@the-ai-company/cbio-node-runtime 1.19.0 → 1.22.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +17 -17
- package/dist/runtime/bootstrap.d.ts +1 -0
- package/dist/runtime/bootstrap.js +8 -5
- package/dist/runtime/bootstrap.js.map +1 -1
- package/dist/runtime/index.d.ts +2 -1
- package/dist/runtime/index.js +1 -1
- package/dist/runtime/index.js.map +1 -1
- package/dist/runtime/private-vault.d.ts +12 -0
- package/dist/runtime/private-vault.js +56 -45
- package/dist/runtime/private-vault.js.map +1 -1
- package/dist/runtime/vault-metadata.d.ts +4 -4
- package/dist/runtime/vault-metadata.js +26 -7
- package/dist/runtime/vault-metadata.js.map +1 -1
- package/dist/sealed/index.d.ts +7 -0
- package/dist/sealed/index.js +7 -0
- package/dist/sealed/index.js.map +1 -0
- package/dist/sealed/json-repo.d.ts +13 -0
- package/dist/sealed/json-repo.js +56 -0
- package/dist/sealed/json-repo.js.map +1 -0
- package/dist/vault-core/persistence.d.ts +17 -25
- package/dist/vault-core/persistence.js +63 -89
- package/dist/vault-core/persistence.js.map +1 -1
- package/docs/ARCHITECTURE.md +16 -0
- package/docs/REFERENCE.md +14 -10
- package/docs/es/README.md +4 -2
- package/docs/fr/README.md +5 -3
- package/docs/ja/README.md +4 -2
- package/docs/ko/README.md +4 -2
- package/docs/pt/README.md +5 -3
- package/docs/zh/README.md +4 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -71,18 +71,23 @@ const childIdentity = await createChildIdentity(storage, rootIdentity, {
|
|
|
71
71
|
nickname: 'worker-1',
|
|
72
72
|
});
|
|
73
73
|
|
|
74
|
-
const profile = await
|
|
74
|
+
const profile = await readIdentityMetadata(storage, rootIdentity.identityId); // Public Discovery
|
|
75
|
+
const fullProfile = await readIdentityMetadata(storage, rootIdentity.identityId, rootIdentity.privateKey); // Full Authorized Profile
|
|
75
76
|
const children = await readIdentityPrivateVaultChildrenState(storage, rootIdentity.privateKey);
|
|
76
77
|
```
|
|
77
78
|
|
|
78
|
-
Vaults also support
|
|
79
|
-
|
|
80
|
-
```ts
|
|
81
|
-
const createdVault = await createVault({
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
79
|
+
Vaults also support optional public metadata for discovery:
|
|
80
|
+
|
|
81
|
+
```ts
|
|
82
|
+
const createdVault = await createVault({
|
|
83
|
+
ownerIdentity: rootIdentity,
|
|
84
|
+
nickname: 'main-vault',
|
|
85
|
+
publicMetadata: {
|
|
86
|
+
displayName: 'Primary Vault',
|
|
87
|
+
tags: ['production', 'main'],
|
|
88
|
+
},
|
|
89
|
+
});
|
|
90
|
+
```
|
|
86
91
|
|
|
87
92
|
If you want to override the default workspace directory:
|
|
88
93
|
|
|
@@ -94,14 +99,9 @@ const createdVault = await createVault(storage, {
|
|
|
94
99
|
});
|
|
95
100
|
```
|
|
96
101
|
|
|
97
|
-
The workspace root can contain many vaults. Each vault is
|
|
98
|
-
|
|
99
|
-
Each identity
|
|
100
|
-
|
|
101
|
-
- `profile.json`
|
|
102
|
-
- `children.json`
|
|
103
|
-
|
|
104
|
-
Those files are encrypted with a key derived from the identity private key, so they are not stored as plaintext JSON.
|
|
102
|
+
The workspace root can contain many vaults. Each vault is physically divided into `vault/sealed/` (encrypted) and `vault/public/` (plaintext discovery).
|
|
103
|
+
|
|
104
|
+
Each identity also has its own private namespace under `identities/<identityId>/sealed/...` for encrypted metadata such as `profile.sealed` and `children.sealed`.
|
|
105
105
|
|
|
106
106
|
## Architecture
|
|
107
107
|
|
|
@@ -5,6 +5,7 @@ import type { CreatedIdentity } from "./identity.js";
|
|
|
5
5
|
export interface CreateVaultOptions extends Omit<CreatePersistentVaultCoreDependenciesOptions, "vaultWorkingKey" | "vaultId"> {
|
|
6
6
|
vaultId?: string;
|
|
7
7
|
nickname?: string;
|
|
8
|
+
publicMetadata?: Record<string, any>;
|
|
8
9
|
ownerIdentity: CreatedIdentity;
|
|
9
10
|
vault?: {
|
|
10
11
|
customFlows?: VaultCustomFlowResolver;
|
|
@@ -49,9 +49,12 @@ export async function createVault(storageOrOptions, maybeOptions) {
|
|
|
49
49
|
await core.bootstrapOwnerIdentity(bootstrapOwner);
|
|
50
50
|
const nickname = options.nickname?.trim() ? options.nickname.trim() : undefined;
|
|
51
51
|
await writeVaultProfile(storage, {
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
52
|
+
sealed: {
|
|
53
|
+
vaultId,
|
|
54
|
+
nickname,
|
|
55
|
+
},
|
|
56
|
+
public: options.publicMetadata ?? {},
|
|
57
|
+
}, vaultWorkingKey);
|
|
55
58
|
return {
|
|
56
59
|
core,
|
|
57
60
|
vault: wrapVaultCoreAsVaultService(core, options.vault),
|
|
@@ -69,11 +72,11 @@ export async function recoverVault(storageOrOptions, maybeOptions) {
|
|
|
69
72
|
vaultWorkingKey,
|
|
70
73
|
});
|
|
71
74
|
const core = createVaultCore(deps);
|
|
72
|
-
const profile = await readVaultProfile(storage);
|
|
75
|
+
const profile = await readVaultProfile(storage, vaultWorkingKey);
|
|
73
76
|
return {
|
|
74
77
|
core,
|
|
75
78
|
vault: wrapVaultCoreAsVaultService(core, options.vault),
|
|
76
|
-
nickname: profile?.nickname,
|
|
79
|
+
nickname: profile?.sealed.nickname,
|
|
77
80
|
storage,
|
|
78
81
|
};
|
|
79
82
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bootstrap.js","sourceRoot":"","sources":["../../src/runtime/bootstrap.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EACL,qCAAqC,GAItC,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,2BAA2B,GAG5B,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAG7D,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAC1E,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAEhE,SAAS,qBAAqB,CAAC,UAAkB,EAAE,OAAe;IAChE,OAAO,MAAM;SACV,UAAU,CAAC,QAAQ,CAAC;SACpB,MAAM,CAAC,2BAA2B,CAAC;SACnC,MAAM,CAAC,IAAI,CAAC;SACZ,MAAM,CAAC,OAAO,CAAC;SACf,MAAM,CAAC,IAAI,CAAC;SACZ,MAAM,CAAC,UAAU,CAAC;SAClB,MAAM,CAAC,WAAW,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,kBAAkB,CAAC,OAAe;IACzC,OAAO,UAAU,OAAO,EAAE,CAAC;AAC7B,CAAC;
|
|
1
|
+
