@the-ai-company/cbio-node-runtime 1.17.0 → 1.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/runtime/child-identity.js +6 -6
- package/dist/runtime/child-identity.js.map +1 -1
- package/dist/runtime/index.d.ts +2 -2
- package/dist/runtime/index.js +1 -1
- package/dist/runtime/index.js.map +1 -1
- package/dist/runtime/private-vault.d.ts +12 -12
- package/dist/runtime/private-vault.js +16 -16
- package/dist/runtime/private-vault.js.map +1 -1
- package/docs/REFERENCE.md +2 -2
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -42,7 +42,7 @@ import {
|
|
|
42
42
|
createChildIdentity,
|
|
43
43
|
createIdentity,
|
|
44
44
|
createWorkspaceStorage,
|
|
45
|
-
|
|
45
|
+
ensureIdentityPrivateVault,
|
|
46
46
|
restoreIdentity,
|
|
47
47
|
createVault,
|
|
48
48
|
recoverVault,
|
|
@@ -64,7 +64,7 @@ Child identity example:
|
|
|
64
64
|
|
|
65
65
|
```ts
|
|
66
66
|
const rootIdentity = createIdentity({ nickname: 'root' });
|
|
67
|
-
await
|
|
67
|
+
await ensureIdentityPrivateVault(storage, rootIdentity);
|
|
68
68
|
const childIdentity = await createChildIdentity(storage, rootIdentity, {
|
|
69
69
|
nickname: 'worker-1',
|
|
70
70
|
});
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { deriveChildIdentity } from "./identity.js";
|
|
2
|
-
import {
|
|
2
|
+
import { ensureIdentityPrivateVault, readIdentityPrivateVaultChildrenState, withIdentityPrivateVaultLock, writeIdentityPrivateVaultChildrenState, } from "./private-vault.js";
|
|
3
3
|
export async function createChildIdentity(storage, parentIdentity, options = {}) {
|
|
4
4
|
const parent = typeof parentIdentity === "string"
|
|
5
5
|
? undefined
|
|
@@ -8,11 +8,11 @@ export async function createChildIdentity(storage, parentIdentity, options = {})
|
|
|
8
8
|
throw new Error("parent identity object is required");
|
|
9
9
|
}
|
|
10
10
|
const run = async () => {
|
|
11
|
-
await
|
|
12
|
-
const state = await
|
|
11
|
+
await ensureIdentityPrivateVault(storage, parent);
|
|
12
|
+
const state = await readIdentityPrivateVaultChildrenState(storage, parent.identityId);
|
|
13
13
|
const childIndex = state.nextChildIndex;
|
|
14
14
|
const childIdentity = deriveChildIdentity(parent, childIndex, options);
|
|
15
|
-
await
|
|
15
|
+
await ensureIdentityPrivateVault(storage, childIdentity);
|
|
16
16
|
state.nextChildIndex += 1;
|
|
17
17
|
state.children.push({
|
|
18
18
|
identityId: childIdentity.identityId,
|
|
@@ -21,9 +21,9 @@ export async function createChildIdentity(storage, parentIdentity, options = {})
|
|
|
21
21
|
nickname: childIdentity.nickname,
|
|
22
22
|
publicKey: childIdentity.publicKey,
|
|
23
23
|
});
|
|
24
|
-
await
|
|
24
|
+
await writeIdentityPrivateVaultChildrenState(storage, parent.identityId, state);
|
|
25
25
|
return childIdentity;
|
|
26
26
|
};
|
|
27
|
-
return
|
|
27
|
+
return withIdentityPrivateVaultLock(storage, parent.identityId, run);
|
|
28
28
|
}
|
|
29
29
|
//# sourceMappingURL=child-identity.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"child-identity.js","sourceRoot":"","sources":["../../src/runtime/child-identity.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EACL,
