@ajna-inc/vaults 0.1.0 → 0.1.2

package/build/errors/DecryptKemError.d.ts

@@ -0,0 +1,8 @@
+import { VaultError } from './VaultError';
+/**
+ * Error thrown when KEM decapsulation fails
+ * Spec §11: ERR_DECRYPT_KEM - no recipient wrap decapsulated
+ */
+export declare class DecryptKemError extends VaultError {
+    constructor(message: string);
+}

package/build/errors/DecryptKemError.js

@@ -1,34 +1,17 @@
 "use strict";
-var __extends = (this && this.__extends) || (function () {
-    var extendStatics = function (d, b) {
-        extendStatics = Object.setPrototypeOf ||
-            ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
-            function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
-        return extendStatics(d, b);
-    };
-    return function (d, b) {
-        if (typeof b !== "function" && b !== null)
-            throw new TypeError("Class extends value " + String(b) + " is not a constructor or null");
-        extendStatics(d, b);
-        function __() { this.constructor = d; }
-        d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
-    };
-})();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.DecryptKemError = void 0;
-var VaultError_1 = require("./VaultError");
+const VaultError_1 = require("./VaultError");
 /**
  * Error thrown when KEM decapsulation fails
  * Spec §11: ERR_DECRYPT_KEM - no recipient wrap decapsulated
  */
-var DecryptKemError = /** @class */ (function (_super) {
-    __extends(DecryptKemError, _super);
-    function DecryptKemError(message) {
-        var _this = _super.call(this, VaultError_1.VaultErrorCode.DECRYPT_KEM, message) || this;
-        _this.name = 'DecryptKemError';
-        Object.setPrototypeOf(_this, DecryptKemError.prototype);
-        return _this;
+class DecryptKemError extends VaultError_1.VaultError {
+    constructor(message) {
+        super(VaultError_1.VaultErrorCode.DECRYPT_KEM, message);
+        this.name = 'DecryptKemError';
+        Object.setPrototypeOf(this, DecryptKemError.prototype);
     }
-    return DecryptKemError;
-}(VaultError_1.VaultError));
+}
 exports.DecryptKemError = DecryptKemError;
+//# sourceMappingURL=DecryptKemError.js.map

package/build/errors/DecryptKemError.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DecryptKemError.js","sourceRoot":"","sources":["../../src/errors/DecryptKemError.ts"],"names":[],"mappings":";;;AAAA,6CAAyD;AAEzD;;;GAGG;AACH,MAAa,eAAgB,SAAQ,uBAAU;IAC7C,YAAY,OAAe;QACzB,KAAK,CAAC,2BAAc,CAAC,WAAW,EAAE,OAAO,CAAC,CAAA;QAC1C,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAA;QAC7B,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,eAAe,CAAC,SAAS,CAAC,CAAA;IACxD,CAAC;CACF;AAND,0CAMC"}

package/build/errors/PolicyError.d.ts

@@ -0,0 +1,8 @@
+import { VaultError } from './VaultError';
+/**
+ * Error thrown when policy is malformed or inconsistent
+ * Spec §11: ERR_POLICY - header policy malformed or inconsistent
+ */
+export declare class PolicyError extends VaultError {
+    constructor(message: string);
+}

package/build/errors/PolicyError.js

@@ -1,34 +1,17 @@
 "use strict";
-var __extends = (this && this.__extends) || (function () {
-    var extendStatics = function (d, b) {
-        extendStatics = Object.setPrototypeOf ||
-            ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
-            function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
-        return extendStatics(d, b);
-    };
-    return function (d, b) {
-        if (typeof b !== "function" && b !== null)
-            throw new TypeError("Class extends value " + String(b) + " is not a constructor or null");
-        extendStatics(d, b);
-        function __() { this.constructor = d; }
-        d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
-    };
-})();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.PolicyError = void 0;
-var VaultError_1 = require("./VaultError");
+const VaultError_1 = require("./VaultError");
 /**
  * Error thrown when policy is malformed or inconsistent
  * Spec §11: ERR_POLICY - header policy malformed or inconsistent
  */
-var PolicyError = /** @class */ (function (_super) {
-    __extends(PolicyError, _super);
-    function PolicyError(message) {
-        var _this = _super.call(this, VaultError_1.VaultErrorCode.POLICY, message) || this;
-        _this.name = 'PolicyError';
-        Object.setPrototypeOf(_this, PolicyError.prototype);
-        return _this;
+class PolicyError extends VaultError_1.VaultError {
+    constructor(message) {
+        super(VaultError_1.VaultErrorCode.POLICY, message);
+        this.name = 'PolicyError';
+        Object.setPrototypeOf(this, PolicyError.prototype);
     }
-    return PolicyError;
-}(VaultError_1.VaultError));
+}
 exports.PolicyError = PolicyError;
+//# sourceMappingURL=PolicyError.js.map

