@the-ai-company/cbio-node-runtime 1.63.2 → 1.63.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +48 -209
- package/dist/clients/agent/client.d.ts +18 -40
- package/dist/clients/agent/client.js +22 -109
- package/dist/clients/agent/client.js.map +1 -1
- package/dist/clients/agent/contracts.d.ts +1 -8
- package/dist/clients/agent/index.d.ts +1 -1
- package/dist/clients/owner/client.d.ts +2 -102
- package/dist/clients/owner/client.js +119 -240
- package/dist/clients/owner/client.js.map +1 -1
- package/dist/clients/owner/contracts.d.ts +37 -70
- package/dist/clients/owner/index.d.ts +2 -4
- package/dist/clients/owner/index.js +1 -2
- package/dist/clients/owner/index.js.map +1 -1
- package/dist/internal/id-factory.d.ts +0 -2
- package/dist/internal/id-factory.js +0 -6
- package/dist/internal/id-factory.js.map +1 -1
- package/dist/protocol/identity.d.ts +1 -1
- package/dist/protocol/identity.js +3 -3
- package/dist/protocol/identity.js.map +1 -1
- package/dist/public-types.d.ts +5 -0
- package/dist/public-types.js +2 -0
- package/dist/public-types.js.map +1 -0
- package/dist/runtime/bootstrap.js.map +1 -1
- package/dist/runtime/identity.d.ts +2 -2
- package/dist/runtime/identity.js +3 -5
- package/dist/runtime/identity.js.map +1 -1
- package/dist/runtime/index.d.ts +10 -11
- package/dist/runtime/index.js +7 -8
- package/dist/runtime/index.js.map +1 -1
- package/dist/runtime/owner-session.d.ts +7 -6
- package/dist/runtime/owner-session.js +5 -6
- package/dist/runtime/owner-session.js.map +1 -1
- package/dist/storage/fs.d.ts +3 -2
- package/dist/storage/fs.js +8 -5
- package/dist/storage/fs.js.map +1 -1
- package/dist/storage/prefix.d.ts +1 -0
- package/dist/storage/prefix.js +7 -0
- package/dist/storage/prefix.js.map +1 -1
- package/dist/storage/provider.d.ts +2 -0
- package/dist/vault-core/contracts.d.ts +112 -193
- package/dist/vault-core/contracts.js +5 -8
- package/dist/vault-core/contracts.js.map +1 -1
- package/dist/vault-core/core.d.ts +127 -62
- package/dist/vault-core/core.js +500 -1182
- package/dist/vault-core/core.js.map +1 -1
- package/dist/vault-core/defaults.d.ts +26 -42
- package/dist/vault-core/defaults.js +73 -229
- package/dist/vault-core/defaults.js.map +1 -1
- package/dist/vault-core/errors.d.ts +3 -2
- package/dist/vault-core/errors.js.map +1 -1
- package/dist/vault-core/index.d.ts +5 -5
- package/dist/vault-core/index.js +2 -2
- package/dist/vault-core/index.js.map +1 -1
- package/dist/vault-core/persistence.d.ts +78 -118
- package/dist/vault-core/persistence.js +329 -421
- package/dist/vault-core/persistence.js.map +1 -1
- package/dist/vault-core/ports.d.ts +19 -24
- package/dist/vault-core/read-policy.d.ts +3 -2
- package/dist/vault-core/read-policy.js.map +1 -1
- package/dist/vault-core/tool-metadata.js +2 -2
- package/dist/vault-core/tool-metadata.js.map +1 -1
- package/dist/vault-ingress/defaults.d.ts +4 -2
- package/dist/vault-ingress/defaults.js +14 -8
- package/dist/vault-ingress/defaults.js.map +1 -1
- package/dist/vault-ingress/index.d.ts +43 -117
- package/dist/vault-ingress/index.js +98 -453
- package/dist/vault-ingress/index.js.map +1 -1
- package/dist/vault-ingress/remote-transport.d.ts +5 -3
- package/dist/vault-ingress/remote-transport.js +8 -28
- package/dist/vault-ingress/remote-transport.js.map +1 -1
- package/docs/ARCHITECTURE.md +39 -22
- package/docs/CUSTODY_MODEL.md +1 -1
- package/docs/IDENTITY_MODEL.md +5 -5
- package/docs/MIGRATION-1.51.md +19 -19
- package/docs/MIGRATION-1.65.md +61 -0
- package/docs/PROCESS_ISOLATION.md +2 -2
- package/docs/REFERENCE.md +42 -200
- package/docs/api/README.md +50 -22
- package/docs/api/classes/IdentityError.md +1 -1
- package/docs/api/classes/OwnerClientError.md +1 -1
- package/docs/api/classes/PersistentVaultAgentIdentityRegistry.md +89 -0
- package/docs/api/classes/PersistentVaultAgentSecretGrantRegistry.md +125 -0
- package/docs/api/classes/PersistentVaultAuditLog.md +65 -0
- package/docs/api/classes/PersistentVaultCustomHttpFlowRegistry.md +69 -0
- package/docs/api/classes/PersistentVaultSecretCustody.md +93 -0
- package/docs/api/classes/PersistentVaultSecretDestinationGrantRegistry.md +125 -0
- package/docs/api/classes/PersistentVaultSecretRepository.md +127 -0
- package/docs/api/classes/VaultCore.md +299 -214
- package/docs/api/classes/VaultCoreError.md +3 -3
- package/docs/api/enumerations/AuditAction.md +143 -0
- package/docs/api/enumerations/AuditOutcome.md +35 -0
- package/docs/api/enumerations/DispatchStatus.md +35 -0
- package/docs/api/enumerations/IdentityErrorCode.md +1 -1
- package/docs/api/enumerations/OwnerClientErrorCode.md +1 -1
- package/docs/api/functions/createAgentClient.md +1 -15
- package/docs/api/functions/createIdentity.md +2 -2
- package/docs/api/functions/createOwnerClient.md +17 -0
- package/docs/api/functions/createOwnerSession.md +1 -1
- package/docs/api/functions/createPersistentVaultCoreDependencies.md +4 -4
- package/docs/api/functions/createVault.md +1 -1
