npm - @ajna-inc/vaults - Versions diffs - 0.1.0 → 0.1.2 - Mend

@ajna-inc/vaults 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (208) hide show

package/build/VaultsApi.d.ts +363 -0
package/build/VaultsApi.js +450 -248
package/build/VaultsApi.js.map +1 -0
package/build/VaultsEvents.d.ts +227 -0
package/build/VaultsEvents.js +8 -0
package/build/VaultsEvents.js.map +1 -0
package/build/VaultsModule.d.ts +64 -0
package/build/VaultsModule.js +43 -18
package/build/VaultsModule.js.map +1 -0
package/build/crypto/wasm/VaultCrypto.d.ts +19 -0
package/build/crypto/wasm/VaultCrypto.js +29 -42
package/build/crypto/wasm/VaultCrypto.js.map +1 -0
package/build/errors/BadSuiteError.d.ts +8 -0
package/build/errors/BadSuiteError.js +8 -25
package/build/errors/BadSuiteError.js.map +1 -0
package/build/errors/DecryptAeadError.d.ts +8 -0
package/build/errors/DecryptAeadError.js +8 -25
package/build/errors/DecryptAeadError.js.map +1 -0
package/build/errors/DecryptKemError.d.ts +8 -0
package/build/errors/DecryptKemError.js +8 -25
package/build/errors/DecryptKemError.js.map +1 -0
package/build/errors/PolicyError.d.ts +8 -0
package/build/errors/PolicyError.js +8 -25
package/build/errors/PolicyError.js.map +1 -0
package/build/errors/VaultError.d.ts +52 -0
package/build/errors/VaultError.js +19 -30
package/build/errors/VaultError.js.map +1 -0
package/build/errors/index.d.ts +5 -0
package/build/errors/index.js +1 -0
package/build/errors/index.js.map +1 -0
package/build/handlers/CreateVaultHandler.d.ts +18 -0
package/build/handlers/CreateVaultHandler.js +75 -0
package/build/handlers/CreateVaultHandler.js.map +1 -0
package/build/handlers/DeleteVaultHandler.d.ts +17 -0
package/build/handlers/DeleteVaultHandler.js +48 -0
package/build/handlers/DeleteVaultHandler.js.map +1 -0
package/build/handlers/DenyAccessHandler.d.ts +15 -0
package/build/handlers/DenyAccessHandler.js +39 -0
package/build/handlers/DenyAccessHandler.js.map +1 -0
package/build/handlers/DenyShareHandler.d.ts +17 -0
package/build/handlers/DenyShareHandler.js +49 -0
package/build/handlers/DenyShareHandler.js.map +1 -0
package/build/handlers/GrantAccessHandler.d.ts +17 -0
package/build/handlers/GrantAccessHandler.js +59 -0
package/build/handlers/GrantAccessHandler.js.map +1 -0
package/build/handlers/ProvideShareHandler.d.ts +17 -0
package/build/handlers/ProvideShareHandler.js +77 -0
package/build/handlers/ProvideShareHandler.js.map +1 -0
package/build/handlers/RequestAccessHandler.d.ts +18 -0
package/build/handlers/RequestAccessHandler.js +60 -0
package/build/handlers/RequestAccessHandler.js.map +1 -0
package/build/handlers/RequestShareHandler.d.ts +19 -0
package/build/handlers/RequestShareHandler.js +70 -0
package/build/handlers/RequestShareHandler.js.map +1 -0
package/build/handlers/RequestStorageHandler.d.ts +53 -0
package/build/handlers/RequestStorageHandler.js +158 -0
package/build/handlers/RequestStorageHandler.js.map +1 -0
package/build/handlers/RetrieveVaultHandler.d.ts +18 -0
package/build/handlers/RetrieveVaultHandler.js +65 -0
package/build/handlers/RetrieveVaultHandler.js.map +1 -0
package/build/handlers/StoreVaultHandler.d.ts +17 -0
package/build/handlers/StoreVaultHandler.js +77 -0
package/build/handlers/StoreVaultHandler.js.map +1 -0
package/build/handlers/UpdateVaultHandler.d.ts +18 -0
package/build/handlers/UpdateVaultHandler.js +77 -0
package/build/handlers/UpdateVaultHandler.js.map +1 -0
package/build/handlers/VaultCreatedAckHandler.d.ts +15 -0
package/build/handlers/VaultCreatedAckHandler.js +39 -0
package/build/handlers/VaultCreatedAckHandler.js.map +1 -0
package/build/handlers/VaultDataHandler.d.ts +19 -0
package/build/handlers/VaultDataHandler.js +68 -0
package/build/handlers/VaultDataHandler.js.map +1 -0
package/build/handlers/VaultProblemReportHandler.d.ts +17 -0
package/build/handlers/VaultProblemReportHandler.js +40 -0
package/build/handlers/VaultProblemReportHandler.js.map +1 -0
package/build/handlers/VaultReferenceHandler.d.ts +33 -0
package/build/handlers/VaultReferenceHandler.js +169 -0
