npm - @ajna-inc/vaults - Versions diffs - 0.1.0 → 0.1.2 - Mend

@ajna-inc/vaults 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (208) hide show

package/build/VaultsApi.d.ts +363 -0
package/build/VaultsApi.js +450 -248
package/build/VaultsApi.js.map +1 -0
package/build/VaultsEvents.d.ts +227 -0
package/build/VaultsEvents.js +8 -0
package/build/VaultsEvents.js.map +1 -0
package/build/VaultsModule.d.ts +64 -0
package/build/VaultsModule.js +43 -18
package/build/VaultsModule.js.map +1 -0
package/build/crypto/wasm/VaultCrypto.d.ts +19 -0
package/build/crypto/wasm/VaultCrypto.js +29 -42
package/build/crypto/wasm/VaultCrypto.js.map +1 -0
package/build/errors/BadSuiteError.d.ts +8 -0
package/build/errors/BadSuiteError.js +8 -25
package/build/errors/BadSuiteError.js.map +1 -0
package/build/errors/DecryptAeadError.d.ts +8 -0
package/build/errors/DecryptAeadError.js +8 -25
package/build/errors/DecryptAeadError.js.map +1 -0
package/build/errors/DecryptKemError.d.ts +8 -0
package/build/errors/DecryptKemError.js +8 -25
package/build/errors/DecryptKemError.js.map +1 -0
package/build/errors/PolicyError.d.ts +8 -0
package/build/errors/PolicyError.js +8 -25
package/build/errors/PolicyError.js.map +1 -0
package/build/errors/VaultError.d.ts +52 -0
package/build/errors/VaultError.js +19 -30
package/build/errors/VaultError.js.map +1 -0
package/build/errors/index.d.ts +5 -0
package/build/errors/index.js +1 -0
package/build/errors/index.js.map +1 -0
package/build/handlers/CreateVaultHandler.d.ts +18 -0
package/build/handlers/CreateVaultHandler.js +75 -0
package/build/handlers/CreateVaultHandler.js.map +1 -0
package/build/handlers/DeleteVaultHandler.d.ts +17 -0
package/build/handlers/DeleteVaultHandler.js +48 -0
package/build/handlers/DeleteVaultHandler.js.map +1 -0
package/build/handlers/DenyAccessHandler.d.ts +15 -0
package/build/handlers/DenyAccessHandler.js +39 -0
package/build/handlers/DenyAccessHandler.js.map +1 -0
package/build/handlers/DenyShareHandler.d.ts +17 -0
package/build/handlers/DenyShareHandler.js +49 -0
package/build/handlers/DenyShareHandler.js.map +1 -0
package/build/handlers/GrantAccessHandler.d.ts +17 -0
package/build/handlers/GrantAccessHandler.js +59 -0
package/build/handlers/GrantAccessHandler.js.map +1 -0
package/build/handlers/ProvideShareHandler.d.ts +17 -0
package/build/handlers/ProvideShareHandler.js +77 -0
package/build/handlers/ProvideShareHandler.js.map +1 -0
package/build/handlers/RequestAccessHandler.d.ts +18 -0
package/build/handlers/RequestAccessHandler.js +60 -0
package/build/handlers/RequestAccessHandler.js.map +1 -0
package/build/handlers/RequestShareHandler.d.ts +19 -0
package/build/handlers/RequestShareHandler.js +70 -0
package/build/handlers/RequestShareHandler.js.map +1 -0
package/build/handlers/RequestStorageHandler.d.ts +53 -0
package/build/handlers/RequestStorageHandler.js +158 -0
package/build/handlers/RequestStorageHandler.js.map +1 -0
package/build/handlers/RetrieveVaultHandler.d.ts +18 -0
package/build/handlers/RetrieveVaultHandler.js +65 -0
package/build/handlers/RetrieveVaultHandler.js.map +1 -0
package/build/handlers/StoreVaultHandler.d.ts +17 -0
package/build/handlers/StoreVaultHandler.js +77 -0
package/build/handlers/StoreVaultHandler.js.map +1 -0
package/build/handlers/UpdateVaultHandler.d.ts +18 -0
package/build/handlers/UpdateVaultHandler.js +77 -0
package/build/handlers/UpdateVaultHandler.js.map +1 -0
package/build/handlers/VaultCreatedAckHandler.d.ts +15 -0
package/build/handlers/VaultCreatedAckHandler.js +39 -0
package/build/handlers/VaultCreatedAckHandler.js.map +1 -0
package/build/handlers/VaultDataHandler.d.ts +19 -0
package/build/handlers/VaultDataHandler.js +68 -0
package/build/handlers/VaultDataHandler.js.map +1 -0
package/build/handlers/VaultProblemReportHandler.d.ts +17 -0
package/build/handlers/VaultProblemReportHandler.js +40 -0
package/build/handlers/VaultProblemReportHandler.js.map +1 -0
package/build/handlers/VaultReferenceHandler.d.ts +33 -0
package/build/handlers/VaultReferenceHandler.js +169 -0
package/build/handlers/VaultReferenceHandler.js.map +1 -0
package/build/handlers/VaultStoredAckHandler.d.ts +15 -0
package/build/handlers/VaultStoredAckHandler.js +38 -0
package/build/handlers/VaultStoredAckHandler.js.map +1 -0
package/build/handlers/index.d.ts +17 -0
package/build/handlers/index.js +44 -0
package/build/handlers/index.js.map +1 -0
package/build/index.d.ts +42 -0
package/build/index.js +13 -1
package/build/index.js.map +1 -0
package/build/messages/CreateVaultMessage.d.ts +39 -0
package/build/messages/CreateVaultMessage.js +65 -115
package/build/messages/CreateVaultMessage.js.map +1 -0
package/build/messages/DeleteVaultMessage.d.ts +22 -0
package/build/messages/DeleteVaultMessage.js +51 -103
package/build/messages/DeleteVaultMessage.js.map +1 -0
package/build/messages/DenyAccessMessage.d.ts +22 -0
package/build/messages/DenyAccessMessage.js +50 -103
package/build/messages/DenyAccessMessage.js.map +1 -0
package/build/messages/DenyShareMessage.d.ts +24 -0
package/build/messages/DenyShareMessage.js +56 -109
