@the-ai-company/cbio-node-runtime 1.48.6 → 1.50.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (127) hide show
  1. package/README.md +44 -28
  2. package/dist/clients/agent/client.d.ts +8 -6
  3. package/dist/clients/agent/client.js +67 -49
  4. package/dist/clients/agent/client.js.map +1 -1
  5. package/dist/clients/agent/contracts.d.ts +13 -1
  6. package/dist/clients/agent/index.d.ts +1 -1
  7. package/dist/clients/owner/client.d.ts +20 -14
  8. package/dist/clients/owner/client.js +144 -52
  9. package/dist/clients/owner/client.js.map +1 -1
  10. package/dist/clients/owner/contracts.d.ts +58 -28
  11. package/dist/clients/owner/index.d.ts +1 -1
  12. package/dist/runtime/index.d.ts +4 -3
  13. package/dist/runtime/index.js +5 -1
  14. package/dist/runtime/index.js.map +1 -1
  15. package/dist/vault-core/contracts.d.ts +91 -3
  16. package/dist/vault-core/contracts.js +3 -0
  17. package/dist/vault-core/contracts.js.map +1 -1
  18. package/dist/vault-core/core.d.ts +44 -25
  19. package/dist/vault-core/core.js +290 -73
  20. package/dist/vault-core/core.js.map +1 -1
  21. package/dist/vault-core/defaults.d.ts +9 -1
  22. package/dist/vault-core/defaults.js +39 -6
  23. package/dist/vault-core/defaults.js.map +1 -1
  24. package/dist/vault-core/index.d.ts +3 -3
  25. package/dist/vault-core/index.js +1 -1
  26. package/dist/vault-core/index.js.map +1 -1
  27. package/dist/vault-core/persistence.d.ts +1 -0
  28. package/dist/vault-core/persistence.js +7 -1
  29. package/dist/vault-core/persistence.js.map +1 -1
  30. package/dist/vault-core/ports.d.ts +8 -0
  31. package/dist/vault-ingress/defaults.d.ts +4 -1
  32. package/dist/vault-ingress/defaults.js +12 -3
  33. package/dist/vault-ingress/defaults.js.map +1 -1
  34. package/dist/vault-ingress/index.d.ts +137 -21
  35. package/dist/vault-ingress/index.js +156 -46
  36. package/dist/vault-ingress/index.js.map +1 -1
  37. package/dist/vault-ingress/remote-transport.d.ts +7 -2
  38. package/dist/vault-ingress/remote-transport.js +61 -3
  39. package/dist/vault-ingress/remote-transport.js.map +1 -1
  40. package/dist/vault-ingress/server-utils.d.ts +2 -1
  41. package/dist/vault-ingress/server-utils.js +42 -1
  42. package/dist/vault-ingress/server-utils.js.map +1 -1
  43. package/docs/REFERENCE.md +46 -17
  44. package/docs/api/README.md +10 -3
  45. package/docs/api/classes/IdentityError.md +1 -1
  46. package/docs/api/classes/VaultCore.md +258 -102
  47. package/docs/api/classes/VaultCoreError.md +1 -1
  48. package/docs/api/enumerations/IdentityErrorCode.md +1 -1
  49. package/docs/api/functions/createAgentClient.md +1 -1
  50. package/docs/api/functions/createIdentity.md +1 -1
  51. package/docs/api/functions/createOwnerHttpFlowBoundary.md +1 -1
  52. package/docs/api/functions/createPersistentVaultCoreDependencies.md +1 -1
  53. package/docs/api/functions/createStandardAcquireBoundary.md +1 -1
  54. package/docs/api/functions/createStandardDispatchBoundary.md +1 -1
  55. package/docs/api/functions/createVault.md +1 -1
  56. package/docs/api/functions/createVaultClient.md +1 -1
  57. package/docs/api/functions/createVaultCore.md +1 -1
  58. package/docs/api/functions/createVaultCoreDependencies.md +1 -1
  59. package/docs/api/functions/createVaultService.md +1 -1
  60. package/docs/api/functions/createWorkspaceStorage.md +1 -1
  61. package/docs/api/functions/deriveIdentityId.md +1 -1
  62. package/docs/api/functions/deriveVaultWorkingKeyFromPassword.md +1 -1
  63. package/docs/api/functions/getDefaultWorkspaceDir.md +1 -1
  64. package/docs/api/functions/handleVaultAgentControlHttp.md +21 -0
  65. package/docs/api/functions/handleVaultHttpDispatch.md +1 -1
  66. package/docs/api/functions/initializeVaultCustody.md +1 -1
  67. package/docs/api/functions/listVaults.md +1 -1
  68. package/docs/api/functions/readVaultProfile.md +1 -1
  69. package/docs/api/functions/recoverVault.md +1 -1
  70. package/docs/api/functions/recoverVaultWorkingKey.md +1 -1
