@enbox/agent 0.1.8 → 0.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/browser.mjs +11 -11
- package/dist/browser.mjs.map +4 -4
- package/dist/esm/anonymous-dwn-api.js +1 -1
- package/dist/esm/anonymous-dwn-api.js.map +1 -1
- package/dist/esm/connect.js +2 -9
- package/dist/esm/connect.js.map +1 -1
- package/dist/esm/dwn-api.js +144 -195
- package/dist/esm/dwn-api.js.map +1 -1
- package/dist/esm/dwn-protocol-cache.js +149 -0
- package/dist/esm/dwn-protocol-cache.js.map +1 -0
- package/dist/esm/dwn-record-upgrade.js +3 -3
- package/dist/esm/dwn-record-upgrade.js.map +1 -1
- package/dist/esm/hd-identity-vault.js +0 -2
- package/dist/esm/hd-identity-vault.js.map +1 -1
- package/dist/esm/identity-api.js +0 -2
- package/dist/esm/identity-api.js.map +1 -1
- package/dist/esm/permissions-api.js +24 -6
- package/dist/esm/permissions-api.js.map +1 -1
- package/dist/esm/store-data-protocols.js +2 -2
- package/dist/esm/store-data-protocols.js.map +1 -1
- package/dist/esm/test-harness.js +3 -5
- package/dist/esm/test-harness.js.map +1 -1
- package/dist/esm/types/dwn.js.map +1 -1
- package/dist/types/anonymous-dwn-api.d.ts +3 -3
- package/dist/types/anonymous-dwn-api.d.ts.map +1 -1
- package/dist/types/connect.d.ts.map +1 -1
- package/dist/types/dwn-api.d.ts +11 -18
- package/dist/types/dwn-api.d.ts.map +1 -1
- package/dist/types/dwn-protocol-cache.d.ts +76 -0
- package/dist/types/dwn-protocol-cache.d.ts.map +1 -0
- package/dist/types/hd-identity-vault.d.ts.map +1 -1
- package/dist/types/identity-api.d.ts.map +1 -1
- package/dist/types/permissions-api.d.ts.map +1 -1
- package/dist/types/test-harness.d.ts.map +1 -1
- package/dist/types/types/dwn.d.ts +18 -19
- package/dist/types/types/dwn.d.ts.map +1 -1
- package/package.json +6 -6
- package/src/anonymous-dwn-api.ts +4 -4
- package/src/connect.ts +2 -9
- package/src/dwn-api.ts +192 -250
- package/src/dwn-protocol-cache.ts +216 -0
- package/src/dwn-record-upgrade.ts +3 -3
- package/src/hd-identity-vault.ts +0 -2
- package/src/identity-api.ts +0 -2
- package/src/permissions-api.ts +28 -6
- package/src/store-data-protocols.ts +2 -2
- package/src/test-harness.ts +3 -5
- package/src/types/dwn.ts +19 -21
|
@@ -85,7 +85,7 @@ export class AnonymousDwnApi {
|
|
|
85
85
|
*
|
|
86
86
|
* @param target - The DID whose DWN to subscribe to.
|
|
87
87
|
* @param params - Subscribe parameters (filter).
|
|
88
|
-
* @param handler - Callback for incoming
|
|
88
|
+
* @param handler - Callback for incoming subscription messages (events and EOSE).
|
|
89
89
|
* @returns The raw `RecordsSubscribeReply` from the remote DWN.
|
|
90
90
|
*/
|
|
91
91
|
recordsSubscribe(target, params, handler) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"anonymous-dwn-api.js","sourceRoot":"","sources":["../../src/anonymous-dwn-api.ts"],"names":[],"mappings":";;;;;;;;;AAiBA,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAE9G,OAAO,EAAE,yBAAyB,EAAE,MAAM,YAAY,CAAC;AAyDvD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,OAAO,eAAe;IAI1B,YAAY,EAAE,WAAW,EAAE,SAAS,EAAyB;QAC3D,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC;QAChC,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;IAC9B,CAAC;IAED;;;;;;;;OAQG;IACU,YAAY,CAAC,MAAc,EAAE,MAAmC;;YAC3E,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC;gBAC7C,MAAM,EAAa,MAAM,CAAC,MAAM;gBAChC,QAAQ,EAAW,MAAM,CAAC,QAAQ;gBAClC,UAAU,EAAS,MAAM,CAAC,UAAU;gBACpC,gBAAgB,EAAG,MAAM,CAAC,gBAAgB;gBAC1C,2CAA2C;aAC5C,CAAC,CAAC;YAEH,OAAO,MAAM,IAAI,CAAC,WAAW,CAAoB,MAAM,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QACjF,CAAC;KAAA;IAED;;;;;;;;;OASG;IACU,WAAW,CAAC,MAAc,EAAE,MAAkC;;YACzE,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC;gBAC3C,MAAM,EAAa,MAAM,CAAC,MAAM;gBAChC,gBAAgB,EAAG,MAAM,CAAC,gBAAgB;gBAC1C,2CAA2C;aAC5C,CAAC,CAAC;YAEH,OAAO,MAAM,IAAI,CAAC,WAAW,CAAmB,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;QAC/E,CAAC;KAAA;IAED;;;;;;;;;OASG;IACU,gBAAgB,CAC3B,MAAc,EACd,MAAuC,EACvC,
|
|
1
|
+
{"version":3,"file":"anonymous-dwn-api.js","sourceRoot":"","sources":["../../src/anonymous-dwn-api.ts"],"names":[],"mappings":";;;;;;;;;AAiBA,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAE9G,OAAO,EAAE,yBAAyB,EAAE,MAAM,YAAY,CAAC;AAyDvD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,OAAO,eAAe;IAI1B,YAAY,EAAE,WAAW,EAAE,SAAS,EAAyB;QAC3D,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC;QAChC,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;IAC9B,CAAC;IAED;;;;;;;;OAQG;IACU,YAAY,CAAC,MAAc,EAAE,MAAmC;;YAC3E,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC;gBAC7C,MAAM,EAAa,MAAM,CAAC,MAAM;gBAChC,QAAQ,EAAW,MAAM,CAAC,QAAQ;gBAClC,UAAU,EAAS,MAAM,CAAC,UAAU;gBACpC,gBAAgB,EAAG,MAAM,CAAC,gBAAgB;gBAC1C,2CAA2C;aAC5C,CAAC,CAAC;YAEH,OAAO,MAAM,IAAI,CAAC,WAAW,CAAoB,MAAM,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QACjF,CAAC;KAAA;IAED;;;;;;;;;OASG;IACU,WAAW,CAAC,MAAc,EAAE,MAAkC;;YACzE,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC;gBAC3C,MAAM,EAAa,MAAM,CAAC,MAAM;gBAChC,gBAAgB,EAAG,MAAM,CAAC,gBAAgB;gBAC1C,2CAA2C;aAC5C,CAAC,CAAC;YAEH,OAAO,MAAM,IAAI,CAAC,WAAW,CAAmB,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;QAC/E,CAAC;KAAA;IAED;;;;;;;;;OASG;IACU,gBAAgB,CAC3B,MAAc,EACd,MAAuC,EACvC,OAA6B;;YAE7B,MAAM,gBAAgB,GAAG,