@the-ai-company/cbio-node-runtime 1.14.0 → 1.15.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +14 -1
- package/dist/runtime/bootstrap.d.ts +4 -0
- package/dist/runtime/bootstrap.js +25 -2
- package/dist/runtime/bootstrap.js.map +1 -1
- package/dist/runtime/index.d.ts +1 -0
- package/dist/runtime/index.js +1 -0
- package/dist/runtime/index.js.map +1 -1
- package/dist/runtime/private-vault.js +1 -1
- package/dist/runtime/private-vault.js.map +1 -1
- package/dist/runtime/workspace-storage.d.ts +3 -0
- package/dist/runtime/workspace-storage.js +10 -0
- package/dist/runtime/workspace-storage.js.map +1 -0
- package/dist/storage/prefix.d.ts +14 -0
- package/dist/storage/prefix.js +42 -0
- package/dist/storage/prefix.js.map +1 -0
- package/docs/REFERENCE.md +7 -3
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -43,6 +43,7 @@ import {
|
|
|
43
43
|
createDefaultVaultCoreDependencies,
|
|
44
44
|
createChildIdentity,
|
|
45
45
|
createIdentity,
|
|
46
|
+
createWorkspaceStorage,
|
|
46
47
|
ensurePrivateVault,
|
|
47
48
|
restoreIdentity,
|
|
48
49
|
createVault,
|
|
@@ -77,13 +78,25 @@ const childIdentity = await createChildIdentity(storage, rootIdentity, {
|
|
|
77
78
|
Vaults also support an optional human-readable nickname:
|
|
78
79
|
|
|
79
80
|
```ts
|
|
81
|
+
const createdVault = await createVault({
|
|
82
|
+
ownerIdentity: rootIdentity,
|
|
83
|
+
nickname: 'main-vault',
|
|
84
|
+
});
|
|
85
|
+
```
|
|
86
|
+
|
|
87
|
+
If you want to override the default workspace directory:
|
|
88
|
+
|
|
89
|
+
```ts
|
|
90
|
+
const storage = createWorkspaceStorage('/tmp/cbio');
|
|
80
91
|
const createdVault = await createVault(storage, {
|
|
81
92
|
ownerIdentity: rootIdentity,
|
|
82
93
|
nickname: 'main-vault',
|
|
83
94
|
});
|
|
84
95
|
```
|
|
85
96
|
|
|
86
|
-
|
|
97
|
+
The workspace root can contain many vaults. Each vault is isolated under `vaults/<vaultId>/...`.
|
|
98
|
+
|
|
99
|
+
Each identity now has its own namespace in storage under `identities/<identityId>/...`. That namespace holds identity-level metadata such as:
|
|
87
100
|
|
|
88
101
|
- `profile.json`
|
|
89
102
|
- `children.json`
|
|
@@ -15,6 +15,7 @@ export interface CreatedVault {
|
|
|
15
15
|
core: VaultCore;
|
|
16
16
|
vault: VaultService;
|
|
17
17
|
nickname?: string;
|
|
18
|
+
storage: IStorageProvider;
|
|
18
19
|
}
|
|
19
20
|
export interface RecoverVaultOptions extends Omit<CreatePersistentVaultCoreDependenciesOptions, "vaultWorkingKey" | "vaultId"> {
|
|
20
21
|
vaultId: string;
|
|
@@ -28,6 +29,9 @@ export interface RecoveredVault {
|
|
|
28
29
|
core: VaultCore;
|
|
29
30
|
vault: VaultService;
|
|
30
31
|
nickname?: string;
|
|
32
|
+
storage: IStorageProvider;
|
|
31
33
|
}
|
|
34
|
+
export declare function createVault(options: CreateVaultOptions): Promise<CreatedVault>;
|
|
32
35
|
export declare function createVault(storage: IStorageProvider, options: CreateVaultOptions): Promise<CreatedVault>;
|
|
36
|
+
export declare function recoverVault(options: RecoverVaultOptions): Promise<RecoveredVault>;
|
|
33
37
|
export declare function recoverVault(storage: IStorageProvider, options: RecoverVaultOptions): Promise<RecoveredVault>;
|
|
@@ -2,7 +2,9 @@ import crypto from "node:crypto";
|
|
|
2
2
|