{"version":3,"file":"bootstrap.js","sourceRoot":"","sources":["../../src/runtime/bootstrap.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EACL,qCAAqC,GAItC,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,2BAA2B,GAG5B,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAG7D,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAC1E,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAEhE,SAAS,qBAAqB,CAAC,UAAkB,EAAE,OAAe;IAChE,OAAO,MAAM;SACV,UAAU,CAAC,QAAQ,CAAC;SACpB,MAAM,CAAC,2BAA2B,CAAC;SACnC,MAAM,CAAC,IAAI,CAAC;SACZ,MAAM,CAAC,OAAO,CAAC;SACf,MAAM,CAAC,IAAI,CAAC;SACZ,MAAM,CAAC,UAAU,CAAC;SAClB,MAAM,CAAC,WAAW,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,kBAAkB,CAAC,OAAe;IACzC,OAAO,UAAU,OAAO,EAAE,CAAC;AAC7B,CAAC;AAsCD,SAAS,cAAc,CACrB,gBAA6E,EAC7E,YAAuD;IAEvD,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO;YACL,OAAO,EAAE,gBAAoC;YAC7C,OAAO,EAAE,YAAY;SACtB,CAAC;IACJ,CAAC;IACD,OAAO;QACL,OAAO,EAAE,sBAAsB,EAAE;QACjC,OAAO,EAAE,gBAA4D;KACtE,CAAC;AACJ,CAAC;AAID,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,gBAAuD,EACvD,YAAiC;IAEjC,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,OAAO,EAAE,GAAG,cAAc,CAAC,gBAAgB,EAAE,YAAY,CAG3F,CAAC;IACF,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,SAAS,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;IAClE,MAAM,OAAO,GAAG,qBAAqB,CAAC,gBAAgB,EAAE,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC;IACrF,MAAM,eAAe,GAAG,qBAAqB,CAAC,OAAO,CAAC,aAAa,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACzF,MAAM,IAAI,GAAG,qCAAqC,CAAC,OAAO,EAAE;QAC1D,GAAG,OAAO;QACV,OAAO;QACP,eAAe;KAChB,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACnC,MAAM,cAAc,GAAwB;QAC1C,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,OAAO,EAAE,OAAO,CAAC,aAAa,CAAC,UAAU;QACzC,SAAS,EAAE,OAAO,CAAC,aAAa,CAAC,SAAS;KAC3C,CAAC;IACF,MAAM,IAAI,CAAC,sBAAsB,CAAC,cAAc,CAAC,CAAC;IAClD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IAChF,MAAM,iBAAiB,CAAC,OAAO,EAAE;QAC/B,MAAM,EAAE;YACN,OAAO;YACP,QAAQ;SACT;QACD,MAAM,EAAE,OAAO,CAAC,cAAc,IAAI,EAAE;KACrC,EAAE,eAAe,CAAC,CAAC;IACpB,OAAO;QACL,IAAI;QACJ,KAAK,EAAE,2BAA2B,CAAC,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC;QACvD,QAAQ;QACR,OAAO;KACR,CAAC;AACJ,CAAC;AAID,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,gBAAwD,EACxD,YAAkC;IAElC,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,OAAO,EAAE,GAAG,cAAc,CAAC,gBAAgB,EAAE,YAAY,CAG3F,CAAC;IACF,MAAM,OAAO,GAAG,qBAAqB,CAAC,gBAAgB,EAAE,kBAAkB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;IAC7F,MAAM,eAAe,GAAG,qBAAqB,CAAC,OAAO,CAAC,aAAa,CAAC,UAAU,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IACjG,MAAM,IAAI,GAAG,qCAAqC,CAAC,OAAO,EAAE;QAC1D,GAAG,OAAO;QACV,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,eAAe;KAChB,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACnC,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IACjE,OAAO;QACL,IAAI;QACJ,KAAK,EAAE,2BAA2B,CAAC,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC;QACvD,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,QAAQ;QAClC,OAAO;KACR,CAAC;AACJ,CAAC"}
|
package/dist/runtime/index.d.ts
CHANGED
|
@@ -12,7 +12,7 @@ export { createIdentity, deriveChildIdentity, restoreIdentity, type CreateIdenti
|
|
|
12
12
|
export { createChildIdentity, type CreateChildIdentityOptions, } from "./child-identity.js";
|
|
13
13
|
export { readVaultProfile, writeVaultProfile, type VaultProfile, } from "./vault-metadata.js";
|
|
14
14
|
export { createWorkspaceStorage, getDefaultWorkspaceDir, } from "./workspace-storage.js";
|
|
15
|
-
export { ensureIdentityPrivateVault, readIdentityPrivateVaultProfile, readIdentityPrivateVaultChildrenState, identityPrivateVaultPrefix, identityPrivateVaultProfileKey, identityPrivateVaultChildrenKey, type IdentityPrivateVaultProfile, type IdentityPrivateVaultChildRecord, type IdentityPrivateVaultChildrenState, } from "./private-vault.js";
|
|
15
|
+
export { ensureIdentityPrivateVault, readIdentityPrivateVaultProfile, readIdentityPrivateVaultChildrenState, readIdentityMetadata, identityPrivateVaultPrefix, identityPrivateVaultProfileKey, identityPrivateVaultChildrenKey, type IdentityPrivateVaultProfile, type IdentityPrivateVaultChildRecord, type IdentityPrivateVaultChildrenState, type IdentityPublicProfile, } from "./private-vault.js";
|
|
16
16
|
export { createVault, recoverVault, type CreateVaultOptions, type CreatedVault, type RecoverVaultOptions, type RecoveredVault, type VaultObject, } from "./bootstrap.js";
|
|
17
17
|
export { createVaultCore, DefaultVaultCore, VaultCoreError, createDefaultVaultCoreDependencies, type CreateDefaultVaultCoreDependenciesOptions, type DefaultPolicyEngineOptions, DefaultPolicyEngine, createPersistentVaultCoreDependencies, initializeVaultCustody, recoverVaultWorkingKey, DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY, type InitializeVaultCustodyOptions, type InitializedVaultCustody, type CreatePersistentVaultCoreDependenciesOptions, PersistentVaultAgentIdentityRegistry, PersistentVaultAuditLog, PersistentVaultOwnerIdentityRegistry, PersistentVaultCapabilityRegistry, PersistentVaultCapabilityRevocationRegistry, PersistentVaultCustomHttpFlowRegistry, PersistentVaultRateLimitStore, PersistentVaultReplayGuard, PersistentVaultSecretCustody, PersistentVaultSecretRepository, HttpDispatchExecutor, InMemoryAgentIdentityRegistry, InMemoryCapabilityRegistry, InMemoryCapabilityRevocationRegistry, InMemoryCustomHttpFlowRegistry, InMemoryRateLimitStore, InMemoryReplayGuard, InMemoryAuditLog, InMemoryOwnerIdentityRegistry, InMemorySecretCustody, InMemorySecretRepository, RandomIdGenerator, SignatureOwnerProofVerifier, type SignatureAgentProofVerifierOptions, SignatureAgentProofVerifier, SystemClock, type AgentCapability, type AgentIdentityRecord, type AgentProof, type OwnerAuditRequest, type OwnerExportSecretRequest, type OwnerDefineSecretTargetsCommand, type OwnerRegisterCapabilityCommand, type OwnerRegisterAgentIdentityCommand, type OwnerRegisterCustomHttpFlowCommand, type OwnerSecretExport, type OwnerIdentityRecord, type CustomHttpFlowDefinition, type OwnerProof, type AuditEntry, type AuditLog, type AuditQuery, type Clock, type DispatchAuthorization, type DispatchInstruction, type DispatchRequest, type DispatchResult, type IdGenerator, type OwnerIdentityRegistry, type OwnerProofVerifier, type PolicyEngine, type RateLimitStore, type ReplayGuard, type CustomHttpFlowRegistry, type SecretAlias, type SecretCustody, type SecretId, type SecretRecord, type SecretRepository, type SecretVersion, type TrustedExecutor, type VaultCore, type VaultCoreDependencies, type VaultPrincipal, type VaultPrincipalKind, type VaultTargetBinding, type VaultWriteSecretCommand, type VaultId, type AgentIdentityRegistry, type AgentProofVerifier, type CapabilityRevocationRegistry, type CapabilityRegistry, } from "../vault-core/index.js";
