@the-ai-company/cbio-node-runtime 1.63.3 → 1.63.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (234) hide show
  1. package/README.md +48 -209
  2. package/dist/clients/agent/client.d.ts +18 -40
  3. package/dist/clients/agent/client.js +22 -109
  4. package/dist/clients/agent/client.js.map +1 -1
  5. package/dist/clients/agent/contracts.d.ts +1 -8
  6. package/dist/clients/agent/index.d.ts +1 -1
  7. package/dist/clients/owner/client.d.ts +2 -102
  8. package/dist/clients/owner/client.js +119 -240
  9. package/dist/clients/owner/client.js.map +1 -1
  10. package/dist/clients/owner/contracts.d.ts +37 -70
  11. package/dist/clients/owner/index.d.ts +2 -4
  12. package/dist/clients/owner/index.js +1 -2
  13. package/dist/clients/owner/index.js.map +1 -1
  14. package/dist/internal/id-factory.d.ts +0 -2
  15. package/dist/internal/id-factory.js +0 -6
  16. package/dist/internal/id-factory.js.map +1 -1
  17. package/dist/protocol/identity.d.ts +1 -1
  18. package/dist/protocol/identity.js +3 -3
  19. package/dist/protocol/identity.js.map +1 -1
  20. package/dist/public-types.d.ts +5 -14
  21. package/dist/public-types.js +1 -8
  22. package/dist/public-types.js.map +1 -1
  23. package/dist/runtime/bootstrap.js.map +1 -1
  24. package/dist/runtime/identity.d.ts +2 -2
  25. package/dist/runtime/identity.js +3 -5
  26. package/dist/runtime/identity.js.map +1 -1
  27. package/dist/runtime/index.d.ts +10 -12
  28. package/dist/runtime/index.js +7 -8
  29. package/dist/runtime/index.js.map +1 -1
  30. package/dist/runtime/owner-session.d.ts +7 -6
  31. package/dist/runtime/owner-session.js +5 -6
  32. package/dist/runtime/owner-session.js.map +1 -1
  33. package/dist/storage/fs.d.ts +3 -2
  34. package/dist/storage/fs.js +8 -5
  35. package/dist/storage/fs.js.map +1 -1
  36. package/dist/storage/prefix.d.ts +1 -0
  37. package/dist/storage/prefix.js +7 -0
  38. package/dist/storage/prefix.js.map +1 -1
  39. package/dist/storage/provider.d.ts +2 -0
  40. package/dist/vault-core/contracts.d.ts +112 -193
  41. package/dist/vault-core/contracts.js +5 -8
  42. package/dist/vault-core/contracts.js.map +1 -1
  43. package/dist/vault-core/core.d.ts +127 -62
  44. package/dist/vault-core/core.js +500 -1182
  45. package/dist/vault-core/core.js.map +1 -1
  46. package/dist/vault-core/defaults.d.ts +26 -42
  47. package/dist/vault-core/defaults.js +73 -229
  48. package/dist/vault-core/defaults.js.map +1 -1
  49. package/dist/vault-core/errors.d.ts +3 -2
  50. package/dist/vault-core/errors.js.map +1 -1
  51. package/dist/vault-core/index.d.ts +5 -5
  52. package/dist/vault-core/index.js +2 -2
  53. package/dist/vault-core/index.js.map +1 -1
  54. package/dist/vault-core/persistence.d.ts +78 -118
  55. package/dist/vault-core/persistence.js +329 -421
  56. package/dist/vault-core/persistence.js.map +1 -1
  57. package/dist/vault-core/ports.d.ts +19 -24
  58. package/dist/vault-core/read-policy.d.ts +3 -2
  59. package/dist/vault-core/read-policy.js.map +1 -1
  60. package/dist/vault-core/tool-metadata.js +2 -2
  61. package/dist/vault-core/tool-metadata.js.map +1 -1
  62. package/dist/vault-ingress/defaults.d.ts +4 -2
  63. package/dist/vault-ingress/defaults.js +14 -8
  64. package/dist/vault-ingress/defaults.js.map +1 -1
  65. package/dist/vault-ingress/index.d.ts +43 -117
  66. package/dist/vault-ingress/index.js +98 -453
  67. package/dist/vault-ingress/index.js.map +1 -1
  68. package/dist/vault-ingress/remote-transport.d.ts +5 -3
  69. package/dist/vault-ingress/remote-transport.js +8 -28
  70. package/dist/vault-ingress/remote-transport.js.map +1 -1
  71. package/docs/ARCHITECTURE.md +39 -22
  72. package/docs/CUSTODY_MODEL.md +1 -1
  73. package/docs/IDENTITY_MODEL.md +5 -5
  74. package/docs/MIGRATION-1.51.md +19 -19
  75. package/docs/MIGRATION-1.65.md +61 -0
  76. package/docs/PROCESS_ISOLATION.md +2 -2
  77. package/docs/REFERENCE.md +42 -224
  78. package/docs/api/README.md +50 -29
  79. package/docs/api/classes/IdentityError.md +1 -1
  80. package/docs/api/classes/OwnerClientError.md +1 -1
  81. package/docs/api/classes/PersistentVaultAgentIdentityRegistry.md +89 -0
  82. package/docs/api/classes/PersistentVaultAgentSecretGrantRegistry.md +125 -0
  83. package/docs/api/classes/PersistentVaultAuditLog.md +65 -0
  84. package/docs/api/classes/PersistentVaultCustomHttpFlowRegistry.md +69 -0
  85. package/docs/api/classes/PersistentVaultSecretCustody.md +93 -0
  86. package/docs/api/classes/PersistentVaultSecretDestinationGrantRegistry.md +125 -0
  87. package/docs/api/classes/PersistentVaultSecretRepository.md +127 -0
  88. package/docs/api/classes/VaultCore.md +299 -214
  89. package/docs/api/classes/VaultCoreError.md +3 -3
  90. package/docs/api/enumerations/AuditAction.md +143 -0
  91. package/docs/api/enumerations/AuditOutcome.md +35 -0
  92. package/docs/api/enumerations/DispatchStatus.md +35 -0
  93. package/docs/api/enumerations/IdentityErrorCode.md +1 -1
  94. package/docs/api/enumerations/OwnerClientErrorCode.md +1 -1
  95. package/docs/api/functions/createAgentClient.md +1 -15
  96. package/docs/api/functions/createIdentity.md +2 -2
  97. package/docs/api/functions/createOwnerClient.md +17 -0
  98. package/docs/api/functions/createOwnerSession.md +1 -1
  99. package/docs/api/functions/createPersistentVaultCoreDependencies.md +4 -4
  100. package/docs/api/functions/createVault.md +1 -1
  101. package/docs/api/functions/createVaultCore.md +1 -1
  102. package/docs/api/functions/createVaultCoreDependencies.md +1 -1
  103. package/docs/api/functions/createVaultService.md +5 -9
  104. package/docs/api/functions/createWorkspaceStorage.md +1 -1
  105. package/docs/api/functions/deriveRootAgentId.md +17 -0
  106. package/docs/api/functions/deriveVaultWorkingKeyFromPassword.md +1 -1
  107. package/docs/api/functions/getDefaultWorkspaceDir.md +1 -1
  108. package/docs/api/functions/handleVaultAgentControlHttp.md +2 -2
  109. package/docs/api/functions/handleVaultHttpDispatch.md +2 -2
  110. package/docs/api/functions/initializeVaultCustody.md +7 -3
  111. package/docs/api/functions/listVaults.md +1 -1
  112. package/docs/api/functions/readVaultProfile.md +1 -1
  113. package/docs/api/functions/recoverVault.md +1 -1
  114. package/docs/api/functions/recoverVaultWorkingKey.md +4 -8
  115. package/docs/api/functions/restoreIdentity.md +1 -1
  116. package/docs/api/functions/updateVaultMetadata.md +1 -1
  117. package/docs/api/functions/writeVaultProfile.md +1 -1
  118. package/docs/api/interfaces/AgentClient.md +20 -59
  119. package/docs/api/interfaces/AgentDispatchIntent.md +1 -1
  120. package/docs/api/interfaces/AgentDispatchTransport.md +12 -44
  121. package/docs/api/interfaces/AgentIdentity.md +3 -3
  122. package/docs/api/interfaces/AgentIdentityRecord.md +47 -0
  123. package/docs/api/interfaces/AgentRequestResult.md +35 -0
  124. package/docs/api/interfaces/AgentRuntimeManifest.md +55 -0
  125. package/docs/api/interfaces/AgentSecretGrant.md +41 -0
  126. package/docs/api/interfaces/AgentSigner.md +1 -1
  127. package/docs/api/interfaces/AgentVisibleRequestRecord.md +53 -0
  128. package/docs/api/interfaces/AgentVisibleSecretRecord.md +65 -0
  129. package/docs/api/interfaces/AuditEntry.md +83 -0
  130. package/docs/api/interfaces/CbioRuntime.md +13 -150
  131. package/docs/api/interfaces/CreateAgentClientOptions.md +4 -10
  132. package/docs/api/interfaces/CreateIdentityOptions.md +1 -1
  133. package/docs/api/interfaces/{CreateVaultClientOptions.md → CreateOwnerClientOptions.md} +9 -11
  134. package/docs/api/interfaces/CreateOwnerSessionOptions.md +3 -117
  135. package/docs/api/interfaces/CreatePersistentVaultCoreDependenciesOptions.md +3 -131
  136. package/docs/api/interfaces/CreateVaultOptions.md +1 -121
  137. package/docs/api/interfaces/CreatedVault.md +2 -2
  138. package/docs/api/interfaces/CustomHttpFlowDefinition.md +71 -0
  139. package/docs/api/interfaces/DefaultPolicyEngineOptions.md +1 -13
  140. package/docs/api/interfaces/DispatchAuthorization.md +43 -0
  141. package/docs/api/interfaces/DispatchInstruction.md +47 -0
  142. package/docs/api/interfaces/DispatchRequest.md +83 -0
  143. package/docs/api/interfaces/DispatchResult.md +53 -0
  144. package/docs/api/interfaces/IStorageProvider.md +13 -1
  145. package/docs/api/interfaces/InitializeVaultCustodyOptions.md +31 -11
  146. package/docs/api/interfaces/InitializedVaultCustody.md +1 -7
  147. package/docs/api/interfaces/OwnerAgentProvisionResult.md +2 -2
  148. package/docs/api/interfaces/OwnerClient.md +417 -0
  149. package/docs/api/interfaces/OwnerCreateSecretInput.md +1 -1
  150. package/docs/api/interfaces/OwnerRemoveSecretInput.md +1 -1
  151. package/docs/api/interfaces/OwnerRequestRecord.md +97 -0
  152. package/docs/api/interfaces/OwnerSensitiveActionConfirmation.md +1 -1
  153. package/docs/api/interfaces/OwnerSensitiveActionContext.md +1 -1
  154. package/docs/api/interfaces/OwnerSession.md +3 -3
  155. package/docs/api/interfaces/OwnerUpdateSecretInput.md +1 -1
  156. package/docs/api/interfaces/OwnerVisibleRequestRecord.md +73 -0
  157. package/docs/api/interfaces/RecoverVaultOptions.md +1 -121
