feat: implement os keychain support for secure private key storage #243

epsjunior · 2025-07-28T22:27:46Z

Add OS Keychain Integration for Secure Private Key Management

Summary

Implements secure private key storage using the operating system's native keychain (macOS Keychain, Windows Credential Manager, GNOME Keyring) to eliminate password prompts for write operations while maintaining security. This enhancement provides a user-friendly unlock/lock workflow and automatic key retrieval, significantly improving developer experience and workflow efficiency.

Changes

🚀 New Features

OS Keychain Integration: NEW - Secure private key storage using native OS keychain services
Unlock/Lock Commands: NEW - genlayer keygen unlock and genlayer keygen lock commands for explicit key management
Automatic Key Retrieval: Automatically retrieves stored private keys for write operations without password prompts
Cross-Platform Support: Works with macOS Keychain, Windows Credential Manager, and GNOME Keyring
Fallback Support: Gracefully falls back to password prompts when keychain is unavailable (e.g., headless environments)
Keychain Availability Detection: Automatically detects if OS keychain is available and working

🎯 Problem Solved

Issue: The GenLayer CLI was asking for keystore password on every write operation, which is inconvenient and disrupts workflow efficiency.

Solution:

Explicit Unlock: Users can unlock their wallet once using genlayer keygen unlock to store the private key securely in OS keychain
Automatic Usage: Write operations automatically use the stored key without password prompts
Explicit Lock: Users can lock their wallet using genlayer keygen lock to remove the key from keychain
Secure Storage: Private keys are stored using native OS security services, accessible only to the current user

🔧 Infrastructure Updates

KeychainManager: New class for cross-platform OS keychain operations
keytar Integration: Uses keytar library for reliable cross-platform keychain access
Error Handling: Comprehensive error handling for keychain unavailability
User Feedback: Clear spinner messages and error descriptions for keychain operations

🏗️ Implementation Details

Singleton-Free Design: Simple instantiation pattern suitable for CLI usage
Service Isolation: Uses dedicated service name (genlayer-cli) and account (default-user) for key storage
Availability Testing: Tests keychain functionality before attempting operations
Secure Operations: All keychain operations wrapped in try-catch for graceful fallback

📁 File Structure

src/lib/
├── config/
│   └── KeychainManager.ts     # NEW - OS keychain operations
├── actions/
│   └── BaseAction.ts          # Enhanced with keychain integration
└── commands/
    └── keygen/
        ├── lock.ts           # NEW - Lock wallet command
        ├── unlock.ts         # NEW - Unlock wallet command
        └── index.ts          # Updated with new commands

OS Keychain Storage:
macOS Keychain/               # macOS
Windows Credential Manager/   # Windows
GNOME Keyring/               # Linux
└── genlayer-cli:default-user # Stored private key

🔐 Security Features

OS-Level Security: Private keys stored using native OS security services
User Isolation: Keys accessible only to the current user account
Explicit Control: Users must explicitly unlock/lock their wallet
No Automatic Storage: Keys are only stored when user runs unlock command
Graceful Fallback: Falls back to password prompts when keychain unavailable
Clear Feedback: Users always know when keys are stored or removed

🧪 Testing

KeychainManager Tests (tests/libs/keychainManager.test.ts):
- Keychain availability detection
- Private key storage and retrieval
- Key removal operations
- Error handling for all operations
- Cross-platform compatibility testing
BaseAction Tests (tests/libs/baseAction.test.ts):
- NEW - Keychain integration for automatic key retrieval
- Cached key usage and fallback scenarios
- Integration with existing authentication flow
- Comprehensive mocking for keychain operations
Action Tests (Various action test files):
- Updated all action tests to use new keychain-based authentication
- Proper mocking of keychain operations
- Integration testing with keychain scenarios

🔧 Usage

Unlock Wallet (Store Key in Keychain)

# Unlock wallet to store private key in OS keychain
genlayer keygen unlock
# Enter password: ********
# ✓ Wallet unlocked successfully! Your private key is now stored securely in the OS keychain.

