@the-ai-company/cbio-node-runtime 1.63.2 → 1.63.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (227) hide show
  1. package/README.md +48 -209
  2. package/dist/clients/agent/client.d.ts +18 -40
  3. package/dist/clients/agent/client.js +22 -109
  4. package/dist/clients/agent/client.js.map +1 -1
  5. package/dist/clients/agent/contracts.d.ts +1 -8
  6. package/dist/clients/agent/index.d.ts +1 -1
  7. package/dist/clients/owner/client.d.ts +2 -102
  8. package/dist/clients/owner/client.js +119 -240
  9. package/dist/clients/owner/client.js.map +1 -1
  10. package/dist/clients/owner/contracts.d.ts +37 -70
  11. package/dist/clients/owner/index.d.ts +2 -4
  12. package/dist/clients/owner/index.js +1 -2
  13. package/dist/clients/owner/index.js.map +1 -1
  14. package/dist/internal/id-factory.d.ts +0 -2
  15. package/dist/internal/id-factory.js +0 -6
  16. package/dist/internal/id-factory.js.map +1 -1
  17. package/dist/protocol/identity.d.ts +1 -1
  18. package/dist/protocol/identity.js +3 -3
  19. package/dist/protocol/identity.js.map +1 -1
  20. package/dist/public-types.d.ts +5 -0
  21. package/dist/public-types.js +2 -0
  22. package/dist/public-types.js.map +1 -0
  23. package/dist/runtime/bootstrap.js.map +1 -1
  24. package/dist/runtime/identity.d.ts +2 -2
  25. package/dist/runtime/identity.js +3 -5
  26. package/dist/runtime/identity.js.map +1 -1
  27. package/dist/runtime/index.d.ts +10 -11
  28. package/dist/runtime/index.js +7 -8
  29. package/dist/runtime/index.js.map +1 -1
  30. package/dist/runtime/owner-session.d.ts +7 -6
  31. package/dist/runtime/owner-session.js +5 -6
  32. package/dist/runtime/owner-session.js.map +1 -1
  33. package/dist/storage/fs.d.ts +3 -2
  34. package/dist/storage/fs.js +8 -5
  35. package/dist/storage/fs.js.map +1 -1
  36. package/dist/storage/prefix.d.ts +1 -0
  37. package/dist/storage/prefix.js +7 -0
  38. package/dist/storage/prefix.js.map +1 -1
  39. package/dist/storage/provider.d.ts +2 -0
  40. package/dist/vault-core/contracts.d.ts +112 -193
  41. package/dist/vault-core/contracts.js +5 -8
  42. package/dist/vault-core/contracts.js.map +1 -1
  43. package/dist/vault-core/core.d.ts +127 -62
  44. package/dist/vault-core/core.js +500 -1182
  45. package/dist/vault-core/core.js.map +1 -1
  46. package/dist/vault-core/defaults.d.ts +26 -42
  47. package/dist/vault-core/defaults.js +73 -229
  48. package/dist/vault-core/defaults.js.map +1 -1
  49. package/dist/vault-core/errors.d.ts +3 -2
  50. package/dist/vault-core/errors.js.map +1 -1
  51. package/dist/vault-core/index.d.ts +5 -5
  52. package/dist/vault-core/index.js +2 -2
  53. package/dist/vault-core/index.js.map +1 -1
  54. package/dist/vault-core/persistence.d.ts +78 -118
  55. package/dist/vault-core/persistence.js +329 -421
  56. package/dist/vault-core/persistence.js.map +1 -1
  57. package/dist/vault-core/ports.d.ts +19 -24
  58. package/dist/vault-core/read-policy.d.ts +3 -2
  59. package/dist/vault-core/read-policy.js.map +1 -1
  60. package/dist/vault-core/tool-metadata.js +2 -2
  61. package/dist/vault-core/tool-metadata.js.map +1 -1
  62. package/dist/vault-ingress/defaults.d.ts +4 -2
  63. package/dist/vault-ingress/defaults.js +14 -8
  64. package/dist/vault-ingress/defaults.js.map +1 -1
  65. package/dist/vault-ingress/index.d.ts +43 -117
  66. package/dist/vault-ingress/index.js +98 -453
  67. package/dist/vault-ingress/index.js.map +1 -1
  68. package/dist/vault-ingress/remote-transport.d.ts +5 -3
  69. package/dist/vault-ingress/remote-transport.js +8 -28
  70. package/dist/vault-ingress/remote-transport.js.map +1 -1
  71. package/docs/ARCHITECTURE.md +39 -22
