@the-ai-company/cbio-node-runtime 1.11.0 → 1.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -1
- package/dist/runtime/child-identity.d.ts +5 -0
- package/dist/runtime/child-identity.js +29 -0
- package/dist/runtime/child-identity.js.map +1 -0
- package/dist/runtime/identity.d.ts +2 -1
- package/dist/runtime/identity.js +23 -23
- package/dist/runtime/identity.js.map +1 -1
- package/dist/runtime/index.d.ts +3 -1
- package/dist/runtime/index.js +3 -1
- package/dist/runtime/index.js.map +1 -1
- package/dist/runtime/private-vault.d.ts +28 -0
- package/dist/runtime/private-vault.js +61 -0
- package/dist/runtime/private-vault.js.map +1 -0
- package/docs/IDENTITY_MODEL.md +1 -1
- package/docs/REFERENCE.md +12 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -41,7 +41,9 @@ npm install @the-ai-company/cbio-node-runtime
|
|
|
41
41
|
import {
|
|
42
42
|
createVaultService,
|
|
43
43
|
createDefaultVaultCoreDependencies,
|
|
44
|
+
createChildIdentity,
|
|
44
45
|
createIdentity,
|
|
46
|
+
ensurePrivateVault,
|
|
45
47
|
restoreIdentity,
|
|
46
48
|
createVault,
|
|
47
49
|
recoverVault,
|
|
@@ -66,11 +68,17 @@ Child identity example:
|
|
|
66
68
|
|
|
67
69
|
```ts
|
|
68
70
|
const rootIdentity = createIdentity({ nickname: 'root' });
|
|
69
|
-
|
|
71
|
+
await ensurePrivateVault(storage, rootIdentity);
|
|
72
|
+
const childIdentity = await createChildIdentity(storage, rootIdentity, {
|
|
70
73
|
nickname: 'worker-1',
|
|
71
74
|
});
|
|
72
75
|
```
|
|
73
76
|
|
|
77
|
+
Each identity now has a private vault namespace in storage. That namespace holds identity-level metadata such as:
|
|
78
|
+
|
|
79
|
+
- `profile.json`
|
|
80
|
+
- `children.json`
|
|
81
|
+
|
|
74
82
|
## Architecture
|
|
75
83
|
|
|
76
84
|
Core terms:
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
import type { IStorageProvider } from "../storage/provider.js";
|
|
2
|
+
import type { CreatedIdentity, CreateIdentityOptions } from "./identity.js";
|
|
3
|
+
export interface CreateChildIdentityOptions extends CreateIdentityOptions {
|
|
4
|
+
}
|
|
5
|
+
export declare function createChildIdentity(storage: IStorageProvider, parentIdentity: CreatedIdentity | string, options?: CreateChildIdentityOptions): Promise<CreatedIdentity>;
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
import { deriveChildIdentity } from "./identity.js";
|
|
2
|
+
import { ensurePrivateVault, readPrivateVaultChildrenState, withPrivateVaultLock, writePrivateVaultChildrenState, } from "./private-vault.js";
|
|
3
|
+
export async function createChildIdentity(storage, parentIdentity, options = {}) {
|
|
4
|
+
const parent = typeof parentIdentity === "string"
|
|
5
|
+
? undefined
|
|
6
|
+
: parentIdentity;
|
|
7
|
+
if (!parent) {
|
|
8
|
+
throw new Error("parent identity object is required");
|
|
9
|
+
}
|
|
10
|
+
const run = async () => {
|
|
11
|
+
await ensurePrivateVault(storage, parent);
|
|
12
|
+
const state = await readPrivateVaultChildrenState(storage, parent.identityId);
|
|
13
|
+
const childIndex = state.nextChildIndex;
|
|
14
|
+
const childIdentity = deriveChildIdentity(parent, childIndex, options);
|
|
15
|
+
await ensurePrivateVault(storage, childIdentity);
|
|
16
|
+
state.nextChildIndex += 1;
|
|
17
|
+
state.children.push({
|
|
18
|
+
identityId: childIdentity.identityId,
|
|
19
|
+
parentIdentityId: childIdentity.parentIdentityId,
|
|
20
|
+
childIndex,
|
|
21
|
+
nickname: childIdentity.nickname,
|
|
22
|
+
publicKey: childIdentity.publicKey,
|
|
23
|
+
});
|
|
24
|
+
await writePrivateVaultChildrenState(storage, parent.identityId, state);
|
|
25
|
+
return childIdentity;
|
|
26
|
+
};
|
|
27
|
+
return withPrivateVaultLock(storage, parent.identityId, run);
|
|
28
|
+
}
|
|
29
|
+
