@the-ai-company/cbio-node-runtime 1.45.5 → 1.46.0

package/dist/clients/owner/client.d.ts

@@ -10,17 +10,11 @@ export interface VaultSigner {
 }
 /**
  * A client for vault owners to manage secrets, agents, and capabilities.
- * This client requires an owner signature for every operation.
+ * In Sovereign Vault model, administrative actions are implicitly authorized by the working key.
  */
 export interface VaultClient {
     /**
      * Securely stores a new secret in the vault.
-     * @param input - The secret alias and plaintext.
-     * @returns The record of the stored secret.
-     * @example
-     * ```ts
-     * await client.storeSecret({ alias: 'db-pass', plaintext: 's3cret' });
-     * ```
      */
     storeSecret(input: OwnerStoreSecretInput): Promise<import("../../vault-core/index.js").SecretRecord>;
     /**
@@ -32,7 +26,7 @@ export interface VaultClient {
      */
     writeSecret(input: OwnerWriteSecretInput): Promise<import("../../vault-core/index.js").SecretRecord>;
     /**
-     * Exports a secret's plaintext (requires owner permission).
+     * Exports a secret's plaintext.
      */
     exportSecret(input: VaultExportSecretInput): Promise<import("../../vault-core/index.js").OwnerSecretExport>;
     /**
@@ -69,15 +63,15 @@ export interface VaultClient {
     revokeCapability(input: VaultRevokeCapabilityInput): Promise<void>;
 }
 export interface CreateVaultClientOptions {
-    ownerIdentity: CreatedIdentity | VaultIdentity;
     vault: VaultService;
+    ownerIdentity?: CreatedIdentity | VaultIdentity;
     signer?: VaultSigner;
     clock?: Clock;
 }
 /**
  * Creates a {@link VaultClient} instance for a specific vault owner.
  *
- * @param options - Configuration including owner identity and the vault service.
+ * @param options - Configuration including optional owner identity and the vault service.
  * @returns An initialized {@link VaultClient}.
  *
  * @example

package/dist/clients/owner/client.js

@@ -1,224 +1,138 @@
 import { LocalSigner } from "../../protocol/crypto.js";
 import { SystemClock } from "../../vault-core/index.js";
+const VAULT_MASTER_ID = "vault-master";
 class DefaultVaultClient {
-    _identity;
     _vault;
+    _identity;
     _signer;
     _clock;
-    constructor(_identity, _vault, _signer, _clock) {
-        this._identity = _identity;
+    _identityId;
+    constructor(_vault, _identity, _signer, _clock = new SystemClock()) {
         this._vault = _vault;
+        this._identity = _identity;
         this._signer = _signer;
         this._clock = _clock;
+        this._identityId = _identity?.identityId ?? VAULT_MASTER_ID;
     }
     async storeSecret(input) {
         const requestedAt = input.requestedAt ?? this._clock.nowIso();
-        const requestId = `${this._identity.identityId}:${requestedAt}:${input.alias}:write_secret`;
-        const signature = await this._signer.sign(JSON.stringify({
-            requestId,
-            requestedAt,
-            ownerId: this._identity.identityId,
-            alias: input.alias,
-            plaintext: input.plaintext,
-            targetBindings: [],
-        }));
+        const requestId = `${this._identityId}:${requestedAt}:${input.alias}:write_secret`;
         return this._vault.writeSecret({
             kind: "owner.write_secret",
             vaultId: this._vault.vaultId,
             requestId,
             owner: {
                 kind: "owner",
-                id: this._identity.identityId,
+                id: this._identityId,
             },
             alias: input.alias,
             plaintext: input.plaintext,
             targetBindings: [],
             requestedAt,
-            proof: {
-                ownerId: this._identity.identityId,
-                signature,
-                requestId,
-                requestedAt,
-            },
         });
     }
     async defineSecretTargets(input) {
         const requestedAt = input.requestedAt ?? this._clock.nowIso();
-        const requestId = `${this._identity.identityId}:${requestedAt}:${input.alias}:define_secret_targets`;
+        const requestId = `${this._identityId}:${requestedAt}:${input.alias}:define_secret_targets`;
         const targetBindings = [...input.targetBindings];
-        const signature = await this._signer.sign(JSON.stringify({
-            requestId,
-            requestedAt,
-            ownerId: this._identity.identityId,
-            alias: input.alias,
-            targetBindings,
-        }));
         return this._vault.defineSecretTargets({
             vaultId: this._vault.vaultId,
             requestId,
             owner: {
                 kind: "owner",
-                id: this._identity.identityId,
+                id: this._identityId,
             },
             alias: input.alias,
             targetBindings,
             requestedAt,
-            proof: {
-                ownerId: this._identity.identityId,
-                signature,
-                requestId,
-                requestedAt,
-            },
         });
     }
     async writeSecret(input) {
         const requestedAt = input.requestedAt ?? this._clock.nowIso();
-        const requestId = `${this._identity.identityId}:${requestedAt}:${input.alias}:write_secret`;
+        const requestId = `${this._identityId}:${requestedAt}:${input.alias}:write_secret`;
         const targetBindings = [...input.targetBindings];
-        const signature = await this._signer.sign(JSON.stringify({
-            requestId,
-            requestedAt,
-            ownerId: this._identity.identityId,
-            alias: input.alias,
-            plaintext: input.plaintext,
-            targetBindings,
-        }));
         return this._vault.writeSecret({