  72. package/docs/CUSTODY_MODEL.md +1 -1
  73. package/docs/IDENTITY_MODEL.md +5 -5
  74. package/docs/MIGRATION-1.51.md +19 -19
  75. package/docs/MIGRATION-1.65.md +61 -0
  76. package/docs/PROCESS_ISOLATION.md +2 -2
  77. package/docs/REFERENCE.md +42 -200
  78. package/docs/api/README.md +50 -22
  79. package/docs/api/classes/IdentityError.md +1 -1
  80. package/docs/api/classes/OwnerClientError.md +1 -1
  81. package/docs/api/classes/PersistentVaultAgentIdentityRegistry.md +89 -0
  82. package/docs/api/classes/PersistentVaultAgentSecretGrantRegistry.md +125 -0
  83. package/docs/api/classes/PersistentVaultAuditLog.md +65 -0
  84. package/docs/api/classes/PersistentVaultCustomHttpFlowRegistry.md +69 -0
  85. package/docs/api/classes/PersistentVaultSecretCustody.md +93 -0
  86. package/docs/api/classes/PersistentVaultSecretDestinationGrantRegistry.md +125 -0
  87. package/docs/api/classes/PersistentVaultSecretRepository.md +127 -0
  88. package/docs/api/classes/VaultCore.md +299 -214
  89. package/docs/api/classes/VaultCoreError.md +3 -3
  90. package/docs/api/enumerations/AuditAction.md +143 -0
  91. package/docs/api/enumerations/AuditOutcome.md +35 -0
  92. package/docs/api/enumerations/DispatchStatus.md +35 -0
  93. package/docs/api/enumerations/IdentityErrorCode.md +1 -1
  94. package/docs/api/enumerations/OwnerClientErrorCode.md +1 -1
  95. package/docs/api/functions/createAgentClient.md +1 -15
  96. package/docs/api/functions/createIdentity.md +2 -2
  97. package/docs/api/functions/createOwnerClient.md +17 -0
  98. package/docs/api/functions/createOwnerSession.md +1 -1
  99. package/docs/api/functions/createPersistentVaultCoreDependencies.md +4 -4
  100. package/docs/api/functions/createVault.md +1 -1
  101. package/docs/api/functions/createVaultCore.md +1 -1
  102. package/docs/api/functions/createVaultCoreDependencies.md +1 -1
  103. package/docs/api/functions/createVaultService.md +5 -9
  104. package/docs/api/functions/createWorkspaceStorage.md +1 -1
  105. package/docs/api/functions/deriveRootAgentId.md +17 -0
  106. package/docs/api/functions/deriveVaultWorkingKeyFromPassword.md +1 -1
  107. package/docs/api/functions/getDefaultWorkspaceDir.md +1 -1
  108. package/docs/api/functions/handleVaultAgentControlHttp.md +2 -2
  109. package/docs/api/functions/handleVaultHttpDispatch.md +2 -2
  110. package/docs/api/functions/initializeVaultCustody.md +7 -3
  111. package/docs/api/functions/listVaults.md +1 -1
  112. package/docs/api/functions/readVaultProfile.md +1 -1
  113. package/docs/api/functions/recoverVault.md +1 -1
  114. package/docs/api/functions/recoverVaultWorkingKey.md +4 -8
  115. package/docs/api/functions/restoreIdentity.md +1 -1
  116. package/docs/api/functions/updateVaultMetadata.md +1 -1
  117. package/docs/api/functions/writeVaultProfile.md +1 -1
  118. package/docs/api/interfaces/AgentClient.md +20 -59
  119. package/docs/api/interfaces/AgentDispatchIntent.md +1 -1
  120. package/docs/api/interfaces/AgentDispatchTransport.md +12 -44
  121. package/docs/api/interfaces/AgentIdentity.md +3 -3
  122. package/docs/api/interfaces/AgentIdentityRecord.md +47 -0
  123. package/docs/api/interfaces/AgentRequestResult.md +35 -0
  124. package/docs/api/interfaces/AgentRuntimeManifest.md +55 -0
  125. package/docs/api/interfaces/AgentSecretGrant.md +41 -0
  126. package/docs/api/interfaces/AgentSigner.md +1 -1
  127. package/docs/api/interfaces/AgentVisibleRequestRecord.md +53 -0
  128. package/docs/api/interfaces/AgentVisibleSecretRecord.md +65 -0
  129. package/docs/api/interfaces/AuditEntry.md +83 -0
  130. package/docs/api/interfaces/CbioRuntime.md +13 -150
