npm - @ajna-inc/vaults - Versions diffs - 0.1.0 → 0.1.2 - Mend

@ajna-inc/vaults 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (208) hide show

package/build/VaultsApi.d.ts +363 -0
package/build/VaultsApi.js +450 -248
package/build/VaultsApi.js.map +1 -0
package/build/VaultsEvents.d.ts +227 -0
package/build/VaultsEvents.js +8 -0
package/build/VaultsEvents.js.map +1 -0
package/build/VaultsModule.d.ts +64 -0
package/build/VaultsModule.js +43 -18
package/build/VaultsModule.js.map +1 -0
package/build/crypto/wasm/VaultCrypto.d.ts +19 -0
package/build/crypto/wasm/VaultCrypto.js +29 -42
package/build/crypto/wasm/VaultCrypto.js.map +1 -0
package/build/errors/BadSuiteError.d.ts +8 -0
package/build/errors/BadSuiteError.js +8 -25
package/build/errors/BadSuiteError.js.map +1 -0
package/build/errors/DecryptAeadError.d.ts +8 -0
package/build/errors/DecryptAeadError.js +8 -25
package/build/errors/DecryptAeadError.js.map +1 -0
package/build/errors/DecryptKemError.d.ts +8 -0
package/build/errors/DecryptKemError.js +8 -25
package/build/errors/DecryptKemError.js.map +1 -0
package/build/errors/PolicyError.d.ts +8 -0
package/build/errors/PolicyError.js +8 -25
package/build/errors/PolicyError.js.map +1 -0
package/build/errors/VaultError.d.ts +52 -0
package/build/errors/VaultError.js +19 -30
package/build/errors/VaultError.js.map +1 -0
package/build/errors/index.d.ts +5 -0
package/build/errors/index.js +1 -0
package/build/errors/index.js.map +1 -0
package/build/handlers/CreateVaultHandler.d.ts +18 -0
package/build/handlers/CreateVaultHandler.js +75 -0
package/build/handlers/CreateVaultHandler.js.map +1 -0
package/build/handlers/DeleteVaultHandler.d.ts +17 -0
package/build/handlers/DeleteVaultHandler.js +48 -0
package/build/handlers/DeleteVaultHandler.js.map +1 -0
package/build/handlers/DenyAccessHandler.d.ts +15 -0
package/build/handlers/DenyAccessHandler.js +39 -0
package/build/handlers/DenyAccessHandler.js.map +1 -0
package/build/handlers/DenyShareHandler.d.ts +17 -0
package/build/handlers/DenyShareHandler.js +49 -0
package/build/handlers/DenyShareHandler.js.map +1 -0
package/build/handlers/GrantAccessHandler.d.ts +17 -0
package/build/handlers/GrantAccessHandler.js +59 -0
package/build/handlers/GrantAccessHandler.js.map +1 -0
package/build/handlers/ProvideShareHandler.d.ts +17 -0
package/build/handlers/ProvideShareHandler.js +77 -0
package/build/handlers/ProvideShareHandler.js.map +1 -0
package/build/handlers/RequestAccessHandler.d.ts +18 -0
package/build/handlers/RequestAccessHandler.js +60 -0
package/build/handlers/RequestAccessHandler.js.map +1 -0
package/build/handlers/RequestShareHandler.d.ts +19 -0
package/build/handlers/RequestShareHandler.js +70 -0
package/build/handlers/RequestShareHandler.js.map +1 -0
package/build/handlers/RequestStorageHandler.d.ts +53 -0
package/build/handlers/RequestStorageHandler.js +158 -0
package/build/handlers/RequestStorageHandler.js.map +1 -0
package/build/handlers/RetrieveVaultHandler.d.ts +18 -0
package/build/handlers/RetrieveVaultHandler.js +65 -0
package/build/handlers/RetrieveVaultHandler.js.map +1 -0
package/build/handlers/StoreVaultHandler.d.ts +17 -0
package/build/handlers/StoreVaultHandler.js +77 -0
package/build/handlers/StoreVaultHandler.js.map +1 -0
package/build/handlers/UpdateVaultHandler.d.ts +18 -0
package/build/handlers/UpdateVaultHandler.js +77 -0
package/build/handlers/UpdateVaultHandler.js.map +1 -0
package/build/handlers/VaultCreatedAckHandler.d.ts +15 -0
package/build/handlers/VaultCreatedAckHandler.js +39 -0
package/build/handlers/VaultCreatedAckHandler.js.map +1 -0
package/build/handlers/VaultDataHandler.d.ts +19 -0
package/build/handlers/VaultDataHandler.js +68 -0
package/build/handlers/VaultDataHandler.js.map +1 -0
package/build/handlers/VaultProblemReportHandler.d.ts +17 -0
package/build/handlers/VaultProblemReportHandler.js +40 -0
package/build/handlers/VaultProblemReportHandler.js.map +1 -0