package/build/handlers/VaultReferenceHandler.js.map +1 -0
package/build/handlers/VaultStoredAckHandler.d.ts +15 -0
package/build/handlers/VaultStoredAckHandler.js +38 -0
package/build/handlers/VaultStoredAckHandler.js.map +1 -0
package/build/handlers/index.d.ts +17 -0
package/build/handlers/index.js +44 -0
package/build/handlers/index.js.map +1 -0
package/build/index.d.ts +42 -0
package/build/index.js +13 -1
package/build/index.js.map +1 -0
package/build/messages/CreateVaultMessage.d.ts +39 -0
package/build/messages/CreateVaultMessage.js +65 -115
package/build/messages/CreateVaultMessage.js.map +1 -0
package/build/messages/DeleteVaultMessage.d.ts +22 -0
package/build/messages/DeleteVaultMessage.js +51 -103
package/build/messages/DeleteVaultMessage.js.map +1 -0
package/build/messages/DenyAccessMessage.d.ts +22 -0
package/build/messages/DenyAccessMessage.js +50 -103
package/build/messages/DenyAccessMessage.js.map +1 -0
package/build/messages/DenyShareMessage.d.ts +24 -0
package/build/messages/DenyShareMessage.js +56 -109
package/build/messages/DenyShareMessage.js.map +1 -0
package/build/messages/GrantAccessMessage.d.ts +32 -0
package/build/messages/GrantAccessMessage.js +63 -115
package/build/messages/GrantAccessMessage.js.map +1 -0
package/build/messages/ProvideShareMessage.d.ts +26 -0
package/build/messages/ProvideShareMessage.js +62 -115
package/build/messages/ProvideShareMessage.js.map +1 -0
package/build/messages/ProvideStorageMessage.d.ts +90 -0
package/build/messages/ProvideStorageMessage.js +193 -0
package/build/messages/ProvideStorageMessage.js.map +1 -0
package/build/messages/RequestAccessMessage.d.ts +30 -0
package/build/messages/RequestAccessMessage.js +57 -109
package/build/messages/RequestAccessMessage.js.map +1 -0
package/build/messages/RequestShareMessage.d.ts +24 -0
package/build/messages/RequestShareMessage.js +56 -109
package/build/messages/RequestShareMessage.js.map +1 -0
package/build/messages/RequestStorageMessage.d.ts +50 -0
package/build/messages/RequestStorageMessage.js +98 -0
package/build/messages/RequestStorageMessage.js.map +1 -0
package/build/messages/RetrieveVaultMessage.d.ts +20 -0
package/build/messages/RetrieveVaultMessage.js +44 -97
package/build/messages/RetrieveVaultMessage.js.map +1 -0
package/build/messages/StoreVaultMessage.d.ts +23 -0
package/build/messages/StoreVaultMessage.js +51 -103
package/build/messages/StoreVaultMessage.js.map +1 -0
package/build/messages/UpdateVaultMessage.d.ts +25 -0
package/build/messages/UpdateVaultMessage.js +58 -109
package/build/messages/UpdateVaultMessage.js.map +1 -0
package/build/messages/VaultCreatedAckMessage.d.ts +20 -0
package/build/messages/VaultCreatedAckMessage.js +44 -97
package/build/messages/VaultCreatedAckMessage.js.map +1 -0
package/build/messages/VaultDataMessage.d.ts +34 -0
package/build/messages/VaultDataMessage.js +59 -110
package/build/messages/VaultDataMessage.js.map +1 -0
package/build/messages/VaultProblemReportMessage.d.ts +35 -0
package/build/messages/VaultProblemReportMessage.js +56 -102
package/build/messages/VaultProblemReportMessage.js.map +1 -0
package/build/messages/VaultReferenceMessage.d.ts +66 -0
package/build/messages/VaultReferenceMessage.js +138 -0
package/build/messages/VaultReferenceMessage.js.map +1 -0
package/build/messages/VaultStoredAckMessage.d.ts +33 -0
package/build/messages/VaultStoredAckMessage.js +51 -104
package/build/messages/VaultStoredAckMessage.js.map +1 -0
package/build/messages/index.d.ts +18 -0
package/build/messages/index.js +6 -1
package/build/messages/index.js.map +1 -0
package/build/models/ThresholdSession.d.ts +37 -0
package/build/models/ThresholdSession.js +1 -0
package/build/models/ThresholdSession.js.map +1 -0
package/build/models/VaultDocument.d.ts +22 -0
package/build/models/VaultDocument.js +1 -0
package/build/models/VaultDocument.js.map +1 -0
package/build/models/VaultHeader.d.ts +92 -0
package/build/models/VaultHeader.js +4 -6
package/build/models/VaultHeader.js.map +1 -0