|
|
1
|
+
{"version":3,"file":"child-identity.js","sourceRoot":"","sources":["../../src/runtime/child-identity.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EACL,0BAA0B,EAC1B,qCAAqC,EACrC,4BAA4B,EAC5B,sCAAsC,GACvC,MAAM,oBAAoB,CAAC;AAI5B,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,OAAyB,EACzB,cAAwC,EACxC,UAAsC,EAAE;IAExC,MAAM,MAAM,GACV,OAAO,cAAc,KAAK,QAAQ;QAChC,CAAC,CAAC,SAAS;QACX,CAAC,CAAC,cAAc,CAAC;IACrB,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IACD,MAAM,GAAG,GAAG,KAAK,IAA4B,EAAE;QAC7C,MAAM,0BAA0B,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAClD,MAAM,KAAK,GAAG,MAAM,qCAAqC,CAAC,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;QACtF,MAAM,UAAU,GAAG,KAAK,CAAC,cAAc,CAAC;QACxC,MAAM,aAAa,GAAG,mBAAmB,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;QACvE,MAAM,0BAA0B,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QACzD,KAAK,CAAC,cAAc,IAAI,CAAC,CAAC;QAC1B,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;YAClB,UAAU,EAAE,aAAa,CAAC,UAAU;YACpC,gBAAgB,EAAE,aAAa,CAAC,gBAAiB;YACjD,UAAU;YACV,QAAQ,EAAE,aAAa,CAAC,QAAQ;YAChC,SAAS,EAAE,aAAa,CAAC,SAAS;SACnC,CAAC,CAAC;QACH,MAAM,sCAAsC,CAAC,OAAO,EAAE,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QAChF,OAAO,aAAa,CAAC;IACvB,CAAC,CAAC;IACF,OAAO,4BAA4B,CAAC,OAAO,EAAE,MAAM,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;AACvE,CAAC"}
|
package/dist/runtime/index.d.ts
CHANGED
|
@@ -12,7 +12,7 @@ export { createIdentity, deriveChildIdentity, restoreIdentity, type CreateIdenti
|
|
|
12
12
|
export { createChildIdentity, type CreateChildIdentityOptions, } from "./child-identity.js";
|
|
13
13
|
export { readVaultProfile, writeVaultProfile, type VaultProfile, } from "./vault-metadata.js";
|
|
14
14
|
export { createWorkspaceStorage, getDefaultWorkspaceDir, } from "./workspace-storage.js";
|
|
15
|
-
export {
|
|
15
|
+
export { ensureIdentityPrivateVault, readIdentityPrivateVaultProfile, readIdentityPrivateVaultChildrenState, identityPrivateVaultPrefix, identityPrivateVaultProfileKey, identityPrivateVaultChildrenKey, type IdentityPrivateVaultProfile, type IdentityPrivateVaultChildRecord, type IdentityPrivateVaultChildrenState, } from "./private-vault.js";
|
|
16
16
|
export { createVault, recoverVault, type CreateVaultOptions, type CreatedVault, type RecoverVaultOptions, type RecoveredVault, type VaultObject, } from "./bootstrap.js";
|
|
17
17
|
export { createVaultCore, DefaultVaultCore, VaultCoreError, createDefaultVaultCoreDependencies, type CreateDefaultVaultCoreDependenciesOptions, type DefaultPolicyEngineOptions, DefaultPolicyEngine, createPersistentVaultCoreDependencies, initializeVaultCustody, recoverVaultWorkingKey, DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY, type InitializeVaultCustodyOptions, type InitializedVaultCustody, type