@ajna-inc/vaults 0.1.0 → 0.1.2

package/build/handlers/GrantAccessHandler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"GrantAccessHandler.js","sourceRoot":"","sources":["../../src/handlers/GrantAccessHandler.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAMH,0CAAgD;AAEhD,kDAAiD;AAEjD,MAAa,kBAAkB;IAM7B,YAAmB,MAAc,EAAE,eAAgC,EAAE,YAA0B;QAFxF,sBAAiB,GAAG,CAAC,6BAAkB,CAAC,CAAA;QAG7C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,IAAI,CAAC,eAAe,GAAG,eAAe,CAAA;QACtC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;IAClC,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,cAAgE;QAClF,MAAM,EAAE,YAAY,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,cAAc,CAAA;QAE5D,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4BAA4B,OAAO,CAAC,OAAO,EAAE,EAAE;YAC9D,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,YAAY,EAAE,UAAU,EAAE,EAAE;SAC7B,CAAC,CAAA;QAEF,wBAAwB;QACxB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC,CAAA;QAErF,IAAI,KAAK,EAAE,CAAC;YACV,sDAAsD;YACtD,KAAK,CAAC,MAAM,CAAC,QAAQ,GAAG;gBACtB,GAAG,KAAK,CAAC,MAAM,CAAC,QAAQ;gBACxB,aAAa,EAAE;oBACb,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,SAAS,EAAE,UAAU,EAAE,EAAE;oBACzB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACnC,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,WAAW,EAAE,OAAO,CAAC,QAAQ,EAAE,WAAW;iBAC3C;aACF,CAAA;YAED,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,YAAY,EAAE,KAAK,CAAC,CAAA;QACxD,CAAC;QAED,6BAA6B;QAC7B,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,EAAE;YACnC,IAAI,EAAE,8BAAe,CAAC,aAAa;YACnC,OAAO,EAAE;gBACP,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,SAAS,EAAE,UAAU,EAAE,EAAE;gBACzB,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,WAAW,EAAE,OAAO,CAAC,QAAQ,EAAE,WAAW;aAC3C;SACF,CAAC,CAAA;IACJ,CAAC;CACF;AAxDD,gDAwDC"}

package/build/handlers/ProvideShareHandler.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Handler for provide-share messages
+ *
+ * Receives Shamir shares for threshold vault reconstruction.
+ */
+import type { MessageHandler, MessageHandlerInboundMessage, Logger } from '@credo-ts/core';
+import { EventEmitter } from '@credo-ts/core';
+import { ProvideShareMessage } from '../messages';
+import { ThresholdSessionRepository } from '../repository/ThresholdSessionRepository';
+export declare class ProvideShareHandler implements MessageHandler {
+    private logger;
+    private sessionRepository;
+    private eventEmitter;
+    supportedMessages: (typeof ProvideShareMessage)[];
+    constructor(logger: Logger, sessionRepository: ThresholdSessionRepository, eventEmitter: EventEmitter);
+    handle(messageContext: MessageHandlerInboundMessage<ProvideShareHandler>): Promise<void>;
+}

package/build/handlers/ProvideShareHandler.js

@@ -0,0 +1,77 @@
+"use strict";
+/**
+ * Handler for provide-share messages
+ *
+ * Receives Shamir shares for threshold vault reconstruction.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ProvideShareHandler = void 0;
+const messages_1 = require("../messages");
+const VaultsEvents_1 = require("../VaultsEvents");
+class ProvideShareHandler {
+    constructor(logger, sessionRepository, eventEmitter) {
+        this.supportedMessages = [messages_1.ProvideShareMessage];
+        this.logger = logger;
+        this.sessionRepository = sessionRepository;
+        this.eventEmitter = eventEmitter;
+    }
+    async handle(messageContext) {
+        const { agentContext, connection, message } = messageContext;
+        this.logger.info(`Received share ${message.shareIdentifier} for session ${message.sessionId}`, {
+            vaultId: message.vaultId,
+            sessionId: message.sessionId,
+            shareIdentifier: message.shareIdentifier,
+            connectionId: connection?.id,
+        });
+        // Find the session
+        const session = await this.sessionRepository.findBySessionId(agentContext, message.sessionId);
+        if (!session) {
+            this.logger.warn(`Unknown session ${message.sessionId}`);
+            return;
+        }
+        // Check expiration
+        if (session.status === 'expired' || (session.expiresAt && new Date() > session.expiresAt)) {
+            this.logger.warn(`Session ${message.sessionId} has expired`);
+            return;
+        }
+        // Add share to session (store as base64url string)
+        session.addShare({
+            identifier: message.shareIdentifier,
+            data: message.shareValue, // Already base64url encoded
+            providedBy: connection?.id ?? 'unknown',
+            providedAt: new Date(),
+        });
+        await this.sessionRepository.update(agentContext, session);
+        // Emit event
+        this.eventEmitter.emit(agentContext, {
+            type: VaultsEvents_1.VaultEventTypes.ShareProvided,
+            payload: {
+                vaultId: message.vaultId,
+                docId: message.docId,
+                sessionId: message.sessionId,
+                shareIdentifier: message.shareIdentifier,
+                providedBy: connection?.id,
+                totalShares: session.shares.length,
+                threshold: session.threshold,
+            },
+        });
+        // Check if threshold met
+        if (session.shares.length >= session.threshold) {
+            session.status = 'complete';
+            await this.sessionRepository.update(agentContext, session);
+            this.eventEmitter.emit(agentContext, {
+                type: VaultsEvents_1.VaultEventTypes.ThresholdMet,
+                payload: {
+                    vaultId: message.vaultId,
+                    docId: message.docId,
+                    sessionId: message.sessionId,
+                    sharesCollected: session.shares.length,
+                    threshold: session.threshold,
+                },
+            });
+            this.logger.info(`Threshold met for session ${message.sessionId}: ${session.shares.length}/${session.threshold}`);
+        }
+    }
+}
+exports.ProvideShareHandler = ProvideShareHandler;
+//# sourceMappingURL=ProvideShareHandler.js.map

