i >= 0; i-- { + dates = append(dates, now.AddDate(0, 0, -i).Format("2006-01-02")) + } + + // Check maintenance status + var inMaintenance bool + db.QueryRow(`SELECT COUNT(*) > 0 FROM maintenance WHERE end_at IS NULL`).Scan(&inMaintenance) + + var nodes []NodeStatus + allOperational := true + for _, p := range pops { + id := p.DNS + if idx := strings.Index(id, "."); idx > 0 { + id = id[:idx] + } + if id == "" { id = p.City } + + health := "planned" + if p.Status == "live" { + health = "unknown" + if ts, ok := lastSeen[id]; ok { + age := now.Unix() - ts + if age < 150 { + health = "operational" + } else if age < 600 { + if inMaintenance { health = "maintenance" } else { health = "degraded" } + } else { + if inMaintenance { health = "maintenance" } else { health = "down" } + } + } + if health != "operational" && health != "maintenance" { + allOperational = false + } + } + + // Build 90-day uptime from spans + uptime90 := make([]DayUptime, 90) + for i, d := range dates { + pct := rollupDay(id, d) + uptime90[i] = DayUptime{Date: d, Pct: pct} + } + + nodes = append(nodes, NodeStatus{ + ID: id, City: p.City, Country: p.Country, + Region: p.RegionName, Status: p.Status, + Health: health, Uptime: uptime90, + }) + } + + // Get recent incidents + type Incident struct { + ID int `json:"id"` + Title string `json:"title"` + Status string `json:"status"` + Date string `json:"date"` + } + var incidents []Incident + iRows, _ := db.Query(`SELECT id, title, status, date FROM incidents ORDER BY id DESC LIMIT 10`) + if iRows != nil { + defer iRows.Close() + for iRows.Next() { + var inc Incident + iRows.Scan(&inc.ID, &inc.Title, &inc.Status, &inc.Date) + incidents = append(incidents, inc) + } + } + + overall := "All Systems Operational" + if !allOperational { + overall = "Some Systems Degraded" + } + + w.Header().Set("Content-Type", "application/json") + w.Header().Set("Access-Control-Allow-Origin", "*") + json.NewEncoder(w).Encode(map[string]any{ + "overall": overall, + "nodes": nodes, + "incidents": incidents, + "dates": dates, + }) + }) + http.HandleFunc("/glass", func(w http.ResponseWriter, r *http.Request) { data := PageData{Page: "glass", Title: "Looking Glass — clavitor"} data.Pops = loadPops() diff --git a/clavitor.com/templates/base.tmpl b/clavitor.com/templates/base.tmpl index 085ce95..498d8bb 100644 --- a/clavitor.com/templates/base.tmpl +++ b/clavitor.com/templates/base.tmpl @@ -38,12 +38,16 @@ {{else if eq .Page "styleguide"}}{{template "styleguide" .}} {{else if eq .Page "glass"}}{{template "glass" .}} {{else if eq .Page "noc"}}{{template "noc" .}} +{{else if eq .Page "status"}}{{template "status" .}} +{{else if eq .Page "signup"}}{{template "signup" .}} {{end}} {{if ne .Page "styleguide"}}{{template "footer"}}{{end}} {{if eq .Page "index"}}{{template "index-script"}} {{else if eq .Page "hosted"}}{{template "hosted-script" .}} {{else if eq .Page "glass"}}{{template "glass-script"}} {{else if eq .Page "noc"}}{{template "noc-script"}} +{{else if eq .Page "status"}}{{template "status-script"}} +{{else if eq .Page "signup"}}{{template "signup-script"}} {{end}} diff --git a/clavitor.com/templates/footer.tmpl b/clavitor.com/templates/footer.tmpl index bfc31fa..9342cc7 100644 --- a/clavitor.com/templates/footer.tmpl +++ b/clavitor.com/templates/footer.tmpl @@ -3,7 +3,7 @@
- clavitor + clavitor GitHub Discord X diff --git a/clavitor.com/templates/noc.tmpl b/clavitor.com/templates/noc.tmpl index 5ddd52f..b357577 100644 --- a/clavitor.com/templates/noc.tmpl +++ b/clavitor.com/templates/noc.tmpl @@ -1,13 +1,11 @@ {{define "noc"}} -
+

Network Operations

Clavitor NOC

-

Real-time telemetry from {{len .Pops}} points of presence.

+

Real-time telemetry from {{len .Pops}} points of presence.

-
- -
+
Nodes reporting
Avg CPU
@@ -66,7 +64,7 @@ function renderCard(t, hist) { if (t._pending) return `
-
${t.node_id}PENDING
+
${t._city || t.node_id}PENDING
Awaiting telemetry
`; const ageS = Math.round(Date.now()/1000 - t.received_at); @@ -79,7 +77,7 @@ return `
- ${t.node_id} + ${t._city || t.node_id} ${statusText}
${t.hostname || ''} · v${t.version || ''}
@@ -116,8 +114,12 @@ const tData = await tRes.json(), nData = await nRes.json(); const tMap = {}; for (const t of (tData.telemetry || [])) tMap[t.node_id] = t; - const liveIds = (nData.nodes || []).filter(n => n.Status === 'live').map(n => n.ID); - const nodes = liveIds.map(id => tMap[id] || {node_id:id, _pending:true}); + const liveNodes = (nData.nodes || []).filter(n => n.Status === 'live'); + const nodes = liveNodes.map(n => { + const t = tMap[n.ID] || {node_id:n.ID, _pending:true}; + t._city = n.City || n.ID; + return t; + }); document.getElementById('noc-error').style.display = 'none'; document.getElementById('s-nodes').textContent = nodes.length; diff --git a/clavitor.com/templates/signup.tmpl b/clavitor.com/templates/signup.tmpl new file mode 100644 index 0000000..9261030 --- /dev/null +++ b/clavitor.com/templates/signup.tmpl @@ -0,0 +1,43 @@ +{{define "signup"}} +
+
+

Coming soon

+

We're not quite ready yet. Leave your email and we'll notify you when signups open.

+
+ + +
+ +

← Back to home

+
+{{end}} + +{{define "signup-script"}} + +{{end}} diff --git a/clavitor.com/templates/status.tmpl b/clavitor.com/templates/status.tmpl new file mode 100644 index 0000000..111bf88 --- /dev/null +++ b/clavitor.com/templates/status.tmpl @@ -0,0 +1,142 @@ +{{define "status"}} +
+

System Status

+

Clavitor Status

+
+ +
+
+ + Loading... +
+ +

Uptime over the past 90 days.