CreatePersistentVaultCoreDependenciesOptions, PersistentVaultAgentIdentityRegistry, PersistentVaultAuditLog, PersistentVaultOwnerIdentityRegistry, PersistentVaultCapabilityRegistry, PersistentVaultCapabilityRevocationRegistry, PersistentVaultCustomHttpFlowRegistry, PersistentVaultRateLimitStore, PersistentVaultReplayGuard, PersistentVaultSecretCustody, PersistentVaultSecretRepository, HttpDispatchExecutor, InMemoryAgentIdentityRegistry, InMemoryCapabilityRegistry, InMemoryCapabilityRevocationRegistry, InMemoryCustomHttpFlowRegistry, InMemoryRateLimitStore, InMemoryReplayGuard, InMemoryAuditLog, InMemoryOwnerIdentityRegistry, InMemorySecretCustody, InMemorySecretRepository, RandomIdGenerator, SignatureOwnerProofVerifier, type SignatureAgentProofVerifierOptions, SignatureAgentProofVerifier, SystemClock, type AgentCapability, type AgentIdentityRecord, type AgentProof, type OwnerAuditRequest, type OwnerExportSecretRequest, type OwnerDefineSecretTargetsCommand, type OwnerRegisterCapabilityCommand, type OwnerRegisterAgentIdentityCommand, type OwnerRegisterCustomHttpFlowCommand, type OwnerSecretExport, type OwnerIdentityRecord, type CustomHttpFlowDefinition, type OwnerProof, type AuditEntry, type AuditLog, type AuditQuery, type Clock, type DispatchAuthorization, type DispatchInstruction, type DispatchRequest, type DispatchResult, type IdGenerator, type OwnerIdentityRegistry, type OwnerProofVerifier, type PolicyEngine, type RateLimitStore, type ReplayGuard, type CustomHttpFlowRegistry, type SecretAlias, type SecretCustody, type SecretId, type SecretRecord, type SecretRepository, type SecretVersion, type TrustedExecutor, type VaultCore, type VaultCoreDependencies, type VaultPrincipal, type VaultPrincipalKind, type VaultTargetBinding, type VaultWriteSecretCommand, type VaultId, type AgentIdentityRegistry, type AgentProofVerifier, type CapabilityRevocationRegistry, type CapabilityRegistry, } from "../vault-core/index.js";
|
|
18
18
|
export { createVaultClient, type VaultClient, type CreateVaultClientOptions, type VaultIdentity, type VaultSigner, type VaultAuditQueryInput, type OwnerDefineSecretTargetsInput, type VaultExportSecretInput, type VaultGrantCapabilityInput, type VaultRegisterFlowInput, type VaultRegisterAgentInput, type OwnerSecretTargetBinding, type OwnerStoreSecretInput, type OwnerWriteSecretInput, } from "../clients/owner/index.js";
|
|
@@ -34,7 +34,7 @@ export interface CbioRuntime {
|
|
|
34
34
|
restoreIdentity: typeof import("./identity.js").restoreIdentity;
|
|
35
35
|
createChildIdentity: typeof import("./child-identity.js").createChildIdentity;
|
|
36
36
|
deriveChildIdentity: typeof import("./identity.js").deriveChildIdentity;
|
|
37
|
-
|
|
37
|
+
ensureIdentityPrivateVault: typeof import("./private-vault.js").ensureIdentityPrivateVault;
|
|
38
38
|
createVault: typeof import("./bootstrap.js").createVault;
|
|
39
39
|
recoverVault: typeof import("./bootstrap.js").recoverVault;
|
|
40
40
|
createVaultClient: typeof import("../clients/owner/index.js").createVaultClient;
|
package/dist/runtime/index.js
CHANGED
|
@@ -11,7 +11,7 @@ export { createIdentity, deriveChildIdentity, restoreIdentity, } from "./identit
|
|
|
11
11
|
export { createChildIdentity, } from "./child-identity.js";
|
|
12
12
|
export { readVaultProfile, writeVaultProfile, } from "./vault-metadata.js";
|
|
13
13
|
export { createWorkspaceStorage, getDefaultWorkspaceDir, } from "./workspace-storage.js";
|
|
14
|
-
export {
|
|
14
|
+
