@the-ai-company/cbio-node-runtime 1.47.0 → 1.47.2

package/dist/vault-ingress/index.js

@@ -216,6 +216,7 @@ class LocalVaultService {
                     proof: {
                         agentId: request.agentId,
                         signature: request.proof.signature,
+                        token: request.proof.token,
                         requestId: request.requestId,
                         requestedAt: request.requestedAt,
                     },
@@ -266,6 +267,7 @@ class LocalVaultService {
                 proof: {
                     agentId: request.agentId,
                     signature: request.proof.signature,
+                    token: request.proof.token,
                     requestId: request.requestId,
                     requestedAt: request.requestedAt,
                 },
@@ -331,6 +333,12 @@ class LocalVaultService {
     async revokeCapability(command) {
         return await this._authority.revokeCapability(command);
     }
+    async issueSessionToken(request) {
+        return await this._authority.issueAgentSessionToken(request);
+    }
+    async revokeSessionToken(request) {
+        return await this._authority.revokeAgentSessionToken(request);
+    }
     async resolveCapability(vaultId, agentId, capabilityId) {
         const capability = await this._authority.getCapability(vaultId, agentId, capabilityId);
         if (!capability) {

package/dist/vault-ingress/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/vault-ingress/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,eAAe,EAqBf,cAAc,GACf,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,2BAA2B,EAC3B,6BAA6B,EAC7B,uBAAuB,GACxB,MAAM,qBAAqB,CAAC;AA2F7B,MAAM,iBAAiB;IAEF;IACA;IACA;IACA;IAJnB,YACmB,UAAqB,EACrB,YAAsC,EACtC,MAAc,EACd,aAA2B,KAAK;QAHhC,eAAU,GAAV,UAAU,CAAW;QACrB,iBAAY,GAAZ,YAAY,CAA0B;QACtC,WAAM,GAAN,MAAM,CAAQ;QACd,eAAU,GAAV,UAAU,CAAsB;IAChD,CAAC;IAEJ,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;IACjC,CAAC;IAGD,kBAAkB,CAAC,OAAuC;QACxD,OAAO,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;IACrD,CAAC;IAED,qBAAqB,CAAC,OAA0C;QAC9D,OAAO,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;IACxD,CAAC;IAED,kBAAkB,CAAC,OAA2C;QAC5D,OAAO,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;IACrD,CAAC;IAED,WAAW,CAAC,OAAiE;QAC3E,OAAO,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IAC9C,CAAC;IAED,mBAAmB,CAAC,OAAyE;QAC3F,OAAO,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;IACtD,CAAC;IAEO,mBAAmB,CAAC,KAAc;QACxC,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YAC1C,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC;QAC/D,CAAC;QACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC,CACpF,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,yBAAyB,CAAC,IAA4B,EAAE,OAAgB;QAC9E,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACtE,OAAO,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAC3C,CAAC;QACD,MAAM,MAAM,GAAG,OAAkC,CAAC;QAClD,MAAM,QAAQ,GAA0C,EAAE,CAAC;QAC3D,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,mCAAmC,CAAC;YACzC,KAAK,oCAAoC,CAAC;YAC1C,KAAK,gCAAgC,CAAC,CAAC,CAAC;gBACtC,IAAI,YAAY,IAAI,MAAM,EAAE,CAAC;oBAC3B,QAAQ,CAAC,UAAU,GAAG,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC;gBACzF,CAAC;gBACD,IAAI,YAAY,IAAI,MAAM,EAAE,CAAC;oBAC3B,QAAQ,CAAC,UAAU,GAAG,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC;gBACzF,CAAC;gBACD,IAAI,OAAO,IAAI,MAAM,EAAE,CAAC;oBACtB,QAAQ,CAAC,KAAK,GAAG,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;gBAC1E,CAAC;gBACD,MAAM;YACR,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,oBAAoB,CAAC,IAA4B,EAAE,OAAgB;QACzE,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACtE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QACD,MAAM,MAAM,GAAG,OAAkC,CAAC;QAClD,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,mCAAmC,CAAC,CAAC,CAAC;gBACzC,IAAI,OAAO,MAAM,CAAC,YAAY,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;oBACpE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBACxD,CAAC;gBACD,OAAO,MAAM,CAAC,YAAY,CAAC;YAC7B,CAAC;YACD,KAAK,oCAAoC,CAAC,CAAC,CAAC;gBAC1C,IAAI,OAAO,MAAM,CAAC,aAAa,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;oBACtE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBACxD,CAAC;gBACD,OAAO,MAAM,CAAC,aAAa,CAAC;YAC9B,CAAC;YACD,KAAK,gCAAgC,CAAC,CAAC,CAAC;gBACtC,IAAI,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;oBAC5D,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBACxD,CAAC;gBACD,OAAO,MAAM,CAAC,QAAQ,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;IAEO,gBAAgB,CAAC,WAA0B,EAAE,UAAkB;QACrE,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,WAAW,EAAE,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAClC,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAChC,CAAC;QACD,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAChC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,UAAU,CAAC;QACpB,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,OAK3B;QACC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,EAAE;YAClD,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,KAAK;YAC/B,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,IAAI,EAAE,OAAO,CAAC,IAAI;SACnB,CAAC,CAAC;QACH,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACtC,OAAO;YACL,WAAW;YACX,OAAO;YACP,UAAU,EAAE,IAAI,CAAC,gBAAgB,CAAC,WAAW,EAAE,OAAO,CAAC;YACvD,cAAc,EAAE,QAAQ,CAAC,MAAM;SAChC,CAAC;IACJ,CAAC;IAEO,uBAAuB,CAAC,IAA8B,EAAE,OAAgB;QAC9E,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,IAAI,CAAC,cAAc,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC9C,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACtE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;YACxD,CAAC;YACD,MAAM,KAAK,GAAI,OAAmC,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;YAC9E,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;gBACxC,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;YACxD,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,OAAgC;QAClD,MAAM,gBAAgB,GAAG,6BAA6B,CAAC;YACrD,SAAS,EAAE,OAAO,CAAC,GAAG;YACtB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,aAAa,EAAE,OAAO,CAAC,IAAI,KAAK,mCAAmC;gBACjE,CAAC,CAAC,cAAc;gBAChB,CAAC,CAAC,OAAO,CAAC,IAAI,KAAK,oCAAoC;oBACrD,CAAC,CAAC,eAAe;oBACjB,CAAC,CAAC,UAAU;YAChB,UAAU,EAAE,OAAO,CAAC,KAAK;SAC1B,CAAC,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAClD,MAAM,cAAc,GAAkC,CAAC;gBACrD,IAAI,EAAE,MAAM;gBACZ,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,SAAS,EAAE,gBAAgB,CAAC,SAAS;gBACrC,OAAO,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC;gBAClC,KAAK,EAAE,CAAC,IAAI,GAAG,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC;aAC7D,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC;YAChC,IAAI,EAAE,qBAAqB;YAC3B,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,OAAO;YAChC,MAAM,EAAE;gBACN,IAAI,EAAE,gBAAgB;gBACtB,EAAE,EAAE,OAAO,CAAC,QAAQ;aACrB;YACD,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,SAAS,EAAE,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC;YACtE,YAAY,EAAE,OAAO,CAAC,QAAQ;YAC9B,cAAc;YACd,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;SACxF,CAAC,CAAC;QACH,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,OAAO;YAChC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,MAAM,EAAE,QAAQ;YAChB,cAAc,EAAE,OAAO,CAAC,cAAc;YACtC,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,aAAa,EAAE,IAAI,CAAC,yBAAyB,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC;SAChF,CAAC;IACJ,CAAC;IAED,QAAQ,CAAC,OAAwB;QAC/B,OAAO,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,OAAkC;QAElC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC;YAC3C,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;YAChG,MAAM,UAAU,GAAG,UAAU,CAAC,SAAS,KAAK,aAAa;gBACvD,CAAC,CAAC,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,YAAY,CAAC;gBAChE,CAAC,CAAC,IAAI,CAAC;YACT,MAAM,QAAQ,GAAG,UAAU;gBACzB,CAAC,CAAC,uBAAuB,CAAC,UAAU,CAAC;gBACrC,CAAC,CAAC,2BAA2B,CAAC;oBAC5B,IAAI,EAAE,aAAa;oBACnB,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,kBAAkB,EAAE,aAAa;iBAClC,CAAC,CAAC;YACL,IAAI,UAAU,EAAE,CAAC;gBACf,IAAI,OAAO,CAAC,SAAS,KAAK,QAAQ,CAAC,SAAS,IAAI,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,QAAQ,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC;oBAC/G,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBACxD,CAAC;YACH,CAAC;YACD,IAAI,QAAQ,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;gBACvC,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;gBACjD,CAAC;gBACD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC;oBAC5D,OAAO;oBACP,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,KAAK,EAAE;wBACL,IAAI,EAAE,OAAO;wBACb,EAAE,EAAE,OAAO,CAAC,OAAO;qBACpB;oBACD,UAAU;oBACV,KAAK,EAAE;wBACL,OAAO,EAAE,OAAO,CAAC,OAAO;wBACxB,SAAS,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS;wBAClC,SAAS,EAAE,OAAO,CAAC,SAAS;wBAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;qBACjC;oBACD,WAAW,EAAE,SAAS;oBACtB,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,IAAI,EAAE,OAAO,CAAC,IAAI;iBACnB,CAAC,CAAC;gBACH,IAAI,aAAa,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;oBACvC,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;gBAC9C,CAAC;gBACD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC;oBACvC,GAAG,EAAE,OAAO,CAAC,SAAS;oBACtB,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,IAAI,EAAE,OAAO,CAAC,IAAI;iBACnB,CAAC,CAAC;gBACH,MAAM,cAAc,GAAG,IAAI,CAAC,uBAAuB,CAAC,UAAU,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;gBACpF,IAAI,CAAC,cAAc,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;oBAClD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBACxD,CAAC;gBACD,MAAM,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,UAAU,EAAE,UAAU,CAAC,cAAc,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;gBAC9G,OAAO;oBACL,EAAE,EAAE,IAAI;oBACR,MAAM,EAAE;wBACN,OAAO;wBACP,SAAS,EAAE,OAAO,CAAC,SAAS;wBAC5B,MAAM,EAAE,cAAc,CAAC,SAAS;wBAChC,SAAS,EAAE,OAAO,CAAC,SAAS;wBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;wBACtB,cAAc,EAAE,OAAO,CAAC,cAAc;wBACtC,YAAY,EAAE,QAAQ,CAAC,kBAAkB,KAAK,YAAY;4BACxD,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;4BAC9D,CAAC,CAAC,OAAO,CAAC,OAAO;qBACpB;iBACF,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC;gBAClD,OAAO;gBACP,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,KAAK,EAAE;oBACL,IAAI,EAAE,OAAO;oBACb,EAAE,EAAE,OAAO,CAAC,OAAO;iBACpB;gBACD,UAAU;gBACV,KAAK,EAAE;oBACL,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,SAAS,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS;oBAClC,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;iBACjC;gBACD,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,IAAI,EAAE,OAAO,CAAC,IAAI;aACnB,CAAC,CAAC;YACH,IAAI,QAAQ,CAAC,IAAI,KAAK,sBAAsB,EAAE,CAAC;gBAC7C,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;gBACjD,CAAC;gBACD,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBACvD,MAAM,cAAc,GAAG,IAAI,CAAC,uBAAuB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;gBAC5E,IAAI,CAAC,cAAc,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;oBAClD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBACxD,CAAC;gBACD,MAAM,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,UAAU,EAAE,UAAU,CAAC,cAAc,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;YAChH,CAAC;YACD,OAAO;gBACL,EAAE,EAAE,IAAI;gBACR,MAAM,EAAE,QAAQ,CAAC,kBAAkB,KAAK,YAAY;oBAClD,CAAC,CAAC;wBACA,GAAG,MAAM;wBACT,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC;qBAC5F;oBACD,CAAC,CAAC,MAAM;aACX,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,MAAM,IAAI,GAAG,KAAK,YAAY,KAAK,IAAI,MAAM,IAAI,KAAK,IAAI,OAAQ,KAA4B,CAAC,IAAI,KAAK,QAAQ;gBAC9G,CAAC,CAAE,KAA0B,CAAC,IAAI;gBAClC,CAAC,CAAC,+BAA+B,CAAC;YACpC,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE;aACzB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,SAAS,CAAC,OAA0B;QAClC,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE;YAC5D,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;SACjC,CAAC,CAAC;IACL,CAAC;IAED,YAAY,CAAC,OAAiC;QAC5C,OAAO,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE;YAChE,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;SACjC,CAAC,CAAC;IACL,CAAC;IAED,YAAY,CAAC,OAAkE;QAC7E,OAAO,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;IAC/C,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,OAA+B;QAC9C,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAClE,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,OAAqC;QAC1D,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACzF,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,OAAqC;QAC1D,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACzD,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAAC,OAAgB,EAAE,OAAe,EAAE,YAAoB;QACrF,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;QACvF,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IAEO,SAAS,CAAC,IAAwB;QACxC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAAC,OAAgB,EAAE,MAA0B;QAC1E,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACjD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED,MAAM,UAAU,kBAAkB,CAChC,IAA2B,EAC3B,UAII,EAAE;IAEN,OAAO,IAAI,iBAAiB,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC,WAAW,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;AACjI,CAAC;AAED,MAAM,UAAU,2BAA2B,CACzC,IAAe,EACf,UAII,EAAE;IAEN,OAAO,IAAI,iBAAiB,CAAC,IAAI,EAAE,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;AAC5F,CAAC;AAGD,OAAO,EACL,2BAA2B,EAC3B,6BAA6B,EAC7B,8BAA8B,EAC9B,uBAAuB,GACxB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,0BAA0B,EAAE,MAAM,uBAAuB,CAAC;AACnE,OAAO,EAAE,uBAAuB,EAAE,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/vault-ingress/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,eAAe,EAsBf,cAAc,GACf,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,2BAA2B,EAC3B,6BAA6B,EAC7B,uBAAuB,GACxB,MAAM,qBAAqB,CAAC;AAgG7B,MAAM,iBAAiB;IAEF;IACA;IACA;IACA;IAJnB,YACmB,UAAqB,EACrB,YAAsC,EACtC,MAAc,EACd,aAA2B,KAAK;QAHhC,eAAU,GAAV,UAAU,CAAW;QACrB,iBAAY,GAAZ,YAAY,CAA0B;QACtC,WAAM,GAAN,MAAM,CAAQ;QACd,eAAU,GAAV,UAAU,CAAsB;IAChD,CAAC;IAEJ,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;IACjC,CAAC;IAGD,kBAAkB,CAAC,OAAuC;QACxD,OAAO,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;IACrD,CAAC;IAED,qBAAqB,CAAC,OAA0C;QAC9D,OAAO,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;IACxD,CAAC;IAED,kBAAkB,CAAC,OAA2C;QAC5D,OAAO,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;IACrD,CAAC;IAED,WAAW,CAAC,OAAiE;QAC3E,OAAO,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IAC9C,CAAC;IAED,mBAAmB,CAAC,OAAyE;QAC3F,OAAO,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;IACtD,CAAC;IAEO,mBAAmB,CAAC,KAAc;QACxC,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YAC1C,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC;QAC/D,CAAC;QACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC,CACpF,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,yBAAyB,CAAC,IAA4B,EAAE,OAAgB;QAC9E,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACtE,OAAO,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAC3C,CAAC;QACD,MAAM,MAAM,GAAG,OAAkC,CAAC;QAClD,MAAM,QAAQ,GAA0C,EAAE,CAAC;QAC3D,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,mCAAmC,CAAC;YACzC,KAAK,oCAAoC,CAAC;YAC1C,KAAK,gCAAgC,CAAC,CAAC,CAAC;gBACtC,IAAI,YAAY,IAAI,MAAM,EAAE,CAAC;oBAC3B,QAAQ,CAAC,UAAU,GAAG,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC;gBACzF,CAAC;gBACD,IAAI,YAAY,IAAI,MAAM,EAAE,CAAC;oBAC3B,QAAQ,CAAC,UAAU,GAAG,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC;gBACzF,CAAC;gBACD,IAAI,OAAO,IAAI,MAAM,EAAE,CAAC;oBACtB,QAAQ,CAAC,KAAK,GAAG,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;gBAC1E,CAAC;gBACD,MAAM;YACR,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,oBAAoB,CAAC,IAA4B,EAAE,OAAgB;QACzE,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACtE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QACD,MAAM,MAAM,GAAG,OAAkC,CAAC;QAClD,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,mCAAmC,CAAC,CAAC,CAAC;gBACzC,IAAI,OAAO,MAAM,CAAC,YAAY,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;oBACpE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBACxD,CAAC;gBACD,OAAO,MAAM,CAAC,YAAY,CAAC;YAC7B,CAAC;YACD,KAAK,oCAAoC,CAAC,CAAC,CAAC;gBAC1C,IAAI,OAAO,MAAM,CAAC,aAAa,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;oBACtE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBACxD,CAAC;gBACD,OAAO,MAAM,CAAC,aAAa,CAAC;YAC9B,CAAC;YACD,KAAK,gCAAgC,CAAC,CAAC,CAAC;gBACtC,IAAI,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;oBAC5D,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBACxD,CAAC;gBACD,OAAO,MAAM,CAAC,QAAQ,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;IAEO,gBAAgB,CAAC,WAA0B,EAAE,UAAkB;QACrE,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,WAAW,EAAE,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAClC,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAChC,CAAC;QACD,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAChC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,UAAU,CAAC;QACpB,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,OAK3B;QACC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,EAAE;YAClD,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,KAAK;YAC/B,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,IAAI,EAAE,OAAO,CAAC,IAAI;SACnB,CAAC,CAAC;QACH,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACtC,OAAO;YACL,WAAW;YACX,OAAO;YACP,UAAU,EAAE,IAAI,CAAC,gBAAgB,CAAC,WAAW,EAAE,OAAO,CAAC;YACvD,cAAc,EAAE,QAAQ,CAAC,MAAM;SAChC,CAAC;IACJ,CAAC;IAEO,uBAAuB,CAAC,IAA8B,EAAE,OAAgB;QAC9E,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,IAAI,CAAC,cAAc,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC9C,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACtE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;YACxD,CAAC;YACD,MAAM,KAAK,GAAI,OAAmC,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;YAC9E,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;gBACxC,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;YACxD,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,OAAgC;QAClD,MAAM,gBAAgB,GAAG,6BAA6B,CAAC;YACrD,SAAS,EAAE,OAAO,CAAC,GAAG;YACtB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,aAAa,EAAE,OAAO,CAAC,IAAI,KAAK,mCAAmC;gBACjE,CAAC,CAAC,cAAc;gBAChB,CAAC,CAAC,OAAO,CAAC,IAAI,KAAK,oCAAoC;oBACrD,CAAC,CAAC,eAAe;oBACjB,CAAC,CAAC,UAAU;YAChB,UAAU,EAAE,OAAO,CAAC,KAAK;SAC1B,CAAC,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAClD,MAAM,cAAc,GAAkC,CAAC;gBACrD,IAAI,EAAE,MAAM;gBACZ,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,SAAS,EAAE,gBAAgB,CAAC,SAAS;gBACrC,OAAO,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC;gBAClC,KAAK,EAAE,CAAC,IAAI,GAAG,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC;aAC7D,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC;YAChC,IAAI,EAAE,qBAAqB;YAC3B,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,OAAO;YAChC,MAAM,EAAE;gBACN,IAAI,EAAE,gBAAgB;gBACtB,EAAE,EAAE,OAAO,CAAC,QAAQ;aACrB;YACD,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,SAAS,EAAE,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC;YACtE,YAAY,EAAE,OAAO,CAAC,QAAQ;YAC9B,cAAc;YACd,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;SACxF,CAAC,CAAC;QACH,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,OAAO;YAChC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,MAAM,EAAE,QAAQ;YAChB,cAAc,EAAE,OAAO,CAAC,cAAc;YACtC,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,aAAa,EAAE,IAAI,CAAC,yBAAyB,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC;SAChF,CAAC;IACJ,CAAC;IAED,QAAQ,CAAC,OAAwB;QAC/B,OAAO,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,OAAkC;QAElC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC;YAC3C,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;YAChG,MAAM,UAAU,GAAG,UAAU,CAAC,SAAS,KAAK,aAAa;gBACvD,CAAC,CAAC,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,YAAY,CAAC;gBAChE,CAAC,CAAC,IAAI,CAAC;YACT,MAAM,QAAQ,GAAG,UAAU;gBACzB,CAAC,CAAC,uBAAuB,CAAC,UAAU,CAAC;gBACrC,CAAC,CAAC,2BAA2B,CAAC;oBAC5B,IAAI,EAAE,aAAa;oBACnB,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,kBAAkB,EAAE,aAAa;iBAClC,CAAC,CAAC;YACL,IAAI,UAAU,EAAE,CAAC;gBACf,IAAI,OAAO,CAAC,SAAS,KAAK,QAAQ,CAAC,SAAS,IAAI,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,QAAQ,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC;oBAC/G,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBACxD,CAAC;YACH,CAAC;YACD,IAAI,QAAQ,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;gBACvC,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;gBACjD,CAAC;gBACD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC;oBAC5D,OAAO;oBACP,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,KAAK,EAAE;wBACL,IAAI,EAAE,OAAO;wBACb,EAAE,EAAE,OAAO,CAAC,OAAO;qBACpB;oBACD,UAAU;oBACV,KAAK,EAAE;wBACL,OAAO,EAAE,OAAO,CAAC,OAAO;wBACxB,SAAS,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS;wBAClC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK;wBAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;wBAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;qBACjC;oBACD,WAAW,EAAE,SAAS;oBACtB,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,IAAI,EAAE,OAAO,CAAC,IAAI;iBACnB,CAAC,CAAC;gBACH,IAAI,aAAa,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;oBACvC,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;gBAC9C,CAAC;gBACD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC;oBACvC,GAAG,EAAE,OAAO,CAAC,SAAS;oBACtB,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,IAAI,EAAE,OAAO,CAAC,IAAI;iBACnB,CAAC,CAAC;gBACH,MAAM,cAAc,GAAG,IAAI,CAAC,uBAAuB,CAAC,UAAU,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;gBACpF,IAAI,CAAC,cAAc,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;oBAClD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBACxD,CAAC;gBACD,MAAM,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,UAAU,EAAE,UAAU,CAAC,cAAc,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;gBAC9G,OAAO;oBACL,EAAE,EAAE,IAAI;oBACR,MAAM,EAAE;wBACN,OAAO;wBACP,SAAS,EAAE,OAAO,CAAC,SAAS;wBAC5B,MAAM,EAAE,cAAc,CAAC,SAAS;wBAChC,SAAS,EAAE,OAAO,CAAC,SAAS;wBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;wBACtB,cAAc,EAAE,OAAO,CAAC,cAAc;wBACtC,YAAY,EAAE,QAAQ,CAAC,kBAAkB,KAAK,YAAY;4BACxD,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;4BAC9D,CAAC,CAAC,OAAO,CAAC,OAAO;qBACpB;iBACF,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC;gBAClD,OAAO;gBACP,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,KAAK,EAAE;oBACL,IAAI,EAAE,OAAO;oBACb,EAAE,EAAE,OAAO,CAAC,OAAO;iBACpB;gBACD,UAAU;gBACV,KAAK,EAAE;oBACL,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,SAAS,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS;oBAClC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK;oBAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;iBACjC;gBACD,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,IAAI,EAAE,OAAO,CAAC,IAAI;aACnB,CAAC,CAAC;YACH,IAAI,QAAQ,CAAC,IAAI,KAAK,sBAAsB,EAAE,CAAC;gBAC7C,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;gBACjD,CAAC;gBACD,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBACvD,MAAM,cAAc,GAAG,IAAI,CAAC,uBAAuB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;gBAC5E,IAAI,CAAC,cAAc,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;oBAClD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBACxD,CAAC;gBACD,MAAM,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,UAAU,EAAE,UAAU,CAAC,cAAc,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;YAChH,CAAC;YACD,OAAO;gBACL,EAAE,EAAE,IAAI;gBACR,MAAM,EAAE,QAAQ,CAAC,kBAAkB,KAAK,YAAY;oBAClD,CAAC,CAAC;wBACA,GAAG,MAAM;wBACT,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC;qBAC5F;oBACD,CAAC,CAAC,MAAM;aACX,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,MAAM,IAAI,GAAG,KAAK,YAAY,KAAK,IAAI,MAAM,IAAI,KAAK,IAAI,OAAQ,KAA4B,CAAC,IAAI,KAAK,QAAQ;gBAC9G,CAAC,CAAE,KAA0B,CAAC,IAAI;gBAClC,CAAC,CAAC,+BAA+B,CAAC;YACpC,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE;aACzB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,SAAS,CAAC,OAA0B;QAClC,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE;YAC5D,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;SACjC,CAAC,CAAC;IACL,CAAC;IAED,YAAY,CAAC,OAAiC;QAC5C,OAAO,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE;YAChE,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;SACjC,CAAC,CAAC;IACL,CAAC;IAED,YAAY,CAAC,OAAkE;QAC7E,OAAO,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;IAC/C,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,OAA+B;QAC9C,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAClE,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,OAAqC;QAC1D,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACzF,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,OAAqC;QAC1D,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,OAAuE;QAC7F,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;IAC/D,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,OAAuF;QAC9G,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;IAChE,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAAC,OAAgB,EAAE,OAAe,EAAE,YAAoB;QACrF,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;QACvF,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IAEO,SAAS,CAAC,IAAwB;QACxC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAAC,OAAgB,EAAE,MAA0B;QAC1E,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACjD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED,MAAM,UAAU,kBAAkB,CAChC,IAA2B,EAC3B,UAII,EAAE;IAEN,OAAO,IAAI,iBAAiB,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC,WAAW,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;AACjI,CAAC;AAED,MAAM,UAAU,2BAA2B,CACzC,IAAe,EACf,UAII,EAAE;IAEN,OAAO,IAAI,iBAAiB,CAAC,IAAI,EAAE,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;AAC5F,CAAC;AAGD,OAAO,EACL,2BAA2B,EAC3B,6BAA6B,EAC7B,8BAA8B,EAC9B,uBAAuB,GACxB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,0BAA0B,EAAE,MAAM,uBAAuB,CAAC;AACnE,OAAO,EAAE,uBAAuB,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/vault-ingress/remote-transport.js