             kind: "owner.write_secret",
             vaultId: this._vault.vaultId,
             requestId,
             owner: {
                 kind: "owner",
-                id: this._identity.identityId,
+                id: this._identityId,
             },
             alias: input.alias,
             plaintext: input.plaintext,
             targetBindings,
             requestedAt,
-            proof: {
-                ownerId: this._identity.identityId,
-                signature,
-                requestId,
-                requestedAt,
-            },
         });
     }
     async readAudit(query = {}) {
         const requestedAt = this._clock.nowIso();
-        const requestId = `${this._identity.identityId}:${requestedAt}:read_audit`;
-        const signature = await this._signer.sign(JSON.stringify({
-            requestId,
-            requestedAt,
-            ownerId: this._identity.identityId,
-            query,
-        }));
+        const requestId = `${this._identityId}:${requestedAt}:read_audit`;
         return this._vault.readAudit({
             vaultId: this._vault.vaultId,
             actor: {
                 kind: "owner",
-                id: this._identity.identityId,
+                id: this._identityId,
             },
             query,
             requestId,
             requestedAt,
-            proof: {
-                ownerId: this._identity.identityId,
-                signature,
-                requestId,
-                requestedAt,
-            },
         });
     }
     async exportSecret(input) {
         const requestedAt = input.requestedAt ?? this._clock.nowIso();
-        const requestId = `${this._identity.identityId}:${requestedAt}:${input.alias}:export_secret`;
-        const signature = await this._signer.sign(JSON.stringify({
-            requestId,
-            requestedAt,
-            ownerId: this._identity.identityId,
-            alias: input.alias,
-        }));
+        const requestId = `${this._identityId}:${requestedAt}:${input.alias}:export_secret`;
         return this._vault.exportSecret({
             vaultId: this._vault.vaultId,
             actor: {
                 kind: "owner",
-                id: this._identity.identityId,
+                id: this._identityId,
             },
             alias: input.alias,
             requestId,
             requestedAt,
-            proof: {
-                ownerId: this._identity.identityId,
-                signature,
-                requestId,
-                requestedAt,
-            },
         });
     }
     async registerAgent(input) {
         const requestedAt = input.requestedAt ?? this._clock.nowIso();
-        const requestId = `${this._identity.identityId}:${requestedAt}:${input.agentId}:register_agent_identity`;
+        const requestId = `${this._identityId}:${requestedAt}:${input.agentId}:register_agent_identity`;
         const agentIdentity = {
             vaultId: this._vault.vaultId,
             agentId: input.agentId,
             publicKey: input.publicKey,
         };
-        const signature = await this._signer.sign(JSON.stringify({
-            requestId,
-            requestedAt,
-            ownerId: this._identity.identityId,
-            agentIdentity,
-        }));
         await this._vault.registerAgentIdentity({
             vaultId: this._vault.vaultId,
             requestId,
             owner: {
                 kind: "owner",
-                id: this._identity.identityId,
+                id: this._identityId,
             },
             agentIdentity,
             requestedAt,
-            proof: {
-                ownerId: this._identity.identityId,
-                signature,
-                requestId,
-                requestedAt,
-            },
         });
     }
     async grantCapability(input) {
         const requestedAt = input.requestedAt ?? this._clock.nowIso();
-        const requestId = `${this._identity.identityId}:${requestedAt}:${input.capability.capabilityId}:register_capability`;
+        const requestId = `${this._identityId}:${requestedAt}:${input.capability.capabilityId}:register_capability`;
         const capability = {
             ...input.capability,
             vaultId: this._vault.vaultId,
         };
-        const signature = await this._signer.sign(JSON.stringify({
-            requestId,
-            requestedAt,
-            ownerId: this._identity.identityId,
-            capability,
-        }));
         await this._vault.registerCapability({
             vaultId: this._vault.vaultId,
             requestId,
             owner: {
                 kind: "owner",
-                id: this._identity.identityId,
+                id: this._identityId,
             },
             capability,
             requestedAt,
-            proof: {
-                ownerId: this._identity.identityId,
-                signature,
-                requestId,
-                requestedAt,
-            },
         });
     }
     async registerFlow(input) {
         const requestedAt = input.requestedAt ?? this._clock.nowIso();
-        const requestId = `${this._identity.identityId}:${requestedAt}:${input.flowId}:register_custom_flow`;
+        const requestId = `${this._identityId}:${requestedAt}:${input.flowId}:register_custom_flow`;
         const flow = {
             flowId: input.flowId,
             mode: input.mode,
@@ -227,136 +141,76 @@ class DefaultVaultClient {
             responseVisibility: input.responseVisibility,
             responseSecret: input.responseSecret,
         };
-        const signature = await this._signer.sign(JSON.stringify({
-            requestId,
-            requestedAt,
-            ownerId: this._identity.identityId,