package/build/handlers/VaultReferenceHandler.d.ts +33 -0
package/build/handlers/VaultReferenceHandler.js +169 -0
package/build/handlers/VaultReferenceHandler.js.map +1 -0
package/build/handlers/VaultStoredAckHandler.d.ts +15 -0
package/build/handlers/VaultStoredAckHandler.js +38 -0
package/build/handlers/VaultStoredAckHandler.js.map +1 -0
package/build/handlers/index.d.ts +17 -0
package/build/handlers/index.js +44 -0
package/build/handlers/index.js.map +1 -0
package/build/index.d.ts +42 -0
package/build/index.js +13 -1
package/build/index.js.map +1 -0
package/build/messages/CreateVaultMessage.d.ts +39 -0
package/build/messages/CreateVaultMessage.js +65 -115
package/build/messages/CreateVaultMessage.js.map +1 -0
package/build/messages/DeleteVaultMessage.d.ts +22 -0
package/build/messages/DeleteVaultMessage.js +51 -103
package/build/messages/DeleteVaultMessage.js.map +1 -0
package/build/messages/DenyAccessMessage.d.ts +22 -0
package/build/messages/DenyAccessMessage.js +50 -103
package/build/messages/DenyAccessMessage.js.map +1 -0
package/build/messages/DenyShareMessage.d.ts +24 -0
package/build/messages/DenyShareMessage.js +56 -109
package/build/messages/DenyShareMessage.js.map +1 -0
package/build/messages/GrantAccessMessage.d.ts +32 -0
package/build/messages/GrantAccessMessage.js +63 -115
package/build/messages/GrantAccessMessage.js.map +1 -0
package/build/messages/ProvideShareMessage.d.ts +26 -0
package/build/messages/ProvideShareMessage.js +62 -115
package/build/messages/ProvideShareMessage.js.map +1 -0
package/build/messages/ProvideStorageMessage.d.ts +90 -0
package/build/messages/ProvideStorageMessage.js +193 -0
package/build/messages/ProvideStorageMessage.js.map +1 -0
package/build/messages/RequestAccessMessage.d.ts +30 -0
package/build/messages/RequestAccessMessage.js +57 -109
package/build/messages/RequestAccessMessage.js.map +1 -0
package/build/messages/RequestShareMessage.d.ts +24 -0
package/build/messages/RequestShareMessage.js +56 -109
package/build/messages/RequestShareMessage.js.map +1 -0
package/build/messages/RequestStorageMessage.d.ts +50 -0
package/build/messages/RequestStorageMessage.js +98 -0
package/build/messages/RequestStorageMessage.js.map +1 -0
package/build/messages/RetrieveVaultMessage.d.ts +20 -0
package/build/messages/RetrieveVaultMessage.js +44 -97
package/build/messages/RetrieveVaultMessage.js.map +1 -0
package/build/messages/StoreVaultMessage.d.ts +23 -0
package/build/messages/StoreVaultMessage.js +51 -103
package/build/messages/StoreVaultMessage.js.map +1 -0
package/build/messages/UpdateVaultMessage.d.ts +25 -0
package/build/messages/UpdateVaultMessage.js +58 -109
package/build/messages/UpdateVaultMessage.js.map +1 -0
package/build/messages/VaultCreatedAckMessage.d.ts +20 -0
package/build/messages/VaultCreatedAckMessage.js +44 -97
package/build/messages/VaultCreatedAckMessage.js.map +1 -0
package/build/messages/VaultDataMessage.d.ts +34 -0
package/build/messages/VaultDataMessage.js +59 -110
package/build/messages/VaultDataMessage.js.map +1 -0
package/build/messages/VaultProblemReportMessage.d.ts +35 -0
package/build/messages/VaultProblemReportMessage.js +56 -102
package/build/messages/VaultProblemReportMessage.js.map +1 -0
package/build/messages/VaultReferenceMessage.d.ts +66 -0
package/build/messages/VaultReferenceMessage.js +138 -0
package/build/messages/VaultReferenceMessage.js.map +1 -0
package/build/messages/VaultStoredAckMessage.d.ts +33 -0
package/build/messages/VaultStoredAckMessage.js +51 -104
package/build/messages/VaultStoredAckMessage.js.map +1 -0
package/build/messages/index.d.ts +18 -0
package/build/messages/index.js +6 -1
package/build/messages/index.js.map +1 -0
package/build/models/ThresholdSession.d.ts +37 -0
package/build/models/ThresholdSession.js +1 -0
package/build/models/ThresholdSession.js.map +1 -0
package/build/models/VaultDocument.d.ts +22 -0
package/build/models/VaultDocument.js +1 -0