MAAM,gBAAgB,CAAC,MAAM,CAAC;gBACrD,MAAM,EAAa,MAAM,CAAC,MAAM;gBAChC,QAAQ,EAAW,MAAM,CAAC,QAAQ;gBAClC,UAAU,EAAS,MAAM,CAAC,UAAU;gBACpC,gBAAgB,EAAG,MAAM,CAAC,gBAAgB;gBAC1C,2CAA2C;aAC5C,CAAC,CAAC;YAEH,OAAO,MAAM,IAAI,CAAC,WAAW,CAAwB,MAAM,EAAE,gBAAgB,CAAC,OAAO,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;QAC7G,CAAC;KAAA;IAED;;;;;;;;OAQG;IACU,YAAY,CAAC,MAAc,EAAE,MAAmC;;YAC3E,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC;gBAC7C,MAAM,EAAa,MAAM,CAAC,MAAM;gBAChC,gBAAgB,EAAG,MAAM,CAAC,gBAAgB;gBAC1C,2CAA2C;aAC5C,CAAC,CAAC;YAEH,OAAO,MAAM,IAAI,CAAC,WAAW,CAAoB,MAAM,EAAE,YAAY,CAAC,OAA8B,CAAC,CAAC;QACxG,CAAC;KAAA;IAED;;;;;;;;OAQG;IACU,cAAc,CAAC,MAAc,EAAE,MAAsC;;YAChF,MAAM,cAAc,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC;gBACjD,MAAM,EAAa,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,MAAM;gBACjC,gBAAgB,EAAG,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,gBAAgB;gBAC3C,2CAA2C;aAC5C,CAAC,CAAC;YAEH,OAAO,MAAM,IAAI,CAAC,WAAW,CAAsB,MAAM,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC;QACrF,CAAC;KAAA;IAED;;;;;OAKG;IACW,WAAW,CACvB,MAAc,EACd,OAAgB,EAChB,IAAW,EACX,mBAA0C;;YAE1C,MAAM,eAAe,GAAG,MAAM,yBAAyB,CAAC,MAAM,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;YACnF,MAAM,aAAa,GAAuC,EAAE,CAAC;YAE7D,KAAK,IAAI,MAAM,IAAI,eAAe,EAAE,CAAC;gBACnC,IAAI,CAAC;oBACH,kEAAkE;oBAClE,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;wBACtC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;wBAC/D,IAAI,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC;4BACjC,aAAa,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,iDAAiD,EAAE,CAAC,CAAC;4BAChG,SAAS;wBACX,CAAC;wBAED,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;wBAClC,SAAS,CAAC,QAAQ,GAAG,SAAS,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC;wBACrE,MAAM,GAAG,SAAS,CAAC,QAAQ,EAAE,CAAC;oBAChC,CAAC;oBAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC;wBACjD,MAAM;wBACN,SAAS,EAAa,MAAM;wBAC5B,OAAO;wBACP,IAAI;wBACJ,mBAAmB,EAAG,mBAAmB;qBACzB,CAAC,CAAC;oBAEpB,OAAO,KAAe,CAAC;gBACzB,CAAC;gBAAC,OAAO,KAAc,EAAE,CAAC;oBACxB,aAAa,CAAC,IAAI,CAAC;wBACjB,GAAG,EAAO,MAAM;wBAChB,OAAO,EAAG,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;qBACrE,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,MAAM,IAAI,KAAK,CAAC,+CAA+C,MAAM,MAAM,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;QAC9G,CAAC;KAAA;CACF"}
|
package/dist/esm/connect.js
CHANGED
|
@@ -120,19 +120,12 @@ function createPermissionRequestForProtocol({ definition, permissions }) {
|
|
|
120
120
|
interface: DwnInterfaceName.Protocols,
|
|
121
121
|
method: DwnMethodName.Query,
|
|
122
122
|
});
|
|
123
|
-
//
|
|
123
|
+
// A Messages.Read grant is a unified scope that covers MessagesRead, MessagesSync, and MessagesSubscribe.
|
|
124
|
+
// This single grant enables sync and real-time subscriptions for the protocol.
|
|
124
125
|
requests.push({
|
|
125
126
|
protocol: definition.protocol,
|
|
126
127
|
interface: DwnInterfaceName.Messages,
|
|
127
128
|
method: DwnMethodName.Read,
|
|
128
|
-
}, {
|
|
129
|
-
protocol: definition.protocol,
|
|
130
|
-
interface: DwnInterfaceName.Messages,
|
|
131
|
-
method: DwnMethodName.Sync,
|
|
132
|
-
}, {
|
|
133
|
-
protocol: definition.protocol,
|
|
134
|
-
interface: DwnInterfaceName.Messages,
|
|
135
|
-
method: DwnMethodName.Subscribe,
|
|
136
129
|
});
|
|
137
130
|
// We also request any additional permissions the user has requested for this protocol
|
|
138
131
|
for (const permission of permissions) {
|
package/dist/esm/connect.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"connect.js","sourceRoot":"","sources":["../../src/connect.ts"],"names":[],"mappings":";;;;;;;;;AAIA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAEpE;;;GAGG;AACH,SAAe,UAAU;yDAAC,EACxB,WAAW,EACX,gBAAgB,EAChB,SAAS,EACT,kBAAkB,EAClB,gBAAgB,EAChB,WAAW,GACU;QAKrB,uDAAuD;QACvD,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,EAAE,CAAC;QAExC,kGAAkG;QAClG,+CAA+C;QAC/C,uDAAuD;QACvD,yDAAyD;QACzD,wCAAwC;QACxC,MAAM,aAAa,GAAG,WAAW,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAElD,mDAAmD;QACnD,MAAM,gBAAgB,GAAG,IAAI,CAAC,YAAY,CAAC;YACzC,OAAO,EAAI,gBAAgB;YAC3B,QAAQ,EAAG,UAAU;SACtB,CAAC,CAAC;QAEH,wBAAwB;QACxB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC;YAC3C,SAAS,EAAY,SAAS,CAAC,GAAG;YAClC,KAAK,EAAgB,gBAAgB;YACrC,YAAY,EAAS,gBAAgB;YACrC,qBAAqB;YACrB,kDAAkD;YAClD,kCAAkC;YAClC,kBAAkB,EAAG,kBAAkB;YACvC,WAAW;SACZ,CAAC,CAAC;QAEH,8DAA8D;QAC9D,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;YACpC,GAAG,EAAI,SAAS;YAChB,IAAI,EAAG,OAAO;SACf,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;QACD,2DAA2D;QAC3D,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC;YACrD,GAAG,EAAE,UAAU;YACf,aAAa;SACd,CAAC,CAAC;QAEH,6EAA6E;QAC7E,MAAM,kBAAkB,GAAG,IAAI,eAAe,CAAC;YAC7C,OAAO,EAAE,gBAAgB;SAC1B,CAAC,CAAC;QAEH,MAAM,kCAAkC,GAAG,IAAI,CAAC,YAAY,CAAC;YAC3D,OAAO,EAAI,gBAAgB;YAC3B,QAAQ,EAAG,4BAA4B;SACxC,CAAC,CAAC;QAEH,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,kCAAkC,EAAE;YAClE,IAAI,EAAM,kBAAkB;YAC5B,MAAM,EAAI,MAAM;YAChB,OAAO,EAAG;gBACR,cAAc,EAAE,mCAAmC;aACpD;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,GAAG,WAAW,CAAC,MAAM,KAAK,WAAW,CAAC,UAAU,EAAE,CAAC,CAAC;QACtE,CAAC;QAED,MAAM,OAAO,GAAuB,MAAM,WAAW,CAAC,IAAI,EAAE,CAAC;QAE7D,0FAA0F;QAC1F,+FAA+F;QAC/F,MAAM,CAAC,GAAG,CAAC,eAAe,SAAS,EAAE,CAAC,CAAC;QACvC,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9C,kBAAkB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;QACxE,kBAAkB,CAAC,YAAY,CAAC,GAAG,CACjC,gBAAgB,EAChB,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,WAAW,EAAE,CAChD,CAAC;QAEF,8EAA8E;QAC9E,gBAAgB,CAAC,kBAAkB,CAAC,QAAQ,EAAE,CAAC,CAAC;QAEhD,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC;YACjC,OAAO,EAAM,gBAAgB;YAC7B,QAAQ,EAAK,OAAO;YACpB,UAAU,EAAG,OAAO,CAAC,KAAK;SAC3B,CAAC,CAAC;QAEH,4HAA4H;QAC5H,MAAM,YAAY,GAAG,MAAM,WAAW,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC;QAE9D,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,GAAG,GAAG,MAAM,CAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,IAAI,EAAE,CAAA,CAAC;YAEvC,yDAAyD;YACzD,MAAM,GAAG,GAAG,MAAM,WAAW,EAAE,CAAC;YAChC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,SAAS,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;YAChE,MAAM,oBAAoB,GAAG,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC;gBACjD,GAAG;aACJ,CAAC,CAA4B,CAAC;YAE/B,OAAO;gBACL,cAAc,EAAQ,oBAAoB,CAAC,cAAc;gBACzD,mBAAmB,EAAG,oBAAoB,CAAC,mBAAmB;gBAC9D,YAAY,EAAU,oBAAoB,CAAC,GAAG;aAC/C,CAAC;QACJ,CAAC;IACH,CAAC;CAAA;AA8ED;;;;;GAKG;AACH,SAAS,kCAAkC,CAAC,EAAE,UAAU,EAAE,WAAW,EAA6B;IAChG,MAAM,QAAQ,GAAyB,EAAE,CAAC;IAE1C,qDAAqD;IACrD,QAAQ,CAAC,IAAI,CAAC;QACZ,QAAQ,EAAI,UAAU,CAAC,QAAQ;QAC/B,SAAS,EAAG,gBAAgB,CAAC,SAAS;QACtC,MAAM,EAAM,aAAa,CAAC,KAAK;KAChC,CAAC,CAAC;IAEH,
|
|
1
|
+
{"version":3,"file":"connect.js","sourceRoot":"","sources":["../../src/connect.ts"],"names":[],"mappings":";;;;;;;;;AAIA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAEpE;;;GAGG;AACH,SAAe,UAAU;yDAAC,EACxB,WAAW,EACX,gBAAgB,EAChB,SAAS,EACT,kBAAkB,EAClB,gBAAgB,EAChB,WAAW,GACU;QAKrB,uDAAuD;QACvD,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,EAAE,CAAC;QAExC,kGAAkG;QAClG,+CAA+C;QAC/C,uDAAuD;QACvD,yDAAyD;QACzD,wCAAwC;QACxC,MAAM,aAAa,GAAG,WAAW,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAElD,mDAAmD;QACnD,MAAM,gBAAgB,GAAG,IAAI,CAAC,YAAY,CAAC;YACzC,OAAO,EAAI,gBAAgB;YAC3B,QAAQ,EAAG,UAAU;SACtB,CAAC,CAAC;QAEH,wBAAwB;QACxB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC;YAC3C,SAAS,EAAY,SAAS,CAAC,GAAG;YAClC,KAAK,EAAgB,gBAAgB;YACrC,YAAY,EAAS,gBAAgB;YACrC,qBAAqB;YACrB,kDAAkD;YAClD,kCAAkC;YAClC,kBAAkB,EAAG,kBAAkB;YACvC,WAAW;SACZ,CAAC,CAAC;QAEH,8DAA8D;QAC9D,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;YACpC,GAAG,EAAI,SAAS;YAChB,IAAI,EAAG,OAAO;SACf,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;QACD,2DAA2D;QAC3D,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC;YACrD,GAAG,EAAE,UAAU;YACf,aAAa;SACd,CAAC,CAAC;QAEH,6EAA6E;QAC7E,MAAM,kBAAkB,GAAG,IAAI,eAAe,CAAC;YAC7C,OAAO,EAAE,gBAAgB;SAC1B,CAAC,CAAC;QAEH,MAAM,kCAAkC,GAAG,IAAI,CAAC,YAAY,CAAC;YAC3D,OAAO,EAAI,gBAAgB;YAC3B,QAAQ,EAAG,4BAA4B;SACxC,CAAC,CAAC;QAEH,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,kCAAkC,EAAE;YAClE,IAAI,EAAM,kBAAkB;YAC5B,MAAM,EAAI,MAAM;YAChB,OAAO,EAAG;gBACR,cAAc,EAAE,mCAAmC;aACpD;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,GAAG,WAAW,CAAC,MAAM,KAAK,WAAW,CAAC,UAAU,EAAE,CAAC,CAAC;QACtE,CAAC;QAED,MAAM,OAAO,GAAuB,MAAM,WAAW,CAAC,IAAI,EAAE,CAAC;QAE7D,0FAA0F;QAC1F,+FAA+F;QAC/F,MAAM,CAAC,GAAG,CAAC,eAAe,SAAS,EAAE,CAAC,CAAC;QACvC,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9C,kBAAkB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;QACxE,kBAAkB,CAAC,YAAY,CAAC,GAAG,CACjC,gBAAgB,EAChB,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,WAAW,EAAE,CAChD,CAAC;QAEF,8EAA8E;QAC9E,gBAAgB,CAAC,kBAAkB,CAAC,QAAQ,EAAE,CAAC,CAAC;QAEhD,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC;YACjC,OAAO,EAAM,gBAAgB;YAC7B,QAAQ,EAAK,OAAO;YACpB,UAAU,EAAG,OAAO,CAAC,KAAK;SAC3B,CAAC,CAAC;QAEH,4HAA4H;QAC5H,MAAM,YAAY,GAAG,MAAM,WAAW,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC;QAE9D,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,GAAG,GAAG,MAAM,CAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,IAAI,EAAE,CAAA,CAAC;YAEvC,yDAAyD;YACzD,MAAM,GAAG,GAAG,MAAM,WAAW,EAAE,CAAC;YAChC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,SAAS,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;YAChE,MAAM,oBAAoB,GAAG,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC;gBACjD,GAAG;aACJ,CAAC,CAA4B,CAAC;YAE/B,OAAO;gBACL,cAAc,EAAQ,oBAAoB,CAAC,cAAc;gBACzD,mBAAmB,EAAG,oBAAoB,CAAC,mBAAmB;gBAC9D,YAAY,EAAU,oBAAoB,CAAC,GAAG;aAC/C,CAAC;QACJ,CAAC;IACH,CAAC;CAAA;AA8ED;;;;;GAKG;AACH,SAAS,kCAAkC,CAAC,EAAE,UAAU,EAAE,WAAW,EAA6B;IAChG,MAAM,QAAQ,GAAyB,EAAE,CAAC;IAE1C,qDAAqD;IACrD,QAAQ,CAAC,IAAI,CAAC;QACZ,QAAQ,EAAI,UAAU,CAAC,QAAQ;QAC/B,SAAS,EAAG,gBAAgB,CAAC,SAAS;QACtC,MAAM,EAAM,aAAa,CAAC,KAAK;KAChC,CAAC,CAAC;IAEH,0GAA0G;IAC1G,+EAA+E;IAC/E,QAAQ,CAAC,IAAI,CAAC;QACZ,QAAQ,EAAI,UAAU,CAAC,QAAQ;QAC/B,SAAS,EAAG,gBAAgB,CAAC,QAAQ;QACrC,MAAM,EAAM,aAAa,CAAC,IAAI;KAC/B,CAAC,CAAC;IAEH,sFAAsF;IACtF,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;QACrC,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,OAAO;gBACV,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAI,UAAU,CAAC,QAAQ;oBAC/B,SAAS,EAAG,gBAAgB,CAAC,OAAO;oBACpC,MAAM,EAAM,aAAa,CAAC,KAAK;iBAChC,CAAC,CAAC;gBACH,MAAM;YACR,KAAK,MAAM;gBACT,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAI,UAAU,CAAC,QAAQ;oBAC/B,SAAS,EAAG,gBAAgB,CAAC,OAAO;oBACpC,MAAM,EAAM,aAAa,CAAC,IAAI;iBAC/B,CAAC,CAAC;gBACH,MAAM;YACR,KAAK,QAAQ;gBACX,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAI,UAAU,CAAC,QAAQ;oBAC/B,SAAS,EAAG,gBAAgB,CAAC,OAAO;oBACpC,MAAM,EAAM,aAAa,CAAC,MAAM;iBACjC,CAAC,CAAC;gBACH,MAAM;YACR,KAAK,OAAO;gBACV,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAI,UAAU,CAAC,QAAQ;oBAC/B,SAAS,EAAG,gBAAgB,CAAC,OAAO;oBACpC,MAAM,EAAM,aAAa,CAAC,KAAK;iBAChC,CAAC,CAAC;gBACH,MAAM;YACR,KAAK,WAAW;gBACd,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAI,UAAU,CAAC,QAAQ;oBAC/B,SAAS,EAAG,gBAAgB,CAAC,OAAO;oBACpC,MAAM,EAAM,aAAa,CAAC,SAAS;iBACpC,CAAC,CAAC;gBACH,MAAM;YACR,KAAK,WAAW;gBACd,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAI,UAAU,CAAC,QAAQ;oBAC/B,SAAS,EAAG,gBAAgB,CAAC,SAAS;oBACtC,MAAM,EAAM,aAAa,CAAC,SAAS;iBACpC,CAAC,CAAC;gBACH,MAAM;QACV,CAAC;IACH,CAAC;IAED,OAAO;QACL,kBAAkB,EAAG,UAAU;QAC/B,gBAAgB,EAAK,QAAQ;KAC9B,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,aAAa,GAAG,EAAE,UAAU,EAAE,kCAAkC,EAAE,CAAC"}
|
package/dist/esm/dwn-api.js
CHANGED
|
@@ -8,7 +8,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
8
8
|
});
|
|
9
9
|
};
|
|
10
10
|
import { TtlCache } from '@enbox/common';
|
|
11
|
-
import { Cid, ContentEncryptionAlgorithm, DataStoreLevel, DataStream, Dwn, DwnMethodName,
|
|
11
|
+
import { Cid, ContentEncryptionAlgorithm, DataStoreLevel, DataStream, Dwn, DwnMethodName, EventEmitterEventLog, Jws, KeyDerivationScheme, Message, MessageStoreLevel, Protocols, Records, ResumableTaskStoreLevel, StateIndexLevel, } from '@enbox/dwn-sdk-js';
|
|
12
12
|
import { CryptoUtils, X25519 } from '@enbox/crypto';
|
|
13
13
|
import { DidDht, DidJwk, DidResolverCacheLevel, UniversalResolver } from '@enbox/dids';
|
|
14
14
|
import { KeyDeliveryProtocolDefinition } from './store-data-protocols.js';
|
|
@@ -21,11 +21,13 @@ import { isDwnRequest } from './dwn-type-guards.js';
|
|
|
21
21
|
// Import extracted encryption functions
|
|
22
22
|
import { buildEncryptionInput as buildEncryptionInputFn, deriveContextEncryptionInput as deriveContextEncryptionInputFn, encryptAndComputeCid as encryptAndComputeCidFn, getEncryptionKeyDeriver as getEncryptionKeyDeriverFn, getEncryptionKeyInfo as getEncryptionKeyInfoFn, getKeyDecrypter as getKeyDecrypterFn, ivLength as ivLengthFn, maybeDecryptReply as maybeDecryptReplyFn, } from './dwn-encryption.js';
|
|
23
23
|
// Import extracted protocol utilities
|
|
24
|
-
import { detectNewParticipants as detectNewParticipantsFn,
|
|
24
|
+
import { detectNewParticipants as detectNewParticipantsFn, isMultiPartyContext as isMultiPartyContextFn, } from './protocol-utils.js';
|
|
25
25
|
// Import extracted key delivery functions
|
|
26
26
|
import { eagerSendContextKeyRecord as eagerSendContextKeyRecordFn, ensureKeyDeliveryProtocol as ensureKeyDeliveryProtocolFn, fetchContextKeyRecord as fetchContextKeyRecordFn, writeContextKeyRecord as writeContextKeyRecordFn, } from './dwn-key-delivery.js';
|
|
27
27
|
// Import extracted record upgrade function
|
|
28
28
|
import { upgradeExternalRootRecord as upgradeExternalRootRecordFn } from './dwn-record-upgrade.js';
|
|
29
|
+
// Import extracted protocol definition fetching functions
|
|
30
|
+
import { extractDerivedPublicKey as extractDerivedPublicKeyFn, fetchRemoteProtocolDefinition as fetchRemoteProtocolDefinitionFn, getProtocolDefinition as getProtocolDefinitionFn, } from './dwn-protocol-cache.js';
|
|
29
31
|
export class AgentDwnApi {
|
|
30
32
|
constructor({ agent, dwn }) {
|
|
31
33
|
/**
|
|
@@ -94,7 +96,7 @@ export class AgentDwnApi {
|
|
|
94
96
|
return this._dwn;
|
|
95
97
|
}
|
|
96
98
|
static createDwn(_a) {
|
|
97
|
-
return __awaiter(this, arguments, void 0, function* ({ dataPath, dataStore, didResolver, stateIndex,
|
|
99
|
+
return __awaiter(this, arguments, void 0, function* ({ dataPath, dataStore, didResolver, stateIndex, eventLog, messageStore, tenantGate, resumableTaskStore }) {
|
|
98
100
|
dataStore !== null && dataStore !== void 0 ? dataStore : (dataStore = new DataStoreLevel({ blockstoreLocation: `${dataPath}/DWN_DATASTORE` }));
|
|
99
101
|
didResolver !== null && didResolver !== void 0 ? didResolver : (didResolver = new UniversalResolver({
|
|
100
102
|
didResolvers: [DidDht, DidJwk],
|
|
@@ -106,13 +108,12 @@ export class AgentDwnApi {
|
|
|
106
108
|
indexLocation: `${dataPath}/DWN_MESSAGEINDEX`
|
|
107
109
|
})));
|
|
108
110
|
resumableTaskStore !== null && resumableTaskStore !== void 0 ? resumableTaskStore : (resumableTaskStore = new ResumableTaskStoreLevel({ location: `${dataPath}/DWN_RESUMABLETASKSTORE` }));
|
|
109
|
-
|
|
110
|
-
return yield Dwn.create({ dataStore, didResolver, stateIndex,
|
|
111
|
+
eventLog !== null && eventLog !== void 0 ? eventLog : (eventLog = new EventEmitterEventLog());
|
|
112
|
+
return yield Dwn.create({ dataStore, didResolver, stateIndex, eventLog, messageStore, tenantGate, resumableTaskStore });
|
|
111
113
|
});
|
|
112
114
|
}
|
|
113
115
|
processRequest(request) {
|
|
114
116
|
return __awaiter(this, void 0, void 0, function* () {
|
|
115
|
-
var _a, _b;
|
|
116
117
|
// Constructs a DWN message. and if there is a data payload, prepares the data as a
|
|
117
118
|
// Web ReadableStream.