-            flow,
-        }));
         await this._vault.registerCustomFlow({
             vaultId: this._vault.vaultId,
             requestId,
             owner: {
                 kind: "owner",
-                id: this._identity.identityId,
+                id: this._identityId,
             },
             flow,
             requestedAt,
-            proof: {
-                ownerId: this._identity.identityId,
-                signature,
-                requestId,
-                requestedAt,
-            },
         });
     }
     async deleteSecret(input) {
         const requestedAt = input.requestedAt ?? this._clock.nowIso();
-        const requestId = `${this._identity.identityId}:${requestedAt}:${input.alias}:delete_secret`;
-        const signature = await this._signer.sign(JSON.stringify({
-            requestId,
-            requestedAt,
-            ownerId: this._identity.identityId,
-            alias: input.alias,
-        }));
+        const requestId = `${this._identityId}:${requestedAt}:${input.alias}:delete_secret`;
         await this._vault.deleteSecret({
             vaultId: this._vault.vaultId,
             requestId,
             owner: {
                 kind: "owner",
-                id: this._identity.identityId,
+                id: this._identityId,
             },
             alias: input.alias,
             requestedAt,
-            proof: {
-                ownerId: this._identity.identityId,
-                signature,
-                requestId,
-                requestedAt,
-            },
         });
     }
     async listAgents(input = {}) {
         const requestedAt = input.requestedAt ?? this._clock.nowIso();
-        const requestId = `${this._identity.identityId}:${requestedAt}:list_agents`;
-        const signature = await this._signer.sign(JSON.stringify({
-            requestId,
-            requestedAt,
-            ownerId: this._identity.identityId,
-        }));
+        const requestId = `${this._identityId}:${requestedAt}:list_agents`;
         return this._vault.listAgents({
             vaultId: this._vault.vaultId,
             requestId,
             requestedAt,
             actor: {
                 kind: "owner",
-                id: this._identity.identityId,
-            },
-            proof: {
-                ownerId: this._identity.identityId,
-                signature,
-                requestId,
-                requestedAt,
+                id: this._identityId,
             },
         });
     }
     async listCapabilities(input = {}) {
         const requestedAt = input.requestedAt ?? this._clock.nowIso();
-        const requestId = `${this._identity.identityId}:${requestedAt}:list_capabilities`;
-        const signature = await this._signer.sign(JSON.stringify({
-            requestId,
-            requestedAt,
-            ownerId: this._identity.identityId,
-            agentId: input.agentId ?? null,
-        }));
+        const requestId = `${this._identityId}:${requestedAt}:list_capabilities`;
         return this._vault.listCapabilities({
             vaultId: this._vault.vaultId,
             requestId,
             requestedAt,
             actor: {
                 kind: "owner",
-                id: this._identity.identityId,
+                id: this._identityId,
             },
             agentId: input.agentId,
-            proof: {
-                ownerId: this._identity.identityId,
-                signature,
-                requestId,
-                requestedAt,
-            },
         });
     }
     async revokeCapability(input) {
         const requestedAt = input.requestedAt ?? this._clock.nowIso();
-        const requestId = `${this._identity.identityId}:${requestedAt}:revoke_capability`;
-        const signature = await this._signer.sign(JSON.stringify({
-            requestId,
-            requestedAt,
-            ownerId: this._identity.identityId,
-            agentId: input.agentId,
-            capabilityId: input.capabilityId,
-        }));
+        const requestId = `${this._identityId}:${requestedAt}:revoke_capability`;
         return this._vault.revokeCapability({
             vaultId: this._vault.vaultId,
             requestId,
             requestedAt,
             owner: {
                 kind: "owner",
-                id: this._identity.identityId,
+                id: this._identityId,
             },
             agentId: input.agentId,
             capabilityId: input.capabilityId,
-            proof: {
-                ownerId: this._identity.identityId,
-                signature,
-                requestId,
-                requestedAt,
-            },
         });
     }
 }
 function isCreateVaultClientOptions(value) {
-    return typeof value === "object" && value !== null && "ownerIdentity" in value && "vault" in value;
+    return typeof value === "object" && value !== null && "vault" in value;
 }
 function isCreatedIdentity(value) {
     return "privateKey" in value && "publicKey" in value;
@@ -365,12 +219,15 @@ function resolveVaultSigner(identity, signer) {
     if (signer) {
         return signer;
     }
-    if (isCreatedIdentity(identity)) {
+    if (identity && isCreatedIdentity(identity)) {
         return new LocalSigner(identity);
     }
-    throw new Error("createVaultClient() requires signer when ownerIdentity does not include keys");
+    return undefined;
 }
 function resolveVaultIdentity(options) {
+    if (!options.ownerIdentity) {
+        return undefined;
+    }
     return {
         identityId: options.ownerIdentity.identityId,
     };
@@ -378,7 +235,7 @@ function resolveVaultIdentity(options) {
 /**
  * Creates a {@link VaultClient} instance for a specific vault owner.
