@cubist-labs/cubesigner-sdk 0.4.209 → 0.4.217

package/src/client/api_client.ts

@@ -58,6 +58,8 @@ import type {
   DiffieHellmanRequest,
   DiffieHellmanResponse,
   KeyInfoJwt,
+  ContactLabel,
+  ContactAddressData,
 } from "../schema_types";
 import { encodeToBase64 } from "../util";
 import {
@@ -983,7 +985,7 @@ export class ApiClient extends BaseClient {
 
   // #endregion
 
-  // #region ORG CONTACTS: contactCreate, contactGet, contactsList, contactDelete, contactUpdate
+  // #region ORG CONTACTS: contactCreate, contactGet, contactsList, contactDelete, contactUpdate, contactLookupByAddress
 
   /**
    * Creates a new contact in the organization-wide address book. The
@@ -994,6 +996,7 @@ export class ApiClient extends BaseClient {
    * @param addresses The addresses associated with the contact.
    * @param metadata Metadata associated with the contact. Intended for use as a description.
    * @param editPolicy The edit policy for the contact, determining when and who can edit this contact.
+   * @param labels The optional labels for the contact.
    * @returns The newly created contact.
    */
   async contactCreate(
@@ -1001,6 +1004,7 @@ export class ApiClient extends BaseClient {
     addresses?: AddressMap,
     metadata?: JsonValue,
     editPolicy?: EditPolicy,
+    labels?: ContactLabel[],
   ): Promise<ContactInfo> {
     const o = op("/v0/org/{org_id}/contacts", "post");
     return this.exec(o, {
@@ -1009,6 +1013,7 @@ export class ApiClient extends BaseClient {
         addresses,
         metadata,
         edit_policy: editPolicy,
+        labels,
       },
     });
   }
@@ -1030,20 +1035,43 @@ export class ApiClient extends BaseClient {
   /**
    * Lists contacts in the org.
    *
-   * @param page The optional pagination options. Defaults to getting every contact.
+   * @param page The optional pagination options. Defaults to getting every page.
+   * @param search The optional search query. Either `label:...`, which will
+   * return contacts with the label provided after the ':'; or an address
+   * search, where all returned contacts will have an address starting with, or
+   * equalling, the given search string.
    * @returns Paginator for iterating over the contacts in the org.
    */
-  contactsList(page?: PageOpts): Paginator<ListContactsResponse, ContactInfo[]> {
+  contactsList(
+    page?: PageOpts,
+    search?: `label:${ContactLabel}` | string,
+  ): Paginator<ListContactsResponse, ContactInfo[]> {
     const o = op("/v0/org/{org_id}/contacts", "get");
 
     return Paginator.items(
       page ?? Page.default(),
-      (query) => this.exec(o, { params: { query } }),
+      (pageQuery) => this.exec(o, { params: { query: { search, ...pageQuery } } }),
       (r) => r.contacts,
       (r) => r.last_evaluated_key,
     );
   }
 
+  /**
+   * Returns all contacts in the org that have the given address.
+   *
+   * When querying with an EVM address without a chain, this endpoint returns
+   * contacts with that address on *any* EVM chain, including those without a chain
+   * defined.
+   *
+   * @param address The address all returned contacts must have.
+   * @returns Contacts in the org with that address.
+   */
+  async contactLookupByAddress(address: ContactAddressData): Promise<ContactInfo[]> {
+    const o = op("/v0/org/{org_id}/contacts/by-address", "post");
+
+    return (await this.exec(o, { body: address })).contacts;
+  }
+
   /**
    * Delete a contact, specified by its ID.
    *
@@ -1366,21 +1394,24 @@ export class ApiClient extends BaseClient {
    * @param name The name of the policy.
    * @param type The type of the policy.
    * @param rules The policy rules.
+   * @param acl Optional list of policy access control entries.
    * @returns The the new policy's info.
    */
   async policyCreate(
     name: string,
     type: PolicyType,
     rules: KeyPolicy | RolePolicy | { hash: string }[],
+    acl?: JsonValue[],
   ): Promise<PolicyInfo> {
     const o = op("/v0/org/{org_id}/policies", "post");
-    return await this.exec(o, {
+    return (await this.exec(o, {
       body: {
         name,
         policy_type: type,
         rules,
+        acl,
       },
-    });
+    })) as PolicyInfo;
   }
 
   /**
@@ -1392,25 +1423,29 @@ export class ApiClient extends BaseClient {
    */
   async policyGet(policyId: string, version: policy.Version): Promise<PolicyInfo> {
     const o = op("/v0/org/{org_id}/policies/{policy_id}/{version}", "get");
-    return this.exec(o, {
+    return (await this.exec(o, {
       params: { path: { policy_id: policyId, version } },
-    });
+    })) as PolicyInfo;
   }
 
