npm - @the-ai-company/cbio-node-runtime - Versions diffs - 1.58.0 → 1.60.0 - Mend

@the-ai-company/cbio-node-runtime 1.58.0 → 1.60.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (137) hide show

package/docs/api/interfaces/VaultClient.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***
@@ -9,46 +9,41 @@ In Sovereign Vault model, administrative actions are implicitly authorized by th
 ## Methods
-### ownerCreateAgent()
+### ownerAllowAlways()
-> **ownerCreateAgent**(`input`): `Promise`\<[`OwnerAgentProvisionResult`](OwnerAgentProvisionResult.md)\>
-Generates a new identity and registers it as an agent in one step.
-The private key is stored in the vault for managed custody.
+> **ownerAllowAlways**(`input`): `Promise`\<`DispatchResult`\>
 #### Parameters
 ##### input
-[`VaultCreateAgentInput`](VaultCreateAgentInput.md)
+[`VaultApproveCapabilityRequestInput`](VaultApproveCapabilityRequestInput.md)
 #### Returns
-`Promise`\<[`OwnerAgentProvisionResult`](OwnerAgentProvisionResult.md)\>
+`Promise`\<`DispatchResult`\>
 ***
-### ownerDeleteSecret()
+### ownerAllowOnce()
-> **ownerDeleteSecret**(`input`): `Promise`\<`void`\>
-Permanently deletes a secret from the vault.
+> **ownerAllowOnce**(`input`): `Promise`\<`DispatchResult`\>
 #### Parameters
 ##### input
-[`VaultDeleteSecretInput`](VaultDeleteSecretInput.md)
+[`VaultApproveCapabilityRequestInput`](VaultApproveCapabilityRequestInput.md)
 #### Returns
-`Promise`\<`void`\>
+`Promise`\<`DispatchResult`\>
 ***
-### ownerExecuteCapabilityStateAndGrant()
+### ownerApproveCapabilityRead()
-> **ownerExecuteCapabilityStateAndGrant**(`input`): `Promise`\<`DispatchResult`\>
+> **ownerApproveCapabilityRead**(`input`): `Promise`\<`CapabilityStateRecord`\>
 #### Parameters
@@ -58,13 +53,13 @@ Permanently deletes a secret from the vault.
 #### Returns
-`Promise`\<`DispatchResult`\>
+`Promise`\<`CapabilityStateRecord`\>
 ***
-### ownerExecuteCapabilityStateOnce()
+### ownerApproveCapabilityWrite()
-> **ownerExecuteCapabilityStateOnce**(`input`): `Promise`\<`DispatchResult`\>
+> **ownerApproveCapabilityWrite**(`input`): `Promise`\<`CapabilityStateRecord`\>
 #### Parameters
@@ -74,7 +69,60 @@ Permanently deletes a secret from the vault.
 #### Returns
-`Promise`\<`DispatchResult`\>
+`Promise`\<`CapabilityStateRecord`\>
+***
+### ownerCreateAgent()
+> **ownerCreateAgent**(`input`): `Promise`\<[`OwnerAgentProvisionResult`](OwnerAgentProvisionResult.md)\>
+Generates a new identity and registers it as an agent in one step.
+The private key is stored in the vault for managed custody.
+#### Parameters
+##### input
+[`VaultCreateAgentInput`](VaultCreateAgentInput.md)
+#### Returns
+`Promise`\<[`OwnerAgentProvisionResult`](OwnerAgentProvisionResult.md)\>
+***
+### ownerCreateSecret()
+> **ownerCreateSecret**(`input`): `Promise`\<`SecretRecord`\>
+Inserts a new active secret into the vault.
+#### Parameters