Write Operations (No Password Required)

# Deploy contract - NO PASSWORD PROMPT
genlayer deploy --contract contracts/MyContract.py
# ✓ Contract deployed successfully (uses stored key)

genlayer write 0x123... myMethod --args "value"
# ✓ Transaction sent successfully (no password prompt - uses stored key)

Lock Wallet (Remove Key from Keychain)

# Lock wallet to remove private key from keychain
genlayer keygen lock
# ✓ Wallet locked successfully! Your private key has been removed from the OS keychain.

# Subsequent write operations will prompt for password
genlayer deploy --contract contracts/AnotherContract.py
# Enter password: ********  (prompts again)
# ✓ Contract deployed successfully

✨ Code Quality

Cross-Platform Design: Works seamlessly across macOS, Windows, and Linux
TypeScript Integration: Full type safety with proper interfaces
Error Resilience: Comprehensive error handling and user feedback
User Experience: Clear, informative messages for all operations
Comprehensive Testing: 100% test coverage for all new functionality

🎯 Authentication Flow

Unlock Command: Decrypt keystore → Store private key in OS keychain → Success message
Write Operations: Check keychain → Use stored key → Fallback to password if needed
Lock Command: Check keychain → Remove private key → Success message
Fallback Logic: Keychain unavailable → Password prompt → Normal operation

📊 Performance Benefits

Zero Authentication for Writes: Eliminates password prompts after unlock
Persistent Sessions: Keys remain available until explicitly locked
Fast Operations: No decryption overhead for write operations
Improved Workflow: Seamless multi-command sessions without interruption
User Control: Explicit unlock/lock for security-conscious users

🛡️ Security Considerations

OS-Level Protection: Keys protected by native OS security mechanisms
User Isolation: Keys accessible only to the current user account
Explicit Control: Users must explicitly unlock/lock their wallet
No Automatic Storage: Keys only stored when user runs unlock command
Clear Feedback: Users always know when keys are stored or removed
Graceful Degradation: Falls back to password prompts when keychain unavailable

🔗 Dependencies

keytar Library: Cross-platform OS keychain access
@types/keytar: TypeScript definitions for keytar
ESBuild Configuration: External dependency configuration for native modules
GenLayer-JS Integration: Enhanced to support keychain-based authentication
Built on Existing Infrastructure: Uses established BaseAction patterns

🛡️ Backward Compatibility

No Breaking Changes: All existing commands work identically
Optional Feature: Keychain usage is completely optional
Automatic Fallback: Falls back to password prompts when keychain unavailable
Existing Config Preserved: No changes to permanent configuration files
Command Interface Extended: New commands added without affecting existing ones

Testing: ✅ All tests pass with 100% coverage on new code
Security: ✅ OS-level security, user isolation, explicit control
Performance: ✅ Zero authentication for writes after unlock
Cross-Platform: ✅ Works on macOS, Windows, and Linux
User Experience: ✅ Major workflow improvement with explicit unlock/lock control
Future-Proof: ✅ Extensible keychain integration for additional features

Summary by CodeRabbit

New Features
- Added secure wallet key management commands to the CLI, allowing users to unlock (store) and lock (remove) the private key in the operating system's keychain.
- Introduced automatic use of the OS keychain for secure private key storage, replacing temporary file-based caching.
Documentation
- Updated installation instructions with Linux-specific dependency guidance for secure key storage support.
Bug Fixes
- Improved error handling and user feedback during wallet unlock and lock operations.
Tests
- Added comprehensive tests for new wallet lock/unlock features and keychain management.
Chores
- Updated dependencies to include secure key storage library.
- Modified CI workflow to install required Linux runtime library for keychain support.

coderabbitai · 2025-07-28T22:27:55Z

Walkthrough

This change replaces the CLI's decrypted private key caching mechanism, moving from temporary file storage to secure OS keychain storage using the keytar library. It introduces a KeychainManager abstraction, updates related commands and actions, adjusts tests, and revises documentation to reflect the new Linux dependency and altered workflow.