|
|
18
18
|
export { createVaultClient, type VaultClient, type CreateVaultClientOptions, type VaultIdentity, type VaultSigner, type VaultAuditQueryInput, type OwnerDefineSecretTargetsInput, type VaultExportSecretInput, type VaultGrantCapabilityInput, type VaultRegisterFlowInput, type VaultRegisterAgentInput, type OwnerSecretTargetBinding, type OwnerStoreSecretInput, type OwnerWriteSecretInput, } from "../clients/owner/index.js";
|
|
@@ -37,6 +37,7 @@ export interface CbioRuntime {
|
|
|
37
37
|
ensureIdentityPrivateVault: typeof import("./private-vault.js").ensureIdentityPrivateVault;
|
|
38
38
|
readIdentityPrivateVaultProfile: typeof import("./private-vault.js").readIdentityPrivateVaultProfile;
|
|
39
39
|
readIdentityPrivateVaultChildrenState: typeof import("./private-vault.js").readIdentityPrivateVaultChildrenState;
|
|
40
|
+
readIdentityMetadata: typeof import("./private-vault.js").readIdentityMetadata;
|
|
40
41
|
createVault: typeof import("./bootstrap.js").createVault;
|
|
41
42
|
recoverVault: typeof import("./bootstrap.js").recoverVault;
|
|
42
43
|
createVaultClient: typeof import("../clients/owner/index.js").createVaultClient;
|
package/dist/runtime/index.js
CHANGED
|
@@ -11,7 +11,7 @@ export { createIdentity, deriveChildIdentity, restoreIdentity, } from "./identit
|
|
|
11
11
|
export { createChildIdentity, } from "./child-identity.js";
|
|
12
12
|
export { readVaultProfile, writeVaultProfile, } from "./vault-metadata.js";
|
|
13
13
|
export { createWorkspaceStorage, getDefaultWorkspaceDir, } from "./workspace-storage.js";
|
|
14
|
-
export { ensureIdentityPrivateVault, readIdentityPrivateVaultProfile, readIdentityPrivateVaultChildrenState, identityPrivateVaultPrefix, identityPrivateVaultProfileKey, identityPrivateVaultChildrenKey, } from "./private-vault.js";
|
|
14
|
+
export { ensureIdentityPrivateVault, readIdentityPrivateVaultProfile, readIdentityPrivateVaultChildrenState, readIdentityMetadata, identityPrivateVaultPrefix, identityPrivateVaultProfileKey, identityPrivateVaultChildrenKey, } from "./private-vault.js";
|
|
15
15
|
export { createVault, recoverVault, } from "./bootstrap.js";
|
|
16
16
|
export { createVaultCore, DefaultVaultCore, VaultCoreError, createDefaultVaultCoreDependencies, DefaultPolicyEngine, createPersistentVaultCoreDependencies, initializeVaultCustody, recoverVaultWorkingKey, DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY, PersistentVaultAgentIdentityRegistry, PersistentVaultAuditLog, PersistentVaultOwnerIdentityRegistry, PersistentVaultCapabilityRegistry, PersistentVaultCapabilityRevocationRegistry, PersistentVaultCustomHttpFlowRegistry, PersistentVaultRateLimitStore, PersistentVaultReplayGuard, PersistentVaultSecretCustody, PersistentVaultSecretRepository, HttpDispatchExecutor, InMemoryAgentIdentityRegistry, InMemoryCapabilityRegistry, InMemoryCapabilityRevocationRegistry, InMemoryCustomHttpFlowRegistry, InMemoryRateLimitStore, InMemoryReplayGuard, InMemoryAuditLog, InMemoryOwnerIdentityRegistry, InMemorySecretCustody, InMemorySecretRepository, RandomIdGenerator, SignatureOwnerProofVerifier, SignatureAgentProofVerifier, SystemClock, } from "../vault-core/index.js";
|
|
17
17
|
export { createVaultClient, } from "../clients/owner/index.js";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAChE,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAE3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EACL,cAAc,EACd,mBAAmB,EACnB,eAAe,GAKhB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,mBAAmB,GAEpB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,gBAAgB,EAChB,iBAAiB,GAElB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,0BAA0B,EAC1B,+BAA+B,EAC/B,qCAAqC,EACrC,0BAA0B,EAC1B,8BAA8B,EAC9B,+BAA+B,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAChE,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAE3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EACL,cAAc,EACd,mBAAmB,EACnB,eAAe,GAKhB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,mBAAmB,GAEpB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,gBAAgB,EAChB,iBAAiB,GAElB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,0BAA0B,EAC1B,+BAA+B,EAC/B,qCAAqC,EACrC,oBAAoB,EACpB,0BAA0B,EAC1B,8BAA8B,EAC9B,+BAA+B,GAKhC,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,WAAW,EACX,YAAY,GAMb,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,cAAc,EACd,kCAAkC,EAGlC,mBAAmB,EACnB,qCAAqC,EACrC,sBAAsB,EACtB,sBAAsB,EACtB,kCAAkC,EAIlC,oCAAoC,EACpC,uBAAuB,EACvB,oCAAoC,EACpC,iCAAiC,EACjC,2CAA2C,EAC3C,qCAAqC,EACrC,6BAA6B,EAC7B,0BAA0B,EAC1B,4BAA4B,EAC5B,+BAA+B,EAC/B,oBAAoB,EACpB,6BAA6B,EAC7B,0BAA0B,EAC1B,oCAAoC,EACpC,8BAA8B,EAC9B,sBAAsB,EACtB,mBAAmB,EACnB,gBAAgB,EAChB,6BAA6B,EAC7B,qBAAqB,EACrB,wBAAwB,EACxB,iBAAiB,EACjB,2BAA2B,EAE3B,2BAA2B,EAC3B,WAAW,GA+CZ,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,iBAAiB,GAclB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,iBAAiB,GAQlB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,kBAAkB,EAClB,2BAA2B,EAC3B,2BAA2B,EAC3B,6BAA6B,EAC7B,8BAA8B,EAC9B,uBAAuB,GAWxB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC"}
|
|
@@ -18,12 +18,24 @@ export interface IdentityPrivateVaultChildrenState {
|
|
|
18
18
|
nextChildIndex: number;
|
|
19
19
|
children: IdentityPrivateVaultChildRecord[];
|
|
20
20
|
}
|
|
21
|
+
export interface IdentityPublicProfile {
|
|
22
|
+
identityId: string;
|
|
23
|
+
publicKey: string;
|
|
24
|
+
nickname?: string;
|
|
25
|
+
parentIdentityId?: string;
|
|
26
|
+
}
|
|
21
27
|
type IdentityPrivateVaultAccess = CreatedIdentity | string;
|
|
22
28
|
export declare function identityPrivateVaultPrefix(identityId: string): string;
|
|
23
29
|
export declare function identityPrivateVaultProfileKey(identityId: string): string;
|
|
24
30
|
export declare function identityPrivateVaultChildrenKey(identityId: string): string;
|
|
31
|
+
export declare function identityPrivateVaultPublicProfileKey(identityId: string): string;
|
|
25
32
|
export declare function ensureIdentityPrivateVault(storage: IStorageProvider, identity: CreatedIdentity): Promise<void>;
|
|
26
33
|
export declare function readIdentityPrivateVaultProfile(storage: IStorageProvider, identityOrPrivateKey: IdentityPrivateVaultAccess): Promise<IdentityPrivateVaultProfile | null>;
|
|
34
|
+
/**
|
|
35
|
+
* Unified metadata reader for identities.