+##### input
+[`OwnerCreateSecretInput`](OwnerCreateSecretInput.md)
+#### Returns
+`Promise`\<`SecretRecord`\>
+***
+### ownerDeny()
+> **ownerDeny**(`requestId`): `Promise`\<`CapabilityStateRecord`\>
+#### Parameters
+##### requestId
+`string`
+#### Returns
+`Promise`\<`CapabilityStateRecord`\>
 ***
@@ -96,6 +144,22 @@ Exports a secret's plaintext.
 ***
+### ownerGetRequest()
+> **ownerGetRequest**(`input`): `Promise`\<`OwnerRequestRecord`\>
+#### Parameters
+##### input
+`VaultGetRequestInput`
+#### Returns
+`Promise`\<`OwnerRequestRecord`\>
+***
 ### ownerGrantCapability()
 > **ownerGrantCapability**(`input`): `Promise`\<`AgentCapability`\>
@@ -208,6 +272,22 @@ Lists all active capabilities granted to agents.
 ***
+### ownerListRequests()
+> **ownerListRequests**(`input?`): `Promise`\<readonly `OwnerVisibleRequestRecord`[]\>
+#### Parameters
+##### input?
+`VaultListRequestsInput`
+#### Returns
+`Promise`\<readonly `OwnerVisibleRequestRecord`[]\>
+***
 ### ownerListSecrets()
 > **ownerListSecrets**(`input?`): `Promise`\<readonly `AgentVisibleSecretRecord`[]\>
@@ -294,7 +374,7 @@ Reads the tamper-evident audit log for the vault.
 > **ownerRegisterFlow**(`input`): `Promise`\<`CustomHttpFlowDefinition`\>
-Registers a custom HTTP flow for complex secret usage.
+Registers a reusable HTTP request template for complex secret exchange patterns.
 #### Parameters
@@ -308,19 +388,21 @@ Registers a custom HTTP flow for complex secret usage.
 ***
-### ownerRejectCapabilityState()
+### ownerRemoveSecret()
-> **ownerRejectCapabilityState**(`requestId`): `Promise`\<`CapabilityStateRecord`\>
+> **ownerRemoveSecret**(`input`): `Promise`\<`void`\>
+Logically removes the current active secret.
 #### Parameters
-##### requestId
+##### input
-`string`
+[`OwnerRemoveSecretInput`](OwnerRemoveSecretInput.md)
 #### Returns
-`Promise`\<`CapabilityStateRecord`\>
+`Promise`\<`void`\>
 ***
@@ -358,24 +440,6 @@ Revokes a previously granted capability.
 ***
-### ownerStoreSecret()
-> **ownerStoreSecret**(`input`): `Promise`\<`SecretRecord`\>
-Securely stores a new secret in the vault.
-#### Parameters
-##### input
-[`OwnerStoreSecretInput`](OwnerStoreSecretInput.md)
-#### Returns
-`Promise`\<`SecretRecord`\>
-***
 ### ownerSubmitCapabilityRequest()
 > **ownerSubmitCapabilityRequest**(`input`): `Promise`\<`CapabilityStateRecord`\>
@@ -408,17 +472,17 @@ Securely stores a new secret in the vault.
 ***
-### ownerWriteSecret()
+### ownerUpdateSecret()
-> **ownerWriteSecret**(`input`): `Promise`\<`SecretRecord`\>
+> **ownerUpdateSecret**(`input`): `Promise`\<`SecretRecord`\>
-Stores a manually provided secret in the vault.
+Inserts a new successor secret and marks the previous active version as superseded.
 #### Parameters
 ##### input
-[`OwnerWriteSecretInput`](OwnerWriteSecretInput.md)
+[`OwnerUpdateSecretInput`](OwnerUpdateSecretInput.md)
 #### Returns