//# sourceMappingURL=child-identity.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"child-identity.js","sourceRoot":"","sources":["../../src/runtime/child-identity.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EACL,kBAAkB,EAClB,6BAA6B,EAC7B,oBAAoB,EACpB,8BAA8B,GAC/B,MAAM,oBAAoB,CAAC;AAI5B,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,OAAyB,EACzB,cAAwC,EACxC,UAAsC,EAAE;IAExC,MAAM,MAAM,GACV,OAAO,cAAc,KAAK,QAAQ;QAChC,CAAC,CAAC,SAAS;QACX,CAAC,CAAC,cAAc,CAAC;IACrB,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IACD,MAAM,GAAG,GAAG,KAAK,IAA8B,EAAE;QAC/C,MAAM,kBAAkB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC1C,MAAM,KAAK,GAAG,MAAM,6BAA6B,CAAC,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;QAC9E,MAAM,UAAU,GAAG,KAAK,CAAC,cAAc,CAAC;QACxC,MAAM,aAAa,GAAG,mBAAmB,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;QACvE,MAAM,kBAAkB,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QACjD,KAAK,CAAC,cAAc,IAAI,CAAC,CAAC;QAC1B,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;YAClB,UAAU,EAAE,aAAa,CAAC,UAAU;YACpC,gBAAgB,EAAE,aAAa,CAAC,gBAAiB;YACjD,UAAU;YACV,QAAQ,EAAE,aAAa,CAAC,QAAQ;YAChC,SAAS,EAAE,aAAa,CAAC,SAAS;SACnC,CAAC,CAAC;QACH,MAAM,8BAA8B,CAAC,OAAO,EAAE,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QACxE,OAAO,aAAa,CAAC;IACvB,CAAC,CAAC;IACF,OAAO,oBAAoB,CAAC,OAAO,EAAE,MAAM,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;AAC/D,CAAC"}
|
|
@@ -2,6 +2,7 @@ export interface CreatedIdentity {
|
|
|
2
2
|
identityId: string;
|
|
3
3
|
nickname?: string;
|
|
4
4
|
parentIdentityId?: string;
|
|
5
|
+
childIndex?: number;
|
|
5
6
|
publicKey: string;
|
|
6
7
|
privateKey: string;
|
|
7
8
|
}
|
|
@@ -14,6 +15,6 @@ export interface RestoreIdentityOptions {
|
|
|
14
15
|
export interface DeriveIdentityOptions {
|
|
15
16
|
nickname?: string;
|
|
16
17
|
}
|
|
17
|
-
export declare function createIdentity(parent?: CreatedIdentity | string, options?: CreateIdentityOptions): CreatedIdentity;
|
|
18
18
|
export declare function createIdentity(options?: CreateIdentityOptions): CreatedIdentity;
|
|
19
19
|
export declare function restoreIdentity(privateKey: string, options?: RestoreIdentityOptions): CreatedIdentity;
|
|
20
|
+
export declare function deriveChildIdentity(parent: CreatedIdentity | string, childIndex: number, options?: DeriveIdentityOptions): CreatedIdentity;
|
package/dist/runtime/identity.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { createHmac, createPrivateKey, createPublicKey
|
|
1
|
+
import { createHmac, createPrivateKey, createPublicKey } from "node:crypto";
|
|
2
2
|
import { derivePublicKey, generateIdentityKeys } from "../protocol/crypto.js";
|
|
3
3
|
import { deriveIdentityId } from "../protocol/identity.js";
|
|
4
4
|
const ED25519_PKCS8_PREFIX = Buffer.from("302e020100300506032b657004220420", "hex");
|
|
@@ -36,28 +36,15 @@ function createRootIdentity(options = {}) {
|
|
|
36
36
|
privateKey: keyPair.privateKey,
|
|
37
37
|
};
|
|
38
38
|
}
|
|
39
|
-
export function createIdentity(parentOrOptions, maybeOptions = {}) {
|
|
39
|
+
export function createIdentity(parentOrOptions, childIndexOrOptions, maybeOptions = {}) {
|
|
40
40
|
const hasParent = typeof parentOrOptions === "string" ||
|
|
41
41
|
(typeof parentOrOptions === "object" &&
|
|
42
42
|
parentOrOptions !== null &&
|
|
43
43
|
"privateKey" in parentOrOptions);
|
|
44
|
-
if (
|
|
45
|
-
|
|
44
|
+
if (hasParent) {
|
|
45
|
+
throw new Error("createIdentity() only creates root identities; use createChildIdentity() or deriveChildIdentity()");
|
|
46
46
|
}
|
|
47
|
-
|
|
48
|
-
if (!parentPrivateKey) {
|
|
49
|
-
return createRootIdentity(maybeOptions);
|
|
50
|
-
}
|
|
51
|
-
const nickname = normalizeNickname(maybeOptions.nickname);
|
|
52
|
-
const relationId = randomBytes(16).toString("base64url");
|
|
53
|
-
const childIdentity = deriveIdentity(parentPrivateKey, relationId, { nickname });
|
|
54
|
-
const parentIdentity = typeof parentOrOptions === "string"
|
|
55
|
-
? restoreIdentity(parentPrivateKey)
|
|
56
|
-
: parentOrOptions;
|
|
57
|
-
return {
|
|
58
|
-
...childIdentity,
|
|
59
|
-
parentIdentityId: parentIdentity.identityId,
|
|
60
|
-
};
|
|
47
|
+
return createRootIdentity(parentOrOptions ?? {});
|
|
61
48
|
}
|
|
62
49
|
export function restoreIdentity(privateKey, options = {}) {
|
|
63
50
|
const normalizedPrivateKey = privateKey.trim();
|
|
@@ -73,20 +60,19 @@ export function restoreIdentity(privateKey, options = {}) {
|
|
|
73
60
|
privateKey: normalizedPrivateKey,
|
|
74
61
|
};
|
|
75
62
|
}
|
|
76
|
-
function deriveIdentity(parentPrivateKey,
|
|
63
|
+
function deriveIdentity(parentPrivateKey, childIndex, options = {}) {
|
|
77
64
|
const normalizedParentPrivateKey = parentPrivateKey.trim();
|
|
78
|
-
const normalizedRelationId = relationId.trim();
|
|
79
65
|
if (!normalizedParentPrivateKey) {
|
|
80
66
|
throw new Error("parent private key is required");
|
|
81
67
|
}
|
|
82
|
-
if (!