export { ensureIdentityPrivateVault, readIdentityPrivateVaultProfile, readIdentityPrivateVaultChildrenState, identityPrivateVaultPrefix, identityPrivateVaultProfileKey, identityPrivateVaultChildrenKey, } from "./private-vault.js";
|
|
15
15
|
export { createVault, recoverVault, } from "./bootstrap.js";
|
|
16
16
|
export { createVaultCore, DefaultVaultCore, VaultCoreError, createDefaultVaultCoreDependencies, DefaultPolicyEngine, createPersistentVaultCoreDependencies, initializeVaultCustody, recoverVaultWorkingKey, DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY, PersistentVaultAgentIdentityRegistry, PersistentVaultAuditLog, PersistentVaultOwnerIdentityRegistry, PersistentVaultCapabilityRegistry, PersistentVaultCapabilityRevocationRegistry, PersistentVaultCustomHttpFlowRegistry, PersistentVaultRateLimitStore, PersistentVaultReplayGuard, PersistentVaultSecretCustody, PersistentVaultSecretRepository, HttpDispatchExecutor, InMemoryAgentIdentityRegistry, InMemoryCapabilityRegistry, InMemoryCapabilityRevocationRegistry, InMemoryCustomHttpFlowRegistry, InMemoryRateLimitStore, InMemoryReplayGuard, InMemoryAuditLog, InMemoryOwnerIdentityRegistry, InMemorySecretCustody, InMemorySecretRepository, RandomIdGenerator, SignatureOwnerProofVerifier, SignatureAgentProofVerifier, SystemClock, } from "../vault-core/index.js";
|
|
17
17
|
export { createVaultClient, } from "../clients/owner/index.js";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAChE,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAE3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EACL,cAAc,EACd,mBAAmB,EACnB,eAAe,GAKhB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,mBAAmB,GAEpB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,gBAAgB,EAChB,iBAAiB,GAElB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAChE,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAE3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EACL,cAAc,EACd,mBAAmB,EACnB,eAAe,GAKhB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,mBAAmB,GAEpB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,gBAAgB,EAChB,iBAAiB,GAElB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,0BAA0B,EAC1B,+BAA+B,EAC/B,qCAAqC,EACrC,0BAA0B,EAC1B,8BAA8B,EAC9B,+BAA+B,GAIhC,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,WAAW,EACX,YAAY,GAMb,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,cAAc,EACd,kCAAkC,EAGlC,mBAAmB,EACnB,qCAAqC,EACrC,sBAAsB,EACtB,sBAAsB,EACtB,kCAAkC,EAIlC,oCAAoC,EACpC,uBAAuB,EACvB,oCAAoC,EACpC,iCAAiC,EACjC,2CAA2C,EAC3C,qCAAqC,EACrC,6BAA6B,EAC7B,0BAA0B,EAC1B,4BAA4B,EAC5B,+BAA+B,EAC/B,oBAAoB,EACpB,6BAA6B,EAC7B,0BAA0B,EAC1B,oCAAoC,EACpC,8BAA8B,EAC9B,sBAAsB,EACtB,mBAAmB,EACnB,gBAAgB,EAChB,6BAA6B,EAC7B,qBAAqB,EACrB,wBAAwB,EACxB,iBAAiB,EACjB,2BAA2B,EAE3B,2BAA2B,EAC3B,WAAW,GA+CZ,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,iBAAiB,GAclB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,iBAAiB,GAQlB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,kBAAkB,EAClB,2BAA2B,EAC3B,2BAA2B,EAC3B,6BAA6B,EAC7B,8BAA8B,EAC9B,uBAAuB,GAWxB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC"}
|
|
@@ -1,28 +1,28 @@
|
|
|
1
