@the-ai-company/cbio-node-runtime 1.63.3 → 1.63.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (234) hide show
  1. package/README.md +48 -209
  2. package/dist/clients/agent/client.d.ts +18 -40
  3. package/dist/clients/agent/client.js +22 -109
  4. package/dist/clients/agent/client.js.map +1 -1
  5. package/dist/clients/agent/contracts.d.ts +1 -8
  6. package/dist/clients/agent/index.d.ts +1 -1
  7. package/dist/clients/owner/client.d.ts +2 -102
  8. package/dist/clients/owner/client.js +119 -240
  9. package/dist/clients/owner/client.js.map +1 -1
  10. package/dist/clients/owner/contracts.d.ts +37 -70
  11. package/dist/clients/owner/index.d.ts +2 -4
  12. package/dist/clients/owner/index.js +1 -2
  13. package/dist/clients/owner/index.js.map +1 -1
  14. package/dist/internal/id-factory.d.ts +0 -2
  15. package/dist/internal/id-factory.js +0 -6
  16. package/dist/internal/id-factory.js.map +1 -1
  17. package/dist/protocol/identity.d.ts +1 -1
  18. package/dist/protocol/identity.js +3 -3
  19. package/dist/protocol/identity.js.map +1 -1
  20. package/dist/public-types.d.ts +5 -14
  21. package/dist/public-types.js +1 -8
  22. package/dist/public-types.js.map +1 -1
  23. package/dist/runtime/bootstrap.js.map +1 -1
  24. package/dist/runtime/identity.d.ts +2 -2
  25. package/dist/runtime/identity.js +3 -5
  26. package/dist/runtime/identity.js.map +1 -1
  27. package/dist/runtime/index.d.ts +10 -12
  28. package/dist/runtime/index.js +7 -8
  29. package/dist/runtime/index.js.map +1 -1
  30. package/dist/runtime/owner-session.d.ts +7 -6
  31. package/dist/runtime/owner-session.js +5 -6
  32. package/dist/runtime/owner-session.js.map +1 -1
  33. package/dist/storage/fs.d.ts +3 -2
  34. package/dist/storage/fs.js +8 -5
  35. package/dist/storage/fs.js.map +1 -1
  36. package/dist/storage/prefix.d.ts +1 -0
  37. package/dist/storage/prefix.js +7 -0
  38. package/dist/storage/prefix.js.map +1 -1
  39. package/dist/storage/provider.d.ts +2 -0
  40. package/dist/vault-core/contracts.d.ts +112 -193
  41. package/dist/vault-core/contracts.js +5 -8
  42. package/dist/vault-core/contracts.js.map +1 -1
  43. package/dist/vault-core/core.d.ts +127 -62
  44. package/dist/vault-core/core.js +500 -1182
  45. package/dist/vault-core/core.js.map +1 -1
  46. package/dist/vault-core/defaults.d.ts +26 -42
  47. package/dist/vault-core/defaults.js +73 -229
  48. package/dist/vault-core/defaults.js.map +1 -1
  49. package/dist/vault-core/errors.d.ts +3 -2
  50. package/dist/vault-core/errors.js.map +1 -1
  51. package/dist/vault-core/index.d.ts +5 -5
  52. package/dist/vault-core/index.js +2 -2
  53. package/dist/vault-core/index.js.map +1 -1
  54. package/dist/vault-core/persistence.d.ts +78 -118
  55. package/dist/vault-core/persistence.js +329 -421
  56. package/dist/vault-core/persistence.js.map +1 -1
  57. package/dist/vault-core/ports.d.ts +19 -24
  58. package/dist/vault-core/read-policy.d.ts +3 -2
  59. package/dist/vault-core/read-policy.js.map +1 -1
  60. package/dist/vault-core/tool-metadata.js +2 -2
  61. package/dist/vault-core/tool-metadata.js.map +1 -1
  62. package/dist/vault-ingress/defaults.d.ts +4 -2
  63. package/dist/vault-ingress/defaults.js +14 -8
  64. package/dist/vault-ingress/defaults.js.map +1 -1
  65. package/dist/vault-ingress/index.d.ts +43 -117
  66. package/dist/vault-ingress/index.js +98 -453
  67. package/dist/vault-ingress/index.js.map +1 -1
  68. package/dist/vault-ingress/remote-transport.d.ts +5 -3
  69. package/dist/vault-ingress/remote-transport.js +8 -28