package/build/errors/PolicyError.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"PolicyError.js","sourceRoot":"","sources":["../../src/errors/PolicyError.ts"],"names":[],"mappings":";;;AAAA,6CAAyD;AAEzD;;;GAGG;AACH,MAAa,WAAY,SAAQ,uBAAU;IACzC,YAAY,OAAe;QACzB,KAAK,CAAC,2BAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;QACrC,IAAI,CAAC,IAAI,GAAG,aAAa,CAAA;QACzB,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,WAAW,CAAC,SAAS,CAAC,CAAA;IACpD,CAAC;CACF;AAND,kCAMC"}

package/build/errors/VaultError.d.ts

@@ -0,0 +1,52 @@
+/**
+ * Vault Error Codes per ZK-Vault Specification §11
+ */
+export declare enum VaultErrorCode {
+    /** Unknown or unsupported suite */
+    BAD_SUITE = "ERR_BAD_SUITE",
+    /** STARK verification failed */
+    BAD_PROOF = "ERR_BAD_PROOF",
+    /** Nonce reused (replay attack detected) */
+    REPLAY = "ERR_REPLAY",
+    /** Proof exceeds maxProofBytes */
+    SIZE = "ERR_SIZE",
+    /** Unknown or stale context */
+    CTX = "ERR_CTX",
+    /** No recipient wrap decapsulated */
+    DECRYPT_KEM = "ERR_DECRYPT_KEM",
+    /** AEAD tag failure (AAD tamper or wrong CEK) */
+    DECRYPT_AEAD = "ERR_DECRYPT_AEAD",
+    /** Header policy malformed or inconsistent */
+    POLICY = "ERR_POLICY",
+    /** Vault not found */
+    NOT_FOUND = "ERR_NOT_FOUND",
+    /** Threshold not met for reconstruction */
+    THRESHOLD_NOT_MET = "ERR_THRESHOLD_NOT_MET",
+    /** Session expired */
+    SESSION_EXPIRED = "ERR_SESSION_EXPIRED",
+    /** Storage operation failed */
+    STORAGE = "ERR_STORAGE",
+    /** Storage operation failed (alias for STORAGE) */
+    STORAGE_ERROR = "ERR_STORAGE",
+    /** Data integrity check failed (checksum mismatch) */
+    INTEGRITY_CHECK_FAILED = "ERR_INTEGRITY",
+    /** Invalid key commitment */
+    KEY_COMMITMENT = "ERR_KEY_COMMITMENT",
+    /** Invalid or missing key for operation */
+    INVALID_KEY = "ERR_INVALID_KEY"
+}
+/**
+ * Base error class for all vault-related errors
+ */
+export declare class VaultError extends Error {
+    readonly code: VaultErrorCode;
+    constructor(code: VaultErrorCode, message: string);
+    /**
+     * Check if error matches a specific code
+     */
+    is(code: VaultErrorCode): boolean;
+    /**
+     * Create a human-readable error message
+     */
+    toString(): string;
+}

package/build/errors/VaultError.js

@@ -1,19 +1,4 @@
 "use strict";
-var __extends = (this && this.__extends) || (function () {
-    var extendStatics = function (d, b) {
-        extendStatics = Object.setPrototypeOf ||
-            ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
-            function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
-        return extendStatics(d, b);
-    };
-    return function (d, b) {
-        if (typeof b !== "function" && b !== null)
-            throw new TypeError("Class extends value " + String(b) + " is not a constructor or null");
-        extendStatics(d, b);
-        function __() { this.constructor = d; }
-        d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
-    };
-})();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.VaultError = exports.VaultErrorCode = void 0;
 /**
@@ -45,33 +30,37 @@ var VaultErrorCode;
     VaultErrorCode["SESSION_EXPIRED"] = "ERR_SESSION_EXPIRED";
     /** Storage operation failed */
     VaultErrorCode["STORAGE"] = "ERR_STORAGE";
+    /** Storage operation failed (alias for STORAGE) */
+    VaultErrorCode["STORAGE_ERROR"] = "ERR_STORAGE";
+    /** Data integrity check failed (checksum mismatch) */
+    VaultErrorCode["INTEGRITY_CHECK_FAILED"] = "ERR_INTEGRITY";
     /** Invalid key commitment */
     VaultErrorCode["KEY_COMMITMENT"] = "ERR_KEY_COMMITMENT";
+    /** Invalid or missing key for operation */
+    VaultErrorCode["INVALID_KEY"] = "ERR_INVALID_KEY";
 })(VaultErrorCode || (exports.VaultErrorCode = VaultErrorCode = {}));
 /**
  * Base error class for all vault-related errors
  */
-var VaultError = /** @class */ (function (_super) {
-    __extends(VaultError, _super);
-    function VaultError(code, message) {
-        var _this = _super.call(this, message) || this;
-        _this.code = code;
-        _this.name = 'VaultError';
-        Object.setPrototypeOf(_this, VaultError.prototype);
-        return _this;
+class VaultError extends Error {
+    constructor(code, message) {
+        super(message);
+        this.code = code;
+        this.name = 'VaultError';
+        Object.setPrototypeOf(this, VaultError.prototype);
     }
     /**
      * Check if error matches a specific code
      */
-    VaultError.prototype.is = function (code) {
+    is(code) {
         return this.code === code;
-    };
+    }
     /**
      * Create a human-readable error message
      */
-    VaultError.prototype.toString = function () {
-        return "[".concat(this.code, "] ").concat(this.message);
-    };
-    return VaultError;
-}(Error));
+    toString() {
+        return `[${this.code}] ${this.message}`;
+    }
+}
 exports.VaultError = VaultError;
+//# sourceMappingURL=VaultError.js.map