|
|
83
|
-
throw new Error("
|
|
68
|
+
if (!Number.isInteger(childIndex) || childIndex < 0) {
|
|
69
|
+
throw new Error("childIndex must be a non-negative integer");
|
|
84
70
|
}
|
|
85
71
|
const parentSeed = decodeEd25519Seed(normalizedParentPrivateKey);
|
|
86
72
|
const childSeed = createHmac("sha256", parentSeed)
|
|
87
73
|
.update("cbio:identity:child:v1")
|
|
88
74
|
.update("\0")
|
|
89
|
-
.update(
|
|
75
|
+
.update(String(childIndex))
|
|
90
76
|
.digest();
|
|
91
77
|
const privateKey = encodeEd25519PrivateKey(childSeed);
|
|
92
78
|
const privateKeyObject = createPrivateKey({
|
|
@@ -105,4 +91,18 @@ function deriveIdentity(parentPrivateKey, relationId, options = {}) {
|
|
|
105
91
|
privateKey,
|
|
106
92
|
};
|
|
107
93
|
}
|
|
94
|
+
export function deriveChildIdentity(parent, childIndex, options = {}) {
|
|
95
|
+
const parentPrivateKey = toParentPrivateKey(parent);
|
|
96
|
+
if (!parentPrivateKey) {
|
|
97
|
+
throw new Error("parent private key is required");
|
|
98
|
+
}
|
|
99
|
+
const parentIdentity = typeof parent === "string"
|
|
100
|
+
? restoreIdentity(parentPrivateKey)
|
|
101
|
+
: parent;
|
|
102
|
+
return {
|
|
103
|
+
...deriveIdentity(parentPrivateKey, childIndex, options),
|
|
104
|
+
parentIdentityId: parentIdentity.identityId,
|
|
105
|
+
childIndex,
|
|
106
|
+
};
|
|
107
|
+
}
|
|
108
108
|
//# sourceMappingURL=identity.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"identity.js","sourceRoot":"","sources":["../../src/runtime/identity.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,eAAe,EAAE,
|
|
1
|
+
{"version":3,"file":"identity.js","sourceRoot":"","sources":["../../src/runtime/identity.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC5E,OAAO,EAAE,eAAe,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAC9E,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAuB3D,MAAM,oBAAoB,GAAG,MAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE,KAAK,CAAC,CAAC;AACpF,MAAM,mBAAmB,GAAG,EAAE,CAAC;AAE/B,SAAS,iBAAiB,CAAC,QAAiB;IAC1C,OAAO,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AACxD,CAAC;AAED,SAAS,iBAAiB,CAAC,UAAkB;IAC3C,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IACjD,IACE,GAAG,CAAC,MAAM,KAAK,oBAAoB,CAAC,MAAM,GAAG,mBAAmB;QAChE,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,oBAAoB,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,oBAAoB,CAAC,EAC1E,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,GAAG,CAAC,QAAQ,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;AACnD,CAAC;AAED,SAAS,uBAAuB,CAAC,IAAY;IAC3C,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,oBAAoB,EAAE,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AAC3E,CAAC;AAED,SAAS,kBAAkB,CAAC,MAAiC;IAC3D,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;AAC/E,CAAC;AAED,SAAS,kBAAkB,CAAC,UAAiC,EAAE;IAC7D,MAAM,OAAO,GAAG,oBAAoB,EAAE,CAAC;IACvC,IAAI,CAAC,OAAO,CAAC,SAAS,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChD,CAAC;IACD,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACrD,OAAO;QACL,UAAU,EAAE,gBAAgB,CAAC,OAAO,CAAC,SAAS,CAAC;QAC/C,QAAQ;QACR,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,UAAU,EAAE,OAAO,CAAC,UAAU;KAC/B,CAAC;AACJ,CAAC;AAGD,MAAM,UAAU,cAAc,CAC5B,eAAkE,EAClE,mBAAoD,EACpD,eAAsC,EAAE;IAExC,MAAM,SAAS,GACb,OAAO,eAAe,KAAK,QAAQ;QACnC,CAAC,OAAO,eAAe,KAAK,QAAQ;YAClC,eAAe,KAAK,IAAI;YACxB,YAAY,IAAI,eAAe,CAAC,CAAC;IAErC,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,mGAAmG,CAAC,CAAC;IACvH,CAAC;IACD,OAAO,kBAAkB,CAAE,eAAqD,IAAI,EAAE,CAAC,CAAC;AAC1F,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,UAAkB,EAAE,UAAkC,EAAE;IACtF,MAAM,oBAAoB,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC;IAC/C,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7C,CAAC;IACD,MAAM,SAAS,GAAG,eAAe,CAAC,oBAAoB,CAAC,CAAC;IACxD,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACrD,OAAO;QACL,UAAU,EAAE,gBAAgB,CAAC,SAAS,CAAC;QACvC,QAAQ;QACR,SAAS;QACT,UAAU,EAAE,oBAAoB;KACjC,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CACrB,gBAAwB,EACxB,UAAkB,EAClB,UAAiC,EAAE;IAEnC,MAAM,0BAA0B,GAAG,gBAAgB,CAAC,IAAI,EAAE,CAAC;IAC3D,IAAI,CAAC,0BAA0B,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IACpD,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,UAAU,GAAG,iBAAiB,CAAC,0BAA0B,CAAC,CAAC;IACjE,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC;SAC/C,MAAM,CAAC,wBAAwB,CAAC;SAChC,MAAM,CAAC,IAAI,CAAC;SACZ,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;SAC1B,MAAM,EAAE,CAAC;IAEZ,MAAM,UAAU,GAAG,uBAAuB,CAAC,SAAS,CAAC,CAAC;IACtD,MAAM,gBAAgB,GAAG,gBAAgB,CAAC;QACxC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC;QACzC,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,OAAO;KACd,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAC3B,eAAe,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAAC;QACvC,IAAI,EAAE,MAAM;QACZ,MAAM,EAAE,KAAK;KACd,CAAC,CACH,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAExB,OAAO;QACL,UAAU,EAAE,gBAAgB,CAAC,SAAS,CAAC;QACvC,QAAQ,EAAE,iBAAiB,CAAC,OAAO,CAAC,QAAQ,CAAC;QAC7C,SAAS;QACT,UAAU;KACX,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CACjC,MAAgC,EAChC,UAAkB,EAClB,UAAiC,EAAE;IAEnC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IACpD,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IACpD,CAAC;IACD,MAAM,cAAc,GAAG,OAAO,MAAM,KAAK,QAAQ;QAC/C,CAAC,CAAC,eAAe,CAAC,gBAAgB,CAAC;QACnC,CAAC,CAAC,MAAM,CAAC;IACX,OAAO;QACL,GAAG,cAAc,CAAC,gBAAgB,EAAE,UAAU,EAAE,OAAO,CAAC;QACxD,gBAAgB,EAAE,cAAc,CAAC,UAAU;QAC3C,UAAU;KACX,CAAC;AACJ,CAAC"}
|
package/dist/runtime/index.d.ts
CHANGED
|
@@ -8,7 +8,9 @@ export { deriveIdentityId } from "../protocol/identity.js";
|
|
|
8
8
|
export type { IStorageProvider } from "../storage/provider.js";
|
|
9
9
|
export { FsStorageProvider } from "../storage/fs.js";
|
|
10
10
|
export { MemoryStorageProvider } from "../storage/memory.js";
|
|
11
|
-
export { createIdentity, restoreIdentity, type CreateIdentityOptions, type RestoreIdentityOptions, type CreatedIdentity, } from "./identity.js";
|
|
11
|
+
export { createIdentity, deriveChildIdentity, restoreIdentity, type CreateIdentityOptions, type RestoreIdentityOptions, type CreatedIdentity, } from "./identity.js";
|
|
12
|
+
export { createChildIdentity, type CreateChildIdentityOptions, } from "./child-identity.js";
|
|
13
|
+
export { ensurePrivateVault, readPrivateVaultProfile, readPrivateVaultChildrenState, privateVaultPrefix, privateVaultProfileKey, privateVaultChildrenKey, type PrivateVaultProfile, type PrivateVaultChildRecord, type PrivateVaultChildrenState, } from "./private-vault.js";
|
|
12
14
|
export { createVault, recoverVault, type CreateVaultOptions, type CreatedVault, type RecoverVaultOptions, type RecoveredVault, } from "./bootstrap.js";
|
|
13
15
|
export { createVaultCore, DefaultVaultCore, VaultCoreError, createDefaultVaultCoreDependencies, type CreateDefaultVaultCoreDependenciesOptions, type DefaultPolicyEngineOptions, DefaultPolicyEngine, createPersistentVaultCoreDependencies, initializeVaultCustody, recoverVaultWorkingKey, DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY, type InitializeVaultCustodyOptions, type InitializedVaultCustody, type CreatePersistentVaultCoreDependenciesOptions, PersistentVaultAuditLog, PersistentVaultCapabilityRegistry, PersistentVaultCapabilityRevocationRegistry, PersistentVaultCustomHttpFlowRegistry, PersistentVaultRateLimitStore, PersistentVaultReplayGuard, PersistentVaultSecretCustody, PersistentVaultSecretRepository, HttpDispatchExecutor, InMemoryAgentIdentityRegistry, InMemoryCapabilityRegistry, InMemoryCapabilityRevocationRegistry, InMemoryCustomHttpFlowRegistry, InMemoryRateLimitStore, InMemoryReplayGuard, InMemoryAuditLog, InMemoryOwnerIdentityRegistry, InMemorySecretCustody, InMemorySecretRepository, RandomIdGenerator, SignatureOwnerProofVerifier, type