@the-ai-company/cbio-node-runtime 1.63.2 → 1.63.5

package/dist/clients/agent/contracts.d.ts

@@ -7,16 +7,11 @@ export interface AgentDispatchIntent {
     body?: string;
     requestedAt?: string;
 }
-export interface AgentSubmitCapabilityRequestInput {
-    operation?: "dispatch_http" | "custom_http";
+export interface AgentRequestGrantsInput {
     secretAliases?: readonly string[];
-    write: Omit<import("../../vault-core/index.js").CapabilityWritePolicy, "secretIds">;
-    read: import("../../vault-core/index.js").CapabilityReadPolicy;
     reason: string;
     requestedAt?: string;
 }
-export type AgentCapabilityEnvelope = import("../../vault-core/index.js").AgentCapability;
-export type AgentCapabilityState = import("../../vault-core/index.js").AgentCapabilityState;
 export type AgentVisibleSecretRecord = import("../../vault-core/index.js").AgentVisibleSecretRecord;
 export type AgentVisibleRequestRecord = import("../../vault-core/index.js").AgentVisibleRequestRecord;
 export interface AgentSigner {
@@ -24,10 +19,8 @@ export interface AgentSigner {
 }
 export interface AgentDispatchTransport {
     agentDispatch(request: import("../../vault-core/index.js").DispatchRequest): Promise<import("../../vault-core/index.js").DispatchResult>;
-    agentListCapabilities(request: import("../../vault-core/index.js").AgentListCapabilitiesRequest): Promise<readonly AgentCapabilityState[]>;
     agentListSecrets(request: import("../../vault-core/index.js").AgentListSecretsRequest): Promise<readonly AgentVisibleSecretRecord[]>;
     agentListRequests(request: import("../../vault-core/index.js").AgentListRequestsRequest): Promise<readonly AgentVisibleRequestRecord[]>;
     agentGetRequest(request: import("../../vault-core/index.js").AgentGetRequestRequest): Promise<import("../../vault-core/index.js").AgentRequestResult>;
     agentGetRuntimeManifest(request: import("../../vault-core/index.js").AgentGetRuntimeManifestRequest): Promise<import("../../vault-core/index.js").AgentRuntimeManifest>;
-    agentSubmitCapabilityRequest(request: import("../../vault-core/index.js").AgentSubmitCapabilityRequestCommand): Promise<import("../../vault-core/index.js").CapabilityStateRecord>;
 }

package/dist/clients/agent/index.d.ts

@@ -1,3 +1,3 @@
 export { createAgentClient } from "./client.js";
 export type { AgentClient, CreateAgentClientOptions, AgentIdentity, } from "./client.js";
-export type { AgentCapabilityEnvelope, AgentDispatchIntent, AgentDispatchTransport, AgentSigner, AgentSubmitCapabilityRequestInput, AgentVisibleSecretRecord, } from "./contracts.js";
+export type { AgentDispatchIntent, AgentDispatchTransport, AgentSigner, AgentVisibleSecretRecord, AgentVisibleRequestRecord, } from "./contracts.js";