   /**
    * List all named policies in the org.
    *
    * @param page Pagination options. Defaults to fetching the entire result set.
+   * @param policyType The optional type of policies to fetch. Defaults to fetching all named policies regardless of type.
    * @returns Paginator for iterating over policies.
    */
-  policiesList(page?: PageOpts): Paginator<ListPoliciesResponse, PolicyInfo[]> {
+  policiesList(
+    page?: PageOpts,
+    policyType?: PolicyType,
+  ): Paginator<ListPoliciesResponse, PolicyInfo[]> {
     const o = op("/v0/org/{org_id}/policies", "get");
     return Paginator.items(
       page ?? Page.default(),
-      (query) => this.exec(o, { params: { query } }),
+      (pageQuery) => this.exec(o, { params: { query: { policy_type: policyType, ...pageQuery } } }),
       (r) => r.policies,
       (r) => r.last_evaluated_key,
-    );
+    ) as Paginator<ListPoliciesResponse, PolicyInfo[]>;
   }
 
   /**
@@ -1433,7 +1468,11 @@ export class ApiClient extends BaseClient {
         body: request,
         headers,
       });
-    return await CubeSignerResponse.create(this.env, signFn, mfaReceipt);
+    return (await CubeSignerResponse.create(
+      this.env,
+      signFn,
+      mfaReceipt,
+    )) as CubeSignerResponse<PolicyInfo>;
   }
 
   /**
@@ -1526,6 +1565,7 @@ export class ApiClient extends BaseClient {
     });
     return signerSessionFromSessionInfo(this.sessionMeta, data, {
       purpose,
+      org_id: this.orgId,
     });
   }
 
@@ -1563,6 +1603,7 @@ export class ApiClient extends BaseClient {
       return mapResponse(resp, (sessionInfo) =>
         signerSessionFromSessionInfo(this.sessionMeta, sessionInfo, {
           purpose,
+          org_id: this.orgId,
         }),
       );
     };
@@ -1600,6 +1641,7 @@ export class ApiClient extends BaseClient {
 
     return signerSessionFromSessionInfo(this.sessionMeta, data, {
       role_id: roleId,
+      org_id: this.orgId,
       purpose,
     });
   }

package/src/client/base_client.ts

@@ -259,7 +259,7 @@ export class BaseClient extends EventEmitter<ClientEvents> {
 export function signerSessionFromSessionInfo(
   meta: SessionMetadata,
   info: NewSessionResponse,
-  ctx: Partial<{ purpose: string; role_id: string }>,
+  ctx: Partial<{ purpose: string; role_id: string; org_id: string }>,
 ): SessionData {
   return {
     env: meta.env,

package/src/contact.ts

@@ -9,7 +9,7 @@ import type {
   UpdateContactRequest,
 } from ".";
 import { CubeSignerClient } from ".";
-import type { ContactInfo } from "./schema_types";
+import type { ContactInfo, ContactLabel } from "./schema_types";
 
 /**
  * A representation of a contact within an org.
@@ -91,6 +91,21 @@ export class Contact {
     await this.update({ owner });
   }
 
+  /**
+   * @returns The latest labels associated with the contact, if any
+   */
+  async labels(): Promise<ContactLabel[] | undefined> {
+    const data = await this.fetch();
+    return data.labels;
+  }
+
+  /**
+   * @param labels The new labels that the contact should hold
+   */
+  async setLabels(labels: ContactLabel[]) {
+    await this.update({ labels });
+  }
+
   /**
    * Fetches and returns the latest metadata value for the contact. This will be null if there is no metadata defined.
    *

package/src/evm/index.ts

@@ -87,7 +87,7 @@ export class EvmSigner {
    */
   async signTransaction(req: EvmSignRequest): Promise<string> {
     const res = await this.signEvm(req);
-    const data = await this.#handleMfa(res);
+    const data = await this.handleMfa(res);
     return data.rlp_signed_tx;
   }
 
@@ -115,7 +115,7 @@ export class EvmSigner {
   async signEip712(req: Eip712SignRequest): Promise<string> {
     const key = await this.key();
     const res = await key.signEip712(req);
-    const data = await this.#handleMfa(res);
+    const data = await this.handleMfa(res);
     return data.signature;
   }
 
@@ -130,7 +130,7 @@ export class EvmSigner {
   async signEip191(req: Eip191SignRequest): Promise<string> {
     const key = await this.key();
     const res = await key.signEip191(req);
-    const data = await this.#handleMfa(res);
+    const data = await this.handleMfa(res);
     return data.signature;
   }
 