package/build/errors/VaultError.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"VaultError.js","sourceRoot":"","sources":["../../src/errors/VaultError.ts"],"names":[],"mappings":";;;AAAA;;GAEG;AACH,IAAY,cAgDX;AAhDD,WAAY,cAAc;IACxB,mCAAmC;IACnC,6CAA2B,CAAA;IAE3B,gCAAgC;IAChC,6CAA2B,CAAA;IAE3B,4CAA4C;IAC5C,uCAAqB,CAAA;IAErB,kCAAkC;IAClC,mCAAiB,CAAA;IAEjB,+BAA+B;IAC/B,iCAAe,CAAA;IAEf,qCAAqC;IACrC,iDAA+B,CAAA;IAE/B,iDAAiD;IACjD,mDAAiC,CAAA;IAEjC,8CAA8C;IAC9C,uCAAqB,CAAA;IAErB,sBAAsB;IACtB,6CAA2B,CAAA;IAE3B,2CAA2C;IAC3C,6DAA2C,CAAA;IAE3C,sBAAsB;IACtB,yDAAuC,CAAA;IAEvC,+BAA+B;IAC/B,yCAAuB,CAAA;IAEvB,mDAAmD;IACnD,+CAA6B,CAAA;IAE7B,sDAAsD;IACtD,0DAAwC,CAAA;IAExC,6BAA6B;IAC7B,uDAAqC,CAAA;IAErC,2CAA2C;IAC3C,iDAA+B,CAAA;AACjC,CAAC,EAhDW,cAAc,8BAAd,cAAc,QAgDzB;AAED;;GAEG;AACH,MAAa,UAAW,SAAQ,KAAK;IAGnC,YAAY,IAAoB,EAAE,OAAe;QAC/C,KAAK,CAAC,OAAO,CAAC,CAAA;QACd,IAAI,CAAC,IAAI,GAAG,IAAI,CAAA;QAChB,IAAI,CAAC,IAAI,GAAG,YAAY,CAAA;QACxB,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,UAAU,CAAC,SAAS,CAAC,CAAA;IACnD,CAAC;IAED;;OAEG;IACI,EAAE,CAAC,IAAoB;QAC5B,OAAO,IAAI,CAAC,IAAI,KAAK,IAAI,CAAA;IAC3B,CAAC;IAED;;OAEG;IACI,QAAQ;QACb,OAAO,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,OAAO,EAAE,CAAA;IACzC,CAAC;CACF;AAvBD,gCAuBC"}

package/build/errors/index.d.ts

@@ -0,0 +1,5 @@
+export { VaultError, VaultErrorCode } from './VaultError';
+export { BadSuiteError } from './BadSuiteError';
+export { DecryptKemError } from './DecryptKemError';
+export { DecryptAeadError } from './DecryptAeadError';
+export { PolicyError } from './PolicyError';

package/build/errors/index.js

@@ -14,3 +14,4 @@ var DecryptAeadError_1 = require("./DecryptAeadError");
 Object.defineProperty(exports, "DecryptAeadError", { enumerable: true, get: function () { return DecryptAeadError_1.DecryptAeadError; } });
 var PolicyError_1 = require("./PolicyError");
 Object.defineProperty(exports, "PolicyError", { enumerable: true, get: function () { return PolicyError_1.PolicyError; } });
+//# sourceMappingURL=index.js.map