import { createVaultCore } from "../vault-core/core.js";
|
|
3
3
|
import { createPersistentVaultCoreDependencies, } from "../vault-core/index.js";
|
|
4
4
|
import { wrapVaultCoreAsVaultService, } from "../vault-ingress/index.js";
|
|
5
|
+
import { createPrefixedStorage } from "../storage/prefix.js";
|
|
5
6
|
import { readVaultProfile, writeVaultProfile } from "./vault-metadata.js";
|
|
7
|
+
import { createWorkspaceStorage } from "./workspace-storage.js";
|
|
6
8
|
function deriveVaultWorkingKey(privateKey, vaultId) {
|
|
7
9
|
return crypto
|
|
8
10
|
.createHash("sha256")
|
|
@@ -13,8 +15,25 @@ function deriveVaultWorkingKey(privateKey, vaultId) {
|
|
|
13
15
|
.update(privateKey)
|
|
14
16
|
.digest("base64url");
|
|
15
17
|
}
|
|
16
|
-
|
|
18
|
+
function vaultStoragePrefix(vaultId) {
|
|
19
|
+
return `vaults/${vaultId}`;
|
|
20
|
+
}
|
|
21
|
+
function resolveStorage(storageOrOptions, maybeOptions) {
|
|
22
|
+
if (maybeOptions) {
|
|
23
|
+
return {
|
|
24
|
+
storage: storageOrOptions,
|
|
25
|
+
options: maybeOptions,
|
|
26
|
+
};
|
|
27
|
+
}
|
|
28
|
+
return {
|
|
29
|
+
storage: createWorkspaceStorage(),
|
|
30
|
+
options: storageOrOptions,
|
|
31
|
+
};
|
|
32
|
+
}
|
|
33
|
+
export async function createVault(storageOrOptions, maybeOptions) {
|
|
34
|
+
const { storage: workspaceStorage, options } = resolveStorage(storageOrOptions, maybeOptions);
|
|
17
35
|
const vaultId = options.vaultId ?? `vault_${crypto.randomUUID()}`;
|
|
36
|
+
const storage = createPrefixedStorage(workspaceStorage, vaultStoragePrefix(vaultId));
|
|
18
37
|
const vaultWorkingKey = deriveVaultWorkingKey(options.ownerIdentity.privateKey, vaultId);
|
|
19
38
|
const deps = createPersistentVaultCoreDependencies(storage, {
|
|
20
39
|
...options,
|
|
@@ -37,9 +56,12 @@ export async function createVault(storage, options) {
|
|
|
37
56
|
core,
|
|
38
57
|
vault: wrapVaultCoreAsVaultService(core, options.vault),
|
|
39
58
|
nickname,
|
|
59
|
+
storage,
|
|
40
60
|
};
|
|
41
61
|
}
|
|
42
|
-
export async function recoverVault(
|
|
62
|
+
export async function recoverVault(storageOrOptions, maybeOptions) {
|
|
63
|
+
const { storage: workspaceStorage, options } = resolveStorage(storageOrOptions, maybeOptions);
|
|
64
|
+
const storage = createPrefixedStorage(workspaceStorage, vaultStoragePrefix(options.vaultId));
|
|
43
65
|
const vaultWorkingKey = deriveVaultWorkingKey(options.ownerIdentity.privateKey, options.vaultId);
|
|
44
66
|
const deps = createPersistentVaultCoreDependencies(storage, {
|
|
45
67
|
...options,
|
|
@@ -52,6 +74,7 @@ export async function recoverVault(storage, options) {
|
|
|
52
74
|
core,
|
|
53
75
|
vault: wrapVaultCoreAsVaultService(core, options.vault),
|
|
54
76
|
nickname: profile?.nickname,
|
|
77
|
+
storage,
|
|
55
78
|
};
|
|
56
79
|
}
|
|
57
80
|
//# sourceMappingURL=bootstrap.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bootstrap.js","sourceRoot":"","sources":["../../src/runtime/bootstrap.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EACL,qCAAqC,GAItC,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,2BAA2B,GAG5B,MAAM,2BAA2B,CAAC;
|
|
1
|
+
