@the-ai-company/cbio-node-runtime 1.6.0 → 1.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -0
- package/dist/runtime/identity.d.ts +4 -0
- package/dist/runtime/identity.js +15 -1
- package/dist/runtime/identity.js.map +1 -1
- package/dist/runtime/index.d.ts +1 -1
- package/dist/runtime/index.js +1 -1
- package/dist/runtime/index.js.map +1 -1
- package/docs/IDENTITY_MODEL.md +2 -0
- package/docs/REFERENCE.md +3 -0
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -42,6 +42,7 @@ import {
|
|
|
42
42
|
createVaultService,
|
|
43
43
|
createDefaultVaultCoreDependencies,
|
|
44
44
|
createIdentity,
|
|
45
|
+
restoreIdentity,
|
|
45
46
|
createVault,
|
|
46
47
|
recoverVault,
|
|
47
48
|
createOwnerHttpFlowBoundary,
|
|
@@ -54,6 +55,12 @@ import {
|
|
|
54
55
|
} from '@the-ai-company/cbio-node-runtime';
|
|
55
56
|
```
|
|
56
57
|
|
|
58
|
+
Identity restore example:
|
|
59
|
+
|
|
60
|
+
```ts
|
|
61
|
+
const identity = restoreIdentity(existingPrivateKey);
|
|
62
|
+
```
|
|
63
|
+
|
|
57
64
|
## Architecture
|
|
58
65
|
|
|
59
66
|
Core terms:
|
|
@@ -7,4 +7,8 @@ export interface CreatedIdentity {
|
|
|
7
7
|
export interface CreateIdentityOptions {
|
|
8
8
|
nickname?: string;
|
|
9
9
|
}
|
|
10
|
+
export interface RestoreIdentityOptions {
|
|
11
|
+
nickname?: string;
|
|
12
|
+
}
|
|
10
13
|
export declare function createIdentity(options?: CreateIdentityOptions): CreatedIdentity;
|
|
14
|
+
export declare function restoreIdentity(privateKey: string, options?: RestoreIdentityOptions): CreatedIdentity;
|
package/dist/runtime/identity.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { generateIdentityKeys } from "../protocol/crypto.js";
|
|
1
|
+
import { derivePublicKey, generateIdentityKeys } from "../protocol/crypto.js";
|
|
2
2
|
import { deriveRootAgentId } from "../protocol/identity.js";
|
|
3
3
|
export function createIdentity(options = {}) {
|
|
4
4
|
const keyPair = generateIdentityKeys();
|
|
@@ -13,4 +13,18 @@ export function createIdentity(options = {}) {
|
|
|
13
13
|
privateKey: keyPair.privateKey,
|
|
14
14
|
};
|
|
15
15
|
}
|
|
16
|
+
export function restoreIdentity(privateKey, options = {}) {
|
|
17
|
+
const normalizedPrivateKey = privateKey.trim();
|
|
18
|
+
if (!normalizedPrivateKey) {
|
|
19
|
+
throw new Error("private key is required");
|
|
20
|
+
}
|
|
21
|
+
const publicKey = derivePublicKey(normalizedPrivateKey);
|
|
22
|
+
const nickname = options.nickname?.trim() ? options.nickname.trim() : undefined;
|
|
23
|
+
return {
|
|
24
|
+
identityId: deriveRootAgentId(publicKey),
|
|
25
|
+
nickname,
|
|
26
|
+
publicKey,
|
|
27
|
+
privateKey: normalizedPrivateKey,
|
|
28
|
+
};
|
|
29
|
+
}
|
|
16
30
|
//# sourceMappingURL=identity.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"identity.js","sourceRoot":"","sources":["../../src/runtime/identity.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;
|
|
1
|
+
{"version":3,"file":"identity.js","sourceRoot":"","sources":["../../src/runtime/identity.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAC9E,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAiB5D,MAAM,UAAU,cAAc,CAAC,UAAiC,EAAE;IAChE,MAAM,OAAO,GAAG,oBAAoB,EAAE,CAAC;IACvC,IAAI,CAAC,OAAO,CAAC,SAAS,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChD,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IAChF,OAAO;QACL,UAAU,EAAE,iBAAiB,CAAC,OAAO,CAAC,SAAS,CAAC;QAChD,QAAQ;QACR,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,UAAU,EAAE,OAAO,CAAC,UAAU;KAC/B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,UAAkB,EAAE,UAAkC,EAAE;IACtF,MAAM,oBAAoB,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC;IAC/C,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7C,CAAC;IACD,MAAM,SAAS,GAAG,eAAe,CAAC,oBAAoB,CAAC,CAAC;IACxD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IAChF,OAAO;QACL,UAAU,EAAE,iBAAiB,CAAC,SAAS,CAAC;QACxC,QAAQ;QACR,SAAS;QACT,UAAU,EAAE,oBAAoB;KACjC,CAAC;AACJ,CAAC"}