  71. package/docs/api/functions/restoreIdentity.md +1 -1
  72. package/docs/api/functions/updateVaultMetadata.md +1 -1
  73. package/docs/api/functions/wrapVaultCoreAsVaultService.md +1 -1
  74. package/docs/api/functions/writeVaultProfile.md +1 -1
  75. package/docs/api/interfaces/AgentClient.md +41 -5
  76. package/docs/api/interfaces/AgentDispatchIntent.md +1 -1
  77. package/docs/api/interfaces/AgentDispatchTransport.md +51 -3
  78. package/docs/api/interfaces/AgentIdentity.md +1 -1
  79. package/docs/api/interfaces/AgentSigner.md +1 -1
  80. package/docs/api/interfaces/AgentSubmitCapabilityRequestInput.md +41 -0
  81. package/docs/api/interfaces/CbioRuntime.md +21 -1
  82. package/docs/api/interfaces/CreateAgentClientOptions.md +3 -9
  83. package/docs/api/interfaces/CreateIdentityOptions.md +1 -1
  84. package/docs/api/interfaces/CreatePersistentVaultCoreDependenciesOptions.md +1 -1
  85. package/docs/api/interfaces/CreateVaultClientOptions.md +1 -1
  86. package/docs/api/interfaces/CreateVaultOptions.md +1 -1
  87. package/docs/api/interfaces/CreatedVault.md +1 -1
  88. package/docs/api/interfaces/DefaultPolicyEngineOptions.md +1 -1
  89. package/docs/api/interfaces/IStorageProvider.md +1 -1
  90. package/docs/api/interfaces/InitializeVaultCustodyOptions.md +1 -1
  91. package/docs/api/interfaces/InitializedVaultCustody.md +1 -1
  92. package/docs/api/interfaces/OwnerAgentProvisionResult.md +17 -0
  93. package/docs/api/interfaces/OwnerDefineSecretTargetsInput.md +1 -1
  94. package/docs/api/interfaces/OwnerSecretTargetBinding.md +1 -1
  95. package/docs/api/interfaces/OwnerStoreSecretInput.md +1 -1
  96. package/docs/api/interfaces/OwnerWriteSecretInput.md +1 -1
  97. package/docs/api/interfaces/RecoverVaultOptions.md +1 -1
  98. package/docs/api/interfaces/RecoveredVault.md +1 -1
  99. package/docs/api/interfaces/RestoreIdentityOptions.md +1 -1
  100. package/docs/api/interfaces/Signer.md +1 -1
  101. package/docs/api/interfaces/VaultApproveCapabilityRequestInput.md +23 -0
  102. package/docs/api/interfaces/VaultAuditQueryInput.md +1 -1
  103. package/docs/api/interfaces/VaultClient.md +123 -33
  104. package/docs/api/interfaces/VaultCoreDependenciesOptions.md +1 -1
  105. package/docs/api/interfaces/VaultCreateAgentInput.md +1 -7
  106. package/docs/api/interfaces/VaultDeleteSecretInput.md +1 -1
  107. package/docs/api/interfaces/VaultExportSecretInput.md +1 -1
  108. package/docs/api/interfaces/VaultGrantCapabilityInput.md +13 -19
  109. package/docs/api/interfaces/VaultIdentity.md +1 -1
  110. package/docs/api/interfaces/VaultImportAgentInput.md +29 -0
  111. package/docs/api/interfaces/VaultListAgentsInput.md +1 -1
  112. package/docs/api/interfaces/VaultListCapabilitiesInput.md +1 -1
  113. package/docs/api/interfaces/VaultListSecretsInput.md +11 -0
  114. package/docs/api/interfaces/VaultMetadata.md +1 -1
  115. package/docs/api/interfaces/VaultObject.md +1 -1
  116. package/docs/api/interfaces/VaultProfile.md +1 -1
  117. package/docs/api/interfaces/VaultRegisterFlowInput.md +1 -1
  118. package/docs/api/interfaces/VaultRevokeCapabilityInput.md +1 -1
  119. package/docs/api/interfaces/VaultSigner.md +1 -1
  120. package/docs/api/interfaces/VaultSubmitCapabilityRequestInput.md +79 -0
  121. package/docs/api/type-aliases/AgentCapabilityEnvelope.md +1 -1
  122. package/docs/api/type-aliases/AgentVisibleSecretRecord.md +7 -0
  123. package/docs/api/type-aliases/CbioRuntimeModule.md +1 -1
  124. package/docs/api/variables/DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY.md +1 -1
  125. package/examples/process-isolation.ts +24 -15
  126. package/package.json +1 -1
  127. package/docs/api/interfaces/VaultRegisterAgentInput.md +0 -41
package/examples/process-isolation.ts CHANGED
@@ -8,13 +8,12 @@ import {
8
8
  AgentDispatchHttpTransport,
9
9
  MemoryStorageProvider,
10
10
  } from "../src/runtime/index.js";
11
- import { LocalSigner } from "../src/protocol/crypto.js";
12
11
 