package/build/messages/DenyShareMessage.js.map +1 -0
package/build/messages/GrantAccessMessage.d.ts +32 -0
package/build/messages/GrantAccessMessage.js +63 -115
package/build/messages/GrantAccessMessage.js.map +1 -0
package/build/messages/ProvideShareMessage.d.ts +26 -0
package/build/messages/ProvideShareMessage.js +62 -115
package/build/messages/ProvideShareMessage.js.map +1 -0
package/build/messages/ProvideStorageMessage.d.ts +90 -0
package/build/messages/ProvideStorageMessage.js +193 -0
package/build/messages/ProvideStorageMessage.js.map +1 -0
package/build/messages/RequestAccessMessage.d.ts +30 -0
package/build/messages/RequestAccessMessage.js +57 -109
package/build/messages/RequestAccessMessage.js.map +1 -0
package/build/messages/RequestShareMessage.d.ts +24 -0
package/build/messages/RequestShareMessage.js +56 -109
package/build/messages/RequestShareMessage.js.map +1 -0
package/build/messages/RequestStorageMessage.d.ts +50 -0
package/build/messages/RequestStorageMessage.js +98 -0
package/build/messages/RequestStorageMessage.js.map +1 -0
package/build/messages/RetrieveVaultMessage.d.ts +20 -0
package/build/messages/RetrieveVaultMessage.js +44 -97
package/build/messages/RetrieveVaultMessage.js.map +1 -0
package/build/messages/StoreVaultMessage.d.ts +23 -0
package/build/messages/StoreVaultMessage.js +51 -103
package/build/messages/StoreVaultMessage.js.map +1 -0
package/build/messages/UpdateVaultMessage.d.ts +25 -0
package/build/messages/UpdateVaultMessage.js +58 -109
package/build/messages/UpdateVaultMessage.js.map +1 -0
package/build/messages/VaultCreatedAckMessage.d.ts +20 -0
package/build/messages/VaultCreatedAckMessage.js +44 -97
package/build/messages/VaultCreatedAckMessage.js.map +1 -0
package/build/messages/VaultDataMessage.d.ts +34 -0
package/build/messages/VaultDataMessage.js +59 -110
package/build/messages/VaultDataMessage.js.map +1 -0
package/build/messages/VaultProblemReportMessage.d.ts +35 -0
package/build/messages/VaultProblemReportMessage.js +56 -102
package/build/messages/VaultProblemReportMessage.js.map +1 -0
package/build/messages/VaultReferenceMessage.d.ts +66 -0
package/build/messages/VaultReferenceMessage.js +138 -0
package/build/messages/VaultReferenceMessage.js.map +1 -0
package/build/messages/VaultStoredAckMessage.d.ts +33 -0
package/build/messages/VaultStoredAckMessage.js +51 -104
package/build/messages/VaultStoredAckMessage.js.map +1 -0
package/build/messages/index.d.ts +18 -0
package/build/messages/index.js +6 -1
package/build/messages/index.js.map +1 -0
package/build/models/ThresholdSession.d.ts +37 -0
package/build/models/ThresholdSession.js +1 -0
package/build/models/ThresholdSession.js.map +1 -0
package/build/models/VaultDocument.d.ts +22 -0
package/build/models/VaultDocument.js +1 -0
package/build/models/VaultDocument.js.map +1 -0
package/build/models/VaultHeader.d.ts +92 -0
package/build/models/VaultHeader.js +4 -6
package/build/models/VaultHeader.js.map +1 -0
package/build/models/VaultPolicy.d.ts +24 -0
package/build/models/VaultPolicy.js +1 -0
package/build/models/VaultPolicy.js.map +1 -0
package/build/models/index.d.ts +4 -0
package/build/models/index.js +1 -0
package/build/models/index.js.map +1 -0
package/build/repository/KemKeypairRecord.d.ts +37 -0
package/build/repository/KemKeypairRecord.js +35 -0
package/build/repository/KemKeypairRecord.js.map +1 -0
package/build/repository/KemKeypairRepository.d.ts +18 -0
package/build/repository/KemKeypairRepository.js +50 -0
package/build/repository/KemKeypairRepository.js.map +1 -0
package/build/repository/ThresholdSessionRecord.d.ts +93 -0
package/build/repository/ThresholdSessionRecord.js +58 -92
package/build/repository/ThresholdSessionRecord.js.map +1 -0
package/build/repository/ThresholdSessionRepository.d.ts +35 -0
package/build/repository/ThresholdSessionRepository.js +72 -208
package/build/repository/ThresholdSessionRepository.js.map +1 -0
package/build/repository/VaultRecord.d.ts +105 -0
package/build/repository/VaultRecord.js +94 -115
package/build/repository/VaultRecord.js.map +1 -0
package/build/repository/VaultRepository.d.ts +35 -0
package/build/repository/VaultRepository.js +66 -192
package/build/repository/VaultRepository.js.map +1 -0
package/build/repository/index.d.ts +9 -0
package/build/repository/index.js +7 -1
package/build/repository/index.js.map +1 -0
package/build/services/HPKEService.d.ts +67 -0
package/build/services/HPKEService.js +106 -0
package/build/services/HPKEService.js.map +1 -0
package/build/services/KemKeyExchangeService.d.ts +207 -0
package/build/services/KemKeyExchangeService.js +323 -0
package/build/services/KemKeyExchangeService.js.map +1 -0
package/build/services/VaultEncryptionService.d.ts +120 -0
package/build/services/VaultEncryptionService.js +469 -588
package/build/services/VaultEncryptionService.js.map +1 -0
package/build/services/VaultService.d.ts +127 -0
package/build/services/VaultService.js +224 -376
package/build/services/VaultService.js.map +1 -0
package/build/services/VaultSigningService.d.ts +216 -0
package/build/services/VaultSigningService.js +498 -0