  131. package/docs/api/interfaces/CreateAgentClientOptions.md +4 -10
  132. package/docs/api/interfaces/CreateIdentityOptions.md +1 -1
  133. package/docs/api/interfaces/{CreateVaultClientOptions.md → CreateOwnerClientOptions.md} +9 -11
  134. package/docs/api/interfaces/CreateOwnerSessionOptions.md +3 -117
  135. package/docs/api/interfaces/CreatePersistentVaultCoreDependenciesOptions.md +3 -131
  136. package/docs/api/interfaces/CreateVaultOptions.md +1 -121
  137. package/docs/api/interfaces/CreatedVault.md +2 -2
  138. package/docs/api/interfaces/CustomHttpFlowDefinition.md +71 -0
  139. package/docs/api/interfaces/DefaultPolicyEngineOptions.md +1 -13
  140. package/docs/api/interfaces/DispatchAuthorization.md +43 -0
  141. package/docs/api/interfaces/DispatchInstruction.md +47 -0
  142. package/docs/api/interfaces/DispatchRequest.md +83 -0
  143. package/docs/api/interfaces/DispatchResult.md +53 -0
  144. package/docs/api/interfaces/IStorageProvider.md +13 -1
  145. package/docs/api/interfaces/InitializeVaultCustodyOptions.md +31 -11
  146. package/docs/api/interfaces/InitializedVaultCustody.md +1 -7
  147. package/docs/api/interfaces/OwnerAgentProvisionResult.md +2 -2
  148. package/docs/api/interfaces/OwnerClient.md +417 -0
  149. package/docs/api/interfaces/OwnerCreateSecretInput.md +1 -1
  150. package/docs/api/interfaces/OwnerRemoveSecretInput.md +1 -1
  151. package/docs/api/interfaces/OwnerRequestRecord.md +97 -0
  152. package/docs/api/interfaces/OwnerSensitiveActionConfirmation.md +1 -1
  153. package/docs/api/interfaces/OwnerSensitiveActionContext.md +1 -1
  154. package/docs/api/interfaces/OwnerSession.md +3 -3
  155. package/docs/api/interfaces/OwnerUpdateSecretInput.md +1 -1
  156. package/docs/api/interfaces/OwnerVisibleRequestRecord.md +73 -0
  157. package/docs/api/interfaces/RecoverVaultOptions.md +1 -121
  158. package/docs/api/interfaces/RecoveredVault.md +2 -2
  159. package/docs/api/interfaces/RequestRecord.md +107 -0
  160. package/docs/api/interfaces/RestoreIdentityOptions.md +1 -1
  161. package/docs/api/interfaces/SecretAlias.md +11 -0
  162. package/docs/api/interfaces/SecretDestinationGrant.md +41 -0
  163. package/docs/api/interfaces/SecretId.md +11 -0
  164. package/docs/api/interfaces/SecretRecord.md +89 -0
  165. package/docs/api/interfaces/Signer.md +1 -1
  166. package/docs/api/interfaces/VaultApproveDispatchInput.md +3 -9
  167. package/docs/api/interfaces/VaultAuditQueryInput.md +1 -1
  168. package/docs/api/interfaces/VaultCoreDependenciesOptions.md +1 -5
  169. package/docs/api/interfaces/VaultCreateAgentInput.md +1 -1
  170. package/docs/api/interfaces/VaultExportSecretInput.md +1 -1
  171. package/docs/api/interfaces/VaultGetRequestInput.md +17 -0
  172. package/docs/api/interfaces/VaultGrantAgentSecretInput.md +23 -0
  173. package/docs/api/interfaces/VaultGrantSecretDestinationInput.md +23 -0
  174. package/docs/api/interfaces/VaultId.md +11 -0
  175. package/docs/api/interfaces/VaultImportAgentInput.md +1 -1
  176. package/docs/api/interfaces/VaultIssueSessionTokenInput.md +5 -5
  177. package/docs/api/interfaces/VaultListAgentsInput.md +1 -1
  178. package/docs/api/interfaces/VaultListGrantsInput.md +23 -0
  179. package/docs/api/interfaces/VaultListRequestsInput.md +17 -0
  180. package/docs/api/interfaces/VaultListSecretsInput.md +1 -1
  181. package/docs/api/interfaces/VaultMetadata.md +1 -1
  182. package/docs/api/interfaces/VaultObject.md +2 -2
  183. package/docs/api/interfaces/VaultPrincipal.md +17 -0
  184. package/docs/api/interfaces/VaultProfile.md +1 -1
