npm - @ajna-inc/vaults - Versions diffs - 0.1.0 → 0.1.2 - Mend

@ajna-inc/vaults 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (208) hide show

package/build/VaultsApi.d.ts +363 -0
package/build/VaultsApi.js +450 -248
package/build/VaultsApi.js.map +1 -0
package/build/VaultsEvents.d.ts +227 -0
package/build/VaultsEvents.js +8 -0
package/build/VaultsEvents.js.map +1 -0
package/build/VaultsModule.d.ts +64 -0
package/build/VaultsModule.js +43 -18
package/build/VaultsModule.js.map +1 -0
package/build/crypto/wasm/VaultCrypto.d.ts +19 -0
package/build/crypto/wasm/VaultCrypto.js +29 -42
package/build/crypto/wasm/VaultCrypto.js.map +1 -0
package/build/errors/BadSuiteError.d.ts +8 -0
package/build/errors/BadSuiteError.js +8 -25
package/build/errors/BadSuiteError.js.map +1 -0
package/build/errors/DecryptAeadError.d.ts +8 -0
package/build/errors/DecryptAeadError.js +8 -25
package/build/errors/DecryptAeadError.js.map +1 -0
package/build/errors/DecryptKemError.d.ts +8 -0
package/build/errors/DecryptKemError.js +8 -25
package/build/errors/DecryptKemError.js.map +1 -0
package/build/errors/PolicyError.d.ts +8 -0
package/build/errors/PolicyError.js +8 -25
package/build/errors/PolicyError.js.map +1 -0
package/build/errors/VaultError.d.ts +52 -0
package/build/errors/VaultError.js +19 -30
package/build/errors/VaultError.js.map +1 -0
package/build/errors/index.d.ts +5 -0
package/build/errors/index.js +1 -0
package/build/errors/index.js.map +1 -0
package/build/handlers/CreateVaultHandler.d.ts +18 -0
package/build/handlers/CreateVaultHandler.js +75 -0
package/build/handlers/CreateVaultHandler.js.map +1 -0
package/build/handlers/DeleteVaultHandler.d.ts +17 -0
package/build/handlers/DeleteVaultHandler.js +48 -0
package/build/handlers/DeleteVaultHandler.js.map +1 -0
package/build/handlers/DenyAccessHandler.d.ts +15 -0
package/build/handlers/DenyAccessHandler.js +39 -0
package/build/handlers/DenyAccessHandler.js.map +1 -0
package/build/handlers/DenyShareHandler.d.ts +17 -0
package/build/handlers/DenyShareHandler.js +49 -0
package/build/handlers/DenyShareHandler.js.map +1 -0
package/build/handlers/GrantAccessHandler.d.ts +17 -0
package/build/handlers/GrantAccessHandler.js +59 -0
package/build/handlers/GrantAccessHandler.js.map +1 -0
package/build/handlers/ProvideShareHandler.d.ts +17 -0
package/build/handlers/ProvideShareHandler.js +77 -0
package/build/handlers/ProvideShareHandler.js.map +1 -0
package/build/handlers/RequestAccessHandler.d.ts +18 -0
package/build/handlers/RequestAccessHandler.js +60 -0
package/build/handlers/RequestAccessHandler.js.map +1 -0
package/build/handlers/RequestShareHandler.d.ts +19 -0
package/build/handlers/RequestShareHandler.js +70 -0
package/build/handlers/RequestShareHandler.js.map +1 -0
package/build/handlers/RequestStorageHandler.d.ts +53 -0
package/build/handlers/RequestStorageHandler.js +158 -0
package/build/handlers/RequestStorageHandler.js.map +1 -0
package/build/handlers/RetrieveVaultHandler.d.ts +18 -0
package/build/handlers/RetrieveVaultHandler.js +65 -0
package/build/handlers/RetrieveVaultHandler.js.map +1 -0
package/build/handlers/StoreVaultHandler.d.ts +17 -0
package/build/handlers/StoreVaultHandler.js +77 -0
package/build/handlers/StoreVaultHandler.js.map +1 -0
package/build/handlers/UpdateVaultHandler.d.ts +18 -0
package/build/handlers/UpdateVaultHandler.js +77 -0
package/build/handlers/UpdateVaultHandler.js.map +1 -0
package/build/handlers/VaultCreatedAckHandler.d.ts +15 -0
package/build/handlers/VaultCreatedAckHandler.js +39 -0
package/build/handlers/VaultCreatedAckHandler.js.map +1 -0
package/build/handlers/VaultDataHandler.d.ts +19 -0
package/build/handlers/VaultDataHandler.js +68 -0
package/build/handlers/VaultDataHandler.js.map +1 -0
package/build/handlers/VaultProblemReportHandler.d.ts +17 -0
package/build/handlers/VaultProblemReportHandler.js +40 -0