SignatureAgentProofVerifierOptions, SignatureAgentProofVerifier, SystemClock, type AgentCapability, type AgentIdentityRecord, type AgentProof, type OwnerAuditRequest, type OwnerExportSecretRequest, type OwnerRegisterCapabilityCommand, type OwnerRegisterAgentIdentityCommand, type OwnerRegisterCustomHttpFlowCommand, type OwnerSecretExport, type OwnerIdentityRecord, type CustomHttpFlowDefinition, type OwnerProof, type AuditEntry, type AuditLog, type AuditQuery, type Clock, type DispatchAuthorization, type DispatchInstruction, type DispatchRequest, type DispatchResult, type IdGenerator, type OwnerIdentityRegistry, type OwnerProofVerifier, type PolicyEngine, type RateLimitStore, type ReplayGuard, type CustomHttpFlowRegistry, type SecretAlias, type SecretCustody, type SecretId, type SecretRecord, type SecretRepository, type SecretVersion, type TrustedExecutor, type VaultCore, type VaultCoreDependencies, type VaultPrincipal, type VaultPrincipalKind, type VaultTargetBinding, type VaultWriteSecretCommand, type VaultId, type AgentIdentityRegistry, type AgentProofVerifier, type CapabilityRevocationRegistry, type CapabilityRegistry, } from "../vault-core/index.js";
|
|
14
16
|
export { createVaultClient, type VaultClient, type VaultIdentity, type VaultSigner, type VaultAuditQueryInput, type VaultExportSecretInput, type VaultGrantCapabilityInput, type VaultRegisterFlowInput, type VaultRegisterAgentInput, type OwnerSecretTargetBinding, type OwnerWriteSecretInput, } from "../clients/owner/index.js";
|
package/dist/runtime/index.js
CHANGED
|
@@ -7,7 +7,9 @@ export { derivePublicKey, LocalSigner } from "../protocol/crypto.js";
|
|
|
7
7
|
export { deriveIdentityId } from "../protocol/identity.js";
|
|
8
8
|
export { FsStorageProvider } from "../storage/fs.js";
|
|
9
9
|
export { MemoryStorageProvider } from "../storage/memory.js";
|
|
10
|
-
export { createIdentity, restoreIdentity, } from "./identity.js";
|
|
10
|
+
export { createIdentity, deriveChildIdentity, restoreIdentity, } from "./identity.js";
|
|
11
|
+
export { createChildIdentity, } from "./child-identity.js";
|
|
12
|
+
export { ensurePrivateVault, readPrivateVaultProfile, readPrivateVaultChildrenState, privateVaultPrefix, privateVaultProfileKey, privateVaultChildrenKey, } from "./private-vault.js";
|
|
11
13
|
export { createVault, recoverVault, } from "./bootstrap.js";
|
|
12
14
|
export { createVaultCore, DefaultVaultCore, VaultCoreError, createDefaultVaultCoreDependencies, DefaultPolicyEngine, createPersistentVaultCoreDependencies, initializeVaultCustody, recoverVaultWorkingKey, DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY, PersistentVaultAuditLog, PersistentVaultCapabilityRegistry, PersistentVaultCapabilityRevocationRegistry, PersistentVaultCustomHttpFlowRegistry, PersistentVaultRateLimitStore, PersistentVaultReplayGuard, PersistentVaultSecretCustody, PersistentVaultSecretRepository, HttpDispatchExecutor, InMemoryAgentIdentityRegistry, InMemoryCapabilityRegistry, InMemoryCapabilityRevocationRegistry, InMemoryCustomHttpFlowRegistry, InMemoryRateLimitStore, InMemoryReplayGuard, InMemoryAuditLog, InMemoryOwnerIdentityRegistry, InMemorySecretCustody, InMemorySecretRepository, RandomIdGenerator, SignatureOwnerProofVerifier, SignatureAgentProofVerifier, SystemClock, } from "../vault-core/index.js";
|
|
13
15
|