- package/docs/api/functions/createVaultCore.md +1 -1
- package/docs/api/functions/createVaultCoreDependencies.md +1 -1
- package/docs/api/functions/createVaultService.md +5 -9
- package/docs/api/functions/createWorkspaceStorage.md +1 -1
- package/docs/api/functions/deriveRootAgentId.md +17 -0
- package/docs/api/functions/deriveVaultWorkingKeyFromPassword.md +1 -1
- package/docs/api/functions/getDefaultWorkspaceDir.md +1 -1
- package/docs/api/functions/handleVaultAgentControlHttp.md +2 -2
- package/docs/api/functions/handleVaultHttpDispatch.md +2 -2
- package/docs/api/functions/initializeVaultCustody.md +7 -3
- package/docs/api/functions/listVaults.md +1 -1
- package/docs/api/functions/readVaultProfile.md +1 -1
- package/docs/api/functions/recoverVault.md +1 -1
- package/docs/api/functions/recoverVaultWorkingKey.md +4 -8
- package/docs/api/functions/restoreIdentity.md +1 -1
- package/docs/api/functions/updateVaultMetadata.md +1 -1
- package/docs/api/functions/writeVaultProfile.md +1 -1
- package/docs/api/interfaces/AgentClient.md +20 -59
- package/docs/api/interfaces/AgentDispatchIntent.md +1 -1
- package/docs/api/interfaces/AgentDispatchTransport.md +12 -44
- package/docs/api/interfaces/AgentIdentity.md +3 -3
- package/docs/api/interfaces/AgentIdentityRecord.md +47 -0
- package/docs/api/interfaces/AgentRequestResult.md +35 -0
- package/docs/api/interfaces/AgentRuntimeManifest.md +55 -0
- package/docs/api/interfaces/AgentSecretGrant.md +41 -0
- package/docs/api/interfaces/AgentSigner.md +1 -1
- package/docs/api/interfaces/AgentVisibleRequestRecord.md +53 -0
- package/docs/api/interfaces/AgentVisibleSecretRecord.md +65 -0
- package/docs/api/interfaces/AuditEntry.md +83 -0
- package/docs/api/interfaces/CbioRuntime.md +13 -150
- package/docs/api/interfaces/CreateAgentClientOptions.md +4 -10
- package/docs/api/interfaces/CreateIdentityOptions.md +1 -1
- package/docs/api/interfaces/{CreateVaultClientOptions.md → CreateOwnerClientOptions.md} +9 -11
- package/docs/api/interfaces/CreateOwnerSessionOptions.md +3 -117
- package/docs/api/interfaces/CreatePersistentVaultCoreDependenciesOptions.md +3 -131
- package/docs/api/interfaces/CreateVaultOptions.md +1 -121
- package/docs/api/interfaces/CreatedVault.md +2 -2
- package/docs/api/interfaces/CustomHttpFlowDefinition.md +71 -0
- package/docs/api/interfaces/DefaultPolicyEngineOptions.md +1 -13
- package/docs/api/interfaces/DispatchAuthorization.md +43 -0
- package/docs/api/interfaces/DispatchInstruction.md +47 -0
- package/docs/api/interfaces/DispatchRequest.md +83 -0
- package/docs/api/interfaces/DispatchResult.md +53 -0
- package/docs/api/interfaces/IStorageProvider.md +13 -1
- package/docs/api/interfaces/InitializeVaultCustodyOptions.md +31 -11
- package/docs/api/interfaces/InitializedVaultCustody.md +1 -7
- package/docs/api/interfaces/OwnerAgentProvisionResult.md +2 -2
- package/docs/api/interfaces/OwnerClient.md +417 -0
- package/docs/api/interfaces/OwnerCreateSecretInput.md +1 -1
- package/docs/api/interfaces/OwnerRemoveSecretInput.md +1 -1
- package/docs/api/interfaces/OwnerRequestRecord.md +97 -0
- package/docs/api/interfaces/OwnerSensitiveActionConfirmation.md +1 -1
- package/docs/api/interfaces/OwnerSensitiveActionContext.md +1 -1
- package/docs/api/interfaces/OwnerSession.md +3 -3
- package/docs/api/interfaces/OwnerUpdateSecretInput.md +1 -1
- package/docs/api/interfaces/OwnerVisibleRequestRecord.md +73 -0
- package/docs/api/interfaces/RecoverVaultOptions.md +1 -121
- package/docs/api/interfaces/RecoveredVault.md +2 -2
- package/docs/api/interfaces/RequestRecord.md +107 -0
- package/docs/api/interfaces/RestoreIdentityOptions.md +1 -1
- package/docs/api/interfaces/SecretAlias.md +11 -0
- package/docs/api/interfaces/SecretDestinationGrant.md +41 -0
- package/docs/api/interfaces/SecretId.md +11 -0
- package/docs/api/interfaces/SecretRecord.md +89 -0
- package/docs/api/interfaces/Signer.md +1 -1
- package/docs/api/interfaces/VaultApproveDispatchInput.md +3 -9
- package/docs/api/interfaces/VaultAuditQueryInput.md +1 -1
- package/docs/api/interfaces/VaultCoreDependenciesOptions.md +1 -5
- package/docs/api/interfaces/VaultCreateAgentInput.md +1 -1
- package/docs/api/interfaces/VaultExportSecretInput.md +1 -1
- package/docs/api/interfaces/VaultGetRequestInput.md +17 -0
- package/docs/api/interfaces/VaultGrantAgentSecretInput.md +23 -0
- package/docs/api/interfaces/VaultGrantSecretDestinationInput.md +23 -0
- package/docs/api/interfaces/VaultId.md +11 -0
- package/docs/api/interfaces/VaultImportAgentInput.md +1 -1
- package/docs/api/interfaces/VaultIssueSessionTokenInput.md +5 -5
- package/docs/api/interfaces/VaultListAgentsInput.md +1 -1
- package/docs/api/interfaces/VaultListGrantsInput.md +23 -0
- package/docs/api/interfaces/VaultListRequestsInput.md +17 -0
- package/docs/api/interfaces/VaultListSecretsInput.md +1 -1
- package/docs/api/interfaces/VaultMetadata.md +1 -1
- package/docs/api/interfaces/VaultObject.md +2 -2