package/build/services/VaultSigningService.js.map +1 -0
package/build/services/index.d.ts +9 -0
package/build/services/index.js +10 -1
package/build/services/index.js.map +1 -0
package/build/storage/VaultStorageConfig.d.ts +97 -0
package/build/storage/VaultStorageConfig.js +22 -0
package/build/storage/VaultStorageConfig.js.map +1 -0
package/build/storage/VaultStorageService.d.ts +118 -0
package/build/storage/VaultStorageService.js +381 -0
package/build/storage/VaultStorageService.js.map +1 -0
package/build/storage/index.d.ts +2 -0
package/build/storage/index.js +21 -0
package/build/storage/index.js.map +1 -0
package/package.json +5 -2

package/build/VaultsApi.js CHANGED Viewed

@@ -1,81 +1,26 @@
 "use strict";
-var __esDecorate = (this && this.__esDecorate) || function (ctor, descriptorIn, decorators, contextIn, initializers, extraInitializers) {
-    function accept(f) { if (f !== void 0 && typeof f !== "function") throw new TypeError("Function expected"); return f; }
-    var kind = contextIn.kind, key = kind === "getter" ? "get" : kind === "setter" ? "set" : "value";
-    var target = !descriptorIn && ctor ? contextIn["static"] ? ctor : ctor.prototype : null;
-    var descriptor = descriptorIn || (target ? Object.getOwnPropertyDescriptor(target, contextIn.name) : {});
-    var _, done = false;
-    for (var i = decorators.length - 1; i >= 0; i--) {
-        var context = {};
-        for (var p in contextIn) context[p] = p === "access" ? {} : contextIn[p];
-        for (var p in contextIn.access) context.access[p] = contextIn.access[p];
-        context.addInitializer = function (f) { if (done) throw new TypeError("Cannot add initializers after decoration has completed"); extraInitializers.push(accept(f || null)); };
-        var result = (0, decorators[i])(kind === "accessor" ? { get: descriptor.get, set: descriptor.set } : descriptor[key], context);
-        if (kind === "accessor") {
-            if (result === void 0) continue;
-            if (result === null || typeof result !== "object") throw new TypeError("Object expected");
-            if (_ = accept(result.get)) descriptor.get = _;
-            if (_ = accept(result.set)) descriptor.set = _;
-            if (_ = accept(result.init)) initializers.unshift(_);
-        }
-        else if (_ = accept(result)) {
-            if (kind === "field") initializers.unshift(_);
-            else descriptor[key] = _;
-        }
-    }
-    if (target) Object.defineProperty(target, contextIn.name, descriptor);
-    done = true;
-};
-var __runInitializers = (this && this.__runInitializers) || function (thisArg, initializers, value) {
-    var useValue = arguments.length > 2;
-    for (var i = 0; i < initializers.length; i++) {
-        value = useValue ? initializers[i].call(thisArg, value) : initializers[i].call(thisArg);
-    }
-    return useValue ? value : void 0;
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __generator = (this && this.__generator) || function (thisArg, body) {
-    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
-    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
-    function verb(n) { return function (v) { return step([n, v]); }; }
-    function step(op) {
-        if (f) throw new TypeError("Generator is already executing.");
-        while (g && (g = 0, op[0] && (_ = 0)), _) try {
-            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
-            if (y = 0, t) op = [op[0] & 2, t.value];
-            switch (op[0]) {
-                case 0: case 1: t = op; break;
-                case 4: _.label++; return { value: op[1], done: false };
-                case 5: _.label++; y = op[1]; op = [0]; continue;
-                case 7: op = _.ops.pop(); _.trys.pop(); continue;
-                default:
-                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
-                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
-                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
-                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
-                    if (t[2]) _.ops.pop();
-                    _.trys.pop(); continue;
-            }
-            op = body.call(thisArg, _);
-        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
-        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
-    }
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
-var __setFunctionName = (this && this.__setFunctionName) || function (f, name, prefix) {
-    if (typeof name === "symbol") name = name.description ? "[".concat(name.description, "]") : "";
-    return Object.defineProperty(f, "name", { configurable: true, value: prefix ? "".concat(prefix, " ", name) : name });
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.VaultsApi = void 0;
-var core_1 = require("@credo-ts/core");
+const core_1 = require("@credo-ts/core");
+const VaultService_1 = require("./services/VaultService");
+const KemKeyExchangeService_1 = require("./services/KemKeyExchangeService");
+const VaultSigningService_1 = require("./services/VaultSigningService");
