@the-ai-company/cbio-node-runtime 1.45.5 → 1.47.0

package/docs/api/interfaces/CbioRuntime.md

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.45.5**](../README.md)
+[**CBIO Node Runtime Agent API v1.47.0**](../README.md)
 
 ***
 
@@ -46,111 +46,11 @@ const agent = createAgentClient({
 
 ***
 
-### createChildIdentity
-
-> **createChildIdentity**: (`storage`, `parentIdentity`, `options`) => `Promise`\<[`ChildIdentity`](ChildIdentity.md)\>
-
-#### Parameters
-
-##### storage
-
-[`IStorageProvider`](IStorageProvider.md)
-
-##### parentIdentity
-
-`string` \| `CreatedIdentity`
-
-##### options?
-
-[`CreateChildIdentityOptions`](CreateChildIdentityOptions.md) = `{}`
-
-#### Returns
-
-`Promise`\<[`ChildIdentity`](ChildIdentity.md)\>
-
-***
-
-### createDefaultVaultCoreDependencies
-
-> **createDefaultVaultCoreDependencies**: (`options`) => `object`
-
-#### Parameters
-
-##### options?
-
-[`CreateDefaultVaultCoreDependenciesOptions`](CreateDefaultVaultCoreDependenciesOptions.md) = `{}`
-
-#### Returns
-
-`object`
-
-##### agentIdentities
-
-> **agentIdentities**: `InMemoryAgentIdentityRegistry`
-
-##### audit
-
-> **audit**: `InMemoryAuditLog`
-
-##### capabilities
-
-> **capabilities**: `InMemoryCapabilityRegistry`
-
-##### clock
-
-> **clock**: `SystemClock`
-
-##### custody
-
-> **custody**: `InMemorySecretCustody`
-
-##### customFlows
-
-> **customFlows**: `InMemoryCustomHttpFlowRegistry`
-
-##### executor
-
-> **executor**: `HttpDispatchExecutor`
-
-##### ids
-
-> **ids**: `RandomIdGenerator`
-
-##### ownerIdentities
-
-> **ownerIdentities**: `InMemoryOwnerIdentityRegistry`
-
-##### ownerProofVerifier
-
-> **ownerProofVerifier**: `SignatureOwnerProofVerifier`
-
-##### policy
-
-> **policy**: `DefaultPolicyEngine`
-
-##### proofVerifier
-
-> **proofVerifier**: `SignatureAgentProofVerifier`
-
-##### replayGuard
-
-> **replayGuard**: [`InMemoryReplayGuard`](../classes/InMemoryReplayGuard.md)
-
-##### secrets
-
-> **secrets**: `InMemorySecretRepository`
-
-##### vaultId
-
-> **vaultId**: [`VaultId`](VaultId.md)
-
-***
-
 ### createIdentity
 
 > **createIdentity**: (`options?`) => `CreatedIdentity`
 
-Creates a new root identity with a fresh Ed25519 keypair.
+Creates a new identity with a fresh Ed25519 keypair.
 
 #### Parameters
 
@@ -177,107 +77,23 @@ console.log(identity.identityId);
 
 ### createOwnerHttpFlowBoundary
 
-> **createOwnerHttpFlowBoundary**: (`boundary`) => [`OwnerHttpFlowBoundary`](OwnerHttpFlowBoundary.md)
+> **createOwnerHttpFlowBoundary**: (`boundary`) => `OwnerHttpFlowBoundary`
 
 #### Parameters
 
 ##### boundary
 
-[`OwnerHttpFlowBoundary`](OwnerHttpFlowBoundary.md)
-
-#### Returns
-
-[`OwnerHttpFlowBoundary`](OwnerHttpFlowBoundary.md)
-
-***
-
-### createPersistentVaultCoreDependencies
-
-> **createPersistentVaultCoreDependencies**: (`storage`, `options`) => `object`
-
-#### Parameters
-
-##### storage
-
-[`IStorageProvider`](IStorageProvider.md)
-
-##### options
-
-[`CreatePersistentVaultCoreDependenciesOptions`](CreatePersistentVaultCoreDependenciesOptions.md)
+`OwnerHttpFlowBoundary`
 
