@the-ai-company/cbio-node-runtime 1.57.0 → 1.59.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +53 -30
- package/dist/clients/agent/client.d.ts +3 -1
- package/dist/clients/agent/client.js +41 -11
- package/dist/clients/agent/client.js.map +1 -1
- package/dist/clients/agent/contracts.d.ts +5 -2
- package/dist/clients/owner/client.d.ts +8 -10
- package/dist/clients/owner/client.js +45 -38
- package/dist/clients/owner/client.js.map +1 -1
- package/dist/clients/owner/contracts.d.ts +11 -25
- package/dist/clients/owner/index.d.ts +1 -1
- package/dist/runtime/index.d.ts +1 -1
- package/dist/runtime/index.js.map +1 -1
- package/dist/vault-core/contracts.d.ts +133 -46
- package/dist/vault-core/contracts.js +4 -3
- package/dist/vault-core/contracts.js.map +1 -1
- package/dist/vault-core/core.d.ts +10 -5
- package/dist/vault-core/core.js +315 -160
- package/dist/vault-core/core.js.map +1 -1
- package/dist/vault-core/defaults.d.ts +8 -4
- package/dist/vault-core/defaults.js +37 -70
- package/dist/vault-core/defaults.js.map +1 -1
- package/dist/vault-core/index.d.ts +1 -1
- package/dist/vault-core/index.js.map +1 -1
- package/dist/vault-core/persistence.d.ts +11 -2
- package/dist/vault-core/persistence.js +37 -1
- package/dist/vault-core/persistence.js.map +1 -1
- package/dist/vault-core/ports.d.ts +7 -2
- package/dist/vault-core/tool-metadata.js +25 -8
- package/dist/vault-core/tool-metadata.js.map +1 -1
- package/dist/vault-ingress/defaults.d.ts +2 -0
- package/dist/vault-ingress/defaults.js +6 -0
- package/dist/vault-ingress/defaults.js.map +1 -1
- package/dist/vault-ingress/index.d.ts +39 -10
- package/dist/vault-ingress/index.js +142 -56
- package/dist/vault-ingress/index.js.map +1 -1
- package/dist/vault-ingress/remote-transport.d.ts +2 -0
- package/dist/vault-ingress/remote-transport.js +33 -4
- package/dist/vault-ingress/remote-transport.js.map +1 -1
- package/docs/ARCHITECTURE.md +1 -1
- package/docs/REFERENCE.md +36 -27
- package/docs/WORKS_WITH_CUSTOM_FETCH.md +2 -2
- package/docs/api/README.md +2 -4
- package/docs/api/classes/IdentityError.md +1 -1
- package/docs/api/classes/OwnerClientError.md +1 -1
- package/docs/api/classes/VaultCore.md +81 -33
- package/docs/api/classes/VaultCoreError.md +1 -1
- package/docs/api/enumerations/IdentityErrorCode.md +1 -1
- package/docs/api/enumerations/OwnerClientErrorCode.md +1 -1
- package/docs/api/functions/createAgentClient.md +1 -1
- package/docs/api/functions/createIdentity.md +1 -1
- package/docs/api/functions/createOwnerHttpFlowBoundary.md +1 -1
- package/docs/api/functions/createOwnerSession.md +1 -1
- package/docs/api/functions/createPersistentVaultCoreDependencies.md +1 -1
- package/docs/api/functions/createStandardAcquireBoundary.md +1 -1
- package/docs/api/functions/createStandardDispatchBoundary.md +1 -1
- package/docs/api/functions/createVault.md +1 -1
- package/docs/api/functions/createVaultClient.md +1 -1
- package/docs/api/functions/createVaultCore.md +1 -1
- package/docs/api/functions/createVaultCoreDependencies.md +1 -1
- package/docs/api/functions/createVaultService.md +1 -1
- package/docs/api/functions/createWorkspaceStorage.md +1 -1
- package/docs/api/functions/deriveIdentityId.md +1 -1
- package/docs/api/functions/deriveVaultWorkingKeyFromPassword.md +1 -1
- package/docs/api/functions/getDefaultWorkspaceDir.md +1 -1
- package/docs/api/functions/handleVaultAgentControlHttp.md +1 -1
- package/docs/api/functions/handleVaultHttpDispatch.md +1 -1
- package/docs/api/functions/initializeVaultCustody.md +1 -1
- package/docs/api/functions/listVaults.md +1 -1
- package/docs/api/functions/readVaultProfile.md +1 -1
- package/docs/api/functions/recoverVault.md +1 -1
- package/docs/api/functions/recoverVaultWorkingKey.md +1 -1
- package/docs/api/functions/restoreIdentity.md +1 -1
- package/docs/api/functions/updateVaultMetadata.md +1 -1
- package/docs/api/functions/wrapVaultCoreAsVaultService.md +1 -1
- package/docs/api/functions/writeVaultProfile.md +1 -1
- package/docs/api/interfaces/AgentClient.md +27 -1
- package/docs/api/interfaces/AgentDispatchIntent.md +1 -1
- package/docs/api/interfaces/AgentDispatchTransport.md +33 -1
- package/docs/api/interfaces/AgentIdentity.md +1 -1
- package/docs/api/interfaces/AgentSigner.md +1 -1
- package/docs/api/interfaces/AgentSubmitCapabilityRequestInput.md +9 -9
- package/docs/api/interfaces/CbioRuntime.md +1 -1
- package/docs/api/interfaces/CreateAgentClientOptions.md +1 -1
- package/docs/api/interfaces/CreateIdentityOptions.md +1 -1
- package/docs/api/interfaces/CreateOwnerSessionOptions.md +1 -1
- package/docs/api/interfaces/CreatePersistentVaultCoreDependenciesOptions.md +1 -1
- package/docs/api/interfaces/CreateVaultClientOptions.md +1 -1