package/build/models/VaultPolicy.d.ts +24 -0
package/build/models/VaultPolicy.js +1 -0
package/build/models/VaultPolicy.js.map +1 -0
package/build/models/index.d.ts +4 -0
package/build/models/index.js +1 -0
package/build/models/index.js.map +1 -0
package/build/repository/KemKeypairRecord.d.ts +37 -0
package/build/repository/KemKeypairRecord.js +35 -0
package/build/repository/KemKeypairRecord.js.map +1 -0
package/build/repository/KemKeypairRepository.d.ts +18 -0
package/build/repository/KemKeypairRepository.js +50 -0
package/build/repository/KemKeypairRepository.js.map +1 -0
package/build/repository/ThresholdSessionRecord.d.ts +93 -0
package/build/repository/ThresholdSessionRecord.js +58 -92
package/build/repository/ThresholdSessionRecord.js.map +1 -0
package/build/repository/ThresholdSessionRepository.d.ts +35 -0
package/build/repository/ThresholdSessionRepository.js +72 -208
package/build/repository/ThresholdSessionRepository.js.map +1 -0
package/build/repository/VaultRecord.d.ts +105 -0
package/build/repository/VaultRecord.js +94 -115
package/build/repository/VaultRecord.js.map +1 -0
package/build/repository/VaultRepository.d.ts +35 -0
package/build/repository/VaultRepository.js +66 -192
package/build/repository/VaultRepository.js.map +1 -0
package/build/repository/index.d.ts +9 -0
package/build/repository/index.js +7 -1
package/build/repository/index.js.map +1 -0
package/build/services/HPKEService.d.ts +67 -0
package/build/services/HPKEService.js +106 -0
package/build/services/HPKEService.js.map +1 -0
package/build/services/KemKeyExchangeService.d.ts +207 -0
package/build/services/KemKeyExchangeService.js +323 -0
package/build/services/KemKeyExchangeService.js.map +1 -0
package/build/services/VaultEncryptionService.d.ts +120 -0
package/build/services/VaultEncryptionService.js +469 -588
package/build/services/VaultEncryptionService.js.map +1 -0
package/build/services/VaultService.d.ts +127 -0
package/build/services/VaultService.js +224 -376
package/build/services/VaultService.js.map +1 -0
package/build/services/VaultSigningService.d.ts +216 -0
package/build/services/VaultSigningService.js +498 -0
package/build/services/VaultSigningService.js.map +1 -0
package/build/services/index.d.ts +9 -0
package/build/services/index.js +10 -1
package/build/services/index.js.map +1 -0
package/build/storage/VaultStorageConfig.d.ts +97 -0
package/build/storage/VaultStorageConfig.js +22 -0
package/build/storage/VaultStorageConfig.js.map +1 -0
package/build/storage/VaultStorageService.d.ts +118 -0
package/build/storage/VaultStorageService.js +381 -0
package/build/storage/VaultStorageService.js.map +1 -0
package/build/storage/index.d.ts +2 -0
package/build/storage/index.js +21 -0
package/build/storage/index.js.map +1 -0
package/package.json +5 -2

package/build/VaultsApi.d.ts ADDED Viewed

@@ -0,0 +1,363 @@
+import type { VaultRecord } from './repository/VaultRecord';
+import type { KemKeypairWithKid } from './services/KemKeyExchangeService';
+import type { VaultInfo, CreateVaultOptions, OpenVaultOptions, UpdateVaultOptions } from './services/VaultService';
+import type { CreateSigningVaultOptions, SigningVaultResult, OpenSigningVaultResult, ReturnSignedDocumentOptions } from './services/VaultSigningService';
+import type { Logger } from '@credo-ts/core';
+import type { S3StorageConfig } from './storage/VaultStorageConfig';
+import { AgentContext, MessageHandlerRegistry, EventEmitter } from '@credo-ts/core';
+import { VaultService } from './services/VaultService';
+import { KemKeyExchangeService } from './services/KemKeyExchangeService';
+import { VaultSigningService } from './services/VaultSigningService';
+import { VaultStorageService } from './storage/VaultStorageService';
+import { VaultRepository } from './repository/VaultRepository';
+import { ThresholdSessionRepository } from './repository/ThresholdSessionRepository';
+import { VaultDataMessage } from './messages';
+/**
+ * Vaults API
+ *
+ * Public API for vault operations.