@@ -24,7 +24,10 @@ export class AgentDispatchHttpTransport {
             method: request.method,
             headers: request.headers,
             body: request.body,
-            proof: { signature: request.proof.signature },
+            proof: {
+                signature: request.proof.signature,
+                token: request.proof.token,
+            },
         };
         const response = await this._fetchImpl(this._url, {
             method: "POST",

package/dist/vault-ingress/remote-transport.js.map

@@ -1 +1 @@
-{"version":3,"file":"remote-transport.js","sourceRoot":"","sources":["../../src/vault-ingress/remote-transport.ts"],"names":[],"mappings":"AAIA;;;GAGG;AACH;;GAEG;AACH,MAAM,OAAO,0BAA0B;IAElB;IACA;IAFnB,YACmB,IAAY,EACZ,aAA2B,KAAK;QADhC,SAAI,GAAJ,IAAI,CAAQ;QACZ,eAAU,GAAV,UAAU,CAAsB;IAChD,CAAC;IAEJ,KAAK,CAAC,QAAQ,CAAC,OAAwB;QACrC,MAAM,aAAa,GAA8B;YAC/C,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK;YAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YACzB,YAAY,EAAE,OAAO,CAAC,UAAU,CAAC,YAAY;YAC7C,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,KAAK,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS,EAAE;SAC9C,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE;YAChD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC;SACpC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,sCAAsC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;QAClG,CAAC;QAED,MAAM,OAAO,GAAiE,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpG,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC1E,KAAa,CAAC,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC;YACzC,MAAM,KAAK,CAAC;QACd,CAAC;QAED,OAAO,OAAO,CAAC,MAAM,CAAC;IACxB,CAAC;CACF"}
+{"version":3,"file":"remote-transport.js","sourceRoot":"","sources":["../../src/vault-ingress/remote-transport.ts"],"names":[],"mappings":"AAIA;;;GAGG;AACH;;GAEG;AACH,MAAM,OAAO,0BAA0B;IAElB;IACA;IAFnB,YACmB,IAAY,EACZ,aAA2B,KAAK;QADhC,SAAI,GAAJ,IAAI,CAAQ;QACZ,eAAU,GAAV,UAAU,CAAsB;IAChD,CAAC;IAEJ,KAAK,CAAC,QAAQ,CAAC,OAAwB;QACrC,MAAM,aAAa,GAA8B;YAC/C,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK;YAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YACzB,YAAY,EAAE,OAAO,CAAC,UAAU,CAAC,YAAY;YAC7C,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,KAAK,EAAE;gBACL,SAAS,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS;gBAClC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK;aAC3B;SACF,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE;YAChD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC;SACpC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,sCAAsC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;QAClG,CAAC;QAED,MAAM,OAAO,GAAiE,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpG,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC1E,KAAa,CAAC,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC;YACzC,MAAM,KAAK,CAAC;QACd,CAAC;QAED,OAAO,OAAO,CAAC,MAAM,CAAC;IACxB,CAAC;CACF"}

package/docs/ARCHITECTURE.md

@@ -1,122 +1,49 @@
-# Architecture
+# Architecture (v1.47.0)
 
-Current product architecture is vault-first.
+The cbio runtime follows a **Sovereign Vault** architecture: a unified, authority-centric model where security is grounded in proof-of-knowledge (passwords) rather than external identity hierarchies.
 
-Related design note:
+## Core Principles
 
-- [Custody Model](CUSTODY_MODEL.md)
-- [Identity Model](IDENTITY_MODEL.md)
+1. **Authority via Password**: Administrative control is granted by unlocking the vault with its master password.
+2. **Unified Storage**: All vault state (secrets, metadata, registries) is stored in a single encrypted partition.
+3. **Managed Agency**: The vault can act as a custodian for its agents, managing their identity material internally.
+4. **Process Isolation**: Sensitive cryptographic operations are physically separated from agent execution environments.
 
-Recommended persistent-vault lifecycle:
+## Identity and Roles
 
-- create through `createVault(...)`
-- recover through `recoverVault(...)` using the owner's identity
+The runtime distinguishes between administrative authority and delegated agency:
 
-## Identity And Roles
+- **`vault-master` (Role)**: The implicit administrative role held by anyone who successfully unlocks the vault.
+- **`agent` (Role)**: A delegated principal with specific capabilities.
+- **Managed Identity**: An identity whose private keys are stored within the vault.
+- **External Identity**: An identity represented by a public key, with private keys managed externally.
 