+ +
+ +
+ +

+
+{{end}} + +{{define "status-script"}} + + +{{end}} diff --git a/clovis/clovis-firefox/README.md b/clovis/clovis-firefox/README.md deleted file mode 100644 index c11f110..0000000 --- a/clovis/clovis-firefox/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# Clovis Firefox Extension - -Browser extension for Firefox. - -**Status:** Planned, not yet implemented. - -This extension will share the core logic with clovis-chrome. diff --git a/clovis/clovis-vault/Makefile b/clovis/clovis-vault/Makefile deleted file mode 100644 index eab8bd3..0000000 --- a/clovis/clovis-vault/Makefile +++ /dev/null @@ -1,22 +0,0 @@ -BINARY := clavitor -REMOTE := clavitor-hq -REMOTE_PATH := /opt/clavitor/bin - -export GOFIPS140 := latest - -.PHONY: build deploy clean - -clean: - rm -f $(BINARY) - -build: - rm -f $(BINARY) - /usr/local/go/bin/go clean -cache - GOFIPS140=latest /usr/local/go/bin/go build -o $(BINARY) ./cmd/clavitor - -deploy: build - scp $(BINARY) $(REMOTE):/tmp/$(BINARY)-new - ssh $(REMOTE) 'sudo systemctl stop clavitor && mv /tmp/$(BINARY)-new $(REMOTE_PATH) && chmod +x $(REMOTE_PATH) && sudo systemctl start clavitor' - @echo "Deployed. Verifying..." - @sleep 2 - @ssh $(REMOTE) 'sudo systemctl is-active clavitor' diff --git a/docs/._FEATURE-GRID.md b/docs/._FEATURE-GRID.md new file mode 100644 index 0000000..9480045 Binary files /dev/null and b/docs/._FEATURE-GRID.md differ diff --git a/docs/COMPETITIVE-ONECLI.md b/docs/COMPETITIVE-ONECLI.md new file mode 100644 index 0000000..61d8e89 --- /dev/null +++ b/docs/COMPETITIVE-ONECLI.md @@ -0,0 +1,241 @@ +# Competitive Analysis: OneCLI vs Clavitor + +*Analyzed: March 25, 2026* + +--- + +## What is OneCLI? + +OneCLI is an open-source credential proxy for AI agents, launched March 2026. It gained quick traction (600+ GitHub stars, Hacker News front page) by positioning itself as "easier than HashiCorp Vault." + +**Core mechanic:** Agents set `HTTP_PROXY=http://localhost:10255`. OneCLI intercepts HTTPS traffic via MITM (installs a local CA cert), detects the destination host, injects the stored credential as a header, and forwards the request. The agent never sees the raw API key. + +**Example:** +```bash +# Agent does this (no auth header): +curl --proxy http://localhost:10255 \ + "https://api.cloudflare.com/client/v4/accounts/.../tokens/verify" + +# OneCLI intercepts, adds: +# Authorization: Bearer +# Then forwards to Cloudflare +``` + +--- + +## Architecture + +| Component | Technology | +|-----------|------------| +| Gateway/Proxy | Rust (Tokio, Hyper, rustls) | +| Dashboard | Next.js 15 + TypeScript | +| Database | PostgreSQL / PGlite (embedded) | +| ORM | Prisma | +| Encryption | AES-256-GCM (ring crate) | +| Bitwarden Integration | Official Agent Access SDK, Noise protocol | + +**Two-port design:** +- Port 10254: Web dashboard +- Port 10255: HTTPS proxy gateway + +**Bitwarden integration (well-designed):** +- Fetches credentials on-demand by hostname — NOT a full vault sync +- Decryption happens in the Bitwarden desktop app +- Credentials flow via Noise-encrypted channel (end-to-end encrypted) +- OneCLI never stores the master password or vault contents +- Individual credentials cached in memory for 60 seconds, then evicted +- Sessions idle-evict after 30 minutes + +--- + +## What OneCLI Does Well + +1. **Zero-code integration** — `HTTP_PROXY` works with any agent framework immediately +2. **Bitwarden integration** — genuinely well-engineered using official SDK + Noise protocol +3. **Fast onboarding** — `docker run` and operational quickly +4. **Host/path scoped credentials** — blast radius limiting per credential +5. **MITM TLS with dynamic cert generation** — technically solid Rust implementation +6. **Open source (Apache-2.0)** — community trust, auditability + +--- + +## The Fundamental Problem OneCLI Cannot Solve + +### The LLM doesn't know what the proxy will do + +OneCLI has no mechanism to inform the LLM what credentials are available, what services they cover, or what the proxy will inject. For a truly autonomous agent this breaks completely: + +- The agent has no way to discover "I have Cloudflare credentials available" +- The LLM must already know to make unauthenticated requests to specific hosts +- In practice, only works for hardcoded API calls — not autonomous agents + +### Credential theft prevention ≠ access control + +OneCLI prevents an agent from *seeing* the raw API key. It does **not** prevent the agent from *using* it. A compromised or prompt-injected agent can still: +- Delete DNS records +- Charge your credit card via Stripe +- Send emails +- Purge your CDN cache +- Call any API endpoint the credential allows + +The agent has full account access. It just can't exfiltrate the key string. **This is security theater for the actual threat model of 2026 AI agents.** + +### Regex cannot solve intent + +OneCLI's policy rules are host/path pattern matching. "Is this agent allowed to delete DNS records or just read them?" cannot be answered by matching URL patterns. You need to understand what the request *does* in context, against a policy written in plain language. + +Solving this properly requires an LLM inside the policy engine — which OneCLI is not designed for and cannot add without a fundamental architectural overhaul. + +--- + +## Gaps and Weaknesses + +| Gap | Impact | +|-----|--------| +| No FIPS 140-3 validation | Cannot sell to government, healthcare, finance | +| No HSM support | Keys are software-only, no hardware protection | +| No dynamic secrets | Static credentials only, no rotation, no TTL | +| No OAuth 2.0 management | Cannot handle expiring service tokens | +| No audit logging | No compliance trail (open GitHub issue #54) | +| No secret versioning | Overwrite only, no rollback | +| No CLI | Web-only management, no infrastructure-as-code | +| No HA/replication | Single point of failure | +| No native apps | Web dashboard only — no iOS, Android, macOS, Windows, browser extension | +| Requires CA cert installation | Operational burden in every agent container | +| Requires Docker | Not truly dead-simple for individual developers | +| No agent discovery | LLM cannot learn what credentials are available | +| No intent-based policy | Pattern matching cannot understand semantic meaning of API calls | +| Single encryption key | No key hierarchy, no envelope encryption, no rotation | + +**Security notes from code review:** +- `SECRET_ENCRYPTION_KEY` is a single env var — no key hierarchy +- CA private key stored on disk at `~/.local/share/onecli/gateway/ca.key` +- No key rotation mechanism + +--- + +## Where Clavitor Wins + +### Architecture +Clavitor is a **vault**, not a proxy. Agents query for credentials explicitly via authenticated API calls. No traffic interception, no CA cert installation, no MITM. Standard HTTPS. + +```bash +# Clavitor: agent explicitly requests what it needs +curl -H "Authorization: Bearer " \ + "https://vault.clavitor.com/v1/secret/cloudflare-token" +``` + +### The MCP angle — agent discovery +Expose the vault as an MCP server. Agent calls `list_credentials` and receives: "you have access to: Cloudflare (DNS, zones), Gemini (text generation), GitHub (repos)." The agent knows what tools it has. This is what OneCLI fundamentally cannot offer. + +### LLM-in-the-proxy for intent-based policy +The future of credential security is semantic policy evaluation: +- "This agent may read DNS records but not modify them" +- "This agent may send emails but only to addresses in the approved list" +- "This agent may charge up to $50/day via Stripe" + +This requires an LLM evaluating intent at request time. Nobody has built this. Clavitor should. + +### Feature comparison + +| Feature | OneCLI | Clavitor | +|---------|--------|----------| +| FIPS 140-3 | ❌ | ✅ | +| HSM support | ❌ | ✅ | +| Dynamic secrets | ❌ | ✅ | +| OAuth 2.0 management | ❌ | ✅ | +| Audit logging | ❌ | ✅ | +| iOS / Android app | ❌ | ✅ | +| macOS / Windows app | ❌ | ✅ | +| Browser extension | ❌ | ✅ | +| Single binary, no Docker | ❌ | ✅ | +| MCP server (agent discovery) | ❌ | ✅ | +| Intent-based policy (LLM) | ❌ | ✅ (roadmap) | +| SSH keys | ❌ | ✅ | +| TOTP | ❌ | ✅ | +| Secure notes | ❌ | ✅ | +| Secret versioning | ❌ | ✅ | +| No CA cert required | ❌ | ✅ | + +--- + +## Competitive Positioning + +**OneCLI owns:** "Easier than Vault for developers who just want to stop putting API keys in .env files" + +**Clavitor owns:** "The credential infrastructure for agentic systems that actually controls what agents can do" + +**The handoff moment:** When a team using OneCLI hits SOC2, ISO 27001, a healthcare customer, or their first prompt-injection incident — they need Clavitor. + +--- + +## Threat Assessment + +**Threat level: MEDIUM** + +**Why not higher:** +- Single founder + 1 contributor — bus factor risk +- No enterprise sales motion, no security certifications +- MITM architecture is fundamentally wrong for security-conscious enterprises +- Cannot solve the LLM-awareness problem without architectural overhaul + +**Why not lower:** +- Fast developer traction, capturing mindshare +- Bitwarden partnership is a real differentiator for their target market +- Apache-2.0 means Bitwarden, 1Password, or a cloud provider could fork and bundle it +- 600 stars in weeks — community is forming + +**Watch for:** Bitwarden acquisition interest. If Bitwarden buys OneCLI and bundles it into their product, they instantly have distribution to millions of users. + +--- + +## Where Clavitor is Ahead of OneCLI + +### Credential Types +OneCLI supports **API keys only** — injected as HTTP headers. Nothing else. + +Clavitor supports: +- **API keys** — stored, versioned, rotatable +- **SSH keys** — ed25519/RSA keypairs, agent-forwarded auth +- **Secure notes** — encrypted freeform text (passwords, connection strings, anything) +- **TOTP** — generate 2FA codes on demand for agents authenticating to human-facing services + +An agent that needs to SSH into a server, authenticate to a 2FA-protected admin panel, or retrieve a database connection string — OneCLI cannot help. Clavitor can. + +### Security Model +OneCLI prevents credential **theft**. A compromised agent cannot steal the raw API key. + +Clavitor prevents credential **abuse**. A compromised agent cannot use a credential it wasn't explicitly granted. Every access is authenticated, authorized, and audited. + +### No CA Cert Required +OneCLI requires installing a custom CA certificate in every agent container to enable MITM. This breaks standard TLS trust chains and adds operational burden at every deployment. + +Clavitor uses standard HTTPS. No CA cert. No trust chain modification. Works with any HTTP client out of the box. + +### Single Binary +OneCLI requires Docker (or a Node.js + Rust build environment). Clavitor ships as a single Go binary — download, `chmod +x`, run. No container runtime, no compose files, no dependencies. + +### FIPS 140-3 +OneCLI uses AES-256-GCM via the Rust `ring` crate — not FIPS validated. Cannot be deployed in government, healthcare (HIPAA), or financial (PCI-DSS) environments. + +Clavitor is built FIPS-first. This unlocks entire regulated market segments OneCLI cannot touch. + +### Agent Discoverability (MCP) +OneCLI has no mechanism for an LLM to discover what credentials are available. The agent must already know what APIs it has access to. + +Clavitor exposes credentials as an MCP server — agents call `list_credentials` and receive structured capability information. Autonomous agents can self-configure based on what the vault grants them. + +### Intent-Based Policy (Roadmap) +OneCLI policies are regex pattern matching on host/path/method. Cannot distinguish "read DNS record" from "delete DNS record" without explicit path enumeration. + +Clavitor's policy engine evaluates semantic intent using an embedded LLM. Plain-language policies: *"this agent may read but not modify"*, *"charge up to $50/day"*. This is the architectural moat nobody else has. + +--- + +## Related Competitors to Analyze + +- **Aembit** — enterprise agent identity platform (blended human+agent identity) +- **HashiCorp Vault** — enterprise secret management (complex, expensive) +- **1Password Secrets Automation** — credential injection for CI/CD +- **Infisical** — open-source secret management +- **Doppler** — developer-focused secret management diff --git a/docs/FEATURE-GRID.md b/docs/FEATURE-GRID.md new file mode 100644 index 0000000..878769c --- /dev/null +++ b/docs/FEATURE-GRID.md @@ -0,0 +1,94 @@ +# Credential & Secret Management — Feature Grid + +*Last updated: March 25, 2026* + +Target audience: AI agent era. Rows marked 🤖 are agent-specific capabilities. + +--- + +## Grid + +| Feature | 1Password | Bitwarden | Vaultwarden | OneCLI | HashiCorp Vault | Infisical | Doppler | Aembit | **Clavitor** | +|---------|-----------|-----------|-------------|--------|-----------------|-----------|---------|--------|--------------| +| **CREDENTIAL TYPES** | +| API keys | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | +| SSH keys | ✅ | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | +| TOTP / 2FA codes | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | +| Secure notes | ✅ | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | +| Passwords / logins | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | +| Credit cards / IDs | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | 🗓️ | +| Dynamic secrets | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ✅ | 🗓️ | +| **AGENT CAPABILITIES** 🤖 | +| Designed for AI agents | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | +| MCP server (agent discovery) | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | +| Per-agent identity tokens | ❌ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | +| Proxy mode (HTTP_PROXY) | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | 🗓️ | +| Agent info hiding (can use, can't read) | ❌ | ❌ | ❌ | ⚠️ | ⚠️ | ❌ | ❌ | ✅ | ✅ | +| Intent-based policy (LLM) | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ⚠️ | 🗓️ | +| Workload identity (OIDC/SPIFFE) | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ✅ | 🗓️ | +| **SECURITY** | +| FIPS 140-3 | ⚠️ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | +| HSM support | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | 🗓️ | +| End-to-end encrypted | ✅ | ✅ | ✅ | ⚠️ | ❌ | ⚠️ | ❌ | ❌ | ✅ | +| Zero-knowledge architecture | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | +| Audit logging | ✅ | ✅ | ⚠️ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | +| Secret versioning | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | +| Secret rotation | ⚠️ | ❌ | ❌ | ❌ | ✅ | ⚠️ | ⚠️ | ✅ | 🗓️ | +| **DEPLOYMENT** | +| Self-hostable | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | +| Single binary | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | +| Docker required | N/A | ⚠️ | ⚠️ | ✅ | ✅ | ✅ | N/A | N/A | ❌ | +| Open source | ❌ | ✅ | ✅ | ✅ | ⚠️ | ✅ | ❌ | ❌ | ✅ | +| Multi-tenant | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | 🗓️ | +| **HUMAN SURFACES** | +| iOS app | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | 🗓️ | +| Android app | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | 🗓️ | +| macOS app | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | 🗓️ | +| Windows app | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | 🗓️ | +| Browser extension | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | 🗓️ | +| Web dashboard | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | 🗓️ | +| CLI | ✅ | ✅ | ✅ | ⚠️ | ✅ | ✅ | ✅ | ✅ | ✅ | +| **INTEGRATIONS** | +| CI/CD native | ⚠️ | ⚠️ | ❌ | ❌ | ✅ | ✅ | ✅ | ⚠️ | 🗓️ | +| Kubernetes operator | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | 🗓️ | +| External vault backend | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | 🗓️ | +| **DEPLOYMENT** | +| Hosted (cloud) | ✅ | ✅ | ❌ | 🗓️ | ✅ | ✅ | ✅ | ✅ | ✅ (POPs) | +| Self-hosted | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | +| **PRICING** | +| Free tier | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ⚠️ | ❌ | ❓ | +| Price / year | ~$36/u | $10/u | Free | Free | Free–$$$$$ | Free–$96/u | $120+/u | Enterprise | **$12 flat** | + +--- + +## Legend + +| Symbol | Meaning | +|--------|---------| +| ✅ | Supported | +| ❌ | Not supported | +| ⚠️ | Partial / limited | +| 🗓️ | Clavitor roadmap | +| N/A | Not applicable | + +--- + +## Notes + +**1Password:** Best human UX in the market. No agent story. FIPS only via gov.1password.com (US gov offering). Strong browser extension and desktop apps. + +**Bitwarden:** Open source, E2E encrypted, strong community. No agent capabilities. Self-hosted via their official server. + +**Vaultwarden:** Unofficial Rust reimplementation of Bitwarden server. Single binary, lightweight. Ideal self-hosted alternative. No official support. + +**OneCLI:** Only product (besides Aembit/Clavitor) designed for AI agents. Proxy-only — no vault for humans. No SSH, TOTP, or notes. Audit logging is an open feature request. + +**HashiCorp Vault:** Enterprise gold standard. FIPS validated, HSM support, dynamic secrets, Kubernetes-native. Extremely complex to operate. BSL license (not truly open source since 2023). Overkill for most teams. + +**Infisical:** Open-source secret management for dev teams. Strong CI/CD integrations. No agent story. Good alternative to Doppler. + +**Doppler:** SaaS-only, developer-focused, great DX for injecting secrets into apps at runtime. No self-hosted. No agent capabilities. + +**Aembit:** Enterprise agent identity platform. Blended human+agent identity model. SPIFFE/OIDC workload identity. Expensive, enterprise sales motion. No human vault (credential storage) — purely identity/policy. + +**Clavitor:** Only product combining human vault (all credential types) + agent-native design + MCP server + single binary + FIPS + $12/yr pricing. Unique position: the vault that works for both humans and their agents. diff --git a/operations/pop-sync/go.mod b/operations/pop-sync/go.mod new file mode 100644 index 0000000..1ed5cae --- /dev/null +++ b/operations/pop-sync/go.mod @@ -0,0 +1,17 @@ +module clavitor.ai/pop-sync + +go 1.26.1 + +require ( + github.com/dustin/go-humanize v1.0.1 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect + github.com/mattn/go-sqlite3 v1.14.37 // indirect + github.com/ncruces/go-strftime v1.0.0 // indirect + github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect + golang.org/x/sys v0.42.0 // indirect + modernc.org/libc v1.70.0 // indirect + modernc.org/mathutil v1.7.1 // indirect + modernc.org/memory v1.11.0 // indirect + modernc.org/sqlite v1.47.0 // indirect +) diff --git a/operations/pop-sync/go.sum b/operations/pop-sync/go.sum new file mode 100644 index 0000000..3a5ec9a --- /dev/null +++ b/operations/pop-sync/go.sum @@ -0,0 +1,23 @@ +github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= +github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-sqlite3 v1.14.37 h1:3DOZp4cXis1cUIpCfXLtmlGolNLp2VEqhiB/PARNBIg= +github.com/mattn/go-sqlite3 v1.14.37/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= +github.com/ncruces/go-strftime v1.0.0 h1:HMFp8mLCTPp341M/ZnA4qaf7ZlsbTc+miZjCLOFAw7w= +github.com/ncruces/go-strftime v1.0.0/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls= +github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE= +github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= +golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= +modernc.org/libc v1.70.0 h1:U58NawXqXbgpZ/dcdS9kMshu08aiA6b7gusEusqzNkw= +modernc.org/libc v1.70.0/go.mod h1:OVmxFGP1CI/Z4L3E0Q3Mf1PDE0BucwMkcXjjLntvHJo= +modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU= +modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg= +modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI= +modernc.org/memory v1.11.0/go.mod h1:/JP4VbVC+K5sU2wZi9bHoq2MAkCnrt2r98UGeSK7Mjw= +modernc.org/sqlite v1.47.0 h1:R1XyaNpoW4Et9yly+I2EeX7pBza/w+pmYee/0HJDyKk= +modernc.org/sqlite v1.47.0/go.mod h1:hWjRO6Tj/5Ik8ieqxQybiEOUXy0NJFNp2tpvVpKlvig= diff --git a/operations/pop-sync/main.go b/operations/pop-sync/main.go new file mode 100644 index 0000000..6e64862 --- /dev/null +++ b/operations/pop-sync/main.go @@ -0,0 +1,1252 @@ +package main + +import ( + "bytes" + "database/sql" + "encoding/json" + "fmt" + "io" + "net/http" + "os" + "os/exec" + "path/filepath" + "strings" + "sync" + "time" + + _ "modernc.org/sqlite" +) + +// --------------------------------------------------------------------------- +// pop-sync — Clavitor fleet management tool +// +// Subcommands: +// sync Reconcile DNS + Tailscale to match the pops DB +// deploy Build clovis-vault for arm64, push to all live nodes, restart +// status Health-check all live nodes (Tailscale reachable, service up) +// exec Run a shell command on all (or specific) live nodes +// +// Designed for both human and agent use: +// --json Machine-readable JSON output +// Exit 0 Everything OK +// Exit 1 Partial failure (some nodes failed) +// Exit 2 Fatal / config error +// --------------------------------------------------------------------------- + +// --- Types --- + +type POP struct { + PopID int `json:"pop_id"` + City string `json:"city"` + Country string `json:"country"` + RegionName string `json:"region_name"` + IP string `json:"ip"` + DNS string `json:"dns"` + Status string `json:"status"` + Provider string `json:"provider"` + InstanceID string `json:"instance_id"` +} + +func (p POP) Subdomain() string { + parts := strings.SplitN(p.DNS, ".", 2) + if len(parts) > 0 { + return parts[0] + } + return "" +} + +func (p POP) Zone() string { + parts := strings.SplitN(p.DNS, ".", 2) + if len(parts) == 2 { + return parts[1] + } + return "" +} + +type Config struct { + DBPath string + CFToken string + TSKey string + TSAuthKey string + HansHost string + DryRun bool + JSONOut bool + Zone string + CFZoneID string + VaultSrc string // path to clovis-vault source + Nodes string // comma-separated node filter (empty = all) +} + +type NodeResult struct { + Node string `json:"node"` + Action string `json:"action"` + OK bool `json:"ok"` + Message string `json:"message,omitempty"` + Error string `json:"error,omitempty"` +} + +// --- Main --- + +func main() { + if len(os.Args) < 2 { + printUsage() + os.Exit(2) + } + + cmd := os.Args[1] + // Shift args so flags work after subcommand + os.Args = append(os.Args[:1], os.Args[2:]...) + + cfg, remaining := parseFlags() + + switch cmd { + case "sync": + exitWith(cmdSync(cfg)) + case "deploy": + exitWith(cmdDeploy(cfg)) + case "status": + exitWith(cmdStatus(cfg)) + case "exec": + if len(remaining) == 0 { + fatal("usage: pop-sync exec ") + } + exitWith(cmdExec(cfg, strings.Join(remaining, " "))) + case "maintenance": + if len(remaining) == 0 { + fatal("usage: pop-sync maintenance [reason]") + } + cmdMaintenance(cfg, remaining) + case "help", "--help", "-h": + printUsage() + default: + fmt.Fprintf(os.Stderr, "unknown command: %s\n", cmd) + printUsage() + os.Exit(2) + } +} + +func printUsage() { + fmt.Println(`pop-sync — Clavitor fleet management + +Commands: + sync Reconcile DNS + Tailscale with pops DB (create, update, delete) + deploy