|
|
36
|
+
* Handles both open discovery (identityId only) and authorized read (privateKey).
|
|
37
|
+
*/
|
|
38
|
+
export declare function readIdentityMetadata(storage: IStorageProvider, identityId: string, privateKey?: string): Promise<IdentityPrivateVaultProfile | IdentityPublicProfile | null>;
|
|
27
39
|
export declare function readIdentityPrivateVaultChildrenState(storage: IStorageProvider, identityOrPrivateKey: IdentityPrivateVaultAccess): Promise<IdentityPrivateVaultChildrenState>;
|
|
28
40
|
export declare function writeIdentityPrivateVaultChildrenState(storage: IStorageProvider, identityOrPrivateKey: IdentityPrivateVaultAccess, state: IdentityPrivateVaultChildrenState): Promise<void>;
|
|
29
41
|
export declare function withIdentityPrivateVaultLock<T>(storage: IStorageProvider, identityOrPrivateKey: IdentityPrivateVaultAccess, task: () => Promise<T>): Promise<T>;
|
|
@@ -1,20 +1,22 @@
|
|
|
1
|
-
import { Buffer } from "node:buffer";
|
|
2
1
|
import { createHash } from "node:crypto";
|
|
3
|
-
import {
|
|
2
|
+
import { SealedJsonRepository } from "../sealed/index.js";
|
|
4
3
|
import { restoreIdentity } from "./identity.js";
|
|
5
|
-
const PRIVATE_VAULT_PREFIX = "
|
|
4
|
+
const PRIVATE_VAULT_PREFIX = "identities";
|
|
6
5
|
const PRIVATE_VAULT_LOCK_SUFFIX = ".lock";
|
|
7
6
|
export function identityPrivateVaultPrefix(identityId) {
|
|
8
7
|
return `${PRIVATE_VAULT_PREFIX}/${identityId}`;
|
|
9
8
|
}
|
|
10
9
|
export function identityPrivateVaultProfileKey(identityId) {
|
|
11
|
-
return `${identityPrivateVaultPrefix(identityId)}/profile.
|
|
10
|
+
return `${identityPrivateVaultPrefix(identityId)}/sealed/profile.sealed`;
|
|
12
11
|
}
|
|
13
12
|
export function identityPrivateVaultChildrenKey(identityId) {
|
|
14
|
-
return `${identityPrivateVaultPrefix(identityId)}/children.
|
|
13
|
+
return `${identityPrivateVaultPrefix(identityId)}/sealed/children.sealed`;
|
|
14
|
+
}
|
|
15
|
+
export function identityPrivateVaultPublicProfileKey(identityId) {
|
|
16
|
+
return `${identityPrivateVaultPrefix(identityId)}/public/profile.json`;
|
|
15
17
|
}
|
|
16
18
|
function lockKey(identityId) {
|
|
17
|
-
return `${identityPrivateVaultPrefix(identityId)}${PRIVATE_VAULT_LOCK_SUFFIX}`;
|
|
19
|
+
return `${identityPrivateVaultPrefix(identityId)}/sealed/locks/vault${PRIVATE_VAULT_LOCK_SUFFIX}`;
|
|
18
20
|
}
|
|
19
21
|
function normalizeIdentityAccess(identityOrPrivateKey) {
|
|
20
22
|
if (typeof identityOrPrivateKey === "string") {
|
|
@@ -31,33 +33,6 @@ function deriveIdentityPrivateVaultKey(identity) {
|
|
|
31
33
|
.update(identity.privateKey)
|
|
32
34
|
.digest("base64url");
|
|
33
35
|
}
|
|
34
|
-
function sealIdentityPrivateVaultJson(identity, value, kind) {
|
|
35
|
-
const sealed = sealBlob({
|
|
36
|
-
version: SEALED_BLOB_VERSION,
|
|
37
|
-
secrets: {
|
|
38
|
-
payload: JSON.stringify(value),
|
|
39
|
-
},
|
|
40
|
-
secretMetadata: {
|
|
41
|
-
kind,
|
|
42
|
-
identityId: identity.identityId,
|
|
43
|
-
},
|
|
44
|
-
}, deriveIdentityPrivateVaultKey(identity));
|
|
45
|
-
return Buffer.from(sealed, "utf8");
|
|
46
|
-
}
|
|
47
|
-
function unsealIdentityPrivateVaultJson(identity, payload, expectedKind) {
|
|
48
|
-
const unsealed = unsealBlob(payload.toString("utf8"), deriveIdentityPrivateVaultKey(identity));
|
|
49
|
-
if (unsealed.secretMetadata.kind !== expectedKind) {
|
|
50
|
-
throw new Error(`unexpected identity private vault payload kind: ${String(unsealed.secretMetadata.kind)}`);
|
|
51
|
-
}
|
|
52
|
-
if (unsealed.secretMetadata.identityId !== identity.identityId) {
|
|
53
|
-
throw new Error("identity private vault payload identity mismatch");
|
|
54
|
-
}
|
|
55
|
-
const secretPayload = unsealed.secrets.payload;
|
|
56
|
-
if (typeof secretPayload !== "string") {
|
|
57
|
-
throw new Error("identity private vault payload missing body");
|
|
58
|
-
}
|
|
59
|
-
return JSON.parse(secretPayload);
|
|
60
|
-
}
|
|
61
36
|
export async function ensureIdentityPrivateVault(storage, identity) {
|
|
62
37
|
const profile = {
|
|
63
38
|
identityId: identity.identityId,
|
|
@@ -66,31 +41,66 @@ export async function ensureIdentityPrivateVault(storage, identity) {
|
|
|
66
41
|
parentIdentityId: identity.parentIdentityId,
|
|
67
42
|
childIndex: identity.childIndex,
|
|
68
43
|
};
|
|
69
|
-
|
|
44
|
+
const profileRepo = new SealedJsonRepository(storage, identityPrivateVaultProfileKey(identity.identityId), deriveIdentityPrivateVaultKey(identity));
|
|
45
|
+
await profileRepo.write(profile, "identity_private_vault_profile");
|
|
46
|
+
// Write public profile mirror (Plaintext)
|
|
47
|
+
const publicProfile = {
|
|
48
|
+
identityId: profile.identityId,
|
|
49
|
+
publicKey: profile.publicKey,
|
|
50
|
+
nickname: profile.nickname,
|
|
51
|
+
parentIdentityId: profile.parentIdentityId,
|
|
52
|
+
};
|
|
53
|
+
await storage.write(identityPrivateVaultPublicProfileKey(identity.identityId), Buffer.from(JSON.stringify(publicProfile, null, 2)));
|
|
70
54
|
const childrenKey = identityPrivateVaultChildrenKey(identity.identityId);
|
|
71
55
|
if (!(await storage.has(childrenKey))) {
|
|
72
56
|
const emptyState = {
|
|
73
57
|
nextChildIndex: 0,
|
|
74
58
|
children: [],
|
|
75
59
|
};
|
|
76
|
-
|
|
60
|
+
const childrenRepo = new SealedJsonRepository(storage, childrenKey, deriveIdentityPrivateVaultKey(identity));
|
|
61
|
+
await childrenRepo.write(emptyState, "identity_private_vault_children");
|
|
77
62
|
}
|
|
78
63
|
}
|
|
79
64
|
export async function readIdentityPrivateVaultProfile(storage, identityOrPrivateKey) {
|
|
80
65
|
const identity = normalizeIdentityAccess(identityOrPrivateKey);
|
|
81
|
-
const
|
|
82
|
-
|
|
83
|
-
|
|
66
|
+
const repo = new SealedJsonRepository(storage, identityPrivateVaultProfileKey(identity.identityId), deriveIdentityPrivateVaultKey(identity));
|
|
67
|
+
return repo.read(null);
|
|
68
|
+
}
|
|
69
|
+
/**
|
|
70
|
+
* Unified metadata reader for identities.