|
|
118
119
|
const { message, dataStream } = yield this.constructDwnMessage({ request });
|
|
@@ -127,99 +128,7 @@ export class AgentDwnApi {
|
|
|
127
128
|
? yield this._dwn.processMessage(request.target, message, { dataStream: dataStream, subscriptionHandler })
|
|
128
129
|
: { status: { code: 202, detail: 'Accepted' } };
|
|
129
130
|
// Post-write key delivery: detect new participants and write contextKey records.
|
|
130
|
-
|
|
131
|
-
if (isDwnRequest(request, DwnInterface.RecordsWrite) &&
|
|
132
|
-
request.encryption &&
|
|
133
|
-
reply.status.code === 202) {
|
|
134
|
-
const writeParams = request.messageParams;
|
|
135
|
-
// Skip key-delivery protocol writes to avoid infinite recursion (contextKey records are themselves encrypted)
|
|
136
|
-
if (writeParams.protocol !== KeyDeliveryProtocolDefinition.protocol) {
|
|
137
|
-
try {
|
|
138
|
-
const protocolDefinition = yield this.getProtocolDefinition(request.target, writeParams.protocol);
|
|
139
|
-
if (protocolDefinition) {
|
|
140
|
-
const recordsWriteMessage = message;
|
|
141
|
-
// Reactive root-record upgrade (PR E): if this is an externally-authored
|
|
142
|
-
// root record with only ProtocolPath encryption, the owner upgrades it by
|
|
143
|
-
// appending a ProtocolContext recipient entry so that context key
|
|
144
|
-
// holders (including the external author) can also decrypt.
|
|
145
|
-
const authorDid = Jws.getSignerDid(recordsWriteMessage.authorization.signature.signatures[0]);
|
|
146
|
-
const isExternallyAuthored = authorDid !== request.target;
|
|
147
|
-
const isRootRecord = !writeParams.parentContextId;
|
|
148
|
-
const rootPathSegment = writeParams.protocolPath.split('/')[0];
|
|
149
|
-
const isMultiParty = isMultiPartyContextFn(protocolDefinition, rootPathSegment);
|
|
150
|
-
if (isExternallyAuthored && isRootRecord && isMultiParty) {
|
|
151
|
-
try {
|
|
152
|
-
yield upgradeExternalRootRecordFn(this.agent, request.target, recordsWriteMessage, this._dwn, this.getSigner.bind(this), this._contextKeyCache);
|
|
153
|
-
}
|
|
154
|
-
catch (upgradeError) {
|
|
155
|
-
console.warn(`AgentDwnApi: Reactive root-record upgrade failed for ` +
|
|
156
|
-
`'${recordsWriteMessage.recordId}': ${upgradeError.message}`);
|
|
157
|
-
}
|
|
158
|
-
}
|
|
159
|
-
const newParticipants = detectNewParticipantsFn({
|
|
160
|
-
protocolDefinition,
|
|
161
|
-
protocolPath: writeParams.protocolPath,
|
|
162
|
-
recipient: writeParams.recipient,
|
|
163
|
-
tenantDid: request.target,
|
|
164
|
-
authorDid: isExternallyAuthored ? authorDid : undefined,
|
|
165
|
-
});
|
|
166
|
-
if (newParticipants.size > 0) {
|
|
167
|
-
// Derive the context key to deliver to participants
|
|
168
|
-
const rootContextId = ((_a = recordsWriteMessage.contextId) === null || _a === void 0 ? void 0 : _a.split('/')[0])
|
|
169
|
-
|| recordsWriteMessage.contextId
|
|
170
|
-
|| recordsWriteMessage.recordId;
|
|
171
|
-
const { keyId, keyUri } = yield getEncryptionKeyInfoFn(this.agent, request.target);
|
|
172
|
-
const contextDerivationPath = [
|
|
173
|
-
KeyDerivationScheme.ProtocolContext,
|
|
174
|
-
rootContextId,
|
|
175
|
-
];
|
|
176
|
-
const contextDerivedPrivateKeyBytes = yield this.agent.keyManager.derivePrivateKeyBytes({
|
|
177
|
-
keyUri,
|
|
178
|
-
derivationPath: contextDerivationPath,
|
|
179
|
-
});
|
|
180
|
-
const contextDerivedPrivateJwk = yield X25519.bytesToPrivateKey({ privateKeyBytes: contextDerivedPrivateKeyBytes });
|
|
181
|
-
const contextKeyPayload = {
|
|
182
|
-
rootKeyId: keyId,
|
|
183
|
-
derivationScheme: KeyDerivationScheme.ProtocolContext,
|
|
184
|
-
derivationPath: contextDerivationPath,
|
|
185
|
-
derivedPrivateKey: contextDerivedPrivateJwk,
|
|
186
|
-
};
|
|
187
|
-
// Extract the author's key delivery public key from the record
|
|
188
|
-
// so we can encrypt the contextKey directly to the external author.
|
|
189
|
-
const authorKeyDeliveryPubKey = (_b = recordsWriteMessage.authorization) === null || _b === void 0 ? void 0 : _b.authorKeyDeliveryPublicKey;
|
|
190
|
-
for (const participantDid of newParticipants) {
|
|
191
|
-
try {
|
|
192
|
-
// Use the author's key delivery public key when delivering
|
|
193
|
-
// to the external author; for other participants (e.g.
|
|
194
|
-
// recipient, role holders) fall back to owner-key encryption.