package/dist/clients/owner/client.d.ts

@@ -1,102 +1,2 @@
-import { type CreatedIdentity } from "../../runtime/identity.js";
-import { type Clock } from "../../vault-core/index.js";
-import type { VaultService } from "../../vault-ingress/index.js";
-import type { VaultAuditQueryInput, VaultExportSecretInput, VaultReadSecretPlaintextInput, VaultReadAgentPrivateKeyInput, OwnerGrantCapabilityInput, VaultRegisterFlowInput, VaultImportAgentInput, VaultCreateAgentInput, OwnerAgentProvisionResult, OwnerCreateSecretInput, OwnerUpdateSecretInput, OwnerRemoveSecretInput, VaultUpdateAgentInput, VaultListAgentsInput, VaultListCapabilitiesInput, VaultListRequestsInput, VaultGetRequestInput, VaultListCapabilityStatesInput, VaultListSecretsInput, VaultRevokeCapabilityInput, VaultIssueSessionTokenInput, VaultRevokeSessionTokenInput, VaultSubmitCapabilityRequestInput, VaultApproveCapabilityRequestInput, OwnerSensitiveActionConfirmation, OwnerSensitiveActionContext } from "./contracts.js";
-export interface VaultIdentity {
-    identityId: string;
-}
-export interface VaultSigner {
-    sign(input: string): Promise<string>;
-}
-/**
- * A client for vault owners to manage secrets, agents, and capabilities.
- * In Sovereign Vault model, administrative actions are implicitly authorized by the working key.
- */
-export interface VaultClient {
-    /**
-     * Inserts a new active secret into the vault.
-     */
-    ownerCreateSecret(input: OwnerCreateSecretInput): Promise<import("../../vault-core/index.js").SecretRecord>;
-    /**
-     * Inserts a new successor secret and marks the previous active version as superseded.
-     */
-    ownerUpdateSecret(input: OwnerUpdateSecretInput): Promise<import("../../vault-core/index.js").SecretRecord>;
-    /**
-     * Exports a secret's plaintext.
-     */
-    ownerExportSecret(input: VaultExportSecretInput): Promise<import("../../vault-core/index.js").OwnerSecretExport>;
-    ownerReadSecretPlaintext(input: VaultReadSecretPlaintextInput): Promise<string>;
-    ownerReadAgentPrivateKey(input: VaultReadAgentPrivateKeyInput): Promise<string>;
-    /**
-     * Grants a specific capability to an agent.
-     */
-    ownerGrantCapability(input: OwnerGrantCapabilityInput): Promise<import("../../vault-core/index.js").AgentCapability>;
-    /**
-     * Reads the tamper-evident audit log for the vault.
-     */
-    ownerReadAudit(query?: VaultAuditQueryInput): Promise<readonly import("../../vault-core/index.js").AuditEntry[]>;
-    ownerImportAgent(input: VaultImportAgentInput): Promise<OwnerAgentProvisionResult>;
-    /**
-     * Generates a new identity and registers it as an agent in one step.
-     * The private key is stored in the vault for managed custody.
-     */
-    ownerCreateAgent(input: VaultCreateAgentInput): Promise<OwnerAgentProvisionResult>;
-    ownerUpdateAgent(input: VaultUpdateAgentInput): Promise<import("../../vault-core/index.js").AgentIdentityRecord>;
-    /**
-     * Registers a reusable HTTP request template for complex secret exchange patterns.
-     */
-    ownerRegisterFlow(input: VaultRegisterFlowInput): Promise<import("../../vault-core/index.js").CustomHttpFlowDefinition>;
-    /**
-     * Logically removes the current active secret.
-     */
-    ownerRemoveSecret(input: OwnerRemoveSecretInput): Promise<void>;
-    /**
-     * Lists all agents registered in the vault.
-     */
-    ownerListAgents(input?: VaultListAgentsInput): Promise<readonly import("../../vault-core/index.js").AgentIdentityRecord[]>;
-    /**
-     * Lists all active capabilities granted to agents.
-     */
-    ownerListCapabilities(input?: VaultListCapabilitiesInput): Promise<readonly import("../../vault-core/index.js").AgentCapability[]>;
-    ownerListRequests(input?: VaultListRequestsInput): Promise<readonly import("../../vault-core/index.js").OwnerVisibleRequestRecord[]>;
-    ownerGetRequest(input: VaultGetRequestInput): Promise<import("../../vault-core/index.js").OwnerRequestRecord>;
-    ownerListCapabilityStates(input?: VaultListCapabilityStatesInput): Promise<readonly import("../../vault-core/index.js").CapabilityStateRecord[]>;
-    ownerListSecrets(input?: VaultListSecretsInput): Promise<readonly import("../../vault-core/index.js").AgentVisibleSecretRecord[]>;
-    /**
-     * Revokes a previously granted capability.
-     */
-    ownerRevokeCapability(input: VaultRevokeCapabilityInput): Promise<void>;
-    ownerIssueSessionToken(input: VaultIssueSessionTokenInput): Promise<import("../../vault-core/index.js").OwnerSessionToken>;
-    ownerIssueAllSessionTokens(): Promise<readonly import("../../vault-core/index.js").OwnerSessionToken[]>;
-    ownerRevokeSessionToken(input: VaultRevokeSessionTokenInput): Promise<void>;
-    ownerSubmitCapabilityRequest(input: VaultSubmitCapabilityRequestInput): Promise<import("../../vault-core/index.js").CapabilityStateRecord>;
-    ownerApproveCapabilityRead(input: VaultApproveCapabilityRequestInput): Promise<import("../../vault-core/index.js").CapabilityStateRecord>;
-    ownerAllowOnce(input: VaultApproveCapabilityRequestInput): Promise<import("../../vault-core/index.js").DispatchResult>;
-    ownerAllowAlways(input: VaultApproveCapabilityRequestInput): Promise<import("../../vault-core/index.js").DispatchResult>;
-    ownerDeny(requestId: string): Promise<import("../../vault-core/index.js").CapabilityStateRecord>;
-    ownerOnCapabilityState(callback: (record: import("../../vault-core/index.js").CapabilityStateRecord) => void): () => void;
-}
-export interface CreateVaultClientOptions {
-    vault: VaultService;
-    ownerIdentity?: CreatedIdentity | VaultIdentity;
-    signer?: VaultSigner;
-    clock?: Clock;
-    skipWarmup?: boolean;
-    passwordVerifier?: (password: string) => Promise<boolean> | boolean;
-    sensitiveActionVerifier?: (confirmation: OwnerSensitiveActionConfirmation, context: OwnerSensitiveActionContext) => Promise<boolean> | boolean;
-}
-/**
- * Creates a {@link VaultClient} instance for a specific vault owner.
- *
- * @param options - Configuration including optional owner identity and the vault service.
- * @returns An initialized {@link VaultClient}.
- *
- * @example
- * ```ts
- * const client = createVaultClient({
- *   ownerIdentity,
- *   vault
- * });
- * ```
- */
-export declare function createVaultClient(options: CreateVaultClientOptions): VaultClient;
+import type { OwnerClient, CreateOwnerClientOptions } from "./contracts.js";
+export declare function createOwnerClient(options: CreateOwnerClientOptions): Promise<OwnerClient>;