 #### Returns
 
-`object`
-
-##### agentIdentities
-
-> **agentIdentities**: `FileAgentIdentityRegistry`
-
-##### audit
-
-> **audit**: `FileAuditLog`
-
-##### capabilities
-
-> **capabilities**: `FileCapabilityRegistry`
-
-##### capabilityRevocations
-
-> **capabilityRevocations**: [`CapabilityRevocationRegistry`](CapabilityRevocationRegistry.md)
-
-##### clock
-
-> **clock**: `SystemClock`
-
-##### custody
-
-> **custody**: `FileSecretCustody`
-
-##### customFlows
-
-> **customFlows**: [`CustomHttpFlowRegistry`](CustomHttpFlowRegistry.md)
-
-##### executor
-
-> **executor**: `HttpDispatchExecutor`
-
-##### ids
-
-> **ids**: `RandomIdGenerator`
-
-##### ownerIdentities
-
-> **ownerIdentities**: `FileOwnerIdentityRegistry`
-
-##### ownerProofVerifier
-
-> **ownerProofVerifier**: `SignatureOwnerProofVerifier`
-
-##### policy
-
-> **policy**: `DefaultPolicyEngine`
-
-##### proofVerifier
-
-> **proofVerifier**: `SignatureAgentProofVerifier`
-
-##### replayGuard
-
-> **replayGuard**: [`ReplayGuard`](ReplayGuard.md)
-
-##### secrets
-
-> **secrets**: `FileSecretRepository`
-
-##### vaultId
-
-> **vaultId**: [`VaultId`](VaultId.md)
+`OwnerHttpFlowBoundary`
 
 ***
 
 ### createStandardAcquireBoundary
 
-> **createStandardAcquireBoundary**: (`input`) => [`OwnerHttpFlowBoundary`](OwnerHttpFlowBoundary.md)
+> **createStandardAcquireBoundary**: (`input`) => `OwnerHttpFlowBoundary`
 
 #### Parameters
 
@@ -301,13 +117,13 @@ console.log(identity.identityId);
 
 #### Returns
 
-[`OwnerHttpFlowBoundary`](OwnerHttpFlowBoundary.md)
+`OwnerHttpFlowBoundary`
 
 ***
 
 ### createStandardDispatchBoundary
 
-> **createStandardDispatchBoundary**: (`input`) => [`OwnerHttpFlowBoundary`](OwnerHttpFlowBoundary.md)
+> **createStandardDispatchBoundary**: (`input`) => `OwnerHttpFlowBoundary`
 
 #### Parameters
 
@@ -323,7 +139,7 @@ console.log(identity.identityId);
 
 #### Returns
 
-[`OwnerHttpFlowBoundary`](OwnerHttpFlowBoundary.md)
+`OwnerHttpFlowBoundary`
 
 ***
 
@@ -349,7 +165,7 @@ Workspace storage (or path string) where vaults are stored.
 
 [`CreateVaultOptions`](CreateVaultOptions.md)
 
-Configuration including owner identity and metadata.
+Configuration including password and metadata.
 
 ##### Returns
 
@@ -361,7 +177,7 @@ A [CreatedVault](CreatedVault.md) instance.
 
 ```ts
 const vault = await createVault({
-  ownerIdentity,
+  password: 'my-strong-password',
   nickname: 'production-secrets'
 });
 ```
@@ -398,7 +214,7 @@ Creates a [VaultClient](VaultClient.md) instance for a specific vault owner.
 
 [`CreateVaultClientOptions`](CreateVaultClientOptions.md)
 
-Configuration including owner identity and the vault service.
+Configuration including optional owner identity and the vault service.
 
 #### Returns
 
@@ -419,113 +235,86 @@ const client = createVaultClient({
 
 ### createVaultCore
 
-> **createVaultCore**: (`deps`) => [`VaultCore`](VaultCore.md)
+> **createVaultCore**: (`deps`) => [`VaultCore`](../classes/VaultCore.md)
 
 #### Parameters
 
 ##### deps
 
-[`VaultCoreDependencies`](VaultCoreDependencies.md)
+`VaultCoreDependencies`
 
 #### Returns
 
-[`VaultCore`](VaultCore.md)
+[`VaultCore`](../classes/VaultCore.md)
 
 ***
 
-### createVaultService
+### createVaultCoreDependencies
 
-> **createVaultService**: (`deps`, `options`) => [`VaultService`](VaultService.md)
+> **createVaultCoreDependencies**: (`options`) => `VaultCoreDependencies`
 
 #### Parameters
 
-##### deps
-
-[`VaultCoreDependencies`](VaultCoreDependencies.md)
-
 ##### options?
 