  185. package/docs/api/interfaces/VaultReadAgentPrivateKeyInput.md +7 -7
  186. package/docs/api/interfaces/VaultReadSecretPlaintextInput.md +1 -1
  187. package/docs/api/interfaces/VaultRegisterFlowInput.md +1 -1
  188. package/docs/api/interfaces/VaultRevokeAgentSecretInput.md +23 -0
  189. package/docs/api/interfaces/VaultRevokeSecretDestinationInput.md +23 -0
  190. package/docs/api/interfaces/VaultRevokeSessionTokenInput.md +1 -1
  191. package/docs/api/interfaces/VaultService.md +547 -0
  192. package/docs/api/interfaces/VaultUpdateAgentInput.md +7 -7
  193. package/docs/api/type-aliases/AgentId.md +7 -0
  194. package/docs/api/type-aliases/CbioRuntimeModule.md +1 -1
  195. package/docs/api/type-aliases/DispatchApprovalDecision.md +7 -0
  196. package/docs/api/type-aliases/GrantStatus.md +7 -0
  197. package/docs/api/type-aliases/SecretLifecycleStatus.md +7 -0
  198. package/docs/api/type-aliases/VaultPrincipalKind.md +7 -0
  199. package/docs/api/variables/DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY.md +2 -2
  200. package/docs/es/README.md +3 -3
  201. package/docs/fr/README.md +3 -3
  202. package/docs/ja/README.md +5 -5
  203. package/docs/ko/README.md +5 -5
  204. package/docs/pt/README.md +3 -3
  205. package/docs/zh/PROCESS_ISOLATION.md +2 -2
  206. package/docs/zh/README.md +24 -24
  207. package/examples/process-isolation.ts +26 -35
  208. package/package.json +3 -2
  209. package/docs/api/functions/createOwnerHttpFlowBoundary.md +0 -17
  210. package/docs/api/functions/createStandardAcquireBoundary.md +0 -31
  211. package/docs/api/functions/createStandardDispatchBoundary.md +0 -23
  212. package/docs/api/functions/createVaultClient.md +0 -32
  213. package/docs/api/functions/deriveIdentityId.md +0 -17
  214. package/docs/api/functions/wrapVaultCoreAsVaultService.md +0 -31
  215. package/docs/api/interfaces/AgentSubmitCapabilityRequestInput.md +0 -41
  216. package/docs/api/interfaces/VaultApproveCapabilityRequestInput.md +0 -23
  217. package/docs/api/interfaces/VaultClient.md +0 -473
  218. package/docs/api/interfaces/VaultGrantCapabilityInput.md +0 -79
  219. package/docs/api/interfaces/VaultGrantCapabilityRequest.md +0 -23
  220. package/docs/api/interfaces/VaultIdentity.md +0 -11
  221. package/docs/api/interfaces/VaultListCapabilitiesInput.md +0 -17
  222. package/docs/api/interfaces/VaultRevokeCapabilityInput.md +0 -23
  223. package/docs/api/interfaces/VaultSigner.md +0 -21
  224. package/docs/api/interfaces/VaultSubmitCapabilityRequestInput.md +0 -73
  225. package/docs/api/type-aliases/AgentCapabilityEnvelope.md +0 -7
  226. package/docs/api/type-aliases/AgentVisibleSecretRecord.md +0 -7
  227. package/docs/api/type-aliases/OwnerGrantCapabilityInput.md +0 -7
package/dist/vault-core/contracts.js CHANGED
@@ -11,13 +11,10 @@ export var AuditAction;
11
11
  AuditAction["REGISTER_AGENT_IDENTITY"] = "REGISTER_AGENT_IDENTITY";
12
12
  AuditAction["UPDATE_AGENT_IDENTITY"] = "UPDATE_AGENT_IDENTITY";
13
13
  AuditAction["REGISTER_CUSTOM_FLOW"] = "REGISTER_CUSTOM_FLOW";
14
- AuditAction["REGISTER_CAPABILITY"] = "REGISTER_CAPABILITY";
15
- AuditAction["SUBMIT_CAPABILITY_REQUEST"] = "SUBMIT_CAPABILITY_REQUEST";
16
- AuditAction["APPROVE_CAPABILITY_WRITE"] = "APPROVE_CAPABILITY_WRITE";
17
- AuditAction["APPROVE_CAPABILITY_READ"] = "APPROVE_CAPABILITY_READ";
18
- AuditAction["REJECT_CAPABILITY_WRITE"] = "REJECT_CAPABILITY_WRITE";
19
- AuditAction["REJECT_CAPABILITY_READ"] = "REJECT_CAPABILITY_READ";
20
- AuditAction["REVOKE_CAPABILITY"] = "REVOKE_CAPABILITY";
14
+ AuditAction["GRANT_AGENT_SECRET"] = "GRANT_AGENT_SECRET";
15
+ AuditAction["GRANT_SECRET_DESTINATION"] = "GRANT_SECRET_DESTINATION";