  158. package/docs/api/interfaces/RecoveredVault.md +2 -2
  159. package/docs/api/interfaces/RequestRecord.md +107 -0
  160. package/docs/api/interfaces/RestoreIdentityOptions.md +1 -1
  161. package/docs/api/interfaces/SecretAlias.md +11 -0
  162. package/docs/api/interfaces/SecretDestinationGrant.md +41 -0
  163. package/docs/api/interfaces/SecretId.md +11 -0
  164. package/docs/api/interfaces/SecretRecord.md +89 -0
  165. package/docs/api/interfaces/Signer.md +1 -1
  166. package/docs/api/interfaces/VaultApproveDispatchInput.md +3 -9
  167. package/docs/api/interfaces/VaultAuditQueryInput.md +1 -1
  168. package/docs/api/interfaces/VaultCoreDependenciesOptions.md +1 -5
  169. package/docs/api/interfaces/VaultCreateAgentInput.md +1 -1
  170. package/docs/api/interfaces/VaultExportSecretInput.md +1 -1
  171. package/docs/api/interfaces/VaultGetRequestInput.md +17 -0
  172. package/docs/api/interfaces/VaultGrantAgentSecretInput.md +23 -0
  173. package/docs/api/interfaces/VaultGrantSecretDestinationInput.md +23 -0
  174. package/docs/api/interfaces/VaultId.md +11 -0
  175. package/docs/api/interfaces/VaultImportAgentInput.md +1 -1
  176. package/docs/api/interfaces/VaultIssueSessionTokenInput.md +5 -5
  177. package/docs/api/interfaces/VaultListAgentsInput.md +1 -1
  178. package/docs/api/interfaces/VaultListGrantsInput.md +23 -0
  179. package/docs/api/interfaces/VaultListRequestsInput.md +17 -0
  180. package/docs/api/interfaces/VaultListSecretsInput.md +1 -1
  181. package/docs/api/interfaces/VaultMetadata.md +1 -1
  182. package/docs/api/interfaces/VaultObject.md +2 -2
  183. package/docs/api/interfaces/VaultPrincipal.md +17 -0
  184. package/docs/api/interfaces/VaultProfile.md +1 -1
  185. package/docs/api/interfaces/VaultReadAgentPrivateKeyInput.md +7 -7
  186. package/docs/api/interfaces/VaultReadSecretPlaintextInput.md +1 -1
  187. package/docs/api/interfaces/VaultRegisterFlowInput.md +1 -1
  188. package/docs/api/interfaces/VaultRevokeAgentSecretInput.md +23 -0
  189. package/docs/api/interfaces/VaultRevokeSecretDestinationInput.md +23 -0
  190. package/docs/api/interfaces/VaultRevokeSessionTokenInput.md +1 -1
  191. package/docs/api/interfaces/VaultService.md +547 -0
  192. package/docs/api/interfaces/VaultUpdateAgentInput.md +7 -7
  193. package/docs/api/type-aliases/AgentId.md +7 -0
  194. package/docs/api/type-aliases/CbioRuntimeModule.md +1 -1
  195. package/docs/api/type-aliases/DispatchApprovalDecision.md +7 -0
  196. package/docs/api/type-aliases/GrantStatus.md +7 -0
  197. package/docs/api/type-aliases/SecretLifecycleStatus.md +7 -0
  198. package/docs/api/type-aliases/VaultPrincipalKind.md +7 -0
  199. package/docs/api/variables/DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY.md +2 -2
  200. package/docs/es/README.md +3 -3
  201. package/docs/fr/README.md +3 -3
  202. package/docs/ja/README.md +5 -5
  203. package/docs/ko/README.md +5 -5
  204. package/docs/pt/README.md +3 -3
  205. package/docs/zh/PROCESS_ISOLATION.md +2 -2
  206. package/docs/zh/README.md +23 -24
  207. package/examples/process-isolation.ts +26 -35
  208. package/package.json +1 -1
  209. package/docs/api/functions/createOwnerHttpFlowBoundary.md +0 -17
  210. package/docs/api/functions/createStandardAcquireBoundary.md +0 -31
  211. package/docs/api/functions/createStandardDispatchBoundary.md +0 -23
  212. package/docs/api/functions/createVaultClient.md +0 -32
  213. package/docs/api/functions/deriveIdentityId.md +0 -17
  214. package/docs/api/functions/wrapVaultCoreAsVaultService.md +0 -31
  215. package/docs/api/interfaces/AgentSubmitCapabilityRequestInput.md +0 -41
  216. package/docs/api/interfaces/VaultApproveCapabilityRequestInput.md +0 -23
  217. package/docs/api/interfaces/VaultClient.md +0 -473
  218. package/docs/api/interfaces/VaultGrantCapabilityInput.md +0 -79
  219. package/docs/api/interfaces/VaultGrantCapabilityRequest.md +0 -23
  220. package/docs/api/interfaces/VaultIdentity.md +0 -11
  221. package/docs/api/interfaces/VaultListCapabilitiesInput.md +0 -17
  222. package/docs/api/interfaces/VaultRevokeCapabilityInput.md +0 -23
  223. package/docs/api/interfaces/VaultSigner.md +0 -21
  224. package/docs/api/interfaces/VaultSubmitCapabilityRequestInput.md +0 -73
  225. package/docs/api/type-aliases/AgentCapabilityEnvelope.md +0 -7
  226. package/docs/api/type-aliases/AgentVisibleSecretRecord.md +0 -7
  227. package/docs/api/type-aliases/CreateOwnerClientOptions.md +0 -7
  228. package/docs/api/type-aliases/OwnerAgentView.md +0 -7
  229. package/docs/api/type-aliases/OwnerClient.md +0 -13
  230. package/docs/api/type-aliases/OwnerGrantCapabilityInput.md +0 -7
  231. package/docs/api/type-aliases/OwnerPendingApprovalView.md +0 -7
  232. package/docs/api/type-aliases/OwnerRequestDetailView.md +0 -7
  233. package/docs/api/type-aliases/OwnerRequestSummaryView.md +0 -7
  234. package/docs/api/type-aliases/OwnerSecretView.md +0 -7
package/dist/vault-ingress/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/vault-ingress/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,eAAe,EAqBf,cAAc,GACf,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EACL,2BAA2B,EAC3B,6BAA6B,EAC7B,uBAAuB,GACxB,MAAM,qBAAqB,CAAC;AAU7B,SAAS,wBAAwB,CAAC,KAAc;IAC9C,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QAC1C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,wBAAwB,CAAC,KAAK,CAAC,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,wBAAwB,CAAC,KAAK,CAAC,CAAC,CAAC,CACpF,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAqQD,MAAM,iBAAiB;IAEF;IACA;IACA;IACA;IAJnB,YACmB,UAAqB,EACrB,YAAsC,EACtC,MAAc,EACd,aAA2B,KAAK;QAHhC,eAAU,GAAV,UAAU,CAAW;QACrB,iBAAY,GAAZ,YAAY,CAA0B;QACtC,WAAM,GAAN,MAAM,CAAQ;QACd,eAAU,GAAV,UAAU,CAAsB;IAChD,CAAC;IAEJ,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;IACjC,CAAC;IAEO,KAAK,CAAC,eAAe,CAAC,KAAyB;QACrD,IAAI,CAAC,KAAK;YAAE,OAAO,SAAS,CAAC;QAC7B,MAAM,MAAM,GAAG,MAAO,IAAI,CAAC,UAAkB,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;QACzF,OAAO,MAAM,EAAE,QAAQ,CAAC,KAAK,CAAC;IAChC,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,OAAsC;QACnE,IAAI,CAAC,OAAO,EAAE,MAAM;YAAE,OAAO,SAAS,CAAC;QACvC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACxF,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,KAAK,EAAmB,EAAE,CAAC,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC;QACxF,OAAO,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;IACpD,CAAC;IAGD,sBAAsB,CAAC,QAAkF;QACvG,OAAO,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC,QAAQ,CAAC,CAAC;IAC1D,CAAC;IAED,uBAAuB,CAAC,OAAuC;QAC7D,OAAO,IAAI,CAAC,UAAU,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;IAC1D,CAAC;IAED,0BAA0B,CAAC,OAA0C;QACnE,OAAO,IAAI,CAAC,UAAU,CAAC,0BAA0B,CAAC,OAAO,CAAC,CAAC;IAC7D,CAAC;IAED,wBAAwB,CAAC,OAAyE;QAChG,OAAO,IAAI,CAAC,UAAU,CAAC,wBAAwB,CAAC,OAAO,CAAC,CAAC;IAC3D,CAAC;IAED,uBAAuB,CAAC,OAA2C;QACjE,OAAO,IAAI,CAAC,UAAU,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;IAC1D,CAAC;IAED,iBAAiB,CAAC,OAAkE;QAClF,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACpD,CAAC;IAED,iBAAiB,CAAC,OAAkE;QAClF,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACpD,CAAC;IAED,iBAAiB,CAAC,OAAkE;QAClF,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACpD,CAAC;IAED,gBAAgB,CAAC,OAAiE;QAChF,OAAO,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACnD,CAAC;IAEO,mBAAmB,CAAC,KAAc;QACxC,OAAO,wBAAwB,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC;IAEO,yBAAyB,CAAC,IAA4B,EAAE,OAAgB;QAC9E,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACtE,OAAO,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAC3C,CAAC;QACD,MAAM,MAAM,GAAG,OAAkC,CAAC;QAClD,MAAM,QAAQ,GAA0C,EAAE,CAAC;QAC3D,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,mCAAmC,CAAC;YACzC,KAAK,oCAAoC,CAAC;YAC1C,KAAK,gCAAgC,CAAC,CAAC,CAAC;gBACtC,IAAI,YAAY,IAAI,MAAM,EAAE,CAAC;oBAC3B,QAAQ,CAAC,UAAU,GAAG,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC;gBACzF,CAAC;gBACD,IAAI,YAAY,IAAI,MAAM,EAAE,CAAC;oBAC3B,QAAQ,CAAC,UAAU,GAAG,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC;gBACzF,CAAC;gBACD,IAAI,OAAO,IAAI,MAAM,EAAE,CAAC;oBACtB,QAAQ,CAAC,KAAK,GAAG,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;gBAC1E,CAAC;gBACD,MAAM;YACR,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,oBAAoB,CAAC,IAA4B,EAAE,OAAgB;QACzE,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACtE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QACD,MAAM,MAAM,GAAG,OAAkC,CAAC;QAClD,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,mCAAmC,CAAC,CAAC,CAAC;gBACzC,IAAI,OAAO,MAAM,CAAC,YAAY,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;oBACpE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBACxD,CAAC;gBACD,OAAO,MAAM,CAAC,YAAY,CAAC;YAC7B,CAAC;YACD,KAAK,oCAAoC,CAAC,CAAC,CAAC;gBAC1C,IAAI,OAAO,MAAM,CAAC,aAAa,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;oBACtE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBACxD,CAAC;gBACD,OAAO,MAAM,CAAC,aAAa,CAAC;YAC9B,CAAC;YACD,KAAK,gCAAgC,CAAC,CAAC,CAAC;gBACtC,IAAI,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;oBAC5D,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBACxD,CAAC;gBACD,OAAO,MAAM,CAAC,QAAQ,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