{"version":3,"file":"bootstrap.js","sourceRoot":"","sources":["../../src/runtime/bootstrap.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EACL,qCAAqC,GAItC,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,2BAA2B,GAG5B,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAG7D,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAC1E,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAEhE,SAAS,qBAAqB,CAAC,UAAkB,EAAE,OAAe;IAChE,OAAO,MAAM;SACV,UAAU,CAAC,QAAQ,CAAC;SACpB,MAAM,CAAC,2BAA2B,CAAC;SACnC,MAAM,CAAC,IAAI,CAAC;SACZ,MAAM,CAAC,OAAO,CAAC;SACf,MAAM,CAAC,IAAI,CAAC;SACZ,MAAM,CAAC,UAAU,CAAC;SAClB,MAAM,CAAC,WAAW,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,kBAAkB,CAAC,OAAe;IACzC,OAAO,UAAU,OAAO,EAAE,CAAC;AAC7B,CAAC;AAmCD,SAAS,cAAc,CACrB,gBAA6E,EAC7E,YAAuD;IAEvD,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO;YACL,OAAO,EAAE,gBAAoC;YAC7C,OAAO,EAAE,YAAY;SACtB,CAAC;IACJ,CAAC;IACD,OAAO;QACL,OAAO,EAAE,sBAAsB,EAAE;QACjC,OAAO,EAAE,gBAA4D;KACtE,CAAC;AACJ,CAAC;AAID,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,gBAAuD,EACvD,YAAiC;IAEjC,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,OAAO,EAAE,GAAG,cAAc,CAAC,gBAAgB,EAAE,YAAY,CAG3F,CAAC;IACF,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,SAAS,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;IAClE,MAAM,OAAO,GAAG,qBAAqB,CAAC,gBAAgB,EAAE,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC;IACrF,MAAM,eAAe,GAAG,qBAAqB,CAAC,OAAO,CAAC,aAAa,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACzF,MAAM,IAAI,GAAG,qCAAqC,CAAC,OAAO,EAAE;QAC1D,GAAG,OAAO;QACV,OAAO;QACP,eAAe;KAChB,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACnC,MAAM,cAAc,GAAwB;QAC1C,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,OAAO,EAAE,OAAO,CAAC,aAAa,CAAC,UAAU;QACzC,SAAS,EAAE,OAAO,CAAC,aAAa,CAAC,SAAS;KAC3C,CAAC;IACF,MAAM,IAAI,CAAC,sBAAsB,CAAC,cAAc,CAAC,CAAC;IAClD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IAChF,MAAM,iBAAiB,CAAC,OAAO,EAAE;QAC/B,OAAO;QACP,QAAQ;KACT,CAAC,CAAC;IACH,OAAO;QACL,IAAI;QACJ,KAAK,EAAE,2BAA2B,CAAC,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC;QACvD,QAAQ;QACR,OAAO;KACR,CAAC;AACJ,CAAC;AAID,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,gBAAwD,EACxD,YAAkC;IAElC,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,OAAO,EAAE,GAAG,cAAc,CAAC,gBAAgB,EAAE,YAAY,CAG3F,CAAC;IACF,MAAM,OAAO,GAAG,qBAAqB,CAAC,gBAAgB,EAAE,kBAAkB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;IAC7F,MAAM,eAAe,GAAG,qBAAqB,CAAC,OAAO,CAAC,aAAa,CAAC,UAAU,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IACjG,MAAM,IAAI,GAAG,qCAAqC,CAAC,OAAO,EAAE;QAC1D,GAAG,OAAO;QACV,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,eAAe;KAChB,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACnC,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAChD,OAAO;QACL,IAAI;QACJ,KAAK,EAAE,2BAA2B,CAAC,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC;QACvD,QAAQ,EAAE,OAAO,EAAE,QAAQ;QAC3B,OAAO;KACR,CAAC;AACJ,CAAC"}
|
package/dist/runtime/index.d.ts
CHANGED
|
@@ -11,6 +11,7 @@ export { MemoryStorageProvider } from "../storage/memory.js";
|
|
|
11
11
|
export { createIdentity, deriveChildIdentity, restoreIdentity, type CreateIdentityOptions, type RestoreIdentityOptions, type CreatedIdentity, } from "./identity.js";
|
|
12
12
|
export { createChildIdentity, type CreateChildIdentityOptions, } from "./child-identity.js";
|
|
13
13
|