-###### clock?
-
-[`Clock`](Clock.md)
-
-###### customFlows?
-
-[`VaultCustomFlowResolver`](VaultCustomFlowResolver.md)
-
-###### fetchImpl?
-
-\{(`input`, `init?`): `Promise`\<`Response`\>; (`input`, `init?`): `Promise`\<`Response`\>; \}
+[`VaultCoreDependenciesOptions`](VaultCoreDependenciesOptions.md) = `{}`
 
 #### Returns
 
-[`VaultService`](VaultService.md)
+`VaultCoreDependencies`
 
 ***
 
-### deriveChildIdentity
-
-> **deriveChildIdentity**: (`parent`, `childIndex`, `options`) => [`ChildIdentity`](ChildIdentity.md)
+### createVaultService
 
-Deterministically derives a child identity from a parent's private key and an index.
+> **createVaultService**: (`deps`, `options`) => `VaultService`
 
 #### Parameters
 
-##### parent
+##### deps
 
-`string` \| `CreatedIdentity`
+`VaultCoreDependencies`
 
-The parent identity object or its private key string.
+##### options?
 
-##### childIndex
+###### clock?
 
-`number`
+`Clock`
 
-A non-negative integer for derivation.
+###### customFlows?
 
-##### options?
+`VaultCustomFlowResolver`
 
-[`DeriveIdentityOptions`](DeriveIdentityOptions.md) = `{}`
+###### fetchImpl?
 
-Optional nickname for the child.
+\{(`input`, `init?`): `Promise`\<`Response`\>; (`input`, `init?`): `Promise`\<`Response`\>; \}
 
 #### Returns
 
-[`ChildIdentity`](ChildIdentity.md)
-
-A [ChildIdentity](ChildIdentity.md) with derivation metadata.
-
-#### Example
-
-```ts
-const child = deriveChildIdentity(parentIdentity, 0, { nickname: 'sub-agent-0' });
-```
+`VaultService`
 
 ***
 
-### deriveVaultWorkingKey
+### deriveVaultWorkingKeyFromPassword
 
-> **deriveVaultWorkingKey**: `object`
+> **deriveVaultWorkingKeyFromPassword**: (`password`, `vaultId`) => `string`
 
-***
-
-### ensureIdentityPrivateVault
-
-> **ensureIdentityPrivateVault**: (`storage`, `identity`) => `Promise`\<`void`\>
+Derives a 256-bit working key from a user password and salt (vaultId).
+Using scrypt for memory-hard key derivation to resist brute-force attacks.
 
 #### Parameters
 
-##### storage
+##### password
 
-[`IStorageProvider`](IStorageProvider.md)
+`string`
 
-##### identity
+##### vaultId
 
-`CreatedIdentity`
+`string`
 
 #### Returns
 
-`Promise`\<`void`\>
+`string`
 
 ***
 
@@ -537,7 +326,7 @@ const child = deriveChildIdentity(parentIdentity, 0, { nickname: 'sub-agent-0' }
 
 ### handleVaultHttpDispatch
 
-> **handleVaultHttpDispatch**: (`service`, `body`) => `Promise`\<[`VaultAgentDispatchResponse`](VaultAgentDispatchResponse.md) \| [`VaultAgentDispatchErrorResponse`](VaultAgentDispatchErrorResponse.md)\>
+> **handleVaultHttpDispatch**: (`service`, `body`) => `Promise`\<`VaultAgentDispatchResponse` \| `VaultAgentDispatchErrorResponse`\>
 
 Standard server-side helper to handle a vault agent dispatch request from an HTTP body.
 This can be used in any HTTP server framework (Express, Fastify, etc.).
@@ -546,7 +335,7 @@ This can be used in any HTTP server framework (Express, Fastify, etc.).
 