- package/docs/api/interfaces/CreateVaultOptions.md +1 -1
- package/docs/api/interfaces/CreatedVault.md +1 -1
- package/docs/api/interfaces/DefaultPolicyEngineOptions.md +1 -1
- package/docs/api/interfaces/IStorageProvider.md +1 -1
- package/docs/api/interfaces/InitializeVaultCustodyOptions.md +1 -1
- package/docs/api/interfaces/InitializedVaultCustody.md +1 -1
- package/docs/api/interfaces/OwnerAgentProvisionResult.md +1 -1
- package/docs/api/interfaces/OwnerSensitiveActionConfirmation.md +1 -1
- package/docs/api/interfaces/OwnerSensitiveActionContext.md +1 -1
- package/docs/api/interfaces/OwnerSession.md +1 -1
- package/docs/api/interfaces/OwnerStoreSecretInput.md +1 -1
- package/docs/api/interfaces/OwnerWriteSecretInput.md +1 -7
- package/docs/api/interfaces/RecoverVaultOptions.md +1 -1
- package/docs/api/interfaces/RecoveredVault.md +1 -1
- package/docs/api/interfaces/RestoreIdentityOptions.md +1 -1
- package/docs/api/interfaces/Signer.md +1 -1
- package/docs/api/interfaces/VaultApproveCapabilityRequestInput.md +1 -1
- package/docs/api/interfaces/VaultApproveDispatchInput.md +1 -1
- package/docs/api/interfaces/VaultAuditQueryInput.md +1 -1
- package/docs/api/interfaces/VaultClient.md +58 -44
- package/docs/api/interfaces/VaultCoreDependenciesOptions.md +1 -1
- package/docs/api/interfaces/VaultCreateAgentInput.md +1 -1
- package/docs/api/interfaces/VaultDeleteSecretInput.md +1 -1
- package/docs/api/interfaces/VaultExportSecretInput.md +1 -1
- package/docs/api/interfaces/VaultGrantCapabilityInput.md +9 -21
- package/docs/api/interfaces/VaultGrantCapabilityRequest.md +1 -1
- package/docs/api/interfaces/VaultIdentity.md +1 -1
- package/docs/api/interfaces/VaultImportAgentInput.md +1 -1
- package/docs/api/interfaces/VaultIssueSessionTokenInput.md +1 -1
- package/docs/api/interfaces/VaultListAgentsInput.md +1 -1
- package/docs/api/interfaces/VaultListCapabilitiesInput.md +1 -1
- package/docs/api/interfaces/VaultListSecretsInput.md +1 -1
- package/docs/api/interfaces/VaultMetadata.md +1 -1
- package/docs/api/interfaces/VaultObject.md +1 -1
- package/docs/api/interfaces/VaultProfile.md +1 -1
- package/docs/api/interfaces/VaultReadAgentPrivateKeyInput.md +1 -1
- package/docs/api/interfaces/VaultReadSecretPlaintextInput.md +1 -1
- package/docs/api/interfaces/VaultRegisterFlowInput.md +1 -1
- package/docs/api/interfaces/VaultRevokeCapabilityInput.md +1 -1
- package/docs/api/interfaces/VaultRevokeSessionTokenInput.md +1 -1
- package/docs/api/interfaces/VaultSigner.md +1 -1
- package/docs/api/interfaces/VaultSubmitCapabilityRequestInput.md +11 -17
- package/docs/api/interfaces/VaultUpdateAgentInput.md +1 -1
- package/docs/api/type-aliases/AgentCapabilityEnvelope.md +1 -1
- package/docs/api/type-aliases/AgentVisibleSecretRecord.md +1 -1
- package/docs/api/type-aliases/CbioRuntimeModule.md +1 -1
- package/docs/api/type-aliases/OwnerGrantCapabilityInput.md +1 -1
- package/docs/api/variables/DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY.md +1 -1
- package/docs/zh/README.md +26 -16
- package/examples/process-isolation.ts +7 -5
- package/package.json +1 -1
- package/docs/api/interfaces/OwnerDefineSecretTargetsInput.md +0 -23
- package/docs/api/interfaces/OwnerSecretTargetBinding.md +0 -35
|
@@ -1,15 +1,7 @@
|
|
|
1
1
|
import type { OwnerHttpFlowBoundary } from "../../vault-ingress/flow-factories.js";
|
|
2
|
-
export interface OwnerSecretTargetBinding {
|
|
3
|
-
kind: "owner" | "site";
|
|
4
|
-
targetId: string;
|
|
5
|
-
targetUrl?: string;
|
|
6
|
-
methods?: readonly string[];
|
|
7
|
-
paths?: readonly string[];
|
|
8
|
-
}
|
|
9
2
|
export interface OwnerWriteSecretInput {
|
|
10
3
|
alias: string;
|
|
11
4
|
plaintext: string;
|
|
12
|
-
targetBindings: readonly OwnerSecretTargetBinding[];
|
|
13
5
|
requestedAt?: string;
|
|
14
6
|
}
|
|
15
7
|
export interface OwnerStoreSecretInput {
|
|
@@ -17,11 +9,6 @@ export interface OwnerStoreSecretInput {
|
|
|
17
9
|
plaintext: string;
|
|
18
10
|
requestedAt?: string;
|
|
19
11
|
}
|
|
20
|
-
export interface OwnerDefineSecretTargetsInput {
|
|
21
|
-
alias: string;
|
|
22
|
-
targetBindings: readonly OwnerSecretTargetBinding[];
|
|
23
|
-
requestedAt?: string;
|
|
24
|
-
}
|
|
25
12
|
export interface VaultAuditQueryInput {
|
|
26
13
|
actorId?: string;
|
|
27
14
|
secretAlias?: string;
|
|
@@ -75,11 +62,9 @@ export interface VaultRegisterFlowInput extends OwnerHttpFlowBoundary {
|
|
|
75
62
|
export interface VaultGrantCapabilityInput {
|
|
76
63
|
agentId: string;
|
|
77
64
|
operation?: string;
|
|
78
|
-
secretAliases?: readonly string[];
|
|
79
|
-
secretIds?: readonly string[];
|
|
80
65
|
customFlowId?: string;
|
|
81
|
-
|
|
82
|
-
|
|