13
12
  /**
14
13
  * This example demonstrates the A/B Process Architecture (Process Isolation).
15
14
  *
16
15
  * - Process B (The Vault): Hosts the actual secrets and performs the HTTP dispatch.
17
- * - Process A (The Agent): Signs requests and sends them to Process B. A never sees the secret.
16
+ * - Process A (The Agent): Uses a session token to call Process B. A never sees the secret.
18
17
  */
19
18
 
20
19
  // --- Process B: The Vault Server Logic ---
@@ -25,7 +24,7 @@ async function startVaultServer(port: number) {
25
24
  // Create a real vault in memory
26
25
  const { core } = await createVault(storage, {
27
26
  vaultId: "vault-isolated-server",
28
- ownerIdentity,
27
+ password: "process-isolation-demo-password",
29
28
  });
30
29
 
31
30
  // Wrap as a Service
@@ -61,7 +60,7 @@ async function startVaultServer(port: number) {
61
60
  }
62
61
 
63
62
  // --- Process A: The LLM Agent Logic ---
64
- async function runAgentDemo(port: number, agentIdentity: any, capability: any) {
63
+ async function runAgentDemo(port: number, agentIdentity: any, capability: any, token: string) {
65
64
  // Process A ONLY knows the remote URL and its own Agent Identity.
66
65
  // It has NO access to the Vault's master key or storage.
67
66
  const transport = new AgentDispatchHttpTransport(`http://localhost:${port}/dispatch`);
@@ -70,13 +69,13 @@ async function runAgentDemo(port: number, agentIdentity: any, capability: any) {
70
69
  agentIdentity,
71
70
  capability,
72
71
  transport,
73
- signer: new LocalSigner(agentIdentity),
72
+ token,
74
73
  });
75
74
 
76
75
  console.log("[Process A] LLM Agent requesting secret-backed dispatch...");
77
76
 
78
77
  try {
79
- const result = await agentClient.dispatch({
78
+ const result = await agentClient.agentDispatch({
80
79
  secretAlias: "api-token",
81
80
  targetUrl: "https://httpbin.org/post",
82
81
  method: "POST",
@@ -102,27 +101,28 @@ async function main() {
102
101
  const agentIdentity = createIdentity({ nickname: "llm-agent-1" });
103
102
 
104
103
  // Owner registers the agent and a capability (simulated local call for setup)
105
- await vault.registerAgentIdentity({
104
+ await vault.ownerRegisterAgentIdentity({
106
105
  vaultId: vault.vaultId,
106
+ requestId: `setup:${Date.now()}:register_agent`,
107
107
  owner: { kind: "owner", id: ownerIdentity.identityId },
108
108
  agentIdentity: {
109
109
  vaultId: vault.vaultId,
110
110
  agentId: agentIdentity.identityId,
111
111
  publicKey: agentIdentity.publicKey,
112
112
  },
113
- proof: { signature: "setup-proof", ownerId: ownerIdentity.identityId, requestedAt: new Date().toISOString() },
113
+ requestedAt: new Date().toISOString(),
114
114
  });
115
115
 
