@the-ai-company/cbio-node-runtime 1.15.0 → 1.16.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +34 -29
- package/dist/clients/agent/client.d.ts +12 -2
- package/dist/clients/agent/client.js +37 -3
- package/dist/clients/agent/client.js.map +1 -1
- package/dist/clients/agent/contracts.d.ts +1 -20
- package/dist/clients/agent/index.d.ts +1 -1
- package/dist/clients/owner/client.d.ts +12 -4
- package/dist/clients/owner/client.js +90 -4
- package/dist/clients/owner/client.js.map +1 -1
- package/dist/clients/owner/contracts.d.ts +10 -0
- package/dist/clients/owner/index.d.ts +2 -2
- package/dist/runtime/bootstrap.js +8 -2
- package/dist/runtime/bootstrap.js.map +1 -1
- package/dist/runtime/index.d.ts +6 -11
- package/dist/runtime/index.js +4 -9
- package/dist/runtime/index.js.map +1 -1
- package/dist/runtime/private-vault.js +1 -1
- package/dist/runtime/private-vault.js.map +1 -1
- package/dist/storage/prefix.d.ts +14 -0
- package/dist/storage/prefix.js +42 -0
- package/dist/storage/prefix.js.map +1 -0
- package/dist/vault-core/contracts.d.ts +12 -1
- package/dist/vault-core/core.d.ts +2 -1
- package/dist/vault-core/core.js +37 -1
- package/dist/vault-core/core.js.map +1 -1
- package/dist/vault-core/defaults.d.ts +2 -0
- package/dist/vault-core/defaults.js +41 -1
- package/dist/vault-core/defaults.js.map +1 -1
- package/dist/vault-core/index.d.ts +1 -1
- package/dist/vault-core/ports.d.ts +4 -1
- package/dist/vault-ingress/defaults.d.ts +1 -2
- package/dist/vault-ingress/defaults.js +2 -4
- package/dist/vault-ingress/defaults.js.map +1 -1
- package/dist/vault-ingress/index.d.ts +1 -0
- package/dist/vault-ingress/index.js +3 -0
- package/dist/vault-ingress/index.js.map +1 -1
- package/docs/REFERENCE.md +45 -49
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -22,10 +22,10 @@ Node.js vault runtime with a hard-cut architecture: vault core first, explicit c
|
|
|
22
22
|
- No TUI
|
|
23
23
|
|
|
24
24
|
Main export now centers on:
|
|
25
|
-
-
|
|
26
|
-
-
|
|
27
|
-
-
|
|
28
|
-
-
|
|
25
|
+
- identity creation and recovery
|
|
26
|
+
- persistent vault bootstrap and recovery
|
|
27
|
+
- owner and agent clients
|
|
28
|
+
- owner flow-boundary helpers
|
|
29
29
|
|
|
30
30
|
## Install
|
|
31
31
|
|
|
@@ -39,8 +39,6 @@ npm install @the-ai-company/cbio-node-runtime
|
|
|
39
39
|
|
|
40
40
|
```ts
|
|
41
41
|
import {
|
|
42
|
-
createVaultService,
|
|
43
|
-
createDefaultVaultCoreDependencies,
|
|
44
42
|
createChildIdentity,
|
|
45
43
|
createIdentity,
|
|
46
44
|
createWorkspaceStorage,
|
|
@@ -50,12 +48,9 @@ import {
|
|
|
50
48
|
recoverVault,
|
|
51
49
|
createOwnerHttpFlowBoundary,
|
|
52
50
|
createStandardAcquireBoundary,
|
|
53
|
-
createStandardDispatchBoundary,
|
|
54
51
|
createVaultClient,
|
|
55
52
|
createAgentClient,
|
|
56
53
|
FsStorageProvider,
|
|
57
|
-
LocalVaultTransport,
|
|
58
|
-
LocalSigner,
|
|
59
54
|
} from '@the-ai-company/cbio-node-runtime';
|
|
60
55
|
```
|
|
61
56
|
|
|
@@ -94,7 +89,9 @@ const createdVault = await createVault(storage, {
|
|
|
94
89
|
});
|
|
95
90
|
```
|
|
96
91
|
|
|
97
|
-
|
|
92
|
+
The workspace root can contain many vaults. Each vault is isolated under `vaults/<vaultId>/...`.
|
|
93
|
+
|
|
94
|
+
Each identity now has its own namespace in storage under `identities/<identityId>/...`. That namespace holds identity-level metadata such as:
|
|
98
95
|
|
|
99
96
|
- `profile.json`
|
|
100
97
|
- `children.json`
|
|
@@ -157,20 +154,6 @@ An owner-defined exception path also exists for non-standard but intentional int
|
|
|
157
154
|
- agent may only invoke the registered `customFlowId`
|
|
158
155
|
- this is an explicit escape hatch, not the default path
|
|
159
156
|
|
|
160
|
-
## Modules
|
|
161
|
-
|
|
162
|
-
- `vault-core`
|
|
163
|
-
The vault kernel. Stores plaintext, authorizes writes, authorizes dispatch, executes dispatch, appends audit.
|
|
164
|
-
|
|
165
|
-
- `vault-ingress`
|
|
166
|
-
Vault boundary/facade. Accepts request-shaped calls, handles trusted acquisition paths, and keeps capability resolution plus dispatch ingress inside the vault trust boundary.
|
|
167
|
-
|
|
168
|
-
- `clients/owner`
|
|
169
|
-
Owner-facing client. The owner is the single vault admin. It writes secrets, exports plaintext secrets, manages agents/capabilities, and reads audit.
|
|
170
|
-
|
|
171
|
-
- `clients/agent`
|
|
172
|
-
Agent-facing client. Creates signed dispatch requests. Never handles plaintext secret.
|
|
173
|
-
|
|
174
157
|
## Status
|
|
175
158
|
|
|
176
159
|
The old identity-centric runtime is no longer the intended public architecture.
|
|
@@ -181,19 +164,41 @@ This package now exposes the production local vault runtime surface as the prima
|
|
|
181
164
|
```ts
|
|
182
165
|
const ownerIdentity = createIdentity({ nickname: 'owner-main' });
|
|
183
166
|
const agentIdentity = createIdentity({ nickname: 'agent-worker' });
|
|
184
|
-
const
|
|
185
|
-
const client = createVaultClient({
|
|
186
|
-
const
|
|
187
|
-
|
|
167
|
+
const createdVault = await createVault({ ownerIdentity });
|
|
168
|
+
const client = createVaultClient({ ownerIdentity, vault: createdVault.vault });
|
|
169
|
+
const agent = createAgentClient({ agentIdentity, capability, vault: createdVault.vault });
|
|
170
|
+
```
|
|
171
|
+
|
|
172
|
+
Owner API example:
|
|
173
|
+
|
|
174
|
+
```ts
|
|
175
|
+
const storedSecret = await client.storeSecret({
|
|
176
|
+
alias: 'api-token',
|
|
177
|
+
plaintext: 'secret-value',
|
|
178
|
+
});
|
|
179
|
+
|
|
180
|
+
await client.defineSecretTargets({
|
|
181
|
+
alias: storedSecret.alias.value,
|
|
182
|
+
targetBindings: [
|
|
183
|
+
{
|
|
184
|
+
kind: 'site',
|
|
185
|
+
targetId: 'api.example.com',
|
|
186
|
+
targetUrl: 'https://api.example.com/endpoint',
|
|
187
|
+
methods: ['POST'],
|
|
188
|
+
},
|
|
189
|
+
],
|
|
190
|
+
});
|
|
188
191
|
```
|
|
189
192
|
|
|
193
|
+
`writeSecret(...)` is the one-step variant and requires `targetBindings`.