package/build/handlers/ProvideShareHandler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ProvideShareHandler.js","sourceRoot":"","sources":["../../src/handlers/ProvideShareHandler.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAMH,0CAAiD;AAEjD,kDAAiD;AAGjD,MAAa,mBAAmB;IAM9B,YACE,MAAc,EACd,iBAA6C,EAC7C,YAA0B;QALrB,sBAAiB,GAAG,CAAC,8BAAmB,CAAC,CAAA;QAO9C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAA;QAC1C,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;IAClC,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,cAAiE;QACnF,MAAM,EAAE,YAAY,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,cAAc,CAAA;QAE5D,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,OAAO,CAAC,eAAe,gBAAgB,OAAO,CAAC,SAAS,EAAE,EAAE;YAC7F,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,eAAe,EAAE,OAAO,CAAC,eAAe;YACxC,YAAY,EAAE,UAAU,EAAE,EAAE;SAC7B,CAAC,CAAA;QAEF,mBAAmB;QACnB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,eAAe,CAAC,YAAY,EAAE,OAAO,CAAC,SAAS,CAAC,CAAA;QAE7F,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mBAAmB,OAAO,CAAC,SAAS,EAAE,CAAC,CAAA;YACxD,OAAM;QACR,CAAC;QAED,mBAAmB;QACnB,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,IAAI,CAAC,OAAO,CAAC,SAAS,IAAI,IAAI,IAAI,EAAE,GAAG,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;YAC1F,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,OAAO,CAAC,SAAS,cAAc,CAAC,CAAA;YAC5D,OAAM;QACR,CAAC;QAED,mDAAmD;QACnD,OAAO,CAAC,QAAQ,CAAC;YACf,UAAU,EAAE,OAAO,CAAC,eAAe;YACnC,IAAI,EAAE,OAAO,CAAC,UAAU,EAAE,4BAA4B;YACtD,UAAU,EAAE,UAAU,EAAE,EAAE,IAAI,SAAS;YACvC,UAAU,EAAE,IAAI,IAAI,EAAE;SACvB,CAAC,CAAA;QAEF,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,OAAO,CAAC,CAAA;QAE1D,aAAa;QACb,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,EAAE;YACnC,IAAI,EAAE,8BAAe,CAAC,aAAa;YACnC,OAAO,EAAE;gBACP,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,eAAe,EAAE,OAAO,CAAC,eAAe;gBACxC,UAAU,EAAE,UAAU,EAAE,EAAE;gBAC1B,WAAW,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM;gBAClC,SAAS,EAAE,OAAO,CAAC,SAAS;aAC7B;SACF,CAAC,CAAA;QAEF,yBAAyB;QACzB,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YAC/C,OAAO,CAAC,MAAM,GAAG,UAAU,CAAA;YAC3B,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,OAAO,CAAC,CAAA;YAE1D,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,EAAE;gBACnC,IAAI,EAAE,8BAAe,CAAC,YAAY;gBAClC,OAAO,EAAE;oBACP,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,KAAK,EAAE,OAAO,CAAC,KAAK;oBACpB,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,eAAe,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM;oBACtC,SAAS,EAAE,OAAO,CAAC,SAAS;iBAC7B;aACF,CAAC,CAAA;YAEF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,6BAA6B,OAAO,CAAC,SAAS,KAAK,OAAO,CAAC,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC,CAAA;QACnH,CAAC;IACH,CAAC;CACF;AAnFD,kDAmFC"}

package/build/handlers/RequestAccessHandler.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Handler for request-access messages
+ *
+ * Receives access requests from peers wanting to decrypt a vault.
+ * Owner can approve by sending grant-access with CEK wrap.
+ */
+import type { MessageHandler, MessageHandlerInboundMessage, Logger } from '@credo-ts/core';
+import { EventEmitter, OutboundMessageContext } from '@credo-ts/core';
+import { RequestAccessMessage, DenyAccessMessage } from '../messages';
+import { VaultRepository } from '../repository/VaultRepository';
+export declare class RequestAccessHandler implements MessageHandler {
+    private logger;
+    private vaultRepository;
+    private eventEmitter;
+    supportedMessages: (typeof RequestAccessMessage)[];
+    constructor(logger: Logger, vaultRepository: VaultRepository, eventEmitter: EventEmitter);
+    handle(messageContext: MessageHandlerInboundMessage<RequestAccessHandler>): Promise<OutboundMessageContext<DenyAccessMessage> | undefined>;
+}