+const VaultStorageService_1 = require("./storage/VaultStorageService");
+const VaultRepository_1 = require("./repository/VaultRepository");
+const ThresholdSessionRepository_1 = require("./repository/ThresholdSessionRepository");
+const handlers_1 = require("./handlers");
 /**
  * Vaults API
  *
@@ -84,180 +29,437 @@ var core_1 = require("@credo-ts/core");
  *
  * All encryption and decryption happens client-side.
  */
-var VaultsApi = function () {
-    var _classDecorators = [(0, core_1.injectable)()];
-    var _classDescriptor;
-    var _classExtraInitializers = [];
-    var _classThis;
-    var VaultsApi = _classThis = /** @class */ (function () {
-        function VaultsApi_1(agentContext, vaultService) {
-            this.vaultService = vaultService;
-            this.agentContext = agentContext;
-        }
-        /**
-         * Create a new encrypted vault
-         *
-         * @param data - Raw data to encrypt (e.g., PDF bytes)
-         * @param options - Creation options including passphrase
-         * @returns Created vault identifiers
-         *
-         * @example
-         * ```typescript
-         * const pdfBytes = await fs.readFile('contract.pdf')
-         * const { vaultId } = await agent.modules.vaults.create(pdfBytes, {
-         *   passphrase: 'my-secure-passphrase',
-         *   metadata: { description: 'Employment Contract' }
-         * })
-         * ```
-         */
-        VaultsApi_1.prototype.create = function (data, options) {
-            return __awaiter(this, void 0, void 0, function () {
-                return __generator(this, function (_a) {
-                    return [2 /*return*/, this.vaultService.createVault(this.agentContext, data, options)];
-                });
-            });
-        };
-        /**
-         * Open (decrypt) a vault
-         *
-         * @param vaultId - Vault identifier
-         * @param options - Open options including passphrase
-         * @returns Decrypted data
-         *
-         * @example
-         * ```typescript
-         * const decrypted = await agent.modules.vaults.open(vaultId, {
-         *   passphrase: 'my-secure-passphrase'
-         * })
-         * await fs.writeFile('contract-decrypted.pdf', decrypted)
-         * ```
-         */
-        VaultsApi_1.prototype.open = function (vaultId, options) {
-            return __awaiter(this, void 0, void 0, function () {
-                return __generator(this, function (_a) {
-                    return [2 /*return*/, this.vaultService.openVault(this.agentContext, vaultId, options)];
-                });
-            });
-        };
-        /**
-         * Update vault with new data
-         *
-         * @param vaultId - Vault identifier
-         * @param data - New data to encrypt
-         * @param options - Update options including passphrase
-         *
-         * @example
-         * ```typescript
-         * const newPdfBytes = await fs.readFile('contract-v2.pdf')
-         * await agent.modules.vaults.update(vaultId, newPdfBytes, {
-         *   passphrase: 'my-secure-passphrase'
-         * })
-         * ```
-         */
-        VaultsApi_1.prototype.update = function (vaultId, data, options) {
-            return __awaiter(this, void 0, void 0, function () {
-                return __generator(this, function (_a) {
-                    return [2 /*return*/, this.vaultService.updateVault(this.agentContext, vaultId, data, options)];
-                });
-            });
-        };
-        /**
-         * Delete a vault
-         *
-         * @param vaultId - Vault identifier
-         *
-         * @example
-         * ```typescript
-         * await agent.modules.vaults.delete(vaultId)
-         * ```
-         */
-        VaultsApi_1.prototype.delete = function (vaultId) {
-            return __awaiter(this, void 0, void 0, function () {
-                return __generator(this, function (_a) {
-                    return [2 /*return*/, this.vaultService.deleteVault(this.agentContext, vaultId)];
-                });
-            });
-        };
-        /**
-         * List all vaults
-         *
-         * @returns Array of vault records
-         *
-         * @example
-         * ```typescript
-         * const vaults = await agent.modules.vaults.list()
-         * console.log(`Total vaults: ${vaults.length}`)
-         * ```
-         */
-        VaultsApi_1.prototype.list = function () {
-            return __awaiter(this, void 0, void 0, function () {
-                return __generator(this, function (_a) {
-                    return [2 /*return*/, this.vaultService.listVaults(this.agentContext)];
-                });
-            });
-        };
-        /**
-         * Get vault info (metadata without decrypting)
-         *
-         * @param vaultId - Vault identifier
-         * @returns Vault information
-         *
-         * @example
-         * ```typescript
-         * const info = await agent.modules.vaults.getInfo(vaultId)
-         * console.log(`Vault: ${info.vaultId}, Epoch: ${info.header.epoch}`)