export { readVaultProfile, writeVaultProfile, type VaultProfile, } from "./vault-metadata.js";
|
|
14
|
+
export { createWorkspaceStorage, getDefaultWorkspaceDir, } from "./workspace-storage.js";
|
|
14
15
|
export { ensurePrivateVault, readPrivateVaultProfile, readPrivateVaultChildrenState, privateVaultPrefix, privateVaultProfileKey, privateVaultChildrenKey, type PrivateVaultProfile, type PrivateVaultChildRecord, type PrivateVaultChildrenState, } from "./private-vault.js";
|
|
15
16
|
export { createVault, recoverVault, type CreateVaultOptions, type CreatedVault, type RecoverVaultOptions, type RecoveredVault, } from "./bootstrap.js";
|
|
16
17
|
export { createVaultCore, DefaultVaultCore, VaultCoreError, createDefaultVaultCoreDependencies, type CreateDefaultVaultCoreDependenciesOptions, type DefaultPolicyEngineOptions, DefaultPolicyEngine, createPersistentVaultCoreDependencies, initializeVaultCustody, recoverVaultWorkingKey, DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY, type InitializeVaultCustodyOptions, type InitializedVaultCustody, type CreatePersistentVaultCoreDependenciesOptions, PersistentVaultAuditLog, PersistentVaultCapabilityRegistry, PersistentVaultCapabilityRevocationRegistry, PersistentVaultCustomHttpFlowRegistry, PersistentVaultRateLimitStore, PersistentVaultReplayGuard, PersistentVaultSecretCustody, PersistentVaultSecretRepository, HttpDispatchExecutor, InMemoryAgentIdentityRegistry, InMemoryCapabilityRegistry, InMemoryCapabilityRevocationRegistry, InMemoryCustomHttpFlowRegistry, InMemoryRateLimitStore, InMemoryReplayGuard, InMemoryAuditLog, InMemoryOwnerIdentityRegistry, InMemorySecretCustody, InMemorySecretRepository, RandomIdGenerator, SignatureOwnerProofVerifier, type SignatureAgentProofVerifierOptions, SignatureAgentProofVerifier, SystemClock, type AgentCapability, type AgentIdentityRecord, type AgentProof, type OwnerAuditRequest, type OwnerExportSecretRequest, type OwnerRegisterCapabilityCommand, type OwnerRegisterAgentIdentityCommand, type OwnerRegisterCustomHttpFlowCommand, type OwnerSecretExport, type OwnerIdentityRecord, type CustomHttpFlowDefinition, type OwnerProof, type AuditEntry, type AuditLog, type AuditQuery, type Clock, type DispatchAuthorization, type DispatchInstruction, type DispatchRequest, type DispatchResult, type IdGenerator, type OwnerIdentityRegistry, type OwnerProofVerifier, type PolicyEngine, type RateLimitStore, type ReplayGuard, type CustomHttpFlowRegistry, type SecretAlias, type SecretCustody, type SecretId, type SecretRecord, type SecretRepository, type SecretVersion, type TrustedExecutor, type VaultCore, type VaultCoreDependencies, type VaultPrincipal, type VaultPrincipalKind, type VaultTargetBinding, type VaultWriteSecretCommand, type VaultId, type AgentIdentityRegistry, type AgentProofVerifier, type CapabilityRevocationRegistry, type CapabilityRegistry, } from "../vault-core/index.js";
|
package/dist/runtime/index.js
CHANGED
|
@@ -10,6 +10,7 @@ export { MemoryStorageProvider } from "../storage/memory.js";
|
|
|
10
10
|
export { createIdentity, deriveChildIdentity, restoreIdentity, } from "./identity.js";
|
|
11
11
|
export { createChildIdentity, } from "./child-identity.js";
|
|
12
12
|
export { readVaultProfile, writeVaultProfile, } from "./vault-metadata.js";