package/build/handlers/RequestAccessHandler.js

@@ -0,0 +1,60 @@
+"use strict";
+/**
+ * Handler for request-access messages
+ *
+ * Receives access requests from peers wanting to decrypt a vault.
+ * Owner can approve by sending grant-access with CEK wrap.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RequestAccessHandler = void 0;
+const core_1 = require("@credo-ts/core");
+const messages_1 = require("../messages");
+const VaultsEvents_1 = require("../VaultsEvents");
+class RequestAccessHandler {
+    constructor(logger, vaultRepository, eventEmitter) {
+        this.supportedMessages = [messages_1.RequestAccessMessage];
+        this.logger = logger;
+        this.vaultRepository = vaultRepository;
+        this.eventEmitter = eventEmitter;
+    }
+    async handle(messageContext) {
+        const { agentContext, connection, message } = messageContext;
+        this.logger.info(`Access request for vault ${message.vaultId} from ${message.requesterDid}`, {
+            vaultId: message.vaultId,
+            requesterDid: message.requesterDid,
+            requesterKid: message.requesterKid,
+            hasProof: !!message.proof,
+            connectionId: connection?.id,
+        });
+        // Check if we have this vault
+        const vault = await this.vaultRepository.findByVaultId(agentContext, message.vaultId);
+        if (!vault) {
+            this.logger.warn(`Access request for unknown vault ${message.vaultId}`);
+            const denyMessage = new messages_1.DenyAccessMessage({
+                vaultId: message.vaultId,
+                docId: message.docId,
+                reason: 'not-authorized',
+                message: 'Vault not found',
+            });
+            return new core_1.OutboundMessageContext(denyMessage, { agentContext, connection });
+        }
+        // Emit event for application to handle (approve/deny)
+        // Application should call grantAccess or denyAccess based on policy
+        this.eventEmitter.emit(agentContext, {
+            type: VaultsEvents_1.VaultEventTypes.AccessRequested,
+            payload: {
+                vaultId: message.vaultId,
+                docId: message.docId,
+                requesterDid: message.requesterDid,
+                requesterKid: message.requesterKid,
+                proof: message.proof,
+                connectionId: connection?.id,
+                messageId: message.id,
+            },
+        });
+        // Don't auto-respond - let application decide
+        // Application will use VaultsApi to send grant or deny
+    }
+}
+exports.RequestAccessHandler = RequestAccessHandler;
+//# sourceMappingURL=RequestAccessHandler.js.map

package/build/handlers/RequestAccessHandler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"RequestAccessHandler.js","sourceRoot":"","sources":["../../src/handlers/RequestAccessHandler.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAIH,yCAAqE;AAErE,0CAAqE;AAErE,kDAAiD;AAEjD,MAAa,oBAAoB;IAM/B,YAAmB,MAAc,EAAE,eAAgC,EAAE,YAA0B;QAFxF,sBAAiB,GAAG,CAAC,+BAAoB,CAAC,CAAA;QAG/C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,IAAI,CAAC,eAAe,GAAG,eAAe,CAAA;QACtC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;IAClC,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,cAAkE;QACpF,MAAM,EAAE,YAAY,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,cAAc,CAAA;QAE5D,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4BAA4B,OAAO,CAAC,OAAO,SAAS,OAAO,CAAC,YAAY,EAAE,EAAE;YAC3F,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,QAAQ,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK;YACzB,YAAY,EAAE,UAAU,EAAE,EAAE;SAC7B,CAAC,CAAA;QAEF,8BAA8B;QAC9B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC,CAAA;QAErF,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oCAAoC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAA;YACvE,MAAM,WAAW,GAAG,IAAI,4BAAiB,CAAC;gBACxC,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,MAAM,EAAE,gBAAgB;gBACxB,OAAO,EAAE,iBAAiB;aAC3B,CAAC,CAAA;YACF,OAAO,IAAI,6BAAsB,CAAC,WAAW,EAAE,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC,CAAA;QAC9E,CAAC;QAED,sDAAsD;QACtD,oEAAoE;QACpE,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,EAAE;YACnC,IAAI,EAAE,8BAAe,CAAC,eAAe;YACrC,OAAO,EAAE;gBACP,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,YAAY,EAAE,UAAU,EAAE,EAAE;gBAC5B,SAAS,EAAE,OAAO,CAAC,EAAE;aACtB;SACF,CAAC,CAAA;QAEF,8CAA8C;QAC9C,uDAAuD;IACzD,CAAC;CACF;AAvDD,oDAuDC"}

package/build/handlers/RequestShareHandler.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Handler for request-share messages
+ *
+ * Receives requests for Shamir shares in threshold vault decryption.
+ */
+import type { MessageHandler, MessageHandlerInboundMessage, Logger } from '@credo-ts/core';
+import { EventEmitter, OutboundMessageContext } from '@credo-ts/core';
+import { RequestShareMessage, DenyShareMessage } from '../messages';
+import { VaultRepository } from '../repository/VaultRepository';
+import { ThresholdSessionRepository } from '../repository/ThresholdSessionRepository';
+export declare class RequestShareHandler implements MessageHandler {
+    private logger;
+    private vaultRepository;
+    private sessionRepository;
+    private eventEmitter;
+    supportedMessages: (typeof RequestShareMessage)[];
+    constructor(logger: Logger, vaultRepository: VaultRepository, sessionRepository: ThresholdSessionRepository, eventEmitter: EventEmitter);
+    handle(messageContext: MessageHandlerInboundMessage<RequestShareHandler>): Promise<OutboundMessageContext<DenyShareMessage> | undefined>;
+}