66
|
+
write: import("../../vault-core/index.js").CapabilityWritePolicy;
|
|
67
|
+
read: import("../../vault-core/index.js").CapabilityReadPolicy;
|
|
83
68
|
expiresAt?: string;
|
|
84
69
|
expiresIn?: number;
|
|
85
70
|
rateLimit?: {
|
|
@@ -107,9 +92,8 @@ export interface VaultSubmitCapabilityRequestInput {
|
|
|
107
92
|
requester: import("../../vault-core/index.js").VaultPrincipal;
|
|
108
93
|
agentId: string;
|
|
109
94
|
operation?: string;
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
methods: readonly string[];
|
|
95
|
+
write: import("../../vault-core/index.js").CapabilityWritePolicy;
|
|
96
|
+
read: import("../../vault-core/index.js").CapabilityReadPolicy;
|
|
113
97
|
rateLimit?: {
|
|
114
98
|
maxRequests: number;
|
|
115
99
|
windowMs: number;
|
|
@@ -125,7 +109,8 @@ export interface VaultApproveCapabilityRequestInput {
|
|
|
125
109
|
}
|
|
126
110
|
export interface VaultListCapabilityStatesInput {
|
|
127
111
|
agentId?: string;
|
|
128
|
-
|
|
112
|
+
writeStatus?: import("../../vault-core/index.js").CapabilityApprovalStatus;
|
|
113
|
+
readStatus?: import("../../vault-core/index.js").CapabilityApprovalStatus;
|
|
129
114
|
requestedAt?: string;
|
|
130
115
|
}
|
|
131
116
|
export interface VaultDeleteSecretInput {
|
|
@@ -177,7 +162,6 @@ export interface CreateVaultClientOptions {
|
|
|
177
162
|
*/
|
|
178
163
|
export interface VaultClient {
|
|
179
164
|
ownerStoreSecret(input: OwnerStoreSecretInput): Promise<import("../../vault-core/index.js").SecretRecord>;
|
|
180
|
-
ownerDefineSecretTargets(input: OwnerDefineSecretTargetsInput): Promise<import("../../vault-core/index.js").SecretRecord>;
|
|
181
165
|
ownerWriteSecret(input: OwnerWriteSecretInput): Promise<import("../../vault-core/index.js").SecretRecord>;
|
|
182
166
|
ownerExportSecret(input: VaultExportSecretInput): Promise<import("../../vault-core/index.js").OwnerSecretExport>;
|
|
183
167
|
ownerReadSecretPlaintext(input: VaultReadSecretPlaintextInput): Promise<string>;
|
|
@@ -198,8 +182,10 @@ export interface VaultClient {
|
|
|
198
182
|
ownerIssueAllSessionTokens(): Promise<readonly import("../../vault-core/index.js").OwnerSessionToken[]>;
|
|
199
183
|
ownerRevokeSessionToken(input: VaultRevokeSessionTokenInput): Promise<void>;
|
|
200
184
|
ownerSubmitCapabilityRequest(input: VaultSubmitCapabilityRequestInput): Promise<import("../../vault-core/index.js").CapabilityStateRecord>;
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
185
|
+
ownerApproveCapabilityWrite(input: VaultApproveCapabilityRequestInput): Promise<import("../../vault-core/index.js").CapabilityStateRecord>;
|
|
186
|
+
ownerApproveCapabilityRead(input: VaultApproveCapabilityRequestInput): Promise<import("../../vault-core/index.js").CapabilityStateRecord>;
|
|
187
|
+
ownerAllowOnce(input: VaultApproveCapabilityRequestInput): Promise<import("../../vault-core/index.js").DispatchResult>;
|
|
188
|
+
ownerAllowAlways(input: VaultApproveCapabilityRequestInput): Promise<import("../../vault-core/index.js").DispatchResult>;
|
|
189
|
+
ownerDeny(requestId: string): Promise<import("../../vault-core/index.js").CapabilityStateRecord>;
|
|
204
190
|
ownerOnCapabilityState(callback: (record: import("../../vault-core/index.js").CapabilityStateRecord) => void): () => void;
|
|
205
191
|
}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
export { createVaultClient } from "./client.js";
|
|
2
2
|
export { OwnerClientError, OwnerClientErrorCode } from "../../errors.js";
|
|
3
3
|
export type { VaultClient, CreateVaultClientOptions, VaultIdentity, VaultSigner, } from "./client.js";
|
|
4
|
-
export type { VaultAuditQueryInput,
|
|
4
|
+
export type { VaultAuditQueryInput, VaultExportSecretInput, VaultReadSecretPlaintextInput, VaultReadAgentPrivateKeyInput, OwnerSensitiveActionConfirmation, OwnerSensitiveActionContext, VaultGrantCapabilityInput, VaultGrantCapabilityRequest, OwnerGrantCapabilityInput, VaultRegisterFlowInput, VaultImportAgentInput, VaultCreateAgentInput, OwnerAgentProvisionResult, OwnerStoreSecretInput, OwnerWriteSecretInput, VaultDeleteSecretInput, VaultUpdateAgentInput, VaultListAgentsInput, VaultListCapabilitiesInput, VaultListSecretsInput, VaultRevokeCapabilityInput, VaultIssueSessionTokenInput, VaultRevokeSessionTokenInput, VaultSubmitCapabilityRequestInput, VaultApproveCapabilityRequestInput, VaultApproveDispatchInput, } from "./contracts.js";
|
package/dist/runtime/index.d.ts
CHANGED
|
@@ -14,7 +14,7 @@ export { createWorkspaceStorage, getDefaultWorkspaceDir, } from "./workspace-sto
|
|
|
14
14
|
export { createVault, recoverVault, listVaults, updateVaultMetadata, type CreateVaultOptions, type CreatedVault, type RecoverVaultOptions, type RecoveredVault, type VaultObject, type VaultMetadata, } from "./bootstrap.js";