|
package/dist/runtime/index.d.ts
CHANGED
|
@@ -7,7 +7,7 @@ export { derivePublicKey, LocalSigner } from "../protocol/crypto.js";
|
|
|
7
7
|
export type { IStorageProvider } from "../storage/provider.js";
|
|
8
8
|
export { FsStorageProvider } from "../storage/fs.js";
|
|
9
9
|
export { MemoryStorageProvider } from "../storage/memory.js";
|
|
10
|
-
export { createIdentity, type CreateIdentityOptions, type CreatedIdentity, } from "./identity.js";
|
|
10
|
+
export { createIdentity, restoreIdentity, type CreateIdentityOptions, type RestoreIdentityOptions, type CreatedIdentity, } from "./identity.js";
|
|
11
11
|
export { createVault, recoverVault, type CreateVaultOptions, type CreatedVault, type RecoverVaultOptions, type RecoveredVault, } from "./bootstrap.js";
|
|
12
12
|
export { createVaultCore, DefaultVaultCore, VaultCoreError, createDefaultVaultCoreDependencies, type CreateDefaultVaultCoreDependenciesOptions, type DefaultPolicyEngineOptions, DefaultPolicyEngine, createPersistentVaultCoreDependencies, initializeVaultCustody, recoverVaultWorkingKey, DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY, type InitializeVaultCustodyOptions, type InitializedVaultCustody, type CreatePersistentVaultCoreDependenciesOptions, PersistentVaultAuditLog, PersistentVaultCapabilityRegistry, PersistentVaultCapabilityRevocationRegistry, PersistentVaultCustomHttpFlowRegistry, PersistentVaultRateLimitStore, PersistentVaultReplayGuard, PersistentVaultSecretCustody, PersistentVaultSecretRepository, HttpDispatchExecutor, InMemoryAgentIdentityRegistry, InMemoryCapabilityRegistry, InMemoryCapabilityRevocationRegistry, InMemoryCustomHttpFlowRegistry, InMemoryRateLimitStore, InMemoryReplayGuard, InMemoryAuditLog, InMemoryOwnerIdentityRegistry, InMemorySecretCustody, InMemorySecretRepository, RandomIdGenerator, SignatureOwnerProofVerifier, type SignatureAgentProofVerifierOptions, SignatureAgentProofVerifier, SystemClock, type AgentCapability, type AgentIdentityRecord, type AgentProof, type OwnerAuditRequest, type OwnerExportSecretRequest, type OwnerRegisterCapabilityCommand, type OwnerRegisterAgentIdentityCommand, type OwnerRegisterCustomHttpFlowCommand, type OwnerSecretExport, type OwnerIdentityRecord, type CustomHttpFlowDefinition, type OwnerProof, type AuditEntry, type AuditLog, type AuditQuery, type Clock, type DispatchAuthorization, type DispatchInstruction, type DispatchRequest, type DispatchResult, type IdGenerator, type OwnerIdentityRegistry, type OwnerProofVerifier, type PolicyEngine, type RateLimitStore, type ReplayGuard, type CustomHttpFlowRegistry, type SecretAlias, type SecretCustody, type SecretId, type SecretRecord, type SecretRepository, type SecretVersion, type TrustedExecutor, type VaultCore, type VaultCoreDependencies, type VaultPrincipal, type VaultPrincipalKind, type VaultTargetBinding, type VaultWriteSecretCommand, type VaultId, type AgentIdentityRegistry, type AgentProofVerifier, type CapabilityRevocationRegistry, type CapabilityRegistry, } from "../vault-core/index.js";
|
|
13
13
|
export { createOwnerClient, type OwnerClient, type OwnerIdentity, type OwnerSigner, type OwnerAuditQueryInput, type OwnerExportSecretInput, type OwnerRegisterCapabilityInput, type OwnerRegisterCustomHttpFlowInput, type OwnerRegisterAgentIdentityInput, type OwnerSecretTargetBinding, type OwnerWriteSecretInput, } from "../clients/owner/index.js";
|
package/dist/runtime/index.js
CHANGED
|
@@ -6,7 +6,7 @@ export { IdentityError, IdentityErrorCode } from "../errors.js";
|
|
|
6
6
|
export { derivePublicKey, LocalSigner } from "../protocol/crypto.js";
|
|
7
7
|
export { FsStorageProvider } from "../storage/fs.js";
|
|
8
8
|
export { MemoryStorageProvider } from "../storage/memory.js";
|
|
9
|
-
