@agentunion/fastaun 0.4.4 → 0.4.6

package/dist/keystore/index.d.ts

@@ -1,40 +1,18 @@
 /**
- * KeyStore 接口定义
+ * KeyStore / TokenStore 接口定义
  *
- * 与 Python SDK 的 KeyStore Protocol 完全对齐。
+ * TokenStore — 不含私钥操作，AuthFlow / AUNClient 持有此类型。
+ * KeyStore   — 仅包含私钥/完整身份操作，AIDStore / RegisterFlow 持有。
  */
 import type { IdentityRecord, KeyPairRecord, MetadataRecord } from '../types.js';
-export interface AgentMdCacheRecord {
-    aid: string;
-    content: string;
-    local_etag: string;
-    remote_etag: string;
-    last_modified: string;
-    fetched_at: number;
-    observed_at: number;
-    checked_at: number;
-    remote_status: string;
-    verify_status: string;
-    verify_error: string;
-    last_error: string;
-    updated_at: number;
-}
-export type AgentMdCacheUpsert = Partial<Omit<AgentMdCacheRecord, 'aid' | 'updated_at'>>;
-export interface KeyStore {
-    /** 加载密钥对 */
-    loadKeyPair(aid: string): KeyPairRecord | null;
-    /** 保存密钥对 */
-    saveKeyPair(aid: string, keyPair: KeyPairRecord): void;
+/** 不含私钥操作的存储接口，AuthFlow / AUNClient 持有此类型。 */
+export interface TokenStore {
     /** 加载证书 */
     loadCert(aid: string, certFingerprint?: string): string | null;
     /** 保存证书 */
     saveCert(aid: string, certPem: string, certFingerprint?: string, opts?: {
         makeActive?: boolean;
     }): void;
-    /** 加载完整身份信息 */
-    loadIdentity(aid: string): IdentityRecord | null;
-    /** 保存完整身份信息 */
-    saveIdentity(aid: string, identity: IdentityRecord): void;
     /** 加载实例级状态 */
     loadInstanceState?(aid: string, deviceId: string, slotId?: string): MetadataRecord | null;
     /** 保存实例级状态 */
@@ -49,20 +27,14 @@ export interface KeyStore {
     loadAllSeqs?(aid: string, deviceId: string, slotId: string): Record<string, number>;
     /** 删除单个 namespace 的 contiguous_seq 行 */
     deleteSeq?(aid: string, deviceId: string, slotId: string, namespace: string): void;
-    /** 读取最近 ack seq，供 SeqTracker 作 baseline 使用 */
+    /** 读取最近 ack seq */
     getLastAckSeq?(aid: string, deviceId: string, slotId: string, namespace: string): number;
     /** 写入最近 ack seq */
     setLastAckSeq?(aid: string, deviceId: string, slotId: string, namespace: string, seq: number): void;
-    /** 列出所有已存储的 AID（对齐 Python list_identities） */
-    listIdentities?(): string[];
-    /** 加载指定 AID 的元数据（对齐 Python load_metadata） */
+    /** 加载指定 AID 的元数据 */
     loadMetadata?(aid: string): Record<string, unknown> | null;
-    /** 保存指定 AID 的元数据（对齐 Python save_metadata，增量覆盖字段） */
+    /** 保存指定 AID 的元数据 */
     saveMetadata?(aid: string, metadata: Record<string, unknown>): void;
-    /** 加载本地持久化的某个远端/自身 agent.md 缓存记录 */
-    loadAgentMdCache?(ownerAid: string, targetAid: string): AgentMdCacheRecord | null;
-    /** 更新本地持久化的某个远端/自身 agent.md 缓存记录 */
-    upsertAgentMdCache?(ownerAid: string, targetAid: string, fields: AgentMdCacheUpsert): AgentMdCacheRecord;
     /** 保存群组状态（state_hash 链） */
     saveGroupState?(groupId: string, stateVersion: number, stateHash: string, keyEpoch: number, membershipJson: string, policyJson: string): void;
     /** 加载群组状态 */
@@ -88,3 +60,38 @@ export interface KeyStore {
     /** 保存 issuer 根证书并合并到 bundle，返回 [证书路径, bundle 路径] */
     saveIssuerRootCert?(issuer: string, certPem: string, fingerprintSha256?: string): [string, string];
 }
+/** 私钥/完整身份存储接口，仅 AIDStore / RegisterFlow 持有。 */
+export interface KeyStore {
+    /** 加载证书 */
+    loadCert(aid: string, certFingerprint?: string): string | null;
+    /** 保存证书 */
+    saveCert(aid: string, certPem: string, certFingerprint?: string, opts?: {
+        makeActive?: boolean;
+    }): void;
+    /** 加载密钥对 */
+    loadKeyPair(aid: string): KeyPairRecord | null;
+    /** 保存密钥对 */
+    saveKeyPair(aid: string, keyPair: KeyPairRecord): void;
+    /** 创建注册 pending 身份记录 */
+    pendingIdentityDir?(aid: string): string;
+    /** 列出指定 AID 的 pending 身份记录 */
+    listPendingIdentityDirs?(aid: string): string[];
+    /** 保存 pending 密钥对 */
+    savePendingKeyPair?(handle: string, aid: string, keyPair: KeyPairRecord): void;
+    /** 加载 pending 密钥对 */
+    loadPendingKeyPair?(handle: string, aid: string): KeyPairRecord | null;
+    /** 保存 pending 证书 */
+    savePendingCert?(handle: string, certPem: string): void;
+    /** 将 pending 身份转正 */
+    promotePendingIdentity?(handle: string, aid: string): string;
+    /** 删除指定 pending 身份 */
+    discardPendingIdentity?(handle: string): void;
+    /** 清理超龄 pending 身份 */
+    cleanupPendingDirs?(maxAgeMs?: number): number;
+    /** 加载完整身份信息（含私钥） */
+    loadIdentity(aid: string): IdentityRecord | null;
+    /** 保存完整身份信息（允许写入私钥字段） */
+    saveIdentity(aid: string, identity: IdentityRecord): void;
+    /** 列出所有已存储的 AID */
+    listIdentities?(): string[];
+}