  70. package/dist/vault-ingress/remote-transport.js.map +1 -1
  71. package/docs/ARCHITECTURE.md +39 -22
  72. package/docs/CUSTODY_MODEL.md +1 -1
  73. package/docs/IDENTITY_MODEL.md +5 -5
  74. package/docs/MIGRATION-1.51.md +19 -19
  75. package/docs/MIGRATION-1.65.md +61 -0
  76. package/docs/PROCESS_ISOLATION.md +2 -2
  77. package/docs/REFERENCE.md +42 -224
  78. package/docs/api/README.md +50 -29
  79. package/docs/api/classes/IdentityError.md +1 -1
  80. package/docs/api/classes/OwnerClientError.md +1 -1
  81. package/docs/api/classes/PersistentVaultAgentIdentityRegistry.md +89 -0
  82. package/docs/api/classes/PersistentVaultAgentSecretGrantRegistry.md +125 -0
  83. package/docs/api/classes/PersistentVaultAuditLog.md +65 -0
  84. package/docs/api/classes/PersistentVaultCustomHttpFlowRegistry.md +69 -0
  85. package/docs/api/classes/PersistentVaultSecretCustody.md +93 -0
  86. package/docs/api/classes/PersistentVaultSecretDestinationGrantRegistry.md +125 -0
  87. package/docs/api/classes/PersistentVaultSecretRepository.md +127 -0
  88. package/docs/api/classes/VaultCore.md +299 -214
  89. package/docs/api/classes/VaultCoreError.md +3 -3
  90. package/docs/api/enumerations/AuditAction.md +143 -0
  91. package/docs/api/enumerations/AuditOutcome.md +35 -0
  92. package/docs/api/enumerations/DispatchStatus.md +35 -0
  93. package/docs/api/enumerations/IdentityErrorCode.md +1 -1
  94. package/docs/api/enumerations/OwnerClientErrorCode.md +1 -1
  95. package/docs/api/functions/createAgentClient.md +1 -15
  96. package/docs/api/functions/createIdentity.md +2 -2
  97. package/docs/api/functions/createOwnerClient.md +17 -0
  98. package/docs/api/functions/createOwnerSession.md +1 -1
  99. package/docs/api/functions/createPersistentVaultCoreDependencies.md +4 -4
  100. package/docs/api/functions/createVault.md +1 -1
  101. package/docs/api/functions/createVaultCore.md +1 -1
  102. package/docs/api/functions/createVaultCoreDependencies.md +1 -1
  103. package/docs/api/functions/createVaultService.md +5 -9
  104. package/docs/api/functions/createWorkspaceStorage.md +1 -1
  105. package/docs/api/functions/deriveRootAgentId.md +17 -0
  106. package/docs/api/functions/deriveVaultWorkingKeyFromPassword.md +1 -1
  107. package/docs/api/functions/getDefaultWorkspaceDir.md +1 -1
  108. package/docs/api/functions/handleVaultAgentControlHttp.md +2 -2
  109. package/docs/api/functions/handleVaultHttpDispatch.md +2 -2
  110. package/docs/api/functions/initializeVaultCustody.md +7 -3
  111. package/docs/api/functions/listVaults.md +1 -1
  112. package/docs/api/functions/readVaultProfile.md +1 -1
  113. package/docs/api/functions/recoverVault.md +1 -1
  114. package/docs/api/functions/recoverVaultWorkingKey.md +4 -8
  115. package/docs/api/functions/restoreIdentity.md +1 -1
  116. package/docs/api/functions/updateVaultMetadata.md +1 -1
  117. package/docs/api/functions/writeVaultProfile.md +1 -1
  118. package/docs/api/interfaces/AgentClient.md +20 -59
  119. package/docs/api/interfaces/AgentDispatchIntent.md +1 -1
  120. package/docs/api/interfaces/AgentDispatchTransport.md +12 -44
  121. package/docs/api/interfaces/AgentIdentity.md +3 -3
  122. package/docs/api/interfaces/AgentIdentityRecord.md +47 -0
  123. package/docs/api/interfaces/AgentRequestResult.md +35 -0
  124. package/docs/api/interfaces/AgentRuntimeManifest.md +55 -0
  125. package/docs/api/interfaces/AgentSecretGrant.md +41 -0
  126. package/docs/api/interfaces/AgentSigner.md +1 -1
  127. package/docs/api/interfaces/AgentVisibleRequestRecord.md +53 -0