-         * ```
-         */
-        VaultsApi_1.prototype.getInfo = function (vaultId) {
-            return __awaiter(this, void 0, void 0, function () {
-                return __generator(this, function (_a) {
-                    return [2 /*return*/, this.vaultService.getVaultInfo(this.agentContext, vaultId)];
-                });
-            });
-        };
-        /**
-         * Check if a vault exists
-         *
-         * @param vaultId - Vault identifier
-         * @returns True if vault exists
-         *
-         * @example
-         * ```typescript
-         * if (await agent.modules.vaults.exists(vaultId)) {
-         *   console.log('Vault found!')
-         * }
-         * ```
-         */
-        VaultsApi_1.prototype.exists = function (vaultId) {
-            return __awaiter(this, void 0, void 0, function () {
-                return __generator(this, function (_a) {
-                    return [2 /*return*/, this.vaultService.vaultExists(this.agentContext, vaultId)];
-                });
-            });
-        };
-        /**
-         * Get the raw vault record (for advanced operations)
-         *
-         * @param vaultId - Vault identifier
-         * @returns Vault record or null
-         */
-        VaultsApi_1.prototype.getRecord = function (vaultId) {
-            return __awaiter(this, void 0, void 0, function () {
-                return __generator(this, function (_a) {
-                    return [2 /*return*/, this.vaultService.getVaultRecord(this.agentContext, vaultId)];
-                });
-            });
-        };
-        return VaultsApi_1;
-    }());
-    __setFunctionName(_classThis, "VaultsApi");
-    (function () {
-        var _metadata = typeof Symbol === "function" && Symbol.metadata ? Object.create(null) : void 0;
-        __esDecorate(null, _classDescriptor = { value: _classThis }, _classDecorators, { kind: "class", name: _classThis.name, metadata: _metadata }, null, _classExtraInitializers);
-        VaultsApi = _classThis = _classDescriptor.value;
-        if (_metadata) Object.defineProperty(_classThis, Symbol.metadata, { enumerable: true, configurable: true, writable: true, value: _metadata });
-        __runInitializers(_classThis, _classExtraInitializers);
-    })();
-    return VaultsApi = _classThis;
-}();
+let VaultsApi = class VaultsApi {
+    constructor(agentContext, messageHandlerRegistry, eventEmitter, logger, vaultService, kemKeyExchangeService, vaultSigningService, storageService, vaultRepository, thresholdSessionRepository) {
+        this.vaultService = vaultService;
+        this.agentContext = agentContext;
+        this.logger = logger;
+        this.kemKeyExchangeService = kemKeyExchangeService;
+        this.vaultSigningService = vaultSigningService;
+        this.storageService = storageService;
+        // Register message handlers
+        this.registerMessageHandlers(messageHandlerRegistry, eventEmitter, logger, vaultRepository, thresholdSessionRepository, storageService);
+    }
+    registerMessageHandlers(messageHandlerRegistry, eventEmitter, logger, vaultRepository, sessionRepository, storageService) {
+        // Storage/retrieval handlers (inline)
+        messageHandlerRegistry.registerMessageHandler(new handlers_1.StoreVaultHandler(vaultRepository, eventEmitter));
+        messageHandlerRegistry.registerMessageHandler(new handlers_1.VaultStoredAckHandler(logger, eventEmitter));
+        messageHandlerRegistry.registerMessageHandler(new handlers_1.RetrieveVaultHandler(this.vaultService));
+        messageHandlerRegistry.registerMessageHandler(new handlers_1.VaultDataHandler(vaultRepository, eventEmitter));
+        // Storage/retrieval handlers (external storage)
+        messageHandlerRegistry.registerMessageHandler(new handlers_1.VaultReferenceHandler(logger, vaultRepository, storageService, eventEmitter));
+        messageHandlerRegistry.registerMessageHandler(new handlers_1.RequestStorageHandler(logger, storageService, eventEmitter));
+        // Lifecycle handlers
+        messageHandlerRegistry.registerMessageHandler(new handlers_1.CreateVaultHandler(logger, vaultRepository, eventEmitter));
+        messageHandlerRegistry.registerMessageHandler(new handlers_1.VaultCreatedAckHandler(logger, eventEmitter));
+        messageHandlerRegistry.registerMessageHandler(new handlers_1.UpdateVaultHandler(logger, vaultRepository, eventEmitter));
+        messageHandlerRegistry.registerMessageHandler(new handlers_1.DeleteVaultHandler(logger, vaultRepository, eventEmitter));
+        // Access control handlers
+        messageHandlerRegistry.registerMessageHandler(new handlers_1.RequestAccessHandler(logger, vaultRepository, eventEmitter));
+        messageHandlerRegistry.registerMessageHandler(new handlers_1.GrantAccessHandler(logger, vaultRepository, eventEmitter));
+        messageHandlerRegistry.registerMessageHandler(new handlers_1.DenyAccessHandler(logger, eventEmitter));
+        // Threshold handlers