package/build/handlers/RequestShareHandler.js

@@ -0,0 +1,70 @@
+"use strict";
+/**
+ * Handler for request-share messages
+ *
+ * Receives requests for Shamir shares in threshold vault decryption.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RequestShareHandler = void 0;
+const core_1 = require("@credo-ts/core");
+const messages_1 = require("../messages");
+const VaultsEvents_1 = require("../VaultsEvents");
+class RequestShareHandler {
+    constructor(logger, vaultRepository, sessionRepository, eventEmitter) {
+        this.supportedMessages = [messages_1.RequestShareMessage];
+        this.logger = logger;
+        this.vaultRepository = vaultRepository;
+        this.sessionRepository = sessionRepository;
+        this.eventEmitter = eventEmitter;
+    }
+    async handle(messageContext) {
+        const { agentContext, connection, message } = messageContext;
+        this.logger.info(`Share request for vault ${message.vaultId} session ${message.sessionId}`, {
+            vaultId: message.vaultId,
+            sessionId: message.sessionId,
+            requesterDid: message.requesterDid,
+            shareIdentifier: message.shareIdentifier,
+            connectionId: connection?.id,
+        });
+        // Verify vault exists
+        const vault = await this.vaultRepository.findByVaultId(agentContext, message.vaultId);
+        if (!vault) {
+            const denyMessage = new messages_1.DenyShareMessage({
+                vaultId: message.vaultId,
+                docId: message.docId,
+                sessionId: message.sessionId,
+                reason: 'not-authorized',
+                message: 'Vault not found',
+            });
+            return new core_1.OutboundMessageContext(denyMessage, { agentContext, connection });
+        }
+        // Check if it's a threshold vault
+        if (vault.header.policy?.mode !== 'threshold') {
+            const denyMessage = new messages_1.DenyShareMessage({
+                vaultId: message.vaultId,
+                docId: message.docId,
+                sessionId: message.sessionId,
+                reason: 'policy-violation',
+                message: 'Not a threshold vault',
+            });
+            return new core_1.OutboundMessageContext(denyMessage, { agentContext, connection });
+        }
+        // Emit event for application to handle
+        // Application should validate requester and send provide-share if approved
+        this.eventEmitter.emit(agentContext, {
+            type: VaultsEvents_1.VaultEventTypes.ShareRequested,
+            payload: {
+                vaultId: message.vaultId,
+                docId: message.docId,
+                sessionId: message.sessionId,
+                requesterDid: message.requesterDid,
+                shareIdentifier: message.shareIdentifier,
+                connectionId: connection?.id,
+                messageId: message.id,
+            },
+        });
+        // Don't auto-respond - let application decide
+    }
+}
+exports.RequestShareHandler = RequestShareHandler;
+//# sourceMappingURL=RequestShareHandler.js.map

package/build/handlers/RequestShareHandler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"RequestShareHandler.js","sourceRoot":"","sources":["../../src/handlers/RequestShareHandler.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAIH,yCAAqE;AAErE,0CAAmE;AAGnE,kDAAiD;AAEjD,MAAa,mBAAmB;IAO9B,YACE,MAAc,EACd,eAAgC,EAChC,iBAA6C,EAC7C,YAA0B;QANrB,sBAAiB,GAAG,CAAC,8BAAmB,CAAC,CAAA;QAQ9C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,IAAI,CAAC,eAAe,GAAG,eAAe,CAAA;QACtC,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAA;QAC1C,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;IAClC,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,cAAiE;QACnF,MAAM,EAAE,YAAY,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,cAAc,CAAA;QAE5D,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,2BAA2B,OAAO,CAAC,OAAO,YAAY,OAAO,CAAC,SAAS,EAAE,EAAE;YAC1F,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,eAAe,EAAE,OAAO,CAAC,eAAe;YACxC,YAAY,EAAE,UAAU,EAAE,EAAE;SAC7B,CAAC,CAAA;QAEF,sBAAsB;QACtB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC,CAAA;QAErF,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,WAAW,GAAG,IAAI,2BAAgB,CAAC;gBACvC,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,MAAM,EAAE,gBAAgB;gBACxB,OAAO,EAAE,iBAAiB;aAC3B,CAAC,CAAA;YACF,OAAO,IAAI,6BAAsB,CAAC,WAAW,EAAE,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC,CAAA;QAC9E,CAAC;QAED,kCAAkC;QAClC,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,KAAK,WAAW,EAAE,CAAC;YAC9C,MAAM,WAAW,GAAG,IAAI,2BAAgB,CAAC;gBACvC,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,MAAM,EAAE,kBAAkB;gBAC1B,OAAO,EAAE,uBAAuB;aACjC,CAAC,CAAA;YACF,OAAO,IAAI,6BAAsB,CAAC,WAAW,EAAE,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC,CAAA;QAC9E,CAAC;QAED,uCAAuC;QACvC,2EAA2E;QAC3E,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,EAAE;YACnC,IAAI,EAAE,8BAAe,CAAC,cAAc;YACpC,OAAO,EAAE;gBACP,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,eAAe,EAAE,OAAO,CAAC,eAAe;gBACxC,YAAY,EAAE,UAAU,EAAE,EAAE;gBAC5B,SAAS,EAAE,OAAO,CAAC,EAAE;aACtB;SACF,CAAC,CAAA;QAEF,8CAA8C;IAChD,CAAC;CACF;AAzED,kDAyEC"}