-The runtime distinguishes external identities from vault-local roles.
+## Components
 
-- `identity`
-  An external principal represented by a public/private keypair.
-- `owner`
-  The single admin role that a vault binds to one identity.
-- `agent`
-  A delegated role that a vault binds to an identity registered by the owner.
+- **`vault-core`**: The secure engine. Stores secret plaintext, validates transactions, and maintains the audit log.
+- **`clients/owner`**: The administrative interface. Used for writing secrets, managing agents, and exporting material.
+- **`clients/agent`**: The consumer interface. Used by agents to request signed dispatches without ever seeing secret plaintext.
+- **`vault-ingress`**: The protocol layer that resolves capabilities and handles incoming requests.
 
-This means:
+## Unified Storage Layout
 
-- outside the vault there are only identities
-- inside a specific vault, identities are bound to roles such as `owner` or `agent`
-- root identities are independent
-- child identities may be deterministically derived from a parent identity private key plus a path
-- an identity may be the `owner` of one vault and an `agent` in another vault
+All vault data is stored under a single prefix: `vaults/<vault-id>/`.
+- **`vault/sealed/profile.sealed`**: Contains all vault metadata (nickname, owner ID, etc.).
+- **`vault/sealed/secrets.sealed`**: Contains the encrypted secret registry.
+- **`vault/sealed/custody/`**: Contains the physical secret shards.
+- **`vault/sealed/identities/`**: Contains the agent identity registry (including managed private keys).
 
-## Public Modules
+Everything in the `vault/sealed/` path is encrypted using the `vaultWorkingKey`, which is derived from the master password.
 
-- `vault-core`
-  Stores secret plaintext, validates writes, validates dispatch, appends audit, invokes trusted executors.
+## Process Isolation (A/B Architecture)
 
-- `clients/owner`
-  Owner-facing client for the single vault admin. It performs secret writes, agent/capability administration, explicit plaintext export, and audit reads.
+To prevent secret leakage even in the case of agent compromise, the runtime is designed for process-level isolation:
+- **Process A (Agent)**: Runs business logic/LLM. Holders a **Managed Identity** signer but has no access to the vault's working key.
+- **Process B (Vault Server)**: Unlocks the vault and processes dispatch requests from Process A.
 
-- `clients/agent`
-  Agent-facing client for signed dispatch requests. It never receives secret plaintext.
+## Implementation Rules
 
-- `vault-ingress`
-  Accepts request-shaped calls, resolves vault-managed capability records inside the vault boundary, performs trusted acquisition flows, and forwards dispatch into vault-core internals.
-
-## Process Isolation (A/B)
-
-The runtime is designed for a secure **A/B Process Architecture**:
-- **Process A (Agent)**: Initiates signed requests via `AgentDispatchHttpTransport`. It never handles master keys or secret plaintext.
-- **Process B (Vault Server)**: Hosts the Vault Core and `VaultService`. It validates agent proofs and performs the actual HTTP dispatch.
-
-See [Process Isolation](PROCESS_ISOLATION.md) for more details.
- 
-## Dual-Area Storage
-
-The vault is physically divided into two partitions to balance security and discoverability:
-
-- **Sealed Area (`vault/sealed/`)**
-  - **Security**: AES-256-GCM encrypted blobs (`.sealed`).
-  - **Access**: Requires the Vault Working Key (identity-derived) for both read and write.
-  - **Auditing**: Every access is tracked and logged in the append-only audit trail.
-
-- **Public Area (`vault/public/`)**
-  - **Security**: Verifiable JSON Envelopes (`.json`).
-  - **Integrity**: Every public file is **digitally signed** by the vault owner's private key.
-  - **Access**: Reading is open and anonymous; however, the SDK automatically verifies signatures to prevent unauthorized tampering.
-  - **Auditing**: Anonymous reading is untracked to reduce noise. Writing requires proving identity through a valid signature.
-
-## Core Rules
-
-1. Secret plaintext exists only inside vault-core.
-2. Only owner and trusted issuer paths may write secrets.
-3. Agent can only request dispatch through capability + proof.
-4. Vault validates and audits every dispatch.
-5. Public metadata (e.g., nicknames, discovery profile) is stored **exclusively** in the Public Area and is digitally signed.
-6. Identity-specific private data is stored in `identities/`, separate from named `vaults/`.
-
-## Current HTTP Secret Flows
-
-The current runtime surface supports two explicit flow classes:
-
-- `acquire_secret`
-  Vault performs an acquisition flow, stores the extracted secret, and returns only protocol metadata plus a flow-specific redacted response shape.
-
-- `send_secret`
-  Vault sends a stored secret to an approved target and returns the remote response as normal agent-visible output.
-  This is the standard secret-use path, not the acquisition path.
-
-The runtime does not attempt to enumerate or understand arbitrary remote protocols. Acquisition is limited to built-in standard flows rather than caller-defined extraction logic. Unsupported mixed or non-secret flows are outside the current production surface.
-
-This is deliberate rather than accidental:
-
-- acquisition flows are treated as sensitive on the response path because they may mint or return new secret material
-- built-in acquisition flows may still expose protocol-defined non-sensitive fields such as expiry or token type
-- normal secret-backed dispatch is treated as a standard protocol call to an owner-approved target
-
-If a target returns sensitive values during a normal dispatch flow, the vault does not try to reinterpret the remote protocol and redact it retroactively. That responsibility belongs to the remote protocol contract and the owner's authorization boundary.
-
-## Owner-Defined Custom HTTP Flows
-
-The current runtime also exposes a narrow exception path for non-standard integrations:
-
-- owner registers a `custom_http` flow
-- the flow fixes `mode`, `targetUrl`, `method`, and `responseVisibility`
-- agent capabilities reference `customFlowId`
-- agent may trigger the flow, but may not redefine it
-
-The owner HTTP boundary itself is modeled as a factory surface:
-
-- `createOwnerHttpFlowBoundary(...)`
-- `createStandardAcquireBoundary(...)`
-- `createStandardDispatchBoundary(...)`
-
-This keeps the escape hatch inside the vault boundary rather than reopening caller-defined open extraction or open response policies.
-
-Current custom modes are:
-
-- `acquire_secret`
-- `send_secret`
-- `bidirectional_secret`
+1. **Locked by Default**: Before unlocking with a password, the vault reveals nothing but its ID.
+2. **Secret Separation**: Plaintext secrets never leave the memory space of `vault-core`.
+3. **Auditability**: Every action is bound to a principal (`vault-master` or `agent-id`) and recorded.
+4. **Capability Gating**: Agents can only act on secrets for which they have an explicit, valid capability.

package/docs/CUSTODY_MODEL.md

@@ -1,148 +1,46 @@
-# Custody Model
+# Custody Model (v1.47.0)
 
-This document defines the intended key and custody model for the local vault runtime.
-
-It exists to remove ambiguity around `owner` identity, secret recovery, and the vault's working-key model.
+This document defines the **Sovereign Vault** custody model for the local vault runtime.
 