  128. package/docs/api/interfaces/AgentVisibleSecretRecord.md +65 -0
  129. package/docs/api/interfaces/AuditEntry.md +83 -0
  130. package/docs/api/interfaces/CbioRuntime.md +13 -150
  131. package/docs/api/interfaces/CreateAgentClientOptions.md +4 -10
  132. package/docs/api/interfaces/CreateIdentityOptions.md +1 -1
  133. package/docs/api/interfaces/{CreateVaultClientOptions.md → CreateOwnerClientOptions.md} +9 -11
  134. package/docs/api/interfaces/CreateOwnerSessionOptions.md +3 -117
  135. package/docs/api/interfaces/CreatePersistentVaultCoreDependenciesOptions.md +3 -131
  136. package/docs/api/interfaces/CreateVaultOptions.md +1 -121
  137. package/docs/api/interfaces/CreatedVault.md +2 -2
  138. package/docs/api/interfaces/CustomHttpFlowDefinition.md +71 -0
  139. package/docs/api/interfaces/DefaultPolicyEngineOptions.md +1 -13
  140. package/docs/api/interfaces/DispatchAuthorization.md +43 -0
  141. package/docs/api/interfaces/DispatchInstruction.md +47 -0
  142. package/docs/api/interfaces/DispatchRequest.md +83 -0
  143. package/docs/api/interfaces/DispatchResult.md +53 -0
  144. package/docs/api/interfaces/IStorageProvider.md +13 -1
  145. package/docs/api/interfaces/InitializeVaultCustodyOptions.md +31 -11
  146. package/docs/api/interfaces/InitializedVaultCustody.md +1 -7
  147. package/docs/api/interfaces/OwnerAgentProvisionResult.md +2 -2
  148. package/docs/api/interfaces/OwnerClient.md +417 -0
  149. package/docs/api/interfaces/OwnerCreateSecretInput.md +1 -1
  150. package/docs/api/interfaces/OwnerRemoveSecretInput.md +1 -1
  151. package/docs/api/interfaces/OwnerRequestRecord.md +97 -0
  152. package/docs/api/interfaces/OwnerSensitiveActionConfirmation.md +1 -1
  153. package/docs/api/interfaces/OwnerSensitiveActionContext.md +1 -1
  154. package/docs/api/interfaces/OwnerSession.md +3 -3
  155. package/docs/api/interfaces/OwnerUpdateSecretInput.md +1 -1
  156. package/docs/api/interfaces/OwnerVisibleRequestRecord.md +73 -0
  157. package/docs/api/interfaces/RecoverVaultOptions.md +1 -121
  158. package/docs/api/interfaces/RecoveredVault.md +2 -2
  159. package/docs/api/interfaces/RequestRecord.md +107 -0
  160. package/docs/api/interfaces/RestoreIdentityOptions.md +1 -1
  161. package/docs/api/interfaces/SecretAlias.md +11 -0
  162. package/docs/api/interfaces/SecretDestinationGrant.md +41 -0
  163. package/docs/api/interfaces/SecretId.md +11 -0
  164. package/docs/api/interfaces/SecretRecord.md +89 -0
  165. package/docs/api/interfaces/Signer.md +1 -1
  166. package/docs/api/interfaces/VaultApproveDispatchInput.md +3 -9
  167. package/docs/api/interfaces/VaultAuditQueryInput.md +1 -1
  168. package/docs/api/interfaces/VaultCoreDependenciesOptions.md +1 -5
  169. package/docs/api/interfaces/VaultCreateAgentInput.md +1 -1
  170. package/docs/api/interfaces/VaultExportSecretInput.md +1 -1
  171. package/docs/api/interfaces/VaultGetRequestInput.md +17 -0
  172. package/docs/api/interfaces/VaultGrantAgentSecretInput.md +23 -0
  173. package/docs/api/interfaces/VaultGrantSecretDestinationInput.md +23 -0
  174. package/docs/api/interfaces/VaultId.md +11 -0
  175. package/docs/api/interfaces/VaultImportAgentInput.md +1 -1
  176. package/docs/api/interfaces/VaultIssueSessionTokenInput.md +5 -5
  177. package/docs/api/interfaces/VaultListAgentsInput.md +1 -1
  178. package/docs/api/interfaces/VaultListGrantsInput.md +23 -0
  179. package/docs/api/interfaces/VaultListRequestsInput.md +17 -0
  180. package/docs/api/interfaces/VaultListSecretsInput.md +1 -1
  181. package/docs/api/interfaces/VaultMetadata.md +1 -1