package/build/handlers/RequestStorageHandler.d.ts

@@ -0,0 +1,53 @@
+/**
+ * Handler for request-storage messages
+ *
+ * Handles storage allocation requests from vault owners.
+ * Used by agents acting as vault operators.
+ */
+import type { MessageHandler, MessageHandlerInboundMessage, Logger } from '@credo-ts/core';
+import { EventEmitter, OutboundMessageContext } from '@credo-ts/core';
+import { RequestStorageMessage } from '../messages/RequestStorageMessage';
+import { ProvideStorageMessage } from '../messages/ProvideStorageMessage';
+import { VaultProblemReportMessage } from '../messages/VaultProblemReportMessage';
+import { VaultStorageService } from '../storage/VaultStorageService';
+/**
+ * Storage allocation policy
+ */
+export interface StorageAllocationPolicy {
+    /** Maximum file size per vault (bytes) */
+    maxFileSize: number;
+    /** Maximum total storage per connection (bytes) */
+    maxTotalStorage: number;
+    /** Allowed content types */
+    allowedContentTypes?: string[];
+    /** Allowed purposes */
+    allowedPurposes?: string[];
+    /** Default storage duration (seconds, 0 = permanent) */
+    defaultDuration?: number;
+}
+export declare class RequestStorageHandler implements MessageHandler {
+    private logger;
+    private storageService;
+    private eventEmitter;
+    private policy;
+    private connectionUsage;
+    supportedMessages: (typeof RequestStorageMessage)[];
+    constructor(logger: Logger, storageService: VaultStorageService, eventEmitter: EventEmitter, policy?: Partial<StorageAllocationPolicy>);
+    handle(messageContext: MessageHandlerInboundMessage<RequestStorageHandler>): Promise<OutboundMessageContext<VaultProblemReportMessage> | OutboundMessageContext<ProvideStorageMessage>>;
+    /**
+     * Validate storage request against policy
+     */
+    private validateRequest;
+    /**
+     * Get remaining quota for a connection
+     */
+    private getRemainingQuota;
+    /**
+     * Update policy
+     */
+    updatePolicy(policy: Partial<StorageAllocationPolicy>): void;
+    /**
+     * Reset usage tracking for a connection
+     */
+    resetUsage(connectionId: string): void;
+}

package/build/handlers/RequestStorageHandler.js

@@ -0,0 +1,158 @@
+"use strict";
+/**
+ * Handler for request-storage messages
+ *
+ * Handles storage allocation requests from vault owners.
+ * Used by agents acting as vault operators.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RequestStorageHandler = void 0;
+const core_1 = require("@credo-ts/core");
+const RequestStorageMessage_1 = require("../messages/RequestStorageMessage");
+const ProvideStorageMessage_1 = require("../messages/ProvideStorageMessage");
+const VaultProblemReportMessage_1 = require("../messages/VaultProblemReportMessage");
+const VaultsEvents_1 = require("../VaultsEvents");
+const DEFAULT_POLICY = {
+    maxFileSize: 100 * 1024 * 1024, // 100 MB
+    maxTotalStorage: 1024 * 1024 * 1024, // 1 GB
+    defaultDuration: 0,
+};
+class RequestStorageHandler {
+    constructor(logger, storageService, eventEmitter, policy) {
+        this.connectionUsage = new Map();
+        this.supportedMessages = [RequestStorageMessage_1.RequestStorageMessage];
+        this.logger = logger;
+        this.storageService = storageService;
+        this.eventEmitter = eventEmitter;
+        this.policy = { ...DEFAULT_POLICY, ...policy };
+    }
+    async handle(messageContext) {
+        const { agentContext, connection, message } = messageContext;
+        this.logger.debug(`Received storage request for vault ${message.vaultId} (${message.size} bytes)`);
+        // Validate storage is configured
+        if (!this.storageService.isConfigured()) {
+            this.logger.warn('Storage service not configured, rejecting request');
+            return new core_1.OutboundMessageContext(new VaultProblemReportMessage_1.VaultProblemReportMessage({
+                threadId: message.threadId,
+                code: 'storage-unavailable',
+                description: 'Vault operator storage is not configured',
+            }), { agentContext, connection });
+        }
+        // Validate request against policy
+        const validationError = this.validateRequest(message, connection?.id);
+        if (validationError) {
+            this.logger.warn(`Storage request rejected: ${validationError}`);
+            return new core_1.OutboundMessageContext(new VaultProblemReportMessage_1.VaultProblemReportMessage({
+                threadId: message.threadId,
+                code: 'policy-violation',
+                description: validationError,