- package/docs/api/interfaces/VaultPrincipal.md +17 -0
- package/docs/api/interfaces/VaultProfile.md +1 -1
- package/docs/api/interfaces/VaultReadAgentPrivateKeyInput.md +7 -7
- package/docs/api/interfaces/VaultReadSecretPlaintextInput.md +1 -1
- package/docs/api/interfaces/VaultRegisterFlowInput.md +1 -1
- package/docs/api/interfaces/VaultRevokeAgentSecretInput.md +23 -0
- package/docs/api/interfaces/VaultRevokeSecretDestinationInput.md +23 -0
- package/docs/api/interfaces/VaultRevokeSessionTokenInput.md +1 -1
- package/docs/api/interfaces/VaultService.md +547 -0
- package/docs/api/interfaces/VaultUpdateAgentInput.md +7 -7
- package/docs/api/type-aliases/AgentId.md +7 -0
- package/docs/api/type-aliases/CbioRuntimeModule.md +1 -1
- package/docs/api/type-aliases/DispatchApprovalDecision.md +7 -0
- package/docs/api/type-aliases/GrantStatus.md +7 -0
- package/docs/api/type-aliases/SecretLifecycleStatus.md +7 -0
- package/docs/api/type-aliases/VaultPrincipalKind.md +7 -0
- package/docs/api/variables/DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY.md +2 -2
- package/docs/es/README.md +3 -3
- package/docs/fr/README.md +3 -3
- package/docs/ja/README.md +5 -5
- package/docs/ko/README.md +5 -5
- package/docs/pt/README.md +3 -3
- package/docs/zh/PROCESS_ISOLATION.md +2 -2
- package/docs/zh/README.md +24 -24
- package/examples/process-isolation.ts +26 -35
- package/package.json +3 -2
- package/docs/api/functions/createOwnerHttpFlowBoundary.md +0 -17
- package/docs/api/functions/createStandardAcquireBoundary.md +0 -31
- package/docs/api/functions/createStandardDispatchBoundary.md +0 -23
- package/docs/api/functions/createVaultClient.md +0 -32
- package/docs/api/functions/deriveIdentityId.md +0 -17
- package/docs/api/functions/wrapVaultCoreAsVaultService.md +0 -31
- package/docs/api/interfaces/AgentSubmitCapabilityRequestInput.md +0 -41
- package/docs/api/interfaces/VaultApproveCapabilityRequestInput.md +0 -23
- package/docs/api/interfaces/VaultClient.md +0 -473
- package/docs/api/interfaces/VaultGrantCapabilityInput.md +0 -79
- package/docs/api/interfaces/VaultGrantCapabilityRequest.md +0 -23
- package/docs/api/interfaces/VaultIdentity.md +0 -11
- package/docs/api/interfaces/VaultListCapabilitiesInput.md +0 -17
- package/docs/api/interfaces/VaultRevokeCapabilityInput.md +0 -23
- package/docs/api/interfaces/VaultSigner.md +0 -21
- package/docs/api/interfaces/VaultSubmitCapabilityRequestInput.md +0 -73
- package/docs/api/type-aliases/AgentCapabilityEnvelope.md +0 -7
- package/docs/api/type-aliases/AgentVisibleSecretRecord.md +0 -7
- package/docs/api/type-aliases/OwnerGrantCapabilityInput.md +0 -7
|
@@ -1,6 +1,3 @@
|
|
|
1
|
-
import { createVaultCore, DispatchStatus, } from "../vault-core/index.js";
|
|
2
|
-
import { applyResponseReadPolicy } from "../vault-core/read-policy.js";
|
|
3
|
-
import { createOwnerHttpFlowBoundary, createStandardAcquireBoundary, toOwnerHttpFlowBoundary, } from "./flow-factories.js";
|
|
4
1
|
function redactResponseShapeValue(value) {
|
|
5
2
|
if (value === null || value === undefined) {
|
|
6
3
|
return null;
|
|
@@ -15,37 +12,14 @@ function redactResponseShapeValue(value) {
|
|
|
15
12
|
}
|
|
16
13
|
class LocalVaultService {
|
|
17
14
|
_authority;
|
|
18
|
-
_customFlows;
|
|
19
|
-
_clock;
|
|
20
15
|
_fetchImpl;
|
|
21
|
-
constructor(_authority,
|
|
16
|
+
constructor(_authority, _fetchImpl = fetch) {
|
|
22
17
|
this._authority = _authority;
|
|
23
|
-
this._customFlows = _customFlows;
|
|
24
|
-
this._clock = _clock;
|
|
25
18
|
this._fetchImpl = _fetchImpl;
|
|
26
19
|
}
|
|
27
20
|
get vaultId() {
|
|
28
21
|
return this._authority.vaultId;
|
|
29
22
|
}
|
|
30
|
-
async resolveSecretId(alias) {
|
|
31
|
-
if (!alias)
|
|
32
|
-
return undefined;
|
|
33
|
-
const record = await this._authority._deps.secrets.getByAlias({ value: alias });
|
|
34
|
-
return record?.secretId.value;
|
|
35
|
-
}
|
|
36
|
-
async resolveSecretIds(aliases) {
|
|
37
|
-
if (!aliases?.length)
|
|
38
|
-
return undefined;
|
|
39
|
-
const resolved = await Promise.all(aliases.map((alias) => this.resolveSecretId(alias)));
|
|
40
|
-
const filtered = resolved.filter((value) => typeof value === "string");
|
|
41
|
-
return filtered.length > 0 ? filtered : undefined;
|
|
42
|
-
}
|
|
43
|
-
ownerOnCapabilityState(callback) {
|
|
44
|
-
return this._authority.ownerOnCapabilityState(callback);
|
|
45
|
-
}
|
|
46
|
-
ownerRegisterCapability(request) {
|
|
47
|
-
return this._authority.ownerRegisterCapability(request);
|
|
48
|
-
}
|
|
49
23
|
ownerRegisterAgentIdentity(request) {
|
|
50
24
|
return this._authority.ownerRegisterAgentIdentity(request);
|
|
51
25
|
}
|
|
@@ -67,501 +41,172 @@ class LocalVaultService {
|
|
|
67
41
|
ownerWriteSecret(request) {
|
|
68
42
|
return this._authority.ownerWriteSecret(request);
|
|
69
43
|
}
|
|
70
|
-
|
|
71
|
-
return
|
|
44
|
+
ownerReadAudit(request) {
|
|
45
|
+