|
|
15
15
|
export { createOwnerSession, type OwnerSession, type CreateOwnerSessionOptions, } from "./owner-session.js";
|
|
16
16
|
export { createVaultCore, VaultCore, VaultCoreError, createVaultCoreDependencies, type VaultCoreDependenciesOptions, type DefaultPolicyEngineOptions, DefaultPolicyEngine, createPersistentVaultCoreDependencies, initializeVaultCustody, recoverVaultWorkingKey, DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY, type InitializeVaultCustodyOptions, type InitializedVaultCustody, type CreatePersistentVaultCoreDependenciesOptions, PersistentVaultAgentIdentityRegistry, PersistentVaultAuditLog, PersistentVaultCapabilityRegistry, PersistentVaultCapabilityRevocationRegistry, PersistentVaultCustomHttpFlowRegistry, PersistentVaultRateLimitStore, PersistentVaultReplayGuard, PersistentVaultSecretCustody, PersistentVaultSecretRepository, } from "../vault-core/index.js";
|
|
17
|
-
export { createVaultClient, type VaultClient, type CreateVaultClientOptions, type VaultIdentity, type VaultSigner, type VaultAuditQueryInput, type
|
|
17
|
+
export { createVaultClient, type VaultClient, type CreateVaultClientOptions, type VaultIdentity, type VaultSigner, type VaultAuditQueryInput, type VaultExportSecretInput, type VaultReadSecretPlaintextInput, type VaultReadAgentPrivateKeyInput, type OwnerSensitiveActionConfirmation, type OwnerSensitiveActionContext, type VaultGrantCapabilityInput, type VaultGrantCapabilityRequest, type OwnerGrantCapabilityInput, type VaultRegisterFlowInput, type VaultImportAgentInput, type VaultCreateAgentInput, type OwnerAgentProvisionResult, type OwnerStoreSecretInput, type OwnerWriteSecretInput, type VaultDeleteSecretInput, type VaultUpdateAgentInput, type VaultListAgentsInput, type VaultListCapabilitiesInput, type VaultListSecretsInput, type VaultRevokeCapabilityInput, type VaultIssueSessionTokenInput, type VaultRevokeSessionTokenInput, type VaultSubmitCapabilityRequestInput, type VaultApproveCapabilityRequestInput, type VaultApproveDispatchInput, } from "../clients/owner/index.js";
|
|
18
18
|
export { createAgentClient, type AgentClient, type CreateAgentClientOptions, type AgentIdentity, type AgentCapabilityEnvelope, type AgentDispatchIntent, type AgentDispatchTransport, type AgentSigner, type AgentSubmitCapabilityRequestInput, type AgentVisibleSecretRecord, } from "../clients/agent/index.js";
|
|
19
19
|
export { createVaultService, wrapVaultCoreAsVaultService, createOwnerHttpFlowBoundary, createStandardAcquireBoundary, createStandardDispatchBoundary, AgentDispatchHttpTransport, handleVaultHttpDispatch, handleVaultAgentControlHttp, } from "../vault-ingress/index.js";
|
|
20
20
|
export { LocalVaultTransport } from "../vault-ingress/defaults.js";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACxG,OAAO,EAAE,eAAe,EAAE,WAAW,EAAe,iCAAiC,EAAE,MAAM,uBAAuB,CAAC;AACrH,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAE3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EACL,cAAc,EACd,eAAe,GAIhB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,gBAAgB,EAChB,iBAAiB,GAElB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,WAAW,EACX,YAAY,EACZ,UAAU,EACV,mBAAmB,GAOpB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,kBAAkB,GAGnB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,eAAe,EACf,SAAS,EACT,cAAc,EACd,2BAA2B,EAG3B,mBAAmB,EACnB,qCAAqC,EACrC,sBAAsB,EACtB,sBAAsB,EACtB,kCAAkC,EAIlC,oCAAoC,EACpC,uBAAuB,EACvB,iCAAiC,EACjC,2CAA2C,EAC3C,qCAAqC,EACrC,6BAA6B,EAC7B,0BAA0B,EAC1B,4BAA4B,EAC5B,+BAA+B,GAChC,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,iBAAiB,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACxG,OAAO,EAAE,eAAe,EAAE,WAAW,EAAe,iCAAiC,EAAE,MAAM,uBAAuB,CAAC;AACrH,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAE3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EACL,cAAc,EACd,eAAe,GAIhB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,gBAAgB,EAChB,iBAAiB,GAElB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,WAAW,EACX,YAAY,EACZ,UAAU,EACV,mBAAmB,GAOpB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,kBAAkB,GAGnB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,eAAe,EACf,SAAS,EACT,cAAc,EACd,2BAA2B,EAG3B,mBAAmB,EACnB,qCAAqC,EACrC,sBAAsB,EACtB,sBAAsB,EACtB,kCAAkC,EAIlC,oCAAoC,EACpC,uBAAuB,EACvB,iCAAiC,EACjC,2CAA2C,EAC3C,qCAAqC,EACrC,6BAA6B,EAC7B,0BAA0B,EAC1B,4BAA4B,EAC5B,+BAA+B,GAChC,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,iBAAiB,GA+BlB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,iBAAiB,GAUlB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,kBAAkB,EAClB,2BAA2B,EAC3B,2BAA2B,EAC3B,6BAA6B,EAC7B,8BAA8B,EAC9B,0BAA0B,EAC1B,uBAAuB,EACvB,2BAA2B,GAC5B,MAAM,2BAA2B,CAAC;AACnC;;;GAGG;AAEH,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC"}