package/build/errors/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/errors/index.ts"],"names":[],"mappings":";;;AAAA,uBAAuB;AACvB,2CAAyD;AAAhD,wGAAA,UAAU,OAAA;AAAE,4GAAA,cAAc,OAAA;AAEnC,uBAAuB;AACvB,iDAA+C;AAAtC,8GAAA,aAAa,OAAA;AACtB,qDAAmD;AAA1C,kHAAA,eAAe,OAAA;AACxB,uDAAqD;AAA5C,oHAAA,gBAAgB,OAAA;AACzB,6CAA2C;AAAlC,0GAAA,WAAW,OAAA"}

package/build/handlers/CreateVaultHandler.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Handler for create-vault messages
+ *
+ * Receives notification about a new vault creation.
+ * Used for multi-party vaults where participants need to be notified.
+ */
+import type { MessageHandler, MessageHandlerInboundMessage, Logger } from '@credo-ts/core';
+import { EventEmitter, OutboundMessageContext } from '@credo-ts/core';
+import { CreateVaultMessage, VaultCreatedAckMessage } from '../messages';
+import { VaultRepository } from '../repository/VaultRepository';
+export declare class CreateVaultHandler implements MessageHandler {
+    private logger;
+    private vaultRepository;
+    private eventEmitter;
+    supportedMessages: (typeof CreateVaultMessage)[];
+    constructor(logger: Logger, vaultRepository: VaultRepository, eventEmitter: EventEmitter);
+    handle(messageContext: MessageHandlerInboundMessage<CreateVaultHandler>): Promise<OutboundMessageContext<VaultCreatedAckMessage>>;
+}

package/build/handlers/CreateVaultHandler.js

@@ -0,0 +1,75 @@
+"use strict";
+/**
+ * Handler for create-vault messages
+ *
+ * Receives notification about a new vault creation.
+ * Used for multi-party vaults where participants need to be notified.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CreateVaultHandler = void 0;
+const core_1 = require("@credo-ts/core");
+const messages_1 = require("../messages");
+const VaultRecord_1 = require("../repository/VaultRecord");
+const VaultsEvents_1 = require("../VaultsEvents");
+class CreateVaultHandler {
+    constructor(logger, vaultRepository, eventEmitter) {
+        this.supportedMessages = [messages_1.CreateVaultMessage];
+        this.logger = logger;
+        this.vaultRepository = vaultRepository;
+        this.eventEmitter = eventEmitter;
+    }
+    async handle(messageContext) {
+        const { agentContext, connection, message } = messageContext;
+        this.logger.debug(`Received create-vault notification for ${message.vaultId}`, {
+            vaultId: message.vaultId,
+            docId: message.docId,
+            policy: message.policy,
+            connectionId: connection?.id,
+        });
+        // Check if we're already tracking this vault
+        const existing = await this.vaultRepository.findByVaultId(agentContext, message.vaultId);
+        if (existing) {
+            this.logger.debug(`Vault ${message.vaultId} already exists, acknowledging`);
+            const ackMessage = new messages_1.VaultCreatedAckMessage({
+                vaultId: message.vaultId,
+                status: 'accepted',
+            });
+            return new core_1.OutboundMessageContext(ackMessage, { agentContext, connection });
+        }
+        // Create a record to track this vault (without ciphertext - that comes later)
+        const record = new VaultRecord_1.VaultRecord({
+            vaultId: message.vaultId,
+            docId: message.docId,
+            header: message.header,
+            ciphertext: '', // Will be populated when we receive the actual data
+            ownerDid: agentContext.contextCorrelationId,
+        });
+        // Add metadata about the creation notification
+        record.header.metadata = {
+            ...record.header.metadata,
+            createdBy: connection?.id,
+            notifiedAt: new Date().toISOString(),
+            storageLocation: message.storageLocation,
+            invitation: message.invitation,
+        };
+        await this.vaultRepository.save(agentContext, record);
+        // Emit event
+        this.eventEmitter.emit(agentContext, {
+            type: VaultsEvents_1.VaultEventTypes.VaultCreated,
+            payload: {
+                vaultId: message.vaultId,
+                docId: message.docId,
+                policyMode: message.policy.mode,
+                createdBy: connection?.id,
+            },
+        });
+        // Send acceptance
+        const ackMessage = new messages_1.VaultCreatedAckMessage({
+            vaultId: message.vaultId,
+            status: 'accepted',
+        });
+        return new core_1.OutboundMessageContext(ackMessage, { agentContext, connection });
+    }
+}
+exports.CreateVaultHandler = CreateVaultHandler;
+//# sourceMappingURL=CreateVaultHandler.js.map