@@ -177,7 +177,7 @@ export class EvmSigner {
    * @param res The response of a sign request
    * @returns The sign data after MFA approvals
    */
-  async #handleMfa<U>(res: CubeSignerResponse<U>): Promise<U> {
+  async handleMfa<U>(res: CubeSignerResponse<U>): Promise<U> {
     let mfaId = undefined;
     while ((mfaId = res.mfaId())) {
       await new Promise((resolve) => setTimeout(resolve, this.#options.mfaPollIntervalMs));

package/src/index.ts

@@ -34,6 +34,8 @@ export * from "./contact";
 export * from "./scopes";
 /** Policies */
 export * from "./policy";
+/** Access control */
+export * from "./acl";
 /** Utils */
 export * from "./util";
 /** User-export decryption helper */

package/src/org.ts

@@ -18,19 +18,22 @@ import type {
   AddressMap,
   CreateOrgRequest,
   RolePolicy,
-  PolicyEngineConfiguration,
+  C2FConfiguration,
   MfaProtectedAction,
   MfaType,
+  PolicyType,
+  PolicyAcl,
+  ContactLabel,
+  ContactAddressData,
 } from ".";
 import { Contact } from "./contact";
-import { Key, MfaRequest, Role } from ".";
+import { C2FFunction, Key, MfaRequest, Role } from ".";
 import {
   type NamedKeyPolicy,
   NamedPolicy,
   type NamedRolePolicy,
-  NamedWasmPolicy,
-  uploadWasmPolicy,
-  type WasmPolicyInfo,
+  uploadWasmFunction,
+  type C2FInfo,
 } from "./policy";
 
 /** Options pased to createKey and deriveKey */
@@ -526,14 +529,16 @@ export class Org {
    * @param name The name of the policy.
    * @param type The type of the policy.
    * @param rules The policy rules.
+   * @param acl Optional list of policy access control entries.
    * @returns The new policy.
    */
   async createPolicy<Type extends "Key" | "Role">(
     name: string,
     type: Type,
     rules: Type extends "Key" ? KeyPolicy : RolePolicy,
+    acl?: PolicyAcl,
   ): Promise<Type extends "Key" ? NamedKeyPolicy : NamedRolePolicy> {
-    const policyInfo = await this.#apiClient.policyCreate(name, type, rules);
+    const policyInfo = await this.#apiClient.policyCreate(name, type, rules, acl);
     const policy = NamedPolicy.fromInfo(this.#apiClient, policyInfo);
     return policy as Type extends "Key" ? NamedKeyPolicy : NamedRolePolicy;
   }
@@ -549,47 +554,86 @@ export class Org {
     return NamedPolicy.fromInfo(this.#apiClient, policyInfo);
   }
 
+  /**
+   * Get a Confidential Cloud Function by name or named policy ID.
+   *
+   * @param functionId The name or named policy ID of the function to get.
+   * @returns The C2F function.
+   * @throws if name or ID is not associated to a C2F function (i.e. the name/id is for a key or role named policy)
+   */
+  async getFunction(functionId: string): Promise<C2FFunction> {
+    const functionInfo = await this.#apiClient.policyGet(functionId, "latest");
+    if (functionInfo.policy_type !== "Wasm") {
+      throw new Error(
+        `${functionId} is not a Wasm function, it is a ${functionInfo.policy_type} named policy`,
+      );
+    }
+    return new C2FFunction(this.#apiClient, functionInfo as C2FInfo);
+  }
+
   /**
    * Gets all the named policies in the org.
    *
-   * @param page The paginator options.
+   * @param page Pagination options. Defaults to fetching the entire result set.
+   * @param policyType The optional type of policies to fetch. Defaults to fetching all named policies regardless of type.
    * @returns The policies.
    */
-  async policies(page: PageOpts): Promise<NamedPolicy[]> {
-    const policies = await this.#apiClient.policiesList(page).fetch();
+  async policies(page?: PageOpts, policyType?: PolicyType): Promise<NamedPolicy[]> {
+    const policies = await this.#apiClient.policiesList(page, policyType).fetch();
     return policies.map((p) => NamedPolicy.fromInfo(this.#apiClient, p));
   }
 
   /**
-   * Create a new Wasm policy.
+   * Gets all the C2F functions in the org.
    *
-   * @param name The name of the policy.
-   * @param policy The Wasm policy object.
-   * @returns The new policy.
+   * @param page The paginator options.
+   * @returns The C2F functions.
    */
-  async createWasmPolicy(name: string, policy: Uint8Array): Promise<NamedWasmPolicy> {
-    const hash = await uploadWasmPolicy(this.#apiClient, policy);
-    const policyInfo = await this.#apiClient.policyCreate(name, "Wasm", [
-      {
-        hash,
-      },
-    ]);
-    return new NamedWasmPolicy(this.#apiClient, policyInfo as WasmPolicyInfo);
+  async functions(page?: PageOpts): Promise<C2FFunction[]> {
+    const policies = await this.#apiClient.policiesList(page, "Wasm").fetch();
+    return policies.map((data) => new C2FFunction(this.#apiClient, data as C2FInfo));
   }
 