|
|
71
|
+
* Handles both open discovery (identityId only) and authorized read (privateKey).
|
|
72
|
+
*/
|
|
73
|
+
export async function readIdentityMetadata(storage, identityId, privateKey) {
|
|
74
|
+
// If private key is provided, we prefer the full sealed profile
|
|
75
|
+
if (privateKey) {
|
|
76
|
+
try {
|
|
77
|
+
const identity = restoreIdentity(privateKey);
|
|
78
|
+
if (identity.identityId !== identityId) {
|
|
79
|
+
throw new Error("identityId mismatch");
|
|
80
|
+
}
|
|
81
|
+
return await readIdentityPrivateVaultProfile(storage, identity);
|
|
82
|
+
}
|
|
83
|
+
catch {
|
|
84
|
+
// Fallback to public if privateKey is invalid or decryption fails
|
|
85
|
+
}
|
|
84
86
|
}
|
|
85
|
-
|
|
87
|
+
// Otherwise, read the public discovery profile
|
|
88
|
+
const publicPath = identityPrivateVaultPublicProfileKey(identityId);
|
|
89
|
+
const publicData = await storage.read(publicPath);
|
|
90
|
+
if (publicData) {
|
|
91
|
+
try {
|
|
92
|
+
return JSON.parse(publicData.toString());
|
|
93
|
+
}
|
|
94
|
+
catch {
|
|
95
|
+
return null;
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
return null;
|
|
86
99
|
}
|
|
87
100
|
export async function readIdentityPrivateVaultChildrenState(storage, identityOrPrivateKey) {
|
|
88
101
|
const identity = normalizeIdentityAccess(identityOrPrivateKey);
|
|
89
|
-
const
|
|
90
|
-
|
|
91
|
-
return { nextChildIndex: 0, children: [] };
|
|
92
|
-
}
|
|
93
|
-
const parsed = unsealIdentityPrivateVaultJson(identity, raw, "identity_private_vault_children");
|
|
102
|
+
const repo = new SealedJsonRepository(storage, identityPrivateVaultChildrenKey(identity.identityId), deriveIdentityPrivateVaultKey(identity));
|
|
103
|
+
const parsed = await repo.read({ nextChildIndex: 0, children: [] });
|
|
94
104
|
return {
|
|
95
105
|
nextChildIndex: parsed.nextChildIndex ?? parsed.children.length,
|
|
96
106
|
children: parsed.children ?? [],
|
|
@@ -98,7 +108,8 @@ export async function readIdentityPrivateVaultChildrenState(storage, identityOrP
|
|
|
98
108
|
}
|
|
99
109
|
export async function writeIdentityPrivateVaultChildrenState(storage, identityOrPrivateKey, state) {
|
|
100
110
|
const identity = normalizeIdentityAccess(identityOrPrivateKey);
|
|
101
|
-
|
|
111
|
+
const repo = new SealedJsonRepository(storage, identityPrivateVaultChildrenKey(identity.identityId), deriveIdentityPrivateVaultKey(identity));
|
|
112
|
+
await repo.write(state, "identity_private_vault_children");
|
|
102
113
|
}
|
|
103
114
|
export async function withIdentityPrivateVaultLock(storage, identityOrPrivateKey, task) {
|
|
104
115
|
const identity = normalizeIdentityAccess(identityOrPrivateKey);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"private-vault.js","sourceRoot":"","sources":["../../src/runtime/private-vault.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"private-vault.js","sourceRoot":"","sources":["../../src/runtime/private-vault.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAE1D,OAAO,EAAE,eAAe,EAAwB,MAAM,eAAe,CAAC;AAEtE,MAAM,oBAAoB,GAAG,YAAY,CAAC;AAC1C,MAAM,yBAAyB,GAAG,OAAO,CAAC;AAgC1C,MAAM,UAAU,0BAA0B,CAAC,UAAkB;IAC3D,OAAO,GAAG,oBAAoB,IAAI,UAAU,EAAE,CAAC;AACjD,CAAC;AAED,MAAM,UAAU,8BAA8B,CAAC,UAAkB;IAC/D,OAAO,GAAG,0BAA0B,CAAC,UAAU,CAAC,wBAAwB,CAAC;AAC3E,CAAC;AAED,MAAM,UAAU,+BAA+B,CAAC,UAAkB;IAChE,OAAO,GAAG,0BAA0B,CAAC,UAAU,CAAC,yBAAyB,CAAC;AAC5E,CAAC;AAED,MAAM,UAAU,oCAAoC,CAAC,UAAkB;IACrE,OAAO,GAAG,0BAA0B,CAAC,UAAU,CAAC,sBAAsB,CAAC;AACzE,CAAC;AAED,SAAS,OAAO,CAAC,UAAkB;IACjC,OAAO,GAAG,0BAA0B,CAAC,UAAU,CAAC,sBAAsB,yBAAyB,EAAE,CAAC;AACpG,CAAC;AAED,SAAS,uBAAuB,CAAC,oBAAgD;IAC/E,IAAI,OAAO,oBAAoB,KAAK,QAAQ,EAAE,CAAC;QAC7C,OAAO,eAAe,CAAC,oBAAoB,CAAC,CAAC;IAC/C,CAAC;IACD,OAAO,oBAAoB,CAAC;AAC9B,CAAC;AAED,SAAS,6BAA6B,CAAC,QAAyB;IAC9D,OAAO,UAAU,CAAC,QAAQ,CAAC;SACxB,MAAM,CAAC,gCAAgC,CAAC;SACxC,MAAM,CAAC,IAAI,CAAC;SACZ,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC;SAC3B,MAAM,CAAC,IAAI,CAAC;SACZ,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC;SAC3B,MAAM,CAAC,WAAW,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAC9C,OAAyB,EACzB,QAAyB;IAEzB,MAAM,OAAO,GAAgC;QAC3C,UAAU,EAAE,QAAQ,CAAC,UAAU;QAC/B,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,SAAS,EAAE,QAAQ,CAAC,SAAS;QAC7B,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;QAC3C,UAAU,EAAE,QAAQ,CAAC,UAAU;KAChC,CAAC;IACF,MAAM,WAAW,GAAG,IAAI,oBAAoB,CAC1C,OAAO,EACP,8BAA8B,CAAC,QAAQ,CAAC,UAAU,CAAC,EACnD,6BAA6B,CAAC,QAAQ,CAAC,CACxC,CAAC;IACF,MAAM,WAAW,CAAC,KAAK,CAAC,OAAO,EAAE,gCAAgC,CAAC,CAAC;IAEnE,0CAA0C;IAC1C,MAAM,aAAa,GAA0B;QAC3C,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;KAC3C,CAAC;IACF,MAAM,OAAO,CAAC,KAAK,CACjB,oCAAoC,CAAC,QAAQ,CAAC,UAAU,CAAC,EACzD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CACpD,CAAC;IAEF,MAAM,WAAW,GAAG,+BAA+B,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IACzE,IAAI,CAAC,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;QACtC,MAAM,UAAU,GAAsC;YACpD,cAAc,EAAE,CAAC;YACjB,QAAQ,EAAE,EAAE;SACb,CAAC;QACF,MAAM,YAAY,GAAG,IAAI,oBAAoB,CAC3C,OAAO,EACP,WAAW,EACX,6BAA6B,CAAC,QAAQ,CAAC,CACxC,CAAC;QACF,MAAM,YAAY,CAAC,KAAK,CAAC,UAAU,EAAE,iCAAiC,CAAC,CAAC;IAC1E,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,+BAA+B,CACnD,OAAyB,EACzB,oBAAgD;IAEhD,MAAM,QAAQ,GAAG,uBAAuB,CAAC,oBAAoB,CAAC,CAAC;IAC/D,MAAM,IAAI,GAAG,IAAI,oBAAoB,CACnC,OAAO,EACP,8BAA8B,CAAC,QAAQ,CAAC,UAAU,CAAC,EACnD,6BAA6B,CAAC,QAAQ,CAAC,CACxC,CAAC;IACF,OAAO,IAAI,CAAC,IAAI,CAAC,IAAW,CAAC,CAAC;AAChC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,OAAyB,EACzB,UAAkB,EAClB,UAAmB;IAEnB,gEAAgE;IAChE,IAAI,UAAU,EAAE,CAAC;QACf,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;YAC7C,IAAI,QAAQ,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