  182. package/docs/api/interfaces/VaultObject.md +2 -2
  183. package/docs/api/interfaces/VaultPrincipal.md +17 -0
  184. package/docs/api/interfaces/VaultProfile.md +1 -1
  185. package/docs/api/interfaces/VaultReadAgentPrivateKeyInput.md +7 -7
  186. package/docs/api/interfaces/VaultReadSecretPlaintextInput.md +1 -1
  187. package/docs/api/interfaces/VaultRegisterFlowInput.md +1 -1
  188. package/docs/api/interfaces/VaultRevokeAgentSecretInput.md +23 -0
  189. package/docs/api/interfaces/VaultRevokeSecretDestinationInput.md +23 -0
  190. package/docs/api/interfaces/VaultRevokeSessionTokenInput.md +1 -1
  191. package/docs/api/interfaces/VaultService.md +547 -0
  192. package/docs/api/interfaces/VaultUpdateAgentInput.md +7 -7
  193. package/docs/api/type-aliases/AgentId.md +7 -0
  194. package/docs/api/type-aliases/CbioRuntimeModule.md +1 -1
  195. package/docs/api/type-aliases/DispatchApprovalDecision.md +7 -0
  196. package/docs/api/type-aliases/GrantStatus.md +7 -0
  197. package/docs/api/type-aliases/SecretLifecycleStatus.md +7 -0
  198. package/docs/api/type-aliases/VaultPrincipalKind.md +7 -0
  199. package/docs/api/variables/DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY.md +2 -2
  200. package/docs/es/README.md +3 -3
  201. package/docs/fr/README.md +3 -3
  202. package/docs/ja/README.md +5 -5
  203. package/docs/ko/README.md +5 -5
  204. package/docs/pt/README.md +3 -3
  205. package/docs/zh/PROCESS_ISOLATION.md +2 -2
  206. package/docs/zh/README.md +23 -24
  207. package/examples/process-isolation.ts +26 -35
  208. package/package.json +1 -1
  209. package/docs/api/functions/createOwnerHttpFlowBoundary.md +0 -17
  210. package/docs/api/functions/createStandardAcquireBoundary.md +0 -31
  211. package/docs/api/functions/createStandardDispatchBoundary.md +0 -23
  212. package/docs/api/functions/createVaultClient.md +0 -32
  213. package/docs/api/functions/deriveIdentityId.md +0 -17
  214. package/docs/api/functions/wrapVaultCoreAsVaultService.md +0 -31
  215. package/docs/api/interfaces/AgentSubmitCapabilityRequestInput.md +0 -41
  216. package/docs/api/interfaces/VaultApproveCapabilityRequestInput.md +0 -23
  217. package/docs/api/interfaces/VaultClient.md +0 -473
  218. package/docs/api/interfaces/VaultGrantCapabilityInput.md +0 -79
  219. package/docs/api/interfaces/VaultGrantCapabilityRequest.md +0 -23
  220. package/docs/api/interfaces/VaultIdentity.md +0 -11
  221. package/docs/api/interfaces/VaultListCapabilitiesInput.md +0 -17
  222. package/docs/api/interfaces/VaultRevokeCapabilityInput.md +0 -23
  223. package/docs/api/interfaces/VaultSigner.md +0 -21
  224. package/docs/api/interfaces/VaultSubmitCapabilityRequestInput.md +0 -73
  225. package/docs/api/type-aliases/AgentCapabilityEnvelope.md +0 -7
  226. package/docs/api/type-aliases/AgentVisibleSecretRecord.md +0 -7
  227. package/docs/api/type-aliases/CreateOwnerClientOptions.md +0 -7
  228. package/docs/api/type-aliases/OwnerAgentView.md +0 -7
  229. package/docs/api/type-aliases/OwnerClient.md +0 -13
  230. package/docs/api/type-aliases/OwnerGrantCapabilityInput.md +0 -7
  231. package/docs/api/type-aliases/OwnerPendingApprovalView.md +0 -7
  232. package/docs/api/type-aliases/OwnerRequestDetailView.md +0 -7
  233. package/docs/api/type-aliases/OwnerRequestSummaryView.md +0 -7
  234. package/docs/api/type-aliases/OwnerSecretView.md +0 -7
package/dist/vault-core/persistence.d.ts CHANGED
@@ -1,140 +1,100 @@
1
- import type { IStorageProvider } from "../storage/provider.js";
2