|
|
13
|
+
export { createWorkspaceStorage, getDefaultWorkspaceDir, } from "./workspace-storage.js";
|
|
13
14
|
export { ensurePrivateVault, readPrivateVaultProfile, readPrivateVaultChildrenState, privateVaultPrefix, privateVaultProfileKey, privateVaultChildrenKey, } from "./private-vault.js";
|
|
14
15
|
export { createVault, recoverVault, } from "./bootstrap.js";
|
|
15
16
|
export { createVaultCore, DefaultVaultCore, VaultCoreError, createDefaultVaultCoreDependencies, DefaultPolicyEngine, createPersistentVaultCoreDependencies, initializeVaultCustody, recoverVaultWorkingKey, DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY, PersistentVaultAuditLog, PersistentVaultCapabilityRegistry, PersistentVaultCapabilityRevocationRegistry, PersistentVaultCustomHttpFlowRegistry, PersistentVaultRateLimitStore, PersistentVaultReplayGuard, PersistentVaultSecretCustody, PersistentVaultSecretRepository, HttpDispatchExecutor, InMemoryAgentIdentityRegistry, InMemoryCapabilityRegistry, InMemoryCapabilityRevocationRegistry, InMemoryCustomHttpFlowRegistry, InMemoryRateLimitStore, InMemoryReplayGuard, InMemoryAuditLog, InMemoryOwnerIdentityRegistry, InMemorySecretCustody, InMemorySecretRepository, RandomIdGenerator, SignatureOwnerProofVerifier, SignatureAgentProofVerifier, SystemClock, } from "../vault-core/index.js";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAChE,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAE3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EACL,cAAc,EACd,mBAAmB,EACnB,eAAe,GAIhB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,mBAAmB,GAEpB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,gBAAgB,EAChB,iBAAiB,GAElB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,kBAAkB,EAClB,uBAAuB,EACvB,6BAA6B,EAC7B,kBAAkB,EAClB,sBAAsB,EACtB,uBAAuB,GAIxB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,WAAW,EACX,YAAY,GAKb,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,cAAc,EACd,kCAAkC,EAGlC,mBAAmB,EACnB,qCAAqC,EACrC,sBAAsB,EACtB,sBAAsB,EACtB,kCAAkC,EAIlC,uBAAuB,EACvB,iCAAiC,EACjC,2CAA2C,EAC3C,qCAAqC,EACrC,6BAA6B,EAC7B,0BAA0B,EAC1B,4BAA4B,EAC5B,+BAA+B,EAC/B,oBAAoB,EACpB,6BAA6B,EAC7B,0BAA0B,EAC1B,oCAAoC,EACpC,8BAA8B,EAC9B,sBAAsB,EACtB,mBAAmB,EACnB,gBAAgB,EAChB,6BAA6B,EAC7B,qBAAqB,EACrB,wBAAwB,EACxB,iBAAiB,EACjB,2BAA2B,EAE3B,2BAA2B,EAC3B,WAAW,GA8CZ,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,iBAAiB,GAWlB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,iBAAiB,GAOlB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,kBAAkB,EAClB,2BAA2B,EAC3B,2BAA2B,EAC3B,6BAA6B,EAC7B,8BAA8B,EAC9B,uBAAuB,GAWxB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,mBAAmB,GACpB,MAAM,8BAA8B,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAChE,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAE3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EACL,cAAc,EACd,mBAAmB,EACnB,eAAe,GAIhB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,mBAAmB,GAEpB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,gBAAgB,EAChB,iBAAiB,GAElB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,kBAAkB,EAClB,uBAAuB,EACvB,6BAA6B,EAC7B,kBAAkB,EAClB,sBAAsB,EACtB,uBAAuB,GAIxB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,WAAW,EACX,YAAY,GAKb,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