  *
- * @param options - Configuration including owner identity and the vault service.
+ * @param options - Configuration including optional owner identity and the vault service.
  * @returns An initialized {@link VaultClient}.
  *
  * @example
@@ -391,8 +248,8 @@ function resolveVaultIdentity(options) {
  */
 export function createVaultClient(options) {
     if (!isCreateVaultClientOptions(options)) {
-        throw new Error("createVaultClient() requires a single options object");
+        throw new Error("createVaultClient() requires a single options object with 'vault'");
     }
-    return new DefaultVaultClient(resolveVaultIdentity(options), options.vault, resolveVaultSigner(options.ownerIdentity, options.signer), options.clock ?? new SystemClock());
+    return new DefaultVaultClient(options.vault, resolveVaultIdentity(options), resolveVaultSigner(options.ownerIdentity, options.signer), options.clock ?? new SystemClock());
 }
 //# sourceMappingURL=client.js.map

package/dist/clients/owner/client.js.map

@@ -1 +1 @@
-{"version":3,"file":"client.js","sourceRoot":"","sources":["../../../src/clients/owner/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAEvD,OAAO,EAAE,WAAW,EAAc,MAAM,2BAA2B,CAAC;AAwGpE,MAAM,kBAAkB;IAEH;IACA;IACA;IACA;IAJnB,YACmB,SAAwB,EACxB,MAAoB,EACpB,OAAoB,EACpB,MAAa;QAHb,cAAS,GAAT,SAAS,CAAe;QACxB,WAAM,GAAN,MAAM,CAAc;QACpB,YAAO,GAAP,OAAO,CAAa;QACpB,WAAM,GAAN,MAAM,CAAO;IAC7B,CAAC;IAEJ,KAAK,CAAC,WAAW,CAAC,KAA4B;QAC5C,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,WAAW,IAAI,KAAK,CAAC,KAAK,eAAe,CAAC;QAC5F,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;YACvD,SAAS;YACT,WAAW;YACX,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;YAClC,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,cAAc,EAAE,EAAE;SACnB,CAAC,CAAC,CAAC;QACJ,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;YAC7B,IAAI,EAAE,oBAAoB;YAC1B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;aAC9B;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,cAAc,EAAE,EAAE;YAClB,WAAW;YACX,KAAK,EAAE;gBACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;gBAClC,SAAS;gBACT,SAAS;gBACT,WAAW;aACZ;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,KAAoC;QAC5D,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,WAAW,IAAI,KAAK,CAAC,KAAK,wBAAwB,CAAC;QACrG,MAAM,cAAc,GAAG,CAAC,GAAG,KAAK,CAAC,cAAc,CAAC,CAAC;QACjD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;YACvD,SAAS;YACT,WAAW;YACX,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;YAClC,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,cAAc;SACf,CAAC,CAAC,CAAC;QACJ,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC;YACrC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;aAC9B;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,cAAc;YACd,WAAW;YACX,KAAK,EAAE;gBACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;gBAClC,SAAS;gBACT,SAAS;gBACT,WAAW;aACZ;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,KAA4B;QAC5C,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,WAAW,IAAI,KAAK,CAAC,KAAK,eAAe,CAAC;QAC5F,MAAM,cAAc,GAAG,CAAC,GAAG,KAAK,CAAC,cAAc,CAAC,CAAC;QACjD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;YACvD,SAAS;YACT,WAAW;YACX,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;YAClC,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,cAAc;SACf,CAAC,CAAC,CAAC;QACJ,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;YAC7B,IAAI,EAAE,oBAAoB;YAC1B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;aAC9B;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,cAAc;YACd,WAAW;YACX,KAAK,EAAE;gBACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;gBAClC,SAAS;gBACT,SAAS;gBACT,WAAW;aACZ;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,QAA8B,EAAE;QAC9C,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,WAAW,aAAa,CAAC;QAC3E,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;YACvD,SAAS;YACT,WAAW;YACX,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;YAClC,KAAK;SACN,CAAC,CAAC,CAAC;QACJ,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;YAC3B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;aAC9B;YACD,KAAK;YACL,SAAS;YACT,WAAW;YACX,KAAK,EAAE;gBACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;gBAClC,SAAS;gBACT,SAAS;gBACT,WAAW;aACZ;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,KAA6B;QAC9C,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,WAAW,IAAI,KAAK,CAAC,KAAK,gBAAgB,CAAC;QAC7F,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;YACvD,SAAS;YACT,WAAW;YACX,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;YAClC,KAAK,EAAE,KAAK,CAAC,KAAK;SACnB,CAAC,CAAC,CAAC;QACJ,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;YAC9B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