export { createIdentity, } from "./identity.js";
|
|
9
|
+
export { createIdentity, restoreIdentity, } from "./identity.js";
|
|
10
10
|
export { createVault, recoverVault, } from "./bootstrap.js";
|
|
11
11
|
export { createVaultCore, DefaultVaultCore, VaultCoreError, createDefaultVaultCoreDependencies, DefaultPolicyEngine, createPersistentVaultCoreDependencies, initializeVaultCustody, recoverVaultWorkingKey, DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY, PersistentVaultAuditLog, PersistentVaultCapabilityRegistry, PersistentVaultCapabilityRevocationRegistry, PersistentVaultCustomHttpFlowRegistry, PersistentVaultRateLimitStore, PersistentVaultReplayGuard, PersistentVaultSecretCustody, PersistentVaultSecretRepository, HttpDispatchExecutor, InMemoryAgentIdentityRegistry, InMemoryCapabilityRegistry, InMemoryCapabilityRevocationRegistry, InMemoryCustomHttpFlowRegistry, InMemoryRateLimitStore, InMemoryReplayGuard, InMemoryAuditLog, InMemoryOwnerIdentityRegistry, InMemorySecretCustody, InMemorySecretRepository, RandomIdGenerator, SignatureOwnerProofVerifier, SignatureAgentProofVerifier, SystemClock, } from "../vault-core/index.js";
|
|
12
12
|
export { createOwnerClient, } from "../clients/owner/index.js";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAChE,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAErE,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EACL,cAAc,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAChE,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAErE,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EACL,cAAc,EACd,eAAe,GAIhB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,WAAW,EACX,YAAY,GAKb,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,cAAc,EACd,kCAAkC,EAGlC,mBAAmB,EACnB,qCAAqC,EACrC,sBAAsB,EACtB,sBAAsB,EACtB,kCAAkC,EAIlC,uBAAuB,EACvB,iCAAiC,EACjC,2CAA2C,EAC3C,qCAAqC,EACrC,6BAA6B,EAC7B,0BAA0B,EAC1B,4BAA4B,EAC5B,+BAA+B,EAC/B,oBAAoB,EACpB,6BAA6B,EAC7B,0BAA0B,EAC1B,oCAAoC,EACpC,8BAA8B,EAC9B,sBAAsB,EACtB,mBAAmB,EACnB,gBAAgB,EAChB,6BAA6B,EAC7B,qBAAqB,EACrB,wBAAwB,EACxB,iBAAiB,EACjB,2BAA2B,EAE3B,2BAA2B,EAC3B,WAAW,GA8CZ,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,iBAAiB,GAWlB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,iBAAiB,GAOlB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,kBAAkB,EAClB,2BAA2B,EAC3B,2BAA2B,EAC3B,6BAA6B,EAC7B,8BAA8B,EAC9B,uBAAuB,GAWxB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,mBAAmB,GACpB,MAAM,8BAA8B,CAAC"}
|
package/docs/IDENTITY_MODEL.md
CHANGED
|
@@ -76,6 +76,8 @@ These should be treated as labels, aliases, or local names rather than the deepe
|
|
|
76
76
|
|
|
77
77
|
The runtime now exposes this concept directly as optional `nickname` on `createIdentity(...)`.
|
|
78
78
|
|
|
79
|
+
For existing private keys, the runtime exposes `restoreIdentity(...)`, which reconstructs the same identity shape from the private key alone.
|
|
80
|
+
|
|
79
81
|
In other words:
|
|
80
82
|
|
|
81
83
|
- public key or a stable derived id answers "who is this cryptographically"
|
package/docs/REFERENCE.md
CHANGED
|
@@ -18,6 +18,7 @@ The main constructors are:
|
|
|
18
18
|
- `createVaultCore(...)`
|
|
19
19
|
- `createVaultService(...)`
|
|
20
20
|
- `createIdentity(...)`
|
|
21
|
+
- `restoreIdentity(...)`
|
|
21
22
|
- `createVault(...)`
|
|
22
23
|
- `recoverVault(...)`
|
|
23
24
|
- `createOwnerClient(...)`
|
|
@@ -65,6 +66,8 @@ Role rules:
|
|
|
65
66
|
|
|
66
67
|
`nickname` is human-readable only. It does not affect the derived `identityId`, cryptographic verification, or vault-local role binding.
|
|
67
68
|
|
|
69
|
+
`restoreIdentity(privateKey)` returns the same shape for an existing private key.
|
|
70
|
+
|
|
68
71
|
## Secret-Flow Model
|
|
69
72
|
|
|
70
73
|
The current HTTP-facing API supports two explicit secret-flow classes:
|
package/package.json
CHANGED