116
116
  // Owner writes a secret (simulated local call for setup)
117
- const secret = await vault.writeSecret({
117
+ const secret = await vault.ownerWriteSecret({
118
118
  kind: "owner.write_secret",
119
119
  vaultId: vault.vaultId,
120
+ requestId: `setup:${Date.now()}:write_secret`,
120
121
  owner: { kind: "owner", id: ownerIdentity.identityId },
121
122
  alias: "api-token",
122
123
  plaintext: "SK-PROD-12345",
123
124
  targetBindings: [{ kind: "site", targetId: "httpbin.org", targetUrl: "https://httpbin.org/post", methods: ["POST"] }],
124
125
  requestedAt: new Date().toISOString(),
125
- proof: { signature: "setup-proof", ownerId: ownerIdentity.identityId, requestedAt: new Date().toISOString() },
126
126
  });
127
127
 
128
128
  const capability = {
@@ -132,20 +132,29 @@ async function main() {
132
132
  secretIds: [secret.secretId.value],
133
133
  secretAliases: ["api-token"],
134
134
  operation: "dispatch_http" as const,
135
- allowedTargets: ["https://httpbin.org/post"],
136
- allowedMethods: ["POST"],
135
+ scope: "https://httpbin.org/post",
136
+ methods: ["POST"],
137
137
  issuedAt: new Date().toISOString(),
138
138
  };
139
139
 
140
- await vault.registerCapability({
140
+ await vault.ownerRegisterCapability({
141
141
  vaultId: vault.vaultId,
142
+ requestId: `setup:${Date.now()}:register_capability`,
142
143
  owner: { kind: "owner", id: ownerIdentity.identityId },
143
144
  capability,
144
- proof: { signature: "setup-proof", ownerId: ownerIdentity.identityId, requestedAt: new Date().toISOString() },
145
+ requestedAt: new Date().toISOString(),
146
+ });
147
+
148
+ const session = await vault.ownerIssueSessionToken({
149
+ vaultId: vault.vaultId,
150
+ requestId: `setup:${Date.now()}:issue_session_token`,
151
+ actor: { kind: "owner", id: ownerIdentity.identityId },
152
+ agentId: agentIdentity.identityId,
153
+ requestedAt: new Date().toISOString(),
145
154
  });
146
155
 
147
156
  // 3. Run the "LLM Agent" (Process A)
148
- await runAgentDemo(PORT, agentIdentity, capability);
157
+ await runAgentDemo(PORT, agentIdentity, capability, session.token);
149
158
 
150
159
  // 4. Cleanup
151
160
  server.close();
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@the-ai-company/cbio-node-runtime",
3
- "version": "1.48.6",
3
+ "version": "1.50.0",
4
4
  "publishConfig": {
5
5
  "access": "public"
6
6
  },
package/docs/api/interfaces/VaultRegisterAgentInput.md DELETED
@@ -1,41 +0,0 @@
1
- [**CBIO Node Runtime Agent API v1.48.6**](../README.md)
2
-
3
- ***
4
-
5
- # Interface: VaultRegisterAgentInput
6
-
7
- ## Properties
8
-
9
- ### agentId
10
-
11
- > **agentId**: `string`
12
-
13
- ***
14
-
15
- ### metadata?
16
-
17
- > `optional` **metadata?**: `Record`\<`string`, `any`\>
18
-
19
- ***
20
-
21
- ### nickname?
22
-
23
- > `optional` **nickname?**: `string`
24
-
25
- ***
26
-
27
- ### privateKey?
28
-
29
- > `optional` **privateKey?**: `string`
30
-
31
- ***
32
-
33
- ### publicKey
34
-
35
- > **publicKey**: `string`
36
-
37
- ***
38
-
39
- ### requestedAt?
40
-
41
- > `optional` **requestedAt?**: `string`