package/build/models/VaultDocument.js.map +1 -0
package/build/models/VaultHeader.d.ts +92 -0
package/build/models/VaultHeader.js +4 -6
package/build/models/VaultHeader.js.map +1 -0
package/build/models/VaultPolicy.d.ts +24 -0
package/build/models/VaultPolicy.js +1 -0
package/build/models/VaultPolicy.js.map +1 -0
package/build/models/index.d.ts +4 -0
package/build/models/index.js +1 -0
package/build/models/index.js.map +1 -0
package/build/repository/KemKeypairRecord.d.ts +37 -0
package/build/repository/KemKeypairRecord.js +35 -0
package/build/repository/KemKeypairRecord.js.map +1 -0
package/build/repository/KemKeypairRepository.d.ts +18 -0
package/build/repository/KemKeypairRepository.js +50 -0
package/build/repository/KemKeypairRepository.js.map +1 -0
package/build/repository/ThresholdSessionRecord.d.ts +93 -0
package/build/repository/ThresholdSessionRecord.js +58 -92
package/build/repository/ThresholdSessionRecord.js.map +1 -0
package/build/repository/ThresholdSessionRepository.d.ts +35 -0
package/build/repository/ThresholdSessionRepository.js +72 -208
package/build/repository/ThresholdSessionRepository.js.map +1 -0
package/build/repository/VaultRecord.d.ts +105 -0
package/build/repository/VaultRecord.js +94 -115
package/build/repository/VaultRecord.js.map +1 -0
package/build/repository/VaultRepository.d.ts +35 -0
package/build/repository/VaultRepository.js +66 -192
package/build/repository/VaultRepository.js.map +1 -0
package/build/repository/index.d.ts +9 -0
package/build/repository/index.js +7 -1
package/build/repository/index.js.map +1 -0
package/build/services/HPKEService.d.ts +67 -0
package/build/services/HPKEService.js +106 -0
package/build/services/HPKEService.js.map +1 -0
package/build/services/KemKeyExchangeService.d.ts +207 -0
package/build/services/KemKeyExchangeService.js +323 -0
package/build/services/KemKeyExchangeService.js.map +1 -0
package/build/services/VaultEncryptionService.d.ts +120 -0
package/build/services/VaultEncryptionService.js +469 -588
package/build/services/VaultEncryptionService.js.map +1 -0
package/build/services/VaultService.d.ts +127 -0
package/build/services/VaultService.js +224 -376
package/build/services/VaultService.js.map +1 -0
package/build/services/VaultSigningService.d.ts +216 -0
package/build/services/VaultSigningService.js +498 -0
package/build/services/VaultSigningService.js.map +1 -0
package/build/services/index.d.ts +9 -0
package/build/services/index.js +10 -1
package/build/services/index.js.map +1 -0
package/build/storage/VaultStorageConfig.d.ts +97 -0
package/build/storage/VaultStorageConfig.js +22 -0
package/build/storage/VaultStorageConfig.js.map +1 -0
package/build/storage/VaultStorageService.d.ts +118 -0
package/build/storage/VaultStorageService.js +381 -0
package/build/storage/VaultStorageService.js.map +1 -0
package/build/storage/index.d.ts +2 -0
package/build/storage/index.js +21 -0
package/build/storage/index.js.map +1 -0
package/package.json +5 -2

package/build/services/VaultEncryptionService.d.ts ADDED Viewed

@@ -0,0 +1,120 @@
+import type { AeadAlgorithm } from '../models';
+import type { VaultDocument } from '../models/VaultDocument';
+export interface EncryptS3Options {
+    docId?: string;
+    vaultId?: string;
+    epoch?: number;
+    memory?: number;
+    iterations?: number;
+    aead?: AeadAlgorithm;
+}
+export interface EncryptP1Options {
+    docId?: string;
+    vaultId?: string;
+}
+export interface RecipientKey {
+    kid: string;
+    publicKey: Uint8Array;
+}
+export interface DecryptedShare {
+    index: number;
+    share: Uint8Array;
+}
+/**
+ * Vault Encryption Service
+ *
+ * Provides client-side encryption/decryption for all vault policy modes:
+ * - S3 suite: Passphrase-based (Argon2id → AES-256-GCM)
+ * - P1 suite: Post-quantum (ML-KEM-768 → AES-256-GCM)
+ *
+ * All encryption and decryption happens client-side per ZK-Vault spec.