|
|
195
|
-
const recipientKey = (participantDid === authorDid && authorKeyDeliveryPubKey)
|
|
196
|
-
? authorKeyDeliveryPubKey
|
|
197
|
-
: undefined;
|
|
198
|
-
yield this.writeContextKeyRecord({
|
|
199
|
-
tenantDid: request.target,
|
|
200
|
-
recipientDid: participantDid,
|
|
201
|
-
contextKeyData: contextKeyPayload,
|
|
202
|
-
sourceProtocol: writeParams.protocol,
|
|
203
|
-
sourceContextId: rootContextId,
|
|
204
|
-
recipientKeyDeliveryPublicKey: recipientKey,
|
|
205
|
-
});
|
|
206
|
-
}
|
|
207
|
-
catch (keyDeliveryError) {
|
|
208
|
-
console.warn(`AgentDwnApi: Key delivery to '${participantDid}' for context ` +
|
|
209
|
-
`'${rootContextId}' failed: ${keyDeliveryError.message}. ` +
|
|
210
|
-
`The participant may not be able to decrypt records in this context.`);
|
|
211
|
-
}
|
|
212
|
-
}
|
|
213
|
-
}
|
|
214
|
-
}
|
|
215
|
-
}
|
|
216
|
-
catch (detectionError) {
|
|
217
|
-
// Participant detection failure is non-fatal — the record is still stored.
|
|
218
|
-
console.warn(`AgentDwnApi: Post-write participant detection failed: ` +
|
|
219
|
-
`${detectionError.message}`);
|
|
220
|
-
}
|
|
221
|
-
}
|
|
222
|
-
}
|
|
131
|
+
yield this.postWriteKeyDelivery(request, message, reply);
|
|
223
132
|
// Auto-decrypt reply data if encryption is enabled (Component 7)
|
|
224
133
|
yield this.maybeDecryptReply(request, reply);
|
|
225
134
|
// Returns an object containing the reply from processing the message, the original message,
|
|
@@ -260,13 +169,28 @@ export class AgentDwnApi {
|
|
|
260
169
|
data = request.dataStream;
|
|
261
170
|
subscriptionHandler = request.subscriptionHandler;
|
|
262
171
|
}
|
|
172
|
+
// Build a resubscribe factory for subscribe requests. This closure
|
|
173
|
+
// captures the original request so it can reconstruct and re-sign a new
|
|
174
|
+
// subscribe message with a cursor on reconnection.
|
|
175
|
+
let resubscribeFactory;
|
|
176
|
+
if (subscriptionHandler !== undefined && !('messageCid' in request)) {
|
|
177
|
+
resubscribeFactory = (cursor) => __awaiter(this, void 0, void 0, function* () {
|
|
178
|
+
const resumeParams = cursor !== undefined
|
|
179
|
+
? Object.assign(Object.assign({}, request.messageParams), { cursor })
|
|
180
|
+
: request.messageParams;
|
|
181
|
+
const resumeRequest = Object.assign(Object.assign({}, request), { messageParams: resumeParams });
|
|
182
|
+
const { message: resumeMessage } = yield this.constructDwnMessage({ request: resumeRequest });
|
|
183
|
+
return resumeMessage;
|
|
184
|
+
});
|
|
185
|
+
}
|
|
263
186
|
// Send the RPC request to the target DID's DWN service endpoint using the Agent's RPC client.
|
|
264
187
|
const reply = yield this.sendDwnRpcRequest({
|
|
265
188
|
targetDid: request.target,
|
|
266
189
|
dwnEndpointUrls,
|
|
267
190
|
message,
|
|
268
191
|
data,
|
|
269
|
-
subscriptionHandler
|
|
192
|
+
subscriptionHandler,
|
|
193
|
+
resubscribeFactory,
|
|
270
194
|
});
|
|
271
195
|
// Auto-decrypt reply data if encryption is enabled (Component 7)
|
|
272
196
|
yield this.maybeDecryptReply(request, reply);
|
|
@@ -277,8 +201,116 @@ export class AgentDwnApi {
|
|
|
277
201
|
return { reply, message, messageCid };
|
|
278
202
|
});
|
|
279
203
|
}
|
|
204
|
+
/**
|
|
205
|
+
* Post-write key delivery: after a successful encrypted `RecordsWrite`,
|
|
206
|
+
* detect new participants and write `contextKey` records so they can
|
|
207
|
+
* decrypt records in the context.
|
|
208
|
+
*
|
|
209
|
+
* This is a non-fatal operation — if participant detection or key delivery
|
|
210
|
+
* fails, the record is still stored and a warning is logged.
|
|
211
|
+
*/
|
|
212
|
+
postWriteKeyDelivery(request, message, reply) {
|
|
213
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
214
|
+
var _a, _b;
|
|
215
|
+
if (!isDwnRequest(request, DwnInterface.RecordsWrite) ||
|
|
216
|
+
!request.encryption ||
|
|
217
|
+
reply.status.code !== 202) {
|
|
218
|
+
return;
|
|
219
|
+
}
|
|
220
|
+
const writeParams = request.messageParams;
|
|
221
|
+
// Skip key-delivery protocol writes to avoid infinite recursion (contextKey records are themselves encrypted)
|
|
222
|
+
if (writeParams.protocol === KeyDeliveryProtocolDefinition.protocol) {
|
|
223
|
+
return;
|
|
224
|
+
}
|
|
225
|
+
try {
|
|
226
|
+
const protocolDefinition = yield this.getProtocolDefinition(request.target, writeParams.protocol);
|
|
227
|
+
if (!protocolDefinition) {
|
|
228
|
+
return;
|
|
229
|
+
}
|
|
230
|
+
const recordsWriteMessage = message;
|
|
231
|
+
// Reactive root-record upgrade (PR E): if this is an externally-authored
|
|
232
|
+
// root record with only ProtocolPath encryption, the owner upgrades it by
|
|
233
|
+
// appending a ProtocolContext recipient entry so that context key
|
|
234
|
+
// holders (including the external author) can also decrypt.
