npm - @aithos/sdk - Versions diffs - 0.1.0-alpha.4 → 0.1.0-alpha.41 - Mend

@aithos/sdk 0.1.0-alpha.4 → 0.1.0-alpha.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (80) hide show

package/README.md +211 -7
package/dist/src/apps.d.ts +155 -0
package/dist/src/apps.js +288 -0
package/dist/src/assets.d.ts +207 -0
package/dist/src/assets.js +533 -0
package/dist/src/auth-api.d.ts +138 -0
package/dist/src/auth-api.js +168 -0
package/dist/src/auth.d.ts +536 -119
package/dist/src/auth.js +1207 -152
package/dist/src/compute.d.ts +251 -9
package/dist/src/compute.js +293 -16
package/dist/src/data-schema-contacts-v1.d.ts +14 -0
package/dist/src/data-schema-contacts-v1.js +28 -0
package/dist/src/data.d.ts +153 -0
package/dist/src/data.js +670 -0
package/dist/src/endpoints.d.ts +9 -0
package/dist/src/endpoints.js +5 -0
package/dist/src/ethos.d.ts +202 -1
package/dist/src/ethos.js +821 -16
package/dist/src/index.d.ts +18 -6
package/dist/src/index.js +39 -6
package/dist/src/internal/delegate-bundle.d.ts +18 -0
package/dist/src/internal/delegate-bundle.js +94 -0
package/dist/src/internal/delegate-state.d.ts +45 -0
package/dist/src/internal/delegate-state.js +120 -0
package/dist/src/internal/envelope.d.ts +77 -0
package/dist/src/internal/envelope.js +154 -0
package/dist/src/internal/owner-signers.d.ts +78 -0
package/dist/src/internal/owner-signers.js +179 -0
package/dist/src/internal/protocol-client-bridge.d.ts +8 -0
package/dist/src/internal/protocol-client-bridge.js +20 -0
package/dist/src/internal/recovery-file.d.ts +29 -0
package/dist/src/internal/recovery-file.js +98 -0
package/dist/src/internal/signer.d.ts +59 -0
package/dist/src/internal/signer.js +86 -0
package/dist/src/key-store.d.ts +128 -0
package/dist/src/key-store.js +244 -0
package/dist/src/mandates.d.ts +163 -1
package/dist/src/mandates.js +286 -8
package/dist/src/react/AithosAsset.d.ts +66 -0
package/dist/src/react/AithosAsset.js +67 -0
package/dist/src/react/context.d.ts +29 -0
package/dist/src/react/context.js +31 -0
package/dist/src/react/index.d.ts +28 -0
package/dist/src/react/index.js +30 -0
package/dist/src/react/use-aithos-asset.d.ts +39 -0
package/dist/src/react/use-aithos-asset.js +118 -0
package/dist/src/sdk.d.ts +46 -3
package/dist/src/sdk.js +49 -23
package/dist/src/wallet.d.ts +4 -6
package/dist/src/wallet.js +18 -8
package/dist/src/web.d.ts +279 -0
package/dist/src/web.js +186 -0
package/dist/test/auth-j3.test.d.ts +2 -0
package/dist/test/auth-j3.test.js +391 -0
package/dist/test/compute-delegate-path.test.d.ts +2 -0
package/dist/test/compute-delegate-path.test.js +183 -0
package/dist/test/compute.test.js +26 -11
package/dist/test/endpoints.test.js +20 -1
package/dist/test/envelope.test.d.ts +2 -0
package/dist/test/envelope.test.js +318 -0
package/dist/test/ethos-first-edition.test.d.ts +2 -0
package/dist/test/ethos-first-edition.test.js +248 -0
package/dist/test/ethos.test.d.ts +2 -0
package/dist/test/ethos.test.js +219 -0
package/dist/test/key-store.test.d.ts +2 -0
package/dist/test/key-store.test.js +161 -0
package/dist/test/mandates-compute.test.d.ts +2 -0
package/dist/test/mandates-compute.test.js +256 -0
package/dist/test/mandates.test.d.ts +2 -0
package/dist/test/mandates.test.js +93 -0
package/dist/test/sdk.test.js +70 -30
package/dist/test/signer.test.d.ts +2 -0
package/dist/test/signer.test.js +117 -0
package/dist/test/signup-bootstrap.test.d.ts +2 -0
package/dist/test/signup-bootstrap.test.js +311 -0
package/dist/test/wallet.test.js +20 -9
package/dist/test/web.test.d.ts +2 -0
package/dist/test/web.test.js +270 -0
package/package.json +18 -3

package/dist/src/assets.d.ts ADDED Viewed

@@ -0,0 +1,207 @@
+/**
+ * `sdk.assets` — high-level API for the Aithos assets sub-protocol PDS.