|
|
194
|
+
|
|
190
195
|
Capability example:
|
|
191
196
|
|
|
192
197
|
```ts
|
|
193
198
|
const capability = {
|
|
194
199
|
vaultId: vault.vaultId,
|
|
195
200
|
capabilityId: 'cap-1',
|
|
196
|
-
agentId:
|
|
201
|
+
agentId: agentIdentity.identityId,
|
|
197
202
|
secretAliases: ['api-token'],
|
|
198
203
|
operation: 'dispatch_http',
|
|
199
204
|
allowedTargets: ['https://api.example.com/endpoint'],
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
import type {
|
|
1
|
+
import type { CreatedIdentity } from "../../runtime/identity.js";
|
|
2
|
+
import { type Clock } from "../../vault-core/index.js";
|
|
3
|
+
import type { VaultService } from "../../vault-ingress/index.js";
|
|
2
4
|
import type { AgentCapabilityEnvelope, AgentDispatchIntent, AgentDispatchTransport, AgentSigner } from "./contracts.js";
|
|
3
5
|
export interface AgentIdentity {
|
|
4
6
|
agentId: string;
|
|
@@ -6,4 +8,12 @@ export interface AgentIdentity {
|
|
|
6
8
|
export interface AgentClient {
|
|
7
9
|
dispatch(intent: AgentDispatchIntent): Promise<import("../../vault-core/index.js").DispatchResult>;
|
|
8
10
|
}
|
|
9
|
-
export
|
|
11
|
+
export interface CreateAgentClientOptions {
|
|
12
|
+
agentIdentity: CreatedIdentity | AgentIdentity;
|
|
13
|
+
capability: AgentCapabilityEnvelope;
|
|
14
|
+
vault?: VaultService;
|
|
15
|
+
transport?: AgentDispatchTransport;
|
|
16
|
+
signer?: AgentSigner;
|
|
17
|
+
clock?: Clock;
|
|
18
|
+
}
|
|
19
|
+
export declare function createAgentClient(options: CreateAgentClientOptions): AgentClient;
|
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
import { LocalSigner } from "../../protocol/crypto.js";
|
|
2
|
+
import { SystemClock } from "../../vault-core/index.js";
|
|
3
|
+
import { LocalVaultTransport } from "../../vault-ingress/defaults.js";
|
|
1
4
|
function createDispatchBinding(requestId, requestedAt, agentId, capabilityId, secretAlias, targetUrl, method, body) {
|
|
2
5
|
return JSON.stringify({
|
|
3
6
|
requestId,
|
|
@@ -26,7 +29,6 @@ class DefaultAgentClient {
|
|
|
26
29
|
async dispatch(intent) {
|
|
27
30
|
const requestedAt = intent.requestedAt ?? this._clock.nowIso();
|
|
28
31
|
const requestId = `${this._identity.agentId}:${requestedAt}:${intent.secretAlias ?? "no-secret"}:${intent.method}`;
|
|
29
|
-
const publicKey = await this._signer.getPublicKey();
|
|
30
32
|
const signature = await this._signer.sign(createDispatchBinding(requestId, requestedAt, this._identity.agentId, this._capability.capabilityId, intent.secretAlias, intent.targetUrl, intent.method, intent.body));
|
|
31
33
|
return this._transport.dispatch({
|
|
32
34
|
vaultId: this._capability.vaultId,
|
|
@@ -66,7 +68,39 @@ class DefaultAgentClient {
|
|
|
66
68
|
});
|
|
67
69
|
}
|
|
68
70
|
}
|
|
69
|
-
|
|
70
|
-
return
|
|
71
|
+
function isCreateAgentClientOptions(value) {
|
|
72
|
+
return typeof value === "object" && value !== null && "agentIdentity" in value && "capability" in value;
|
|
73
|
+
}
|
|
74
|
+
function isCreatedIdentity(value) {
|
|
75
|
+
return "privateKey" in value && "publicKey" in value;
|
|
76
|
+
}
|
|
77
|
+
function resolveAgentSigner(identity, signer) {
|
|
78
|
+
if (signer) {
|
|
79
|
+
return signer;
|
|
80
|
+
}
|
|
81
|
+
if (isCreatedIdentity(identity)) {
|
|
82
|
+
return new LocalSigner(identity);
|
|
83
|
+
}
|
|
84
|
+
throw new Error("createAgentClient() requires signer when agentIdentity does not include keys");
|
|
85
|
+
}
|
|
86
|
+
function resolveAgentIdentity(options) {
|
|
87
|
+
return "agentId" in options.agentIdentity
|
|
88
|
+
? options.agentIdentity
|
|
89
|
+
: { agentId: options.agentIdentity.identityId };
|
|
90
|
+
}
|
|
91
|
+
function resolveAgentTransport(options) {
|
|
92
|
+
if (options.transport) {
|
|
93
|
+
return options.transport;
|
|
94
|
+
}
|
|
95
|
+
if (options.vault) {
|
|
96
|
+
return new LocalVaultTransport(options.vault);
|
|
97
|
+
}
|
|
98
|
+
throw new Error("createAgentClient() requires transport or vault");
|
|
99
|
+
}
|
|
100
|
+
export function createAgentClient(options) {
|
|
101
|
+
if (!isCreateAgentClientOptions(options)) {
|
|
102
|
+
throw new Error("createAgentClient() requires a single options object");
|
|
103
|
+
}
|
|
104
|
+
return new DefaultAgentClient(resolveAgentIdentity(options), options.capability, resolveAgentSigner(options.agentIdentity, options.signer), resolveAgentTransport(options), options.clock ?? new SystemClock());
|
|
71
105
|
}
|
|
72
106
|
//# sourceMappingURL=client.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../../src/clients/agent/client.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../../src/clients/agent/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAEvD,OAAO,EAAE,WAAW,EAAc,MAAM,2BAA2B,CAAC;AACpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AA0BtE,SAAS,qBAAqB,CAC5B,SAAiB,EACjB,WAAmB,EACnB,OAAe,EACf,YAAoB,EACpB,WAA+B,EAC/B,SAAiB,EACjB,MAAc,EACd,IAAa;IAEb,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,SAAS;QACT,WAAW;QACX,OAAO;QACP,YAAY;QACZ,WAAW,EAAE,WAAW,IAAI,IAAI;QAChC,SAAS;QACT,MAAM;QACN,IAAI,EAAE,IAAI,IAAI,IAAI;KACnB,CAAC,CAAC;AACL,CAAC;AAED,MAAM,kBAAkB;IAEH;IACA;IACA;IACA;IACA;IALnB,YACmB,SAAwB,EACxB,WAAoC,EACpC,OAAoB,EACpB,UAAkC,EAClC,MAAa;QAJb,cAAS,GAAT,SAAS,CAAe;QACxB,gBAAW,GAAX,WAAW,CAAyB;QACpC,YAAO,GAAP,OAAO,CAAa;QACpB,eAAU,GAAV,UAAU,CAAwB;QAClC,WAAM,GAAN,MAAM,CAAO;IAC7B,CAAC;IAEJ,KAAK,CAAC,QAAQ,CAAC,MAA2B;QACxC,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC/D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,IAAI,WAAW,IAAI,MAAM,CAAC,WAAW,IAAI,WAAW,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QACnH,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CACvC,qBAAqB,CACnB,SAAS,EACT,WAAW,EACX,IAAI,CAAC,SAAS,CAAC,OAAO,EACtB,IAAI,CAAC,WAAW,CAAC,YAAY,EAC7B,MAAM,CAAC,WAAW,EAClB,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,MAAM,EACb,MAAM,CAAC,IAAI,CACZ,CACF,CAAC;QAEF,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;YAC9B,OAAO,EAAE,IAAI,CAAC,WAAW,CAAC,OAAO;YACjC,SAAS;YACT,WAAW;YACX,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO;aAC3B;YACD,UAAU,EAAE;gBACV,OAAO,EAAE,IAAI,CAAC,WAAW,CAAC,OAAO;gBACjC,YAAY,EAAE,IAAI,CAAC,WAAW,CAAC,YAAY;gBAC3C,OAAO,EAAE,IAAI,CAAC,WAAW,CAAC,OAAO;gBACjC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,SAAS;gBACrC,aAAa,EAAE,IAAI,CAAC,WAAW,CAAC,aAAa;gBAC7C,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,SAAS;gBACrC,cAAc,EAAE,IAAI,CAAC,WAAW,CAAC,cAAc;gBAC/C,cAAc,EAAE,IAAI,CAAC,WAAW,CAAC,cAAc;gBAC/C,YAAY,EAAE,IAAI,CAAC,WAAW,CAAC,YAAY;gBAC3C,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ;gBACnC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,SAAS;gBACrC,iBAAiB,EAAE,IAAI,CAAC,WAAW,CAAC,iBAAiB;gBACrD,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,SAAS;gBACrC,aAAa,EAAE,IAAI,CAAC,WAAW,CAAC,aAAa;aAC9C;YACD,KAAK,EAAE;gBACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO;gBAC/B,SAAS;gBACT,SAAS;gBACT,WAAW;aACZ;YACD,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,IAAI,EAAE,MAAM,CAAC,IAAI;SAClB,CAAC,CAAC;IACL,CAAC;CACF;AAED,SAAS,0BAA0B,CAAC,KAAc;IAChD,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,eAAe,IAAI,KAAK,IAAI,YAAY,IAAI,KAAK,CAAC;AAC1G,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAsC;IAC/D,OAAO,YAAY,IAAI,KAAK,IAAI,WAAW,IAAI,KAAK,CAAC;AACvD,CAAC;AAED,SAAS,kBAAkB,CAAC,QAAyC,EAAE,MAAoB;IACzF,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,IAAI,iBAAiB,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChC,OAAO,IAAI,WAAW,CAAC,QAAQ,CAAC,CAAC;IACnC,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,8EAA8E,CAAC,CAAC;AAClG,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAiC;IAC7D,OAAO,SAAS,IAAI,OAAO,CAAC,aAAa;QACvC,CAAC,CAAC,OAAO,CAAC,aAAa;QACvB,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,aAAa,CAAC,UAAU,EAAE,CAAC;AACpD,CAAC;AAED,SAAS,qBAAqB,CAC5B,OAAiC;IAEjC,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;QACtB,OAAO,OAAO,CAAC,SAAS,CAAC;IAC3B,CAAC;IACD,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QAClB,OAAO,IAAI,mBAAmB,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAChD,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;AACrE,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,OAAiC;IACjE,IAAI,CAAC,0BAA0B,CAAC,OAAO,CAAC,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC1E,CAAC;IACD,OAAO,IAAI,kBAAkB,CAC3B,oBAAoB,CAAC,OAAO,CAAC,EAC7B,OAAO,CAAC,UAAU,EAClB,kBAAkB,CAAC,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,MAAM,CAAC,EACzD,qBAAqB,CAAC,OAAO,CAAC,EAC9B,OAAO,CAAC,KAAK,IAAI,IAAI,WAAW,EAAE,CACnC,CAAC;AACJ,CAAC"}
|
|
@@ -6,27 +6,8 @@ export interface AgentDispatchIntent {
|
|
|
6
6
|
body?: string;
|
|
7
7
|
requestedAt?: string;
|
|
8
8
|
}
|
|
9
|
-
export
|
|
10
|
-
vaultId: import("../../vault-core/index.js").VaultId;
|
|
11
|
-
capabilityId: string;
|
|
12
|
-
agentId: string;
|
|
13
|
-
secretIds?: readonly string[];
|
|
14
|
-
secretAliases?: readonly string[];
|
|
15
|
-
operation: "dispatch_http";
|
|
16
|
-
allowedTargets: readonly string[];
|
|
17
|
-
allowedMethods: readonly string[];
|
|
18
|
-
allowedPaths?: readonly string[];
|
|
19
|
-
issuedAt: string;
|
|
20
|
-
expiresAt?: string;
|
|
21
|
-
revocationVersion?: number;
|
|
22
|
-
rateLimit?: {
|
|
23
|
-
maxRequests: number;
|
|
24
|
-
windowMs: number;
|
|
25
|
-
};
|
|
26
|
-
auditRequired?: boolean;
|
|
27
|
-
}
|
|
9
|
+
export type AgentCapabilityEnvelope = import("../../vault-core/index.js").AgentCapability;
|
|
28
10
|
export interface AgentSigner {
|
|
29
|
-
getPublicKey(): Promise<string>;
|
|
30
11
|
sign(input: string): Promise<string>;
|
|
31
12
|
}
|
|
32
13
|
export interface AgentDispatchTransport {
|
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
export { createAgentClient } from "./client.js";
|
|
2
|
-
export type { AgentClient, AgentIdentity, } from "./client.js";
|
|
2
|
+
export type { AgentClient, CreateAgentClientOptions, AgentIdentity, } from "./client.js";
|
|
3
3
|
export type { AgentCapabilityEnvelope, AgentDispatchIntent, AgentDispatchTransport, AgentSigner, } from "./contracts.js";
|
|
@@ -1,14 +1,16 @@
|
|
|
1
|
-
import type {
|
|
1
|
+
import type { CreatedIdentity } from "../../runtime/identity.js";
|
|
2
|
+
import { type Clock } from "../../vault-core/index.js";
|
|
2
3
|
import type { VaultService } from "../../vault-ingress/index.js";
|
|
3
|
-
import type { VaultAuditQueryInput, VaultExportSecretInput, VaultGrantCapabilityInput, VaultRegisterFlowInput, VaultRegisterAgentInput, OwnerWriteSecretInput } from "./contracts.js";
|
|
4
|
+
import type { VaultAuditQueryInput, OwnerDefineSecretTargetsInput, VaultExportSecretInput, VaultGrantCapabilityInput, VaultRegisterFlowInput, VaultRegisterAgentInput, OwnerStoreSecretInput, OwnerWriteSecretInput } from "./contracts.js";
|
|
4
5
|
export interface VaultIdentity {
|
|
5
6
|
identityId: string;
|
|
6
7
|
}
|
|
7
8
|
export interface VaultSigner {
|
|
8
|
-
getPublicKey(): Promise<string>;
|
|
9
9
|
sign(input: string): Promise<string>;
|
|
10
10
|
}
|
|
11
11
|
export interface VaultClient {
|
|
12
|
+
storeSecret(input: OwnerStoreSecretInput): Promise<import("../../vault-core/index.js").SecretRecord>;
|
|
13
|
+
defineSecretTargets(input: OwnerDefineSecretTargetsInput): Promise<import("../../vault-core/index.js").SecretRecord>;
|
|
12
14
|
writeSecret(input: OwnerWriteSecretInput): Promise<import("../../vault-core/index.js").SecretRecord>;
|
|
13
15
|
exportSecret(input: VaultExportSecretInput): Promise<import("../../vault-core/index.js").OwnerSecretExport>;