|
|
@@ -21,17 +21,20 @@ export interface SecretRecord {
|
|
|
21
21
|
alias: SecretAlias;
|
|
22
22
|
version: SecretVersion;
|
|
23
23
|
issuerId: string | null;
|
|
24
|
-
|
|
24
|
+
source: SecretSource;
|
|
25
25
|
createdAt: string;
|
|
26
26
|
updatedAt: string;
|
|
27
27
|
retiredAt?: string;
|
|
28
28
|
}
|
|
29
|
-
export
|
|
30
|
-
kind: "
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
29
|
+
export type SecretSource = {
|
|
30
|
+
kind: "manual";
|
|
31
|
+
} | {
|
|
32
|
+
kind: "request";
|
|
33
|
+
requestId: string;
|
|
34
|
+
};
|
|
35
|
+
export interface SecretSourceInput {
|
|
36
|
+
kind: "manual" | "request";
|
|
37
|
+
requestId?: string;
|
|
35
38
|
}
|
|
36
39
|
export interface OwnerWriteSecretCommand {
|
|
37
40
|
kind: "owner.write_secret";
|
|
@@ -42,17 +45,7 @@ export interface OwnerWriteSecretCommand {
|
|
|
42
45
|
};
|
|
43
46
|
alias: string;
|
|
44
47
|
plaintext: string;
|
|
45
|
-
|
|
46
|
-
requestedAt: string;
|
|
47
|
-
}
|
|
48
|
-
export interface OwnerDefineSecretTargetsCommand {
|
|
49
|
-
vaultId: VaultId;
|
|
50
|
-
requestId: string;
|
|
51
|
-
owner: VaultPrincipal & {
|
|
52
|
-
kind: "owner";
|
|
53
|
-
};
|
|
54
|
-
alias: string;
|
|
55
|
-
targetBindings: readonly VaultTargetBinding[];
|
|
48
|
+
source?: SecretSourceInput;
|
|
56
49
|
requestedAt: string;
|
|
57
50
|
}
|
|
58
51
|
export interface IssuerWriteSecretCommand {
|
|
@@ -64,7 +57,7 @@ export interface IssuerWriteSecretCommand {
|
|
|
64
57
|
alias: string;
|
|
65
58
|
plaintext: string;
|
|
66
59
|
issuerSiteId: string;
|
|
67
|
-
|
|
60
|
+
source?: SecretSourceInput;
|
|
68
61
|
requestedAt: string;
|
|
69
62
|
}
|
|
70
63
|
export interface OwnerDeleteSecretCommand {
|
|
@@ -151,16 +144,23 @@ export interface OwnerRevokeCapabilityCommand {
|
|
|
151
144
|
capabilityId: string;
|
|
152
145
|
requestedAt: string;
|
|
153
146
|
}
|
|
147
|
+
export interface CapabilityWritePolicy {
|
|
148
|
+
secretIds?: readonly string[];
|
|
149
|
+
scope: string;
|
|
150
|
+
methods: readonly string[];
|
|
151
|
+
}
|
|
152
|
+
export interface CapabilityReadPolicy {
|
|
153
|
+
mode: "none" | "shape_only" | "full" | "custom";
|
|
154
|
+
paths?: readonly string[];
|
|
155
|
+
}
|
|
154
156
|
export interface AgentCapability {
|
|
155
157
|
vaultId: VaultId;
|
|
156
158
|
capabilityId: string;
|
|
157
159
|
agentId: string;
|
|
158
|
-
secretIds?: readonly string[];
|
|
159
|
-
secretAliases?: readonly string[];
|
|
160
160
|
operation: "dispatch_http" | "custom_http";
|
|
161
161
|
customFlowId?: string;
|
|
162
|
-
|
|
163
|
-
|
|
162
|
+
write: CapabilityWritePolicy;
|
|
163
|
+
read: CapabilityReadPolicy;
|
|
164
164
|
issuedAt: string;
|
|
165
165
|
expiresAt?: string;
|
|
166
166
|
revocationVersion?: number;
|
|
@@ -179,17 +179,16 @@ export interface AgentProof {
|
|
|
179
179
|
}
|
|
180
180
|
export interface AgentVisibleSecretRecord {
|
|
181
181
|
vaultId: VaultId;
|
|
182
|
-
secretId: SecretId;
|
|
183
182
|
alias: SecretAlias;
|
|
184
183
|
issuerId: string | null;
|
|
185
|
-
|
|
184
|
+
source: SecretSource;
|
|
186
185
|
createdAt: string;
|
|
187
186
|
updatedAt: string;
|
|
188
187
|
isAuthorizedForAgent?: boolean;
|
|
189
188
|
authorizedCapabilities?: readonly {
|
|
190
189
|
capabilityId: string;
|
|
191
|
-
|
|
192
|
-
|
|
190
|
+
write: CapabilityWritePolicy;
|
|
191
|
+
read: CapabilityReadPolicy;
|
|
193
192
|
}[];
|
|
194
193
|
}
|
|
195
194
|
export interface AgentGetRuntimeManifestRequest {
|
|
@@ -216,20 +215,23 @@ export interface AgentSelfContext {
|
|
|
216
215
|
nickname?: string;
|
|
217
216
|
metadata?: Record<string, any>;
|
|
218
217
|
}
|
|
219
|
-
export type AgentCapabilityStateStatus = "GRANTED" | "PENDING" | "REJECTED";
|
|
220
218
|
export type AgentCapabilityStateSource = "owner_grant" | "explicit_request" | "dispatch_discovery";
|
|
219
|
+
export type CapabilityApprovalStatus = "PENDING" | "APPROVED" | "REJECTED";
|
|
220
|
+
export type CapabilityActionKind = "write" | "read";
|
|
221
|
+
export interface CapabilityActionState {
|
|
222
|
+
action: CapabilityActionKind;
|
|
223
|
+
status: CapabilityApprovalStatus;
|
|
224
|
+
decidedAt?: string;
|
|
225
|
+
}
|
|
221
226
|
export interface AgentCapabilityState {
|
|
222
|
-
status: AgentCapabilityStateStatus;
|
|
223
227
|
source: AgentCapabilityStateSource;
|
|
224
228
|
agentId: string;
|
|
225
229
|
requestId?: string;
|
|
226
230
|
capabilityId?: string;
|
|
227
231
|
operation: "dispatch_http" | "custom_http";
|
|
228
|
-
secretIds?: readonly string[];
|
|
229
|
-
secretAliases?: readonly string[];