;aAC9B;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,SAAS;YACT,WAAW;YACX,KAAK,EAAE;gBACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;gBAClC,SAAS;gBACT,SAAS;gBACT,WAAW;aACZ;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,KAA8B;QAChD,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,WAAW,IAAI,KAAK,CAAC,OAAO,0BAA0B,CAAC;QACzG,MAAM,aAAa,GAAG;YACpB,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,SAAS,EAAE,KAAK,CAAC,SAAS;SAC3B,CAAC;QACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;YACvD,SAAS;YACT,WAAW;YACX,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;YAClC,aAAa;SACd,CAAC,CAAC,CAAC;QACJ,MAAM,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC;YACtC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;aAC9B;YACD,aAAa;YACb,WAAW;YACX,KAAK,EAAE;gBACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;gBAClC,SAAS;gBACT,SAAS;gBACT,WAAW;aACZ;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,KAAgC;QACpD,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,WAAW,IAAI,KAAK,CAAC,UAAU,CAAC,YAAY,sBAAsB,CAAC;QACrH,MAAM,UAAU,GAAG;YACjB,GAAG,KAAK,CAAC,UAAU;YACnB,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;SAC7B,CAAC;QACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;YACvD,SAAS;YACT,WAAW;YACX,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;YAClC,UAAU;SACX,CAAC,CAAC,CAAC;QACJ,MAAM,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC;YACnC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;aAC9B;YACD,UAAU;YACV,WAAW;YACX,KAAK,EAAE;gBACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;gBAClC,SAAS;gBACT,SAAS;gBACT,WAAW;aACZ;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,KAA6B;QAC9C,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,WAAW,IAAI,KAAK,CAAC,MAAM,uBAAuB,CAAC;QACrG,MAAM,IAAI,GAAG;YACX,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,kBAAkB,EAAE,KAAK,CAAC,kBAAkB;YAC5C,cAAc,EAAE,KAAK,CAAC,cAAc;SACrC,CAAC;QACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;YACvD,SAAS;YACT,WAAW;YACX,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;YAClC,IAAI;SACL,CAAC,CAAC,CAAC;QACJ,MAAM,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC;YACnC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;aAC9B;YACD,IAAI;YACJ,WAAW;YACX,KAAK,EAAE;gBACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;gBAClC,SAAS;gBACT,SAAS;gBACT,WAAW;aACZ;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,KAA6B;QAC9C,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,WAAW,IAAI,KAAK,CAAC,KAAK,gBAAgB,CAAC;QAC7F,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;YACvD,SAAS;YACT,WAAW;YACX,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;YAClC,KAAK,EAAE,KAAK,CAAC,KAAK;SACnB,CAAC,CAAC,CAAC;QACJ,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;YAC7B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;aAC9B;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,WAAW;YACX,KAAK,EAAE;gBACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;gBAClC,SAAS;gBACT,SAAS;gBACT,WAAW;aACZ;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,QAA8B,EAAE;QAC/C,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,WAAW,cAAc,CAAC;QAC5E,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;YACvD,SAAS;YACT,WAAW;YACX,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;SACnC,CAAC,CAAC,CAAC;QACJ,OAAO,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC;YAC5B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,WAAW;YACX,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;aAC9B;YACD,KAAK,EAAE;gBACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;gBAClC,SAAS;gBACT,SAAS;gBACT,WAAW;aACZ;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,QAAoC,EAAE;QAC3D,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,WAAW,oBAAoB,CAAC;QAClF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;YACvD,SAAS;YACT,WAAW;YACX,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;YAClC,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,IAAI;SAC/B,CAAC,CAAC,CAAC;QACJ,OAAO,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC;YAClC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,WAAW;YACX,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;aAC9B;YACD,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,KAAK,EAAE;gBACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;gBAClC,SAAS;gBACT,SAAS;gBACT,WAAW;aACZ;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,KAAiC;QACtD,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,WAAW,oBAAoB,CAAC;QAClF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;YACvD,SAAS;YACT,WAAW;YACX,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;YAClC,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,YAAY,EAAE,KAAK,CAAC,YAAY;SACjC,CAAC,CAAC,CAAC;QACJ,OAAO,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC;YAClC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,WAAW;YACX,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;aAC9B;YACD,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,YAAY,EAAE,KAAK,CAAC,YAAY;YAChC,KAAK,EAAE;gBACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;gBAClC,SAAS;gBACT,SAAS;gBACT,WAAW;aACZ;SACF,CAAC,CAAC;IACL,CAAC;CACF;AAED,SAAS,0BAA0B,CAAC,KAAc;IAChD,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,eAAe,IAAI,KAAK,IAAI,OAAO,IAAI,KAAK,CAAC;AACrG,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAsC;IAC/D,OAAO,YAAY,IAAI,KAAK,IAAI,WAAW,IAAI,KAAK,CAAC;AACvD,CAAC;AAED,SAAS,kBAAkB,CAAC,QAAyC,EAAE,MAAoB;IACzF,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,IAAI,iBAAiB,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChC,OAAO,IAAI,WAAW,CAAC,QAAQ,CAAC,CAAC;IACnC,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,8EAA8E,CAAC,CAAC;AAClG,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAiC;IAC7D,OAAO;QACL,UAAU,EAAE,OAAO,CAAC,aAAa,CAAC,UAAU;KAC7C,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAiC;IACjE,IAAI,CAAC,0BAA0B,CAAC,OAAO,CAAC,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC1E,CAAC;IACD,OAAO,IAAI,kBAAkB,CAC3B,oBAAoB,CAAC,OAAO,CAAC,EAC7B,OAAO,CAAC,KAAK,EACb,kBAAkB,CAAC,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,MAAM,CAAC,EACzD,OAAO,CAAC,KAAK,IAAI,IAAI,WAAW,EAAE,CACnC,CAAC;AACJ,CAAC"}
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../../../src/clients/owner/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAEvD,OAAO,EAAE,WAAW,EAAc,MAAM,2BAA2B,CAAC;AAkGpE,MAAM,eAAe,GAAG,cAAc,CAAC;AAEvC,MAAM,kBAAkB;IAIH;IACA;IACA;IACA;IANF,WAAW,CAAS;IAErC,YACmB,MAAoB,EACpB,SAAyB,EACzB,OAAqB,EACrB,SAAgB,IAAI,WAAW,EAAE;QAHjC,WAAM,GAAN,MAAM,CAAc;QACpB,cAAS,GAAT,SAAS,CAAgB;QACzB,YAAO,GAAP,OAAO,CAAc;QACrB,WAAM,GAAN,MAAM,CAA2B;QAElD,IAAI,CAAC,WAAW,GAAG,SAAS,EAAE,UAAU,IAAI,eAAe,CAAC;IAC9D,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,KAA4B;QAC5C,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,WAAW,IAAI,WAAW,IAAI,KAAK,CAAC,KAAK,eAAe,CAAC;QAEnF,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;YAC7B,IAAI,EAAE,oBAAoB;YAC1B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,cAAc,EAAE,EAAE;YAClB,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,KAAoC;QAC5D,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,WAAW,IAAI,WAAW,IAAI,KAAK,CAAC,KAAK,wBAAwB,CAAC;QAC5F,MAAM,cAAc,GAAG,CAAC,GAAG,KAAK,CAAC,cAAc,CAAC,CAAC;QAEjD,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC;YACrC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,cAAc;YACd,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,KAA4B;QAC5C,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,WAAW,IAAI,WAAW,IAAI,KAAK,CAAC,KAAK,eAAe,CAAC;QACnF,MAAM,cAAc,GAAG,CAAC,GAAG,KAAK,CAAC,cAAc,CAAC,CAAC;QAEjD,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;YAC7B,IAAI,EAAE,oBAAoB;YAC1B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,cAAc;YACd,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,QAA8B,EAAE;QAC9C,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,WAAW,IAAI,WAAW,aAAa,CAAC;QAElE,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;YAC3B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,KAAK;YACL,SAAS;YACT,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,KAA6B;QAC9C,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,WAAW,IAAI,WAAW,IAAI,KAAK,CAAC,KAAK,gBAAgB,CAAC;QAEpF,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;YAC9B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,SAAS;YACT,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,KAA8B;QAChD,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,WAAW,IAAI,WAAW,IAAI,KAAK,CAAC,OAAO,0BAA0B,CAAC;QAChG,MAAM,aAAa,GAAG;YACpB,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,SAAS,EAAE,KAAK,CAAC,SAAS;SAC3B,CAAC;QAEF,MAAM,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC;YACtC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,aAAa;YACb,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,KAAgC;QACpD,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,WAAW,IAAI,WAAW,IAAI,KAAK,CAAC,UAAU,CAAC,YAAY,sBAAsB,CAAC;QAC5G,MAAM,UAAU,GAAG;YACjB,GAAG,KAAK,CAAC,UAAU;YACnB,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;SAC7B,CAAC;QAEF,MAAM,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC;YACnC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,UAAU;YACV,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,KAA6B;QAC9C,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,WAAW,IAAI,WAAW,IAAI,KAAK,CAAC,MAAM,uBAAuB,CAAC;QAC5F,MAAM,IAAI,GAAG;YACX,