16
+ AuditAction["REVOKE_AGENT_SECRET"] = "REVOKE_AGENT_SECRET";
17
+ AuditAction["REVOKE_SECRET_DESTINATION"] = "REVOKE_SECRET_DESTINATION";
21
18
  AuditAction["WRITE_SECRET"] = "WRITE_SECRET";
22
19
  AuditAction["EXPORT_SECRET"] = "EXPORT_SECRET";
23
20
  AuditAction["REASSIGN_ALIAS"] = "REASSIGN_ALIAS";
@@ -25,7 +22,7 @@ export var AuditAction;
25
22
  AuditAction["AUTHORIZE_DISPATCH"] = "AUTHORIZE_DISPATCH";
26
23
  AuditAction["DISPATCH_SECRET"] = "DISPATCH_SECRET";
27
24
  AuditAction["LIST_AGENTS"] = "LIST_AGENTS";
28
- AuditAction["LIST_CAPABILITIES"] = "LIST_CAPABILITIES";
25
+ AuditAction["LIST_GRANTS"] = "LIST_GRANTS";
29
26
  AuditAction["LIST_REQUESTS"] = "LIST_REQUESTS";
30
27
  AuditAction["READ_REQUEST"] = "READ_REQUEST";
31
28
  AuditAction["READ_AUDIT"] = "READ_AUDIT";
package/dist/vault-core/contracts.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"contracts.js","sourceRoot":"","sources":["../../src/vault-core/contracts.ts"],"names":[],"mappings":"AAmiBA,MAAM,CAAN,IAAY,cAMX;AAND,WAAY,cAAc;IACxB,yCAAuB,CAAA;IACvB,mCAAiB,CAAA;IACjB,mCAAiB,CAAA;IACjB,qCAAmB,CAAA;IACnB,qCAAmB,CAAA;AACrB,CAAC,EANW,cAAc,KAAd,cAAc,QAMzB;AA4BD,MAAM,CAAN,IAAY,WA2BX;AA3BD,WAAY,WAAW;IACrB,kEAAmD,CAAA;IACnD,8DAA+C,CAAA;IAC/C,4DAA6C,CAAA;IAC7C,0DAA2C,CAAA;IAC3C,sEAAuD,CAAA;IACvD,oEAAqD,CAAA;IACrD,kEAAmD,CAAA;IACnD,kEAAmD,CAAA;IACnD,gEAAiD,CAAA;IACjD,sDAAuC,CAAA;IACvC,4CAA6B,CAAA;IAC7B,8CAA+B,CAAA;IAC/B,gDAAiC,CAAA;IACjC,8CAA+B,CAAA;IAC/B,wDAAyC,CAAA;IACzC,kDAAmC,CAAA;IACnC,0CAA2B,CAAA;IAC3B,sDAAuC,CAAA;IACvC,8CAA+B,CAAA;IAC/B,4CAA6B,CAAA;IAC7B,wCAAyB,CAAA;IACzB,0DAA2C,CAAA;IAC3C,4DAA6C,CAAA;IAC7C,oDAAqC,CAAA;IACrC,kDAAmC,CAAA;IACnC,gDAAiC,CAAA;AACnC,CAAC,EA3BW,WAAW,KAAX,WAAW,QA2BtB;AAED,MAAM,CAAN,IAAY,YAMX;AAND,WAAY,YAAY;IACtB,mCAAmB,CAAA;IACnB,iCAAiB,CAAA;IACjB,uCAAuB,CAAA;IACvB,iCAAiB,CAAA;IACjB,mCAAmB,CAAA;AACrB,CAAC,EANW,YAAY,KAAZ,YAAY,QAMvB"}
1
+ {"version":3,"file":"contracts.js","sourceRoot":"","sources":["../../src/vault-core/contracts.ts"],"names":[],"mappings":"AA8cA,MAAM,CAAN,IAAY,cAMX;AAND,WAAY,cAAc;IACxB,yCAAuB,CAAA;IACvB,mCAAiB,CAAA;IACjB,mCAAiB,CAAA;IACjB,qCAAmB,CAAA;IACnB,qCAAmB,CAAA;AACrB,CAAC,EANW,cAAc,KAAd,cAAc,QAMzB;AA6BD,MAAM,CAAN,IAAY,WAwBX;AAxBD,WAAY,WAAW;IACrB,kEAAmD,CAAA;IACnD,8DAA+C,CAAA;IAC/C,4DAA6C,CAAA;IAC7C,wDAAyC,CAAA;IACzC,oEAAqD,CAAA;IACrD,0DAA2C,CAAA;IAC3C,sEAAuD,CAAA;IACvD,4CAA6B,CAAA;IAC7B,8CAA+B,CAAA;IAC/B,gDAAiC,CAAA;IACjC,8CAA+B,CAAA;IAC/B,wDAAyC,CAAA;IACzC,kDAAmC,CAAA;IACnC,0CAA2B,CAAA;IAC3B,0CAA2B,CAAA;IAC3B,8CAA+B,CAAA;IAC/B,4CAA6B,CAAA;IAC7B,wCAAyB,CAAA;IACzB,0DAA2C,CAAA;IAC3C,4DAA6C,CAAA;IAC7C,oDAAqC,CAAA;IACrC,kDAAmC,CAAA;IACnC,gDAAiC,CAAA;AACnC,CAAC,EAxBW,WAAW,KAAX,WAAW,QAwBtB;AAED,MAAM,CAAN,IAAY,YAMX;AAND,WAAY,YAAY;IACtB,mCAAmB,CAAA;IACnB,iCAAiB,CAAA;IACjB,uCAAuB,CAAA;IACvB,iCAAiB,CAAA;IACjB,mCAAmB,CAAA;AACrB,CAAC,EANW,YAAY,KAAZ,YAAY,QAMvB"}
package/dist/vault-core/core.d.ts CHANGED
@@ -1,91 +1,156 @@
1
- import type { AgentListCapabilitiesRequest, AgentListSecretsRequest, AgentListRequestsRequest, AgentGetRequestRequest, AgentRequestResult, AgentGetRuntimeManifestRequest, AgentRuntimeManifest, AgentSubmitCapabilityRequestCommand, AgentVisibleRequestRecord, OwnerVisibleRequestRecord, OwnerRequestRecord, AgentVisibleSecretRecord, AuditEntry, AuditQuery, CustomHttpFlowDefinition, DispatchAuthorization, DispatchRequest, DispatchResult, OwnerAllowAlwaysCommand, OwnerAllowOnceCommand, OwnerIssueSessionTokenRequest, OwnerDenyCommand, OwnerCreateSecretCommand, OwnerDeleteSecretCommand, OwnerExportSecretRequest, OwnerRegisterAgentIdentityCommand, OwnerUpdateAgentIdentityCommand, OwnerRegisterCapabilityCommand, OwnerRegisterCustomHttpFlowCommand, OwnerRevokeCapabilityCommand, OwnerListAgentsRequest, OwnerListCapabilitiesRequest, OwnerListRequestsRequest, OwnerGetRequestRequest, OwnerListCapabilityStatesRequest, OwnerSecretExport, OwnerSessionToken, SecretRecord, SubmitCapabilityRequestCommand, VaultId, VaultPrincipal, VaultWriteSecretCommand, AgentIdentityRecord, AgentCapability, CapabilityStateRecord } from "./contracts.js";