|
|
230
232
|
customFlowId?: string;
|
|
231
|
-
|
|
232
|
-
|
|
233
|
+
write: CapabilityWritePolicy;
|
|
234
|
+
read: CapabilityReadPolicy;
|
|
233
235
|
issuedAt?: string;
|
|
234
236
|
requestedAt: string;
|
|
235
237
|
expiresAt?: string;
|
|
@@ -239,8 +241,12 @@ export interface AgentCapabilityState {
|
|
|
239
241
|
};
|
|
240
242
|
skipAudit?: boolean;
|
|
241
243
|
justification?: string;
|
|
242
|
-
|
|
244
|
+
secretId?: string;
|
|
243
245
|
targetUrl?: string;
|
|
246
|
+
actions: {
|
|
247
|
+
write: CapabilityActionState;
|
|
248
|
+
read: CapabilityActionState;
|
|
249
|
+
};
|
|
244
250
|
}
|
|
245
251
|
export interface CapabilityStateRecord extends AgentCapabilityState {
|
|
246
252
|
vaultId: VaultId;
|
|
@@ -258,6 +264,44 @@ export interface AgentRuntimeManifest {
|
|
|
258
264
|
capabilities: readonly AgentCapabilityState[];
|
|
259
265
|
tools: readonly VaultToolDefinition[];
|
|
260
266
|
}
|
|
267
|
+
export interface RequestRecord {
|
|
268
|
+
vaultId: VaultId;
|
|
269
|
+
requestId: string;
|
|
270
|
+
agentId: string;
|
|
271
|
+
capabilityId?: string;
|
|
272
|
+
operation: "dispatch_http" | "custom_http";
|
|
273
|
+
createdAt: string;
|
|
274
|
+
request: {
|
|
275
|
+
targetUrl: string;
|
|
276
|
+
method: string;
|
|
277
|
+
headers?: Record<string, string>;
|
|
278
|
+
body?: string;
|
|
279
|
+
secretId?: string;
|
|
280
|
+
};
|
|
281
|
+
response?: {
|
|
282
|
+
status?: number;
|
|
283
|
+
headers?: Record<string, string>;
|
|
284
|
+
body?: string;
|
|
285
|
+
error?: string;
|
|
286
|
+
};
|
|
287
|
+
execution: {
|
|
288
|
+
status: DispatchStatus;
|
|
289
|
+
};
|
|
290
|
+
}
|
|
291
|
+
export interface AgentVisibleRequestRecord {
|
|
292
|
+
requestId: string;
|
|
293
|
+
createdAt: string;
|
|
294
|
+
capabilityId?: string;
|
|
295
|
+
operation: "dispatch_http" | "custom_http";
|
|
296
|
+
targetUrl: string;
|
|
297
|
+
method: string;
|
|
298
|
+
executionStatus: DispatchStatus;
|
|
299
|
+
responseStatus?: number;
|
|
300
|
+
error?: string;
|
|
301
|
+
readStatus: CapabilityApprovalStatus;
|
|
302
|
+
hasResponseBody: boolean;
|
|
303
|
+
resultVisible: boolean;
|
|
304
|
+
}
|
|
261
305
|
export interface VaultToolDefinition {
|
|
262
306
|
name: string;
|
|
263
307
|
description: string;
|
|
@@ -281,6 +325,25 @@ export interface AgentListSecretsRequest {
|
|
|
281
325
|
};
|
|
282
326
|
proof: AgentProof;
|
|
283
327
|
}
|
|
328
|
+
export interface AgentListRequestsRequest {
|
|
329
|
+
vaultId: VaultId;
|
|
330
|
+
requestId: string;
|
|
331
|
+
requestedAt: string;
|
|
332
|
+
agent: VaultPrincipal & {
|
|
333
|
+
kind: "agent";
|
|
334
|
+
};
|
|
335
|
+
proof: AgentProof;
|
|
336
|
+
}
|
|
337
|
+
export interface AgentGetRequestRequest {
|
|
338
|
+
vaultId: VaultId;
|
|
339
|
+
requestId: string;
|
|
340
|
+
requestedAt: string;
|
|
341
|
+
agent: VaultPrincipal & {
|
|
342
|
+
kind: "agent";
|
|
343
|
+
};
|
|
344
|
+
proof: AgentProof;
|
|
345
|
+
targetRequestId: string;
|
|
346
|
+
}
|
|
284
347
|
export interface AgentSubmitCapabilityRequestCommand {
|
|
285
348
|
vaultId: VaultId;
|
|
286
349
|
requestId: string;
|
|
@@ -289,14 +352,14 @@ export interface AgentSubmitCapabilityRequestCommand {
|
|
|
289
352
|
kind: "agent";
|
|
290
353
|
};
|
|
291
354
|
proof: AgentProof;
|
|
292
|
-
|
|
355
|
+
capability: CapabilityRequestScope;
|
|
356
|
+
secretAliases?: readonly string[];
|
|
293
357
|
justification?: string;
|
|
294
358
|
}
|
|
295
359
|
export interface CapabilityRequestScope {
|
|
296
360
|
operation: "dispatch_http" | "custom_http";
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
methods: readonly string[];
|
|
361
|
+
write: CapabilityWritePolicy;
|
|
362
|
+
read: CapabilityReadPolicy;
|
|
300
363
|
rateLimit?: {
|
|
301
364
|
maxRequests: number;
|
|
302
365
|
windowMs: number;
|
|
@@ -309,7 +372,7 @@ export interface SubmitCapabilityRequestCommand {
|
|
|
309
372
|
requestId: string;
|
|
310
373
|
requester: VaultPrincipal;
|
|
311
374
|
agentId: string;
|
|
312
|
-
|
|
375
|
+
capability: CapabilityRequestScope;
|
|
313
376
|
justification?: string;
|
|
314
377
|
requestedAt: string;
|
|
315
378
|
}
|
|
@@ -317,14 +380,30 @@ export interface OwnerListCapabilityStatesRequest {
|
|
|
317
380
|
vaultId: VaultId;
|
|
318
381
|
owner: VaultPrincipal;
|
|
319
382
|
agentId?: string;
|
|
320
|
-
|
|
383
|
+
writeStatus?: CapabilityApprovalStatus;
|
|
384
|
+
readStatus?: CapabilityApprovalStatus;
|
|
385
|
+
}
|
|
386
|
+
export interface OwnerAllowOnceCommand {
|
|
387
|
+
vaultId: VaultId;
|
|
388
|
+
requestId: string;
|
|
389
|
+
owner: VaultPrincipal;
|
|
390
|
+
}
|
|
391
|
+
export interface OwnerApproveCapabilityWriteCommand {