- import type { CapabilityStateRecord, RequestRecord, AgentIdentityRecord, AuditEntry, AuditQuery, VaultId, CustomHttpFlowDefinition, SecretAlias, SecretId, SecretRecord, DispatchRequest } from "./contracts.js";
3
- import type { AgentIdentityRegistry, AuditLog, CapabilityStateRegistry, CapabilityRevocationRegistry, CustomHttpFlowRegistry, RequestRecordRegistry, RateLimitStore, ReplayGuard, SecretCustody, SecretRepository, VaultCoreDependencies } from "./ports.js";
4
- import { type VaultCoreDependenciesOptions } from "./defaults.js";
5
- export declare const DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY = "working-key.sealed";
6
- export interface InitializeVaultCustodyOptions {
7
- vaultWorkingKey?: string;
8
- vaultRecoveryKey?: string;
9
- storageKey?: string;
10
- overwrite?: boolean;
11
- }
12
- export interface InitializedVaultCustody {
13
- vaultWorkingKey: string;
14
- vaultRecoveryKey: string;
15
- storageKey: string;
16
- }
17
- export interface CreatePersistentVaultCoreDependenciesOptions extends VaultCoreDependenciesOptions {
18
- vaultWorkingKey: string;
19
- }
20
- export declare function initializeVaultCustody(storage: IStorageProvider, options?: InitializeVaultCustodyOptions): Promise<InitializedVaultCustody>;
21
- export declare function recoverVaultWorkingKey(storage: IStorageProvider, vaultRecoveryKey: string, storageKey?: string): Promise<string>;
22
- /**
23
- * @internal
24
- */
1
+ import { type AgentSecretGrant, type SecretDestinationGrant, type AgentIdentityRecord, type AuditEntry, type AuditQuery, type CustomHttpFlowDefinition, type RequestRecord, type SecretId, type SecretRecord, type VaultId } from "./contracts.js";
2
+ import type { AgentIdentityRegistry, AgentSecretGrantRegistry, SecretDestinationGrantRegistry, AuditLog, CustomHttpFlowRegistry, RequestRecordRegistry, SecretCustody, SecretRepository } from "./ports.js";
25
3
  export declare class FileSecretRepository implements SecretRepository {
26
- private readonly _lockKey;
27
- private readonly _repo;
28
- constructor(storage: IStorageProvider, vaultWorkingKey: string, key?: string, _lockKey?: string);
29
- private loadState;
30
- private isActive;
4
+ private readonly _baseDir;
5
+ constructor(baseDir: string);
6
+ private _getPath;
7
+ private _getAliasPath;
31
8
  save(record: SecretRecord): Promise<void>;
32
9
  delete(secretId: SecretId): Promise<void>;
33
- getByAlias(alias: SecretAlias): Promise<SecretRecord | null>;
10
+ getByAlias(alias: {
11
+ value: string;
12
+ }): Promise<SecretRecord | null>;
34
13
  getById(secretId: SecretId): Promise<SecretRecord | null>;
35
14
  list(vaultId: VaultId): Promise<readonly SecretRecord[]>;
36
15
  }
37
- /**
38
- * @internal
39
- */
40
- export declare class FileAgentIdentityRegistry implements AgentIdentityRegistry {
41
- private readonly _lockKey;
42
- private readonly _repo;
43
- constructor(storage: IStorageProvider, vaultWorkingKey: string, key?: string, _lockKey?: string);
44
- private loadState;
45
- register(identity: AgentIdentityRecord): Promise<void>;
46
- get(vaultId: VaultId, agentId: string): Promise<AgentIdentityRecord | null>;
47
- list(vaultId: VaultId): Promise<readonly AgentIdentityRecord[]>;
16
+ export declare class FileSecretCustody implements SecretCustody {
17
+ private readonly _baseDir;
18
+ private readonly _workingKey;
19
+ constructor(baseDir: string, workingKey: string);
20
+ private _getPath;
21
+ store(secretId: SecretId, plaintext: string): Promise<void>;
22
+ load(secretId: SecretId): Promise<string | null>;
23
+ delete(secretId: SecretId): Promise<void>;
48
24
  }
49
- /**
50
- * @internal