|
|
14
16
|
grantCapability(input: VaultGrantCapabilityInput): Promise<void>;
|
|
@@ -16,4 +18,10 @@ export interface VaultClient {
|
|
|
16
18
|
registerAgent(input: VaultRegisterAgentInput): Promise<void>;
|
|
17
19
|
registerFlow(input: VaultRegisterFlowInput): Promise<void>;
|
|
18
20
|
}
|
|
19
|
-
export
|
|
21
|
+
export interface CreateVaultClientOptions {
|
|
22
|
+
ownerIdentity: CreatedIdentity | VaultIdentity;
|
|
23
|
+
vault: VaultService;
|
|
24
|
+
signer?: VaultSigner;
|
|
25
|
+
clock?: Clock;
|
|
26
|
+
}
|
|
27
|
+
export declare function createVaultClient(options: CreateVaultClientOptions): VaultClient;
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
import { LocalSigner } from "../../protocol/crypto.js";
|
|
2
|
+
import { SystemClock } from "../../vault-core/index.js";
|
|
1
3
|
class DefaultVaultClient {
|
|
2
4
|
_identity;
|
|
3
5
|
_vault;
|
|
@@ -9,16 +11,77 @@ class DefaultVaultClient {
|
|
|
9
11
|
this._signer = _signer;
|
|
10
12
|
this._clock = _clock;
|
|
11
13
|
}
|
|
14
|
+
async storeSecret(input) {
|
|
15
|
+
const requestedAt = input.requestedAt ?? this._clock.nowIso();
|
|
16
|
+
const requestId = `${this._identity.identityId}:${requestedAt}:${input.alias}:write_secret`;
|
|
17
|
+
const signature = await this._signer.sign(JSON.stringify({
|
|
18
|
+
requestId,
|
|
19
|
+
requestedAt,
|
|
20
|
+
ownerId: this._identity.identityId,
|
|
21
|
+
alias: input.alias,
|
|
22
|
+
plaintext: input.plaintext,
|
|
23
|
+
targetBindings: [],
|
|
24
|
+
}));
|
|
25
|
+
return this._vault.writeSecret({
|
|
26
|
+
kind: "owner.write_secret",
|
|
27
|
+
vaultId: this._vault.vaultId,
|
|
28
|
+
requestId,
|
|
29
|
+
owner: {
|
|
30
|
+
kind: "owner",
|
|
31
|
+
id: this._identity.identityId,
|
|
32
|
+
},
|
|
33
|
+
alias: input.alias,
|
|
34
|
+
plaintext: input.plaintext,
|
|
35
|
+
targetBindings: [],
|
|
36
|
+
requestedAt,
|
|
37
|
+
proof: {
|
|
38
|
+
ownerId: this._identity.identityId,
|
|
39
|
+
signature,
|
|
40
|
+
requestId,
|
|
41
|
+
requestedAt,
|
|
42
|
+
},
|
|
43
|
+
});
|
|
44
|
+
}
|
|
45
|
+
async defineSecretTargets(input) {
|
|
46
|
+
const requestedAt = input.requestedAt ?? this._clock.nowIso();
|
|
47
|
+
const requestId = `${this._identity.identityId}:${requestedAt}:${input.alias}:define_secret_targets`;
|
|
48
|
+
const targetBindings = [...input.targetBindings];
|
|
49
|
+
const signature = await this._signer.sign(JSON.stringify({
|
|
50
|
+
requestId,
|
|
51
|
+
requestedAt,
|
|
52
|
+
ownerId: this._identity.identityId,
|
|
53
|
+
alias: input.alias,
|
|
54
|
+
targetBindings,
|
|
55
|
+
}));
|
|
56
|
+
return this._vault.defineSecretTargets({
|
|
57
|
+
vaultId: this._vault.vaultId,
|
|
58
|
+
requestId,
|
|
59
|
+
owner: {
|
|
60
|
+
kind: "owner",
|
|
61
|
+
id: this._identity.identityId,
|
|
62
|
+
},
|
|
63
|
+
alias: input.alias,
|
|
64
|
+
targetBindings,
|
|
65
|
+
requestedAt,
|
|
66
|
+
proof: {
|
|
67
|
+
ownerId: this._identity.identityId,
|
|
68
|
+
signature,
|
|
69
|
+
requestId,
|
|
70
|
+
requestedAt,
|
|
71
|
+
},
|
|
72
|
+
});
|
|
73
|
+
}
|
|
12
74
|
async writeSecret(input) {
|
|
13
75
|
const requestedAt = input.requestedAt ?? this._clock.nowIso();
|
|
14
76
|
const requestId = `${this._identity.identityId}:${requestedAt}:${input.alias}:write_secret`;
|
|
77
|
+
const targetBindings = [...input.targetBindings];
|
|
15
78
|
const signature = await this._signer.sign(JSON.stringify({
|
|
16
79
|
requestId,
|
|
17
80
|
requestedAt,
|
|
18
81
|
ownerId: this._identity.identityId,
|
|
19
82
|
alias: input.alias,
|
|
20
83
|
plaintext: input.plaintext,
|
|
21
|
-
targetBindings
|
|
84
|
+
targetBindings,
|
|
22
85
|
}));
|
|
23
86
|
return this._vault.writeSecret({
|
|
24
87
|
kind: "owner.write_secret",
|
|
@@ -30,7 +93,7 @@ class DefaultVaultClient {
|
|
|
30
93
|
},
|
|
31
94
|
alias: input.alias,
|
|
32
95
|
plaintext: input.plaintext,
|
|
33
|
-
targetBindings
|
|
96
|
+
targetBindings,
|
|
34
97
|
requestedAt,
|
|
35
98
|
proof: {
|
|
36
99
|
ownerId: this._identity.identityId,
|
|
@@ -188,7 +251,30 @@ class DefaultVaultClient {
|
|
|
188
251
|
});
|
|
189
252
|
}
|
|
190
253
|
}
|
|
191
|
-
|
|
192
|
-
return
|
|
254
|
+
function isCreateVaultClientOptions(value) {
|
|
255
|
+
return typeof value === "object" && value !== null && "ownerIdentity" in value && "vault" in value;
|
|
256
|
+
}
|
|
257
|
+
function isCreatedIdentity(value) {
|
|
258
|
+
return "privateKey" in value && "publicKey" in value;
|
|
259
|
+
}
|
|
260
|
+
function resolveVaultSigner(identity, signer) {
|
|
261
|
+
if (signer) {
|
|
262
|
+
return signer;
|
|
263
|
+
}
|
|
264
|
+
if (isCreatedIdentity(identity)) {
|
|
265
|
+
return new LocalSigner(identity);
|
|
266
|
+
}
|
|
267
|
+
throw new Error("createVaultClient() requires signer when ownerIdentity does not include keys");
|
|
268
|
+
}
|
|
269
|
+
function resolveVaultIdentity(options) {
|
|
270
|
+
return {
|
|
271
|
+
identityId: options.ownerIdentity.identityId,
|
|
272
|
+
};
|
|
273
|
+
}
|
|
274
|
+
export function createVaultClient(options) {
|
|
275
|
+
if (!isCreateVaultClientOptions(options)) {
|
|
276
|
+
throw new Error("createVaultClient() requires a single options object");
|
|
277
|
+
}
|
|
278
|
+
return new DefaultVaultClient(resolveVaultIdentity(options), options.vault, resolveVaultSigner(options.ownerIdentity, options.signer), options.clock ?? new SystemClock());
|
|
193
279
|
}
|
|
194
280
|