|
|
392
|
+
vaultId: VaultId;
|
|
393
|
+
requestId: string;
|
|
394
|
+
owner: VaultPrincipal;
|
|
395
|
+
}
|
|
396
|
+
export interface OwnerApproveCapabilityReadCommand {
|
|
397
|
+
vaultId: VaultId;
|
|
398
|
+
requestId: string;
|
|
399
|
+
owner: VaultPrincipal;
|
|
321
400
|
}
|
|
322
|
-
export interface
|
|
401
|
+
export interface OwnerAllowAlwaysCommand {
|
|
323
402
|
vaultId: VaultId;
|
|
324
403
|
requestId: string;
|
|
325
404
|
owner: VaultPrincipal;
|
|
326
405
|
}
|
|
327
|
-
export interface
|
|
406
|
+
export interface OwnerDenyCommand {
|
|
328
407
|
vaultId: VaultId;
|
|
329
408
|
requestId: string;
|
|
330
409
|
owner: VaultPrincipal;
|
|
@@ -339,6 +418,7 @@ export interface DispatchRequest {
|
|
|
339
418
|
capability?: AgentCapability;
|
|
340
419
|
proof: AgentProof;
|
|
341
420
|
secretAlias?: string;
|
|
421
|
+
secretId?: string;
|
|
342
422
|
targetUrl: string;
|
|
343
423
|
method: string;
|
|
344
424
|
headers?: Record<string, string>;
|
|
@@ -350,7 +430,6 @@ export interface DispatchAuthorization {
|
|
|
350
430
|
decision: DispatchDecision;
|
|
351
431
|
reason: string | null;
|
|
352
432
|
secretId: SecretId | null;
|
|
353
|
-
executorTarget: VaultTargetBinding | null;
|
|
354
433
|
capability?: AgentCapability;
|
|
355
434
|
}
|
|
356
435
|
export interface DispatchInstruction {
|
|
@@ -379,6 +458,13 @@ export interface DispatchResult {
|
|
|
379
458
|
responseBody?: string;
|
|
380
459
|
error?: string;
|
|
381
460
|
}
|
|
461
|
+
export interface AgentRequestResult {
|
|
462
|
+
requestId: string;
|
|
463
|
+
executionStatus: DispatchStatus;
|
|
464
|
+
responseStatus?: number;
|
|
465
|
+
responseBody?: string;
|
|
466
|
+
error?: string;
|
|
467
|
+
}
|
|
382
468
|
export interface AuditQuery {
|
|
383
469
|
actorId?: string;
|
|
384
470
|
secretAlias?: string;
|
|
@@ -391,11 +477,12 @@ export declare enum AuditAction {
|
|
|
391
477
|
REGISTER_CUSTOM_FLOW = "REGISTER_CUSTOM_FLOW",
|
|
392
478
|
REGISTER_CAPABILITY = "REGISTER_CAPABILITY",
|
|
393
479
|
SUBMIT_CAPABILITY_REQUEST = "SUBMIT_CAPABILITY_REQUEST",
|
|
394
|
-
|
|
395
|
-
|
|
480
|
+
APPROVE_CAPABILITY_WRITE = "APPROVE_CAPABILITY_WRITE",
|
|
481
|
+
APPROVE_CAPABILITY_READ = "APPROVE_CAPABILITY_READ",
|
|
482
|
+
REJECT_CAPABILITY_WRITE = "REJECT_CAPABILITY_WRITE",
|
|
483
|
+
REJECT_CAPABILITY_READ = "REJECT_CAPABILITY_READ",
|
|
396
484
|
REVOKE_CAPABILITY = "REVOKE_CAPABILITY",
|
|
397
485
|
WRITE_SECRET = "WRITE_SECRET",
|
|
398
|
-
DEFINE_SECRET_TARGETS = "DEFINE_SECRET_TARGETS",
|
|
399
486
|
EXPORT_SECRET = "EXPORT_SECRET",
|
|
400
487
|
REASSIGN_ALIAS = "REASSIGN_ALIAS",
|
|
401
488
|
DELETE_SECRET = "DELETE_SECRET",
|
|
@@ -13,11 +13,12 @@ export var AuditAction;
|
|
|
13
13
|
AuditAction["REGISTER_CUSTOM_FLOW"] = "REGISTER_CUSTOM_FLOW";
|
|
14
14
|
AuditAction["REGISTER_CAPABILITY"] = "REGISTER_CAPABILITY";
|
|
15
15
|
AuditAction["SUBMIT_CAPABILITY_REQUEST"] = "SUBMIT_CAPABILITY_REQUEST";
|
|
16
|
-
AuditAction["
|
|
17
|
-
AuditAction["
|
|
16
|
+
AuditAction["APPROVE_CAPABILITY_WRITE"] = "APPROVE_CAPABILITY_WRITE";
|
|
17
|
+
AuditAction["APPROVE_CAPABILITY_READ"] = "APPROVE_CAPABILITY_READ";
|
|
18
|
+
AuditAction["REJECT_CAPABILITY_WRITE"] = "REJECT_CAPABILITY_WRITE";
|
|
19
|
+
AuditAction["REJECT_CAPABILITY_READ"] = "REJECT_CAPABILITY_READ";
|
|
18
20
|
AuditAction["REVOKE_CAPABILITY"] = "REVOKE_CAPABILITY";
|
|
19
21
|
AuditAction["WRITE_SECRET"] = "WRITE_SECRET";
|
|
20
|
-
AuditAction["DEFINE_SECRET_TARGETS"] = "DEFINE_SECRET_TARGETS";
|
|
21
22
|
AuditAction["EXPORT_SECRET"] = "EXPORT_SECRET";
|
|
22
23
|
AuditAction["REASSIGN_ALIAS"] = "REASSIGN_ALIAS";
|
|
23
24
|
AuditAction["DELETE_SECRET"] = "DELETE_SECRET";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"contracts.js","sourceRoot":"","sources":["../../src/vault-core/contracts.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"contracts.js","sourceRoot":"","sources":["../../src/vault-core/contracts.ts"],"names":[],"mappings":"AAsdA,MAAM,CAAN,IAAY,cAMX;AAND,WAAY,cAAc;IACxB,yCAAuB,CAAA;IACvB,mCAAiB,CAAA;IACjB,mCAAiB,CAAA;IACjB,qCAAmB,CAAA;IACnB,qCAAmB,CAAA;AACrB,CAAC,EANW,cAAc,KAAd,cAAc,QAMzB;AA4BD,MAAM,CAAN,IAAY,WAyBX;AAzBD,WAAY,WAAW;IACrB,kEAAmD,CAAA;IACnD,8DAA+C,CAAA;IAC/C,4DAA6C,CAAA;IAC7C,0DAA2C,CAAA;IAC3C,sEAAuD,CAAA;IACvD,oEAAqD,CAAA;IACrD,kEAAmD,CAAA;IACnD,kEAAmD,CAAA;IACnD,gEAAiD,CAAA;IACjD,sDAAuC,CAAA;IACvC,4CAA6B,CAAA;IAC7B,8CAA+B,CAAA;IAC/B,gDAAiC,CAAA;IACjC,8CAA+B,CAAA;IAC/B,wDAAyC,CAAA;IACzC,kDAAmC,CAAA;IACnC,0CAA2B,CAAA;IAC3B,sDAAuC,CAAA;IACvC,wCAAyB,CAAA;IACzB,0DAA2C,CAAA;IAC3C,4DAA6C,CAAA;IAC7C,oDAAqC,CAAA;IACrC,kDAAmC,CAAA;IACnC,gDAAiC,CAAA;AACnC,CAAC,EAzBW,WAAW,KAAX,WAAW,QAyBtB;AAED,MAAM,CAAN,IAAY,YAMX;AAND,WAAY,YAAY;IACtB,mCAAmB,CAAA;IACnB,iCAAiB,CAAA;IACjB,uCAAuB,CAAA;IACvB,iCAAiB,CAAA;IACjB,mCAAmB,CAAA;AACrB,CAAC,EANW,YAAY,KAAZ,YAAY,QAMvB"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { AgentListCapabilitiesRequest, AgentListSecretsRequest, AgentGetRuntimeManifestRequest, AgentRuntimeManifest, AgentSubmitCapabilityRequestCommand, AgentVisibleSecretRecord, AuditEntry, AuditQuery, CustomHttpFlowDefinition, DispatchAuthorization, DispatchRequest, DispatchResult,