,cAAc,EACd,kCAAkC,EAGlC,mBAAmB,EACnB,qCAAqC,EACrC,sBAAsB,EACtB,sBAAsB,EACtB,kCAAkC,EAIlC,uBAAuB,EACvB,iCAAiC,EACjC,2CAA2C,EAC3C,qCAAqC,EACrC,6BAA6B,EAC7B,0BAA0B,EAC1B,4BAA4B,EAC5B,+BAA+B,EAC/B,oBAAoB,EACpB,6BAA6B,EAC7B,0BAA0B,EAC1B,oCAAoC,EACpC,8BAA8B,EAC9B,sBAAsB,EACtB,mBAAmB,EACnB,gBAAgB,EAChB,6BAA6B,EAC7B,qBAAqB,EACrB,wBAAwB,EACxB,iBAAiB,EACjB,2BAA2B,EAE3B,2BAA2B,EAC3B,WAAW,GA8CZ,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,iBAAiB,GAWlB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,iBAAiB,GAOlB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,kBAAkB,EAClB,2BAA2B,EAC3B,2BAA2B,EAC3B,6BAA6B,EAC7B,8BAA8B,EAC9B,uBAAuB,GAWxB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,mBAAmB,GACpB,MAAM,8BAA8B,CAAC"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { Buffer } from "node:buffer";
|
|
2
|
-
const PRIVATE_VAULT_PREFIX = "
|
|
2
|
+
const PRIVATE_VAULT_PREFIX = "identities";
|
|
3
3
|
const PRIVATE_VAULT_LOCK_SUFFIX = ".lock";
|
|
4
4
|
export function privateVaultPrefix(identityId) {
|
|
5
5
|
return `${PRIVATE_VAULT_PREFIX}/${identityId}`;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"private-vault.js","sourceRoot":"","sources":["../../src/runtime/private-vault.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAIrC,MAAM,oBAAoB,GAAG,
|
|
1
|
+
{"version":3,"file":"private-vault.js","sourceRoot":"","sources":["../../src/runtime/private-vault.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAIrC,MAAM,oBAAoB,GAAG,YAAY,CAAC;AAC1C,MAAM,yBAAyB,GAAG,OAAO,CAAC;AAuB1C,MAAM,UAAU,kBAAkB,CAAC,UAAkB;IACnD,OAAO,GAAG,oBAAoB,IAAI,UAAU,EAAE,CAAC;AACjD,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,UAAkB;IACvD,OAAO,GAAG,kBAAkB,CAAC,UAAU,CAAC,eAAe,CAAC;AAC1D,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,UAAkB;IACxD,OAAO,GAAG,kBAAkB,CAAC,UAAU,CAAC,gBAAgB,CAAC;AAC3D,CAAC;AAED,SAAS,OAAO,CAAC,UAAkB;IACjC,OAAO,GAAG,kBAAkB,CAAC,UAAU,CAAC,GAAG,yBAAyB,EAAE,CAAC;AACzE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,OAAyB,EACzB,QAAyB;IAEzB,MAAM,OAAO,GAAwB;QACnC,UAAU,EAAE,QAAQ,CAAC,UAAU;QAC/B,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,SAAS,EAAE,QAAQ,CAAC,SAAS;QAC7B,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;QAC3C,UAAU,EAAE,QAAQ,CAAC,UAAU;KAChC,CAAC;IACF,MAAM,OAAO,CAAC,KAAK,CACjB,sBAAsB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAC3C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAC9C,CAAC;IAEF,MAAM,WAAW,GAAG,uBAAuB,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IACjE,IAAI,CAAC,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;QACtC,MAAM,UAAU,GAA8B;YAC5C,cAAc,EAAE,CAAC;YACjB,QAAQ,EAAE,EAAE;SACb,CAAC;QACF,MAAM,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IACrF,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,OAAyB,EACzB,UAAkB;IAElB,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAC,CAAC;IACnE,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAwB,CAAC;AACjE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,6BAA6B,CACjD,OAAyB,EACzB,UAAkB;IAElB,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC,CAAC;IACpE,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,EAAE,cAAc,EAAE,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IAC7C,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAA8B,CAAC;IAC7E,OAAO;QACL,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM;QAC/D,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;KAChC,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAClD,OAAyB,EACzB,UAAkB,EAClB,KAAgC;IAEhC,MAAM,OAAO,CAAC,KAAK,CACjB,uBAAuB,CAAC,UAAU,CAAC,EACnC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAC5C,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,OAAyB,EACzB,UAAkB,EAClB,IAAsB;IAEtB,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,OAAO,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC,CAAC;IACrD,CAAC;IACD,OAAO,IAAI,EAAE,CAAC;AAChB,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import * as os from "node:os";
|
|
2
|
+
import * as path from "node:path";
|
|
3
|
+
import { FsStorageProvider } from "../storage/fs.js";
|
|
4
|
+
export function getDefaultWorkspaceDir() {
|
|
5
|
+
return process.env.C_BIO_WORKSPACE_DIR || path.join(os.homedir(), "cbio");
|
|
6
|
+
}
|
|
7
|
+
export function createWorkspaceStorage(baseDir = getDefaultWorkspaceDir()) {
|
|
8
|
+
return new FsStorageProvider(baseDir);
|
|
9
|
+
}
|
|
10
|
+
//# sourceMappingURL=workspace-storage.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"workspace-storage.js","sourceRoot":"","sources":["../../src/runtime/workspace-storage.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAErD,MAAM,UAAU,sBAAsB;IACpC,OAAO,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,MAAM,CAAC,CAAC;AAC5E,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,OAAO,GAAG,sBAAsB,EAAE;IACvE,OAAO,IAAI,iBAAiB,CAAC,OAAO,CAAC,CAAC;AACxC,CAAC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import type { IStorageProvider } from "./provider.js";
|
|
2
|
+
export declare class PrefixStorageProvider implements IStorageProvider {
|
|
3
|
+
private readonly base;
|
|
4
|
+
private readonly prefix;
|
|
5
|
+
constructor(base: IStorageProvider, prefix: string);
|
|
6
|
+
private key;
|
|
7
|
+
read(key: string): Promise<Buffer | null>;
|
|
8
|
+
write(key: string, data: Buffer): Promise<void>;
|
|
9
|
+
delete(key: string): Promise<void>;
|
|
10
|
+
has(key: string): Promise<boolean>;
|
|
11
|
+
rename?(fromKey: string, toKey: string): Promise<void>;
|
|
12
|
+
withLock?<T>(key: string, task: () => Promise<T>): Promise<T>;
|
|
13
|
+
}
|
|
14
|
+
export declare function createPrefixedStorage(base: IStorageProvider, prefix: string): PrefixStorageProvider;
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
function joinPrefix(prefix, key) {
|
|
2
|
+
return key ? `${prefix}/${key}` : prefix;
|
|
3
|
+
}
|
|
4
|
+
export class PrefixStorageProvider {
|
|
5
|
+
base;
|
|
6
|
+
prefix;
|
|
7
|
+
constructor(base, prefix) {
|
|
8
|
+
this.base = base;
|
|
9
|
+
this.prefix = prefix;
|
|
10
|
+
}
|
|
11
|
+
key(key) {
|
|
12
|
+
return joinPrefix(this.prefix, key);
|
|
13
|
+
}
|
|
14
|
+
read(key) {
|
|
15
|
+
return this.base.read(this.key(key));
|
|
16
|
+
}
|
|
17
|
+
write(key, data) {
|
|
18
|
+
return this.base.write(this.key(key), data);
|
|
19
|
+
}
|
|
20
|
+
delete(key) {
|
|
21
|
+
return this.base.delete(this.key(key));
|
|
22
|
+
}
|
|
23
|
+
has(key) {
|
|
24
|
+
return this.base.has(this.key(key));
|
|
25
|
+
}
|
|
26
|
+
rename(fromKey, toKey) {
|
|
27
|
+
if (!this.base.rename) {
|