+            }), { agentContext, connection });
+        }
+        try {
+            // Generate pre-signed upload URL
+            const uploadInfo = await this.storageService.generateUploadUrl(message.vaultId, {
+                contentType: message.contentType,
+                maxSize: message.size,
+                expiresIn: 3600, // 1 hour
+            });
+            // Track storage allocation
+            if (connection?.id) {
+                const currentUsage = this.connectionUsage.get(connection.id) || 0;
+                this.connectionUsage.set(connection.id, currentUsage + message.size);
+            }
+            // Emit event
+            this.eventEmitter.emit(agentContext, {
+                type: VaultsEvents_1.VaultEventTypes.StorageAllocated,
+                payload: {
+                    vaultId: message.vaultId,
+                    docId: message.docId,
+                    size: message.size,
+                    allocatedTo: connection?.id,
+                    storageUri: uploadInfo.finalUri,
+                },
+            });
+            // Respond with storage details
+            const response = new ProvideStorageMessage_1.ProvideStorageMessage({
+                threadId: message.id,
+                vaultId: message.vaultId,
+                docId: message.docId,
+                upload: {
+                    uploadUrl: uploadInfo.uploadUrl,
+                    method: uploadInfo.method,
+                    headers: uploadInfo.headers,
+                    expiresAt: uploadInfo.expiresAt,
+                    maxSize: this.policy.maxFileSize,
+                },
+                location: {
+                    type: 's3',
+                    storageUri: uploadInfo.finalUri,
+                    storageKey: uploadInfo.storageKey,
+                },
+                quotaRemaining: this.getRemainingQuota(connection?.id),
+            });
+            this.logger.info(`Allocated storage for vault ${message.vaultId}: ${uploadInfo.finalUri}`);
+            return new core_1.OutboundMessageContext(response, { agentContext, connection });
+        }
+        catch (error) {
+            this.logger.error('Failed to allocate storage', { error });
+            return new core_1.OutboundMessageContext(new VaultProblemReportMessage_1.VaultProblemReportMessage({
+                threadId: message.threadId,
+                code: 'storage-error',
+                description: `Failed to allocate storage: ${error instanceof Error ? error.message : 'Unknown error'}`,
+            }), { agentContext, connection });
+        }
+    }
+    /**
+     * Validate storage request against policy
+     */
+    validateRequest(message, connectionId) {
+        // Check file size
+        if (message.size > this.policy.maxFileSize) {
+            return `File size ${message.size} exceeds maximum ${this.policy.maxFileSize} bytes`;
+        }
+        // Check total storage quota
+        if (connectionId) {
+            const currentUsage = this.connectionUsage.get(connectionId) || 0;
+            if (currentUsage + message.size > this.policy.maxTotalStorage) {
+                return `Storage quota exceeded. Used: ${currentUsage}, Requested: ${message.size}, Max: ${this.policy.maxTotalStorage}`;
+            }
+        }
+        // Check content type
+        if (this.policy.allowedContentTypes && message.contentType) {
+            if (!this.policy.allowedContentTypes.includes(message.contentType)) {
+                return `Content type ${message.contentType} not allowed`;
+            }
+        }
+        // Check purpose
+        if (this.policy.allowedPurposes && message.purpose) {
+            if (!this.policy.allowedPurposes.includes(message.purpose)) {
+                return `Purpose ${message.purpose} not allowed`;
+            }
+        }
+        return null;
+    }
+    /**
+     * Get remaining quota for a connection
+     */
+    getRemainingQuota(connectionId) {
+        if (!connectionId) {
+            return this.policy.maxTotalStorage;
+        }
+        const used = this.connectionUsage.get(connectionId) || 0;
+        return Math.max(0, this.policy.maxTotalStorage - used);
+    }
+    /**
+     * Update policy
+     */
+    updatePolicy(policy) {
+        this.policy = { ...this.policy, ...policy };
+    }
+    /**
+     * Reset usage tracking for a connection
+     */
+    resetUsage(connectionId) {
+        this.connectionUsage.delete(connectionId);
+    }
+}
+exports.RequestStorageHandler = RequestStorageHandler;
+//# sourceMappingURL=RequestStorageHandler.js.map