package/build/handlers/VaultProblemReportHandler.js.map +1 -0
package/build/handlers/VaultReferenceHandler.d.ts +33 -0
package/build/handlers/VaultReferenceHandler.js +169 -0
package/build/handlers/VaultReferenceHandler.js.map +1 -0
package/build/handlers/VaultStoredAckHandler.d.ts +15 -0
package/build/handlers/VaultStoredAckHandler.js +38 -0
package/build/handlers/VaultStoredAckHandler.js.map +1 -0
package/build/handlers/index.d.ts +17 -0
package/build/handlers/index.js +44 -0
package/build/handlers/index.js.map +1 -0
package/build/index.d.ts +42 -0
package/build/index.js +13 -1
package/build/index.js.map +1 -0
package/build/messages/CreateVaultMessage.d.ts +39 -0
package/build/messages/CreateVaultMessage.js +65 -115
package/build/messages/CreateVaultMessage.js.map +1 -0
package/build/messages/DeleteVaultMessage.d.ts +22 -0
package/build/messages/DeleteVaultMessage.js +51 -103
package/build/messages/DeleteVaultMessage.js.map +1 -0
package/build/messages/DenyAccessMessage.d.ts +22 -0
package/build/messages/DenyAccessMessage.js +50 -103
package/build/messages/DenyAccessMessage.js.map +1 -0
package/build/messages/DenyShareMessage.d.ts +24 -0
package/build/messages/DenyShareMessage.js +56 -109
package/build/messages/DenyShareMessage.js.map +1 -0
package/build/messages/GrantAccessMessage.d.ts +32 -0
package/build/messages/GrantAccessMessage.js +63 -115
package/build/messages/GrantAccessMessage.js.map +1 -0
package/build/messages/ProvideShareMessage.d.ts +26 -0
package/build/messages/ProvideShareMessage.js +62 -115
package/build/messages/ProvideShareMessage.js.map +1 -0
package/build/messages/ProvideStorageMessage.d.ts +90 -0
package/build/messages/ProvideStorageMessage.js +193 -0
package/build/messages/ProvideStorageMessage.js.map +1 -0
package/build/messages/RequestAccessMessage.d.ts +30 -0
package/build/messages/RequestAccessMessage.js +57 -109
package/build/messages/RequestAccessMessage.js.map +1 -0
package/build/messages/RequestShareMessage.d.ts +24 -0
package/build/messages/RequestShareMessage.js +56 -109
package/build/messages/RequestShareMessage.js.map +1 -0
package/build/messages/RequestStorageMessage.d.ts +50 -0
package/build/messages/RequestStorageMessage.js +98 -0
package/build/messages/RequestStorageMessage.js.map +1 -0
package/build/messages/RetrieveVaultMessage.d.ts +20 -0
package/build/messages/RetrieveVaultMessage.js +44 -97
package/build/messages/RetrieveVaultMessage.js.map +1 -0
package/build/messages/StoreVaultMessage.d.ts +23 -0
package/build/messages/StoreVaultMessage.js +51 -103
package/build/messages/StoreVaultMessage.js.map +1 -0
package/build/messages/UpdateVaultMessage.d.ts +25 -0
package/build/messages/UpdateVaultMessage.js +58 -109
package/build/messages/UpdateVaultMessage.js.map +1 -0
package/build/messages/VaultCreatedAckMessage.d.ts +20 -0
package/build/messages/VaultCreatedAckMessage.js +44 -97
package/build/messages/VaultCreatedAckMessage.js.map +1 -0
package/build/messages/VaultDataMessage.d.ts +34 -0
package/build/messages/VaultDataMessage.js +59 -110
package/build/messages/VaultDataMessage.js.map +1 -0
package/build/messages/VaultProblemReportMessage.d.ts +35 -0
package/build/messages/VaultProblemReportMessage.js +56 -102
package/build/messages/VaultProblemReportMessage.js.map +1 -0
package/build/messages/VaultReferenceMessage.d.ts +66 -0
package/build/messages/VaultReferenceMessage.js +138 -0
package/build/messages/VaultReferenceMessage.js.map +1 -0
package/build/messages/VaultStoredAckMessage.d.ts +33 -0
package/build/messages/VaultStoredAckMessage.js +51 -104
package/build/messages/VaultStoredAckMessage.js.map +1 -0
package/build/messages/index.d.ts +18 -0
package/build/messages/index.js +6 -1
package/build/messages/index.js.map +1 -0
package/build/models/ThresholdSession.d.ts +37 -0
package/build/models/ThresholdSession.js +1 -0