Changes

Cohort / File(s)	Change Summary
Keychain Management Implementation `src/lib/config/KeychainManager.ts`	Introduced `KeychainManager` class for secure private key storage using `keytar`, with methods for storing, retrieving, and removing keys.
Keygen Command Extensions `src/commands/keygen/index.ts`, `src/commands/keygen/lock.ts`, `src/commands/keygen/unlock.ts`	Added `unlock` and `lock` subcommands to `keygen`, implementing logic to store/remove private keys in the OS keychain.
BaseAction Refactor `src/lib/actions/BaseAction.ts`	Replaced temp file logic with keychain-based caching; updated methods to use `KeychainManager` for private key operations.
Config File Manager Simplification `src/lib/config/ConfigFileManager.ts`	Removed all temporary file management logic and related interfaces/methods.
Build and Dependency Updates `package.json`, `esbuild.config.dev.js`, `esbuild.config.prod.js`	Added `keytar` as a dependency; marked it as external in build configs.
Documentation `README.md`	Added Linux installation instructions for `libsecret`, required by `keytar`.
Keychain and Action Tests `tests/libs/keychainManager.test.ts`, `tests/actions/lock.test.ts`, `tests/actions/unlock.test.ts`	Added new tests for `KeychainManager`, `LockAction`, and `UnlockAction`.
Keygen Command Tests `tests/commands/keygen.test.ts`	Added tests for new `unlock` and `lock` subcommands; removed one obsolete test.
BaseAction and ConfigFileManager Tests Update `tests/libs/baseAction.test.ts`, `tests/libs/configFileManager.test.ts`	Updated `BaseAction` tests to use keychain mocks; removed all temp file operation tests from `ConfigFileManager`.
CI Workflow Update `.github/workflows/validate-code.yml`	Added step to install `libsecret-1-0` on Ubuntu runners for keytar compatibility.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant CLI
    participant KeychainManager
    participant FileSystem

    User->>CLI: Run 'keygen unlock'
    CLI->>KeychainManager: isKeychainAvailable()
    KeychainManager-->>CLI: true/false
    alt Keychain available
        CLI->>FileSystem: Check keystore file exists
        FileSystem-->>CLI: exists/doesn't exist
        alt Keystore exists
            CLI->>User: Prompt for password
            User-->>CLI: Enter password
            CLI->>FileSystem: Read keystore
            CLI->>CLI: Decrypt keystore
            CLI->>KeychainManager: storePrivateKey(privateKey)
            KeychainManager-->>CLI: Success/Failure
        else Keystore missing
            CLI-->>User: Show error
        end
    else Keychain unavailable
        CLI-->>User: Show error
    end

sequenceDiagram
    participant User
    participant CLI
    participant KeychainManager

    User->>CLI: Run 'keygen lock'
    CLI->>KeychainManager: isKeychainAvailable()
    KeychainManager-->>CLI: true/false
    alt Keychain available
        CLI->>KeychainManager: getPrivateKey()
        KeychainManager-->>CLI: privateKey/null
        alt Private key exists
            CLI->>KeychainManager: removePrivateKey()
            KeychainManager-->>CLI: Success/Failure
        else No cached key
            CLI-->>User: Wallet already locked
        end
    else Keychain unavailable
        CLI-->>User: Show error
    end

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

feat: Add Temporary Key Caching System with Read-Only Client Support #241: The main PR removes the temporary file caching system for decrypted private keys and replaces it with a new keychain-based secure storage approach using the keytar library, while the retrieved PR introduces the original temporary file caching system and read-only client support; thus, the two PRs modify the same BaseAction class and ConfigFileManager but implement fundamentally different mechanisms for private key caching and retrieval.