Build clovis-vault (arm64), deploy to all live nodes, restart service + status Health-check all live nodes (reachable, service running, version) + exec Run a command on live nodes: pop-sync exec + maintenance Toggle maintenance mode: pop-sync maintenance on "fleet deploy" + +Flags: + -db Path to clavitor.db (default: ../clavitor.com/clavitor.db) + -cf-token Cloudflare API token (or CF_API_TOKEN env) + -ts-key Tailscale API key (or TS_API_KEY env) + -ts-authkey Tailscale auth key for joining new nodes (or TS_AUTHKEY env) + -hans SSH target for Hans/SSM relay (default: johan@185.218.204.47) + -vault-src Path to clovis-vault source (default: ../clovis/clovis-vault) + -zone DNS zone (default: clavitor.ai) + -nodes Comma-separated node filter, e.g. "use1,sg1" (default: all) + -dry-run Show what would change without doing it + -json Output results as JSON (agent-friendly) + +Examples: + pop-sync sync --dry-run + pop-sync deploy + pop-sync status --json + pop-sync exec "systemctl status clavitor" + pop-sync exec -nodes use1,sg1 "journalctl -u clavitor -n 20"`) +} + +func parseFlags() (Config, []string) { + cfg := Config{} + var remaining []string + + for i := 1; i < len(os.Args); i++ { + arg := os.Args[i] + if !strings.HasPrefix(arg, "-") { + remaining = append(remaining, arg) + continue + } + next := func() string { + if i+1 < len(os.Args) { + i++ + return os.Args[i] + } + fatal("missing value for %s", arg) + return "" + } + switch arg { + case "-db": + cfg.DBPath = next() + case "-cf-token": + cfg.CFToken = next() + case "-ts-key": + cfg.TSKey = next() + case "-ts-authkey": + cfg.TSAuthKey = next() + case "-hans": + cfg.HansHost = next() + case "-vault-src": + cfg.VaultSrc = next() + case "-zone": + cfg.Zone = next() + case "-cf-zone-id": + cfg.CFZoneID = next() + case "-nodes": + cfg.Nodes = next() + case "-dry-run", "--dry-run": + cfg.DryRun = true + case "-json", "--json": + cfg.JSONOut = true + default: + remaining = append(remaining, arg) + } + } + + // Defaults + if cfg.DBPath == "" { + cfg.DBPath = "../clavitor.com/clavitor.db" + } + if cfg.CFToken == "" { + cfg.CFToken = os.Getenv("CF_API_TOKEN") + } + if cfg.TSKey == "" { + cfg.TSKey = os.Getenv("TS_API_KEY") + } + if cfg.TSAuthKey == "" { + cfg.TSAuthKey = os.Getenv("TS_AUTHKEY") + } + if cfg.HansHost == "" { + cfg.HansHost = "johan@185.218.204.47" + } + if cfg.VaultSrc == "" { + cfg.VaultSrc = "../clovis/clovis-vault" + } + if cfg.Zone == "" { + cfg.Zone = "clavitor.ai" + } + + return cfg, remaining +} + +func exitWith(results []NodeResult) { + hasFailure := false + for _, r := range results { + if !r.OK { + hasFailure = true + break + } + } + if hasFailure { + os.Exit(1) + } +} + +// --- Subcommand: sync --- + +func cmdSync(cfg Config) []NodeResult { + requireKeys(cfg, "cf", "ts") + + pops := loadLivePOPs(cfg) + log(cfg, "DB: %d live POPs with DNS+IP", len(pops)) + + if cfg.CFZoneID == "" { + var err error + cfg.CFZoneID, err = cfResolveZoneID(cfg.CFToken, cfg.Zone) + if err != nil { + fatal("resolving zone: %v", err) + } + } + + var results []NodeResult + + // DNS sync + log(cfg, "\n--- Cloudflare DNS ---") + dnsResults := syncDNS(cfg, pops) + results = append(results, dnsResults...) + + // Tailscale sync + log(cfg, "\n--- Tailscale ---") + tsResults := syncTailscale(cfg, pops) + results = append(results, tsResults...) + + outputResults(cfg, results) + return results +} + +// --- Subcommand: deploy --- + +func cmdDeploy(cfg Config) []NodeResult { + pops := filterNodes(cfg, loadLivePOPs(cfg)) + if len(pops) == 0 { + fatal("no live nodes to deploy to") + } + + // Step 1: Build + log(cfg, "--- Build ---") + binaryPath := buildVault(cfg) + log(cfg, "Built: %s", binaryPath) + + if cfg.DryRun { + var results []NodeResult + for _, p := range pops { + results = append(results, NodeResult{Node: p.Subdomain(), Action: "deploy", OK: true, Message: "would deploy"}) + } + outputResults(cfg, results) + return results + } + + // Step 2: Upload binary to Hans and serve it temporarily via HTTP + log(cfg, "\n--- Deploy to %d nodes ---", len(pops)) + hansDir := "/tmp/clavitor-serve" + hansFile := hansDir + "/clavitor" + log(cfg, "Uploading binary to Hans...") + sshExec(cfg.HansHost, "mkdir -p "+hansDir) + if err := scpToHost(cfg.HansHost, binaryPath, hansFile); err != nil { + fatal("scp to hans: %v", err) + } + + // Start a temporary HTTP server on Hans (port 9876) + log(cfg, "Starting temporary file server on Hans:9876...") + sshExec(cfg.HansHost, "pkill -f 'http.server 9876' 2>/dev/null; exit 0") + sshExec(cfg.HansHost, "sudo iptables -I INPUT -p tcp --dport 9876 -j ACCEPT") + time.Sleep(500 * time.Millisecond) + sshBackground(cfg.HansHost, fmt.Sprintf( + "cd %s && exec python3 -m http.server 9876 --bind 0.0.0.0 >/dev/null 2>&1", hansDir)) + time.Sleep(2 * time.Second) + hansPublicIP := "185.218.204.47" + downloadURL := fmt.Sprintf("http://%s:9876/clavitor", hansPublicIP) + + results := parallelExec(pops, 4, func(p POP) NodeResult { + name := p.Subdomain() + r := NodeResult{Node: name, Action: "deploy"} + + if p.InstanceID == "" { + r.Error = "no instance_id — cannot deploy via SSM" + return r + } + + log(cfg, " [%s] deploying via SSM...", name) + + installCmds := []string{ + "mkdir -p /opt/clavitor/bin /opt/clavitor/data", + fmt.Sprintf("curl -sf -o /tmp/clavitor-new %s", downloadURL), + "mv /tmp/clavitor-new /opt/clavitor/bin/clavitor", + "chmod +x /opt/clavitor/bin/clavitor", + + `test -f /opt/clavitor/env || cat > /opt/clavitor/env << 'ENVEOF' +PORT=1984 +VAULT_MODE=hosted +DATA_DIR=/opt/clavitor/data +TELEMETRY_FREQ=30 +TELEMETRY_HOST=https://zurich.tailca1a1e.ts.net:9999/telemetry +TELEMETRY_TOKEN=clavitor-fleet-2026 +ENVEOF`, + + `test -f /etc/systemd/system/clavitor.service || cat > /etc/systemd/system/clavitor.service << 'UNITEOF' +[Unit] +Description=Clavitor Vault +After=network-online.target +Wants=network-online.target + +[Service] +Type=simple +ExecStart=/opt/clavitor/bin/clavitor +EnvironmentFile=/opt/clavitor/env +WorkingDirectory=/opt/clavitor/data +Restart=always +RestartSec=5 +User=root + +[Install] +WantedBy=multi-user.target +UNITEOF`, + + "systemctl daemon-reload", + "systemctl enable clavitor", + "systemctl restart clavitor", + "sleep 2", + "systemctl is-active clavitor", + } + + out, err := ssmRunCommand(cfg.HansHost, p.InstanceID, p.RegionName, installCmds) + if err != nil { + r.Error = fmt.Sprintf("deploy: %v\n%s", err, out) + log(cfg, " [%s] FAIL: %v", name, err) + return r + } + + r.OK = true + r.Message = strings.TrimSpace(out) + log(cfg, " [%s] %s", name, r.Message) + return r + }) + + // Kill the temp HTTP server, close firewall, clean up + sshExec(cfg.HansHost, "pkill -f 'http.server 9876' 2>/dev/null; exit 0") + sshExec(cfg.HansHost, "sudo iptables -D INPUT -p tcp --dport 9876 -j ACCEPT 2>/dev/null; exit 0") + sshExec(cfg.HansHost, "rm -rf "+hansDir) + + outputResults(cfg, results) + return results +} + +func buildVault(cfg Config) string { + srcDir, _ := filepath.Abs(cfg.VaultSrc) + outPath := filepath.Join(srcDir, "clavitor-linux-arm64") + + cmd := exec.Command("go", "build", "-o", outPath, "./cmd/clavitor") + cmd.Dir = srcDir + cmd.Env = append(os.Environ(), + "GOOS=linux", + "GOARCH=arm64", + "CGO_ENABLED=0", + ) + + out, err := cmd.CombinedOutput() + if err != nil { + fatal("build failed: %v\n%s", err, string(out)) + } + return outPath +} + +// --- Subcommand: status --- + +func cmdStatus(cfg Config) []NodeResult { + pops := filterNodes(cfg, loadLivePOPs(cfg)) + log(cfg, "Checking %d nodes...