package/build/handlers/CreateVaultHandler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CreateVaultHandler.js","sourceRoot":"","sources":["../../src/handlers/CreateVaultHandler.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAIH,yCAAqE;AAErE,0CAAwE;AAExE,2DAAuD;AACvD,kDAAiD;AAEjD,MAAa,kBAAkB;IAM7B,YAAmB,MAAc,EAAE,eAAgC,EAAE,YAA0B;QAFxF,sBAAiB,GAAG,CAAC,6BAAkB,CAAC,CAAA;QAG7C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,IAAI,CAAC,eAAe,GAAG,eAAe,CAAA;QACtC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;IAClC,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,cAAgE;QAClF,MAAM,EAAE,YAAY,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,cAAc,CAAA;QAE5D,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,0CAA0C,OAAO,CAAC,OAAO,EAAE,EAAE;YAC7E,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,YAAY,EAAE,UAAU,EAAE,EAAE;SAC7B,CAAC,CAAA;QAEF,6CAA6C;QAC7C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC,CAAA;QAExF,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,OAAO,CAAC,OAAO,gCAAgC,CAAC,CAAA;YAC3E,MAAM,UAAU,GAAG,IAAI,iCAAsB,CAAC;gBAC5C,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,MAAM,EAAE,UAAU;aACnB,CAAC,CAAA;YACF,OAAO,IAAI,6BAAsB,CAAC,UAAU,EAAE,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC,CAAA;QAC7E,CAAC;QAED,8EAA8E;QAC9E,MAAM,MAAM,GAAG,IAAI,yBAAW,CAAC;YAC7B,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,UAAU,EAAE,EAAE,EAAE,oDAAoD;YACpE,QAAQ,EAAE,YAAY,CAAC,oBAAoB;SAC5C,CAAC,CAAA;QAEF,+CAA+C;QAC/C,MAAM,CAAC,MAAM,CAAC,QAAQ,GAAG;YACvB,GAAG,MAAM,CAAC,MAAM,CAAC,QAAQ;YACzB,SAAS,EAAE,UAAU,EAAE,EAAE;YACzB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,eAAe,EAAE,OAAO,CAAC,eAAe;YACxC,UAAU,EAAE,OAAO,CAAC,UAAU;SAC/B,CAAA;QAED,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,CAAA;QAErD,aAAa;QACb,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,EAAE;YACnC,IAAI,EAAE,8BAAe,CAAC,YAAY;YAClC,OAAO,EAAE;gBACP,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,IAAI;gBAC/B,SAAS,EAAE,UAAU,EAAE,EAAE;aAC1B;SACF,CAAC,CAAA;QAEF,kBAAkB;QAClB,MAAM,UAAU,GAAG,IAAI,iCAAsB,CAAC;YAC5C,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,MAAM,EAAE,UAAU;SACnB,CAAC,CAAA;QAEF,OAAO,IAAI,6BAAsB,CAAC,UAAU,EAAE,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC,CAAA;IAC7E,CAAC;CACF;AAzED,gDAyEC"}

package/build/handlers/DeleteVaultHandler.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Handler for delete-vault messages
+ *
+ * Receives vault deletion notifications and removes local copy.
+ */
+import type { MessageHandler, MessageHandlerInboundMessage, Logger } from '@credo-ts/core';
+import { EventEmitter } from '@credo-ts/core';
+import { DeleteVaultMessage } from '../messages';
+import { VaultRepository } from '../repository/VaultRepository';
+export declare class DeleteVaultHandler implements MessageHandler {
+    private logger;
+    private vaultRepository;
+    private eventEmitter;
+    supportedMessages: (typeof DeleteVaultMessage)[];
+    constructor(logger: Logger, vaultRepository: VaultRepository, eventEmitter: EventEmitter);
+    handle(messageContext: MessageHandlerInboundMessage<DeleteVaultHandler>): Promise<void>;
+}