+        messageHandlerRegistry.registerMessageHandler(new handlers_1.RequestShareHandler(logger, vaultRepository, sessionRepository, eventEmitter));
+        messageHandlerRegistry.registerMessageHandler(new handlers_1.ProvideShareHandler(logger, sessionRepository, eventEmitter));
+        messageHandlerRegistry.registerMessageHandler(new handlers_1.DenyShareHandler(logger, sessionRepository, eventEmitter));
+        // Error handler
+        messageHandlerRegistry.registerMessageHandler(new handlers_1.VaultProblemReportHandler(logger, eventEmitter));
+    }
+    // ═══════════════════════════════════════════════════════════════════════════
+    // Storage Configuration
+    // ═══════════════════════════════════════════════════════════════════════════
+    /**
+     * Configure external storage (S3) for large file support
+     *
+     * @param config - S3 storage configuration
+     *
+     * @example
+     * ```typescript
+     * await agent.modules.vaults.configureStorage({
+     *   type: 's3',
+     *   bucket: 'my-vault-bucket',
+     *   region: 'us-east-1',
+     *   accessKeyId: process.env.AWS_ACCESS_KEY_ID,
+     *   secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
+     * })
+     * ```
+     */
+    async configureStorage(config) {
+        await this.storageService.configure(config);
+        // Connect storage service to signing service for large file support
+        this.vaultSigningService.setStorageService(this.storageService);
+        this.logger.info(`Storage configured: bucket=${config.bucket}, region=${config.region}`);
+    }
+    /**
+     * Check if external storage is configured
+     */
+    isStorageConfigured() {
+        return this.storageService.isConfigured();
+    }
+    /**
+     * Get the storage service for direct operations
+     */
+    getStorageService() {
+        return this.storageService;
+    }
+    /**
+     * Create a new encrypted vault
+     *
+     * @param data - Raw data to encrypt (e.g., PDF bytes)
+     * @param options - Creation options including passphrase
+     * @returns Created vault identifiers
+     *
+     * @example
+     * ```typescript
+     * const pdfBytes = await fs.readFile('contract.pdf')
+     * const { vaultId } = await agent.modules.vaults.create(pdfBytes, {
+     *   passphrase: 'my-secure-passphrase',
+     *   metadata: { description: 'Employment Contract' }
+     * })
+     * ```
+     */
+    async create(data, options) {
+        return this.vaultService.createVault(this.agentContext, data, options);
+    }
+    /**
+     * Open (decrypt) a vault
+     *
+     * @param vaultId - Vault identifier
+     * @param options - Open options including passphrase
+     * @returns Decrypted data
+     *
+     * @example
+     * ```typescript
+     * const decrypted = await agent.modules.vaults.open(vaultId, {
+     *   passphrase: 'my-secure-passphrase'
+     * })
+     * await fs.writeFile('contract-decrypted.pdf', decrypted)
+     * ```
+     */
+    async open(vaultId, options) {
+        return this.vaultService.openVault(this.agentContext, vaultId, options);
+    }
+    /**
+     * Update vault with new data
+     *
+     * @param vaultId - Vault identifier
+     * @param data - New data to encrypt
+     * @param options - Update options including passphrase
+     *
+     * @example
+     * ```typescript
+     * const newPdfBytes = await fs.readFile('contract-v2.pdf')
+     * await agent.modules.vaults.update(vaultId, newPdfBytes, {
+     *   passphrase: 'my-secure-passphrase'
+     * })
+     * ```
+     */
+    async update(vaultId, data, options) {
+        return this.vaultService.updateVault(this.agentContext, vaultId, data, options);
+    }
+    /**
+     * Delete a vault
+     *
+     * @param vaultId - Vault identifier
+     *
+     * @example
+     * ```typescript
+     * await agent.modules.vaults.delete(vaultId)
+     * ```
+     */
+    async delete(vaultId) {
+        return this.vaultService.deleteVault(this.agentContext, vaultId);
+    }
+    /**
+     * List all vaults
+     *
+     * @returns Array of vault records
+     *
+     * @example
+     * ```typescript
+     * const vaults = await agent.modules.vaults.list()
+     * console.log(`Total vaults: ${vaults.length}`)
+     * ```
+     */
+    async list() {
+        return this.vaultService.listVaults(this.agentContext);
+    }
+    /**
+     * Get vault info (metadata without decrypting)
+     *
+     * @param vaultId - Vault identifier
+     * @returns Vault information
+     *
+     * @example
+     * ```typescript
+     * const info = await agent.modules.vaults.getInfo(vaultId)
+     * console.log(`Vault: ${info.vaultId}, Epoch: ${info.header.epoch}`)
+     * ```
+     */
+    async getInfo(vaultId) {
+        return this.vaultService.getVaultInfo(this.agentContext, vaultId);
+    }
+    /**
+     * Check if a vault exists
+     *
+     * @param vaultId - Vault identifier
+     * @returns True if vault exists
+     *
+     * @example
+     * ```typescript
+     * if (await agent.modules.vaults.exists(vaultId)) {
+     *   console.log('Vault found!')