\n", len(pops)) + + statusCmd := "echo SERVICE=$(systemctl is-active clavitor 2>/dev/null || echo stopped); echo HOST=$(hostname); uptime -p 2>/dev/null; echo TS=$(tailscale ip -4 2>/dev/null || echo none)" + + results := parallelExec(pops, 4, func(p POP) NodeResult { + name := p.Subdomain() + r := NodeResult{Node: name, Action: "status"} + + out, err := nodeExec(cfg, p, statusCmd) + if err != nil { + r.Error = fmt.Sprintf("unreachable: %v", err) + log(cfg, " FAIL %s — %v", name, err) + return r + } + + r.OK = true + r.Message = strings.TrimSpace(out) + log(cfg, " OK %s — %s", name, oneLineStatus(out)) + return r + }) + + outputResults(cfg, results) + return results +} + +// --- Subcommand: exec --- + +func cmdExec(cfg Config, command string) []NodeResult { + pops := filterNodes(cfg, loadLivePOPs(cfg)) + log(cfg, "Running on %d nodes: %s\n", len(pops), command) + + results := parallelExec(pops, 4, func(p POP) NodeResult { + name := p.Subdomain() + r := NodeResult{Node: name, Action: "exec"} + + out, err := nodeExec(cfg, p, command) + if err != nil { + r.Error = fmt.Sprintf("%v\n%s", err, out) + log(cfg, "--- %s (FAIL) ---\n%s\n%v", name, out, err) + return r + } + + r.OK = true + r.Message = strings.TrimSpace(out) + log(cfg, "--- %s ---\n%s", name, r.Message) + return r + }) + + outputResults(cfg, results) + return results +} + +// --- Subcommand: maintenance --- + +func cmdMaintenance(cfg Config, args []string) { + action := args[0] + reason := "" + if len(args) > 1 { + reason = strings.Join(args[1:], " ") + } + + by := "pop-sync" + if user := os.Getenv("USER"); user != "" { + by = "pop-sync/" + user + } + + switch action { + case "on", "start": + body, _ := json.Marshal(map[string]string{"action": "start", "reason": reason, "by": by}) + req, _ := http.NewRequest("POST", "https://clavitor.ai/noc/api/maintenance?pin=250365", bytes.NewReader(body)) + req.Header.Set("Content-Type", "application/json") + resp, err := http.DefaultClient.Do(req) + if err != nil { + fatal("maintenance start: %v", err) + } + defer resp.Body.Close() + io.ReadAll(resp.Body) + log(cfg, "Maintenance ON: %s (by %s)", reason, by) + + case "off", "stop": + body, _ := json.Marshal(map[string]string{"action": "stop", "reason": reason, "by": by}) + req, _ := http.NewRequest("POST", "https://clavitor.ai/noc/api/maintenance?pin=250365", bytes.NewReader(body)) + req.Header.Set("Content-Type", "application/json") + resp, err := http.DefaultClient.Do(req) + if err != nil { + fatal("maintenance stop: %v", err) + } + defer resp.Body.Close() + io.ReadAll(resp.Body) + log(cfg, "Maintenance OFF (by %s)", by) + + case "status": + resp, err := http.Get("https://clavitor.ai/noc/api/maintenance?pin=250365") + if err != nil { + fatal("maintenance status: %v", err) + } + defer resp.Body.Close() + data, _ := io.ReadAll(resp.Body) + if cfg.JSONOut { + fmt.Println(string(data)) + } else { + var result struct { + Active bool `json:"active"` + Windows []struct { + StartAt int64 `json:"start_at"` + EndAt *int64 `json:"end_at"` + Reason string `json:"reason"` + StartBy string `json:"started_by"` + EndBy string `json:"ended_by"` + } `json:"windows"` + } + json.Unmarshal(data, &result) + if result.Active { + fmt.Println("MAINTENANCE ACTIVE") + } else { + fmt.Println("No active maintenance") + } + for _, w := range result.Windows { + end := "ongoing" + if w.EndAt != nil { + end = time.Unix(*w.EndAt, 0).Format("2006-01-02 15:04:05") + } + fmt.Printf(" %s — %s %q by=%s\n", + time.Unix(w.StartAt, 0).Format("2006-01-02 15:04:05"), + end, w.Reason, w.StartBy) + } + } + + default: + fatal("usage: pop-sync maintenance [reason]") + } +} + +// --- Node execution: Tailscale SSH with SSM fallback --- + +// nodeExec runs a command on a node, trying Tailscale SSH first, falling back to SSM. +func nodeExec(cfg Config, pop POP, command string) (string, error) { + out, err := tsSshExec(pop.Subdomain(), command) + if err == nil { + return out, nil + } + + // Tailscale SSH failed — fall back to SSM if we have instance_id + if pop.InstanceID != "" { + log(cfg, " [%s] TS SSH failed, falling back to SSM...", pop.Subdomain()) + return ssmRunCommand(cfg.HansHost, pop.InstanceID, pop.RegionName, []string{command}) + } + return out, err +} + +// nodePushFile copies a local file to a node, trying SCP (Tailscale) first, falling back to SSM+S3-less transfer via Hans. +func nodePushFile(cfg Config, pop POP, localPath, remotePath string) error { + err := scpToNode(pop.Subdomain(), localPath, remotePath) + if err == nil { + return nil + } + + // Tailscale SCP failed — fall back: SCP to Hans, then Hans SCPs to node's public IP + if pop.InstanceID != "" && pop.IP != "" { + log(cfg, " [%s] TS SCP failed, falling back via Hans...", pop.Subdomain()) + hansPath := fmt.Sprintf("/tmp/clavitor-deploy-%s", pop.Subdomain()) + + // Upload to Hans + if err := scpToHost(cfg.HansHost, localPath, hansPath); err != nil { + return fmt.Errorf("scp to hans: %w", err) + } + + // Hans pushes to node via SSM (base64 chunks for small files, or just curl from Hans if reachable) + // For a 14MB binary, use Hans → node SCP via public IP with SSM to temporarily allow it + // Simplest: have the node pull from Hans via Tailscale + pullCmd := fmt.Sprintf("scp -o StrictHostKeyChecking=no -o ConnectTimeout=10 %s:%s %s", + cfg.HansHost, hansPath, remotePath) + _, err := ssmRunCommand(cfg.HansHost, pop.InstanceID, pop.RegionName, []string{pullCmd}) + // Clean up + sshExec(cfg.HansHost, "rm -f "+hansPath) + return err + } + return err +} + +func tsSshExec(hostname, command string) (string, error) { + cmd := exec.Command("ssh", + "-o", "StrictHostKeyChecking=no", + "-o", "ConnectTimeout=5", + "-o", "UserKnownHostsFile=/dev/null", + "-o", "LogLevel=ERROR", + "root@"+hostname, + command, + ) + var stdout, stderr bytes.Buffer + cmd.Stdout = &stdout + cmd.Stderr = &stderr + err := cmd.Run() + if err != nil { + return stdout.String() + stderr.String(), err + } + return stdout.String(), nil +} + +func scpToNode(hostname, localPath, remotePath string) error { + cmd := exec.Command("scp", + "-o", "StrictHostKeyChecking=no", + "-o", "ConnectTimeout=5", + "-o", "UserKnownHostsFile=/dev/null", + "-o", "LogLevel=ERROR", + localPath, + "root@"+hostname+":"+remotePath, + ) + out, err := cmd.CombinedOutput() + if err != nil { + return fmt.Errorf("%v: %s", err, string(out)) + } + return nil +} + +func scpToHost(host, localPath, remotePath string) error { + cmd := exec.Command("scp", + "-o", "StrictHostKeyChecking=no", + "-o", "ConnectTimeout=10", + localPath, + host+":"+remotePath, + ) + out, err := cmd.CombinedOutput() + if err != nil { + return fmt.Errorf("%v: %s", err, string(out)) + } + return nil +} + +// --- SSM (for bootstrap only, before Tailscale is available) --- + +func ssmBootstrapTailscale(cfg Config, pop POP) error { + hostname := pop.Subdomain() + region := pop.RegionName + + log(cfg, " Installing Tailscale...") + out, err := ssmRunCommand(cfg.HansHost, pop.InstanceID, region, []string{ + "command -v tailscale >/dev/null 2>&1 && echo 'already installed' && exit 0", + "curl -fsSL https://tailscale.com/install.sh | sh", + }) + if err != nil { + return fmt.Errorf("install tailscale: %w", err) + } + log(cfg, " %s", lastLines(out, 2)) + + log(cfg, " Joining tailnet as %s...", hostname) + out, err = ssmRunCommand(cfg.HansHost, pop.InstanceID, region, []string{ + "systemctl enable --now tailscaled 2>/dev/null || true", + "sleep 2", + fmt.Sprintf("tailscale up --authkey=%s --hostname=%s --ssh --reset", cfg.TSAuthKey, hostname), + "tailscale ip -4", + }) + if err != nil { + return fmt.Errorf("join tailnet: %w", err) + } + log(cfg, " TS IP: %s", strings.TrimSpace(out)) + + log(cfg, " Setting hostname...") + _, _ = ssmRunCommand(cfg.HansHost, pop.InstanceID, region, []string{ + fmt.Sprintf("hostnamectl set-hostname %s", hostname), + fmt.Sprintf("grep -q '%s' /etc/hosts || echo '127.0.1.1 %s %s.