package/build/handlers/DeleteVaultHandler.js

@@ -0,0 +1,48 @@
+"use strict";
+/**
+ * Handler for delete-vault messages
+ *
+ * Receives vault deletion notifications and removes local copy.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DeleteVaultHandler = void 0;
+const messages_1 = require("../messages");
+const VaultsEvents_1 = require("../VaultsEvents");
+class DeleteVaultHandler {
+    constructor(logger, vaultRepository, eventEmitter) {
+        this.supportedMessages = [messages_1.DeleteVaultMessage];
+        this.logger = logger;
+        this.vaultRepository = vaultRepository;
+        this.eventEmitter = eventEmitter;
+    }
+    async handle(messageContext) {
+        const { agentContext, connection, message } = messageContext;
+        this.logger.debug(`Received delete-vault for ${message.vaultId}`, {
+            vaultId: message.vaultId,
+            reason: message.reason,
+            connectionId: connection?.id,
+        });
+        // Find existing vault
+        const existing = await this.vaultRepository.findByVaultId(agentContext, message.vaultId);
+        if (!existing) {
+            this.logger.debug(`Vault ${message.vaultId} not found locally, ignoring delete`);
+            return;
+        }
+        // Delete vault
+        await this.vaultRepository.delete(agentContext, existing);
+        // Emit event
+        this.eventEmitter.emit(agentContext, {
+            type: VaultsEvents_1.VaultEventTypes.VaultDeleted,
+            payload: {
+                vaultId: message.vaultId,
+                docId: message.docId,
+                deletedBy: connection?.id,
+                reason: message.reason,
+                message: message.message,
+            },
+        });
+        this.logger.info(`Vault ${message.vaultId} deleted (reason: ${message.reason})`);
+    }
+}
+exports.DeleteVaultHandler = DeleteVaultHandler;
+//# sourceMappingURL=DeleteVaultHandler.js.map

package/build/handlers/DeleteVaultHandler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DeleteVaultHandler.js","sourceRoot":"","sources":["../../src/handlers/DeleteVaultHandler.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAMH,0CAAgD;AAEhD,kDAAiD;AAEjD,MAAa,kBAAkB;IAM7B,YAAmB,MAAc,EAAE,eAAgC,EAAE,YAA0B;QAFxF,sBAAiB,GAAG,CAAC,6BAAkB,CAAC,CAAA;QAG7C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,IAAI,CAAC,eAAe,GAAG,eAAe,CAAA;QACtC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;IAClC,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,cAAgE;QAClF,MAAM,EAAE,YAAY,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,cAAc,CAAA;QAE5D,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,6BAA6B,OAAO,CAAC,OAAO,EAAE,EAAE;YAChE,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,YAAY,EAAE,UAAU,EAAE,EAAE;SAC7B,CAAC,CAAA;QAEF,sBAAsB;QACtB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC,CAAA;QAExF,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,OAAO,CAAC,OAAO,qCAAqC,CAAC,CAAA;YAChF,OAAM;QACR,CAAC;QAED,eAAe;QACf,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAA;QAEzD,aAAa;QACb,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,EAAE;YACnC,IAAI,EAAE,8BAAe,CAAC,YAAY;YAClC,OAAO,EAAE;gBACP,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,SAAS,EAAE,UAAU,EAAE,EAAE;gBACzB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,OAAO,EAAE,OAAO,CAAC,OAAO;aACzB;SACF,CAAC,CAAA;QAEF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,OAAO,CAAC,OAAO,qBAAqB,OAAO,CAAC,MAAM,GAAG,CAAC,CAAA;IAClF,CAAC;CACF;AA9CD,gDA8CC"}

package/build/handlers/DenyAccessHandler.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Handler for deny-access messages
+ *
+ * Receives notification that access request was denied.
+ */
+import type { MessageHandler, MessageHandlerInboundMessage, Logger } from '@credo-ts/core';
+import { EventEmitter } from '@credo-ts/core';
+import { DenyAccessMessage } from '../messages';
+export declare class DenyAccessHandler implements MessageHandler {
+    private logger;
+    private eventEmitter;
+    supportedMessages: (typeof DenyAccessMessage)[];
+    constructor(logger: Logger, eventEmitter: EventEmitter);
+    handle(messageContext: MessageHandlerInboundMessage<DenyAccessHandler>): Promise<void>;
+}

package/build/handlers/DenyAccessHandler.js

@@ -0,0 +1,39 @@
+"use strict";
+/**
+ * Handler for deny-access messages
+ *
+ * Receives notification that access request was denied.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DenyAccessHandler = void 0;
+const messages_1 = require("../messages");
+const VaultsEvents_1 = require("../VaultsEvents");
+class DenyAccessHandler {
+    constructor(logger, eventEmitter) {
+        this.supportedMessages = [messages_1.DenyAccessMessage];
+        this.logger = logger;
+        this.eventEmitter = eventEmitter;
+    }
+    async handle(messageContext) {
+        const { agentContext, connection, message } = messageContext;
+        this.logger.warn(`Access denied for vault ${message.vaultId}: ${message.reason}`, {
+            vaultId: message.vaultId,
+            reason: message.reason,
+            message: message.message,
+            connectionId: connection?.id,
+        });
+        // Emit event for application
+        this.eventEmitter.emit(agentContext, {
+            type: VaultsEvents_1.VaultEventTypes.AccessDenied,
+            payload: {
+                vaultId: message.vaultId,
+                docId: message.docId,
+                reason: message.reason,
+                message: message.message,
+                deniedBy: connection?.id,
+            },
+        });
+    }
+}
+exports.DenyAccessHandler = DenyAccessHandler;
+//# sourceMappingURL=DenyAccessHandler.js.map