 ##### service
 
-[`VaultService`](VaultService.md)
+`VaultService`
 
 The VaultService instance to handle the request.
 
@@ -558,7 +347,7 @@ The parsed JSON body of the incoming HTTP request.
 
 #### Returns
 
-`Promise`\<[`VaultAgentDispatchResponse`](VaultAgentDispatchResponse.md) \| [`VaultAgentDispatchErrorResponse`](VaultAgentDispatchErrorResponse.md)\>
+`Promise`\<`VaultAgentDispatchResponse` \| `VaultAgentDispatchErrorResponse`\>
 
 A JSON-serializable response object.
 
@@ -576,49 +365,11 @@ A JSON-serializable response object.
 
 ***
 
-### initializeVaultCustody
-
-> **initializeVaultCustody**: (`storage`, `options`) => `Promise`\<[`InitializedVaultCustody`](InitializedVaultCustody.md)\>
-
-#### Parameters
-
-##### storage
-
-[`IStorageProvider`](IStorageProvider.md)
-
-##### options?
-
-[`InitializeVaultCustodyOptions`](InitializeVaultCustodyOptions.md) = `{}`
-
-#### Returns
-
-`Promise`\<[`InitializedVaultCustody`](InitializedVaultCustody.md)\>
-
-***
-
-### listIdentities
-
-> **listIdentities**: (`storage`) => `Promise`\<`any`[]\>
-
-Lists all identities in the workspace with their discovery metadata.
-
-#### Parameters
-
-##### storage
-
-[`IStorageProvider`](IStorageProvider.md)
-
-#### Returns
-
-`Promise`\<`any`[]\>
-
-***
-
 ### listVaults
 
-> **listVaults**: (`storage`) => `Promise`\<`object`[]\>
+> **listVaults**: (`storage`) => `Promise`\<`string`[]\>
 
-Lists all available vaults in the workspace by scanning for signed profiles.
+Lists all available vaults in the workspace.
 
 #### Parameters
 
@@ -630,9 +381,9 @@ The root workspace storage provider.
 
 #### Returns
 
-`Promise`\<`object`[]\>
+`Promise`\<`string`[]\>
 
-A list of vault IDs and their public discovery metadata.
+A list of vault IDs.
 
 ***
 
@@ -660,74 +411,6 @@ A list of vault IDs and their public discovery metadata.
 
 ***
 
-### readIdentityMetadata
-
-> **readIdentityMetadata**: (`storage`, `identityId`, `privateKey?`) => `Promise`\<`any`\>
-
-Metadata reader for identities.
-Discovery info (nickname) can be read with just identityId.
-Full profile requires privateKey.
-
-#### Parameters
-
-##### storage
-
-[`IStorageProvider`](IStorageProvider.md)
-
-##### identityId
-
-`string`
-
-##### privateKey?
-
-`string`
-
-#### Returns
-
-`Promise`\<`any`\>
-
-***
-
-### readIdentityPrivateVaultChildrenState
-
-> **readIdentityPrivateVaultChildrenState**: (`storage`, `identityOrPrivateKey`) => `Promise`\<[`IdentityPrivateVaultChildrenState`](IdentityPrivateVaultChildrenState.md)\>
-
-#### Parameters
-
-##### storage
-
-[`IStorageProvider`](IStorageProvider.md)
-
-##### identityOrPrivateKey
-
-[`IdentityPrivateVaultAccess`](../type-aliases/IdentityPrivateVaultAccess.md)
-
-#### Returns
-
-`Promise`\<[`IdentityPrivateVaultChildrenState`](IdentityPrivateVaultChildrenState.md)\>
-
-***
-
-### readIdentityPrivateVaultProfile
-
-> **readIdentityPrivateVaultProfile**: (`storage`, `identityOrPrivateKey`) => `Promise`\<[`IdentityPrivateVaultProfile`](IdentityPrivateVaultProfile.md) \| `null`\>
-
-#### Parameters
-
-##### storage
-
-[`IStorageProvider`](IStorageProvider.md)
-
-##### identityOrPrivateKey
-
-[`IdentityPrivateVaultAccess`](../type-aliases/IdentityPrivateVaultAccess.md)
-
-#### Returns
-
-`Promise`\<[`IdentityPrivateVaultProfile`](IdentityPrivateVaultProfile.md) \| `null`\>
-
-***
-
 ### recoverVault
 
 > **recoverVault**: \{(`storage`, `options`): `Promise`\<[`RecoveredVault`](RecoveredVault.md)\>; (`options`): `Promise`\<[`RecoveredVault`](RecoveredVault.md)\>; \}
@@ -750,7 +433,7 @@ Workspace storage where the vault was created.
 