package/build/models/ThresholdSession.js.map +1 -0
package/build/models/VaultDocument.d.ts +22 -0
package/build/models/VaultDocument.js +1 -0
package/build/models/VaultDocument.js.map +1 -0
package/build/models/VaultHeader.d.ts +92 -0
package/build/models/VaultHeader.js +4 -6
package/build/models/VaultHeader.js.map +1 -0
package/build/models/VaultPolicy.d.ts +24 -0
package/build/models/VaultPolicy.js +1 -0
package/build/models/VaultPolicy.js.map +1 -0
package/build/models/index.d.ts +4 -0
package/build/models/index.js +1 -0
package/build/models/index.js.map +1 -0
package/build/repository/KemKeypairRecord.d.ts +37 -0
package/build/repository/KemKeypairRecord.js +35 -0
package/build/repository/KemKeypairRecord.js.map +1 -0
package/build/repository/KemKeypairRepository.d.ts +18 -0
package/build/repository/KemKeypairRepository.js +50 -0
package/build/repository/KemKeypairRepository.js.map +1 -0
package/build/repository/ThresholdSessionRecord.d.ts +93 -0
package/build/repository/ThresholdSessionRecord.js +58 -92
package/build/repository/ThresholdSessionRecord.js.map +1 -0
package/build/repository/ThresholdSessionRepository.d.ts +35 -0
package/build/repository/ThresholdSessionRepository.js +72 -208
package/build/repository/ThresholdSessionRepository.js.map +1 -0
package/build/repository/VaultRecord.d.ts +105 -0
package/build/repository/VaultRecord.js +94 -115
package/build/repository/VaultRecord.js.map +1 -0
package/build/repository/VaultRepository.d.ts +35 -0
package/build/repository/VaultRepository.js +66 -192
package/build/repository/VaultRepository.js.map +1 -0
package/build/repository/index.d.ts +9 -0
package/build/repository/index.js +7 -1
package/build/repository/index.js.map +1 -0
package/build/services/HPKEService.d.ts +67 -0
package/build/services/HPKEService.js +106 -0
package/build/services/HPKEService.js.map +1 -0
package/build/services/KemKeyExchangeService.d.ts +207 -0
package/build/services/KemKeyExchangeService.js +323 -0
package/build/services/KemKeyExchangeService.js.map +1 -0
package/build/services/VaultEncryptionService.d.ts +120 -0
package/build/services/VaultEncryptionService.js +469 -588
package/build/services/VaultEncryptionService.js.map +1 -0
package/build/services/VaultService.d.ts +127 -0
package/build/services/VaultService.js +224 -376
package/build/services/VaultService.js.map +1 -0
package/build/services/VaultSigningService.d.ts +216 -0
package/build/services/VaultSigningService.js +498 -0
package/build/services/VaultSigningService.js.map +1 -0
package/build/services/index.d.ts +9 -0
package/build/services/index.js +10 -1
package/build/services/index.js.map +1 -0
package/build/storage/VaultStorageConfig.d.ts +97 -0
package/build/storage/VaultStorageConfig.js +22 -0
package/build/storage/VaultStorageConfig.js.map +1 -0
package/build/storage/VaultStorageService.d.ts +118 -0
package/build/storage/VaultStorageService.js +381 -0
package/build/storage/VaultStorageService.js.map +1 -0
package/build/storage/index.d.ts +2 -0
package/build/storage/index.js +21 -0
package/build/storage/index.js.map +1 -0
package/package.json +5 -2

package/build/services/VaultSigningService.d.ts ADDED Viewed

@@ -0,0 +1,216 @@
+import type { AgentContext } from '@credo-ts/core';
+import type { VaultHeader } from '../models';
+import type { VaultStorageReference } from '../repository/VaultRecord';
+import { ConnectionRepository, EventEmitter, MessageSender } from '@credo-ts/core';
+import type { Logger } from '@credo-ts/core';
+import { VaultEncryptionService } from './VaultEncryptionService';
+import { KemKeyExchangeService } from './KemKeyExchangeService';
+import { VaultStorageService } from '../storage/VaultStorageService';
+import { VaultRepository } from '../repository/VaultRepository';
+import { VaultRecord } from '../repository/VaultRecord';