;IAEO,gBAAgB,CAAC,WAA0B,EAAE,UAAkB;QACrE,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,WAAW,EAAE,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAClC,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAChC,CAAC;QACD,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAChC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,UAAU,CAAC;QACpB,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,OAK3B;QACC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,EAAE;YAClD,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,KAAK;YAC/B,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,IAAI,EAAE,OAAO,CAAC,IAAI;SACnB,CAAC,CAAC;QACH,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACtC,OAAO;YACL,WAAW;YACX,OAAO;YACP,UAAU,EAAE,IAAI,CAAC,gBAAgB,CAAC,WAAW,EAAE,OAAO,CAAC;YACvD,cAAc,EAAE,QAAQ,CAAC,MAAM;SAChC,CAAC;IACJ,CAAC;IAEO,wBAAwB,CAC9B,OAA2B,EAC3B,WAAsC,EACtC,UAAwC;QAExC,IAAI,UAAU,KAAK,YAAY,EAAE,CAAC;YAChC,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,gBAAgB,CAAC,WAAW,IAAI,IAAI,EAAE,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC7G,CAAC;IAEO,uBAAuB,CAAC,IAA8B,EAAE,OAAgB;QAC9E,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,IAAI,CAAC,cAAc,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC9C,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACtE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;YACxD,CAAC;YACD,MAAM,KAAK,GAAI,OAAmC,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;YAC9E,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;gBACxC,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;YACxD,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,OAAgC;QAClD,MAAM,gBAAgB,GAAG,6BAA6B,CAAC;YACrD,SAAS,EAAE,OAAO,CAAC,GAAG;YACtB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,aAAa,EAAE,OAAO,CAAC,IAAI,KAAK,mCAAmC;gBACjE,CAAC,CAAC,cAAc;gBAChB,CAAC,CAAC,OAAO,CAAC,IAAI,KAAK,oCAAoC;oBACrD,CAAC,CAAC,eAAe;oBACjB,CAAC,CAAC,UAAU;YAChB,UAAU,EAAE,OAAO,CAAC,KAAK;SAC1B,CAAC,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAClD,MAAM,SAAS,GAAG,kBAAkB,IAAI,CAAC,GAAG,EAAE,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QAElE,MAAM,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC;YACrC,IAAI,EAAE,qBAAqB;YAC3B,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,OAAO;YAChC,MAAM,EAAE;gBACN,IAAI,EAAE,gBAAgB;gBACtB,EAAE,EAAE,OAAO,CAAC,QAAQ;aACrB;YACD,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,SAAS,EAAE,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC;YACtE,YAAY,EAAE,OAAO,CAAC,QAAQ;YAC9B,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE;YACtC,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;SACxF,CAAC,CAAC;QACH,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,OAAO;YAChC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,MAAM,EAAE,QAAQ;YAChB,cAAc,EAAE,OAAO,CAAC,cAAc;YACtC,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,aAAa,EAAE,IAAI,CAAC,yBAAyB,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC;SAChF,CAAC;IACJ,CAAC;IAED,aAAa,CAAC,OAAwB;QACpC,OAAO,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;IACtD,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,OAAkC;QAElC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC;YAC3C,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;YAChG,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;YACjE,MAAM,UAAU,GAAG,UAAU,EAAE,SAAS,KAAK,aAAa;gBACxD,CAAC,CAAC,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,YAAY,CAAC;gBAChE,CAAC,CAAC,IAAI,CAAC;YACT,MAAM,QAAQ,GAAG,UAAU;gBACzB,CAAC,CAAC,uBAAuB,CAAC,UAAU,CAAC;gBACrC,CAAC,CAAC,2BAA2B,CAAC;oBAC5B,IAAI,EAAE,aAAa;oBACnB,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,kBAAkB,EAAE,aAAa;iBAClC,CAAC,CAAC;YACL,IAAI,UAAU,EAAE,CAAC;gBACf,IAAI,OAAO,CAAC,SAAS,KAAK,QAAQ,CAAC,SAAS,IAAI,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,QAAQ,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC;oBAC/G,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBACxD,CAAC;YACH,CAAC;YACD,IAAI,QAAQ,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;gBACvC,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;gBACjD,CAAC;gBACD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC;oBACjE,OAAO;oBACP,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,KAAK,EAAE;wBACL,IAAI,EAAE,OAAO;wBACb,EAAE,EAAE,OAAO,CAAC,OAAO;qBACpB;oBACD,UAAU;oBACV,KAAK,EAAE;wBACL,OAAO,EAAE,OAAO,CAAC,OAAO;wBACxB,SAAS,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS;wBAClC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK;wBAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;wBAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;qBACjC;oBACD,QAAQ,EAAE,SAAS;oBACnB,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,IAAI,EAAE,OAAO,CAAC,IAAI;iBACnB,CAAC,CAAC;gBACH,IAAI,aAAa,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;oBACvC,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;gBAC9C,CAAC;gBACD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC;oBACvC,GAAG,EAAE,OAAO,CAAC,SAAS;oBACtB,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,IAAI,EAAE,OAAO,CAAC,IAAI;iBACnB,CAAC,CAAC;gBACH,MAAM,cAAc,GAAG,IAAI,CAAC,uBAAuB,CAAC,UAAU,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;gBACpF,IAAI,CAAC,cAAc,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;oBAClD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBACxD,CAAC;gBACD,MAAM,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC,UAAU,EAAE,UAAU,CAAC,cAAc,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;gBAC/G,OAAO;oBACL,EAAE,EAAE,IAAI;oBACR,MAAM,EAAE;wBACN,OAAO;wBACP,SAAS,EAAE,OAAO,CAAC,SAAS;wBAC5B,MAAM,EAAE,cAAc,CAAC,SAAS;wBAChC,SAAS,EAAE,OAAO,CAAC,SAAS;wBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;wBACtB,cAAc,EAAE,OAAO,CAAC,cAAc;wBACtC,YAAY,EAAE,uBAAuB,CACnC,IAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,WAAW,EAAE,QAAQ,CAAC,kBAAkB,CAAC,EAChG,UAAU,EAAE,IAAI,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAClC;qBACF;iBACF,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC;gBACvD,OAAO;gBACP,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,KAAK,EAAE;oBACL,IAAI,EAAE,OAAO;oBACb,EAAE,EAAE,OAAO,CAAC,OAAO;iBACpB;gBACD,UAAU;gBACV,KAAK,EAAE;oBACL,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,SAAS,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS;oBAClC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK;oBAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;iBACjC;gBACD,QAAQ;gBACR,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,IAAI,EAAE,OAAO,CAAC,IAAI;aACnB,CAAC,CAAC;YACH,IAAI,QAAQ,CAAC,IAAI,KAAK,sBAAsB,EAAE,CAAC;gBAC7C,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;gBACjD,CAAC;gBACD,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBACvD,MAAM,cAAc,GAAG,IAAI,CAAC,uBAAuB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;gBAC5E,IAAI,CAAC,cAAc,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;oBAClD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBACxD,CAAC;gBACD,MAAM,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC,UAAU,EAAE,UAAU,CAAC,cAAc,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;YACjH,CAAC;YACD,OAAO;gBACL,EAAE,EAAE,IAAI;gBACR,MAAM,EAAE;oBACN,GAAG,MAAM;oBACT,YAAY,EAAE,uBAAuB,CACnC,IAAI,CAAC,wBAAwB,CAAC,MAAM,CAAC,YAAY,EAAE,IAAI,EAAE,QAAQ,CAAC,kBAAkB,CAAC,EACrF,UAAU,EAAE,IAAI,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAClC;iBACF;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,MAAM,IAAI,GAAG,KAAK,YAAY,KAAK,IAAI,MAAM,IAAI,KAAK,IAAI,OAAQ,KAA4B,CAAC,IAAI,KAAK,QAAQ;gBAC9G,CAAC,CAAE,KAA0B,CAAC,IAAI;gBAClC,CAAC,CAAC,+BAA+B,CAAC;YACpC,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE;aACzB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,cAAc,CAAC,OAA0B;QACvC,OAAO,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE;YAClE,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;SACjC,CAAC,CAAC;IACL,CAAC;IAED,iBAAiB,CAAC,OAAiC;QACjD,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE;YACrE,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;SACjC,CAAC,CAAC;IACL,CAAC;IAED,iBAAiB,CAAC,OAAkE;QAClF,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACpD,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,OAA+B;QACnD,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IACvE,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,OAAqC;QAC/D,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC9F,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,OAAkE;QACxF,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC1F,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,OAAgE;QACpF,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;IAChG,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,OAAwE;QAC7F,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,KAA2C,EAAE,OAAO,CAAC,CAAC;IAC9G,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,OAAqC;QAC/D,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;IAC9D,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,OAAuE;QAClG,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;IAC/D,CAAC;IAED,KAAK,CAAC,+BAA+B,CAAC,OAAwE;QAC5G,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,+BAA+B,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC9E,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