|
28
|
+
throw new Error("underlying storage provider does not support rename");
|
|
29
|
+
}
|
|
30
|
+
return this.base.rename(this.key(fromKey), this.key(toKey));
|
|
31
|
+
}
|
|
32
|
+
withLock(key, task) {
|
|
33
|
+
if (!this.base.withLock) {
|
|
34
|
+
return task();
|
|
35
|
+
}
|
|
36
|
+
return this.base.withLock(this.key(key), task);
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
export function createPrefixedStorage(base, prefix) {
|
|
40
|
+
return new PrefixStorageProvider(base, prefix);
|
|
41
|
+
}
|
|
42
|
+
//# sourceMappingURL=prefix.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"prefix.js","sourceRoot":"","sources":["../../src/storage/prefix.ts"],"names":[],"mappings":"AAEA,SAAS,UAAU,CAAC,MAAc,EAAE,GAAW;IAC7C,OAAO,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;AAC3C,CAAC;AAED,MAAM,OAAO,qBAAqB;IAEb;IACA;IAFnB,YACmB,IAAsB,EACtB,MAAc;QADd,SAAI,GAAJ,IAAI,CAAkB;QACtB,WAAM,GAAN,MAAM,CAAQ;IAC9B,CAAC;IAEI,GAAG,CAAC,GAAW;QACrB,OAAO,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,CAAC,GAAW;QACd,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,GAAW,EAAE,IAAY;QAC7B,OAAO,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;IAC9C,CAAC;IAED,MAAM,CAAC,GAAW;QAChB,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IACzC,CAAC;IAED,GAAG,CAAC,GAAW;QACb,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IACtC,CAAC;IAED,MAAM,CAAE,OAAe,EAAE,KAAa;QACpC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;QACzE,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;IAC9D,CAAC;IAED,QAAQ,CAAK,GAAW,EAAE,IAAsB;QAC9C,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACxB,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;IACjD,CAAC;CACF;AAED,MAAM,UAAU,qBAAqB,CAAC,IAAsB,EAAE,MAAc;IAC1E,OAAO,IAAI,qBAAqB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;AACjD,CAAC"}
|
package/docs/REFERENCE.md
CHANGED
|
@@ -42,9 +42,13 @@ Lower-level custody helpers:
|
|
|
42
42
|
- `initializeVaultCustody(...)`
|
|
43
43
|
- `recoverVaultWorkingKey(...)`
|
|
44
44
|
|
|
45
|
-
`createVault(
|
|
45
|
+
`createVault({ ownerIdentity, nickname })` creates a vault in the default workspace and persists `nickname` into `vaults/<vaultId>/vault/profile.json`.
|
|
46
46
|
|
|
47
|
-
`
|
|
47
|
+
`createVault(storage, { ownerIdentity, nickname })` overrides the workspace storage explicitly.
|
|
48
|
+
|
|
49
|
+
`recoverVault({ vaultId, ownerIdentity })` reopens a vault from the default workspace and returns the persisted `nickname` when present.
|
|
50
|
+
|
|
51
|
+
`recoverVault(storage, { vaultId, ownerIdentity })` overrides the workspace storage explicitly.
|
|
48
52
|
|
|
49
53
|
## Terms
|
|
50
54
|
|
|
@@ -80,7 +84,7 @@ Role rules:
|
|
|
80
84
|
|
|
81
85
|
`deriveChildIdentity(parentIdentity, childIndex, { nickname })` deterministically reconstructs a child identity for a known `childIndex`.
|
|
82
86
|
|
|
83
|
-
`ensurePrivateVault(storage, identity)` creates or refreshes the identity's fixed
|
|
87
|
+
`ensurePrivateVault(storage, identity)` creates or refreshes the identity's fixed namespace under `identities/<identityId>/...`. That namespace stores identity-level files such as:
|
|
84
88
|
|
|
85
89
|
- `profile.json`
|
|
86
90
|
- `children.json`
|
package/package.json
CHANGED