package/build/handlers/DenyAccessHandler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DenyAccessHandler.js","sourceRoot":"","sources":["../../src/handlers/DenyAccessHandler.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAMH,0CAA+C;AAC/C,kDAAiD;AAEjD,MAAa,iBAAiB;IAK5B,YAAmB,MAAc,EAAE,YAA0B;QAFtD,sBAAiB,GAAG,CAAC,4BAAiB,CAAC,CAAA;QAG5C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;IAClC,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,cAA+D;QACjF,MAAM,EAAE,YAAY,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,cAAc,CAAA;QAE5D,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,2BAA2B,OAAO,CAAC,OAAO,KAAK,OAAO,CAAC,MAAM,EAAE,EAAE;YAChF,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,YAAY,EAAE,UAAU,EAAE,EAAE;SAC7B,CAAC,CAAA;QAEF,6BAA6B;QAC7B,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,EAAE;YACnC,IAAI,EAAE,8BAAe,CAAC,YAAY;YAClC,OAAO,EAAE;gBACP,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,QAAQ,EAAE,UAAU,EAAE,EAAE;aACzB;SACF,CAAC,CAAA;IACJ,CAAC;CACF;AAhCD,8CAgCC"}

package/build/handlers/DenyShareHandler.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Handler for deny-share messages
+ *
+ * Receives notification that a share request was denied.
+ */
+import type { MessageHandler, MessageHandlerInboundMessage, Logger } from '@credo-ts/core';
+import { EventEmitter } from '@credo-ts/core';
+import { DenyShareMessage } from '../messages';
+import { ThresholdSessionRepository } from '../repository/ThresholdSessionRepository';
+export declare class DenyShareHandler implements MessageHandler {
+    private logger;
+    private sessionRepository;
+    private eventEmitter;
+    supportedMessages: (typeof DenyShareMessage)[];
+    constructor(logger: Logger, sessionRepository: ThresholdSessionRepository, eventEmitter: EventEmitter);
+    handle(messageContext: MessageHandlerInboundMessage<DenyShareHandler>): Promise<void>;
+}

package/build/handlers/DenyShareHandler.js

@@ -0,0 +1,49 @@
+"use strict";
+/**
+ * Handler for deny-share messages
+ *
+ * Receives notification that a share request was denied.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DenyShareHandler = void 0;
+const messages_1 = require("../messages");
+const VaultsEvents_1 = require("../VaultsEvents");
+class DenyShareHandler {
+    constructor(logger, sessionRepository, eventEmitter) {
+        this.supportedMessages = [messages_1.DenyShareMessage];
+        this.logger = logger;
+        this.sessionRepository = sessionRepository;
+        this.eventEmitter = eventEmitter;
+    }
+    async handle(messageContext) {
+        const { agentContext, connection, message } = messageContext;
+        this.logger.warn(`Share request denied for session ${message.sessionId}: ${message.reason}`, {
+            vaultId: message.vaultId,
+            sessionId: message.sessionId,
+            reason: message.reason,
+            message: message.message,
+            connectionId: connection?.id,
+        });
+        // Update session if it exists - mark as failed if too many denials
+        const session = await this.sessionRepository.findBySessionId(agentContext, message.sessionId);
+        if (session) {
+            // For now, just log the denial. Could track denials and fail session
+            // if too many participants deny.
+            this.logger.debug(`Share denied for session ${message.sessionId} by ${connection?.id}`);
+        }
+        // Emit event for application
+        this.eventEmitter.emit(agentContext, {
+            type: VaultsEvents_1.VaultEventTypes.ShareDenied,
+            payload: {
+                vaultId: message.vaultId,
+                docId: message.docId,
+                sessionId: message.sessionId,
+                reason: message.reason,
+                message: message.message,
+                deniedBy: connection?.id,
+            },
+        });
+    }
+}
+exports.DenyShareHandler = DenyShareHandler;
+//# sourceMappingURL=DenyShareHandler.js.map