,OAAuF;QACnH,OAAO,IAAI,CAAC,UAAU,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;IAC1D,CAAC;IAED,4BAA4B,CAAC,OAAwE;QACnG,OAAO,IAAI,CAAC,UAAU,CAAC,4BAA4B,CAAC,OAAO,CAAC,CAAC;IAC/D,CAAC;IAED,0BAA0B,CAAC,OAA2E;QACpG,OAAO,IAAI,CAAC,UAAU,CAAC,0BAA0B,CAAC,OAAO,CAAC,CAAC;IAC7D,CAAC;IAED,yBAAyB,CAAC,OAA0E;QAClG,OAAO,IAAI,CAAC,UAAU,CAAC,yBAAyB,CAAC,OAAO,CAAC,CAAC;IAC5D,CAAC;IAED,cAAc,CAAC,OAA+D;QAC5E,OAAO,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;IACjD,CAAC;IAED,gBAAgB,CAAC,OAAiE;QAChF,OAAO,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACnD,CAAC;IAED,SAAS,CAAC,OAA0D;QAClE,OAAO,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAC5C,CAAC;IAED,qBAAqB,CAAC,OAAsE;QAC1F,OAAO,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;IACxD,CAAC;IAED,gBAAgB,CAAC,OAAiE;QAChF,OAAO,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACnD,CAAC;IAED,iBAAiB,CAAC,OAAkE;QAClF,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACpD,CAAC;IAED,eAAe,CAAC,OAAgE;QAC9E,OAAO,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;IAClD,CAAC;IAED,uBAAuB,CAAC,OAAwE;QAC9F,OAAO,IAAI,CAAC,UAAU,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;IAC1D,CAAC;IAED,4BAA4B,CAAC,OAA6E;QACxG,OAAO,IAAI,CAAC,UAAU,CAAC,4BAA4B,CAAC,OAAO,CAAC,CAAC;IAC/D,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,OAAiC;QACxD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG;gBACX,OAAO,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE;gBACnC,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,KAAK,EAAE,EAAE,IAAI,EAAE,OAAgB,EAAE,EAAE,EAAE,OAAO,CAAC,OAAO,EAAE;gBACtD,KAAK,EAAE;oBACL,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,SAAS,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS;oBAClC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK;oBAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;iBACjC;aACF,CAAC;YACF,QAAQ,OAAO,CAAC,MAAM,EAAE,CAAC;gBACvB,KAAK,mBAAmB;oBACtB,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACtE,KAAK,cAAc;oBACjB,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjE,KAAK,eAAe;oBAClB,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClE,KAAK,qBAAqB;oBACxB,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC,eAAe,CAAC,EAAE,GAAG,IAAI,EAAE,eAAe,EAAE,OAAO,CAAC,eAAe,EAAE,CAAC,EAAE,CAAC;gBACjH,KAAK,cAAc;oBACjB,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACxE,KAAK,2BAA2B;oBAC9B,CAAC;wBACC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;wBACvE,OAAO;4BACL,EAAE,EAAE,IAAI;4BACR,MAAM,EAAE,MAAM,IAAI,CAAC,4BAA4B,CAAC;gCAC9C,GAAG,IAAI;gCACP,UAAU,EAAE;oCACV,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,eAAe;oCAC/C,KAAK,EAAE;wCACL,SAAS;wCACT,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK;wCAC1B,OAAO,EAAE,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC;qCACpC;oCACD,IAAI,EAAE;wCACJ,KAAK,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC;qCAC/B;iCACF;gCACD,MAAM,EAAE,OAAO,CAAC,MAAM;6BACvB,CAAC;yBACH,CAAC;oBACF,CAAC;YACL,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,MAAM,IAAI,GAAG,KAAK,YAAY,KAAK,IAAI,MAAM,IAAI,KAAK,IAAI,OAAQ,KAA4B,CAAC,IAAI,KAAK,QAAQ;gBAC9G,CAAC,CAAE,KAA0B,CAAC,IAAI;gBAClC,CAAC,CAAC,8BAA8B,CAAC;YACnC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,CAAC;QACjD,CAAC;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,OAAiC;QACxD,MAAM,KAAK,GAAG,EAAE,IAAI,EAAE,OAAgB,EAAE,EAAE,EAAE,OAAO,CAAC,OAAO,IAAI,cAAc,EAAE,CAAC;QAChF,MAAM,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC;QAC3C,IAAI,CAAC;YACH,QAAQ,OAAO,CAAC,MAAM,EAAE,CAAC;gBACvB,KAAK,wBAAwB;oBAC3B,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC,yBAAyB,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;gBACxL,KAAK,yBAAyB;oBAC5B,OAAO;wBACL,EAAE,EAAE,IAAI;wBACR,MAAM,EAAE,MAAM,IAAI,CAAC,0BAA0B,CAAC;4BAC5C,OAAO;4BACP,SAAS,EAAE,OAAO,CAAC,SAAS;4BAC5B,KAAK;4BACL,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS;yBACpE,CAAC;qBACH,CAAC;gBACJ,KAAK,YAAY;oBACf,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC,cAAc,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;gBAC3G,KAAK,cAAc;oBACjB,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC,gBAAgB,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;gBAC7G,KAAK,MAAM;oBACT,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;gBACtG,KAAK,aAAa;oBAChB,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC,eAAe,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,qBAAqB,IAAI,CAAC,GAAG,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,EAAE,CAAC;gBACrM,KAAK,mBAAmB;oBACtB,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC,qBAAqB,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,SAAS,EAAE,2BAA2B,IAAI,CAAC,GAAG,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,EAAE,CAAC;gBAC3O,KAAK,eAAe;oBAClB,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC,iBAAiB,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,SAAS,EAAE,uBAAuB,IAAI,CAAC,GAAG,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,EAAE,CAAC;gBACnO,KAAK,aAAa;oBAChB,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC,eAAe,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE,qBAAqB,IAAI,CAAC,GAAG,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,EAAE,CAAC;gBACzO,KAAK,cAAc;oBACjB,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC,gBAAgB,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,sBAAsB,IAAI,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC;YAChI,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,MAAM,IAAI,GAAG,KAAK,YAAY,KAAK,IAAI,MAAM,IAAI,KAAK,IAAI,OAAQ,KAA4B,CAAC,IAAI,KAAK,QAAQ;gBAC9G,CAAC,CAAE,KAA0B,CAAC,IAAI;gBAClC,CAAC,CAAC,8BAA8B,CAAC;YACnC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,CAAC;QACjD,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAAC,OAAgB,EAAE,OAAe,EAAE,YAAqB;QACtF,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;QACxF,OAAO,UAAU,IAAI,SAAS,CAAC;IACjC,CAAC;IAEO,SAAS,CAAC,IAAwB;QACxC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAAC,OAAgB,EAAE,MAA0B;QAC1E,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACjD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED,MAAM,UAAU,kBAAkB,CAChC,IAA2B,EAC3B,UAII,EAAE;IAEN,OAAO,IAAI,iBAAiB,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC,WAAW,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;AACjI,CAAC;AAED,MAAM,UAAU,2BAA2B,CACzC,IAAe,EACf,UAII,EAAE;IAEN,OAAO,IAAI,iBAAiB,CAAC,IAAI,EAAE,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;AAC5F,CAAC;AAGD,OAAO,EACL,2BAA2B,EAC3B,6BAA6B,EAC7B,8BAA8B,EAC9B,uBAAuB,GACxB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,0BAA0B,EAAE,MAAM,uBAAuB,CAAC;AACnE,OAAO,EAAE,uBAAuB,EAAE,2BAA2B,EAAE,MAAM,mBAAmB,CAAC;AACzF;;;;;GAKG"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/vault-ingress/index.ts"],"names":[],"mappings":"AA6BA,SAAS,wBAAwB,CAAC,KAAc;IAC9C,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QAC1C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,wBAAwB,CAAC,KAAK,CAAC,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,wBAAwB,CAAC,KAAK,CAAC,CAAC,CAAC,CACpF,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAsID,MAAM,iBAAiB;IAEF;IACA;IAFnB,YACmB,UAAqB,EACrB,aAA2B,KAAK;QADhC,eAAU,GAAV,UAAU,CAAW;QACrB,eAAU,GAAV,UAAU,CAAsB;IAChD,CAAC;IAEJ,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;IACjC,CAAC;IAED,0BAA0B,CAAC,OAA0C;QACnE,OAAO,IAAI,CAAC,UAAU,CAAC,0BAA0B,CAAC,OAAO,CAAC,CAAC;IAC7D,CAAC;IAED,wBAAwB,CAAC,OAAyE;QAChG,OAAO,IAAI,CAAC,UAAU,CAAC,wBAAwB,CAAC,OAAO,CAAC,CAAC;IAC3D,CAAC;IAED,uBAAuB,CAAC,OAA2C;QACjE,OAAO,IAAI,CAAC,UAAU,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;IAC1D,CAAC;IAED,iBAAiB,CAAC,OAAkE;QAClF,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACpD,CAAC;IAED,iBAAiB,CAAC,OAAkE;QAClF,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACpD,CAAC;IAED,iBAAiB,CAAC,OAAkE;QAClF,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACpD,CAAC;IAED,gBAAgB,CAAC,OAAiE;QAChF,OAAO,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACnD,CAAC;IAED,cAAc,CAAC,OAA0B;QACvC,OAAO,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IAC7E,CAAC;IAED,iBAAiB,CAAC,OAAiC;QACjD,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IAChF,CAAC;IAED,eAAe,CAAC,OAA+B;QAC7C,OAAO,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IACxD,CAAC;IAED,iBAAiB,CAAC,OAAkE;QAClF,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;IACtF,CAAC;IAED,eAAe,CAAC,OAAgE;QAC9E,OAAO,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC;IACxF,CAAC;IAED,gBAAgB,CAAC,OAAwE;QACvF,OAAO,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,KAAY,CAAC,CAAC;IAChE,CAAC;IAED,qBAAqB,CAAC,OAAsE;QAC1F,OAAO,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IACxH,CAAC;IAED,2BAA2B,CAAC,OAA4E;QACtG,OAAO,IAAI,CAAC,UAAU,CAAC,2BAA2B,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACzH,CAAC;IAED,sBAAsB,CAAC,OAAuE;QAC5F,OAAO,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IACzH,CAAC;IAED,4BAA4B,CAAC,OAA6E;QACxG,OAAO,IAAI,CAAC,UAAU,CAAC,4BAA4B,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC1H,CAAC;IAED,eAAe,CAAC,OAAgE;QAI9E,OAAO,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;IACzG,CAAC;IAED,sBAAsB,CAAC,OAAuE;QAC5F,OAAO,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;IACzD,CAAC;IAED,+BAA+B,CAAC,KAAyC;QACvE,OAAO,IAAI,CAAC,UAAU,CAAC,+BAA+B,CAAC,KAAK,CAAC,CAAC;IAChE,CAAC;IAED,uBAAuB,CAAC,OAAuF;QAC7G,OAAO,IAAI,CAAC,UAAU,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;IAC1D,CAAC;IAED,aAAa,CAAC,OAAwB;QACpC,OAAO,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;IACtD,CAAC;IAED,oBAAoB,CAAC,OAAqE;QACxF,OAAO,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IACzG,CAAC;IAED,sBAAsB,CAAC,QAA0E;QAC/F,OAAO,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC,QAAQ,CAAC,CAAC;IAC1D,CAAC;IAED,gBAAgB,CAAC,OAAiE;QAChF,OAAO,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACnD,CAAC;IAED,iBAAiB,CAAC,OAAkE;QAClF,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACpD,CAAC;IAED,eAAe,CAAC,OAAgE;QAC9E,OAAO,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;IAClD,CAAC;IAED,uBAAuB,CAAC,OAAwE;QAC9F,OAAO,IAAI,CAAC,UAAU,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;IAC1D,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,OAAkC;QAC1D,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC;gBACvD,OAAO,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE;gBACnC,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,WAAW,EAAE;gBACjD,KAAK,EAAE;oBACL,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,SAAS,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS;oBAClC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK;oBAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;iBACjC;gBACD,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,IAAI,EAAE,OAAO,CAAC,IAAI;aACnB,CAAC,CAAC;YACH,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QAC9B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE;oBACL,IAAI,EAAG,KAAa,CAAC,IAAI,IAAI,uBAAuB;oBACpD,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;iBAChE;aACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,OAAiC;QACxD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG;gBACX,OAAO,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE;gBACnC,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,KAAK,EAAE,EAAE,IAAI,EAAE,OAAgB,EAAE,EAAE,EAAE,OAAO,CAAC,WAAW,EAAE;gBAC1D,KAAK,EAAE;oBACL,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,SAAS,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS;oBAClC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK;oBAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;iBACjC;aACF,CAAC;YACF,IAAI,MAAW,CAAC;YAChB,QAAQ,OAAO,CAAC,MAAM,EAAE,CAAC;gBACvB,KAAK,cAAc;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;oBAAC,MAAM;gBACvE,KAAK,eAAe;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;oBAAC,MAAM;gBACzE,KAAK,qBAAqB;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,EAAE,GAAG,IAAI,EAAE,eAAe,EAAE,OAAO,CAAC,eAAe,EAAE,CAAC,CAAC;oBAAC,MAAM;gBAC9H,KAAK,cAAc;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;oBAAC,MAAM;YAChF,CAAC;YACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QAC9B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,IAAI,EAAG,KAAa,CAAC,IAAI,IAAI,sBAAsB,EAAE,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;QACxJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,OAAiC;QACxD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,EAAE,IAAI,EAAE,OAAgB,EAAE,EAAE,EAAE,OAAO,CAAC,OAAO,IAAI,OAAO,EAAE,CAAC;YACzE,IAAI,MAAW,CAAC;YAChB,QAAQ,OAAO,CAAC,MAAM,EAAE,CAAC;gBACvB,KAAK,aAAa;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,OAAO,IAAI,OAAO,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;oBAAC,MAAM;gBAChO,KAAK,eAAe;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,OAAO,IAAI,OAAO,EAAE,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;oBAAC,MAAM;gBACtQ,KAAK,aAAa;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,OAAO,IAAI,OAAO,EAAE,EAAE,eAAe,EAAE,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;oBAAC,MAAM;gBACpQ,KAAK,cAAc;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,OAAO,IAAI,OAAO,EAAE,EAAE,CAAC,CAAC;oBAAC,MAAM;gBACpK,KAAK,aAAa;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,OAAO,IAAI,OAAO,EAAE,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;oBAAC,MAAM;gBACpS,KAAK,kBAAkB;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,OAAO,IAAI,OAAO,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;oBAAC,MAAM;YAC/Q,CAAC;YACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QAC9B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,IAAI,EAAG,KAAa,CAAC,IAAI,IAAI,sBAAsB,EAAE,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;QACxJ,CAAC;IACH,CAAC;CACF;AAED,MAAM,UAAU,kBAAkB,CAAC,SAAoB,EAAE,OAA6E;IACpI,OAAO,IAAI,iBAAiB,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;AAC9D,CAAC;AAED,0CAA0C;AAC1C,MAAM,CAAC,MAAM,2BAA2B,GAAG,kBAAkB,CAAC"}
package/dist/vault-ingress/remote-transport.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import type { AgentDispatchTransport } from "../clients/agent/contracts.js";
2
- import type { DispatchRequest, DispatchResult } from "../vault-core/contracts.js";
2
+ import type { DispatchRequest, DispatchResult, AgentSecretGrant, SecretDestinationGrant } from "../vault-core/contracts.js";
3
3
  /**
4
4
  * Remote transport for AgentClient that communicates over HTTP.
5
5
  * This allows the Agent (LLM) to reside in a separate process from the Vault Core.
@@ -13,11 +13,13 @@ export declare class AgentDispatchHttpTransport implements AgentDispatchTranspor
13
13
  private readonly _controlUrl;
14
14
  constructor(_url: string, _fetchImpl?: typeof fetch, _controlUrl?: string);
15
15
  agentDispatch(request: DispatchRequest): Promise<DispatchResult>;
16
- agentListCapabilities(request: import("../vault-core/index.js").AgentListCapabilitiesRequest): Promise<readonly import("../vault-core/index.js").AgentCapabilityState[]>;
16
+ agentListGrants(request: import("../vault-core/index.js").AgentListGrantsRequest): Promise<{
17
+ agentSecrets: readonly AgentSecretGrant[];
18
+ secretDestinations: readonly SecretDestinationGrant[];
19
+ }>;
17
20
  agentListSecrets(request: import("../vault-core/index.js").AgentListSecretsRequest): Promise<readonly import("../vault-core/index.js").AgentVisibleSecretRecord[]>;
18
21
  agentListRequests(request: import("../vault-core/index.js").AgentListRequestsRequest): Promise<readonly import("../vault-core/index.js").AgentVisibleRequestRecord[]>;
19
22
  agentGetRequest(request: import("../vault-core/index.js").AgentGetRequestRequest): Promise<import("../vault-core/index.js").AgentRequestResult>;
20
23
  agentGetRuntimeManifest(request: import("../vault-core/index.js").AgentGetRuntimeManifestRequest): Promise<import("../vault-core/index.js").AgentRuntimeManifest>;
21
- agentSubmitCapabilityRequest(request: import("../vault-core/index.js").AgentSubmitCapabilityRequestCommand): Promise<import("../vault-core/index.js").CapabilityStateRecord>;
22
24
  private _postControl;
23
25
  }
package/dist/vault-ingress/remote-transport.js CHANGED
@@ -19,9 +19,8 @@ export class AgentDispatchHttpTransport {
19
19
  vaultId: request.vaultId.value,
20
20
  requestId: request.requestId,
21
21
  requestedAt: request.requestedAt,
22
- agentId: request.agent.id,
22
+ rootAgentId: request.agent.id,
23
23
  reason: request.reason,
24
- capabilityId: request.capability?.capabilityId,
25
24
  secretAlias: request.secretAlias,
26
25
  targetUrl: request.targetUrl,
27
26
  method: request.method,
@@ -49,13 +48,13 @@ export class AgentDispatchHttpTransport {
49
48
  }
50
49
  return payload.result;
51
50
  }
52
- async agentListCapabilities(request) {
51
+ async agentListGrants(request) {
53
52
  const payload = await this._postControl({
54
- action: "list_capabilities",
53
+ action: "list_grants",
55
54
  vaultId: request.vaultId.value,
56
55
  requestId: request.requestId,
57
56
  requestedAt: request.requestedAt,
58
- agentId: request.agent.id,
57
+ rootAgentId: request.agent.id,
59
58
  proof: { token: request.proof.token },
60
59
  });
61
60
  return payload;
@@ -66,7 +65,7 @@ export class AgentDispatchHttpTransport {
66
65
  vaultId: request.vaultId.value,
67
66
  requestId: request.requestId,
68
67
  requestedAt: request.requestedAt,
69
- agentId: request.agent.id,
68
+ rootAgentId: request.agent.id,
70
69
  proof: { token: request.proof.token },
71
70
  });
72
71
  return payload;
@@ -77,7 +76,7 @@ export class AgentDispatchHttpTransport {
77
76
  vaultId: request.vaultId.value,
78
77
  requestId: request.requestId,
79
78
  requestedAt: request.requestedAt,
80
- agentId: request.agent.id,
79
+ rootAgentId: request.agent.id,
81
80
  proof: { token: request.proof.token },
82
81
  });
83
82
  return payload;
@@ -89,7 +88,7 @@ export class AgentDispatchHttpTransport {
89
88
  requestId: request.requestId,
90
89
  requestedAt: request.requestedAt,
91
90
  targetRequestId: request.targetRequestId,
92
- agentId: request.agent.id,
91
+ rootAgentId: request.agent.id,
93
92
  proof: { token: request.proof.token },
94
93
  });
95
94
  return payload;
@@ -100,30 +99,11 @@ export class AgentDispatchHttpTransport {
100
99
  vaultId: request.vaultId.value,
101
100
  requestId: request.requestId,
102
101
  requestedAt: request.requestedAt,
103
- agentId: request.agent.id,
102
+ rootAgentId: request.agent.id,
104
103
  proof: { token: request.proof.token },
105
104
  });
106
105
  return payload;
107
106
  }
108