1
+ import { type AgentIdentityRecord, type AgentRuntimeManifest, type AgentVisibleRequestRecord, type AgentVisibleSecretRecord, type AuditEntry, type AuditQuery, type CustomHttpFlowDefinition, type DispatchAuthorization, type DispatchRequest, type DispatchResult, type OwnerRequestRecord, type OwnerVisibleRequestRecord, type RequestRecord, type SecretRecord, type VaultId, type VaultPrincipal, type AgentSecretGrant, type SecretDestinationGrant, type DispatchApprovalDecision, type OwnerCreateSecretCommand, type OwnerUpdateSecretCommand } from "./contracts.js";
2
2
  import type { VaultCoreDependencies } from "./ports.js";
3
- /**
4
- * The Sovereign Vault Core.
5
- * This is the primary implementation of the Vault logic.
6
- */
7
3
  export declare class VaultCore {
8
4
  private readonly _deps;
9
- private readonly _capabilityStateObservers;
10
- constructor(_deps: VaultCoreDependencies);
11
- private _assertOwnerPrincipal;
12
- private _stateToGrantedCapability;
13
- private _buildAgentCapabilityStates;
14
- private _isExecutablePendingState;
15
- private _resolveRequestState;
16
- private _executePendingCapabilityState;
5
+ constructor(deps: VaultCoreDependencies);
17
6
  get vaultId(): VaultId;
7
+ private _assertOwnerPrincipal;
18
8
  private _appendAudit;
19
- private _appendDecisionAudit;
20
9
  private _verifyAgentControlProof;
21
- private _listVisibleSecretsForAgent;
22
- private _recordRequestExecution;
23
- private toVisibleRequestRecord;
24
- private toOwnerVisibleRequestRecord;
25
- private toOwnerRequestRecord;
26
- ownerOnCapabilityState(callback: (record: CapabilityStateRecord) => void): () => void;
27
- ownerRegisterAgentIdentity(command: OwnerRegisterAgentIdentityCommand): Promise<void>;
28
- ownerUpdateAgentIdentity(command: OwnerUpdateAgentIdentityCommand): Promise<AgentIdentityRecord>;
29
- ownerRegisterCapability(command: OwnerRegisterCapabilityCommand): Promise<void>;
30
- ownerSubmitCapabilityRequest(command: SubmitCapabilityRequestCommand): Promise<CapabilityStateRecord>;
31
- _getCapability(vaultId: import("./contracts.js").VaultId, agentId: string, capabilityId: string): Promise<AgentCapability | null>;
32
- ownerRegisterCustomFlow(command: OwnerRegisterCustomHttpFlowCommand): Promise<void>;
33
- _storeCustomFlowSecret(flow: CustomHttpFlowDefinition, alias: string, plaintext: string): Promise<SecretRecord>;
34
- private _getActiveSecretByAlias;
35
- private _persistNewSecretRecord;
36
- ownerCreateSecret(command: OwnerCreateSecretCommand): Promise<SecretRecord>;
37
- ownerUpdateSecret(command: import("./contracts.js").OwnerUpdateSecretCommand): Promise<SecretRecord>;
38
- ownerWriteSecret(command: VaultWriteSecretCommand): Promise<SecretRecord>;
39
- ownerRemoveSecret(command: OwnerDeleteSecretCommand): Promise<void>;
40
- ownerDeleteSecret(command: OwnerDeleteSecretCommand): Promise<void>;
10
+ ownerGrantAgentSecret(actor: VaultPrincipal & {
11
+ kind: "owner";
12
+ }, rootAgentId: string, secretAlias: string, request?: {
13
+ requestId?: string;
14
+ }): Promise<AgentSecretGrant>;
15
+ ownerGrantSecretDestination(actor: VaultPrincipal & {
16
+ kind: "owner";
17
+ }, secretAlias: string, domain: string, request?: {
18
+ requestId?: string;