1
|
import type { IStorageProvider } from "../storage/provider.js";
|
|
2
2
|
import type { CreatedIdentity } from "./identity.js";
|
|
3
|
-
export interface
|
|
3
|
+
export interface IdentityPrivateVaultProfile {
|
|
4
4
|
identityId: string;
|
|
5
5
|
nickname?: string;
|
|
6
6
|
publicKey: string;
|
|
7
7
|
parentIdentityId?: string;
|
|
8
8
|
childIndex?: number;
|
|
9
9
|
}
|
|
10
|
-
export interface
|
|
10
|
+
export interface IdentityPrivateVaultChildRecord {
|
|
11
11
|
identityId: string;
|
|
12
12
|
parentIdentityId: string;
|
|
13
13
|
childIndex: number;
|
|
14
14
|
nickname?: string;
|
|
15
15
|
publicKey: string;
|
|
16
16
|
}
|
|
17
|
-
export interface
|
|
17
|
+
export interface IdentityPrivateVaultChildrenState {
|
|
18
18
|
nextChildIndex: number;
|
|
19
|
-
children:
|
|
19
|
+
children: IdentityPrivateVaultChildRecord[];
|
|
20
20
|
}
|
|
21
|
-
export declare function
|
|
22
|
-
export declare function
|
|
23
|
-
export declare function
|
|
24
|
-
export declare function
|
|
25
|
-
export declare function
|
|
26
|
-
export declare function
|
|
27
|
-
export declare function
|
|
28
|
-
export declare function
|
|
21
|
+
export declare function identityPrivateVaultPrefix(identityId: string): string;
|
|
22
|
+
export declare function identityPrivateVaultProfileKey(identityId: string): string;
|
|
23
|
+
export declare function identityPrivateVaultChildrenKey(identityId: string): string;
|
|
24
|
+
export declare function ensureIdentityPrivateVault(storage: IStorageProvider, identity: CreatedIdentity): Promise<void>;
|
|
25
|
+
export declare function readIdentityPrivateVaultProfile(storage: IStorageProvider, identityId: string): Promise<IdentityPrivateVaultProfile | null>;
|
|
26
|
+
export declare function readIdentityPrivateVaultChildrenState(storage: IStorageProvider, identityId: string): Promise<IdentityPrivateVaultChildrenState>;
|
|
27
|
+
export declare function writeIdentityPrivateVaultChildrenState(storage: IStorageProvider, identityId: string, state: IdentityPrivateVaultChildrenState): Promise<void>;
|
|
28
|
+
export declare function withIdentityPrivateVaultLock<T>(storage: IStorageProvider, identityId: string, task: () => Promise<T>): Promise<T>;
|
|
@@ -1,19 +1,19 @@
|
|
|
1
1
|
import { Buffer } from "node:buffer";
|
|
2
2
|
const PRIVATE_VAULT_PREFIX = "vault/private/identities";
|
|
3
3
|
const PRIVATE_VAULT_LOCK_SUFFIX = ".lock";
|
|
4
|
-
export function
|
|
4
|
+
export function identityPrivateVaultPrefix(identityId) {
|
|
5
5
|
return `${PRIVATE_VAULT_PREFIX}/${identityId}`;
|
|
6
6
|
}
|
|
7
|
-
export function
|
|
8
|
-
return `${
|
|
7
|
+
export function identityPrivateVaultProfileKey(identityId) {
|
|
8
|
+
return `${identityPrivateVaultPrefix(identityId)}/profile.json`;
|
|
9
9
|
}
|
|
10
|
-
export function
|
|
11
|
-
return `${
|
|
10
|
+
export function identityPrivateVaultChildrenKey(identityId) {
|
|
11
|
+
return `${identityPrivateVaultPrefix(identityId)}/children.json`;
|
|
12
12
|
}
|
|
13
13
|
function lockKey(identityId) {
|
|
14
|
-
return `${
|
|
14
|
+
return `${identityPrivateVaultPrefix(identityId)}${PRIVATE_VAULT_LOCK_SUFFIX}`;