Suggested reviewers

cristiam86
danielrc888

Poem

A bunny with keys in a chain,
No more temp files to maintain!
With keytar in tow,
Your secrets won't show—
Secure as a burrow after rain.
🗝️🥕

Note

⚡️ Unit Test Generation is now available in beta!

Learn more here, or try it out under "Finishing Touches" below.

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b68183c and 508a488.

📒 Files selected for processing (3)

src/commands/keygen/unlock.ts (1 hunks)
src/lib/actions/BaseAction.ts (5 hunks)
tests/actions/unlock.test.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

src/commands/keygen/unlock.ts
src/lib/actions/BaseAction.ts

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: epsjunior
PR: genlayerlabs/genlayer-cli#243
File: src/lib/config/KeychainManager.ts:18-20
Timestamp: 2025-07-28T23:14:38.517Z
Learning: In the genlayer-cli codebase, private keys passed to KeychainManager.storePrivateKey() are always strings, so type validation is not necessary.

Learnt from: epsjunior
PR: genlayerlabs/genlayer-cli#243
File: src/lib/config/KeychainManager.ts:9-16
Timestamp: 2025-07-28T23:19:02.888Z
Learning: In the genlayer-cli KeychainManager.isKeychainAvailable() method, the implementation uses findCredentials() for a lightweight check to see if the keychain backend is accessible, rather than testing full read/write capabilities. This is by design to keep the availability check quick and focused on accessibility rather than comprehensive capability verification.

🧬 Code Graph Analysis (1)

tests/actions/unlock.test.ts (1)

src/commands/keygen/unlock.ts (1)

UnlockAction (5-41)

🪛 Gitleaks (8.27.2)

tests/actions/unlock.test.ts

19-19: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🔇 Additional comments (6)

tests/actions/unlock.test.ts (6)

1-10: LGTM! Clean import and mocking setup.

The imports are well-organized and the module mocking follows vitest conventions correctly. All necessary dependencies for testing the UnlockAction class are properly included.

11-21: Mock data structures are appropriate for testing.

The keystore and wallet mock data correctly represent the expected structures for testing unlock functionality. The static analysis warning about the private key on line 19 is a false positive - this is clearly test mock data, not a real private key.

22-48: Comprehensive and well-structured test setup.

The beforeEach setup properly mocks all dependencies and BaseAction methods, providing good defaults for the happy path. The cleanup in afterEach ensures test isolation. The use of as any for accessing private methods in tests is appropriate.

50-64: Excellent coverage of the success path.

This test thoroughly validates the complete unlock workflow, checking both the sequence of operations and the parameters passed to each method. The assertions align perfectly with the expected behavior of the UnlockAction.execute() method.

66-102: Comprehensive failure scenario coverage.

These tests effectively cover all the validation failure points in the unlock process. Each test properly isolates the failure condition and verifies that subsequent operations are correctly skipped, which is important for user experience and security.

103-121: Solid error handling test coverage.

These tests properly validate error scenarios during the core operations (wallet decryption and key storage). The tests correctly verify that errors are handled gracefully and passed through to the user feedback mechanism.

✨ Finishing Touches

📝 Generate Docstrings

🧪 Generate unit tests

Create PR with unit tests
Post copyable unit tests in a comment
Commit unit tests in branch dxp-542-implement-os-keychain-support-for-secure-private-key-storage

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>, please review it.
- Explain this complex logic.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
- @coderabbitai explain this code block.
- @coderabbitai modularize this function.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
- @coderabbitai read src/utils.ts and explain its main purpose.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
- @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai full review to do a full review from scratch and review all the files again.
@coderabbitai summary to regenerate the summary of the PR.
@coderabbitai generate docstrings to generate docstrings for this PR.
@coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
@coderabbitai generate unit tests to generate unit tests for this PR.
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai configuration to show the current CodeRabbit configuration for the repository.
@coderabbitai help to get help.