+     * }
+     * ```
+     */
+    async exists(vaultId) {
+        return this.vaultService.vaultExists(this.agentContext, vaultId);
+    }
+    /**
+     * Get the raw vault record (for advanced operations)
+     *
+     * @param vaultId - Vault identifier
+     * @returns Vault record or null
+     */
+    async getRecord(vaultId) {
+        return this.vaultService.getVaultRecord(this.agentContext, vaultId);
+    }
+    // ═══════════════════════════════════════════════════════════════════════════
+    // KEM Key Exchange (for P2P vault sharing)
+    // ═══════════════════════════════════════════════════════════════════════════
+    /**
+     * Generate a new ML-KEM keypair for vault sharing
+     *
+     * @returns Keypair with key ID
+     *
+     * @example
+     * ```typescript
+     * const keypair = agent.modules.vaults.generateKemKeypair()
+     * console.log(`Generated KEM key: ${keypair.kid}`)
+     * ```
+     */
+    generateKemKeypair() {
+        return this.kemKeyExchangeService.generateKemKeypair();
+    }
+    /**
+     * Store peer's ML-KEM public key for vault encryption
+     *
+     * @param connectionId - Connection to associate the key with
+     * @param kid - Key identifier
+     * @param publicKey - ML-KEM public key
+     *
+     * @example
+     * ```typescript
+     * await agent.modules.vaults.storePeerKemKey(connectionId, {
+     *   kid: 'peer-key-id',
+     *   publicKey: peerPublicKey
+     * })
+     * ```
+     */
+    async storePeerKemKey(connectionId, keyInfo) {
+        return this.kemKeyExchangeService.storePeerKemKey(this.agentContext, connectionId, keyInfo);
+    }
+    /**
+     * Get peer's ML-KEM public key
+     *
+     * @param connectionId - Connection ID
+     * @returns Peer's key info or null
+     *
+     * @example
+     * ```typescript
+     * const peerKey = await agent.modules.vaults.getPeerKemKey(connectionId)
+     * if (peerKey) {
+     *   // Can now create vault encrypted to peer
+     * }
+     * ```
+     */
+    async getPeerKemKey(connectionId) {
+        return this.kemKeyExchangeService.getPeerKemKey(this.agentContext, connectionId);
+    }
+    /**
+     * Check if peer has a KEM key stored
+     *
+     * @param connectionId - Connection ID
+     * @returns True if peer has KEM key
+     */
+    async hasPeerKemKey(connectionId) {
+        return this.kemKeyExchangeService.hasPeerKemKey(this.agentContext, connectionId);
+    }
+    // ═══════════════════════════════════════════════════════════════════════════
+    // Local KEM Keypair Storage
+    // ═══════════════════════════════════════════════════════════════════════════
+    /**
+     * Store a local KEM keypair for a connection
+     *
+     * Call this after generateKemKeypair() to persist the keypair locally
+     * for later vault decryption.
+     *
+     * @param connectionId - Connection to associate the keypair with
+     * @param keypair - Full keypair including secret key
+     */
+    async storeLocalKeypair(connectionId, keypair) {
+        return this.kemKeyExchangeService.storeLocalKeypair(this.agentContext, connectionId, keypair);
+    }
+    /**
+     * Get the local KEM keypair for a connection
+     *
+     * @param connectionId - Connection ID
+     * @returns Full keypair or null
+     */
+    async getLocalKeypair(connectionId) {
+        return this.kemKeyExchangeService.getLocalKeypair(this.agentContext, connectionId);
+    }
+    /**
+     * Check if a local keypair exists for a connection
+     *
+     * @param connectionId - Connection ID
+     * @returns True if local keypair exists
+     */
+    async hasLocalKeypair(connectionId) {
+        return this.kemKeyExchangeService.hasLocalKeypair(this.agentContext, connectionId);
+    }
+    /**
+     * Find a local keypair by key identifier (kid)
+     *
+     * @param kid - Key identifier to search for
+     * @returns Keypair and associated connectionId, or null
+     */
+    async findKeypairByKid(kid) {
+        return this.kemKeyExchangeService.findKeypairByKid(this.agentContext, kid);
+    }
+    /**
+     * Delete the local keypair for a connection
+     *
+     * @param connectionId - Connection ID
+     */
+    async deleteLocalKeypair(connectionId) {
+        return this.kemKeyExchangeService.deleteLocalKeypair(this.agentContext, connectionId);
+    }
+    // ═══════════════════════════════════════════════════════════════════════════
+    // Signing Vault Operations (for document signing workflows)
+    // ═══════════════════════════════════════════════════════════════════════════
+    /**
+     * Create a signing vault encrypted to a signer's ML-KEM key
+     *
+     * Use this to send a document to someone for signing.