51
- */
52
25
  export declare class FileAuditLog implements AuditLog {
53
- private readonly _storage;
54
- private readonly _key;
55
- private readonly _lockKey;
56
- constructor(_storage: IStorageProvider, _key?: string, _lockKey?: string);
57
- private hash;
58
- private verifyEnvelopeChain;
59
- private loadEntries;
26
+ private readonly _baseDir;
27
+ constructor(baseDir: string);
28
+ private _getPath;
60
29
  append(entry: AuditEntry): Promise<void>;
61
30
  query(query: AuditQuery): Promise<readonly AuditEntry[]>;
62
31
  }
63
- /**
64
- * @internal
65
- */
66
- export declare class FileSecretCustody implements SecretCustody {
67
- private readonly _storage;
68
- private readonly _vaultWorkingKey;
69
- private readonly _keyPrefix;
70
- constructor(_storage: IStorageProvider, _vaultWorkingKey: string, _keyPrefix?: string);
71
- private key;
72
- store(secretId: SecretId, plaintext: string): Promise<void>;
73
- load(secretId: SecretId): Promise<string | null>;
74
- delete(secretId: SecretId): Promise<void>;
32
+ export declare class FileAgentIdentityRegistry implements AgentIdentityRegistry {
33
+ private readonly _baseDir;
34
+ constructor(baseDir: string);
35
+ private _getPath;
36
+ register(identity: AgentIdentityRecord): Promise<void>;
37
+ get(vaultId: VaultId, rootAgentId: string): Promise<AgentIdentityRecord | null>;
38
+ list(vaultId: VaultId): Promise<readonly AgentIdentityRecord[]>;
75
39
  }
76
- /**
77
- * @internal
78
- */
79
- export declare class FileReplayGuard implements ReplayGuard {
80
- private readonly _lockKey;
81
- private readonly _ttlMs;
82
- private readonly _repo;
83
- constructor(storage: IStorageProvider, vaultWorkingKey: string, key?: string, _lockKey?: string, _ttlMs?: number);
84
- assertNotReplayed(request: DispatchRequest): Promise<void>;
40
+ export declare class FileAgentSecretGrantRegistry implements AgentSecretGrantRegistry {
41
+ private readonly _baseDir;
42
+ constructor(baseDir: string);
43
+ private _getPath;
44
+ upsert(grant: AgentSecretGrant): Promise<void>;
45
+ get(vaultId: VaultId, rootAgentId: string, secretAlias: string): Promise<AgentSecretGrant | null>;
46
+ list(vaultId: VaultId, rootAgentId?: string): Promise<readonly AgentSecretGrant[]>;
47
+ delete(vaultId: VaultId, rootAgentId: string, secretAlias: string): Promise<void>;
85
48
  }
86
- /**
87
- * @internal
88
- */
89
- export declare class FileCapabilityRegistry implements CapabilityStateRegistry {
90
- private readonly _lockKey;
91
- private readonly _repo;
92
- constructor(storage: IStorageProvider, vaultWorkingKey: string, key?: string, _lockKey?: string);
93
- private loadState;
94
- upsert(capability: CapabilityStateRecord): Promise<void>;
95
- getByCapabilityId(vaultId: VaultId, agentId: string, capabilityId: string): Promise<CapabilityStateRecord | null>;
96
- getByRequestId(vaultId: VaultId, requestId: string): Promise<CapabilityStateRecord | null>;
97
- deleteByRequestId(vaultId: VaultId, requestId: string): Promise<void>;
98
- list(vaultId: VaultId, agentId?: string): Promise<readonly CapabilityStateRecord[]>;
49
+ export declare class FileSecretDestinationGrantRegistry implements SecretDestinationGrantRegistry {
50
+ private readonly _baseDir;
51
+ constructor(baseDir: string);
52
+ private _getPath;
53
+ upsert(grant: SecretDestinationGrant): Promise<void>;
54
+ get(vaultId: VaultId, secretAlias: string, domain: string): Promise<SecretDestinationGrant | null>;
55
+ list(vaultId: VaultId, secretAlias?: string): Promise<readonly SecretDestinationGrant[]>;
56