|
|
235
|
+
const authorDid = Jws.getSignerDid(recordsWriteMessage.authorization.signature.signatures[0]);
|
|
236
|
+
const isExternallyAuthored = authorDid !== request.target;
|
|
237
|
+
const isRootRecord = !writeParams.parentContextId;
|
|
238
|
+
const rootPathSegment = writeParams.protocolPath.split('/')[0];
|
|
239
|
+
const isMultiParty = isMultiPartyContextFn(protocolDefinition, rootPathSegment);
|
|
240
|
+
if (isExternallyAuthored && isRootRecord && isMultiParty) {
|
|
241
|
+
try {
|
|
242
|
+
yield upgradeExternalRootRecordFn(this.agent, request.target, recordsWriteMessage, this._dwn, this.getSigner.bind(this), this._contextKeyCache);
|
|
243
|
+
}
|
|
244
|
+
catch (upgradeError) {
|
|
245
|
+
console.warn(`AgentDwnApi: Reactive root-record upgrade failed for ` +
|
|
246
|
+
`'${recordsWriteMessage.recordId}': ${upgradeError.message}`);
|
|
247
|
+
}
|
|
248
|
+
}
|
|
249
|
+
const newParticipants = detectNewParticipantsFn({
|
|
250
|
+
protocolDefinition,
|
|
251
|
+
protocolPath: writeParams.protocolPath,
|
|
252
|
+
recipient: writeParams.recipient,
|
|
253
|
+
tenantDid: request.target,
|
|
254
|
+
authorDid: isExternallyAuthored ? authorDid : undefined,
|
|
255
|
+
});
|
|
256
|
+
if (newParticipants.size > 0) {
|
|
257
|
+
// Derive the context key to deliver to participants
|
|
258
|
+
const rootContextId = ((_a = recordsWriteMessage.contextId) === null || _a === void 0 ? void 0 : _a.split('/')[0])
|
|
259
|
+
|| recordsWriteMessage.contextId
|
|
260
|
+
|| recordsWriteMessage.recordId;
|
|
261
|
+
const { keyId, keyUri } = yield getEncryptionKeyInfoFn(this.agent, request.target);
|
|
262
|
+
const contextDerivationPath = [
|
|
263
|
+
KeyDerivationScheme.ProtocolContext,
|
|
264
|
+
rootContextId,
|
|
265
|
+
];
|
|
266
|
+
const contextDerivedPrivateKeyBytes = yield this.agent.keyManager.derivePrivateKeyBytes({
|
|
267
|
+
keyUri,
|
|
268
|
+
derivationPath: contextDerivationPath,
|
|
269
|
+
});
|
|
270
|
+
const contextDerivedPrivateJwk = yield X25519.bytesToPrivateKey({ privateKeyBytes: contextDerivedPrivateKeyBytes });
|
|
271
|
+
const contextKeyPayload = {
|
|
272
|
+
rootKeyId: keyId,
|
|
273
|
+
derivationScheme: KeyDerivationScheme.ProtocolContext,
|
|
274
|
+
derivationPath: contextDerivationPath,
|
|
275
|
+
derivedPrivateKey: contextDerivedPrivateJwk,
|
|
276
|
+
};
|
|
277
|
+
// Extract the author's key delivery public key from the record
|
|
278
|
+
// so we can encrypt the contextKey directly to the external author.
|
|
279
|
+
const authorKeyDeliveryPubKey = (_b = recordsWriteMessage.authorization) === null || _b === void 0 ? void 0 : _b.authorKeyDeliveryPublicKey;
|
|
280
|
+
for (const participantDid of newParticipants) {
|
|
281
|
+
try {
|
|
282
|
+
// Use the author's key delivery public key when delivering
|
|
283
|
+
// to the external author; for other participants (e.g.
|
|
284
|
+
// recipient, role holders) fall back to owner-key encryption.
|
|
285
|
+
const recipientKey = (participantDid === authorDid && authorKeyDeliveryPubKey)
|
|
286
|
+
? authorKeyDeliveryPubKey
|
|
287
|
+
: undefined;
|
|
288
|
+
yield this.writeContextKeyRecord({
|
|
289
|
+
tenantDid: request.target,
|
|
290
|
+
recipientDid: participantDid,
|
|
291
|
+
contextKeyData: contextKeyPayload,
|
|
292
|
+
sourceProtocol: writeParams.protocol,
|
|
293
|
+
sourceContextId: rootContextId,
|
|
294
|
+
recipientKeyDeliveryPublicKey: recipientKey,
|
|
295
|
+
});
|
|
296
|
+
}
|
|
297
|
+
catch (keyDeliveryError) {
|
|
298
|
+
console.warn(`AgentDwnApi: Key delivery to '${participantDid}' for context ` +
|
|
299
|
+
`'${rootContextId}' failed: ${keyDeliveryError.message}. ` +
|
|
300
|
+
`The participant may not be able to decrypt records in this context.`);
|
|
301
|
+
}
|
|
302
|
+
}
|
|
303
|
+
}
|
|
304
|
+
}
|
|
305
|
+
catch (detectionError) {
|
|
306
|
+
// Participant detection failure is non-fatal — the record is still stored.
|
|
307
|
+
console.warn(`AgentDwnApi: Post-write participant detection failed: ` +
|
|
308
|
+
`${detectionError.message}`);
|
|
309
|
+
}
|
|
310
|
+
});
|
|
311
|
+
}
|
|
280
312
|
sendDwnRpcRequest(_a) {
|
|
281
|
-
return __awaiter(this, arguments, void 0, function* ({ targetDid, dwnEndpointUrls, message, data, subscriptionHandler }) {
|
|
313
|
+
return __awaiter(this, arguments, void 0, function* ({ targetDid, dwnEndpointUrls, message, data, subscriptionHandler, resubscribeFactory }) {
|
|
282
314
|
const errorMessages = [];
|
|
283
315
|
if (message.descriptor.method === DwnMethodName.Subscribe && subscriptionHandler === undefined) {
|
|
284
316
|
throw new Error('AgentDwnApi: Subscription handler is required for subscription requests.');
|
|
@@ -308,7 +340,10 @@ export class AgentDwnApi {
|
|
|
308
340
|
targetDid,
|
|
309
341
|
message,
|
|
310
342
|
data,
|
|
311
|
-
subscriptionHandler
|
|
343
|
+
subscription: subscriptionHandler ? {
|
|
344
|
+
handler: subscriptionHandler,
|
|
345
|
+
resubscribeFactory,
|
|
346
|
+
} : undefined,
|
|
312
347
|
});
|
|
313
348
|
return dwnReply;
|
|
314
349
|
}
|
|
@@ -552,6 +587,9 @@ export class AgentDwnApi {
|
|
|
552
587
|
const dwnMessageConstructor = dwnMessageConstructors[request.messageType];
|
|
553
588
|
// if there is no raw message provided, we need to create the dwn message
|
|
554
589
|
if (!rawMessage) {
|
|
590
|
+
if (request.messageParams === undefined) {
|
|
591
|
+
throw new Error('AgentDwnApi: messageParams must be provided when rawMessage is not given.');
|
|
592
|
+
}
|
|
555
593
|
// If we need to sign as an author delegate or with permissions we need to get the grantee's signer
|
|
556
594
|
// The messageParams should include either a permissionGrantId, or a delegatedGrant message
|
|
557
595
|
const signer = request.granteeDid ?
|
|
@@ -671,26 +709,6 @@ export class AgentDwnApi {
|
|
|
671
709
|
return getKeyDecrypterFn(this.agent, didUri);
|
|
672
710
|
});
|
|
673
711
|
}
|
|
674
|
-
/**
|
|
675
|
-
* Checks if a protocol path represents a multi-party context.
|
|
676
|
-
*
|
|
677
|
-
* @param protocolDefinition - The full protocol definition
|
|
678
|
-
* @param rootProtocolPath - The root protocol path to check
|
|
679
|
-
*/
|
|
680
|
-
isMultiPartyContext(protocolDefinition, rootProtocolPath) {
|
|
681
|
-
return isMultiPartyContextFn(protocolDefinition, rootProtocolPath);
|
|
682
|
-
}
|
|
683
|
-
/**
|
|
684
|
-
* Checks if any `$actions` rule in the protocol grants read access
|
|
685
|
-
* via `who: '<actorType>'` and `of: '<path>'`.
|
|
686
|
-
*
|
|
687
|
-
* @param actorType - The actor type to check ('author', 'recipient', or undefined for any)
|
|
688
|
-
* @param ofPath - The protocol path to check
|
|
689
|
-
* @param protocolDefinition - The protocol definition
|
|
690
|
-
*/
|
|
691
|
-
hasRelationalReadAccess(actorType, ofPath, protocolDefinition) {
|
|
692
|
-
return hasRelationalReadAccessFn(actorType, ofPath, protocolDefinition);
|
|
693
|
-
}
|
|
694
712
|
/**
|
|
695
713
|
* Analyses a record write to determine which DIDs need context key delivery.