+     * The document is encrypted so only the intended signer can decrypt it.
+     *
+     * @param options - Creation options
+     * @returns Created vault identifiers
+     *
+     * @example
+     * ```typescript
+     * // Create vault for Bob to sign
+     * const { vaultId } = await agent.modules.vaults.createSigningVault({
+     *   document: pdfBytes,
+     *   signerConnectionId: bobConnectionId,
+     *   documentType: 'pdf',
+     *   metadata: { description: 'Contract for signing' }
+     * })
+     *
+     * // Share with Bob
+     * await agent.modules.vaults.shareSigningVault(vaultId, bobConnectionId)
+     * ```
+     */
+    async createSigningVault(options) {
+        return this.vaultSigningService.createSigningVault(this.agentContext, options);
+    }
+    /**
+     * Open (decrypt) a vault received for signing
+     *
+     * @param vaultData - Received vault data (message or record)
+     * @param secretKey - Your ML-KEM secret key
+     * @param kid - Your key identifier
+     * @returns Decrypted document and metadata
+     *
+     * @example
+     * ```typescript
+     * // Decrypt vault received for signing
+     * const { document, header } = await agent.modules.vaults.openSigningVault(
+     *   vaultRecord,
+     *   myKemKeypair.secretKey,
+     *   myKemKeypair.kid
+     * )
+     *
+     * // Sign the document
+     * const signedPdf = await signPdf(document)
+     * ```
+     */
+    async openSigningVault(vaultData, secretKey, kid) {
+        return this.vaultSigningService.openSigningVault(this.agentContext, vaultData, secretKey, kid);
+    }
+    /**
+     * Share a signing vault with a connection
+     *
+     * Sends the encrypted vault to the specified connection via DIDComm
+     *
+     * @param vaultId - Vault to share
+     * @param connectionId - Connection to send to
+     *
+     * @example
+     * ```typescript
+     * await agent.modules.vaults.shareSigningVault(vaultId, bobConnectionId)
+     * ```
+     */
+    async shareSigningVault(vaultId, connectionId) {
+        return this.vaultSigningService.shareSigningVault(this.agentContext, vaultId, connectionId);
+    }
+    /**
+     * Return a signed document to the vault owner
+     *
+     * Creates a new vault with the signed document encrypted to the owner's key
+     *
+     * @param options - Return options
+     * @returns New vault containing the signed document
+     *
+     * @example
+     * ```typescript
+     * await agent.modules.vaults.returnSignedDocument({
+     *   signedDocument: signedPdfBytes,
+     *   originalVaultId: receivedVaultId,
+     *   ownerConnectionId: aliceConnectionId,
+     *   documentType: 'pdf',
+     *   metadata: { signatureType: 'pades-b-lta' }
+     * })
+     * ```
+     */
+    async returnSignedDocument(options) {
+        return this.vaultSigningService.returnSignedDocument(this.agentContext, options);
+    }
+    /**
+     * Resolve the decryption key for a vault
+     *
+     * Automatically finds the correct local KEM keypair that can decrypt
+     * the specified vault by matching recipient kids in the vault header.
+     *
+     * @param vaultId - Vault to find decryption key for
+     * @returns Secret key, kid, and connectionId; or null if no matching key found
+     *
+     * @example
+     * ```typescript
+     * const key = await agent.modules.vaults.resolveVaultDecryptionKey(vaultId)
+     * if (key) {
+     *   const { document } = await agent.modules.vaults.openSigningVault(
+     *     vaultRecord, key.secretKey, key.kid
+     *   )
+     * }
+     * ```
+     */
+    async resolveVaultDecryptionKey(vaultId) {
+        return this.vaultSigningService.resolveVaultDecryptionKey(this.agentContext, vaultId);
+    }
+};
 exports.VaultsApi = VaultsApi;
+exports.VaultsApi = VaultsApi = __decorate([
+    (0, core_1.injectable)(),
+    __param(3, (0, core_1.inject)(core_1.InjectionSymbols.Logger)),
+    __metadata("design:paramtypes", [core_1.AgentContext,
+        core_1.MessageHandlerRegistry,
+        core_1.EventEmitter, Object, VaultService_1.VaultService,
+        KemKeyExchangeService_1.KemKeyExchangeService,
+        VaultSigningService_1.VaultSigningService,
+        VaultStorageService_1.VaultStorageService,
+        VaultRepository_1.VaultRepository,
+        ThresholdSessionRepository_1.ThresholdSessionRepository])
+], VaultsApi);
+//# sourceMappingURL=VaultsApi.js.map