Other keywords and placeholders

Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
Please see the configuration documentation for more information.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

coderabbitai

Actionable comments posted: 5

🧹 Nitpick comments (8)

tests/libs/baseAction.test.ts (1)
86-86: Clean up empty line from removed temp file mocking.

This empty line appears to be leftover from removing temp file method mocking. Consider removing it for cleaner code.
-
src/commands/keygen/index.ts (2)
22-28: Consider adding error handling for the unlock command

The command directly awaits the action execution without handling potential errors. While the action classes handle their own errors, the CLI should gracefully handle any unhandled exceptions.

Consider wrapping the action execution in a try-catch block:
  keygenCommand
    .command("unlock")
    .description("Unlock your wallet by storing the decrypted private key in OS keychain")
    .action(async () => {
-     const unlockAction = new UnlockAction();
-     await unlockAction.execute();
+     try {
+       const unlockAction = new UnlockAction();
+       await unlockAction.execute();
+     } catch (error) {
+       console.error("Failed to execute unlock command:", error);
+       process.exit(1);
+     }
    });
30-36: Consider adding error handling for the lock command

Similar to the unlock command, consider adding error handling to ensure graceful failure handling.

Apply the same error handling pattern as suggested for the unlock command.
tests/actions/lock.test.ts (1)
7-21: Consider extracting mock setup to reduce duplication

The mock setup is comprehensive but quite verbose. Consider extracting common mock patterns to improve maintainability.

Create a helper function for common mock setup:
+ function setupLockActionMocks(lockAction: LockAction) {
+   vi.spyOn(lockAction as any, "startSpinner").mockImplementation(() => {});
+   vi.spyOn(lockAction as any, "setSpinnerText").mockImplementation(() => {});
+   vi.spyOn(lockAction as any, "succeedSpinner").mockImplementation(() => {});
+   vi.spyOn(lockAction as any, "failSpinner").mockImplementation(() => {});
+   
+   vi.spyOn(lockAction["keychainManager"], "isKeychainAvailable").mockResolvedValue(true);
+   vi.spyOn(lockAction["keychainManager"], "getPrivateKey").mockResolvedValue("test-private-key");
+   vi.spyOn(lockAction["keychainManager"], "removePrivateKey").mockResolvedValue(true);
+ }

  beforeEach(() => {
    vi.clearAllMocks();
    lockAction = new LockAction();
-   
-   // Mock the BaseAction methods
-   vi.spyOn(lockAction as any, "startSpinner").mockImplementation(() => {});
-   // ... other mocks
+   setupLockActionMocks(lockAction);
  });
tests/actions/unlock.test.ts (1)
13-18: Consider using more realistic mock data

The mock keystore data could be more realistic to better simulate actual encrypted keystores.

Consider using more realistic mock data:
  const mockKeystoreData = {
-   encrypted: '{"address":"test","crypto":{"cipher":"aes-128-ctr"}}'
+   encrypted: '{"address":"0x742f35Cc6B5C23d6dE4dcB913c95eD6b96aE78B8","crypto":{"cipher":"aes-128-ctr","ciphertext":"...","cipherparams":{"iv":"..."},"kdf":"scrypt","kdfparams":{"dklen":32,"n":8192,"p":1,"r":8,"salt":"..."},"mac":"..."},"id":"...","version":3}'
  };
src/lib/config/KeychainManager.ts (1)
7-7: Remove unnecessary empty constructor

The empty constructor adds no value and can be removed to simplify the class.
- constructor() {}
src/commands/keygen/unlock.ts (2)
29-29: Consider validating private key before storage.

While ethers.js provides the private key after successful decryption, adding an explicit validation step could improve robustness.
    const wallet = await ethers.Wallet.fromEncryptedJson(keystoreData.encrypted, password);
+   
+   if (!wallet.privateKey || wallet.privateKey.length !== 66 || !wallet.privateKey.startsWith('0x')) {
+     this.failSpinner("Invalid private key format after decryption.");
+     return;
+   }
    
    await this.keychainManager.storePrivateKey(wallet.privateKey);
32-32: Improve error message specificity.