-  /** @returns the Policy Engine configuration for the org. */
-  async policyEngineConfiguration(): Promise<PolicyEngineConfiguration | undefined> {
+  /**
+   * Create a new Confidential Cloud Function.
+   *
+   * @param name The name of the function.
+   * @param policy The Wasm function.
+   * @param acl Optional list of policy access control entries.
+   * @returns The C2F function
+   */
+  async createWasmFunction(
+    name: string,
+    policy: Uint8Array,
+    acl?: PolicyAcl,
+  ): Promise<C2FFunction> {
+    const hash = await uploadWasmFunction(this.#apiClient, policy);
+    const policyInfo = await this.#apiClient.policyCreate(
+      name,
+      "Wasm",
+      [
+        {
+          hash,
+        },
+      ],
+      acl,
+    );
+    return new C2FFunction(this.#apiClient, policyInfo as C2FInfo);
+  }
+
+  /** @returns the Confidential Cloud Functions configuration for the org. */
+  async c2fConfiguration(): Promise<C2FConfiguration | undefined> {
     const data = await this.fetch();
     return data.policy_engine_configuration;
   }
 
   /**
-   * Set the Policy Engine configuration for the org.
+   * Set the Confidential Cloud Functions configuration for the org.
    * Note that this overwrites any existing configuration.
    *
-   * @param configs The Policy Engine configuration.
+   * @param configs Confidential Cloud Functions configuration.
    */
-  async setPolicyEngineConfiguration(configs: PolicyEngineConfiguration) {
+  async setC2FConfiguration(configs: C2FConfiguration) {
     await this.update({
       policy_engine_configuration: configs,
     });
@@ -684,6 +728,7 @@ export class Org {
    * @param addresses The addresses associated with the contact.
    * @param metadata Metadata associated with the contact. Intended for use as a description.
    * @param editPolicy The edit policy for the contact, determining when and who can edit this contact.
+   * @param labels The optional labels associated with the contact.
    * @returns The newly-created contact.
    */
   async createContact(
@@ -691,8 +736,15 @@ export class Org {
     addresses?: AddressMap,
     metadata?: JsonValue,
     editPolicy?: EditPolicy,
+    labels?: ContactLabel[],
   ): Promise<Contact> {
-    const contactInfo = await this.#apiClient.contactCreate(name, addresses, metadata, editPolicy);
+    const contactInfo = await this.#apiClient.contactCreate(
+      name,
+      addresses,
+      metadata,
+      editPolicy,
+      labels,
+    );
 
     return new Contact(this.#apiClient, contactInfo);
   }
@@ -710,13 +762,25 @@ export class Org {
   }
 
   /**
-   * Get all contacts in the organization.
+   * Get all contacts in the organization, optionally matching the search query.
    *
+   * @param search The optional search query. Either:
+   *  - `label:...`, which will return contacts with the label provided after the ':',
+   *  - an exact address search, which returns contacts with the provided ContactAddressData,
+   *  - or an address prefix search, where all returned contacts will have an address starting with, or equaling, the given search string.
    * @returns All contacts.
    */
-  async contacts(): Promise<Contact[]> {
-    const paginator = this.#apiClient.contactsList();
-    const contacts = await paginator.fetch();
+  async contacts(
+    search?: `label${ContactLabel}` | ContactAddressData | string,
+  ): Promise<Contact[]> {
+    let contacts;
+
+    if (search !== undefined && typeof search !== "string") {
+      contacts = await this.#apiClient.contactLookupByAddress(search);
+    } else {
+      const paginator = this.#apiClient.contactsList(undefined, search);
+      contacts = await paginator.fetch();
+    }
 
     return contacts.map((c) => new Contact(this.#apiClient, c));
   }
@@ -899,4 +963,27 @@ export class Org {
     const keys = await this.#apiClient.importKeys(body);
     return keys.map((k) => new Key(this.#apiClient, k));
   }
+
+  // Backwards compatibility aliases for Named Wasm Policy
+
+  /**
+   * Create a new Wasm policy.
+   *
+   * @param name The name of the policy.
+   * @param policy The Wasm policy object.
+   * @param acl Optional list of policy access control entries.
+   * @returns The new policy.
+   */
+  createWasmPolicy = this.createWasmFunction;
+
+  /** @returns the Policy Engine configuration for the org. */
+  policyEngineConfiguration = this.c2fConfiguration;
+
+  /**
+   * Set the Policy Engine configuration for the org.
+   * Note that this overwrites any existing configuration.
+   *
+   * @param configs The Policy Engine configuration.
+   */
+  setPolicyEngineConfiguration = this.setC2FConfiguration;
 }