- async agentSubmitCapabilityRequest(request) {
109
- const payload = await this._postControl({
110
- action: "submit_capability_request",
111
- vaultId: request.vaultId.value,
112
- requestId: request.requestId,
113
- requestedAt: request.requestedAt,
114
- agentId: request.agent.id,
115
- proof: { token: request.proof.token },
116
- operation: request.capability.operation,
117
- secretAliases: request.secretAliases ? [...request.secretAliases] : [],
118
- write: {
119
- scope: request.capability.write.scope,
120
- methods: [...request.capability.write.methods],
121
- },
122
- read: { paths: [...request.capability.read.paths] },
123
- reason: request.reason,
124
- });
125
- return payload;
126
- }
127
107
  async _postControl(body) {
128
108
  const response = await this._fetchImpl(this._controlUrl, {
129
109
  method: "POST",
package/dist/vault-ingress/remote-transport.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"remote-transport.js","sourceRoot":"","sources":["../../src/vault-ingress/remote-transport.ts"],"names":[],"mappings":"AAIA;;;GAGG;AACH;;GAEG;AACH,MAAM,OAAO,0BAA0B;IAElB;IACA;IACA;IAHnB,YACmB,IAAY,EACZ,aAA2B,KAAK,EAChC,cAAsB,IAAI,GAAG,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC,QAAQ,EAAE;QAFjE,SAAI,GAAJ,IAAI,CAAQ;QACZ,eAAU,GAAV,UAAU,CAAsB;QAChC,gBAAW,GAAX,WAAW,CAAsD;IACjF,CAAC;IAEJ,KAAK,CAAC,aAAa,CAAC,OAAwB;QAC1C,MAAM,aAAa,GAA8B;YAC/C,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK;YAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YACzB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,YAAY,EAAE,OAAO,CAAC,UAAU,EAAE,YAAY;YAC9C,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,KAAK,EAAE;gBACL,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK;aAC3B;SACF,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE;YAChD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC;SACpC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,sCAAsC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;QAClG,CAAC;QAED,MAAM,OAAO,GAAiE,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpG,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC1E,KAAa,CAAC,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC;YACzC,MAAM,KAAK,CAAC;QACd,CAAC;QAED,OAAO,OAAO,CAAC,MAAM,CAAC;IACxB,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,OAAsE;QAChG,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACtC,MAAM,EAAE,mBAAmB;YAC3B,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK;YAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YACzB,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE;SACtC,CAAC,CAAC;QACH,OAAO,OAA2E,CAAC;IACrF,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,OAAiE;QACtF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACtC,MAAM,EAAE,cAAc;YACtB,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK;YAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YACzB,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE;SACtC,CAAC,CAAC;QACH,OAAO,OAA+E,CAAC;IACzF,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,OAAkE;QACxF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACtC,MAAM,EAAE,eAAe;YACvB,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK;YAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YACzB,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE;SACtC,CAAC,CAAC;QACH,OAAO,OAAgF,CAAC;IAC1F,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,OAAgE;QACpF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACtC,MAAM,EAAE,qBAAqB;YAC7B,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK;YAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,eAAe,EAAE,OAAO,CAAC,eAAe;YACxC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YACzB,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE;SACtC,CAAC,CAAC;QACH,OAAO,OAA8D,CAAC;IACxE,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,OAAwE;QACpG,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACtC,MAAM,EAAE,cAAc;YACtB,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK;YAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YACzB,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE;SACtC,CAAC,CAAC;QACH,OAAO,OAAgE,CAAC;IAC1E,CAAC;IAED,KAAK,CAAC,4BAA4B,CAAC,OAA6E;QAC9G,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACtC,MAAM,EAAE,2BAA2B;YACnC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK;YAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YACzB,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE;YACrC,SAAS,EAAE,OAAO,CAAC,UAAU,CAAC,SAAS;YACvC,aAAa,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE;YACtE,KAAK,EAAE;gBACL,KAAK,EAAE,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,KAAK;gBACrC,OAAO,EAAE,CAAC,GAAG,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,OAAO,CAAC;aAC/C;YACD,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,GAAG,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE;YACnD,MAAM,EAAE,OAAO,CAAC,MAAM;SACvB,CAAC,CAAC;QACH,OAAO,OAAiE,CAAC;IAC3E,CAAC;IAEO,KAAK,CAAC,YAAY,CAAC,IAAa;QACtC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,EAAE;YACvD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,sCAAsC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;QAClG,CAAC;QACD,MAAM,OAAO,GAAyG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC5I,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC1E,KAAa,CAAC,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC;YACzC,MAAM,KAAK,CAAC;QACd,CAAC;QACD,OAAO,OAAO,CAAC,MAAM,CAAC;IACxB,CAAC;CACF"}
1
+ {"version":3,"file":"remote-transport.js","sourceRoot":"","sources":["../../src/vault-ingress/remote-transport.ts"],"names":[],"mappings":"AAIA;;;GAGG;AACH;;GAEG;AACH,MAAM,OAAO,0BAA0B;IAElB;IACA;IACA;IAHnB,YACmB,IAAY,EACZ,aAA2B,KAAK,EAChC,cAAsB,IAAI,GAAG,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC,QAAQ,EAAE;QAFjE,SAAI,GAAJ,IAAI,CAAQ;QACZ,eAAU,GAAV,UAAU,CAAsB;QAChC,gBAAW,GAAX,WAAW,CAAsD;IACjF,CAAC;IAEJ,KAAK,CAAC,aAAa,CAAC,OAAwB;QAC1C,MAAM,aAAa,GAA8B;YAC/C,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK;YAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YAC7B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,KAAK,EAAE;gBACL,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK;aAC3B;SACF,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE;YAChD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC;SACpC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,sCAAsC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;QAClG,CAAC;QAED,MAAM,OAAO,GAAiE,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpG,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC1E,KAAa,CAAC,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC;YACzC,MAAM,KAAK,CAAC;QACd,CAAC;QAED,OAAO,OAAO,CAAC,MAAM,CAAC;IACxB,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,OAAgE;QACpF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACtC,MAAM,EAAE,aAAa;YACrB,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK;YAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YAC7B,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE;SACtC,CAAC,CAAC;QACH,OAAO,OAA+G,CAAC;IACzH,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,OAAiE;QACtF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACtC,MAAM,EAAE,cAAc;YACtB,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK;YAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YAC7B,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE;SACtC,CAAC,CAAC;QACH,OAAO,OAA+E,CAAC;IACzF,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,OAAkE;QACxF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACtC,MAAM,EAAE,eAAe;YACvB,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK;YAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YAC7B,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE;SACtC,CAAC,CAAC;QACH,OAAO,OAAgF,CAAC;IAC1F,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,OAAgE;QACpF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACtC,MAAM,EAAE,qBAAqB;YAC7B,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK;YAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,eAAe,EAAE,OAAO,CAAC,eAAe;YACxC,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YAC7B,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE;SACtC,CAAC,CAAC;QACH,OAAO,OAA8D,CAAC;IACxE,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,OAAwE;QACpG,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACtC,MAAM,EAAE,cAAc;YACtB,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK;YAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YAC7B,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE;SACtC,CAAC,CAAC;QACH,OAAO,OAAgE,CAAC;IAC1E,CAAC;IAEO,KAAK,CAAC,YAAY,CAAC,IAAa;QACtC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,EAAE;YACvD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,sCAAsC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;QAClG,CAAC;QACD,MAAM,OAAO,GAAyG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC5I,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC1E,KAAa,CAAC,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC;YACzC,MAAM,KAAK,CAAC;QACd,CAAC;QACD,OAAO,OAAO,CAAC,MAAM,CAAC;IACxB,CAAC;CACF"}
package/docs/ARCHITECTURE.md CHANGED
@@ -1,4 +1,4 @@
1
- # Architecture (v1.47.2)
1
+ # Architecture (v1.65.1)
2
2
 