return this._authority.ownerReadAudit(request.actor, request.query);
|
|
72
46
|
}
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
return this.redactResponseShape(payload);
|
|
76
|
-
}
|
|
77
|
-
const record = payload;
|
|
78
|
-
const response = {};
|
|
79
|
-
switch (flow) {
|
|
80
|
-
case "oauth_token_response.access_token":
|
|
81
|
-
case "oauth_token_response.refresh_token":
|
|
82
|
-
case "openid_token_response.id_token": {
|
|
83
|
-
if ("token_type" in record) {
|
|
84
|
-
response.token_type = typeof record.token_type === "string" ? record.token_type : null;
|
|
85
|
-
}
|
|
86
|
-
if ("expires_in" in record) {
|
|
87
|
-
response.expires_in = typeof record.expires_in === "number" ? record.expires_in : null;
|
|
88
|
-
}
|
|
89
|
-
if ("scope" in record) {
|
|
90
|
-
response.scope = typeof record.scope === "string" ? record.scope : null;
|
|
91
|
-
}
|
|
92
|
-
break;
|
|
93
|
-
}
|
|
94
|
-
}
|
|
95
|
-
return response;
|
|
47
|
+
ownerExportSecret(request) {
|
|
48
|
+
return this._authority.ownerExportSecret(request.actor, request.alias);
|
|
96
49
|
}
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
throw new Error("VAULT_ACQUISITION_RESPONSE_INVALID");
|
|
100
|
-
}
|
|
101
|
-
const record = payload;
|
|
102
|
-
switch (flow) {
|
|
103
|
-
case "oauth_token_response.access_token": {
|
|
104
|
-
if (typeof record.access_token !== "string" || !record.access_token) {
|
|
105
|
-
throw new Error("VAULT_ACQUISITION_SECRET_NOT_FOUND");
|
|
106
|
-
}
|
|
107
|
-
return record.access_token;
|
|
108
|
-
}
|
|
109
|
-
case "oauth_token_response.refresh_token": {
|
|
110
|
-
if (typeof record.refresh_token !== "string" || !record.refresh_token) {
|
|
111
|
-
throw new Error("VAULT_ACQUISITION_SECRET_NOT_FOUND");
|
|
112
|
-
}
|
|
113
|
-
return record.refresh_token;
|
|
114
|
-
}
|
|
115
|
-
case "openid_token_response.id_token": {
|
|
116
|
-
if (typeof record.id_token !== "string" || !record.id_token) {
|
|
117
|
-
throw new Error("VAULT_ACQUISITION_SECRET_NOT_FOUND");
|
|
118
|
-
}
|
|
119
|
-
return record.id_token;
|
|
120
|
-
}
|
|
121
|
-
}
|
|
50
|
+
ownerListAgents(request) {
|
|
51
|
+
return this._authority.ownerListAgents(request.actor);
|
|
122
52
|
}
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
return null;
|
|
126
|
-
}
|
|
127
|
-
if (contentType?.includes("json")) {
|
|
128
|
-
return JSON.parse(rawPayload);
|
|
129
|
-
}
|
|
130
|
-
try {
|
|
131
|
-
return JSON.parse(rawPayload);
|
|
132
|
-
}
|
|
133
|
-
catch {
|
|
134
|
-
return rawPayload;
|
|
135
|
-
}
|
|
53
|
+
ownerListRequests(request) {
|
|
54
|
+
return this._authority.ownerListRequests(request.actor, request.rootAgentId);
|
|
136
55
|
}
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
method: request.method ?? "GET",
|
|
140
|
-
headers: request.headers,
|
|
141
|
-
body: request.body,
|
|
142
|
-
});
|
|
143
|
-
const contentType = response.headers.get("content-type");
|
|
144
|
-
const rawBody = await response.text();
|
|
145
|
-
return {
|
|
146
|
-
contentType,
|
|
147
|
-
rawBody,
|
|
148
|
-
parsedBody: this.parseRawResponse(contentType, rawBody),
|
|
149
|
-
responseStatus: response.status,
|
|
150
|
-
};
|
|
151
|
-
}
|
|
152
|
-
toCustomFlowResponseBody(rawBody, contentType, visibility) {
|
|
153
|
-
if (visibility !== "shape_only") {
|
|
154
|
-
return rawBody;
|
|
155
|
-
}
|
|
156
|
-
return JSON.stringify(this.redactResponseShape(this.parseRawResponse(contentType ?? null, rawBody ?? "")));
|
|
56
|
+
ownerGetRequest(request) {
|
|
57
|
+
return this._authority.ownerGetRequest(request.actor, request.targetRequestId);
|
|
157
58
|
}
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
const value = payload[flow.responseSecret.field];
|
|
167
|
-
if (typeof value !== "string" || !value) {
|
|
168
|
-
throw new Error("VAULT_CUSTOM_FLOW_SECRET_NOT_FOUND");
|
|
169
|
-
}
|
|
170
|
-
return value;
|
|
171
|
-
}
|
|
172
|
-
return null;
|
|
59
|
+
ownerListSecrets(request) {
|
|
60
|
+
return this._authority.ownerListSecrets(request.owner);
|
|
61
|
+
}
|
|
62
|
+
ownerGrantAgentSecret(request) {
|
|
63
|
+
return this._authority.ownerGrantAgentSecret(request.actor, request.rootAgentId, request.secretAlias, request);
|
|
64
|
+
}
|
|
65
|
+
ownerGrantSecretDestination(request) {
|
|
66
|
+
return this._authority.ownerGrantSecretDestination(request.actor, request.secretAlias, request.domain, request);
|
|
173
67
|
}
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
kind: "trusted_issuer",
|
|
192
|
-
id: request.issuerId,
|
|
193
|
-
},
|
|
194
|
-
alias: request.alias,
|
|
195
|
-
plaintext: this.extractSecretForFlow(request.flow, payload.parsedBody),
|
|
196
|
-
issuerSiteId: request.issuerId,
|
|
197
|
-
source: { kind: "request", requestId },
|
|
198
|
-
requestedAt: request.requestedAt ?? (this._clock?.nowIso() ?? new Date().toISOString()),
|
|
199
|
-
});
|
|
200
|
-
return {
|
|
201
|
-
vaultId: this._authority.vaultId,
|
|
202
|
-
alias: request.alias,
|
|
203