//# sourceMappingURL=client.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../../src/clients/owner/client.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../../src/clients/owner/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAEvD,OAAO,EAAE,WAAW,EAAc,MAAM,2BAA2B,CAAC;AAuCpE,MAAM,kBAAkB;IAEH;IACA;IACA;IACA;IAJnB,YACmB,SAAwB,EACxB,MAAoB,EACpB,OAAoB,EACpB,MAAa;QAHb,cAAS,GAAT,SAAS,CAAe;QACxB,WAAM,GAAN,MAAM,CAAc;QACpB,YAAO,GAAP,OAAO,CAAa;QACpB,WAAM,GAAN,MAAM,CAAO;IAC7B,CAAC;IAEJ,KAAK,CAAC,WAAW,CAAC,KAA4B;QAC5C,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,WAAW,IAAI,KAAK,CAAC,KAAK,eAAe,CAAC;QAC5F,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;YACvD,SAAS;YACT,WAAW;YACX,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;YAClC,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,cAAc,EAAE,EAAE;SACnB,CAAC,CAAC,CAAC;QACJ,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;YAC7B,IAAI,EAAE,oBAAoB;YAC1B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;aAC9B;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,cAAc,EAAE,EAAE;YAClB,WAAW;YACX,KAAK,EAAE;gBACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;gBAClC,SAAS;gBACT,SAAS;gBACT,WAAW;aACZ;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,KAAoC;QAC5D,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,WAAW,IAAI,KAAK,CAAC,KAAK,wBAAwB,CAAC;QACrG,MAAM,cAAc,GAAG,CAAC,GAAG,KAAK,CAAC,cAAc,CAAC,CAAC;QACjD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;YACvD,SAAS;YACT,WAAW;YACX,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;YAClC,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,cAAc;SACf,CAAC,CAAC,CAAC;QACJ,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC;YACrC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;aAC9B;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,cAAc;YACd,WAAW;YACX,KAAK,EAAE;gBACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;gBAClC,SAAS;gBACT,SAAS;gBACT,WAAW;aACZ;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,KAA4B;QAC5C,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,WAAW,IAAI,KAAK,CAAC,KAAK,eAAe,CAAC;QAC5F,MAAM,cAAc,GAAG,CAAC,GAAG,KAAK,CAAC,cAAc,CAAC,CAAC;QACjD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;YACvD,SAAS;YACT,WAAW;YACX,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;YAClC,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,cAAc;SACf,CAAC,CAAC,CAAC;QACJ,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;YAC7B,IAAI,EAAE,oBAAoB;YAC1B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;aAC9B;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,cAAc;YACd,WAAW;YACX,KAAK,EAAE;gBACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;gBAClC,SAAS;gBACT,SAAS;gBACT,WAAW;aACZ;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,QAA8B,EAAE;QAC9C,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,WAAW,aAAa,CAAC;QAC3E,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;YACvD,SAAS;YACT,WAAW;YACX,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;YAClC,KAAK;SACN,CAAC,CAAC,CAAC;QACJ,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;YAC3B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;aAC9B;YACD,KAAK;YACL,SAAS;YACT,WAAW;YACX,KAAK,EAAE;gBACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;gBAClC,SAAS;gBACT,SAAS;gBACT,WAAW;aACZ;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,KAA6B;QAC9C,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,WAAW,IAAI,KAAK,CAAC,KAAK,gBAAgB,CAAC;QAC7F,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;YACvD,SAAS;YACT,WAAW;YACX,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;YAClC,KAAK,EAAE,KAAK,CAAC,KAAK;SACnB,CAAC,CAAC,CAAC;QACJ,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;YAC9B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;aAC9B;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,SAAS;YACT,WAAW;YACX,KAAK,EAAE;gBACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;gBAClC,SAAS;gBACT,SAAS;gBACT,WAAW;aACZ;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,KAA8B;QAChD,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,WAAW,IAAI,KAAK,CAAC,OAAO,0BAA0B,CAAC;QACzG,MAAM,aAAa,GAAG;YACpB,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,SAAS,EAAE,KAAK,CAAC,SAAS;SAC3B,CAAC;QACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;YACvD,SAAS;YACT,WAAW;YACX,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;YAClC,aAAa;SACd,CAAC,CAAC,CAAC;QACJ,MAAM,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC;YACtC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;aAC9B;YACD,aAAa;YACb,WAAW;YACX,KAAK,EAAE;gBACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;gBAClC,SAAS;gBACT,SAAS;gBACT,WAAW;aACZ;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,KAAgC;QACpD,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,WAAW,IAAI,KAAK,CAAC,UAAU,CAAC,YAAY,sBAAsB,CAAC;QACrH,MAAM,UAAU,GAAG;YACjB,GAAG,KAAK,CAAC,UAAU;YACnB,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;SAC7B,CAAC;QACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;YACvD,SAAS;YACT,WAAW;YACX,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;YAClC,UAAU;SACX,CAAC,CAAC,CAAC;QACJ,MAAM,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC;YACnC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;aAC9B;YACD,UAAU;YACV,WAAW;YACX,KAAK,EAAE;gBACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;gBAClC,SAAS;gBACT,SAAS;gBACT,WAAW;aACZ;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,KAA6B;QAC9C,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,WAAW,IAAI,KAAK,CAAC,MAAM,uBAAuB,CAAC;QACrG,MAAM,IAAI,GAAG;YACX,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,kBAAkB,EAAE,KAAK,CAAC,kBAAkB;YAC5C,cAAc,EAAE,KAAK,CAAC,cAAc;SACrC,CAAC;QACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;YACvD,SAAS;YACT,WAAW;YACX,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;YAClC,IAAI;SACL,CAAC,CAAC,CAAC;QACJ,MAAM,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC;YACnC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;aAC9B;YACD,IAAI;YACJ,WAAW;YACX,KAAK,EAAE;gBACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;gBAClC,SAAS;gBACT,SAAS;gBACT,WAAW;aACZ;SACF,CAAC,CAAC;IACL,CAAC;CACF;AAED,SAAS,0BAA0B,CAAC,KAAc;IAChD,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,eAAe,IAAI,KAAK,IAAI,OAAO,IAAI,KAAK,CAAC;AACrG,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAsC;IAC/D,OAAO,YAAY,IAAI,KAAK,IAAI,WAAW,IAAI,KAAK,CAAC;AACvD,CAAC;AAED,SAAS,kBAAkB,CAAC,QAAyC,EAAE,MAAoB;IACzF,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,IAAI,iBAAiB,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChC,OAAO,IAAI,WAAW,CAAC,QAAQ,CAAC,CAAC;IACnC,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,8EAA8E,CAAC,CAAC;AAClG,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAiC;IAC7D,OAAO;QACL,UAAU,EAAE,OAAO,CAAC,aAAa,CAAC,UAAU;KAC7C,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,OAAiC;IACjE,IAAI,CAAC,0BAA0B,CAAC,OAAO,CAAC,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC1E,CAAC;IACD,OAAO,IAAI,kBAAkB,CAC3B,oBAAoB,CAAC,OAAO,CAAC,EAC7B,OAAO,CAAC,KAAK,EACb,kBAAkB,CAAC,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,MAAM,CAAC,EACzD,OAAO,CAAC,KAAK,IAAI,IAAI,WAAW,EAAE,CACnC,CAAC;AACJ,CAAC"}
|
|
@@ -12,6 +12,16 @@ export interface OwnerWriteSecretInput {
|
|
|
12
12
|
targetBindings: readonly OwnerSecretTargetBinding[];
|
|
13
13
|
requestedAt?: string;
|
|
14
14
|
}
|
|
15
|
+
export interface OwnerStoreSecretInput {
|
|
16
|
+
alias: string;
|
|
17
|
+
plaintext: string;
|
|
18
|
+
requestedAt?: string;
|
|
19
|
+
}
|
|
20
|
+
export interface OwnerDefineSecretTargetsInput {
|
|
21
|
+
alias: string;
|
|
22
|
+
targetBindings: readonly OwnerSecretTargetBinding[];
|
|
23
|
+
requestedAt?: string;
|
|
24
|
+
}
|
|
15
25
|
export interface VaultAuditQueryInput {
|
|
16
26
|
actorId?: string;
|
|
17
27
|
secretAlias?: string;
|
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
export { createVaultClient } from "./client.js";
|
|
2
|
-
export type { VaultClient, VaultIdentity, VaultSigner, } from "./client.js";
|
|
3
|
-
export type { VaultAuditQueryInput, VaultExportSecretInput, VaultGrantCapabilityInput, VaultRegisterFlowInput, VaultRegisterAgentInput, OwnerSecretTargetBinding, OwnerWriteSecretInput, } from "./contracts.js";
|
|
2
|
+
export type { VaultClient, CreateVaultClientOptions, VaultIdentity, VaultSigner, } from "./client.js";
|
|
3
|
+
export type { VaultAuditQueryInput, OwnerDefineSecretTargetsInput, VaultExportSecretInput, VaultGrantCapabilityInput, VaultRegisterFlowInput, VaultRegisterAgentInput, OwnerSecretTargetBinding, OwnerStoreSecretInput, OwnerWriteSecretInput, } from "./contracts.js";
|
|
@@ -2,6 +2,7 @@ import crypto from "node:crypto";
|
|
|
2
2
|
import { createVaultCore } from "../vault-core/core.js";
|
|
3
3
|
import { createPersistentVaultCoreDependencies, } from "../vault-core/index.js";
|
|
4
4
|
import { wrapVaultCoreAsVaultService, } from "../vault-ingress/index.js";
|
|
5
|
+
import { createPrefixedStorage } from "../storage/prefix.js";
|
|
5
6
|
import { readVaultProfile, writeVaultProfile } from "./vault-metadata.js";
|
|
6
7
|
import { createWorkspaceStorage } from "./workspace-storage.js";
|
|
7
8
|
function deriveVaultWorkingKey(privateKey, vaultId) {
|
|
@@ -14,6 +15,9 @@ function deriveVaultWorkingKey(privateKey, vaultId) {
|
|
|
14
15
|
.update(privateKey)
|
|
15
16
|
.digest("base64url");
|
|
16
17
|
}
|
|
18
|
+
function vaultStoragePrefix(vaultId) {
|
|
19
|
+
return `vaults/${vaultId}`;
|
|
20
|
+
}
|
|
17
21
|
function resolveStorage(storageOrOptions, maybeOptions) {
|
|
18
22
|
if (maybeOptions) {
|
|
19
23
|
return {
|
|
@@ -27,8 +31,9 @@ function resolveStorage(storageOrOptions, maybeOptions) {
|
|
|
27
31
|
};
|
|
28
32
|
}
|
|
29
33
|
export async function createVault(storageOrOptions, maybeOptions) {
|
|
30
|
-
const { storage, options } = resolveStorage(storageOrOptions, maybeOptions);
|
|
34
|
+
const { storage: workspaceStorage, options } = resolveStorage(storageOrOptions, maybeOptions);
|
|
31
35
|
const vaultId = options.vaultId ?? `vault_${crypto.randomUUID()}`;
|
|
36
|
+
const storage = createPrefixedStorage(workspaceStorage, vaultStoragePrefix(vaultId));
|
|
32
37
|
const vaultWorkingKey = deriveVaultWorkingKey(options.ownerIdentity.privateKey, vaultId);
|
|
33
38
|
const deps = createPersistentVaultCoreDependencies(storage, {
|
|
34
39
|
...options,
|
|
@@ -55,7 +60,8 @@ export async function createVault(storageOrOptions, maybeOptions) {
|
|
|
55
60
|
};
|
|
56
61
|
}
|
|
57
62
|
export async function recoverVault(storageOrOptions, maybeOptions) {
|
|
58
|
-
const { storage, options } = resolveStorage(storageOrOptions, maybeOptions);
|
|
63
|
+
const { storage: workspaceStorage, options } = resolveStorage(storageOrOptions, maybeOptions);
|
|
64
|
+
const storage = createPrefixedStorage(workspaceStorage, vaultStoragePrefix(options.vaultId));
|
|
59
65
|
const vaultWorkingKey = deriveVaultWorkingKey(options.ownerIdentity.privateKey, options.vaultId);
|
|
60
66
|
const deps = createPersistentVaultCoreDependencies(storage, {
|
|
61
67
|
...options,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bootstrap.js","sourceRoot":"","sources":["../../src/runtime/bootstrap.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EACL,qCAAqC,GAItC,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,2BAA2B,GAG5B,MAAM,2BAA2B,CAAC;
|
|
1
|
+