3
3
  The cbio runtime follows a **Sovereign Vault** architecture: a unified, authority-centric model where security is grounded in proof-of-knowledge (passwords) rather than external identity hierarchies.
4
4
 
@@ -8,46 +8,63 @@ The cbio runtime follows a **Sovereign Vault** architecture: a unified, authorit
8
8
  2. **Unified Storage**: All vault state (secrets, metadata, registries) is stored in a single encrypted partition.
9
9
  3. **Managed Agency**: The vault can act as a custodian for its agents, managing their identity material internally.
10
10
  4. **Process Isolation**: Sensitive cryptographic operations are physically separated from agent execution environments.
11
+ 5. **Domain-Level Authorization**: Network dispatches are authorized at the domain level, simplifying white-list management and reducing overhead.
11
12
 
12
13
  ## Identity and Roles
13
14
 
14
15
  The runtime distinguishes between administrative authority and delegated agency:
15
16
 
16
17
  - **`vault-master` (Role)**: The implicit administrative role held by anyone who successfully unlocks the vault.
17
- - **`agent` (Role)**: A delegated principal with specific capabilities.
18
+ - **`agent` (Role)**: A delegated principal identified by a unique `AgentId`.
18
19
  - **Managed Identity**: An identity whose private keys are stored within the vault.
19
20
  - **External Identity**: An identity represented by a public key, with private keys managed externally.
20
21
 
21
22
  ## Components
22
23
 
23
24
  - **`vault-core`**: The secure engine. Stores secret plaintext, validates transactions, and maintains the audit log.
24
- - **`clients/owner`**: The administrative interface. Used for writing secrets, managing agents, and exporting material.
25
- - **`clients/agent`**: The consumer interface. Used by agents to request signed dispatches without ever seeing secret plaintext.
26
- - **`vault-ingress`**: The protocol layer that resolves capabilities and handles incoming requests.
25
+ - **`clients/owner`**: The administrative interface. Used for writing secrets, managing agents, and managing grants.
26
+ - **`clients/agent`**: The consumer interface. Used by agents to request signed dispatches and introspect their identity/grants.
27
+ - **`vault-ingress`**: The protocol layer that provides the entry points for external system integration.
27
28
 
28
- ## Unified Storage Layout
29
+ ## Simplified Authorization Model (Grants)
29
30
 
30
- All vault data is stored under a flat versioned prefix: `vaults/<vault-id>_v1/`.
31
- - **`profile.sealed`**: Contains all vault metadata (nickname, owner ID, etc.).
32
- - **`secrets.sealed`**: Contains the encrypted secret registry.
33
- - **`agents.sealed`**: Contains the agent identity registry (including managed private keys).
34
- - **`capabilities.sealed`**: Contains granted capabilities.
35
- - **`custom-flows.sealed`**: Contains registered owner-defined HTTP request templates.
36
- - **`audit.jsonl`**: Contains the tamper-evident audit log.
37
- - **`working-key.sealed`**: Contains the sealed vault working key custody blob.
38
- - **`secret-<secret-id>.sealed`**: Contains encrypted secret material blobs.
31
+ The legacy "Grant" system has been replaced by a streamlined **Grant** model:
39
32
 
40
- The `_v1` suffix is the storage-layout version. Future layout changes should increment this suffix rather than adding deeper wrapper directories.
33
+ 1. **Agent-Secret Grants**: Explicitly authorize an agent to use a specific secret alias.
34
+ 2. **Secret-Destination Grants**: Explicitly authorize a secret alias to be dispatched to a specific domain (e.g., `api.example.com`).
35
+
36
+ A dispatch is permitted only if **both** grants exist and are in `approved` status.
37
+
38
+ ## Approval Flows
39
+
40
+ Two distinct approval contexts exist:
41
+
42
+ - **Dispatch Approval**: Triggered when a concrete dispatch is blocked. Decisions are made based on the specific request context (URL, Method, Reason).
43
+ - **Whitelist (Grant) Approval**: A strategic decision to trust an agent with a secret or a secret with a domain.
44
+
45
+ The system supports an **Allow & Grant** shortcut in the Dispatch UI to bridge these two workflows for a "Zero-Configuration" experience.
46
+
47
+ ## Storage Layout
48
+
49
+ All vault data is stored under a versioned prefix: `vaults/<vault-id>_v1/`.
50
+ - **`profile.json`**: (When sealed) Vault metadata.
51
+ - **`secrets/`**: Secret records indexed by ID and Alias.
52
+ - **`custody/`**: Sealed secret material (plaintext).
53
+ - **`agents/`**: Agent identity records.
54
+ - **`grants/agent_secrets/`**: White-list of agents authorized for specific secrets.
55
+ - **`grants/secret_destinations/`**: White-list of domains authorized for specific secrets.
56
+ - **`requests/`**: History of dispatches and pending approvals.
57
+ - **`audit/`**: Append-only log.
41
58
 
42
59
  ## Process Isolation (A/B Architecture)
43
60
 
44
- To prevent secret leakage even in the case of agent compromise, the runtime is designed for process-level isolation:
45
- - **Process A (Agent)**: Runs business logic/LLM. Authenticates via **Session Tokens** (or Managed Identity signers) but has no access to the vault's working key.
46
- - **Process B (Vault Server)**: Unlocks the vault, issues/revokes tokens, and processes dispatch requests from Process A.
61
+ To prevent secret leakage, the runtime is designed for physical separation:
62
+ - **Process A (Agent)**: Runs business logic/LLM. Authenticates via **Session Tokens** but never handles the master password or raw secrets.
63
+ - **Process B (Vault Server)**: Unlocks the vault and handles sensitive operations.
47
64
 
48
65
  ## Implementation Rules
49
66
 
50
- 1. **Locked by Default**: Before unlocking with a password, the vault reveals nothing but its ID.
67
+ 1. **Locked by Default**: Before unlocking, the vault reveals nothing but its ID.
51
68
  2. **Secret Separation**: Plaintext secrets never leave the memory space of `vault-core`.
52
- 3. **Auditability**: Every action is bound to a principal (`vault-master` or `agent-id`) and recorded.
53
- 4. **Capability Gating**: Agents can only act on secrets for which they have an explicit, valid capability.
69
+ 3. **Auditability**: Every action is bound to a principal and recorded.
70
+ 4. **Grant Gating**: Agents can only act on secrets for which they have valid, approved grants.
package/docs/CUSTODY_MODEL.md CHANGED
@@ -37,7 +37,7 @@ The runtime enforces a hard process boundary (A/B Architecture):
37
37
 
38
38
  ## Export / Reveal Policy
39
39
 
40
- Exporting secret plaintext is a first-class capability of the Sovereign Vault.
40
+ Exporting secret plaintext is a first-class grant of the Sovereign Vault.
41
41
  - `exportSecret(...)` is a valid, audited administrative operation.
42
42
  - Requires the vault to be in an unlocked (operational) state.
43
43
 
package/docs/IDENTITY_MODEL.md CHANGED
@@ -22,9 +22,9 @@ An identity whose public/private keypair is generated and stored **inside** the
22
22
 
23
23
  ## Identifying Principals
24
24
 
25
- ### Identity ID
26
- A stable, public-key-derived identifier (via `deriveIdentityId(...)`).
27
- - Used for internal registries, capability assignment, and audit logs.
25
+ ### Root Agent ID
26
+ A stable, public-key-derived identifier (via `deriveRootAgentId(...)`).
27
+ - Used for internal registries, grant assignment, and audit logs.
28
28
  - Decoupled from human-readable labels.
29
29
 
30
30
  ### Nicknames
@@ -47,5 +47,5 @@ To achieve the Sovereign Vault's simplicity, the following legacy concepts were
47
47
  | Actor | Source of Authority | Registry |
48
48
  | :--- | :--- | :--- |
49
49
  | **Owner** | Master Password | Implicit (via Unlock) |
50
- | **Managed Agent** | Vault Registry (Internal Key) | `agentIdentities` registry |
51
- | **External Agent** | External Signer (Public Key) | `agentIdentities` registry |
50
+ | **Managed Agent** | Vault Registry (Internal Key) | `rootAgentIdentities` registry |
51
+ | **External Agent** | External Signer (Public Key) | `rootAgentIdentities` registry |
package/docs/MIGRATION-1.51.md CHANGED
@@ -22,11 +22,11 @@ This version suffix is for storage-layout evolution. Future storage rewrites sho
22
22
 