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,kBAAkB,EAAE,KAAK,CAAC,kBAAkB;YAC5C,cAAc,EAAE,KAAK,CAAC,cAAc;SACrC,CAAC;QAEF,MAAM,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC;YACnC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,IAAI;YACJ,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,KAA6B;QAC9C,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,WAAW,IAAI,WAAW,IAAI,KAAK,CAAC,KAAK,gBAAgB,CAAC;QAEpF,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;YAC7B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,QAA8B,EAAE;QAC/C,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,WAAW,IAAI,WAAW,cAAc,CAAC;QAEnE,OAAO,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC;YAC5B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,WAAW;YACX,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,QAAoC,EAAE;QAC3D,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,WAAW,IAAI,WAAW,oBAAoB,CAAC;QAEzE,OAAO,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC;YAClC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,WAAW;YACX,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,OAAO,EAAE,KAAK,CAAC,OAAO;SACvB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,KAAiC;QACtD,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,WAAW,IAAI,WAAW,oBAAoB,CAAC;QAEzE,OAAO,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC;YAClC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,WAAW;YACX,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,YAAY,EAAE,KAAK,CAAC,YAAY;SACjC,CAAC,CAAC;IACL,CAAC;CACF;AAED,SAAS,0BAA0B,CAAC,KAAc;IAChD,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,IAAI,KAAK,CAAC;AACzE,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAsC;IAC/D,OAAO,YAAY,IAAI,KAAK,IAAI,WAAW,IAAI,KAAK,CAAC;AACvD,CAAC;AAED,SAAS,kBAAkB,CAAC,QAA0C,EAAE,MAAoB;IAC1F,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,IAAI,QAAQ,IAAI,iBAAiB,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5C,OAAO,IAAI,WAAW,CAAC,QAAQ,CAAC,CAAC;IACnC,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAiC;IAC7D,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;QAC3B,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO;QACL,UAAU,EAAE,OAAO,CAAC,aAAa,CAAC,UAAU;KAC7C,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAiC;IACjE,IAAI,CAAC,0BAA0B,CAAC,OAAO,CAAC,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;IACvF,CAAC;IACD,OAAO,IAAI,kBAAkB,CAC3B,OAAO,CAAC,KAAK,EACb,oBAAoB,CAAC,OAAO,CAAC,EAC7B,kBAAkB,CAAC,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,MAAM,CAAC,EACzD,OAAO,CAAC,KAAK,IAAI,IAAI,WAAW,EAAE,CACnC,CAAC;AACJ,CAAC"}

package/dist/protocol/crypto.d.ts

@@ -24,3 +24,8 @@ export declare class LocalSigner implements Signer {
 export declare function signPayload(privateKey: string, payload: string): string;
 /** @internal Use signPayload for protocol-level signing. */
 export declare function signChallenge(privateKey: string, nonce: string): string;
+/**
+ * Derives a 256-bit working key from a user password and salt (vaultId).
+ * Using scrypt for memory-hard key derivation to resist brute-force attacks.
+ */
+export declare function deriveVaultWorkingKeyFromPassword(password: string, vaultId: string): string;

package/dist/protocol/crypto.js

@@ -33,8 +33,19 @@ export class LocalSigner {
 export function signPayload(privateKey, payload) {
     return protocolSignPayload(privateKey, payload);
 }
+import { scryptSync } from 'node:crypto';
 /** @internal Use signPayload for protocol-level signing. */
 export function signChallenge(privateKey, nonce) {
     return protocolSignPayload(privateKey, nonce);
 }
+/**
+ * Derives a 256-bit working key from a user password and salt (vaultId).
+ * Using scrypt for memory-hard key derivation to resist brute-force attacks.
+ */
+export function deriveVaultWorkingKeyFromPassword(password, vaultId) {
+    // N: CPU/memory cost parameter (must be a power of 2)
+    // r: Block size parameter
+    // p: Parallelization parameter
+    return scryptSync(password, vaultId, 32, { N: 16384, r: 8, p: 1 }).toString('base64url');
+}
 //# sourceMappingURL=crypto.js.map

package/dist/protocol/crypto.js.map

@@ -1 +1 @@