{"version":3,"file":"bootstrap.js","sourceRoot":"","sources":["../../src/runtime/bootstrap.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EACL,qCAAqC,GAItC,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,2BAA2B,GAG5B,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAG7D,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAC1E,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAEhE,SAAS,qBAAqB,CAAC,UAAkB,EAAE,OAAe;IAChE,OAAO,MAAM;SACV,UAAU,CAAC,QAAQ,CAAC;SACpB,MAAM,CAAC,2BAA2B,CAAC;SACnC,MAAM,CAAC,IAAI,CAAC;SACZ,MAAM,CAAC,OAAO,CAAC;SACf,MAAM,CAAC,IAAI,CAAC;SACZ,MAAM,CAAC,UAAU,CAAC;SAClB,MAAM,CAAC,WAAW,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,kBAAkB,CAAC,OAAe;IACzC,OAAO,UAAU,OAAO,EAAE,CAAC;AAC7B,CAAC;AAmCD,SAAS,cAAc,CACrB,gBAA6E,EAC7E,YAAuD;IAEvD,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO;YACL,OAAO,EAAE,gBAAoC;YAC7C,OAAO,EAAE,YAAY;SACtB,CAAC;IACJ,CAAC;IACD,OAAO;QACL,OAAO,EAAE,sBAAsB,EAAE;QACjC,OAAO,EAAE,gBAA4D;KACtE,CAAC;AACJ,CAAC;AAID,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,gBAAuD,EACvD,YAAiC;IAEjC,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,OAAO,EAAE,GAAG,cAAc,CAAC,gBAAgB,EAAE,YAAY,CAG3F,CAAC;IACF,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,SAAS,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;IAClE,MAAM,OAAO,GAAG,qBAAqB,CAAC,gBAAgB,EAAE,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC;IACrF,MAAM,eAAe,GAAG,qBAAqB,CAAC,OAAO,CAAC,aAAa,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACzF,MAAM,IAAI,GAAG,qCAAqC,CAAC,OAAO,EAAE;QAC1D,GAAG,OAAO;QACV,OAAO;QACP,eAAe;KAChB,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACnC,MAAM,cAAc,GAAwB;QAC1C,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,OAAO,EAAE,OAAO,CAAC,aAAa,CAAC,UAAU;QACzC,SAAS,EAAE,OAAO,CAAC,aAAa,CAAC,SAAS;KAC3C,CAAC;IACF,MAAM,IAAI,CAAC,sBAAsB,CAAC,cAAc,CAAC,CAAC;IAClD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IAChF,MAAM,iBAAiB,CAAC,OAAO,EAAE;QAC/B,OAAO;QACP,QAAQ;KACT,CAAC,CAAC;IACH,OAAO;QACL,IAAI;QACJ,KAAK,EAAE,2BAA2B,CAAC,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC;QACvD,QAAQ;QACR,OAAO;KACR,CAAC;AACJ,CAAC;AAID,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,gBAAwD,EACxD,YAAkC;IAElC,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,OAAO,EAAE,GAAG,cAAc,CAAC,gBAAgB,EAAE,YAAY,CAG3F,CAAC;IACF,MAAM,OAAO,GAAG,qBAAqB,CAAC,gBAAgB,EAAE,kBAAkB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;IAC7F,MAAM,eAAe,GAAG,qBAAqB,CAAC,OAAO,CAAC,aAAa,CAAC,UAAU,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IACjG,MAAM,IAAI,GAAG,qCAAqC,CAAC,OAAO,EAAE;QAC1D,GAAG,OAAO;QACV,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,eAAe;KAChB,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACnC,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAChD,OAAO;QACL,IAAI;QACJ,KAAK,EAAE,2BAA2B,CAAC,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC;QACvD,QAAQ,EAAE,OAAO,EAAE,QAAQ;QAC3B,OAAO;KACR,CAAC;AACJ,CAAC"}
|
package/dist/runtime/index.d.ts
CHANGED
|
@@ -1,21 +1,16 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Runtime export.
|
|
3
|
-
*
|
|
3
|
+
* Public surface: high-level runtime and client APIs only.
|
|
4
4
|
*/
|
|
5
5
|
export { IdentityError, IdentityErrorCode } from "../errors.js";
|
|
6
|
-
export { derivePublicKey, LocalSigner } from "../protocol/crypto.js";
|
|
7
|
-
export { deriveIdentityId } from "../protocol/identity.js";
|
|
8
6
|
export type { IStorageProvider } from "../storage/provider.js";
|
|
9
7
|
export { FsStorageProvider } from "../storage/fs.js";
|
|
10
|
-
export { MemoryStorageProvider } from "../storage/memory.js";
|
|
11
8
|
export { createIdentity, deriveChildIdentity, restoreIdentity, type CreateIdentityOptions, type RestoreIdentityOptions, type CreatedIdentity, } from "./identity.js";
|
|
12
9
|
export { createChildIdentity, type CreateChildIdentityOptions, } from "./child-identity.js";
|
|
13
|
-
export { readVaultProfile, writeVaultProfile, type VaultProfile, } from "./vault-metadata.js";
|
|
14
10
|
export { createWorkspaceStorage, getDefaultWorkspaceDir, } from "./workspace-storage.js";
|
|
15
|
-
export { ensurePrivateVault,
|
|
11
|
+
export { ensurePrivateVault, } from "./private-vault.js";
|
|
16
12
|
export { createVault, recoverVault, type CreateVaultOptions, type CreatedVault, type RecoverVaultOptions, type RecoveredVault, } from "./bootstrap.js";
|
|
17
|
-
export {
|
|
18
|
-
export { createVaultClient, type VaultClient, type VaultIdentity, type VaultSigner, type VaultAuditQueryInput, type VaultExportSecretInput, type VaultGrantCapabilityInput, type VaultRegisterFlowInput, type VaultRegisterAgentInput, type OwnerSecretTargetBinding, type OwnerWriteSecretInput, } from "../clients/owner/index.js";
|
|
19
|
-
export { createAgentClient, type AgentClient, type AgentIdentity, type AgentCapabilityEnvelope, type AgentDispatchIntent, type AgentDispatchTransport, type AgentSigner, } from "../clients/agent/index.js";
|
|
20
|
-
export {
|
|
21
|
-
export { LocalVaultTransport, } from "../vault-ingress/defaults.js";
|
|
13
|
+
export { VaultCoreError, type AgentCapability, type SecretRecord } from "../vault-core/index.js";
|
|
14
|
+
export { createVaultClient, type VaultClient, type CreateVaultClientOptions, type VaultIdentity, type VaultSigner, type VaultAuditQueryInput, type OwnerDefineSecretTargetsInput, type VaultExportSecretInput, type VaultGrantCapabilityInput, type VaultRegisterFlowInput, type VaultRegisterAgentInput, type OwnerSecretTargetBinding, type OwnerStoreSecretInput, type OwnerWriteSecretInput, } from "../clients/owner/index.js";
|
|
15
|
+
export { createAgentClient, type AgentClient, type CreateAgentClientOptions, type AgentIdentity, type AgentCapabilityEnvelope, type AgentDispatchIntent, type AgentDispatchTransport, type AgentSigner, } from "../clients/agent/index.js";
|
|
16
|
+
export { createOwnerHttpFlowBoundary, createStandardAcquireBoundary, createStandardDispatchBoundary, type OwnerHttpFlowBoundary, } from "../vault-ingress/index.js";
|
package/dist/runtime/index.js
CHANGED
|
@@ -1,21 +1,16 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Runtime export.