+ */
+export declare class VaultEncryptionService {
+    /**
+     * Encrypt data with passphrase (S3 suite)
+     * All encryption happens CLIENT-SIDE
+     *
+     * @param plaintext - Data to encrypt
+     * @param passphrase - User passphrase
+     * @param options - Encryption options
+     * @returns Encrypted vault document
+     */
+    encryptWithPassphrase(plaintext: Uint8Array, passphrase: string, options?: EncryptS3Options): Promise<VaultDocument>;
+    /**
+     * Decrypt passphrase-protected vault (S3 suite)
+     * All decryption happens CLIENT-SIDE
+     *
+     * @param vault - Encrypted vault document
+     * @param passphrase - User passphrase
+     * @returns Decrypted plaintext
+     */
+    decryptWithPassphrase(vault: VaultDocument, passphrase: string): Promise<Uint8Array>;
+    /**
+     * Encrypt with any-of policy (spec §6.1)
+     * Each recipient gets their own KEM-wrapped CEK
+     *
+     * @param plaintext - Data to encrypt
+     * @param recipients - Array of recipient public keys
+     * @param options - Encryption options
+     * @returns Encrypted vault document
+     */
+    encryptAnyOf(plaintext: Uint8Array, recipients: RecipientKey[], options?: EncryptP1Options): Promise<VaultDocument>;
+    /**
+     * Decrypt any-of vault (spec §9.2)
+     * Try the specified recipient's wrap
+     *
+     * @param vault - Encrypted vault document
+     * @param recipientSecretKey - Recipient's ML-KEM secret key
+     * @param recipientKid - Recipient's key identifier
+     * @returns Decrypted plaintext
+     */
+    decryptAnyOf(vault: VaultDocument, recipientSecretKey: Uint8Array, recipientKid: string): Promise<Uint8Array>;
+    /**
+     * Encrypt with all-of policy (spec §6.2)
+     * Requires ALL listed keys to decrypt via HKDF-join
+     *
+     * @param plaintext - Data to encrypt
+     * @param participants - Array of participant public keys
+     * @param options - Encryption options
+     * @returns Encrypted vault document
+     */
+    encryptAllOf(plaintext: Uint8Array, participants: RecipientKey[], options?: EncryptP1Options): Promise<VaultDocument>;
+    /**
+     * Encrypt with threshold policy (spec §6.3)
+     * Any t-of-n participants can decrypt
+     *
+     * @param plaintext - Data to encrypt
+     * @param threshold - Minimum shares required (t)
+     * @param participants - Array of participant public keys (n)
+     * @param options - Encryption options
+     * @returns Encrypted vault document
+     */
+    encryptThreshold(plaintext: Uint8Array, threshold: number, participants: RecipientKey[], options?: EncryptP1Options): Promise<VaultDocument>;
+    /**
+     * Decrypt threshold vault with collected shares
+     *
+     * @param vault - Encrypted vault document
+     * @param decryptedShares - Array of decrypted shares (at least t shares)
+     * @returns Decrypted plaintext
+     */
+    decryptThreshold(vault: VaultDocument, decryptedShares: DecryptedShare[]): Promise<Uint8Array>;
+    /**
+     * Unwrap a single threshold share for a participant
+     *
+     * @param vault - Encrypted vault document
+     * @param participantSecretKey - Participant's ML-KEM secret key
+     * @param participantKid - Participant's key identifier
+     * @returns Decrypted share with its index
+     */
+    unwrapThresholdShare(vault: VaultDocument, participantSecretKey: Uint8Array, participantKid: string): Promise<DecryptedShare>;
+    /**
+     * Derive key from passphrase using Argon2id
+     * Spec §4.1 S1/S3 suite
+     */
+    private deriveKeyArgon2;
+    /**
+     * Zero out sensitive data from memory
+     * Security best practice to minimize exposure window
+     */
+    private zeroize;
+}