+ *
+ * Stores binary content (images, PDFs, audio, video) owned by a
+ * subject, encrypted client-side under per-asset AMKs (Asset Master
+ * Keys), accessible to authorized apps via signed mandates (v0.2).
+ *
+ *     const assets = sdk.assets;
+ *     const avatar = await assets.upload({
+ *       bytes: pngBuffer,
+ *       mediaType: "image/png",
+ *       attachTo: { ethos: { zone: "public", sectionId: "sec_identity" } },
+ *     });
+ *     // avatar.url is a stable CloudFront URL (public asset)
+ *
+ *     const cv = await assets.upload({
+ *       bytes: pdfBuffer,
+ *       mediaType: "application/pdf",
+ *       attachTo: { ethos: { zone: "circle", sectionId: "sec_career_docs" } },
+ *     });
+ *     // cv is private: stored encrypted, fetched via short-lived presigned URL.
+ *
+ *     const bytes = await assets.fetch(cv.urn);
+ *     // decrypted plaintext returned to the caller
+ *
+ * The module wires:
+ *   - AMK generation + wrap (via @aithos/assets-crypto)
+ *   - Bytes encryption with the canonical nonce-prefix on-disk layout
+ *   - RecipientResolver (v0.2-ethos: maps {zone} → recipient set)
+ *   - Direct S3 PUT against the presigned URL returned by init_upload
+ *   - In-memory AMK cache (per asset URN) for sub-second re-fetches
+ *   - Signed envelope JSON-RPC dispatch to /mcp/primitives/{read,write}
+ *
+ * Spec ref: spec/assets/ in the aithos-protocol repo.
+ */
+import { type AssetMetadata, type AssetReference } from "@aithos/assets-crypto";
+export interface CreateAssetsClientArgs {
+    /** Base URL of the deployed assets PDS. */
+    readonly pdsUrl: string;
+    /** Subject DID. */
+    readonly did: string;
+    /** Ed25519 sphere seed (32 bytes). */
+    readonly sphereSeed: Uint8Array;
+    /** Verification method URL within the DID document (e.g. `<did>#<multibase>` for did:key). */
+    readonly verificationMethod: string;
+    /** Optional fetch implementation. Defaults to globalThis.fetch. */
+    readonly fetch?: typeof fetch;
+    /**
+     * Optional override for the recipient resolver. By default the SDK
+     * uses a "self-only" resolver that maps every private upload to the
+     * subject's own X25519 sphere key. Apps that already orchestrate
+     * grantees explicitly may pass a custom resolver.
+     */
+    readonly recipientResolver?: RecipientResolver;
+}
+export interface AttachedContext {
+    readonly ethos?: {
+        readonly zone: "public" | "circle" | "self";
+        readonly sectionId?: string;
+    };
+    readonly data?: {
+        readonly collectionUrn: string;
+        readonly recordId?: string;
+        readonly field?: string;
+    };
+}
+export interface AssetUploadInput {
+    readonly bytes: Uint8Array;
+    readonly mediaType: string;
+    readonly attachTo?: AttachedContext;
+    /**
+     * OPTIONAL — force a regime. Defaults to "auto":
+     *   - ethos.zone === "public" → public
+     *   - anything else → private
+     */
+    readonly regime?: "auto" | "public" | "private";
+    /** OPTIONAL — strict forward secrecy at AMK rotation time. */
+    readonly forwardSecrecy?: "best_effort" | "strict";
+}
+export interface AssetUploadResult {
+    readonly urn: string;
+    readonly assetId: string;
+    readonly mediaType: string;
+    readonly sizeBytes: number;
+    readonly sha256OfPlaintext: string;
+    readonly encrypted: boolean;
+    /**
+     * Stable URL for public assets (CloudFront-served). Absent for
+     * private assets — fetch them via {@link AssetsClient.fetch}.