;gBACvC,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;YACzC,CAAC;YACD,OAAO,MAAM,+BAA+B,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAClE,CAAC;QAAC,MAAM,CAAC;YACP,kEAAkE;QACpE,CAAC;IACH,CAAC;IAED,+CAA+C;IAC/C,MAAM,UAAU,GAAG,oCAAoC,CAAC,UAAU,CAAC,CAAC;IACpE,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAClD,IAAI,UAAU,EAAE,CAAC;QACf,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,EAAE,CAA0B,CAAC;QACpE,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qCAAqC,CACzD,OAAyB,EACzB,oBAAgD;IAEhD,MAAM,QAAQ,GAAG,uBAAuB,CAAC,oBAAoB,CAAC,CAAC;IAC/D,MAAM,IAAI,GAAG,IAAI,oBAAoB,CACnC,OAAO,EACP,+BAA+B,CAAC,QAAQ,CAAC,UAAU,CAAC,EACpD,6BAA6B,CAAC,QAAQ,CAAC,CACxC,CAAC;IACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,EAAE,cAAc,EAAE,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;IACpE,OAAO;QACL,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM;QAC/D,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;KAChC,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sCAAsC,CAC1D,OAAyB,EACzB,oBAAgD,EAChD,KAAwC;IAExC,MAAM,QAAQ,GAAG,uBAAuB,CAAC,oBAAoB,CAAC,CAAC;IAC/D,MAAM,IAAI,GAAG,IAAI,oBAAoB,CACnC,OAAO,EACP,+BAA+B,CAAC,QAAQ,CAAC,UAAU,CAAC,EACpD,6BAA6B,CAAC,QAAQ,CAAC,CACxC,CAAC;IACF,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,iCAAiC,CAAC,CAAC;AAC7D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAChD,OAAyB,EACzB,oBAAgD,EAChD,IAAsB;IAEtB,MAAM,QAAQ,GAAG,uBAAuB,CAAC,oBAAoB,CAAC,CAAC;IAC/D,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,OAAO,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC,CAAC;IAC9D,CAAC;IACD,OAAO,IAAI,EAAE,CAAC;AAChB,CAAC"}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import type { IStorageProvider } from "../storage/provider.js";
|
|
2
2
|
export interface VaultProfile {
|
|
3
|
-
|
|
4
|
-
|
|
3
|
+
sealed: Record<string, any>;
|
|
4
|
+
public: Record<string, any>;
|
|
5
5
|
}
|
|
6
|
-
export declare function writeVaultProfile(storage: IStorageProvider, profile: VaultProfile): Promise<void>;
|
|
7
|
-
export declare function readVaultProfile(storage: IStorageProvider): Promise<VaultProfile | null>;
|
|
6
|
+
export declare function writeVaultProfile(storage: IStorageProvider, profile: VaultProfile, vaultWorkingKey: string): Promise<void>;
|
|
7
|
+
export declare function readVaultProfile(storage: IStorageProvider, vaultWorkingKey: string): Promise<VaultProfile | null>;
|
|
@@ -1,13 +1,32 @@
|
|
|
1
1
|
import { Buffer } from "node:buffer";
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
2
|
+
import { SealedJsonRepository } from "../sealed/index.js";
|
|
3
|
+
const VAULT_SEALED_PROFILE_KEY = "vault/sealed/profile.sealed";
|
|
4
|
+
const VAULT_PUBLIC_PROFILE_KEY = "vault/public/profile.json";
|
|
5
|
+
export async function writeVaultProfile(storage, profile, vaultWorkingKey) {
|
|
6
|
+
// 1. Write Sealed Profile
|
|
7
|
+
const repo = new SealedJsonRepository(storage, VAULT_SEALED_PROFILE_KEY, vaultWorkingKey);
|
|
8
|
+
await repo.write(profile.sealed, "vault_profile_sealed");
|
|
9
|
+
// 2. Write Public Profile
|
|
10
|
+
if (profile.public && Object.keys(profile.public).length > 0) {
|
|
11
|
+
await storage.write(VAULT_PUBLIC_PROFILE_KEY, Buffer.from(JSON.stringify(profile.public, null, 2), "utf8"));
|
|
12
|
+
}
|
|
13
|
+
else {
|
|
14
|
+
if (await storage.has(VAULT_PUBLIC_PROFILE_KEY)) {
|
|
15
|
+
await storage.delete(VAULT_PUBLIC_PROFILE_KEY);
|
|
16
|
+
}
|
|
17
|
+
}
|
|
5
18
|
}
|
|
6
|
-
export async function readVaultProfile(storage) {
|
|
7
|
-
const
|
|
8
|
-
|
|
19
|
+
export async function readVaultProfile(storage, vaultWorkingKey) {
|
|
20
|
+
const repo = new SealedJsonRepository(storage, VAULT_SEALED_PROFILE_KEY, vaultWorkingKey);
|
|
21
|
+
const sealed = await repo.read(null);
|
|
22
|
+
if (!sealed) {
|
|
9
23
|
return null;
|
|
10
24
|
}
|
|
11
|
-
|
|
25
|
+
const publicRaw = await storage.read(VAULT_PUBLIC_PROFILE_KEY);
|
|
26
|
+
const publicData = publicRaw ? JSON.parse(publicRaw.toString("utf8")) : {};
|
|
27
|
+
return {
|
|
28
|
+
sealed,
|
|
29
|
+
public: publicData,
|
|
30
|
+
};
|
|
12
31
|
}
|
|
13
32
|
//# sourceMappingURL=vault-metadata.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vault-metadata.js","sourceRoot":"","sources":["../../src/runtime/vault-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"vault-metadata.js","sourceRoot":"","sources":["../../src/runtime/vault-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAErC,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAO1D,MAAM,wBAAwB,GAAG,6BAA6B,CAAC;AAC/D,MAAM,wBAAwB,GAAG,2BAA2B,CAAC;AAE7D,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,OAAyB,EACzB,OAAqB,EACrB,eAAuB;IAEvB,0BAA0B;IAC1B,MAAM,IAAI,GAAG,IAAI,oBAAoB,CAAsB,OAAO,EAAE,wBAAwB,EAAE,eAAe,CAAC,CAAC;IAC/G,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,sBAAsB,CAAC,CAAC;IAEzD,0BAA0B;IAC1B,IAAI,OAAO,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7D,MAAM,OAAO,CAAC,KAAK,CAAC,wBAAwB,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IAC9G,CAAC;SAAM,CAAC;QACN,IAAI,MAAM,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,EAAE,CAAC;YAChD,MAAM,OAAO,CAAC,MAAM,CAAC,wBAAwB,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,OAAyB,EACzB,eAAuB;IAEvB,MAAM,IAAI,GAAG,IAAI,oBAAoB,CAAsB,OAAO,EAAE,wBAAwB,EAAE,eAAe,CAAC,CAAC;IAC/G,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAW,CAAC,CAAC;IAC5C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IAC/D,MAAM,UAAU,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAE3E,OAAO;QACL,MAAM;QACN,MAAM,EAAE,UAAU;KACnB,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Sealed blob export. Seal/unseal primitives and sealed blob format helpers.