+import { StoreVaultMessage, VaultDataMessage } from '../messages';
+export interface CreateSigningVaultOptions {
+    /** Document to encrypt for signing */
+    document: Uint8Array;
+    /** Connection ID of the signer */
+    signerConnectionId: string;
+    /** Document type hint */
+    documentType: 'pdf' | 'json' | 'xml' | 'other';
+    /** Optional vault ID */
+    vaultId?: string;
+    /** Optional metadata */
+    metadata?: {
+        description?: string;
+        filename?: string;
+        tags?: string[];
+    };
+    /** Force use of external storage even for small files */
+    forceExternalStorage?: boolean;
+    /** Custom inline threshold (bytes) - files larger than this use external storage */
+    inlineThreshold?: number;
+}
+export interface SigningVaultResult {
+    vaultId: string;
+    docId: string;
+    /** The vault record for local storage */
+    record: VaultRecord;
+    /** Storage reference if using external storage */
+    storageReference?: VaultStorageReference;
+    /** Whether external storage was used */
+    usedExternalStorage: boolean;
+}
+export interface OpenSigningVaultResult {
+    /** Decrypted document */
+    document: Uint8Array;
+    /** Vault metadata */
+    header: VaultHeader;
+    /** Document type if present */
+    documentType?: string;
+}
+export interface ReturnSignedDocumentOptions {
+    /** Signed document bytes */
+    signedDocument: Uint8Array;
+    /** Original vault ID this is a response to */
+    originalVaultId: string;
+    /** Connection ID of the vault owner */
+    ownerConnectionId: string;
+    /** Document type */
+    documentType: 'pdf' | 'json' | 'xml' | 'other';
+    /** Optional metadata */
+    metadata?: {
+        signatureType?: string;
+        signedAt?: string;
+        [key: string]: unknown;
+    };
+}
+/**
+ * Vault Signing Service
+ *
+ * Orchestrates vault operations for document signing workflows:
+ * - Create vaults encrypted to signer's ML-KEM key
+ * - Open vaults received for signing
+ * - Return signed documents via encrypted vault
+ *
+ * Flow:
+ * 1. Alice creates signing vault encrypted to Bob's ML-KEM key
+ * 2. Alice sends vault reference to Bob
+ * 3. Bob retrieves and decrypts vault
+ * 4. Bob signs document
+ * 5. Bob creates response vault encrypted to Alice's ML-KEM key
+ * 6. Bob sends signed document back to Alice
+ */
+export declare class VaultSigningService {
+    private encryptionService;
+    private kemKeyExchangeService;
+    private vaultRepository;
+    private connectionRepository;
+    private eventEmitter;
+    private messageSender;
+    private logger;
+    private storageService?;
+    constructor(logger: Logger, encryptionService: VaultEncryptionService, kemKeyExchangeService: KemKeyExchangeService, vaultRepository: VaultRepository, connectionRepository: ConnectionRepository, eventEmitter: EventEmitter, messageSender: MessageSender);
+    /**
+     * Set the storage service for large file support
+     */
+    setStorageService(storageService: VaultStorageService): void;
+    /**
+     * Check if external storage is available
+     */
+    hasExternalStorage(): boolean;
+    /**
+     * Create a vault encrypted to a signer's ML-KEM public key
+     *
+     * @param agentContext - Agent context
+     * @param options - Creation options
+     * @returns Created vault identifiers
+     *
+     * @example
+     * ```typescript
+     * const { vaultId } = await vaultSigningService.createSigningVault(agentContext, {
+     *   document: pdfBytes,
+     *   signerConnectionId: bobConnectionId,
+     *   documentType: 'pdf',
+     *   metadata: { description: 'Contract for signing' }
+     * })
+     * ```
+     */
+    createSigningVault(agentContext: AgentContext, options: CreateSigningVaultOptions): Promise<SigningVaultResult>;
+    /**
+     * Open (decrypt) a vault received for signing