 ## Scope
 
-This runtime is a local vault / password-safe style infrastructure layer.
-
-It is not primarily a cloud secret manager.
-It is not a browser extension.
-It is not a CLI.
-
-The runtime is responsible for:
-
-- storing secret material safely at rest
-- using stored secret material during trusted vault operations
-- supporting explicit owner export / reveal operations
-- providing a stable custody model for higher-level products built on top
-
-## Design Goal
-
-The runtime must satisfy all of the following:
-
-1. Normal vault operation must not depend on repeated owner intervention.
-2. Owner must retain explicit recovery and export authority.
-3. Identity proof and secret-material control must not be collapsed into one key by default.
-4. The runtime must not treat a raw process-level string as the final product model.
-
-## Core Terms
-
-### `ownerPrivateKey`
-
-The owner's identity-signing key.
-
-In the current product model, this owner is the single vault admin.
-Other principals should be modeled as agents with capabilities rather than additional owners.
+The runtime is an authority-centric "password safe" style infrastructure. It is responsible for:
+- Storing secret material safely at rest.
+- Providing a **Managed Custody** home for agent identities.
+- Centering all administrative authority on a master password.
 
-Purpose:
+## Design Goals
 
-- prove "this request came from the owner"
-- authorize owner-scoped operations
-- bind audit-visible actions to the owner identity
+1. **Authority via Proof of Knowledge**: Access to the vault's root secrets depends on knowing the master password.
+2. **Managed Agency**: The vault can generate and store private keys for its agents, removing the need for external key management by delegated actors.
+3. **Internalized Identity**: Administrative "Ownership" is a byproduct of unlocking the vault, not a pre-registered cryptographic identity.
 
-Non-purpose:
+## Core Keys
 
-- not the vault's secret-material root
-- not the working encryption key for stored secrets
-- not the recovery key for vault custody
+### Master Password
+The root of all authority. Used to derive the `vaultWorkingKey`.
 
 ### `vaultWorkingKey`
+The runtime's internal encryption key for all stored material (secrets and registries).
+- **Derivation**: Derived from the Master Password + `vaultId` using `scrypt` (KDF).
+- **Purpose**: Protects the vault profile, secret custody, and agent registries at rest.
 
-The runtime's working secret-material key.
-
-Purpose:
-
-- protect secret material at rest
-- support runtime secret use after the vault is in an operational state
-- back vault-side secret load / decrypt operations
-
-Non-purpose:
-
-- not an owner identity key
-- not a user-facing day-to-day API credential
-- not the preferred recovery artifact presented to the owner
-
-## Current Runtime Surface
-
-The persistent runtime surface uses `vaultWorkingKey` as the runtime material-control key.
-The working key is now derived from the owner's private key plus `vaultId` in the high-level runtime path.
+### Managed Agent Keys
+Standard Ed25519 private keys generated and stored *inside* the vault.
+- **Purpose**: Allow agents to sign requests for dispatch without the agent process ever needing to persist its own identity material.
 
 ## Required Separation
 
-The runtime separates two concerns in the high-level path:
-
-1. Identity authority
-   `ownerPrivateKey`
-
-2. Runtime material control
-   `vaultWorkingKey`
-
-This separation is deliberate.
-
-The runtime should not default to a model where one owner signing key directly acts as the encryption root for all stored secret material.
-
-## Owner Relationship To Custody
-
-Owner is the authorization authority for the vault.
-
-Owner is not defined as the same thing as the runtime working key.
-
-Instead:
-
-- owner authorizes actions
-- runtime custody performs storage / load / export work
-- owner retains ultimate recovery and export authority through explicit product mechanisms
-
-In practical terms:
-
-- owner must be able to export secret plaintext through a formal audited interface
-- owner must be able to recover the vault through the owner identity path
-- owner does not need to directly hold the working key during normal runtime operation
+The runtime enforces a hard process boundary (A/B Architecture):
+1. **Security Process (A)**: Holds the Master Password and performs all crypto operations on the `vaultWorkingKey`.
+2. **Agent Process (B)**: Receives a "Managed Identity" (provided by A) to perform authorized dispatches.
 
 ## Export / Reveal Policy
 
-For this runtime family, export is a first-class password-safe capability, not an exception.
-
-That means:
-
-- `exportSecret(...)` is valid product behavior
-- export must be explicit
-- export must be owner-scoped
-- export must be audited
-
-Future hardening such as MFA/TOTP may be added on top of this model, but it does not replace the need to define custody clearly.
-
-## Already Added
-
-The runtime now includes:
-
-1. formal vault creation through `createVault(...)`
-2. owner-identity based re-entry through `recoverVault(...)`
-3. explicit `vaultWorkingKey` terminology in the persistent dependency surface
-4. continued support for explicit owner export through `exportSecret(...)`
-
-## Next
-
-The remaining intended direction is:
-
-1. continue tightening recovery and migration flows
-2. continue reducing low-level helper use in favor of high-level lifecycle entrypoints
-3. keep the custody terminology stable across docs and APIs
-
-## What This Runtime Should Remove
-
-The runtime should move away from these ambiguous product meanings:
-
-- "owner cannot read secrets back"
-- "owner signing key and vault secret-material key are the same by default"
-
-## Non-Goals
-
-This document does not require the runtime to become a cloud KMS product.
+Exporting secret plaintext is a first-class capability of the Sovereign Vault.
+- `exportSecret(...)` is a valid, audited administrative operation.
+- Requires the vault to be in an unlocked (operational) state.
 