+     */
+    readonly url?: string;
+    /** Whether this URN was returned by intra-subject dedup (existing asset). */
+    readonly dedupHit: boolean;
+}
+export interface AssetFetchResult {
+    readonly urn: string;
+    readonly mediaType: string;
+    readonly sizeBytes: number;
+    readonly bytes: Uint8Array;
+    readonly sha256OfPlaintext: string;
+}
+export interface AssetBrief {
+    readonly urn: string;
+    readonly assetId: string;
+    readonly mediaType: string;
+    readonly sizeBytes: number;
+    readonly sha256OfPlaintext: string;
+    readonly encrypted: boolean;
+    readonly state: "ACTIVE" | "ORPHANED" | "TOMBSTONED";
+    readonly referenceCount: number;
+    readonly createdAt: string;
+    readonly modifiedAt: string;
+}
+export interface ListAssetsOpts {
+    readonly filter?: {
+        readonly mediaTypePrefix?: string;
+        readonly sizeBytes?: {
+            gte?: number;
+            lte?: number;
+        };
+        readonly createdAfter?: string;
+        readonly createdBefore?: string;
+    };
+    readonly limit?: number;
+    readonly cursor?: string;
+    readonly order?: "newest" | "oldest";
+    readonly includeOrphaned?: boolean;
+    readonly includeTombstoned?: boolean;
+}
+export interface ThumbnailUploadInput extends AssetUploadInput {
+    /** Long-edge sizes to produce (e.g. [64, 256]). */
+    readonly sizes: readonly number[];
+    /**
+     * Downscaler. The SDK does NOT bundle an image library; callers pass
+     * a function that takes the original bytes and a target size and
+     * returns downscaled bytes. Typical implementations: `pica` in the
+     * browser, `sharp` in Node.
+     */
+    readonly downscale: (bytes: Uint8Array, targetLongEdge: number) => Promise<Uint8Array>;
+}
+export interface ThumbnailUploadResult {
+    readonly primary: AssetUploadResult;
+    readonly thumbnails: readonly {
+        size: number;
+        result: AssetUploadResult;
+    }[];
+}
+/**
+ * Maps an attaching context to the set of recipients whose wraps the
+ * AMK must carry. The v0.1 default returns the subject's own X25519
+ * sphere key derived from the SDK's seed.
+ *
+ * v0.2 will introduce an Ethos-aware resolver that inspects the
+ * current manifest's `zones.<z>.cipher.wraps[]` (or, in v0.3, the
+ * per-section wraps) to mirror grantees on attached assets.
+ */
+export interface RecipientResolver {
+    resolve(input: {
+        subjectDid: string;
+        context: AttachedContext | undefined;
+    }): Promise<RecipientSet>;
+}
+export interface RecipientSet {
+    readonly recipients: ReadonlyArray<{
+        readonly didUrl: string;
+        readonly x25519PublicKey: Uint8Array;
+    }>;
+}
+export declare function createAssetsClient(args: CreateAssetsClientArgs): AssetsClient;
+export declare class AssetsClient {
+    #private;
+    constructor(args: CreateAssetsClientArgs);
+    upload(input: AssetUploadInput): Promise<AssetUploadResult>;
+    /**
+     * Upload a primary asset plus one or more thumbnails (downscaled
+     * client-side). Convenience method for the Deep avatar use case and
+     * any UI that displays the same asset at multiple resolutions.
+     *
+     * The thumbnails are attached to the same context as the primary
+     * and uploaded in parallel. They carry the {@link AssetReference}
+     * role `"thumbnail"` when referenced from a section (see
+     * spec/assets/03-asset-descriptors.md §3.2.3).
+     */
+    uploadWithThumbnails(input: ThumbnailUploadInput): Promise<ThumbnailUploadResult>;
+    fetch(urn: string): Promise<AssetFetchResult>;
+    head(urn: string): Promise<AssetMetadata>;
+    list(opts?: ListAssetsOpts): Promise<{
+        items: AssetBrief[];
+        nextCursor?: string;
+    }>;
+    ref(urn: string, reference: AssetReference): Promise<{
+        referenceCount: number;
+        gammaRef: string;
+    }>;
+    unref(urn: string, reference: AssetReference): Promise<{
+        referenceCount: number;
+        gammaRef: string;
+    }>;
+    listReferences(urn: string): Promise<AssetReference[]>;
+    delete(urn: string): Promise<{
+        tombstonedAt: string;
+        gammaRef: string;
+    }>;
+    /** Zero in-memory AMK cache. Useful at user logout. */
+    reset(): void;
+}
+//# sourceMappingURL=assets.d.ts.map