|
-
status: "stored",
|
|
204
|
-
responseStatus: payload.responseStatus,
|
|
205
|
-
contentType: payload.contentType,
|
|
206
|
-
responseShape: this.buildAcquireResponseShape(request.flow, payload.parsedBody),
|
|
207
|
-
};
|
|
68
|
+
ownerRevokeAgentSecret(request) {
|
|
69
|
+
return this._authority.ownerRevokeAgentSecret(request.actor, request.rootAgentId, request.secretAlias, request);
|
|
70
|
+
}
|
|
71
|
+
ownerRevokeSecretDestination(request) {
|
|
72
|
+
return this._authority.ownerRevokeSecretDestination(request.actor, request.secretAlias, request.domain, request);
|
|
73
|
+
}
|
|
74
|
+
ownerListGrants(request) {
|
|
75
|
+
return this._authority.ownerListGrants(request.actor, request.rootAgentId, request.secretAlias);
|
|
76
|
+
}
|
|
77
|
+
ownerIssueSessionToken(request) {
|
|
78
|
+
return this._authority.ownerIssueSessionToken(request);
|
|
79
|
+
}
|
|
80
|
+
ownerIssueAllAgentSessionTokens(actor) {
|
|
81
|
+
return this._authority.ownerIssueAllAgentSessionTokens(actor);
|
|
82
|
+
}
|
|
83
|
+
ownerRevokeSessionToken(request) {
|
|
84
|
+
return this._authority.ownerRevokeSessionToken(request);
|
|
208
85
|
}
|
|
209
86
|
agentDispatch(request) {
|
|
210
87
|
return this._authority.agentDispatchSecret(request);
|
|
211
88
|
}
|
|
89
|
+
ownerApproveDispatch(request) {
|
|
90
|
+
return this._authority.ownerApproveDispatch(request.actor, request.requestId, request.decision);
|
|
91
|
+
}
|
|
92
|
+
ownerOnPendingDispatch(callback) {
|
|
93
|
+
return this._authority.ownerOnPendingDispatch(callback);
|
|
94
|
+
}
|
|
95
|
+
agentListSecrets(request) {
|
|
96
|
+
return this._authority.agentListSecrets(request);
|
|
97
|
+
}
|
|
98
|
+
agentListRequests(request) {
|
|
99
|
+
return this._authority.agentListRequests(request);
|
|
100
|
+
}
|
|
101
|
+
agentGetRequest(request) {
|
|
102
|
+
return this._authority.agentGetRequest(request);
|
|
103
|
+
}
|
|
104
|
+
agentGetRuntimeManifest(request) {
|
|
105
|
+
return this._authority.agentGetRuntimeManifest(request);
|
|
106
|
+
}
|
|
212
107
|
async agentHandleDispatch(request) {
|
|
213
108
|
try {
|
|
214
|
-
const vaultId = { value: request.vaultId };
|
|
215
|
-
const capability = await this.resolveCapability(vaultId, request.agentId, request.capabilityId);
|
|
216
|
-
const secretId = await this.resolveSecretId(request.secretAlias);
|
|
217
|
-
const customFlow = capability?.operation === "custom_http"
|
|
218
|
-
? await this.resolveCustomFlow(vaultId, capability.customFlowId)
|
|
219
|
-
: null;
|
|
220
|
-
const boundary = customFlow
|
|
221
|
-
? toOwnerHttpFlowBoundary(customFlow)
|
|
222
|
-
: createOwnerHttpFlowBoundary({
|
|
223
|
-
mode: "send_secret",
|
|
224
|
-
targetUrl: request.targetUrl,
|
|
225
|
-
method: request.method,
|
|
226
|
-
responseVisibility: "passthrough",
|
|
227
|
-
});
|
|
228
|
-
if (customFlow) {
|
|
229
|
-
if (request.targetUrl !== boundary.targetUrl || request.method.toUpperCase() !== boundary.method.toUpperCase()) {
|
|
230
|
-
throw new Error("VAULT_CUSTOM_FLOW_BINDING_MISMATCH");
|
|
231
|
-
}
|
|
232
|
-
}
|
|
233
|
-
if (boundary.mode === "acquire_secret") {
|
|
234
|
-
if (!customFlow) {
|
|
235
|
-
throw new Error("VAULT_CUSTOM_FLOW_NOT_FOUND");
|
|
236
|
-
}
|
|
237
|
-
const authorization = await this._authority.agentAuthorizeDispatch({
|
|
238
|
-
vaultId,
|
|
239
|
-
requestId: request.requestId,
|
|
240
|
-
requestedAt: request.requestedAt,
|
|
241
|
-
agent: {
|
|
242
|
-
kind: "agent",
|
|
243
|
-
id: request.agentId,
|
|
244
|
-
},
|
|
245
|
-
capability,
|
|
246
|
-
proof: {
|
|
247
|
-
agentId: request.agentId,
|
|
248
|
-
signature: request.proof.signature,
|
|
249
|
-
token: request.proof.token,
|
|
250
|
-
requestId: request.requestId,
|
|
251
|
-
requestedAt: request.requestedAt,
|
|
252
|
-
},
|
|
253
|
-
secretId: undefined,
|
|
254
|
-
reason: request.reason,
|
|
255
|
-
targetUrl: request.targetUrl,
|
|
256
|
-
method: request.method,
|
|
257
|
-
headers: request.headers,
|
|
258
|
-
body: request.body,
|
|
259
|
-
});
|
|
260
|
-
if (authorization.decision !== "allow") {
|
|
261
|
-
throw new Error("VAULT_CUSTOM_FLOW_DENIED");
|
|
262
|
-
}
|
|
263
|
-
const payload = await this.fetchAndParse({
|
|
264
|
-
url: request.targetUrl,
|
|
265
|
-
method: request.method,
|
|
266
|
-
headers: request.headers,
|
|
267
|
-
body: request.body,
|
|
268
|
-
});
|
|
269
|
-
const acquiredSecret = this.extractCustomFlowSecret(customFlow, payload.parsedBody);
|
|
270
|
-
if (!acquiredSecret || !customFlow.responseSecret) {
|
|
271
|
-
throw new Error("VAULT_CUSTOM_FLOW_SECRET_NOT_FOUND");
|
|
272
|
-
}
|
|
273
|
-
await this._authority._storeCustomFlowSecret(customFlow, customFlow.responseSecret.storeAlias, acquiredSecret);
|
|
274
|
-
return {
|
|
275
|
-
ok: true,
|
|
276
|
-
result: {
|
|
277
|
-
vaultId,
|
|
278
|
-
requestId: request.requestId,
|
|
279
|
-
status: DispatchStatus.SUCCEEDED,
|
|
280
|
-
targetUrl: request.targetUrl,
|