23
23
  ### Owner client initialization
24
24
 
25
- - `createVaultClient(...)` now has a stable public type for:
25
+ - `createOwnerClient(...)` now has a stable public type for:
26
26
  - `passwordVerifier`
27
27
  - `sensitiveActionVerifier`
28
28
  - If your UI reads secret plaintext or agent private keys, configure one of these verifiers.
29
- - For long-running GUI processes, prefer `createOwnerSession(...)` and obtain owner clients from the session rather than caching a raw `VaultClient`.
29
+ - For long-running GUI processes, prefer `createOwnerSession(...)` and obtain owner clients from the session rather than caching a raw `OwnerClient`.
30
30
 
31
31
  ### Sensitive actions
32
32
 
@@ -34,7 +34,7 @@ These are now explicit sensitive reads:
34
34
 
35
35
  - `ownerReadSecretPlaintext({ alias, password, verificationCode? })`
36
36
  - `ownerExportSecret({ alias, password, verificationCode? })`
37
- - `ownerReadAgentPrivateKey({ agentId, password, verificationCode? })`
37
+ - `ownerReadAgentPrivateKey({ rootAgentId, password, verificationCode? })`
38
38
 
39
39
  `ownerListAgents()` no longer exposes private keys.
40
40
 
@@ -48,8 +48,8 @@ GUI clients should branch on `error.code` instead of parsing raw message text.
48
48
  ### Agent read model
49
49
 
50
50
  - `ownerListAgents()` returns the stable public agent record:
51
- - `agentId`
52
- - `identityId`
51
+ - `rootAgentId`
52
+ - `rootAgentId`
53
53
  - `publicKey`
54
54
  - `nickname`
55
55
  - `metadata`
@@ -57,21 +57,21 @@ GUI clients should branch on `error.code` instead of parsing raw message text.
57
57
 
58
58
  ### Agent creation and import
59
59
 
60
- - `ownerCreateAgent(...)` no longer accepts caller-supplied `agentId`
61
- - `ownerImportAgent(...)` no longer accepts caller-supplied `agentId`
60
+ - `ownerCreateAgent(...)` no longer accepts caller-supplied `rootAgentId`
61
+ - `ownerImportAgent(...)` no longer accepts caller-supplied `rootAgentId`
62
62
  - Both now return:
63
63
  - `agent`
64
64
  - `sessionToken`
65
65
 
66
- Use `result.agent.agentId` as the vault-internal agent ID.
66
+ Use `result.agent.rootAgentId` as the vault-internal agent ID.
67
67
 
68
- ### Capability creation
68
+ ### Grant creation
69
69
 
70
- - `ownerGrantCapability(...)` no longer accepts caller-supplied `capabilityId`
71
- - `ownerExecuteCapabilityStateAndGrant(...)` no longer accepts caller-supplied `capabilityId`
72
- - Capability IDs are generated internally
70
+ - `ownerGrantGrant(...)` no longer accepts caller-supplied `grantId`
71
+ - `ownerExecuteGrantStateAndGrant(...)` no longer accepts caller-supplied `grantId`
72
+ - Grant IDs are generated internally
73
73
 
74
- `ownerGrantCapability(...)` now returns the created capability so the caller can read the generated ID immediately.
74
+ `ownerGrantGrant(...)` now returns the created grant so the caller can read the generated ID immediately.
75
75
 
76
76
  ### Custom flow creation
77
77
 
@@ -82,18 +82,18 @@ Use `result.agent.agentId` as the vault-internal agent ID.
82
82
 
83
83
  ## New Public API
84
84
 
85
- - `ownerUpdateAgent({ agentId, nickname?, metadata? })`
85
+ - `ownerUpdateAgent({ rootAgentId, nickname?, metadata? })`
86
86
 
87
87
  This updates the stored owner-side agent profile and persists it. The operation is audited.
88
88
 
89
89
  ## Recommended GUI changes
90
90
 
91
91
  - Remove UI inputs for:
92
- - `agentId` during create/import
93
- - `capabilityId`
92
+ - `rootAgentId` during create/import
93
+ - `grantId`
94
94
  - `flowId`
95
- - Treat `agentId`, `capabilityId`, and `flowId` as SDK-managed internal identifiers
95
+ - Treat `rootAgentId`, `grantId`, and `flowId` as SDK-managed internal identifiers
96
96
  - Use returned records instead of constructing IDs in the UI
97
- - Keep an SDK-managed owner session handle instead of caching a raw `createVaultClient(...)` result across reloads or runtime swaps
98
- - If you are not using `OwnerSession`, recreate `createVaultClient(...)` after runtime/module changes rather than reusing an old instance
97
+ - Keep an SDK-managed owner session handle instead of caching a raw `createOwnerClient(...)` result across reloads or runtime swaps
98
+ - If you are not using `OwnerSession`, recreate `createOwnerClient(...)` after runtime/module changes rather than reusing an old instance
99
99
  - Route plaintext/private-key reads through a single sensitive-action confirmation dialog
package/docs/MIGRATION-1.65.md ADDED
@@ -0,0 +1,61 @@
1
+ # Migration Guide: v1.4x → v1.65 (Grant Model)
2
+
3
+ This guide documents the transition from the legacy "Capability" model to the new "Grant" model introduced in v1.65.0.
4
+
5
+ ## Overview of Changes
6
+
7
+ The heavyweight `Grant` system has been removed in favor of two simple, context-free white-list tables:
8
+ 1. **Agent-Secret Grants**: Who (Agent) can use What (Secret).
9
+ 2. **Secret-Destination Grants**: Where (Secret) can be sent (Domain).
10
+
11
+ ## API Changes
12
+
13
+ ### 1. Renamed & Removed Methods
14
+
15
+ | Legacy Method (v1.4x) | New Method (v1.65+) | Notes |
16
+ | :--- | :--- | :--- |
17
+ | `ownerGrantGrant` | `ownerGrantAgentSecret` / `ownerGrantSecretDestination` | Now split into two discrete grant types. |
18
+ | `ownerRevokeGrant` | `ownerRevokeAgentSecret` / `ownerRevokeSecretDestination` | |
19
+ | `ownerListCapabilities` | `ownerListGrants` | Returns both types of grants. |
20
+ | `ownerApproveGrantRead` | (Internalized) | Response visibility is now simpler. |
21
+ | `ownerAllowAlways` | `ownerApproveDispatch(..., 'allow_and_grant')` | Integrated into the dispatch approval flow. |
22
+ | `ownerAllowOnce` | `ownerApproveDispatch(..., 'allow_once')` | Integrated into the dispatch approval flow. |
23
+
24
+ ### 2. Decision Logic
25
+
26
+ The `DispatchApprovalDecision` has been standardized:
27
+ - `allow_once`: Execute the blocked dispatch without creating a permanent grant.
28
+ - `allow_and_grant`: Execute the dispatch AND provision the needed grants as a side-effect.
29
+ - `deny`: Reject the request.
30
+
31
+ ## Storage Migration
32
+
33
+ The storage layout for authorization has changed:
34
+ - **Old**: `vaults/<id>_v1/capabilities.sealed`
35
+ - **New**: `vaults/<id>_v1/grants/agent_secrets/` and `vaults/<id>_v1/grants/secret_destinations/`
36
+
37
+ > [!IMPORTANT]
38
+ > Automatic migration of legacy grant records is NOT provided in the runtime core. It is recommended to re-authorize agents using the new "Zero-Configuration" HITL flow (Dispatch -> Approve & Grant).
39
+
40
+ ## Runtime Export Changes (Breaking)
41
+
42
+ The `src/runtime/index.ts` entry point has been purged of all legacy terminology to ensure the public API remains clean and future-proof.
43
+
44
+ | Legacy Export (v1.4x) | New v1.65.1 Equivalent | Notes |
45
+ | :--- | :--- | :--- |
46
+ | `OwnerClient` | `OwnerClient` | The primary owner-side interface (retained name). |
47
+ | `CreateOwnerClientOptions` | `CreateOwnerClientOptions` | |
48
+ | `OwnerAgentView` | `AgentIdentityRecord` | Direct domain record. |
49
+ | `OwnerSecretView` | `AgentVisibleSecretRecord` | Direct domain record. |
50
+ | `OwnerPendingApprovalView` | `OwnerVisibleRequestRecord` | |
51
+ | `OwnerRequestSummaryView` | `OwnerVisibleRequestRecord` | |
52
+ | `OwnerRequestDetailView` | `OwnerRequestRecord` | |
53
+ | `wrapVaultCoreAsVaultService`| `createVaultService` | Unified factory in `vault-ingress`. |
54
+
55
+ ### Ingress Utility Relocation
56
+ Several low-level utilities have been moved to dedicated files for better modularity:
57
+ - `AgentDispatchHttpTransport` is now exported from `@cbio/node-runtime/vault-ingress/remote-transport`
58
+ - `handleVaultHttpDispatch` and `handleVaultAgentControlHttp` are now exported from `@cbio/node-runtime/vault-ingress/server-utils`
59
+
60
+ > [!CAUTION]
61
+ > These are **HARD BREAKING CHANGES**. Legacy aliases are NOT provided. You must update your imports to use the new v1.65.1 terminology.
package/docs/PROCESS_ISOLATION.md CHANGED
@@ -19,8 +19,8 @@ import { createAgentClient, AgentDispatchHttpTransport } from '@the-ai-company/c
19
19
  const transport = new AgentDispatchHttpTransport('http://localhost:3000/dispatch');
20
20
 
21
21
  const agent = createAgentClient({
22
- agentIdentity, // Process A ONLY knows its own identity
23
- capability, // Process A knows its granted permissions
22
+ rootAgentIdentity, // Process A ONLY knows its own identity
23
+ grant, // Process A knows its granted permissions
24
24
  transport,
25
25
  });
26
26