-{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/protocol/crypto.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAChE,OAAO,EACH,WAAW,IAAI,mBAAmB,EAClC,oBAAoB,EACpB,eAAe,EACf,eAAe,EACf,aAAa,GAEhB,MAAM,+BAA+B,CAAC;AAGvC,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,eAAe,EAAE,aAAa,EAAE,CAAC;AAOjF;;GAEG;AACH,MAAM,OAAO,WAAW;IACpB,WAAW,CAAS;IACpB,UAAU,CAAS;IAEnB,YAAY,OAAgB;QACxB,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;YACrB,MAAM,IAAI,aAAa,CAAC,iBAAiB,CAAC,0BAA0B,EAAE,wFAAwF,CAAC,CAAC;QACpK,CAAC;QACD,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;QACtC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC;IACxC,CAAC;IAED,KAAK,CAAC,YAAY;QACd,OAAO,IAAI,CAAC,UAAU,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,KAAa;QACpB,OAAO,mBAAmB,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;IACxD,CAAC;IAED,0DAA0D;IAC1D,gBAAgB;QACZ,OAAO,IAAI,CAAC,WAAW,CAAC;IAC5B,CAAC;CACJ;AAED,gDAAgD;AAChD,MAAM,UAAU,WAAW,CAAC,UAAkB,EAAE,OAAe;IAC3D,OAAO,mBAAmB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;AACpD,CAAC;AAED,4DAA4D;AAC5D,MAAM,UAAU,aAAa,CAAC,UAAkB,EAAE,KAAa;IAC3D,OAAO,mBAAmB,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;AAClD,CAAC"}
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/protocol/crypto.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAChE,OAAO,EACH,WAAW,IAAI,mBAAmB,EAClC,oBAAoB,EACpB,eAAe,EACf,eAAe,EACf,aAAa,GAEhB,MAAM,+BAA+B,CAAC;AAGvC,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,eAAe,EAAE,aAAa,EAAE,CAAC;AAOjF;;GAEG;AACH,MAAM,OAAO,WAAW;IACpB,WAAW,CAAS;IACpB,UAAU,CAAS;IAEnB,YAAY,OAAgB;QACxB,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;YACrB,MAAM,IAAI,aAAa,CAAC,iBAAiB,CAAC,0BAA0B,EAAE,wFAAwF,CAAC,CAAC;QACpK,CAAC;QACD,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;QACtC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC;IACxC,CAAC;IAED,KAAK,CAAC,YAAY;QACd,OAAO,IAAI,CAAC,UAAU,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,KAAa;QACpB,OAAO,mBAAmB,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;IACxD,CAAC;IAED,0DAA0D;IAC1D,gBAAgB;QACZ,OAAO,IAAI,CAAC,WAAW,CAAC;IAC5B,CAAC;CACJ;AAED,gDAAgD;AAChD,MAAM,UAAU,WAAW,CAAC,UAAkB,EAAE,OAAe;IAC3D,OAAO,mBAAmB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;AACpD,CAAC;AAED,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,4DAA4D;AAC5D,MAAM,UAAU,aAAa,CAAC,UAAkB,EAAE,KAAa;IAC3D,OAAO,mBAAmB,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;AAClD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iCAAiC,CAAC,QAAgB,EAAE,OAAe;IAC/E,sDAAsD;IACtD,0BAA0B;IAC1B,+BAA+B;IAC/B,OAAO,UAAU,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AAC7F,CAAC"}

package/dist/runtime/bootstrap.d.ts

@@ -1,16 +1,6 @@
-import { type CreatePersistentVaultCoreDependenciesOptions, type VaultCore } from "../vault-core/index.js";
+import { type CreatePersistentVaultCoreDependenciesOptions, VaultCore } from "../vault-core/index.js";
 import { type VaultService, type VaultCustomFlowResolver } from "../vault-ingress/index.js";
 import type { IStorageProvider } from "../storage/provider.js";
-import type { CreatedIdentity } from "./identity.js";
-/**
- * Derives the deterministic working key for a vault.
- *
- * @param privateKey - The owner's private key.
- * @param vaultId - The unique ID of the vault.
- * @returns A base64url-encoded 256-bit key.
- * @internal Used by `createVault` and `recoverVault`.
- */
-export declare function deriveVaultWorkingKey(privateKey: string, vaultId: string): string;
 export interface VaultMetadata extends Record<string, any> {
     nickname?: string;
     ownerId?: string;
@@ -18,8 +8,8 @@ export interface VaultMetadata extends Record<string, any> {
 export interface CreateVaultOptions extends Omit<CreatePersistentVaultCoreDependenciesOptions, "vaultWorkingKey" | "vaultId"> {
     vaultId?: string;
     nickname?: string;
-    publicMetadata?: Record<string, any>;
-    ownerIdentity: CreatedIdentity;
+    metadata?: Record<string, any>;
+    password: string;
     vault?: {
         customFlows?: VaultCustomFlowResolver;
         fetchImpl?: typeof fetch;
@@ -46,7 +36,7 @@ export interface VaultObject {
 }
 export interface RecoverVaultOptions extends Omit<CreatePersistentVaultCoreDependenciesOptions, "vaultWorkingKey" | "vaultId"> {
     vaultId: string;
-    ownerIdentity: CreatedIdentity;
+    password: string;
     vault?: {
         customFlows?: VaultCustomFlowResolver;
         fetchImpl?: typeof fetch;
@@ -104,15 +94,12 @@ export declare function recoverVault(options: RecoverVaultOptions): Promise<Reco
  * @param storage - The root workspace storage provider.
  * @returns A list of vault IDs and their public discovery metadata.
  */
-export declare function listVaults(storage: IStorageProvider): Promise<Array<{
-    vaultId: string;
-    public: any;
-}>>;
+export declare function listVaults(storage: IStorageProvider): Promise<string[]>;
 /**
  * Updates the metadata (like nickname) of an existing vault.
  */
 export declare function updateVaultMetadata(vault: CreatedVault | RecoveredVault, options: {
     nickname?: string;
-    publicMetadata?: Record<string, any>;
-    ownerIdentity: CreatedIdentity;
+    metadata?: Record<string, any>;
+    password: string;
 }): Promise<void>;