|
281
|
-
method: request.method,
|
|
282
|
-
responseStatus: payload.responseStatus,
|
|
283
|
-
responseBody: applyResponseReadPolicy(this.toCustomFlowResponseBody(payload.rawBody, payload.contentType, boundary.responseVisibility), capability?.read ?? { paths: [] }),
|
|
284
|
-
},
|
|
285
|
-
};
|
|
286
|
-
}
|
|
287
109
|
const result = await this._authority.agentDispatchSecret({
|
|
288
|
-
vaultId,
|
|
110
|
+
vaultId: { value: request.vaultId },
|
|
289
111
|
requestId: request.requestId,
|
|
290
112
|
requestedAt: request.requestedAt,
|
|
291
|
-
agent: {
|
|
292
|
-
kind: "agent",
|
|
293
|
-
id: request.agentId,
|
|
294
|
-
},
|
|
295
|
-
capability,
|
|
113
|
+
agent: { kind: "agent", id: request.rootAgentId },
|
|
296
114
|
proof: {
|
|
297
|
-
|
|
115
|
+
rootAgentId: request.rootAgentId,
|
|
298
116
|
signature: request.proof.signature,
|
|
299
117
|
token: request.proof.token,
|
|
300
118
|
requestId: request.requestId,
|
|
301
119
|
requestedAt: request.requestedAt,
|
|
302
120
|
},
|
|
303
|
-
secretId,
|
|
304
|
-
secretAlias: request.secretAlias,
|
|
305
121
|
reason: request.reason,
|
|
122
|
+
secretAlias: request.secretAlias,
|
|
306
123
|
targetUrl: request.targetUrl,
|
|
307
124
|
method: request.method,
|
|
308
125
|
headers: request.headers,
|
|
309
126
|
body: request.body,
|
|
310
127
|
});
|
|
311
|
-
|
|
312
|
-
if (!customFlow) {
|
|
313
|
-
throw new Error("VAULT_CUSTOM_FLOW_NOT_FOUND");
|
|
314
|
-
}
|
|
315
|
-
const parsedBody = this.parseBody(result.responseBody);
|
|
316
|
-
const acquiredSecret = this.extractCustomFlowSecret(customFlow, parsedBody);
|
|
317
|
-
if (!acquiredSecret || !customFlow.responseSecret) {
|
|
318
|
-
throw new Error("VAULT_CUSTOM_FLOW_SECRET_NOT_FOUND");
|
|
319
|
-
}
|
|
320
|
-
await this._authority._storeCustomFlowSecret(customFlow, customFlow.responseSecret.storeAlias, acquiredSecret);
|
|
321
|
-
}
|
|
322
|
-
return {
|
|
323
|
-
ok: true,
|
|
324
|
-
result: {
|
|
325
|
-
...result,
|
|
326
|
-
responseBody: applyResponseReadPolicy(this.toCustomFlowResponseBody(result.responseBody, null, boundary.responseVisibility), capability?.read ?? { paths: [] }),
|
|
327
|
-
},
|
|
328
|
-
};
|
|
128
|
+
return { ok: true, result };
|
|
329
129
|
}
|
|
330
130
|
catch (error) {
|
|
331
|
-
const message = error instanceof Error ? error.message : String(error);
|
|
332
|
-
const code = error instanceof Error && "code" in error && typeof error.code === "string"
|
|
333
|
-
? error.code
|
|
334
|
-
: "VAULT_AGENT_DISPATCH_REJECTED";
|
|
335
131
|
return {
|
|
336
132
|
ok: false,
|
|
337
|
-
error: {
|
|
133
|
+
error: {
|
|
134
|
+
code: error.code || "VAULT_DISPATCH_FAILED",
|
|
135
|
+
message: error instanceof Error ? error.message : String(error),
|
|
136
|
+
},
|
|
338
137
|
};
|
|
339
138
|
}
|
|
340
139
|
}
|
|
341
|
-
ownerReadAudit(request) {
|
|
342
|
-
return this._authority.ownerReadAudit(request.actor, request.query, {
|
|
343
|
-
requestId: request.requestId,
|
|
344
|
-
requestedAt: request.requestedAt,
|
|
345
|
-
});
|
|
346
|
-
}
|
|
347
|
-
ownerExportSecret(request) {
|
|
348
|
-
return this._authority.ownerExportSecret(request.actor, request.alias, {
|
|
349
|
-
requestId: request.requestId,
|
|
350
|
-
requestedAt: request.requestedAt,
|
|
351
|
-
});
|
|
352
|
-
}
|
|
353
|
-
ownerDeleteSecret(request) {
|
|
354
|
-
return this._authority.ownerRemoveSecret(request);
|
|
355
|
-
}
|
|
356
|
-
async ownerListAgents(request) {
|
|
357
|
-
return await this._authority.ownerListAgents(request.actor, request);
|
|
358
|
-
}
|
|
359
|
-
async ownerListCapabilities(request) {
|
|
360
|
-
return await this._authority.ownerListCapabilities(request.actor, request.agentId, request);
|
|
361
|
-
}
|
|
362
|
-
async ownerListRequests(request) {
|
|
363
|
-
return await this._authority.ownerListRequests(request.actor, request.agentId, request);
|
|
364
|
-
}
|
|
365
|
-
async ownerGetRequest(request) {
|
|
366
|
-
return await this._authority.ownerGetRequest(request.actor, request.targetRequestId, request);
|
|
367
|
-
}
|
|
368
|
-
async ownerListSecrets(request) {
|
|
369
|
-
return await this._authority.ownerListSecrets(request.owner, request);
|
|
370
|
-
}
|
|
371
|
-
async ownerRevokeCapability(command) {
|
|
372
|
-
return await this._authority.ownerRevokeCapability(command);
|
|
373
|
-
}
|
|
374
|
-
async ownerIssueSessionToken(request) {
|
|
375
|
-
return await this._authority.ownerIssueSessionToken(request);
|
|
376
|
-
}
|
|
377
|
-
async ownerIssueAllAgentSessionTokens(request) {
|
|
378
|
-
return await this._authority.ownerIssueAllAgentSessionTokens(request.actor);
|
|
379
|
-
}
|
|
380
|
-
async ownerRevokeSessionToken(request) {
|
|
381
|
-
return this._authority.ownerRevokeSessionToken(request);
|
|
382
|
-
}
|
|
383
|
-
ownerSubmitCapabilityRequest(request) {
|
|
384
|
-
return this._authority.ownerSubmitCapabilityRequest(request);
|
|
385
|
-
}
|
|
386
|
-