%s' >> /etc/hosts", hostname, hostname, hostname, cfg.Zone), + }) + + return nil +} + +func ssmRunCommand(hansHost, instanceID, region string, commands []string) (string, error) { + params := map[string][]string{"commands": commands} + paramsJSON, _ := json.Marshal(params) + + tmpFile := fmt.Sprintf("/tmp/ssm-%s-%d.json", instanceID, time.Now().UnixNano()) + writeCmd := fmt.Sprintf("cat > %s << 'SSMEOF'\n%s\nSSMEOF", tmpFile, string(paramsJSON)) + if _, err := sshExec(hansHost, writeCmd); err != nil { + return "", fmt.Errorf("writing params: %w", err) + } + + ssmCmd := fmt.Sprintf( + `aws ssm send-command --instance-ids %s --document-name AWS-RunShellScript --region %s --parameters file://%s --query Command.CommandId --output text && rm -f %s`, + instanceID, region, tmpFile, tmpFile, + ) + cmdID, err := sshExec(hansHost, ssmCmd) + if err != nil { + sshExec(hansHost, "rm -f "+tmpFile) + return "", fmt.Errorf("send-command: %w\n%s", err, cmdID) + } + cmdID = strings.TrimSpace(cmdID) + if cmdID == "" { + return "", fmt.Errorf("empty command ID returned") + } + + for i := 0; i < 36; i++ { + time.Sleep(5 * time.Second) + pollCmd := fmt.Sprintf( + `aws ssm get-command-invocation --command-id %s --instance-id %s --region %s --query '[Status,StandardOutputContent,StandardErrorContent]' --output text 2>/dev/null`, + cmdID, instanceID, region, + ) + result, err := sshExec(hansHost, pollCmd) + if err != nil { + continue + } + parts := strings.SplitN(strings.TrimSpace(result), "\t", 3) + if len(parts) < 1 { + continue + } + switch parts[0] { + case "Success": + stdout := "" + if len(parts) >= 2 { + stdout = parts[1] + } + return stdout, nil + case "Failed": + stderr := "" + if len(parts) >= 3 { + stderr = parts[2] + } + return "", fmt.Errorf("command failed: %s", stderr) + } + } + return "", fmt.Errorf("timeout waiting for SSM command %s", cmdID) +} + +// sshBackground starts a command on a remote host via SSH, forking to background. +func sshBackground(host, command string) { + exec.Command("ssh", "-f", "-o", "StrictHostKeyChecking=no", "-o", "ConnectTimeout=10", host, command).Run() +} + +func sshExec(host, command string) (string, error) { + cmd := exec.Command("ssh", "-o", "StrictHostKeyChecking=no", "-o", "ConnectTimeout=10", host, command) + var stdout, stderr bytes.Buffer + cmd.Stdout = &stdout + cmd.Stderr = &stderr + err := cmd.Run() + if err != nil { + return stdout.String() + stderr.String(), err + } + return stdout.String(), nil +} + +// --- DNS sync --- + +func syncDNS(cfg Config, pops []POP) []NodeResult { + records, err := cfListRecords(cfg.CFToken, cfg.CFZoneID) + if err != nil { + fatal("listing DNS records: %v", err) + } + + existing := map[string]cfDNSRecord{} + protected := map[string]bool{cfg.Zone: true, "www." + cfg.Zone: true} + for _, r := range records { + if r.Type == "A" && !protected[r.Name] { + existing[r.Name] = r + } + } + + desired := map[string]POP{} + for _, p := range pops { + if p.Zone() == cfg.Zone { + desired[p.DNS] = p + } + } + + var results []NodeResult + + for fqdn, pop := range desired { + r := NodeResult{Node: pop.Subdomain(), Action: "dns"} + if rec, ok := existing[fqdn]; ok { + if rec.Content == pop.IP { + r.OK = true + r.Message = fmt.Sprintf("%s -> %s", fqdn, pop.IP) + log(cfg, " OK %s -> %s", fqdn, pop.IP) + } else { + if !cfg.DryRun { + if err := cfUpdateRecord(cfg.CFToken, cfg.CFZoneID, rec.ID, fqdn, pop.IP); err != nil { + r.Error = err.Error() + } else { + r.OK = true + } + } + r.Message = fmt.Sprintf("updated %s -> %s (was %s)", fqdn, pop.IP, rec.Content) + log(cfg, " UPD %s: %s -> %s", fqdn, rec.Content, pop.IP) + } + delete(existing, fqdn) + } else { + if !cfg.DryRun { + if err := cfCreateRecord(cfg.CFToken, cfg.CFZoneID, fqdn, pop.IP); err != nil { + r.Error = err.Error() + } else { + r.OK = true + } + } + r.Message = fmt.Sprintf("created %s -> %s", fqdn, pop.IP) + log(cfg, " ADD %s -> %s", fqdn, pop.IP) + } + results = append(results, r) + } + + for fqdn, rec := range existing { + sub := strings.TrimSuffix(fqdn, "."+cfg.Zone) + if sub == fqdn || isKnownNonPOP(sub) { + continue + } + r := NodeResult{Node: sub, Action: "dns-delete"} + if !cfg.DryRun { + if err := cfDeleteRecord(cfg.CFToken, cfg.CFZoneID, rec.ID); err != nil { + r.Error = err.Error() + } else { + r.OK = true + } + } + r.Message = fmt.Sprintf("deleted %s (%s)", fqdn, rec.Content) + log(cfg, " DEL %s (%s)", fqdn, rec.Content) + results = append(results, r) + } + + return results +} + +func isKnownNonPOP(sub string) bool { + skip := map[string]bool{ + "dev": true, "soc": true, "api": true, "mail": true, + "mx": true, "ns1": true, "ns2": true, "status": true, + } + return skip[sub] +} + +// --- Tailscale sync --- + +func syncTailscale(cfg Config, pops []POP) []NodeResult { + devices, err := tsListDevices(cfg.TSKey) + if err != nil { + fatal("listing Tailscale devices: %v", err) + } + + desired := map[string]POP{} + for _, p := range pops { + if sub := p.Subdomain(); sub != "" { + desired[sub] = p + } + } + + devicesByHostname := map[string][]tsDevice{} + for _, d := range devices { + devicesByHostname[d.Hostname] = append(devicesByHostname[d.Hostname], d) + } + + var results []NodeResult + + for sub, pop := range desired { + r := NodeResult{Node: sub, Action: "tailscale"} + if devs, ok := devicesByHostname[sub]; ok && len(devs) > 0 { + tsIP := "" + if len(devs[0].Addresses) > 0 { + tsIP = devs[0].Addresses[0] + } + r.OK = true + r.Message = fmt.Sprintf("TS:%s public:%s", tsIP, pop.IP) + log(cfg, " OK %s — %s (TS: %s, public: %s)", sub, pop.City, tsIP, pop.IP) + delete(devicesByHostname, sub) + } else { + if pop.InstanceID != "" && cfg.TSAuthKey != "" && !cfg.DryRun { + log(cfg, " JOIN %s — %s via SSM (%s in %s)...", sub, pop.City, pop.InstanceID, pop.RegionName) + if err := ssmBootstrapTailscale(cfg, pop); err != nil { + r.Error = err.Error() + log(cfg, " ERR: %v", err) + } else { + r.OK = true + r.Message = "joined via SSM" + log(cfg, " Joined tailnet as %s", sub) + } + } else if pop.InstanceID != "" && cfg.TSAuthKey != "" { + r.Message = fmt.Sprintf("would SSM bootstrap %s in %s", pop.InstanceID, pop.RegionName) + log(cfg, " JOIN %s — %s (would bootstrap)", sub, pop.City) + } else if pop.InstanceID != "" { + r.Error = "no -ts-authkey provided" + log(cfg, " MISSING %s — needs -ts-authkey", sub) + } else { + r.Error = "no instance_id, cannot auto-join" + log(cfg, " MISSING %s — no instance_id", sub) + } + } + results = append(results, r) + } + + for hostname, devs := range devicesByHostname { + for _, d := range devs { + if !isInfraDevice(d) { + continue + } + r := NodeResult{Node: hostname, Action: "tailscale-delete"} + if !cfg.DryRun { + if err := tsDeleteDevice(cfg.TSKey, d.ID); err != nil { + r.Error = err.Error() + } else { + r.OK = true + r.Message = "removed stale device" + } + } else { + r.Message = "would remove stale device" + } + log(cfg, " STALE %s — removed", hostname) + results = append(results, r) + } + } + + return results +} + +func isInfraDevice(d tsDevice) bool { + return strings.Contains(d.Name, "tagged-") +} + +// --- Parallel execution --- + +func parallelExec(pops []POP, workers int, fn func(POP) NodeResult) []NodeResult { + ch := make(chan POP, len(pops)) + for _, p := range pops { + ch <- p + } + close(ch) + + var mu sync.Mutex + var results []NodeResult + var wg sync.WaitGroup + + for i := 0; i < workers && i < len(pops); i++ { + wg.Add(1) + go func() { + defer wg.Done() + for p := range ch { + r := fn(p) + mu.Lock() + results = append(results, r) + mu.Unlock() + } + }() + } + wg.Wait() + return results +} + +// --- DB --- + +func loadLivePOPs(cfg Config) []POP { + pops, err := readPOPs(cfg.DBPath) + if err != nil { + fatal("reading DB: %v", err) + } + var