export { createVaultClient, } from "../clients/owner/index.js";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAChE,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAE3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EACL,cAAc,EACd,eAAe,GAIhB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,WAAW,EACX,YAAY,GAKb,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,cAAc,EACd,kCAAkC,EAGlC,mBAAmB,EACnB,qCAAqC,EACrC,sBAAsB,EACtB,sBAAsB,EACtB,kCAAkC,EAIlC,uBAAuB,EACvB,iCAAiC,EACjC,2CAA2C,EAC3C,qCAAqC,EACrC,6BAA6B,EAC7B,0BAA0B,EAC1B,4BAA4B,EAC5B,+BAA+B,EAC/B,oBAAoB,EACpB,6BAA6B,EAC7B,0BAA0B,EAC1B,oCAAoC,EACpC,8BAA8B,EAC9B,sBAAsB,EACtB,mBAAmB,EACnB,gBAAgB,EAChB,6BAA6B,EAC7B,qBAAqB,EACrB,wBAAwB,EACxB,iBAAiB,EACjB,2BAA2B,EAE3B,2BAA2B,EAC3B,WAAW,GA8CZ,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,iBAAiB,GAWlB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,iBAAiB,GAOlB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,kBAAkB,EAClB,2BAA2B,EAC3B,2BAA2B,EAC3B,6BAA6B,EAC7B,8BAA8B,EAC9B,uBAAuB,GAWxB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,mBAAmB,GACpB,MAAM,8BAA8B,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAChE,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAE3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EACL,cAAc,EACd,mBAAmB,EACnB,eAAe,GAIhB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,mBAAmB,GAEpB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,kBAAkB,EAClB,uBAAuB,EACvB,6BAA6B,EAC7B,kBAAkB,EAClB,sBAAsB,EACtB,uBAAuB,GAIxB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,WAAW,EACX,YAAY,GAKb,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,cAAc,EACd,kCAAkC,EAGlC,mBAAmB,EACnB,qCAAqC,EACrC,sBAAsB,EACtB,sBAAsB,EACtB,kCAAkC,EAIlC,uBAAuB,EACvB,iCAAiC,EACjC,2CAA2C,EAC3C,qCAAqC,EACrC,6BAA6B,EAC7B,0BAA0B,EAC1B,4BAA4B,EAC5B,+BAA+B,EAC/B,oBAAoB,EACpB,6BAA6B,EAC7B,0BAA0B,EAC1B,oCAAoC,EACpC,8BAA8B,EAC9B,sBAAsB,EACtB,mBAAmB,EACnB,gBAAgB,EAChB,6BAA6B,EAC7B,qBAAqB,EACrB,wBAAwB,EACxB,iBAAiB,EACjB,2BAA2B,EAE3B,2BAA2B,EAC3B,WAAW,GA8CZ,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,iBAAiB,GAWlB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,iBAAiB,GAOlB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,kBAAkB,EAClB,2BAA2B,EAC3B,2BAA2B,EAC3B,6BAA6B,EAC7B,8BAA8B,EAC9B,uBAAuB,GAWxB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,mBAAmB,GACpB,MAAM,8BAA8B,CAAC"}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
import type { IStorageProvider } from "../storage/provider.js";
|
|
2
|
+
import type { CreatedIdentity } from "./identity.js";
|
|
3
|
+
export interface PrivateVaultProfile {
|
|
4
|
+
identityId: string;
|
|
5
|
+
nickname?: string;
|
|
6
|
+
publicKey: string;
|
|
7
|
+
parentIdentityId?: string;
|
|
8
|
+
childIndex?: number;
|
|
9
|
+
}
|
|
10
|
+
export interface PrivateVaultChildRecord {
|
|
11
|
+
identityId: string;
|
|
12
|
+
parentIdentityId: string;
|
|
13
|
+
childIndex: number;
|
|
14
|
+
nickname?: string;
|
|
15
|
+
publicKey: string;
|
|
16
|
+
}
|
|
17
|
+
export interface PrivateVaultChildrenState {
|
|
18
|
+
nextChildIndex: number;
|
|
19
|
+
children: PrivateVaultChildRecord[];
|
|
20
|
+
}
|
|
21
|
+
export declare function privateVaultPrefix(identityId: string): string;
|
|
22
|
+
export declare function privateVaultProfileKey(identityId: string): string;
|
|
23
|
+
export declare function privateVaultChildrenKey(identityId: string): string;
|
|
24
|
+
export declare function ensurePrivateVault(storage: IStorageProvider, identity: CreatedIdentity): Promise<void>;
|
|
25
|
+
export declare function readPrivateVaultProfile(storage: IStorageProvider, identityId: string): Promise<PrivateVaultProfile | null>;
|
|
26
|
+
export declare function readPrivateVaultChildrenState(storage: IStorageProvider, identityId: string): Promise<PrivateVaultChildrenState>;
|
|
27
|
+
export declare function writePrivateVaultChildrenState(storage: IStorageProvider, identityId: string, state: PrivateVaultChildrenState): Promise<void>;
|
|
28
|
+
export declare function withPrivateVaultLock<T>(storage: IStorageProvider, identityId: string, task: () => Promise<T>): Promise<T>;
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
import { Buffer } from "node:buffer";