ownerApproveCapabilityRead(request) {
|
|
387
|
-
return this._authority.ownerApproveCapabilityRead(request);
|
|
388
|
-
}
|
|
389
|
-
ownerListCapabilityStates(request) {
|
|
390
|
-
return this._authority.ownerListCapabilityStates(request);
|
|
391
|
-
}
|
|
392
|
-
ownerAllowOnce(request) {
|
|
393
|
-
return this._authority.ownerAllowOnce(request);
|
|
394
|
-
}
|
|
395
|
-
ownerAllowAlways(request) {
|
|
396
|
-
return this._authority.ownerAllowAlways(request);
|
|
397
|
-
}
|
|
398
|
-
ownerDeny(request) {
|
|
399
|
-
return this._authority.ownerDeny(request);
|
|
400
|
-
}
|
|
401
|
-
agentListCapabilities(request) {
|
|
402
|
-
return this._authority.agentListCapabilities(request);
|
|
403
|
-
}
|
|
404
|
-
agentListSecrets(request) {
|
|
405
|
-
return this._authority.agentListSecrets(request);
|
|
406
|
-
}
|
|
407
|
-
agentListRequests(request) {
|
|
408
|
-
return this._authority.agentListRequests(request);
|
|
409
|
-
}
|
|
410
|
-
agentGetRequest(request) {
|
|
411
|
-
return this._authority.agentGetRequest(request);
|
|
412
|
-
}
|
|
413
|
-
agentGetRuntimeManifest(request) {
|
|
414
|
-
return this._authority.agentGetRuntimeManifest(request);
|
|
415
|
-
}
|
|
416
|
-
agentSubmitCapabilityRequest(request) {
|
|
417
|
-
return this._authority.agentSubmitCapabilityRequest(request);
|
|
418
|
-
}
|
|
419
140
|
async agentHandleControl(request) {
|
|
420
141
|
try {
|
|
421
142
|
const base = {
|
|
422
143
|
vaultId: { value: request.vaultId },
|
|
423
144
|
requestId: request.requestId,
|
|
424
145
|
requestedAt: request.requestedAt,
|
|
425
|
-
agent: { kind: "agent", id: request.
|
|
146
|
+
agent: { kind: "agent", id: request.rootAgentId },
|
|
426
147
|
proof: {
|
|
427
|
-
|
|
148
|
+
rootAgentId: request.rootAgentId,
|
|
428
149
|
signature: request.proof.signature,
|
|
429
150
|
token: request.proof.token,
|
|
430
151
|
requestId: request.requestId,
|
|
431
152
|
requestedAt: request.requestedAt,
|
|
432
153
|
},
|
|
433
154
|
};
|
|
155
|
+
let result;
|
|
434
156
|
switch (request.action) {
|
|
435
|
-
case "list_capabilities":
|
|
436
|
-
return { ok: true, result: await this.agentListCapabilities(base) };
|
|
437
157
|
case "list_secrets":
|
|
438
|
-
|
|
158
|
+
result = await this.agentListSecrets(base);
|
|
159
|
+
break;
|
|
439
160
|
case "list_requests":
|
|
440
|
-
|
|
161
|
+
result = await this.agentListRequests(base);
|
|
162
|
+
break;
|
|
441
163
|
case "read_request_result":
|
|
442
|
-
|
|
164
|
+
result = await this.agentGetRequest({ ...base, targetRequestId: request.targetRequestId });
|
|
165
|
+
break;
|
|
443
166
|
case "get_manifest":
|
|
444
|
-
|
|
445
|
-
|
|
446
|
-
{
|
|
447
|
-
const secretIds = await this.resolveSecretIds(request.secretAliases);
|
|
448
|
-
return {
|
|
449
|
-
ok: true,
|
|
450
|
-
result: await this.agentSubmitCapabilityRequest({
|
|
451
|
-
...base,
|
|
452
|
-
capability: {
|
|
453
|
-
operation: request.operation ?? "dispatch_http",
|
|
454
|
-
write: {
|
|
455
|
-
secretIds,
|
|
456
|
-
scope: request.write.scope,
|
|
457
|
-
methods: [...request.write.methods],
|
|
458
|
-
},
|
|
459
|
-
read: {
|
|
460
|
-
paths: [...request.read.paths],
|
|
461
|
-
},
|
|
462
|
-
},
|
|
463
|
-
reason: request.reason,
|
|
464
|
-
}),
|
|
465
|
-
};
|
|
466
|
-
}
|
|
167
|
+
result = await this.agentGetRuntimeManifest(base);
|
|
168
|
+
break;
|
|
467
169
|
}
|
|
170
|
+
return { ok: true, result };
|
|
468
171
|
}
|
|
469
172
|
catch (error) {
|
|
470
|
-
|
|
471
|
-
const code = error instanceof Error && "code" in error && typeof error.code === "string"
|
|
472
|
-
? error.code
|
|
473
|
-
: "VAULT_AGENT_CONTROL_REJECTED";
|
|
474
|
-
return { ok: false, error: { code, message } };
|
|
173
|
+
return { ok: false, error: { code: error.code || "VAULT_CONTROL_FAILED", message: error instanceof Error ? error.message : String(error) } };
|
|
475
174
|
}
|
|
476
175
|
}
|
|
477
176
|
async ownerHandleControl(request) {
|
|
478
|
-
const owner = { kind: "owner", id: request.ownerId ?? "vault-master" };
|
|
479
|
-
const vaultId = { value: request.vaultId };
|
|
480
177
|
try {
|
|
178
|
+
const actor = { kind: "owner", id: request.actorId || "owner" };
|
|
179
|
+
let result;
|
|
481
180
|
switch (request.action) {
|
|
482
|
-
case "list_capability_states":
|
|
483
|
-
return { ok: true, result: await this.ownerListCapabilityStates({ vaultId, owner, agentId: request.agentId, writeGranted: request.writeGranted, readGranted: request.readGranted }) };
|
|
484
|
-
case "approve_capability_read":
|
|
485
|
-
return {
|
|
486
|
-
ok: true,
|
|
487
|
-
result: await this.ownerApproveCapabilityRead({
|
|
488
|
-
vaultId,
|
|
489
|
-
requestId: request.requestId,
|
|
490
|
-
owner,
|
|
491
|
-
read: request.read ? { paths: [...request.read.paths] } : undefined,
|
|
492
|
-
}),
|
|
493
|
-
};
|
|
494
|
-
case "allow_once":
|
|
495
|
-
return { ok: true, result: await this.ownerAllowOnce({ vaultId, requestId: request.requestId, owner }) };