|
|
3
|
+
* Do not depend on agent-facing client code.
|
|
4
|
+
*/
|
|
5
|
+
export { sealBlob, unsealBlob, SEALED_BLOB_VERSION } from './seal.js';
|
|
6
|
+
export type { SealedBlobPayload } from './seal.js';
|
|
7
|
+
export { SealedJsonRepository } from './json-repo.js';
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Sealed blob export. Seal/unseal primitives and sealed blob format helpers.
|
|
3
|
+
* Do not depend on agent-facing client code.
|
|
4
|
+
*/
|
|
5
|
+
export { sealBlob, unsealBlob, SEALED_BLOB_VERSION } from './seal.js';
|
|
6
|
+
export { SealedJsonRepository } from './json-repo.js';
|
|
7
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sealed/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAEtE,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import type { IStorageProvider } from "../storage/provider.js";
|
|
2
|
+
/**
|
|
3
|
+
* Universal sealed JSON storage repository.
|
|
4
|
+
* Used by both ordinary vaults and identity private vaults.
|
|
5
|
+
*/
|
|
6
|
+
export declare class SealedJsonRepository<T> {
|
|
7
|
+
readonly storage: IStorageProvider;
|
|
8
|
+
private readonly _key;
|
|
9
|
+
private readonly _vaultWorkingKey?;
|
|
10
|
+
constructor(storage: IStorageProvider, _key: string, _vaultWorkingKey?: string | undefined);
|
|
11
|
+
read(fallback: T): Promise<T>;
|
|
12
|
+
write(value: T, metadataKind?: string): Promise<void>;
|
|
13
|
+
}
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
import { Buffer } from "node:buffer";
|
|
2
|
+
import { sealBlob, unsealBlob } from "./seal.js";
|
|
3
|
+
/**
|
|
4
|
+
* Universal sealed JSON storage repository.
|
|
5
|
+
* Used by both ordinary vaults and identity private vaults.
|
|
6
|
+
*/
|
|
7
|
+
export class SealedJsonRepository {
|
|
8
|
+
storage;
|
|
9
|
+
_key;
|
|
10
|
+
_vaultWorkingKey;
|
|
11
|
+
constructor(storage, _key, _vaultWorkingKey) {
|
|
12
|
+
this.storage = storage;
|
|
13
|
+
this._key = _key;
|
|
14
|
+
this._vaultWorkingKey = _vaultWorkingKey;
|
|
15
|
+
}
|
|
16
|
+
async read(fallback) {
|
|
17
|
+
const payload = await this.storage.read(this._key);
|
|
18
|
+
if (!payload) {
|
|
19
|
+
return fallback;
|
|
20
|
+
}
|
|
21
|
+
if (!this._vaultWorkingKey) {
|
|
22
|
+
return JSON.parse(payload.toString("utf8"));
|
|
23
|
+
}
|
|
24
|
+
try {
|
|
25
|
+
const unsealed = unsealBlob(payload.toString("utf8"), this._vaultWorkingKey);
|
|
26
|
+
const secretPayload = unsealed.secrets.payload;
|
|
27
|
+
if (typeof secretPayload !== "string") {
|
|
28
|
+
throw new Error("sealed payload missing body");
|
|
29
|
+
}
|
|
30
|
+
return JSON.parse(secretPayload);
|
|
31
|
+
}
|
|
32
|
+
catch (e) {
|
|
33
|
+
// If we have a key but unseal fails, it might be legacy plaintext or wrong key.
|
|
34
|
+
throw e;
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
async write(value, metadataKind) {
|
|
38
|
+
if (!this._vaultWorkingKey) {
|
|
39
|
+
const data = Buffer.from(JSON.stringify(value, null, 2), "utf8");
|
|
40
|
+
await this.storage.write(this._key, data);
|
|
41
|
+
return;
|
|
42
|
+
}
|
|
43
|
+
const sealed = sealBlob({
|
|
44
|
+
version: "v1.0",
|
|
45
|
+
secrets: {
|
|
46
|
+
payload: JSON.stringify(value),
|
|
47
|
+
},
|
|
48
|
+
secretMetadata: {
|
|
49
|
+
kind: metadataKind || "sealed_json",
|
|
50
|
+
key: this._key,
|
|
51
|
+
},
|
|
52
|
+
}, this._vaultWorkingKey);
|
|
53
|
+
await this.storage.write(this._key, Buffer.from(sealed, "utf8"));
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
//# sourceMappingURL=json-repo.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"json-repo.js","sourceRoot":"","sources":["../../src/sealed/json-repo.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAGjD;;;GAGG;AACH,MAAM,OAAO,oBAAoB;IAEb;IACC;IACA;IAHnB,YACkB,OAAyB,EACxB,IAAY,EACZ,gBAAyB;QAF1B,YAAO,GAAP,OAAO,CAAkB;QACxB,SAAI,GAAJ,IAAI,CAAQ;QACZ,qBAAgB,GAAhB,gBAAgB,CAAS;IACzC,CAAC;IAEJ,KAAK,CAAC,IAAI,CAAC,QAAW;QACpB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAM,CAAC;QACnD,CAAC;QACD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAC7E,MAAM,aAAa,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC;YAC/C,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE,CAAC;gBACtC,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;YACjD,CAAC;YACD,OAAO,IAAI,CAAC,KAAK,CAAC,aAAa,CAAM,CAAC;QACxC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,gFAAgF;YAChF,MAAM,CAAC,CAAC;QACV,CAAC;IACH,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,KAAQ,EAAE,YAAqB;QACzC,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC3B,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;YACjE,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YAC1C,OAAO;QACT,CAAC;QACD,MAAM,MAAM,GAAG,QAAQ,CACrB;YACE,OAAO,EAAE,MAAM;YACf,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;aAC/B;YACD,cAAc,EAAE;gBACd,IAAI,EAAE,YAAY,IAAI,aAAa;gBACnC,GAAG,EAAE,IAAI,CAAC,IAAI;aACf;SACF,EACD,IAAI,CAAC,gBAAgB,CACtB,CAAC;QACF,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACnE,CAAC;CACF"}
|
|
@@ -3,7 +3,7 @@ import type { AgentCapability, AgentIdentityRecord, AuditEntry, AuditQuery, Owne
|
|
|
3
3
|
import type { AgentIdentityRegistry, AuditLog, CapabilityRegistry, CapabilityRevocationRegistry, CustomHttpFlowRegistry, OwnerIdentityRegistry, RateLimitStore, ReplayGuard, SecretCustody, SecretRepository } from "./ports.js";
|
|
4
4
|
import { createDefaultVaultCoreDependencies, type CreateDefaultVaultCoreDependenciesOptions } from "./defaults.js";
|
|
5
5
|