-This document also does not require browser, CLI, or MCP concerns to be handled inside the runtime itself.
+## Conclusion
 
-Those layers may consume this runtime, but they do not define the runtime's custody model.
+The Sovereign Vault model prioritizes **Ease of Use** and **Security through Isolation**. By moving away from complex external identity hierarchies, it provides a stable, "password-manager" style experience for automated agency.

package/docs/IDENTITY_MODEL.md

@@ -1,128 +1,50 @@
-# Identity Model
+# Identity Model (v1.47.0)
 
-This document defines the runtime's current identity model.
+This document defines the identity model for the **Sovereign Vault**. 
 
-Its purpose is to separate three things that are easy to confuse:
+## Principle: Authority, Not Identity
 
-- cryptographic identity
-- human-readable naming
-- vault-local role assignment
+The Sovereign Vault model simplifies the relationship between actors and the vault:
 
-## Core Rule
+1. **Administrator (Owner)**: Authority is rooted in **knowledge of the master password**. There is no pre-registered `OwnerIdentity`. If you can unlock the vault, you are the master.
+2. **Delegates (Agents)**: Identities authorized by the master to perform specific tasks.
 
-Outside the vault, there are only identities.
+## Identity Types
 
-Inside a specific vault, identities may be bound to roles such as `owner` or `agent`.
+### 1. External Identity
+A principal represented by a public/private keypair managed *outside* the vault. These are registered by providing a public key.
 
-This means:
+### 2. Managed Identity (New in v1.47.0)
+An identity whose public/private keypair is generated and stored **inside** the vault. 
+- The vault acts as the custodian of the private key.
+- This is the preferred model for preventing lost keys in isolated agent processes.
 
-- `owner` is not a different species of identity
-- `agent` is not a different species of identity
-- role comes from vault-local authorization state, not from the keypair itself
+## Identifying Principals
 
-## Identity
+### Identity ID
+A stable, public-key-derived identifier (via `deriveIdentityId(...)`). 
+- Used for internal registries, capability assignment, and audit logs.
+- Decoupled from human-readable labels.
 
-An `identity` is an external principal represented by a public/private keypair.
+### Nicknames
+Human-friendly labels (e.g., "Main Worker", "Auth Service"). 
+- Stored as metadata within the registry.
+- Purely for display and audit traceability.
 
-Properties:
+## Vault Role: "vault-master"
 
-- root identities are independent
-- child identities may be deterministically derived from a parent identity private key plus a path
-- no built-in inheritance
-- no built-in "owner creates agent identity" relationship
+All administrative operations performed by the password-holder are recorded under the special principal **`vault-master`**. 
 
-An identity may participate in multiple vaults, and may hold different roles in different vaults.
+## What was Removed
 
-Example:
+To achieve the Sovereign Vault's simplicity, the following legacy concepts were removed:
+- **Child Identities**: Deterministic derivation of keys from a parent identity is no longer supported. Use **Managed Identities** instead.
+- **Identity-Private Vaults**: Every identity used to have its own encrypted "mini-vault". This has been replaced by the unified storage of the Sovereign Vault.
 
-- the same identity may be `owner` in vault A
-- and `agent` in vault B
+## Relationship Summary
 
-## Identity Material
-
-The runtime treats public/private keys as the cryptographic identity material.
-
-- `publicKey`
-  used for verification and binding
-- `privateKey`
-  held outside the vault by the identity holder
-
-The vault should not treat a display label as the root identity truth.
-
-## Stable Identity ID
-
-The runtime already has a stable public-key-derived identity primitive available through `deriveIdentityId(...)`.
-
-That derived value is useful for:
-
-- stable machine identity
-- local naming
-- deterministic display-independent references
-
-It should not, by itself, determine vault-local role.
-
-## Labels And Human-Readable Names
-
-Human-friendly names are still useful.
-
-Examples:
-
-- `owner-1`
-- `agent-prod`
-- `crawler`
-- `alice`
-
-These should be treated as labels, aliases, or local names rather than the deepest identity truth.
-
-The runtime now exposes this concept directly as optional `nickname` on `createIdentity(...)`.
-
-For existing private keys, the runtime exposes `restoreIdentity(...)`, which reconstructs the same identity shape from the private key alone.
-
-For child identities, the runtime exposes `createChildIdentity(storage, parentIdentity, { nickname })` for user-facing creation, and `deriveChildIdentity(parentIdentity, childIndex, { nickname })` for deterministic reconstruction when the stored `childIndex` is known. `nickname` remains display-only.
-
-Identity-private state is stored under `vault/private/identities/<identityId>/...` and encrypted with a key derived from that identity's private key. To inspect those records, callers use `readIdentityPrivateVaultProfile(...)` and `readIdentityPrivateVaultChildrenState(...)` with the identity object or private key.
-
-In other words:
-
-- public key or a stable derived id answers "who is this cryptographically"
-- label answers "what do humans call this identity here"
-
-## Vault Roles
-
-Vault roles are authorization bindings applied to identities inside a specific vault.
-
-Current role model:
-
-- `owner`
-  the single admin role for one vault
-- `agent`
-  a delegated role registered and authorized by the owner
-
-These roles are vault-local.
-
-So:
-
-- an identity does not become globally `owner`
-- an identity does not become globally `agent`
-- the same identity may appear with different roles in different vaults
-
-## Current Runtime Reality
-
-Today the runtime API still uses fields such as:
-
-- `ownerId`
-- `agentId`
-
-In practice, these currently behave closer to role-bound local identifiers or labels than to the deepest cryptographic identity root.
-
-The long-term intended direction is:
-
-1. keep cryptographic identity separate from labels
-2. keep vault-local role separate from both
-3. avoid treating naming conventions such as prefixes as identity truth
-
-## Non-Goals
-
-This model does not require every current API field to be renamed immediately.
-
-Its purpose is to define the correct semantics first, so later API changes can converge on one stable interpretation.
+| Actor | Source of Authority | Registry |
+| :--- | :--- | :--- |
+| **Owner** | Master Password | Implicit (via Unlock) |
+| **Managed Agent** | Vault Registry (Internal Key) | `agentIdentities` registry |
+| **External Agent** | External Signer (Public Key) | `agentIdentities` registry |