live []POP + for _, p := range pops { + if p.Status == "live" && p.IP != "" && p.DNS != "" { + live = append(live, p) + } + } + return live +} + +func readPOPs(dbPath string) ([]POP, error) { + db, err := sql.Open("sqlite", dbPath) + if err != nil { + return nil, err + } + defer db.Close() + + rows, err := db.Query(`SELECT pop_id, city, country, region_name, ip, dns, status, provider, instance_id FROM pops ORDER BY pop_id`) + if err != nil { + return nil, err + } + defer rows.Close() + + var pops []POP + for rows.Next() { + var p POP + if err := rows.Scan(&p.PopID, &p.City, &p.Country, &p.RegionName, &p.IP, &p.DNS, &p.Status, &p.Provider, &p.InstanceID); err != nil { + return nil, err + } + pops = append(pops, p) + } + return pops, rows.Err() +} + +func filterNodes(cfg Config, pops []POP) []POP { + if cfg.Nodes == "" { + return pops + } + want := map[string]bool{} + for _, n := range strings.Split(cfg.Nodes, ",") { + want[strings.TrimSpace(n)] = true + } + var out []POP + for _, p := range pops { + if want[p.Subdomain()] { + out = append(out, p) + } + } + return out +} + +// --- Output --- + +func log(cfg Config, format string, args ...interface{}) { + if !cfg.JSONOut { + fmt.Printf(format+"\n", args...) + } +} + +func outputResults(cfg Config, results []NodeResult) { + if cfg.JSONOut { + enc := json.NewEncoder(os.Stdout) + enc.SetIndent("", " ") + enc.Encode(results) + } +} + +func oneLineStatus(raw string) string { + lines := strings.Split(strings.TrimSpace(raw), "\n") + parts := make([]string, 0, len(lines)) + for _, l := range lines { + l = strings.TrimSpace(l) + if l != "" { + parts = append(parts, l) + } + } + return strings.Join(parts, " | ") +} + +func lastLines(s string, n int) string { + lines := strings.Split(strings.TrimSpace(s), "\n") + if len(lines) <= n { + return strings.TrimSpace(s) + } + return strings.Join(lines[len(lines)-n:], "\n") +} + +func requireKeys(cfg Config, keys ...string) { + for _, k := range keys { + switch k { + case "cf": + if cfg.CFToken == "" { + fatal("Cloudflare token required: set CF_API_TOKEN or -cf-token") + } + case "ts": + if cfg.TSKey == "" { + fatal("Tailscale API key required: set TS_API_KEY or -ts-key") + } + } + } +} + +func fatal(format string, args ...interface{}) { + fmt.Fprintf(os.Stderr, "FATAL: "+format+"\n", args...) + os.Exit(2) +} + +// --- Cloudflare API --- + +type cfDNSRecord struct { + ID string `json:"id"` + Type string `json:"type"` + Name string `json:"name"` + Content string `json:"content"` + Proxied bool `json:"proxied"` + TTL int `json:"ttl"` +} + +type cfListResponse struct { + Success bool `json:"success"` + Result []cfDNSRecord `json:"result"` +} + +type cfMutateResponse struct { + Success bool `json:"success"` + Result cfDNSRecord `json:"result"` + Errors []struct { + Message string `json:"message"` + } `json:"errors"` +} + +func cfResolveZoneID(token, zone string) (string, error) { + req, _ := http.NewRequest("GET", "https://api.cloudflare.com/client/v4/zones?name="+zone, nil) + req.Header.Set("Authorization", "Bearer "+token) + resp, err := http.DefaultClient.Do(req) + if err != nil { + return "", err + } + defer resp.Body.Close() + var result struct { + Result []struct { + ID string `json:"id"` + } `json:"result"` + } + if err := json.NewDecoder(resp.Body).Decode(&result); err != nil { + return "", err + } + if len(result.Result) == 0 { + return "", fmt.Errorf("zone %q not found", zone) + } + return result.Result[0].ID, nil +} + +func cfListRecords(token, zoneID string) ([]cfDNSRecord, error) { + var all []cfDNSRecord + page := 1 + for { + url := fmt.Sprintf("https://api.cloudflare.com/client/v4/zones/%s/dns_records?per_page=100&page=%d", zoneID, page) + req, _ := http.NewRequest("GET", url, nil) + req.Header.Set("Authorization", "Bearer "+token) + resp, err := http.DefaultClient.Do(req) + if err != nil { + return nil, err + } + var result cfListResponse + err = json.NewDecoder(resp.Body).Decode(&result) + resp.Body.Close() + if err != nil { + return nil, err + } + all = append(all, result.Result...) + if len(result.Result) < 100 { + break + } + page++ + } + return all, nil +} + +func cfCreateRecord(token, zoneID, fqdn, ip string) error { + body, _ := json.Marshal(map[string]interface{}{ + "type": "A", "name": fqdn, "content": ip, "ttl": 1, "proxied": false, + }) + url := fmt.Sprintf("https://api.cloudflare.com/client/v4/zones/%s/dns_records", zoneID) + req, _ := http.NewRequest("POST", url, bytes.NewReader(body)) + req.Header.Set("Authorization", "Bearer "+token) + req.Header.Set("Content-Type", "application/json") + resp, err := http.DefaultClient.Do(req) + if err != nil { + return err + } + defer resp.Body.Close() + var result cfMutateResponse + if err := json.NewDecoder(resp.Body).Decode(&result); err != nil { + return err + } + if !result.Success { + return fmt.Errorf("API error: %v", result.Errors) + } + return nil +} + +func cfUpdateRecord(token, zoneID, recordID, fqdn, ip string) error { + body, _ := json.Marshal(map[string]interface{}{ + "type": "A", "name": fqdn, "content": ip, "ttl": 1, "proxied": false, + }) + url := fmt.Sprintf("https://api.cloudflare.com/client/v4/zones/%s/dns_records/%s", zoneID, recordID) + req, _ := http.NewRequest("PUT", url, bytes.NewReader(body)) + req.Header.Set("Authorization", "Bearer "+token) + req.Header.Set("Content-Type", "application/json") + resp, err := http.DefaultClient.Do(req) + if err != nil { + return err + } + defer resp.Body.Close() + var result cfMutateResponse + if err := json.NewDecoder(resp.Body).Decode(&result); err != nil { + return err + } + if !result.Success { + return fmt.Errorf("API error: %v", result.Errors) + } + return nil +} + +func cfDeleteRecord(token, zoneID, recordID string) error { + url := fmt.Sprintf("https://api.cloudflare.com/client/v4/zones/%s/dns_records/%s", zoneID, recordID) + req, _ := http.NewRequest("DELETE", url, nil) + req.Header.Set("Authorization", "Bearer "+token) + resp, err := http.DefaultClient.Do(req) + if err != nil { + return err + } + defer resp.Body.Close() + body, _ := io.ReadAll(resp.Body) + var result struct { + Success bool `json:"success"` + } + json.Unmarshal(body, &result) + if !result.Success { + return fmt.Errorf("delete failed: %s", string(body)) + } + return nil +} + +// --- Tailscale API --- + +type tsDevice struct { + ID string `json:"id"` + Hostname string `json:"hostname"` + Name string `json:"name"` + Addresses []string `json:"addresses"` +} + +type tsListResponse struct { + Devices []tsDevice `json:"devices"` +} + +func tsListDevices(apiKey string) ([]tsDevice, error) { + req, _ := http.NewRequest("GET", "https://api.tailscale.com/api/v2/tailnet/-/devices", nil) + req.SetBasicAuth(apiKey, "") + resp, err := http.DefaultClient.Do(req) + if err != nil { + return nil, err + } + defer resp.Body.Close() + if resp.StatusCode != 200 { + body, _ := io.ReadAll(resp.Body) + return nil, fmt.Errorf("HTTP %d: %s", resp.StatusCode, string(body)) + } + var result tsListResponse + if err := json.NewDecoder(resp.Body).Decode(&result); err != nil { + return nil, err + } + return result.Devices, nil +} + +func tsDeleteDevice(apiKey, deviceID string) error { + req, _ := http.NewRequest("DELETE", "https://api.tailscale.com/api/v2/device/"+deviceID, nil) + req.SetBasicAuth(apiKey, "") + resp, err := http.DefaultClient.Do(req) + if err != nil { + return err + } + defer resp.Body.Close() + if resp.StatusCode != 200 { + body, _ := io.ReadAll(resp.Body) + return fmt.Errorf("HTTP %d: %s", resp.StatusCode, string(body)) + } + return nil +} diff --git a/operations/pop-sync/pop-sync b/operations/pop-sync/pop-sync new file mode 100755 index 0000000..d8fcdd6 Binary files /dev/null and b/operations/pop-sync/pop-sync differ