|
|
2
|
+
const PRIVATE_VAULT_PREFIX = "private-vaults";
|
|
3
|
+
const PRIVATE_VAULT_LOCK_SUFFIX = ".lock";
|
|
4
|
+
export function privateVaultPrefix(identityId) {
|
|
5
|
+
return `${PRIVATE_VAULT_PREFIX}/${identityId}`;
|
|
6
|
+
}
|
|
7
|
+
export function privateVaultProfileKey(identityId) {
|
|
8
|
+
return `${privateVaultPrefix(identityId)}/profile.json`;
|
|
9
|
+
}
|
|
10
|
+
export function privateVaultChildrenKey(identityId) {
|
|
11
|
+
return `${privateVaultPrefix(identityId)}/children.json`;
|
|
12
|
+
}
|
|
13
|
+
function lockKey(identityId) {
|
|
14
|
+
return `${privateVaultPrefix(identityId)}${PRIVATE_VAULT_LOCK_SUFFIX}`;
|
|
15
|
+
}
|
|
16
|
+
export async function ensurePrivateVault(storage, identity) {
|
|
17
|
+
const profile = {
|
|
18
|
+
identityId: identity.identityId,
|
|
19
|
+
nickname: identity.nickname,
|
|
20
|
+
publicKey: identity.publicKey,
|
|
21
|
+
parentIdentityId: identity.parentIdentityId,
|
|
22
|
+
childIndex: identity.childIndex,
|
|
23
|
+
};
|
|
24
|
+
await storage.write(privateVaultProfileKey(identity.identityId), Buffer.from(JSON.stringify(profile, null, 2)));
|
|
25
|
+
const childrenKey = privateVaultChildrenKey(identity.identityId);
|
|
26
|
+
if (!(await storage.has(childrenKey))) {
|
|
27
|
+
const emptyState = {
|
|
28
|
+
nextChildIndex: 0,
|
|
29
|
+
children: [],
|
|
30
|
+
};
|
|
31
|
+
await storage.write(childrenKey, Buffer.from(JSON.stringify(emptyState, null, 2)));
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
export async function readPrivateVaultProfile(storage, identityId) {
|
|
35
|
+
const raw = await storage.read(privateVaultProfileKey(identityId));
|
|
36
|
+
if (!raw) {
|
|
37
|
+
return null;
|
|
38
|
+
}
|
|
39
|
+
return JSON.parse(raw.toString("utf8"));
|
|
40
|
+
}
|
|
41
|
+
export async function readPrivateVaultChildrenState(storage, identityId) {
|
|
42
|
+
const raw = await storage.read(privateVaultChildrenKey(identityId));
|
|
43
|
+
if (!raw) {
|
|
44
|
+
return { nextChildIndex: 0, children: [] };
|
|
45
|
+
}
|
|
46
|
+
const parsed = JSON.parse(raw.toString("utf8"));
|
|
47
|
+
return {
|
|
48
|
+
nextChildIndex: parsed.nextChildIndex ?? parsed.children.length,
|
|
49
|
+
children: parsed.children ?? [],
|
|
50
|
+
};
|
|
51
|
+
}
|
|
52
|
+
export async function writePrivateVaultChildrenState(storage, identityId, state) {
|
|
53
|
+
await storage.write(privateVaultChildrenKey(identityId), Buffer.from(JSON.stringify(state, null, 2)));
|
|
54
|
+
}
|
|
55
|
+
export async function withPrivateVaultLock(storage, identityId, task) {
|
|
56
|
+
if (storage.withLock) {
|
|
57
|
+
return storage.withLock(lockKey(identityId), task);
|
|
58
|
+
}
|
|
59
|
+
return task();
|
|
60
|
+
}
|
|
61
|
+
//# sourceMappingURL=private-vault.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"private-vault.js","sourceRoot":"","sources":["../../src/runtime/private-vault.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAIrC,MAAM,oBAAoB,GAAG,gBAAgB,CAAC;AAC9C,MAAM,yBAAyB,GAAG,OAAO,CAAC;AAuB1C,MAAM,UAAU,kBAAkB,CAAC,UAAkB;IACnD,OAAO,GAAG,oBAAoB,IAAI,UAAU,EAAE,CAAC;AACjD,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,UAAkB;IACvD,OAAO,GAAG,kBAAkB,CAAC,UAAU,CAAC,eAAe,CAAC;AAC1D,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,UAAkB;IACxD,OAAO,GAAG,kBAAkB,CAAC,UAAU,CAAC,gBAAgB,CAAC;AAC3D,CAAC;AAED,SAAS,OAAO,CAAC,UAAkB;IACjC,OAAO,GAAG,kBAAkB,CAAC,UAAU,CAAC,GAAG,yBAAyB,EAAE,CAAC;AACzE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,OAAyB,EACzB,QAAyB;IAEzB,MAAM,OAAO,GAAwB;QACnC,UAAU,EAAE,QAAQ,CAAC,UAAU;QAC/B,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,SAAS,EAAE,QAAQ,CAAC,SAAS;QAC7B,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;QAC3C,UAAU,EAAE,QAAQ,CAAC,UAAU;KAChC,CAAC;IACF,MAAM,OAAO,CAAC,KAAK,CACjB,sBAAsB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAC3C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAC9C,CAAC;IAEF,MAAM,WAAW,GAAG,uBAAuB,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IACjE,IAAI,CAAC,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;QACtC,MAAM,UAAU,GAA8B;YAC5C,cAAc,EAAE,CAAC;YACjB,QAAQ,EAAE,EAAE;SACb,CAAC;QACF,MAAM,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IACrF,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,OAAyB,EACzB,UAAkB;IAElB,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAC,CAAC;IACnE,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAwB,CAAC;AACjE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,6BAA6B,CACjD,OAAyB,EACzB,UAAkB;IAElB,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC,CAAC;IACpE,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,EAAE,cAAc,EAAE,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IAC7C,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAA8B,CAAC;IAC7E,OAAO;QACL,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM;QAC/D,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;KAChC,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAClD,OAAyB,EACzB,UAAkB,EAClB,KAAgC;IAEhC,MAAM,OAAO,CAAC,KAAK,CACjB,uBAAuB,CAAC,UAAU,CAAC,EACnC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAC5C,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,OAAyB,EACzB,UAAkB,EAClB,IAAsB;IAEtB,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,OAAO,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC,CAAC;IACrD,CAAC;IACD,OAAO,IAAI,EAAE,CAAC;AAChB,CAAC"}
|
package/docs/IDENTITY_MODEL.md
CHANGED
|
@@ -78,7 +78,7 @@ The runtime now exposes this concept directly as optional `nickname` on `createI
|
|
|
78
78
|
|
|
79
79
|
For existing private keys, the runtime exposes `restoreIdentity(...)`, which reconstructs the same identity shape from the private key alone.
|
|
80
80
|
|
|
81
|
-
For child identities, the runtime exposes `
|
|
81
|
+
For child identities, the runtime exposes `createChildIdentity(storage, parentIdentity, { nickname })` for user-facing creation, and `deriveChildIdentity(parentIdentity, childIndex, { nickname })` for deterministic reconstruction when the stored `childIndex` is known. `nickname` remains display-only.
|
|
82
82
|
|
|
83
83
|
In other words:
|
|
84
84
|
|
package/docs/REFERENCE.md
CHANGED
|
@@ -18,6 +18,9 @@ The main constructors are:
|
|
|
18
18
|
- `createVaultCore(...)`
|
|
19
19
|
- `createVaultService(...)`
|
|
20
20
|
- `createIdentity(...)`
|
|
21
|
+
- `createChildIdentity(...)`
|
|
22
|
+
- `deriveChildIdentity(...)`
|
|
23
|
+
- `ensurePrivateVault(...)`
|
|
21
24
|
- `restoreIdentity(...)`
|
|
22
25
|
- `createVault(...)`
|
|
23
26
|
- `recoverVault(...)`
|
|
@@ -65,10 +68,18 @@ Role rules:
|
|
|
65
68
|
- `privateKey`
|
|
66
69
|
- optional `nickname`
|
|
67
70
|
- optional `parentIdentityId` for child identities
|
|
71
|
+
- optional `childIndex` for child identities
|
|
68
72
|
|
|
69
73
|
`nickname` is human-readable only. It does not affect the derived `identityId`, cryptographic verification, or vault-local role binding.
|
|
70
74
|
|
|
71
|
-
`
|
|
75
|
+
`createChildIdentity(storage, parentIdentity, { nickname })` allocates the next `childIndex` from storage and creates a child identity.
|
|
76
|
+
|
|
77
|
+
`deriveChildIdentity(parentIdentity, childIndex, { nickname })` deterministically reconstructs a child identity for a known `childIndex`.
|
|
78
|
+
|
|
79
|
+
`ensurePrivateVault(storage, identity)` creates or refreshes the identity's fixed private-vault namespace. The private vault stores identity-level files such as:
|
|
80
|
+
|
|
81
|
+
- `profile.json`
|
|
82
|
+
- `children.json`
|
|
72
83
|
|
|
73
84
|
`restoreIdentity(privateKey)` returns the same shape for an existing private key.
|
|
74
85
|
|
package/package.json
CHANGED