package/docs/api/interfaces/VaultCoreDependenciesOptions.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***

package/docs/api/interfaces/VaultCreateAgentInput.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***

package/docs/api/interfaces/VaultExportSecretInput.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***

package/docs/api/interfaces/VaultGrantCapabilityInput.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***
@@ -36,12 +36,6 @@
 ***
-### methods
-> **methods**: readonly `string`[]
-***
 ### operation?
 > `optional` **operation?**: `string`
@@ -62,30 +56,24 @@
 ***
-### requestedAt?
-> `optional` **requestedAt?**: `string`
-***
-### scope
+### read
-> **scope**: `string`
+> **read**: `CapabilityReadPolicy`
 ***
-### secretAliases?
+### requestedAt?
-> `optional` **secretAliases?**: readonly `string`[]
+> `optional` **requestedAt?**: `string`
 ***
-### secretIds?
+### skipAudit?
-> `optional` **secretIds?**: readonly `string`[]
+> `optional` **skipAudit?**: `boolean`
 ***
-### skipAudit?
+### write
-> `optional` **skipAudit?**: `boolean`
+> **write**: `CapabilityWritePolicy`

package/docs/api/interfaces/VaultGrantCapabilityRequest.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***

package/docs/api/interfaces/VaultIdentity.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***

package/docs/api/interfaces/VaultImportAgentInput.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***

package/docs/api/interfaces/VaultIssueSessionTokenInput.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***

package/docs/api/interfaces/VaultListAgentsInput.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***

package/docs/api/interfaces/VaultListCapabilitiesInput.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***

package/docs/api/interfaces/VaultListSecretsInput.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***

package/docs/api/interfaces/VaultMetadata.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***

package/docs/api/interfaces/VaultObject.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***

package/docs/api/interfaces/VaultProfile.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***

package/docs/api/interfaces/VaultReadAgentPrivateKeyInput.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***

package/docs/api/interfaces/VaultReadSecretPlaintextInput.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***

package/docs/api/interfaces/VaultRegisterFlowInput.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***

package/docs/api/interfaces/VaultRevokeCapabilityInput.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***

package/docs/api/interfaces/VaultRevokeSessionTokenInput.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***

package/docs/api/interfaces/VaultSigner.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***

package/docs/api/interfaces/VaultSubmitCapabilityRequestInput.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***
@@ -24,12 +24,6 @@
 ***
-### methods
-> **methods**: readonly `string`[]
-***
 ### operation?
 > `optional` **operation?**: `string`
@@ -50,30 +44,30 @@
 ***
-### requestedAt?
+### read
-> `optional` **requestedAt?**: `string`
+> **read**: `CapabilityReadPolicy`
 ***
-### requester
+### requestedAt?
-> **requester**: `VaultPrincipal`
+> `optional` **requestedAt?**: `string`
 ***
-### scope
+### requester
-> **scope**: `string`
+> **requester**: `VaultPrincipal`
 ***
-### secretAliases?
+### skipAudit?
-> `optional` **secretAliases?**: readonly `string`[]
+> `optional` **skipAudit?**: `boolean`
 ***
-### skipAudit?
+### write
-> `optional` **skipAudit?**: `boolean`
+> **write**: `CapabilityWritePolicy`

package/docs/api/interfaces/VaultUpdateAgentInput.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***

package/docs/api/type-aliases/AgentCapabilityEnvelope.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***

package/docs/api/type-aliases/AgentVisibleSecretRecord.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***

package/docs/api/type-aliases/CbioRuntimeModule.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***

package/docs/api/type-aliases/OwnerGrantCapabilityInput.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***

package/docs/api/variables/DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.58.0**](../README.md)
+[**CBIO Node Runtime Agent API v1.60.0**](../README.md)
 ***