import type { DispatchRequest } from "./contracts.js";
|
|
6
|
-
export declare const DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY = "vault/custody/working-key.sealed";
|
|
6
|
+
export declare const DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY = "vault/sealed/custody/working-key.sealed";
|
|
7
7
|
export interface InitializeVaultCustodyOptions {
|
|
8
8
|
vaultWorkingKey?: string;
|
|
9
9
|
vaultRecoveryKey?: string;
|
|
@@ -21,10 +21,9 @@ export interface CreatePersistentVaultCoreDependenciesOptions extends CreateDefa
|
|
|
21
21
|
export declare function initializeVaultCustody(storage: IStorageProvider, options?: InitializeVaultCustodyOptions): Promise<InitializedVaultCustody>;
|
|
22
22
|
export declare function recoverVaultWorkingKey(storage: IStorageProvider, vaultRecoveryKey: string, storageKey?: string): Promise<string>;
|
|
23
23
|
export declare class FileSecretRepository implements SecretRepository {
|
|
24
|
-
private readonly _storage;
|
|
25
|
-
private readonly _key;
|
|
26
24
|
private readonly _lockKey;
|
|
27
|
-
|
|
25
|
+
private readonly _repo;
|
|
26
|
+
constructor(storage: IStorageProvider, vaultWorkingKey: string, key?: string, _lockKey?: string);
|
|
28
27
|
private loadState;
|
|
29
28
|
save(record: SecretRecord): Promise<void>;
|
|
30
29
|
delete(secretId: SecretId): Promise<void>;
|
|
@@ -32,19 +31,17 @@ export declare class FileSecretRepository implements SecretRepository {
|
|
|
32
31
|
getById(secretId: SecretId): Promise<SecretRecord | null>;
|
|
33
32
|
}
|
|
34
33
|
export declare class FileAgentIdentityRegistry implements AgentIdentityRegistry {
|
|
35
|
-
private readonly _storage;
|
|
36
|
-
private readonly _key;
|
|
37
34
|
private readonly _lockKey;
|
|
38
|
-
|
|
35
|
+
private readonly _repo;
|
|
36
|
+
constructor(storage: IStorageProvider, vaultWorkingKey: string, key?: string, _lockKey?: string);
|
|
39
37
|
private loadState;
|
|
40
38
|
register(identity: AgentIdentityRecord): Promise<void>;
|
|
41
39
|
get(vaultId: VaultId, agentId: string): Promise<AgentIdentityRecord | null>;
|
|
42
40
|
}
|
|
43
41
|
export declare class FileOwnerIdentityRegistry implements OwnerIdentityRegistry {
|
|
44
|
-
private readonly _storage;
|
|
45
|
-
private readonly _key;
|
|
46
42
|
private readonly _lockKey;
|
|
47
|
-
|
|
43
|
+
private readonly _repo;
|
|
44
|
+
constructor(storage: IStorageProvider, vaultWorkingKey: string, key?: string, _lockKey?: string);
|
|
48
45
|
private loadState;
|
|
49
46
|
register(identity: OwnerIdentityRecord): Promise<void>;
|
|
50
47
|
get(vaultId: VaultId, ownerId: string): Promise<OwnerIdentityRecord | null>;
|
|
@@ -72,43 +69,38 @@ export declare class FileSecretCustody implements SecretCustody {
|
|
|
72
69
|
delete(secretId: SecretId): Promise<void>;
|
|
73
70
|
}
|
|
74
71
|
export declare class FileReplayGuard implements ReplayGuard {
|
|
75
|
-
private readonly _storage;
|
|
76
|
-
private readonly _key;
|
|
77
72
|
private readonly _lockKey;
|
|
78
73
|
private readonly _ttlMs;
|
|
79
|
-
|
|
74
|
+
private readonly _repo;
|
|
75
|
+
constructor(storage: IStorageProvider, vaultWorkingKey: string, key?: string, _lockKey?: string, _ttlMs?: number);
|
|
80
76
|
assertNotReplayed(request: DispatchRequest): Promise<void>;
|
|
81
77
|
}
|
|
82
78
|
export declare class FileCapabilityRegistry implements CapabilityRegistry {
|
|
83
|
-
private readonly _storage;
|
|
84
|
-
private readonly _key;
|
|
85
79
|
private readonly _lockKey;
|
|
86
|
-
|
|
80
|
+
private readonly _repo;
|
|
81
|
+
constructor(storage: IStorageProvider, vaultWorkingKey: string, key?: string, _lockKey?: string);
|
|
87
82
|
private loadState;
|
|
88
83
|
register(capability: AgentCapability): Promise<void>;
|
|
89
84
|
get(vaultId: VaultId, agentId: string, capabilityId: string): Promise<AgentCapability | null>;
|
|
90
85
|
}
|
|
91
86
|
export declare class FileRateLimitStore implements RateLimitStore {
|
|
92
|
-
private readonly _storage;
|
|
93
|
-
private readonly _key;
|
|
94
87
|
private readonly _lockKey;
|
|
95
|
-
|
|
88
|
+
private readonly _repo;
|
|
89
|
+
constructor(storage: IStorageProvider, vaultWorkingKey: string, key?: string, _lockKey?: string);
|
|
96
90
|
consume(key: string, maxRequests: number, windowMs: number, nowMs: number): Promise<void>;
|
|
97
91
|
}
|
|
98
92
|
export declare class FileCapabilityRevocationRegistry implements CapabilityRevocationRegistry {
|
|
99
|
-
private readonly _storage;
|
|
100
|
-
private readonly _key;
|
|
101
93
|
private readonly _lockKey;
|
|
102
|
-
|
|
94
|
+
private readonly _repo;
|
|
95
|
+
constructor(storage: IStorageProvider, vaultWorkingKey: string, key?: string, _lockKey?: string);
|
|
103
96
|
private compositeKey;
|
|
104
97
|
get(vaultId: VaultId, agentId: string, capabilityId: string): Promise<number>;
|
|
105
98
|
revoke(vaultId: VaultId, agentId: string, capabilityId: string): Promise<number>;
|
|
106
99
|
}
|
|
107
100
|
export declare class FileCustomHttpFlowRegistry implements CustomHttpFlowRegistry {
|
|
108
|
-
private readonly _storage;
|
|
109
|
-
private readonly _key;
|
|
110
101
|
private readonly _lockKey;
|
|
111
|
-
|
|
102
|
+
private readonly _repo;
|
|
103
|
+
constructor(storage: IStorageProvider, vaultWorkingKey: string, key?: string, _lockKey?: string);
|
|
112
104
|
private loadState;
|
|
113
105
|
register(flow: CustomHttpFlowDefinition): Promise<void>;
|
|
114
106
|
get(vaultId: VaultId, flowId: string): Promise<CustomHttpFlowDefinition | null>;
|