19
+ }): Promise<SecretDestinationGrant>;
20
+ ownerRevokeAgentSecret(actor: VaultPrincipal & {
21
+ kind: "owner";
22
+ }, rootAgentId: string, secretAlias: string, request?: {
23
+ requestId?: string;
24
+ }): Promise<void>;
25
+ ownerRevokeSecretDestination(actor: VaultPrincipal & {
26
+ kind: "owner";
27
+ }, secretAlias: string, domain: string, request?: {
28
+ requestId?: string;
29
+ }): Promise<void>;
30
+ ownerListGrants(actor: VaultPrincipal & {
31
+ kind: "owner";
32
+ }, rootAgentId?: string, secretAlias?: string): Promise<{
33
+ agentSecrets: readonly AgentSecretGrant[];
34
+ secretDestinations: readonly SecretDestinationGrant[];
35
+ }>;
41
36
  agentAuthorizeDispatch(request: DispatchRequest): Promise<DispatchAuthorization>;
42
37
  agentDispatchSecret(request: DispatchRequest): Promise<DispatchResult>;
38
+ ownerApproveDispatch(actor: VaultPrincipal & {
39
+ kind: "owner";
40
+ }, requestId: string, decision: DispatchApprovalDecision): Promise<DispatchResult | null>;
41
+ agentGetRuntimeManifest(command: {
42
+ agent: VaultPrincipal & {
43
+ kind: "agent";
44
+ };
45
+ proof: any;
46
+ requestId: string;
47
+ requestedAt: string;
48
+ }): Promise<AgentRuntimeManifest>;
49
+ agentListSecrets(command: {
50
+ agent: VaultPrincipal & {
51
+ kind: "agent";
52
+ };
53
+ proof: any;
54
+ requestId: string;
55
+ requestedAt: string;
56
+ }): Promise<readonly AgentVisibleSecretRecord[]>;
57
+ agentListRequests(command: {
58
+ agent: VaultPrincipal & {
59
+ kind: "agent";
60
+ };
61
+ proof: any;
62
+ requestId: string;
63
+ requestedAt: string;
64
+ }): Promise<readonly AgentVisibleRequestRecord[]>;
65
+ agentGetRequest(command: {
66
+ agent: VaultPrincipal & {
67
+ kind: "agent";
68
+ };
69
+ proof: any;
70
+ requestId: string;
71
+ requestedAt: string;
72
+ targetRequestId: string;
73
+ }): Promise<any>;
74
+ ownerRegisterAgentIdentity(command: {
75
+ vaultId: VaultId;
76
+ requestId: string;
77
+ owner: VaultPrincipal;
78
+ agentRecord: AgentIdentityRecord;
79
+ requestedAt: string;
80
+ }): Promise<void>;
81
+ ownerUpdateAgentIdentity(command: {
82
+ vaultId: VaultId;
83
+ requestId: string;
84
+ owner: VaultPrincipal;
85
+ rootAgentId: string;
86
+ nickname?: string;
87
+ metadata?: Record<string, any>;
88
+ requestedAt: string;
89
+ }): Promise<AgentIdentityRecord>;
90
+ ownerCreateSecret(command: OwnerCreateSecretCommand): Promise<SecretRecord>;
91
+ ownerUpdateSecret(command: OwnerUpdateSecretCommand): Promise<SecretRecord>;
92
+ ownerRemoveSecret(command: {
93
+ kind: "owner.remove_secret";
94
+ vaultId: VaultId;
95
+ requestId: string;
96
+ owner: VaultPrincipal;
97
+ alias: string;
98
+ requestedAt: string;
99
+ }): Promise<void>;
100
+ ownerWriteSecret(command: any): Promise<SecretRecord>;
43
101
  ownerReadAudit(actor: VaultPrincipal & {
44
102
  kind: "owner";
45
- }, query: AuditQuery, request?: Omit<import("./contracts.js").OwnerAuditRequest, "actor" | "query" | "vaultId">): Promise<readonly AuditEntry[]>;
103
+ }, query: AuditQuery): Promise<readonly AuditEntry[]>;
46
104
  ownerExportSecret(actor: VaultPrincipal & {
47
105
  kind: "owner";
48
- }, alias: string, request?: Omit<OwnerExportSecretRequest, "actor" | "alias" | "vaultId">): Promise<OwnerSecretExport>;
49
- private isCapabilityMatch;
106
+ }, alias: string): Promise<any>;
50
107
  ownerListAgents(actor: VaultPrincipal & {
51
108
  kind: "owner";
52
- }, request?: Omit<OwnerListAgentsRequest, "actor" | "vaultId">): Promise<readonly AgentIdentityRecord[]>;
53
- ownerListCapabilities(actor: VaultPrincipal & {
54
- kind: "owner";
55