 [`RecoverVaultOptions`](RecoverVaultOptions.md)
 
-Recovery options (must include `vaultId` and `ownerIdentity`).
+Recovery options (must include `vaultId` and `password`).
 
 ##### Returns
 
@@ -763,7 +446,7 @@ A [RecoveredVault](RecoveredVault.md) instance.
 ```ts
 const vault = await recoverVault({
   vaultId: 'vault_123',
-  ownerIdentity
+  password: 'my-strong-password'
 });
 ```
 
@@ -779,7 +462,7 @@ Recovers an existing vault using the default workspace storage.
 
 [`RecoverVaultOptions`](RecoverVaultOptions.md)
 
-Recovery options including vaultId and owner identity.
+Recovery options including vaultId and password.
 
 ##### Returns
 
@@ -787,30 +470,6 @@ Recovery options including vaultId and owner identity.
 
 ***
 
-### recoverVaultWorkingKey
-
-> **recoverVaultWorkingKey**: (`storage`, `vaultRecoveryKey`, `storageKey`) => `Promise`\<`string`\>
-
-#### Parameters
-
-##### storage
-
-[`IStorageProvider`](IStorageProvider.md)
-
-##### vaultRecoveryKey
-
-`string`
-
-##### storageKey?
-
-`string` = `DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY`
-
-#### Returns
-
-`Promise`\<`string`\>
-
-***
-
 ### restoreIdentity
 
 > **restoreIdentity**: (`privateKey`, `options`) => `CreatedIdentity`
@@ -859,23 +518,23 @@ const identity = restoreIdentity('MIIB...');
 
 ### wrapVaultCoreAsVaultService
 
-> **wrapVaultCoreAsVaultService**: (`core`, `options`) => [`VaultService`](VaultService.md)
+> **wrapVaultCoreAsVaultService**: (`core`, `options`) => `VaultService`
 
 #### Parameters
 
 ##### core
 
-[`VaultCore`](VaultCore.md)
+[`VaultCore`](../classes/VaultCore.md)
 
 ##### options?
 
 ###### clock?
 
-[`Clock`](Clock.md)
+`Clock`
 
 ###### customFlows?
 
-[`VaultCustomFlowResolver`](VaultCustomFlowResolver.md)
+`VaultCustomFlowResolver`
 
 ###### fetchImpl?
 
@@ -883,4 +542,4 @@ const identity = restoreIdentity('MIIB...');
 
 #### Returns
 
-[`VaultService`](VaultService.md)
+`VaultService`

package/docs/api/interfaces/CreateAgentClientOptions.md

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.45.5**](../README.md)
+[**CBIO Node Runtime Agent API v1.47.0**](../README.md)
 
 ***
 
@@ -14,13 +14,13 @@
 
 ### capability
 
-> **capability**: [`AgentCapability`](AgentCapability.md)
+> **capability**: `AgentCapability`
 
 ***
 
 ### clock?
 
-> `optional` **clock?**: [`Clock`](Clock.md)
+> `optional` **clock?**: `Clock`
 
 ***
 
@@ -38,4 +38,4 @@
 
 ### vault?
 
-> `optional` **vault?**: [`VaultService`](VaultService.md)
+> `optional` **vault?**: `VaultService`

package/docs/api/interfaces/CreateIdentityOptions.md

@@ -1,13 +1,9 @@
-[**CBIO Node Runtime Agent API v1.45.5**](../README.md)
+[**CBIO Node Runtime Agent API v1.47.0**](../README.md)
 
 ***
 
 # Interface: CreateIdentityOptions
 
-## Extended by
-
-- [`CreateChildIdentityOptions`](CreateChildIdentityOptions.md)
-
 ## Properties
 
 ### nickname?