package/build/handlers/RequestStorageHandler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"RequestStorageHandler.js","sourceRoot":"","sources":["../../src/handlers/RequestStorageHandler.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAIH,yCAAqE;AAErE,6EAAyE;AACzE,6EAAyE;AACzE,qFAAiF;AAEjF,kDAAiD;AAkBjD,MAAM,cAAc,GAA4B;IAC9C,WAAW,EAAE,GAAG,GAAG,IAAI,GAAG,IAAI,EAAE,SAAS;IACzC,eAAe,EAAE,IAAI,GAAG,IAAI,GAAG,IAAI,EAAE,OAAO;IAC5C,eAAe,EAAE,CAAC;CACnB,CAAA;AAED,MAAa,qBAAqB;IAShC,YACE,MAAc,EACd,cAAmC,EACnC,YAA0B,EAC1B,MAAyC;QARnC,oBAAe,GAAwB,IAAI,GAAG,EAAE,CAAA;QAEjD,sBAAiB,GAAG,CAAC,6CAAqB,CAAC,CAAA;QAQhD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,IAAI,CAAC,cAAc,GAAG,cAAc,CAAA;QACpC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;QAChC,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,MAAM,EAAE,CAAA;IAChD,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,cAAmE;QACrF,MAAM,EAAE,YAAY,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,cAAc,CAAA;QAE5D,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,sCAAsC,OAAO,CAAC,OAAO,KAAK,OAAO,CAAC,IAAI,SAAS,CAAC,CAAA;QAElG,iCAAiC;QACjC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,EAAE,CAAC;YACxC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAA;YACrE,OAAO,IAAI,6BAAsB,CAC/B,IAAI,qDAAyB,CAAC;gBAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,IAAI,EAAE,qBAAqB;gBAC3B,WAAW,EAAE,0CAA0C;aACxD,CAAC,EACF,EAAE,YAAY,EAAE,UAAU,EAAE,CAC7B,CAAA;QACH,CAAC;QAED,kCAAkC;QAClC,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,CAAC,CAAA;QACrE,IAAI,eAAe,EAAE,CAAC;YACpB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,6BAA6B,eAAe,EAAE,CAAC,CAAA;YAChE,OAAO,IAAI,6BAAsB,CAC/B,IAAI,qDAAyB,CAAC;gBAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,IAAI,EAAE,kBAAkB;gBACxB,WAAW,EAAE,eAAe;aAC7B,CAAC,EACF,EAAE,YAAY,EAAE,UAAU,EAAE,CAC7B,CAAA;QACH,CAAC;QAED,IAAI,CAAC;YACH,iCAAiC;YACjC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,OAAO,CAAC,OAAO,EAAE;gBAC9E,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,OAAO,EAAE,OAAO,CAAC,IAAI;gBACrB,SAAS,EAAE,IAAI,EAAE,SAAS;aAC3B,CAAC,CAAA;YAEF,2BAA2B;YAC3B,IAAI,UAAU,EAAE,EAAE,EAAE,CAAC;gBACnB,MAAM,YAAY,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC,IAAI,CAAC,CAAA;gBACjE,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;YACtE,CAAC;YAED,aAAa;YACb,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,EAAE;gBACnC,IAAI,EAAE,8BAAe,CAAC,gBAAgB;gBACtC,OAAO,EAAE;oBACP,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,KAAK,EAAE,OAAO,CAAC,KAAK;oBACpB,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,WAAW,EAAE,UAAU,EAAE,EAAE;oBAC3B,UAAU,EAAE,UAAU,CAAC,QAAQ;iBAChC;aACF,CAAC,CAAA;YAEF,+BAA+B;YAC/B,MAAM,QAAQ,GAAG,IAAI,6CAAqB,CAAC;gBACzC,QAAQ,EAAE,OAAO,CAAC,EAAE;gBACpB,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,MAAM,EAAE;oBACN,SAAS,EAAE,UAAU,CAAC,SAAS;oBAC/B,MAAM,EAAE,UAAU,CAAC,MAAM;oBACzB,OAAO,EAAE,UAAU,CAAC,OAAO;oBAC3B,SAAS,EAAE,UAAU,CAAC,SAAS;oBAC/B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;iBACjC;gBACD,QAAQ,EAAE;oBACR,IAAI,EAAE,IAAI;oBACV,UAAU,EAAE,UAAU,CAAC,QAAQ;oBAC/B,UAAU,EAAE,UAAU,CAAC,UAAU;iBAClC;gBACD,cAAc,EAAE,IAAI,CAAC,iBAAiB,CAAC,UAAU,EAAE,EAAE,CAAC;aACvD,CAAC,CAAA;YAEF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+BAA+B,OAAO,CAAC,OAAO,KAAK,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAA;YAE1F,OAAO,IAAI,6BAAsB,CAAC,QAAQ,EAAE,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC,CAAA;QAC3E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;YAC1D,OAAO,IAAI,6BAAsB,CAC/B,IAAI,qDAAyB,CAAC;gBAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,IAAI,EAAE,eAAe;gBACrB,WAAW,EAAE,+BAA+B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;aACvG,CAAC,EACF,EAAE,YAAY,EAAE,UAAU,EAAE,CAC7B,CAAA;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,OAA8B,EAAE,YAAqB;QAC3E,kBAAkB;QAClB,IAAI,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YAC3C,OAAO,aAAa,OAAO,CAAC,IAAI,oBAAoB,IAAI,CAAC,MAAM,CAAC,WAAW,QAAQ,CAAA;QACrF,CAAC;QAED,4BAA4B;QAC5B,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,YAAY,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,CAAC,CAAA;YAChE,IAAI,YAAY,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;gBAC9D,OAAO,iCAAiC,YAAY,gBAAgB,OAAO,CAAC,IAAI,UAAU,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAA;YACzH,CAAC;QACH,CAAC;QAED,qBAAqB;QACrB,IAAI,IAAI,CAAC,MAAM,CAAC,mBAAmB,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YAC3D,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;gBACnE,OAAO,gBAAgB,OAAO,CAAC,WAAW,cAAc,CAAA;YAC1D,CAAC;QACH,CAAC;QAED,gBAAgB;QAChB,IAAI,IAAI,CAAC,MAAM,CAAC,eAAe,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACnD,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3D,OAAO,WAAW,OAAO,CAAC,OAAO,cAAc,CAAA;YACjD,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAA;IACb,CAAC;IAED;;OAEG;IACK,iBAAiB,CAAC,YAAqB;QAC7C,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO,IAAI,CAAC,MAAM,CAAC,eAAe,CAAA;QACpC,CAAC;QACD,MAAM,IAAI,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,CAAC,CAAA;QACxD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe,GAAG,IAAI,CAAC,CAAA;IACxD,CAAC;IAED;;OAEG;IACI,YAAY,CAAC,MAAwC;QAC1D,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAA;IAC7C,CAAC;IAED;;OAEG;IACI,UAAU,CAAC,YAAoB;QACpC,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,YAAY,CAAC,CAAA;IAC3C,CAAC;CACF;AA7KD,sDA6KC"}