|
|
15
15
|
}
|
|
16
|
-
export async function
|
|
16
|
+
export async function ensureIdentityPrivateVault(storage, identity) {
|
|
17
17
|
const profile = {
|
|
18
18
|
identityId: identity.identityId,
|
|
19
19
|
nickname: identity.nickname,
|
|
@@ -21,8 +21,8 @@ export async function ensurePrivateVault(storage, identity) {
|
|
|
21
21
|
parentIdentityId: identity.parentIdentityId,
|
|
22
22
|
childIndex: identity.childIndex,
|
|
23
23
|
};
|
|
24
|
-
await storage.write(
|
|
25
|
-
const childrenKey =
|
|
24
|
+
await storage.write(identityPrivateVaultProfileKey(identity.identityId), Buffer.from(JSON.stringify(profile, null, 2)));
|
|
25
|
+
const childrenKey = identityPrivateVaultChildrenKey(identity.identityId);
|
|
26
26
|
if (!(await storage.has(childrenKey))) {
|
|
27
27
|
const emptyState = {
|
|
28
28
|
nextChildIndex: 0,
|
|
@@ -31,15 +31,15 @@ export async function ensurePrivateVault(storage, identity) {
|
|
|
31
31
|
await storage.write(childrenKey, Buffer.from(JSON.stringify(emptyState, null, 2)));
|
|
32
32
|
}
|
|
33
33
|
}
|
|
34
|
-
export async function
|
|
35
|
-
const raw = await storage.read(
|
|
34
|
+
export async function readIdentityPrivateVaultProfile(storage, identityId) {
|
|
35
|
+
const raw = await storage.read(identityPrivateVaultProfileKey(identityId));
|
|
36
36
|
if (!raw) {
|
|
37
37
|
return null;
|
|
38
38
|
}
|
|
39
39
|
return JSON.parse(raw.toString("utf8"));
|
|
40
40
|
}
|
|
41
|
-
export async function
|
|
42
|
-
const raw = await storage.read(
|
|
41
|
+
export async function readIdentityPrivateVaultChildrenState(storage, identityId) {
|
|
42
|
+
const raw = await storage.read(identityPrivateVaultChildrenKey(identityId));
|
|
43
43
|
if (!raw) {
|
|
44
44
|
return { nextChildIndex: 0, children: [] };
|
|
45
45
|
}
|
|
@@ -49,10 +49,10 @@ export async function readPrivateVaultChildrenState(storage, identityId) {
|
|
|
49
49
|
children: parsed.children ?? [],
|
|
50
50
|
};
|
|
51
51
|
}
|
|
52
|
-
export async function
|
|
53
|
-
await storage.write(
|
|
52
|
+
export async function writeIdentityPrivateVaultChildrenState(storage, identityId, state) {
|
|
53
|
+
await storage.write(identityPrivateVaultChildrenKey(identityId), Buffer.from(JSON.stringify(state, null, 2)));
|
|
54
54
|
}
|
|
55
|
-
export async function
|
|
55
|
+
export async function withIdentityPrivateVaultLock(storage, identityId, task) {
|
|
56
56
|
if (storage.withLock) {
|
|
57
57
|
return storage.withLock(lockKey(identityId), task);
|
|
58
58
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"private-vault.js","sourceRoot":"","sources":["../../src/runtime/private-vault.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAIrC,MAAM,oBAAoB,GAAG,0BAA0B,CAAC;AACxD,MAAM,yBAAyB,GAAG,OAAO,CAAC;AAuB1C,MAAM,UAAU,
|
|
1
|
+