+ * Provides a clean interface for creating, opening, and managing encrypted vaults.
+ *
+ * All encryption and decryption happens client-side.
+ */
+export declare class VaultsApi {
+    private vaultService;
+    private agentContext;
+    private logger;
+    private kemKeyExchangeService;
+    private vaultSigningService;
+    private storageService;
+    constructor(agentContext: AgentContext, messageHandlerRegistry: MessageHandlerRegistry, eventEmitter: EventEmitter, logger: Logger, vaultService: VaultService, kemKeyExchangeService: KemKeyExchangeService, vaultSigningService: VaultSigningService, storageService: VaultStorageService, vaultRepository: VaultRepository, thresholdSessionRepository: ThresholdSessionRepository);
+    private registerMessageHandlers;
+    /**
+     * Configure external storage (S3) for large file support
+     *
+     * @param config - S3 storage configuration
+     *
+     * @example
+     * ```typescript
+     * await agent.modules.vaults.configureStorage({
+     *   type: 's3',
+     *   bucket: 'my-vault-bucket',
+     *   region: 'us-east-1',
+     *   accessKeyId: process.env.AWS_ACCESS_KEY_ID,
+     *   secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
+     * })
+     * ```
+     */
+    configureStorage(config: S3StorageConfig): Promise<void>;
+    /**
+     * Check if external storage is configured
+     */
+    isStorageConfigured(): boolean;
+    /**
+     * Get the storage service for direct operations
+     */
+    getStorageService(): VaultStorageService;
+    /**
+     * Create a new encrypted vault
+     *
+     * @param data - Raw data to encrypt (e.g., PDF bytes)
+     * @param options - Creation options including passphrase
+     * @returns Created vault identifiers
+     *
+     * @example
+     * ```typescript
+     * const pdfBytes = await fs.readFile('contract.pdf')
+     * const { vaultId } = await agent.modules.vaults.create(pdfBytes, {
+     *   passphrase: 'my-secure-passphrase',
+     *   metadata: { description: 'Employment Contract' }
+     * })
+     * ```
+     */
+    create(data: Uint8Array, options: CreateVaultOptions): Promise<{
+        vaultId: string;
+        docId: string;
+    }>;
+    /**
+     * Open (decrypt) a vault
+     *
+     * @param vaultId - Vault identifier
+     * @param options - Open options including passphrase
+     * @returns Decrypted data
+     *
+     * @example
+     * ```typescript
+     * const decrypted = await agent.modules.vaults.open(vaultId, {
+     *   passphrase: 'my-secure-passphrase'
+     * })
+     * await fs.writeFile('contract-decrypted.pdf', decrypted)
+     * ```
+     */
+    open(vaultId: string, options: OpenVaultOptions): Promise<Uint8Array>;
+    /**
+     * Update vault with new data
+     *
+     * @param vaultId - Vault identifier
+     * @param data - New data to encrypt
+     * @param options - Update options including passphrase
+     *
+     * @example
+     * ```typescript
+     * const newPdfBytes = await fs.readFile('contract-v2.pdf')
+     * await agent.modules.vaults.update(vaultId, newPdfBytes, {
+     *   passphrase: 'my-secure-passphrase'
+     * })
+     * ```
+     */
+    update(vaultId: string, data: Uint8Array, options: UpdateVaultOptions): Promise<void>;
+    /**
+     * Delete a vault