+     *
+     * Uses the agent's own ML-KEM secret key to decrypt
+     *
+     * @param agentContext - Agent context
+     * @param vaultData - Received vault data message or vault record
+     * @param secretKey - ML-KEM secret key to decrypt with
+     * @param kid - Key identifier
+     * @returns Decrypted document and metadata
+     *
+     * @example
+     * ```typescript
+     * const { document, header } = await vaultSigningService.openSigningVault(
+     *   agentContext,
+     *   vaultData,
+     *   myKemKeypair.secretKey,
+     *   myKemKeypair.kid
+     * )
+     * // Now sign the document
+     * const signedPdf = await signPdf(document)
+     * ```
+     */
+    openSigningVault(agentContext: AgentContext, vaultData: VaultDataMessage | VaultRecord, secretKey: Uint8Array, kid: string): Promise<OpenSigningVaultResult>;
+    /**
+     * Share a signing vault with a connection
+     *
+     * Sends the vault data to the specified connection
+     *
+     * @param agentContext - Agent context
+     * @param vaultId - Vault to share
+     * @param connectionId - Connection to send to
+     */
+    shareSigningVault(agentContext: AgentContext, vaultId: string, connectionId: string, options?: {
+        /** Include pre-signed download URL for recipient */
+        includeDownloadUrl?: boolean;
+        /** Download URL expiration in seconds */
+        downloadUrlExpiry?: number;
+    }): Promise<void>;
+    /**
+     * Return a signed document to the original vault owner
+     *
+     * Creates a new vault with the signed document encrypted to the owner's ML-KEM key
+     *
+     * @param agentContext - Agent context
+     * @param options - Return options
+     * @returns New vault containing signed document
+     *
+     * @example
+     * ```typescript
+     * await vaultSigningService.returnSignedDocument(agentContext, {
+     *   signedDocument: signedPdfBytes,
+     *   originalVaultId: receivedVaultId,
+     *   ownerConnectionId: aliceConnectionId,
+     *   documentType: 'pdf',
+     *   metadata: { signatureType: 'pades-b-lta' }
+     * })
+     * ```
+     */
+    returnSignedDocument(agentContext: AgentContext, options: ReturnSignedDocumentOptions): Promise<SigningVaultResult>;
+    /**
+     * Store a received signing vault locally
+     *
+     * Called when receiving a vault for signing from another agent
+     *
+     * @param agentContext - Agent context
+     * @param message - Received vault message
+     * @param senderConnectionId - Connection that sent the vault
+     * @returns Stored vault record
+     */
+    storeReceivedSigningVault(agentContext: AgentContext, message: StoreVaultMessage | VaultDataMessage, senderConnectionId: string): Promise<VaultRecord>;
+    /**
+     * Resolve the decryption key for a vault
+     *
+     * Implements the unified KEM key resolution strategy:
+     * 1. Extract recipient kids from vault header
+     * 2. Search local KEM keypairs for a matching kid (works for both received and owned vaults)
+     * 3. Fall back to connection-based lookup via signerConnectionId metadata
+     *
+     * @param agentContext - Agent context
+     * @param vaultId - Vault to find decryption key for
+     * @returns Secret key, kid, and connectionId; or null if no matching key found
+     *
+     * @example
+     * ```typescript
+     * const key = await vaultSigningService.resolveVaultDecryptionKey(agentContext, vaultId)
+     * if (key) {
+     *   const { document } = await vaultSigningService.openSigningVault(
+     *     agentContext, vaultRecord, key.secretKey, key.kid
+     *   )
+     * }
+     * ```
+     */
+    resolveVaultDecryptionKey(agentContext: AgentContext, vaultId: string): Promise<{
+        secretKey: Uint8Array;
+        kid: string;
+        connectionId: string;
+    } | null>;
+}