|
|
496
|
-
case "allow_always":
|
|
497
|
-
return { ok: true, result: await this.ownerAllowAlways({ vaultId, requestId: request.requestId, owner }) };
|
|
498
|
-
case "deny":
|
|
499
|
-
return { ok: true, result: await this.ownerDeny({ vaultId, requestId: request.requestId, owner }) };
|
|
500
181
|
case "list_agents":
|
|
501
|
-
|
|
502
|
-
|
|
503
|
-
return { ok: true, result: await this.ownerListCapabilities({ vaultId, actor: owner, agentId: request.agentId, requestId: `owner:list_capabilities:${Date.now()}`, requestedAt: this._clock?.nowIso?.() ?? new Date().toISOString() }) };
|
|
182
|
+
result = await this.ownerListAgents({ vaultId: { value: request.vaultId }, actor: { kind: "owner", id: request.actorId || "owner" }, requestId: "internal", requestedAt: new Date().toISOString() });
|
|
183
|
+
break;
|
|
504
184
|
case "list_requests":
|
|
505
|
-
|
|
185
|
+
result = await this.ownerListRequests({ vaultId: { value: request.vaultId }, actor: { kind: "owner", id: request.actorId || "owner" }, rootAgentId: request.rootAgentId, requestId: "internal", requestedAt: new Date().toISOString() });
|
|
186
|
+
break;
|
|
506
187
|
case "get_request":
|
|
507
|
-
|
|
188
|
+
result = await this.ownerGetRequest({ vaultId: { value: request.vaultId }, actor: { kind: "owner", id: request.actorId || "owner" }, targetRequestId: request.requestId, requestId: "internal", requestedAt: new Date().toISOString() });
|
|
189
|
+
break;
|
|
508
190
|
case "list_secrets":
|
|
509
|
-
|
|
191
|
+
result = await this.ownerListSecrets({ vaultId: { value: request.vaultId }, owner: { kind: "owner", id: request.actorId || "owner" } });
|
|
192
|
+
break;
|
|
193
|
+
case "list_grants":
|
|
194
|
+
result = await this.ownerListGrants({ vaultId: { value: request.vaultId }, actor: { kind: "owner", id: request.actorId || "owner" }, rootAgentId: request.rootAgentId, secretAlias: request.secretAlias, requestId: "internal", requestedAt: new Date().toISOString() });
|
|
195
|
+
break;
|
|
196
|
+
case "approve_dispatch":
|
|
197
|
+
result = await this.ownerApproveDispatch({ vaultId: { value: request.vaultId }, actor: { kind: "owner", id: request.actorId || "owner" }, requestId: request.requestId, decision: request.decision, requestedAt: new Date().toISOString() });
|
|
198
|
+
break;
|
|
510
199
|
}
|
|
200
|
+
return { ok: true, result };
|
|
511
201
|
}
|
|
512
202
|
catch (error) {
|
|
513
|
-
|
|
514
|
-
const code = error instanceof Error && "code" in error && typeof error.code === "string"
|
|
515
|
-
? error.code
|
|
516
|
-
: "VAULT_OWNER_CONTROL_REJECTED";
|
|
517
|
-
return { ok: false, error: { code, message } };
|
|
518
|
-
}
|
|
519
|
-
}
|
|
520
|
-
async resolveCapability(vaultId, agentId, capabilityId) {
|
|
521
|
-
if (!capabilityId) {
|
|
522
|
-
return undefined;
|
|
203
|
+
return { ok: false, error: { code: error.code || "VAULT_CONTROL_FAILED", message: error instanceof Error ? error.message : String(error) } };
|
|
523
204
|
}
|
|
524
|
-
const capability = await this._authority._getCapability(vaultId, agentId, capabilityId);
|
|
525
|
-
return capability ?? undefined;
|
|
526
205
|
}
|
|
527
|
-
parseBody(body) {
|
|
528
|
-
if (!body) {
|
|
529
|
-
return null;
|
|
530
|
-
}
|
|
531
|
-
try {
|
|
532
|
-
return JSON.parse(body);
|
|
533
|
-
}
|
|
534
|
-
catch {
|
|
535
|
-
return body;
|
|
536
|
-
}
|
|
537
|
-
}
|
|
538
|
-
async resolveCustomFlow(vaultId, flowId) {
|
|
539
|
-
if (!flowId) {
|
|
540
|
-
throw new Error("VAULT_CUSTOM_FLOW_NOT_PROVIDED");
|
|
541
|
-
}
|
|
542
|
-
if (!this._customFlows) {
|
|
543
|
-
throw new Error("VAULT_CUSTOM_FLOW_RESOLVER_NOT_CONFIGURED");
|
|
544
|
-
}
|
|
545
|
-
const flow = await this._customFlows.get(vaultId, flowId);
|
|
546
|
-
if (!flow) {
|
|
547
|
-
throw new Error("VAULT_CUSTOM_FLOW_NOT_FOUND");
|
|
548
|
-
}
|
|
549
|
-
return flow;
|
|
550
|
-
}
|
|
551
|
-
}
|
|
552
|
-
export function createVaultService(deps, options = {}) {
|
|
553
|
-
return new LocalVaultService(createVaultCore(deps), options.customFlows ?? deps.customFlows, options.clock, options.fetchImpl);
|
|
554
206
|
}
|
|
555
|
-
export function
|
|
556
|
-
return new LocalVaultService(
|
|
207
|
+
export function createVaultService(authority, options) {
|
|
208
|
+
return new LocalVaultService(authority, options?.fetchImpl);
|
|
557
209
|
}
|
|
558
|
-
|
|
559
|
-
export
|
|
560
|
-
export { handleVaultHttpDispatch, handleVaultAgentControlHttp } from "./server-utils.js";
|
|
561
|
-
/*
|
|
562
|
-
* Owner remote control export is intentionally disabled until it has a real
|
|
563
|
-
* authentication story. Restore the export below when that work is done.
|
|
564
|
-
*
|
|
565
|
-
* export { handleVaultOwnerControlHttp } from "./server-utils.js";
|
|
566
|
-
*/
|
|
210
|
+
/** Legacy alias for createVaultService */
|
|
211
|
+
export const wrapVaultCoreAsVaultService = createVaultService;
|
|
567
212
|
//# sourceMappingURL=index.js.map
|