+     *
+     * @param vaultId - Vault identifier
+     *
+     * @example
+     * ```typescript
+     * await agent.modules.vaults.delete(vaultId)
+     * ```
+     */
+    delete(vaultId: string): Promise<void>;
+    /**
+     * List all vaults
+     *
+     * @returns Array of vault records
+     *
+     * @example
+     * ```typescript
+     * const vaults = await agent.modules.vaults.list()
+     * console.log(`Total vaults: ${vaults.length}`)
+     * ```
+     */
+    list(): Promise<VaultRecord[]>;
+    /**
+     * Get vault info (metadata without decrypting)
+     *
+     * @param vaultId - Vault identifier
+     * @returns Vault information
+     *
+     * @example
+     * ```typescript
+     * const info = await agent.modules.vaults.getInfo(vaultId)
+     * console.log(`Vault: ${info.vaultId}, Epoch: ${info.header.epoch}`)
+     * ```
+     */
+    getInfo(vaultId: string): Promise<VaultInfo>;
+    /**
+     * Check if a vault exists
+     *
+     * @param vaultId - Vault identifier
+     * @returns True if vault exists
+     *
+     * @example
+     * ```typescript
+     * if (await agent.modules.vaults.exists(vaultId)) {
+     *   console.log('Vault found!')
+     * }
+     * ```
+     */
+    exists(vaultId: string): Promise<boolean>;
+    /**
+     * Get the raw vault record (for advanced operations)
+     *
+     * @param vaultId - Vault identifier
+     * @returns Vault record or null
+     */
+    getRecord(vaultId: string): Promise<VaultRecord | null>;
+    /**
+     * Generate a new ML-KEM keypair for vault sharing
+     *
+     * @returns Keypair with key ID
+     *
+     * @example
+     * ```typescript
+     * const keypair = agent.modules.vaults.generateKemKeypair()
+     * console.log(`Generated KEM key: ${keypair.kid}`)
+     * ```
+     */
+    generateKemKeypair(): KemKeypairWithKid;
+    /**
+     * Store peer's ML-KEM public key for vault encryption
+     *
+     * @param connectionId - Connection to associate the key with
+     * @param kid - Key identifier
+     * @param publicKey - ML-KEM public key
+     *
+     * @example
+     * ```typescript
+     * await agent.modules.vaults.storePeerKemKey(connectionId, {
+     *   kid: 'peer-key-id',
+     *   publicKey: peerPublicKey
+     * })
+     * ```
+     */
+    storePeerKemKey(connectionId: string, keyInfo: {
+        kid: string;
+        publicKey: Uint8Array;
+    }): Promise<void>;
+    /**
+     * Get peer's ML-KEM public key
+     *
+     * @param connectionId - Connection ID
+     * @returns Peer's key info or null
+     *
+     * @example
+     * ```typescript
+     * const peerKey = await agent.modules.vaults.getPeerKemKey(connectionId)
+     * if (peerKey) {
+     *   // Can now create vault encrypted to peer
+     * }
+     * ```
+     */
+    getPeerKemKey(connectionId: string): Promise<import("./services/KemKeyExchangeService").KemPublicKeyInfo | null>;
+    /**
+     * Check if peer has a KEM key stored
+     *
+     * @param connectionId - Connection ID
+     * @returns True if peer has KEM key
+     */
+    hasPeerKemKey(connectionId: string): Promise<boolean>;
+    /**
+     * Store a local KEM keypair for a connection
+     *
+     * Call this after generateKemKeypair() to persist the keypair locally
+     * for later vault decryption.