- }, agentId?: string, request?: Omit<OwnerListCapabilitiesRequest, "actor" | "agentId" | "vaultId">): Promise<readonly AgentCapability[]>;
109
+ }): Promise<readonly AgentIdentityRecord[]>;
56
110
  ownerListRequests(actor: VaultPrincipal & {
57
111
  kind: "owner";
58
- }, agentId?: string, request?: Omit<OwnerListRequestsRequest, "actor" | "agentId" | "vaultId">): Promise<readonly OwnerVisibleRequestRecord[]>;
112
+ }, rootAgentId?: string): Promise<readonly OwnerVisibleRequestRecord[]>;
59
113
  ownerGetRequest(actor: VaultPrincipal & {
60
114
  kind: "owner";
61
- }, targetRequestId: string, request?: Omit<OwnerGetRequestRequest, "actor" | "targetRequestId" | "vaultId">): Promise<OwnerRequestRecord>;
115
+ }, requestId: string): Promise<OwnerRequestRecord>;
62
116
  ownerListSecrets(actor: VaultPrincipal & {
63
117
  kind: "owner";
64
- }, request?: {
65
- requestId?: string;
66
118
  }): Promise<readonly AgentVisibleSecretRecord[]>;
67
- agentListCapabilities(request: AgentListCapabilitiesRequest): Promise<readonly import("./contracts.js").AgentCapabilityState[]>;
68
- agentListSecrets(request: AgentListSecretsRequest): Promise<readonly AgentVisibleSecretRecord[]>;
69
- agentListRequests(request: AgentListRequestsRequest): Promise<readonly AgentVisibleRequestRecord[]>;
70
- agentGetRequest(request: AgentGetRequestRequest): Promise<AgentRequestResult>;
71
- agentGetRuntimeManifest(command: AgentGetRuntimeManifestRequest): Promise<AgentRuntimeManifest>;
72
- agentSubmitCapabilityRequest(command: AgentSubmitCapabilityRequestCommand): Promise<CapabilityStateRecord>;
73
- ownerRevokeCapability(command: OwnerRevokeCapabilityCommand): Promise<void>;
74
- ownerIssueSessionToken(request: OwnerIssueSessionTokenRequest): Promise<OwnerSessionToken>;
119
+ ownerIssueSessionToken(request: {
120
+ vaultId: VaultId;
121
+ actor: VaultPrincipal;
122
+ rootAgentId: string;
123
+ }): Promise<{
124
+ token: string;
125
+ rootAgentId: string;
126
+ issuedAt: string;
127
+ }>;
75
128
  ownerIssueAllAgentSessionTokens(actor: VaultPrincipal & {
76
129
  kind: "owner";
77
- }): Promise<OwnerSessionToken[]>;
130
+ }): Promise<{
131
+ token: string;
132
+ rootAgentId: string;
133
+ issuedAt: string;
134
+ }[]>;
78
135
  ownerRevokeSessionToken(request: {
79
136
  vaultId: VaultId;
80
- actor: VaultPrincipal & {
81
- kind: "owner";
82
- };
137
+ actor: VaultPrincipal;
83
138
  token: string;
84
139
  }): Promise<void>;
85
- ownerListCapabilityStates(command: OwnerListCapabilityStatesRequest): Promise<readonly CapabilityStateRecord[]>;
86
- ownerApproveCapabilityRead(command: import("./contracts.js").OwnerApproveCapabilityReadCommand): Promise<CapabilityStateRecord>;
87
- ownerAllowOnce(command: OwnerAllowOnceCommand): Promise<DispatchResult>;
88
- ownerAllowAlways(command: OwnerAllowAlwaysCommand): Promise<DispatchResult>;
89
- ownerDeny(command: OwnerDenyCommand): Promise<CapabilityStateRecord>;
140
+ ownerRegisterCustomFlow(command: {
141
+ vaultId: VaultId;
142
+ requestId: string;
143
+ owner: VaultPrincipal;
144
+ flow: any;
145
+ requestedAt: string;
146
+ }): Promise<void>;
147
+ _storeCustomFlowSecret(flow: CustomHttpFlowDefinition, alias: string, plaintext: string): Promise<void>;
148
+ private readonly _requestObservers;
149
+ ownerOnPendingDispatch(callback: (record: RequestRecord) => void): () => void;
150
+ ownerOnGrantState(callback: (record: any) => void): () => void;
151
+ private _recordRequestInternal;
152
+ private toAgentVisibleRequestRecord;
153
+ private toOwnerVisibleRequestRecord;
154
+ private toOwnerRequestRecord;
90
155
  }
91
156
  export declare function createVaultCore(deps: VaultCoreDependencies): VaultCore;