|
|
3
|
-
*
|
|
3
|
+
* Public surface: high-level runtime and client APIs only.
|
|
4
4
|
*/
|
|
5
5
|
export { IdentityError, IdentityErrorCode } from "../errors.js";
|
|
6
|
-
export { derivePublicKey, LocalSigner } from "../protocol/crypto.js";
|
|
7
|
-
export { deriveIdentityId } from "../protocol/identity.js";
|
|
8
6
|
export { FsStorageProvider } from "../storage/fs.js";
|
|
9
|
-
export { MemoryStorageProvider } from "../storage/memory.js";
|
|
10
7
|
export { createIdentity, deriveChildIdentity, restoreIdentity, } from "./identity.js";
|
|
11
8
|
export { createChildIdentity, } from "./child-identity.js";
|
|
12
|
-
export { readVaultProfile, writeVaultProfile, } from "./vault-metadata.js";
|
|
13
9
|
export { createWorkspaceStorage, getDefaultWorkspaceDir, } from "./workspace-storage.js";
|
|
14
|
-
export { ensurePrivateVault,
|
|
10
|
+
export { ensurePrivateVault, } from "./private-vault.js";
|
|
15
11
|
export { createVault, recoverVault, } from "./bootstrap.js";
|
|
16
|
-
export {
|
|
12
|
+
export { VaultCoreError } from "../vault-core/index.js";
|
|
17
13
|
export { createVaultClient, } from "../clients/owner/index.js";
|
|
18
14
|
export { createAgentClient, } from "../clients/agent/index.js";
|
|
19
|
-
export {
|
|
20
|
-
export { LocalVaultTransport, } from "../vault-ingress/defaults.js";
|
|
15
|
+
export { createOwnerHttpFlowBoundary, createStandardAcquireBoundary, createStandardDispatchBoundary, } from "../vault-ingress/index.js";
|
|
21
16
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAEhE,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EACL,cAAc,EACd,mBAAmB,EACnB,eAAe,GAIhB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,mBAAmB,GAEpB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,kBAAkB,GACnB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,WAAW,EACX,YAAY,GAKb,MAAM,gBAAgB,CAAC;AAExB,OAAO,EAAE,cAAc,EAA2C,MAAM,wBAAwB,CAAC;AAEjG,OAAO,EACL,iBAAiB,GAclB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,iBAAiB,GAQlB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,2BAA2B,EAC3B,6BAA6B,EAC7B,8BAA8B,GAE/B,MAAM,2BAA2B,CAAC"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { Buffer } from "node:buffer";
|
|
2
|
-
const PRIVATE_VAULT_PREFIX = "
|
|
2
|
+
const PRIVATE_VAULT_PREFIX = "identities";
|
|
3
3
|
const PRIVATE_VAULT_LOCK_SUFFIX = ".lock";
|
|
4
4
|
export function privateVaultPrefix(identityId) {
|
|
5
5
|
return `${PRIVATE_VAULT_PREFIX}/${identityId}`;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"private-vault.js","sourceRoot":"","sources":["../../src/runtime/private-vault.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAIrC,MAAM,oBAAoB,GAAG,
|
|
1
|
+
{"version":3,"file":"private-vault.js","sourceRoot":"","sources":["../../src/runtime/private-vault.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAIrC,MAAM,oBAAoB,GAAG,YAAY,CAAC;AAC1C,MAAM,yBAAyB,GAAG,OAAO,CAAC;AAuB1C,MAAM,UAAU,kBAAkB,CAAC,UAAkB;IACnD,OAAO,GAAG,oBAAoB,IAAI,UAAU,EAAE,CAAC;AACjD,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,UAAkB;IACvD,OAAO,GAAG,kBAAkB,CAAC,UAAU,CAAC,eAAe,CAAC;AAC1D,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,UAAkB;IACxD,OAAO,GAAG,kBAAkB,CAAC,UAAU,CAAC,gBAAgB,CAAC;AAC3D,CAAC;AAED,SAAS,OAAO,CAAC,UAAkB;IACjC,OAAO,GAAG,kBAAkB,CAAC,UAAU,CAAC,GAAG,yBAAyB,EAAE,CAAC;AACzE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,OAAyB,EACzB,QAAyB;IAEzB,MAAM,OAAO,GAAwB;QACnC,UAAU,EAAE,QAAQ,CAAC,UAAU;QAC/B,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,SAAS,EAAE,QAAQ,CAAC,SAAS;QAC7B,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;QAC3C,UAAU,EAAE,QAAQ,CAAC,UAAU;KAChC,CAAC;IACF,MAAM,OAAO,CAAC,KAAK,CACjB,sBAAsB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAC3C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAC9C,CAAC;IAEF,MAAM,WAAW,GAAG,uBAAuB,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IACjE,IAAI,CAAC,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;QACtC,MAAM,UAAU,GAA8B;YAC5C,cAAc,EAAE,CAAC;YACjB,QAAQ,EAAE,EAAE;SACb,CAAC;QACF,MAAM,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IACrF,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,OAAyB,EACzB,UAAkB;IAElB,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAC,CAAC;IACnE,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAwB,CAAC;AACjE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,6BAA6B,CACjD,OAAyB,EACzB,UAAkB;IAElB,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC,CAAC;IACpE,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,EAAE,cAAc,EAAE,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IAC7C,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAA8B,CAAC;IAC7E,OAAO;QACL,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM;QAC/D,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;KAChC,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAClD,OAAyB,EACzB,UAAkB,EAClB,KAAgC;IAEhC,MAAM,OAAO,CAAC,KAAK,CACjB,uBAAuB,CAAC,UAAU,CAAC,EACnC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAC5C,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,OAAyB,EACzB,UAAkB,EAClB,IAAsB;IAEtB,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,OAAO,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC,CAAC;IACrD,CAAC;IACD,OAAO,IAAI,EAAE,CAAC;AAChB,CAAC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import type { IStorageProvider } from "./provider.js";
|
|
2
|
+
export declare class PrefixStorageProvider implements IStorageProvider {
|
|
3
|
+
private readonly base;
|
|
4
|
+
private readonly prefix;
|
|
5
|
+
constructor(base: IStorageProvider, prefix: string);
|
|
6
|
+
private key;
|
|
7
|
+
read(key: string): Promise<Buffer | null>;
|
|
8
|
+
write(key: string, data: Buffer): Promise<void>;
|
|
9
|
+
delete(key: string): Promise<void>;
|
|
10
|
+
has(key: string): Promise<boolean>;
|
|
11
|
+
rename?(fromKey: string, toKey: string): Promise<void>;
|
|
12
|
+
withLock?<T>(key: string, task: () => Promise<T>): Promise<T>;
|
|
13
|
+
}
|
|
14
|
+
export declare function createPrefixedStorage(base: IStorageProvider, prefix: string): PrefixStorageProvider;
|