|
|
1
|
+
import type { AgentListCapabilitiesRequest, AgentListSecretsRequest, AgentListRequestsRequest, AgentGetRequestRequest, AgentRequestResult, AgentGetRuntimeManifestRequest, AgentRuntimeManifest, AgentSubmitCapabilityRequestCommand, AgentVisibleRequestRecord, AgentVisibleSecretRecord, AuditEntry, AuditQuery, CustomHttpFlowDefinition, DispatchAuthorization, DispatchRequest, DispatchResult, OwnerAllowAlwaysCommand, OwnerAllowOnceCommand, OwnerIssueSessionTokenRequest, OwnerDenyCommand, OwnerDeleteSecretCommand, OwnerExportSecretRequest, OwnerRegisterAgentIdentityCommand, OwnerUpdateAgentIdentityCommand, OwnerRegisterCapabilityCommand, OwnerRegisterCustomHttpFlowCommand, OwnerRevokeCapabilityCommand, OwnerListAgentsRequest, OwnerListCapabilitiesRequest, OwnerListCapabilityStatesRequest, OwnerSecretExport, OwnerSessionToken, SecretRecord, SubmitCapabilityRequestCommand, VaultId, VaultPrincipal, VaultWriteSecretCommand, AgentIdentityRecord, AgentCapability, CapabilityStateRecord } from "./contracts.js";
|
|
2
2
|
import type { VaultCoreDependencies } from "./ports.js";
|
|
3
3
|
/**
|
|
4
4
|
* The Sovereign Vault Core.
|
|
@@ -18,6 +18,8 @@ export declare class VaultCore {
|
|
|
18
18
|
private _appendDecisionAudit;
|
|
19
19
|
private _verifyAgentControlProof;
|
|
20
20
|
private _listVisibleSecretsForAgent;
|
|
21
|
+
private _recordRequestExecution;
|
|
22
|
+
private toVisibleRequestRecord;
|
|
21
23
|
ownerOnCapabilityState(callback: (record: CapabilityStateRecord) => void): () => void;
|
|
22
24
|
ownerRegisterAgentIdentity(command: OwnerRegisterAgentIdentityCommand): Promise<void>;
|
|
23
25
|
ownerUpdateAgentIdentity(command: OwnerUpdateAgentIdentityCommand): Promise<AgentIdentityRecord>;
|
|
@@ -28,7 +30,6 @@ export declare class VaultCore {
|
|
|
28
30
|
_storeCustomFlowSecret(flow: CustomHttpFlowDefinition, alias: string, plaintext: string): Promise<SecretRecord>;
|
|
29
31
|
ownerWriteSecret(command: VaultWriteSecretCommand): Promise<SecretRecord>;
|
|
30
32
|
ownerDeleteSecret(command: OwnerDeleteSecretCommand): Promise<void>;
|
|
31
|
-
ownerDefineSecretTargets(command: OwnerDefineSecretTargetsCommand): Promise<SecretRecord>;
|
|
32
33
|
agentAuthorizeDispatch(request: DispatchRequest): Promise<DispatchAuthorization>;
|
|
33
34
|
agentDispatchSecret(request: DispatchRequest): Promise<DispatchResult>;
|
|
34
35
|
ownerReadAudit(actor: VaultPrincipal & {
|
|
@@ -51,6 +52,8 @@ export declare class VaultCore {
|
|
|
51
52
|
}): Promise<readonly AgentVisibleSecretRecord[]>;
|
|
52
53
|
agentListCapabilities(request: AgentListCapabilitiesRequest): Promise<readonly import("./contracts.js").AgentCapabilityState[]>;
|
|
53
54
|
agentListSecrets(request: AgentListSecretsRequest): Promise<readonly AgentVisibleSecretRecord[]>;
|
|
55
|
+
agentListRequests(request: AgentListRequestsRequest): Promise<readonly AgentVisibleRequestRecord[]>;
|
|
56
|
+
agentGetRequest(request: AgentGetRequestRequest): Promise<AgentRequestResult>;
|
|
54
57
|
agentGetRuntimeManifest(command: AgentGetRuntimeManifestRequest): Promise<AgentRuntimeManifest>;
|
|
55
58
|
agentSubmitCapabilityRequest(command: AgentSubmitCapabilityRequestCommand): Promise<CapabilityStateRecord>;
|
|
56
59
|
ownerRevokeCapability(command: OwnerRevokeCapabilityCommand): Promise<void>;
|
|
@@ -66,8 +69,10 @@ export declare class VaultCore {
|
|
|
66
69
|
token: string;
|
|
67
70
|
}): Promise<void>;
|
|
68
71
|
ownerListCapabilityStates(command: OwnerListCapabilityStatesRequest): Promise<readonly CapabilityStateRecord[]>;
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
+
ownerApproveCapabilityWrite(command: import("./contracts.js").OwnerApproveCapabilityWriteCommand): Promise<CapabilityStateRecord>;
|
|
73
|
+
ownerApproveCapabilityRead(command: import("./contracts.js").OwnerApproveCapabilityReadCommand): Promise<CapabilityStateRecord>;
|
|
74
|
+
ownerAllowOnce(command: OwnerAllowOnceCommand): Promise<DispatchResult>;
|
|
75
|
+
ownerAllowAlways(command: OwnerAllowAlwaysCommand): Promise<DispatchResult>;
|
|
76
|
+
ownerDeny(command: OwnerDenyCommand): Promise<CapabilityStateRecord>;
|
|
72
77
|
}
|
|
73
78
|
export declare function createVaultCore(deps: VaultCoreDependencies): VaultCore;
|