{"version":3,"file":"private-vault.js","sourceRoot":"","sources":["../../src/runtime/private-vault.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAIrC,MAAM,oBAAoB,GAAG,0BAA0B,CAAC;AACxD,MAAM,yBAAyB,GAAG,OAAO,CAAC;AAuB1C,MAAM,UAAU,0BAA0B,CAAC,UAAkB;IAC3D,OAAO,GAAG,oBAAoB,IAAI,UAAU,EAAE,CAAC;AACjD,CAAC;AAED,MAAM,UAAU,8BAA8B,CAAC,UAAkB;IAC/D,OAAO,GAAG,0BAA0B,CAAC,UAAU,CAAC,eAAe,CAAC;AAClE,CAAC;AAED,MAAM,UAAU,+BAA+B,CAAC,UAAkB;IAChE,OAAO,GAAG,0BAA0B,CAAC,UAAU,CAAC,gBAAgB,CAAC;AACnE,CAAC;AAED,SAAS,OAAO,CAAC,UAAkB;IACjC,OAAO,GAAG,0BAA0B,CAAC,UAAU,CAAC,GAAG,yBAAyB,EAAE,CAAC;AACjF,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAC9C,OAAyB,EACzB,QAAyB;IAEzB,MAAM,OAAO,GAAgC;QAC3C,UAAU,EAAE,QAAQ,CAAC,UAAU;QAC/B,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,SAAS,EAAE,QAAQ,CAAC,SAAS;QAC7B,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;QAC3C,UAAU,EAAE,QAAQ,CAAC,UAAU;KAChC,CAAC;IACF,MAAM,OAAO,CAAC,KAAK,CACjB,8BAA8B,CAAC,QAAQ,CAAC,UAAU,CAAC,EACnD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAC9C,CAAC;IAEF,MAAM,WAAW,GAAG,+BAA+B,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IACzE,IAAI,CAAC,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;QACtC,MAAM,UAAU,GAAsC;YACpD,cAAc,EAAE,CAAC;YACjB,QAAQ,EAAE,EAAE;SACb,CAAC;QACF,MAAM,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IACrF,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,+BAA+B,CACnD,OAAyB,EACzB,UAAkB;IAElB,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,8BAA8B,CAAC,UAAU,CAAC,CAAC,CAAC;IAC3E,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAgC,CAAC;AACzE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qCAAqC,CACzD,OAAyB,EACzB,UAAkB;IAElB,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,+BAA+B,CAAC,UAAU,CAAC,CAAC,CAAC;IAC5E,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,EAAE,cAAc,EAAE,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IAC7C,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAsC,CAAC;IACrF,OAAO;QACL,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM;QAC/D,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;KAChC,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sCAAsC,CAC1D,OAAyB,EACzB,UAAkB,EAClB,KAAwC;IAExC,MAAM,OAAO,CAAC,KAAK,CACjB,+BAA+B,CAAC,UAAU,CAAC,EAC3C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAC5C,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAChD,OAAyB,EACzB,UAAkB,EAClB,IAAsB;IAEtB,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,OAAO,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC,CAAC;IACrD,CAAC;IACD,OAAO,IAAI,EAAE,CAAC;AAChB,CAAC"}
|
package/docs/REFERENCE.md
CHANGED
|
@@ -18,7 +18,7 @@ The main constructors are:
|
|
|
18
18
|
- `createIdentity(...)`
|
|
19
19
|
- `createChildIdentity(...)`
|
|
20
20
|
- `deriveChildIdentity(...)`
|
|
21
|
-
- `
|
|
21
|
+
- `ensureIdentityPrivateVault(...)`
|
|
22
22
|
- `restoreIdentity(...)`
|
|
23
23
|
- `createVault(...)`
|
|
24
24
|
- `recoverVault(...)`
|
|
@@ -76,7 +76,7 @@ Role rules:
|
|
|
76
76
|
|
|
77
77
|
`deriveChildIdentity(parentIdentity, childIndex, { nickname })` deterministically reconstructs a child identity for a known `childIndex`.
|
|
78
78
|
|
|
79
|
-
`
|
|
79
|
+
`ensureIdentityPrivateVault(storage, identity)` creates or refreshes the identity's fixed namespace under `vault/private/identities/<identityId>/...`. That namespace stores identity-level files such as:
|
|
80
80
|
|
|
81
81
|
- `profile.json`
|
|
82
82
|
- `children.json`
|
package/package.json
CHANGED