+     *
+     * @param connectionId - Connection to associate the keypair with
+     * @param keypair - Full keypair including secret key
+     */
+    storeLocalKeypair(connectionId: string, keypair: KemKeypairWithKid): Promise<void>;
+    /**
+     * Get the local KEM keypair for a connection
+     *
+     * @param connectionId - Connection ID
+     * @returns Full keypair or null
+     */
+    getLocalKeypair(connectionId: string): Promise<KemKeypairWithKid | null>;
+    /**
+     * Check if a local keypair exists for a connection
+     *
+     * @param connectionId - Connection ID
+     * @returns True if local keypair exists
+     */
+    hasLocalKeypair(connectionId: string): Promise<boolean>;
+    /**
+     * Find a local keypair by key identifier (kid)
+     *
+     * @param kid - Key identifier to search for
+     * @returns Keypair and associated connectionId, or null
+     */
+    findKeypairByKid(kid: string): Promise<{
+        keypair: KemKeypairWithKid;
+        connectionId: string;
+    } | null>;
+    /**
+     * Delete the local keypair for a connection
+     *
+     * @param connectionId - Connection ID
+     */
+    deleteLocalKeypair(connectionId: string): Promise<void>;
+    /**
+     * Create a signing vault encrypted to a signer's ML-KEM key
+     *
+     * Use this to send a document to someone for signing.
+     * The document is encrypted so only the intended signer can decrypt it.
+     *
+     * @param options - Creation options
+     * @returns Created vault identifiers
+     *
+     * @example
+     * ```typescript
+     * // Create vault for Bob to sign
+     * const { vaultId } = await agent.modules.vaults.createSigningVault({
+     *   document: pdfBytes,
+     *   signerConnectionId: bobConnectionId,
+     *   documentType: 'pdf',
+     *   metadata: { description: 'Contract for signing' }
+     * })
+     *
+     * // Share with Bob
+     * await agent.modules.vaults.shareSigningVault(vaultId, bobConnectionId)
+     * ```
+     */
+    createSigningVault(options: CreateSigningVaultOptions): Promise<SigningVaultResult>;
+    /**
+     * Open (decrypt) a vault received for signing
+     *
+     * @param vaultData - Received vault data (message or record)
+     * @param secretKey - Your ML-KEM secret key
+     * @param kid - Your key identifier
+     * @returns Decrypted document and metadata
+     *
+     * @example
+     * ```typescript
+     * // Decrypt vault received for signing
+     * const { document, header } = await agent.modules.vaults.openSigningVault(
+     *   vaultRecord,
+     *   myKemKeypair.secretKey,
+     *   myKemKeypair.kid
+     * )
+     *
+     * // Sign the document
+     * const signedPdf = await signPdf(document)
+     * ```
+     */
+    openSigningVault(vaultData: VaultDataMessage | VaultRecord, secretKey: Uint8Array, kid: string): Promise<OpenSigningVaultResult>;
+    /**
+     * Share a signing vault with a connection
+     *
+     * Sends the encrypted vault to the specified connection via DIDComm
+     *
+     * @param vaultId - Vault to share
+     * @param connectionId - Connection to send to
+     *
+     * @example
+     * ```typescript
+     * await agent.modules.vaults.shareSigningVault(vaultId, bobConnectionId)
+     * ```
+     */
+    shareSigningVault(vaultId: string, connectionId: string): Promise<void>;
+    /**
+     * Return a signed document to the vault owner
+     *
+     * Creates a new vault with the signed document encrypted to the owner's key
+     *
+     * @param options - Return options
+     * @returns New vault containing the signed document
+     *
+     * @example
+     * ```typescript
+     * await agent.modules.vaults.returnSignedDocument({
+     *   signedDocument: signedPdfBytes,
+     *   originalVaultId: receivedVaultId,
+     *   ownerConnectionId: aliceConnectionId,
+     *   documentType: 'pdf',
+     *   metadata: { signatureType: 'pades-b-lta' }
+     * })
+     * ```
+     */
+    returnSignedDocument(options: ReturnSignedDocumentOptions): Promise<SigningVaultResult>;
+    /**
+     * Resolve the decryption key for a vault
+     *
+     * Automatically finds the correct local KEM keypair that can decrypt
+     * the specified vault by matching recipient kids in the vault header.
+     *
+     * @param vaultId - Vault to find decryption key for
+     * @returns Secret key, kid, and connectionId; or null if no matching key found
+     *
+     * @example
+     * ```typescript
+     * const key = await agent.modules.vaults.resolveVaultDecryptionKey(vaultId)
+     * if (key) {
+     *   const { document } = await agent.modules.vaults.openSigningVault(
+     *     vaultRecord, key.secretKey, key.kid
+     *   )
+     * }
+     * ```
+     */
+    resolveVaultDecryptionKey(vaultId: string): Promise<{
+        secretKey: Uint8Array;
+        kid: string;
+        connectionId: string;
+    } | null>;
+}