package/build/handlers/DenyShareHandler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DenyShareHandler.js","sourceRoot":"","sources":["../../src/handlers/DenyShareHandler.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAMH,0CAA8C;AAE9C,kDAAiD;AAEjD,MAAa,gBAAgB;IAM3B,YACE,MAAc,EACd,iBAA6C,EAC7C,YAA0B;QALrB,sBAAiB,GAAG,CAAC,2BAAgB,CAAC,CAAA;QAO3C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAA;QAC1C,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;IAClC,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,cAA8D;QAChF,MAAM,EAAE,YAAY,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,cAAc,CAAA;QAE5D,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oCAAoC,OAAO,CAAC,SAAS,KAAK,OAAO,CAAC,MAAM,EAAE,EAAE;YAC3F,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,YAAY,EAAE,UAAU,EAAE,EAAE;SAC7B,CAAC,CAAA;QAEF,mEAAmE;QACnE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,eAAe,CAAC,YAAY,EAAE,OAAO,CAAC,SAAS,CAAC,CAAA;QAC7F,IAAI,OAAO,EAAE,CAAC;YACZ,qEAAqE;YACrE,iCAAiC;YACjC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,OAAO,CAAC,SAAS,OAAO,UAAU,EAAE,EAAE,EAAE,CAAC,CAAA;QACzF,CAAC;QAED,6BAA6B;QAC7B,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,EAAE;YACnC,IAAI,EAAE,8BAAe,CAAC,WAAW;YACjC,OAAO,EAAE;gBACP,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,QAAQ,EAAE,UAAU,EAAE,EAAE;aACzB;SACF,CAAC,CAAA;IACJ,CAAC;CACF;AAhDD,4CAgDC"}

package/build/handlers/GrantAccessHandler.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Handler for grant-access messages
+ *
+ * Receives CEK wrap granting us access to decrypt a vault.
+ */
+import type { MessageHandler, MessageHandlerInboundMessage, Logger } from '@credo-ts/core';
+import { EventEmitter } from '@credo-ts/core';
+import { GrantAccessMessage } from '../messages';
+import { VaultRepository } from '../repository/VaultRepository';
+export declare class GrantAccessHandler implements MessageHandler {
+    private logger;
+    private vaultRepository;
+    private eventEmitter;
+    supportedMessages: (typeof GrantAccessMessage)[];
+    constructor(logger: Logger, vaultRepository: VaultRepository, eventEmitter: EventEmitter);
+    handle(messageContext: MessageHandlerInboundMessage<GrantAccessHandler>): Promise<void>;
+}

package/build/handlers/GrantAccessHandler.js

@@ -0,0 +1,59 @@
+"use strict";
+/**
+ * Handler for grant-access messages
+ *
+ * Receives CEK wrap granting us access to decrypt a vault.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GrantAccessHandler = void 0;
+const messages_1 = require("../messages");
+const VaultsEvents_1 = require("../VaultsEvents");
+class GrantAccessHandler {
+    constructor(logger, vaultRepository, eventEmitter) {
+        this.supportedMessages = [messages_1.GrantAccessMessage];
+        this.logger = logger;
+        this.vaultRepository = vaultRepository;
+        this.eventEmitter = eventEmitter;
+    }
+    async handle(messageContext) {
+        const { agentContext, connection, message } = messageContext;
+        this.logger.info(`Access granted for vault ${message.vaultId}`, {
+            vaultId: message.vaultId,
+            wrapMethod: message.wrapMethod,
+            expiresAt: message.expiresAt,
+            connectionId: connection?.id,
+        });
+        // Find the vault record
+        const vault = await this.vaultRepository.findByVaultId(agentContext, message.vaultId);
+        if (vault) {
+            // Store the CEK wrap in metadata for later decryption
+            vault.header.metadata = {
+                ...vault.header.metadata,
+                accessGranted: {
+                    cekWrap: message.cekWrap,
+                    wrapMethod: message.wrapMethod,
+                    grantedBy: connection?.id,
+                    grantedAt: new Date().toISOString(),
+                    expiresAt: message.expiresAt,
+                    permissions: message.metadata?.permissions,
+                },
+            };
+            await this.vaultRepository.update(agentContext, vault);
+        }
+        // Emit event for application
+        this.eventEmitter.emit(agentContext, {
+            type: VaultsEvents_1.VaultEventTypes.AccessGranted,
+            payload: {
+                vaultId: message.vaultId,
+                docId: message.docId,
+                cekWrap: message.cekWrap,
+                wrapMethod: message.wrapMethod,
+                grantedBy: connection?.id,
+                expiresAt: message.expiresAt,
+                permissions: message.metadata?.permissions,
+            },
+        });
+    }
+}
+exports.GrantAccessHandler = GrantAccessHandler;
+//# sourceMappingURL=GrantAccessHandler.js.map