package/build/handlers/RetrieveVaultHandler.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Handler for retrieve-vault messages
+ *
+ * When a peer requests vault data, this handler:
+ * 1. Validates the request
+ * 2. Checks if requester has access to the vault
+ * 3. Returns the encrypted vault data or an error
+ */
+import type { MessageHandler, MessageHandlerInboundMessage } from '@credo-ts/core';
+import { OutboundMessageContext } from '@credo-ts/core';
+import { RetrieveVaultMessage, VaultDataMessage, VaultProblemReportMessage } from '../messages';
+import { VaultService } from '../services/VaultService';
+export declare class RetrieveVaultHandler implements MessageHandler {
+    private vaultService;
+    supportedMessages: (typeof RetrieveVaultMessage)[];
+    constructor(vaultService: VaultService);
+    handle(messageContext: MessageHandlerInboundMessage<RetrieveVaultHandler>): Promise<OutboundMessageContext<VaultProblemReportMessage> | OutboundMessageContext<VaultDataMessage>>;
+}

package/build/handlers/RetrieveVaultHandler.js

@@ -0,0 +1,65 @@
+"use strict";
+/**
+ * Handler for retrieve-vault messages
+ *
+ * When a peer requests vault data, this handler:
+ * 1. Validates the request
+ * 2. Checks if requester has access to the vault
+ * 3. Returns the encrypted vault data or an error
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RetrieveVaultHandler = void 0;
+const core_1 = require("@credo-ts/core");
+const messages_1 = require("../messages");
+class RetrieveVaultHandler {
+    constructor(vaultService) {
+        this.supportedMessages = [messages_1.RetrieveVaultMessage];
+        this.vaultService = vaultService;
+    }
+    async handle(messageContext) {
+        const { agentContext, connection, message } = messageContext;
+        // Require connection for vault operations
+        if (!connection) {
+            return new core_1.OutboundMessageContext(new messages_1.VaultProblemReportMessage({
+                errorCode: messages_1.VaultErrorCodes.ACCESS_DENIED,
+                description: 'Connection required for vault operations',
+            }), { agentContext });
+        }
+        try {
+            // Get vault record
+            const vaultRecord = await this.vaultService.getVaultRecord(agentContext, message.vaultId);
+            if (!vaultRecord) {
+                return new core_1.OutboundMessageContext(new messages_1.VaultProblemReportMessage({
+                    vaultId: message.vaultId,
+                    errorCode: messages_1.VaultErrorCodes.NOT_FOUND,
+                    description: `Vault not found: ${message.vaultId}`,
+                }), { agentContext, connection });
+            }
+            // TODO: Add access control check
+            // For now, any connected peer can retrieve vaults
+            // In production, we should check if the connection is authorized
+            // Return vault data
+            const responseMessage = new messages_1.VaultDataMessage({
+                threadId: message.threadId,
+                vaultId: vaultRecord.vaultId,
+                docId: vaultRecord.docId,
+                header: vaultRecord.header,
+                ciphertext: vaultRecord.ciphertext,
+            });
+            return new core_1.OutboundMessageContext(responseMessage, {
+                agentContext,
+                connection,
+            });
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            return new core_1.OutboundMessageContext(new messages_1.VaultProblemReportMessage({
+                vaultId: message.vaultId,
+                errorCode: messages_1.VaultErrorCodes.STORAGE_ERROR,
+                description: `Failed to retrieve vault: ${errorMessage}`,
+            }), { agentContext, connection });
+        }
+    }
+}
+exports.RetrieveVaultHandler = RetrieveVaultHandler;
+//# sourceMappingURL=RetrieveVaultHandler.js.map

package/build/handlers/RetrieveVaultHandler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"RetrieveVaultHandler.js","sourceRoot":"","sources":["../../src/handlers/RetrieveVaultHandler.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAIH,yCAAuD;AAEvD,0CAAgH;AAGhH,MAAa,oBAAoB;IAI/B,YAAmB,YAA0B;QAFtC,sBAAiB,GAAG,CAAC,+BAAoB,CAAC,CAAA;QAG/C,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;IAClC,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,cAAkE;QACpF,MAAM,EAAE,YAAY,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,cAAc,CAAA;QAE5D,0CAA0C;QAC1C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,IAAI,6BAAsB,CAC/B,IAAI,oCAAyB,CAAC;gBAC5B,SAAS,EAAE,0BAAe,CAAC,aAAa;gBACxC,WAAW,EAAE,0CAA0C;aACxD,CAAC,EACF,EAAE,YAAY,EAAE,CACjB,CAAA;QACH,CAAC;QAED,IAAI,CAAC;YACH,mBAAmB;YACnB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC,CAAA;YAEzF,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO,IAAI,6BAAsB,CAC/B,IAAI,oCAAyB,CAAC;oBAC5B,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,SAAS,EAAE,0BAAe,CAAC,SAAS;oBACpC,WAAW,EAAE,oBAAoB,OAAO,CAAC,OAAO,EAAE;iBACnD,CAAC,EACF,EAAE,YAAY,EAAE,UAAU,EAAE,CAC7B,CAAA;YACH,CAAC;YAED,iCAAiC;YACjC,kDAAkD;YAClD,iEAAiE;YAEjE,oBAAoB;YACpB,MAAM,eAAe,GAAG,IAAI,2BAAgB,CAAC;gBAC3C,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,OAAO,EAAE,WAAW,CAAC,OAAO;gBAC5B,KAAK,EAAE,WAAW,CAAC,KAAK;gBACxB,MAAM,EAAE,WAAW,CAAC,MAAM;gBAC1B,UAAU,EAAE,WAAW,CAAC,UAAU;aACnC,CAAC,CAAA;YAEF,OAAO,IAAI,6BAAsB,CAAC,eAAe,EAAE;gBACjD,YAAY;gBACZ,UAAU;aACX,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAA;YAC7E,OAAO,IAAI,6BAAsB,CAC/B,IAAI,oCAAyB,CAAC;gBAC5B,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,SAAS,EAAE,0BAAe,CAAC,aAAa;gBACxC,WAAW,EAAE,6BAA6B,YAAY,EAAE;aACzD,CAAC,EACF,EAAE,YAAY,EAAE,UAAU,EAAE,CAC7B,CAAA;QACH,CAAC;IACH,CAAC;CACF;AAlED,oDAkEC"}

package/build/handlers/StoreVaultHandler.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Handler for store-vault messages
+ *
+ * Receives and stores a vault sent from a peer.
+ * Used when receiving a signing vault or shared vault.
+ */
+import type { MessageHandler, MessageHandlerInboundMessage } from '@credo-ts/core';
+import { EventEmitter, OutboundMessageContext } from '@credo-ts/core';
+import { StoreVaultMessage, VaultStoredAckMessage } from '../messages';
+import { VaultRepository } from '../repository/VaultRepository';
+export declare class StoreVaultHandler implements MessageHandler {
+    private vaultRepository;
+    private eventEmitter;
+    supportedMessages: (typeof StoreVaultMessage)[];
+    constructor(vaultRepository: VaultRepository, eventEmitter: EventEmitter);
+    handle(messageContext: MessageHandlerInboundMessage<StoreVaultHandler>): Promise<OutboundMessageContext<VaultStoredAckMessage>>;
+}