package/dist/keystore/index.js

@@ -1,7 +1,8 @@
 /**
- * KeyStore 接口定义
+ * KeyStore / TokenStore 接口定义
  *
- * 与 Python SDK 的 KeyStore Protocol 完全对齐。
+ * TokenStore — 不含私钥操作，AuthFlow / AUNClient 持有此类型。
+ * KeyStore   — 仅包含私钥/完整身份操作，AIDStore / RegisterFlow 持有。
  */
 export {};
 //# sourceMappingURL=index.js.map

package/dist/keystore/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/keystore/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/keystore/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG"}

package/dist/keystore/local-identity-store.d.ts

@@ -0,0 +1,70 @@
+/**
+ * LocalIdentityStore — 基于文件系统 + SQLite 的 KeyStore 实现（含私钥操作）。
+ * AIDStore / RegisterFlow 持有此类型。
+ */
+import type { KeyStore } from './index.js';
+import type { SecretStore } from '../secret-store/index.js';
+import type { ModuleLogger } from '../logger.js';
+import { type SeedChangeResult } from '../secret-store/file-store.js';
+import { type IdentityRecord, type KeyPairRecord, type MetadataRecord } from '../types.js';
+export declare class LocalIdentityStore implements KeyStore {
+    private _root;
+    private _aidsRoot;
+    private _secretStore;
+    private _aidDBs;
+    readonly deviceId: string;
+    private _logger;
+    constructor(root?: string, opts?: {
+        secretStore?: SecretStore;
+        encryptionSeed?: string;
+        logger?: ModuleLogger;
+        secretStoreLogger?: ModuleLogger;
+    });
+    close(): void;
+    static ChangeSeed(root: string, oldSeed: string, newSeed: string): SeedChangeResult;
+    changeSeed(oldSeed: string, newSeed: string): SeedChangeResult;
+    private _prepareRoot;
+    private _getDB;
+    loadKeyPair(aid: string): KeyPairRecord | null;
+    saveKeyPair(aid: string, keyPair: KeyPairRecord): void;
+    private _saveKeyPairAtPath;
+    private _restoreKeyPair;
+    loadCert(aid: string, certFingerprint?: string): string | null;
+    saveCert(aid: string, certPem: string, certFingerprint?: string, opts?: {
+        makeActive?: boolean;
+    }): void;
+    private _normalizeCertFingerprint;
+    loadIdentity(aid: string): IdentityRecord | null;
+    saveIdentity(aid: string, identity: IdentityRecord): void;
+    loadAnyIdentity(): IdentityRecord | null;
+    listIdentities(): string[];
+    loadMetadata(aid: string): Record<string, unknown> | null;
+    saveMetadata(aid: string, metadata: Record<string, unknown>): void;
+    loadInstanceState(aid: string, deviceId: string, slotId?: string): MetadataRecord | null;
+    saveInstanceState(aid: string, deviceId: string, slotId: string, state: MetadataRecord): void;
+    saveSeq(aid: string, deviceId: string, slotId: string, namespace: string, contiguousSeq: number): void;
+    loadSeq(aid: string, deviceId: string, slotId: string, namespace: string): number;
+    loadAllSeqs(aid: string, deviceId: string, slotId: string): Record<string, number>;
+    trustRootDir(): string;
+    trustRootBundlePath(): string;
+    saveTrustRoots(trustList: Record<string, unknown>, rootCerts: Array<{
+        id?: string;
+        cert_pem: string;
+        fingerprint_sha256?: string;
+    }>): string;
+    saveIssuerRootCert(issuer: string, certPem: string, fingerprintSha256?: string): [string, string];
+    private _pemFingerprint;
+    pendingIdentityDir(aid: string): string;
+    listPendingIdentityDirs(aid: string): string[];
+    savePendingKeyPair(pendingDir: string, aid: string, keyPair: KeyPairRecord): void;
+    loadPendingKeyPair(pendingDir: string, aid: string): KeyPairRecord | null;
+    savePendingCert(pendingDir: string, certPem: string): void;
+    promotePendingIdentity(pendingDir: string, aid: string): string;
+    discardPendingIdentity(pendingDir: string): void;
+    cleanupPendingDirs(maxAgeMs?: number): number;
+    private _ensurePendingKeyPairProtected;
+    private _pendingRoot;
+    private _keyPairPath;
+    private _certPath;
+    private _certVersionPath;
+}