+ delete(vaultId: VaultId, secretAlias: string, domain: string): Promise<void>;
99
57
  }
100
58
  export declare class FileRequestRecordRegistry implements RequestRecordRegistry {
101
- private readonly _lockKey;
102
- private readonly _repo;
103
- constructor(storage: IStorageProvider, vaultWorkingKey: string, key?: string, _lockKey?: string);
104
- private loadState;
59
+ private readonly _baseDir;
60
+ constructor(baseDir: string);
61
+ private _getPath;
105
62
  save(record: RequestRecord): Promise<void>;
106
63
  get(vaultId: VaultId, requestId: string): Promise<RequestRecord | null>;
107
- list(vaultId: VaultId, agentId?: string): Promise<readonly RequestRecord[]>;
108
- }
109
- /**
110
- * @internal
111
- */
112
- export declare class FileRateLimitStore implements RateLimitStore {
113
- private readonly _lockKey;
114
- private readonly _repo;
115
- constructor(storage: IStorageProvider, vaultWorkingKey: string, key?: string, _lockKey?: string);
116
- consume(key: string, maxRequests: number, windowMs: number, nowMs: number): Promise<void>;
117
- }
118
- /**
119
- * @internal
120
- */
121
- export declare class FileCapabilityRevocationRegistry implements CapabilityRevocationRegistry {
122
- private readonly _lockKey;
123
- private readonly _repo;
124
- constructor(storage: IStorageProvider, vaultWorkingKey: string, key?: string, _lockKey?: string);
125
- private compositeKey;
126
- get(vaultId: VaultId, agentId: string, capabilityId: string): Promise<number>;
127
- revoke(vaultId: VaultId, agentId: string, capabilityId: string): Promise<number>;
64
+ list(vaultId: VaultId, rootAgentId?: string): Promise<readonly RequestRecord[]>;
128
65
  }
129
- /**
130
- * @internal
131
- */
132
66
  export declare class FileCustomHttpFlowRegistry implements CustomHttpFlowRegistry {
133
- private readonly _lockKey;
134
- private readonly _repo;
135
- constructor(storage: IStorageProvider, vaultWorkingKey: string, key?: string, _lockKey?: string);
136
- private loadState;
67
+ private readonly _baseDir;
68
+ constructor(baseDir: string);
69
+ private _getPath;
137
70
  register(flow: CustomHttpFlowDefinition): Promise<void>;
138
71
  get(vaultId: VaultId, flowId: string): Promise<CustomHttpFlowDefinition | null>;
139
72
  }
140
- export declare function createPersistentVaultCoreDependencies(storage: IStorageProvider, options: CreatePersistentVaultCoreDependenciesOptions): VaultCoreDependencies;
73
+ export declare const DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY = "master_key.sealed";
74
+ export interface InitializeVaultCustodyOptions {
75
+ storage: {
76
+ read(key: string): Promise<Uint8Array | null>;
77
+ write(key: string, data: Uint8Array): Promise<void>;
78
+ };
79
+ password?: string;
80
+ }
81
+ export interface InitializedVaultCustody {
82
+ vaultWorkingKey: string;
83
+ vaultRecoveryKey: string;
84
+ }
85
+ export declare function initializeVaultCustody(storage: {
86
+ read(key: string): Promise<Uint8Array | null>;
87
+ write(key: string, data: Uint8Array): Promise<void>;
88
+ }, options?: {
89
+ password?: string;
90
+ }): Promise<InitializedVaultCustody>;
91
+ export declare function recoverVaultWorkingKey(storage: {
92
+ read(key: string): Promise<Uint8Array | null>;
93
+ }, recoveryKey: string): Promise<string>;
94
+ export interface CreatePersistentVaultCoreDependenciesOptions {
95
+ vaultId: string;
96
+ vaultWorkingKey: string;
97
+ }
98
+ export declare function createPersistentVaultCoreDependencies(storage: {
99
+ getBaseDir(): string;
100
+ }, options: CreatePersistentVaultCoreDependenciesOptions): any;