|
|
696
714
|
*
|
|
@@ -701,7 +719,7 @@ export class AgentDwnApi {
|
|
|
701
719
|
return detectNewParticipantsFn(params);
|
|
702
720
|
}
|
|
703
721
|
/**
|
|
704
|
-
|
|
722
|
+
* Fetches a protocol definition from the local DWN, with caching.
|
|
705
723
|
* Returns undefined if the protocol is not installed.
|
|
706
724
|
*
|
|
707
725
|
* @param tenantDid - The tenant DID to query
|
|
@@ -710,24 +728,7 @@ export class AgentDwnApi {
|
|
|
710
728
|
*/
|
|
711
729
|
getProtocolDefinition(tenantDid, protocolUri) {
|
|
712
730
|
return __awaiter(this, void 0, void 0, function* () {
|
|
713
|
-
|
|
714
|
-
const cacheKey = `${tenantDid}~${protocolUri}`;
|
|
715
|
-
const cached = this._protocolDefinitionCache.get(cacheKey);
|
|
716
|
-
if (cached) {
|
|
717
|
-
return cached;
|
|
718
|
-
}
|
|
719
|
-
const signer = yield this.getSigner(tenantDid);
|
|
720
|
-
const protocolsQuery = yield dwnMessageConstructors[DwnInterface.ProtocolsQuery].create({
|
|
721
|
-
filter: { protocol: protocolUri },
|
|
722
|
-
signer,
|
|
723
|
-
});
|
|
724
|
-
const reply = yield this._dwn.processMessage(tenantDid, protocolsQuery.message);
|
|
725
|
-
if (reply.status.code !== 200 || !((_a = reply.entries) === null || _a === void 0 ? void 0 : _a.length)) {
|
|
726
|
-
return undefined;
|
|
727
|
-
}
|
|
728
|
-
const definition = reply.entries[0].descriptor.definition;
|
|
729
|
-
this._protocolDefinitionCache.set(cacheKey, definition);
|
|
730
|
-
return definition;
|
|
731
|
+
return getProtocolDefinitionFn(tenantDid, protocolUri, this._dwn, this.getSigner.bind(this), this._protocolDefinitionCache);
|
|
731
732
|
});
|
|
732
733
|
}
|
|
733
734
|
/**
|
|
@@ -736,27 +737,7 @@ export class AgentDwnApi {
|
|
|
736
737
|
*/
|
|
737
738
|
fetchRemoteProtocolDefinition(targetDid, protocolUri) {
|
|
738
739
|
return __awaiter(this, void 0, void 0, function* () {
|
|
739
|
-
|
|
740
|
-
const cacheKey = `remote~${targetDid}~${protocolUri}`;
|
|
741
|
-
const cached = this._protocolDefinitionCache.get(cacheKey);
|
|
742
|
-
if (cached) {
|
|
743
|
-
return cached;
|
|
744
|
-
}
|
|
745
|
-
const protocolsQuery = yield dwnMessageConstructors[DwnInterface.ProtocolsQuery].create({
|
|
746
|
-
filter: { protocol: protocolUri },
|
|
747
|
-
});
|
|
748
|
-
const reply = yield this.sendDwnRpcRequest({
|
|
749
|
-
targetDid,
|
|
750
|
-
dwnEndpointUrls: yield getDwnServiceEndpointUrls(targetDid, this.agent.did),
|
|
751
|
-
message: protocolsQuery.message,
|
|
752
|
-
});
|
|
753
|
-
if (reply.status.code !== 200 || !((_a = reply.entries) === null || _a === void 0 ? void 0 : _a.length)) {
|
|
754
|
-
throw new Error(`AgentDwnApi: Failed to fetch protocol '${protocolUri}' from ` +
|
|
755
|
-
`'${targetDid}'. The recipient may not have the protocol installed.`);
|
|
756
|
-
}
|
|
757
|
-
const definition = reply.entries[0].descriptor.definition;
|
|
758
|
-
this._protocolDefinitionCache.set(cacheKey, definition);
|
|
759
|
-
return definition;
|
|
740
|
+
return fetchRemoteProtocolDefinitionFn(targetDid, protocolUri, this.agent.did, this.sendDwnRpcRequest.bind(this), this._protocolDefinitionCache);
|
|
760
741
|
});
|
|
761
742
|
}
|
|
762
743
|
/**
|
|
@@ -773,39 +754,7 @@ export class AgentDwnApi {
|
|
|
773
754
|
*/
|
|
774
755
|
extractDerivedPublicKey(targetDid, protocolUri, rootContextId, requesterDid) {
|
|
775
756
|
return __awaiter(this, void 0, void 0, function* () {
|
|
776
|
-
|
|
777
|
-
const signer = yield this.getSigner(requesterDid);
|
|
778
|
-
// Query the target's DWN for any record in this context
|
|
779
|
-
const recordsQuery = yield dwnMessageConstructors[DwnInterface.RecordsQuery].create({
|
|
780
|
-
signer,
|
|
781
|
-
filter: {
|
|
782
|
-
protocol: protocolUri,
|
|
783
|
-
contextId: rootContextId,
|
|
784
|
-
},
|
|
785
|
-
});
|
|
786
|
-
const dwnEndpointUrls = yield getDwnServiceEndpointUrls(targetDid, this.agent.did);
|
|
787
|
-
const queryReply = yield this.sendDwnRpcRequest({
|
|
788
|
-
targetDid,
|
|
789
|
-
dwnEndpointUrls,
|
|
790
|
-
message: recordsQuery.message,
|
|
791
|
-
});
|
|
792
|
-
if (queryReply.status.code !== 200 || !((_a = queryReply.entries) === null || _a === void 0 ? void 0 : _a.length)) {
|
|
793
|
-
return undefined;
|
|
794
|
-
}
|
|
795
|
-
// Search entries for one with a ProtocolContext recipient entry
|
|
796
|
-
// that includes derivedPublicKey
|
|
797
|
-
for (const entry of queryReply.entries) {
|
|
798
|
-
if ((_b = entry.encryption) === null || _b === void 0 ? void 0 : _b.recipients) {
|
|
799
|
-
const contextEntry = entry.encryption.recipients.find((r) => r.header.derivationScheme === KeyDerivationScheme.ProtocolContext && r.header.derivedPublicKey);
|
|
800
|
-
if (contextEntry === null || contextEntry === void 0 ? void 0 : contextEntry.header.derivedPublicKey) {
|
|
801
|
-
return {
|
|
802
|
-
rootKeyId: contextEntry.header.kid,
|
|
803
|
-
derivedPublicKey: contextEntry.header.derivedPublicKey,
|
|
804
|
-
};
|
|
805
|
-
}
|
|
806
|
-
}
|
|
807
|
-
}
|
|
808
|
-
return undefined;
|
|
757
|
+
return extractDerivedPublicKeyFn(targetDid, protocolUri, rootContextId, requesterDid, this.agent.did, this.getSigner.bind(this), this.sendDwnRpcRequest.bind(this));
|
|
809
758
|
});
|
|
810
759
|
}
|
|
811
760
|
/**
|