package/docs/zh/README.md CHANGED Viewed

@@ -101,9 +101,12 @@ const record = await client.ownerWriteSecret({
 await client.ownerGrantCapability({
   agentId,
-  secretAliases: ['api-token'],
-  scope: 'https://api.example.com/*',
-  methods: ['POST']
+  write: {
+    secretIds: [record.secretId.value],
+    scope: 'https://api.example.com/*',
+    methods: ['POST']
+  },
+  read: { mode: 'full' }
 });
 ```
@@ -120,24 +123,33 @@ const agent = createAgentClient({
 });
 const result = await agent.agentDispatch({ ... });
+const requests = await agent.agentListRequests();
+const request = await agent.agentGetRequest(result.requestId);
+const ownerView = await client.ownerGetRequest({ requestId: result.requestId });
 ```
 Agent 进程不会直接使用原始私钥执行请求。即使 Agent 拥有身份材料，也应先换取 session token，再进行 dispatch。
+给 LLM 的直白规则：
+- `agentDispatch(...)` = 立刻尝试执行真实任务
+- `agentSubmitCapabilityRequest(...)` = 只申请权限，不会执行任务
+- `agentListRequests()` / `agentGetRequest(...)` = 在请求执行后查看异步结果
+- `ownerListRequests()` / `ownerGetRequest(...)` = owner 查看完整请求记录，用于决定是否放行 read
 ```ts
 const manifest = await agent.agentIntrospect();
 console.log(manifest.agent.agentId);
 console.log(manifest.agent.identityId);
 console.log(manifest.agent.nickname);
-console.log(manifest.capabilities); // 同一张能力状态表里同时包含 GRANTED 和 PENDING
+console.log(manifest.capabilities); // 同一组能力载体里包含 write/read 动作状态
 ```
-`agentListCapabilities()` 现在返回的也是同一张统一能力状态表，因此调度器或 Agent 重启后，不需要分别拼“已授权能力”和“待审批能力”。
+`agentListCapabilities()` 返回能力载体视图，`agentListRequests()` / `agentGetRequest()` 则负责暴露请求历史和按权限裁剪后的结果。
 ### 7. 人机协同（HITL）工作流
-系统采用统一的 **能力状态（capability state）** 模型。如果 Agent 尝试执行的动作不在白名单内，dispatch 会返回 `PENDING`，同时运行时会写入一条 `PENDING` 能力状态，等待 Owner 审批。
+如果 Agent 尝试执行的动作不在白名单内，dispatch 会返回 `PENDING`，同时运行时会写入一条能力载体记录，其 `write` 动作等待 Owner 审批。
 ```ts
 const result = await agent.agentDispatch({ ... });
@@ -146,14 +158,20 @@ if (result.status === 'PENDING') {
 }
 client.ownerOnCapabilityState((state) => {
-  if (state.status === 'PENDING') {
+  if (state.actions.write.status === 'PENDING') {
     console.log('收到新的待审批能力状态:', state.requestId);
   }
 });
-const pending = await client.ownerListCapabilityStates({ status: 'PENDING' });
+const pending = await client.ownerListCapabilityStates({ writeStatus: 'PENDING' });
 if (pending.length > 0) {
-  await client.ownerExecuteCapabilityStateAndGrant({
+  await client.ownerApproveCapabilityWrite({
+    requestId: pending[0].requestId
+  });
+  await client.ownerAllowAlways({
+    requestId: pending[0].requestId
+  });
+  await client.ownerApproveCapabilityRead({
     requestId: pending[0].requestId
   });
 }

package/examples/process-isolation.ts CHANGED Viewed

@@ -128,11 +128,13 @@ async function main() {
     vaultId: vault.vaultId,
     capabilityId: "cap-llm-1",
     agentId: agentIdentity.identityId,
-    secretIds: [secret.secretId.value],
-    secretAliases: ["api-token"],
     operation: "dispatch_http" as const,
-    scope: "https://httpbin.org/post",
-    methods: ["POST"],
+    write: {
+      secretIds: [secret.secretId.value],
+      scope: "https://httpbin.org/post",
+      methods: ["POST"],
+    },
+    read: { mode: "full" },
     issuedAt: new Date().toISOString(),
   };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@the-ai-company/cbio-node-runtime",
-  "version": "1.58.0",
+  "version": "1.60.0",
   "publishConfig": {
     "access": "public"
   },