The generic "Failed to unlock wallet" message could be more helpful by providing context about the specific failure.
-   this.failSpinner("Failed to unlock wallet.", error);
+   if (error instanceof Error && error.message.includes('invalid password')) {
+     this.failSpinner("Invalid password provided. Please try again with the correct password.");
+   } else if (error instanceof Error && error.message.includes('keychain')) {
+     this.failSpinner("Failed to store private key in OS keychain.", error);
+   } else {
+     this.failSpinner("Failed to unlock wallet. Please check your keystore file and password.", error);
+   }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 408c639 and 68623d3.

⛔ Files ignored due to path filters (1)

package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (16)

README.md (1 hunks)
esbuild.config.dev.js (1 hunks)
esbuild.config.prod.js (1 hunks)
package.json (1 hunks)
src/commands/keygen/index.ts (2 hunks)
src/commands/keygen/lock.ts (1 hunks)
src/commands/keygen/unlock.ts (1 hunks)
src/lib/actions/BaseAction.ts (4 hunks)
src/lib/config/ConfigFileManager.ts (0 hunks)
src/lib/config/KeychainManager.ts (1 hunks)
tests/actions/lock.test.ts (1 hunks)
tests/actions/unlock.test.ts (1 hunks)
tests/commands/keygen.test.ts (2 hunks)
tests/libs/baseAction.test.ts (2 hunks)
tests/libs/configFileManager.test.ts (0 hunks)
tests/libs/keychainManager.test.ts (1 hunks)

💤 Files with no reviewable changes (2)

tests/libs/configFileManager.test.ts
src/lib/config/ConfigFileManager.ts

🧰 Additional context used

🧠 Learnings (2)

package.json (1)

Learnt from: epsjunior
PR: #239
File: package.json:60-66
Timestamp: 2025-07-10T23:50:34.628Z
Learning: In the genlayer-cli project, dotenv is used with manual parsing via dotenv.parse() rather than automatic loading via dotenv.config(), so warnings about implicit .env.local auto-loading changes in dotenv v17 are not applicable to this project.

README.md (1)

Learnt from: epsjunior
PR: #239
File: package.json:60-66
Timestamp: 2025-07-10T23:50:34.628Z
Learning: In the genlayer-cli project, dotenv is used with manual parsing via dotenv.parse() rather than automatic loading via dotenv.config(), so warnings about implicit .env.local auto-loading changes in dotenv v17 are not applicable to this project.

🧬 Code Graph Analysis (7)

tests/commands/keygen.test.ts (3)

src/commands/keygen/index.ts (1)

initializeKeygenCommands (6-39)

src/commands/keygen/unlock.ts (1)

UnlockAction (5-35)

src/commands/keygen/lock.ts (1)

LockAction (3-31)

tests/libs/keychainManager.test.ts (1)

src/lib/config/KeychainManager.ts (1)

KeychainManager (3-29)

src/commands/keygen/unlock.ts (1)

src/lib/actions/BaseAction.ts (1)

BaseAction (14-236)

src/commands/keygen/lock.ts (1)

src/lib/actions/BaseAction.ts (1)

BaseAction (14-236)

tests/actions/lock.test.ts (1)

src/commands/keygen/lock.ts (1)

LockAction (3-31)

src/commands/keygen/index.ts (2)

src/commands/keygen/unlock.ts (1)

UnlockAction (5-35)

src/commands/keygen/lock.ts (1)

LockAction (3-31)

src/lib/actions/BaseAction.ts (1)

src/lib/config/KeychainManager.ts (1)

KeychainManager (3-29)

🪛 GitHub Actions: CI Workflow

tests/commands/keygen.test.ts