@the-ai-company/cbio-node-runtime 1.63.3 → 1.63.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +48 -209
- package/dist/clients/agent/client.d.ts +18 -40
- package/dist/clients/agent/client.js +22 -109
- package/dist/clients/agent/client.js.map +1 -1
- package/dist/clients/agent/contracts.d.ts +1 -8
- package/dist/clients/agent/index.d.ts +1 -1
- package/dist/clients/owner/client.d.ts +2 -102
- package/dist/clients/owner/client.js +111 -266
- package/dist/clients/owner/client.js.map +1 -1
- package/dist/clients/owner/contracts.d.ts +37 -75
- package/dist/clients/owner/index.d.ts +2 -4
- package/dist/clients/owner/index.js +1 -2
- package/dist/clients/owner/index.js.map +1 -1
- package/dist/internal/id-factory.d.ts +0 -2
- package/dist/internal/id-factory.js +0 -6
- package/dist/internal/id-factory.js.map +1 -1
- package/dist/protocol/identity.d.ts +1 -1
- package/dist/protocol/identity.js +3 -3
- package/dist/protocol/identity.js.map +1 -1
- package/dist/public-types.d.ts +5 -14
- package/dist/public-types.js +1 -8
- package/dist/public-types.js.map +1 -1
- package/dist/runtime/bootstrap.d.ts +1 -3
- package/dist/runtime/bootstrap.js.map +1 -1
- package/dist/runtime/identity.d.ts +2 -2
- package/dist/runtime/identity.js +3 -5
- package/dist/runtime/identity.js.map +1 -1
- package/dist/runtime/index.d.ts +10 -12
- package/dist/runtime/index.js +7 -8
- package/dist/runtime/index.js.map +1 -1
- package/dist/runtime/owner-session.d.ts +7 -6
- package/dist/runtime/owner-session.js +5 -6
- package/dist/runtime/owner-session.js.map +1 -1
- package/dist/storage/fs.d.ts +3 -2
- package/dist/storage/fs.js +8 -5
- package/dist/storage/fs.js.map +1 -1
- package/dist/storage/prefix.d.ts +1 -0
- package/dist/storage/prefix.js +7 -0
- package/dist/storage/prefix.js.map +1 -1
- package/dist/storage/provider.d.ts +2 -0
- package/dist/vault-core/contracts.d.ts +95 -210
- package/dist/vault-core/contracts.js +8 -11
- package/dist/vault-core/contracts.js.map +1 -1
- package/dist/vault-core/core.d.ts +119 -62
- package/dist/vault-core/core.js +518 -1180
- package/dist/vault-core/core.js.map +1 -1
- package/dist/vault-core/defaults.d.ts +22 -44
- package/dist/vault-core/defaults.js +65 -234
- package/dist/vault-core/defaults.js.map +1 -1
- package/dist/vault-core/errors.d.ts +3 -2
- package/dist/vault-core/errors.js.map +1 -1
- package/dist/vault-core/index.d.ts +5 -5
- package/dist/vault-core/index.js +2 -2
- package/dist/vault-core/index.js.map +1 -1
- package/dist/vault-core/persistence.d.ts +72 -119
- package/dist/vault-core/persistence.js +310 -427
- package/dist/vault-core/persistence.js.map +1 -1
- package/dist/vault-core/ports.d.ts +19 -30
- package/dist/vault-core/read-policy.d.ts +3 -2
- package/dist/vault-core/read-policy.js.map +1 -1
- package/dist/vault-core/tool-metadata.js +2 -2
- package/dist/vault-core/tool-metadata.js.map +1 -1
- package/dist/vault-ingress/defaults.d.ts +4 -2
- package/dist/vault-ingress/defaults.js +14 -8
- package/dist/vault-ingress/defaults.js.map +1 -1
- package/dist/vault-ingress/index.d.ts +39 -119
- package/dist/vault-ingress/index.js +98 -456
- package/dist/vault-ingress/index.js.map +1 -1
- package/dist/vault-ingress/remote-transport.d.ts +5 -3
- package/dist/vault-ingress/remote-transport.js +8 -28
- package/dist/vault-ingress/remote-transport.js.map +1 -1
- package/docs/ARCHITECTURE.md +39 -22
- package/docs/CUSTODY_MODEL.md +1 -1
- package/docs/IDENTITY_MODEL.md +5 -5
- package/docs/MIGRATION-1.51.md +19 -19
- package/docs/MIGRATION-1.65.md +87 -0
- package/docs/PROCESS_ISOLATION.md +2 -2
- package/docs/REFERENCE.md +42 -224
- package/docs/api/README.md +48 -30
- package/docs/api/classes/IdentityError.md +1 -1
- package/docs/api/classes/OwnerClientError.md +1 -1
- package/docs/api/classes/PersistentVaultAgentIdentityRegistry.md +89 -0
- package/docs/api/classes/PersistentVaultAgentSecretGrantRegistry.md +125 -0
- package/docs/api/classes/PersistentVaultAuditLog.md +65 -0
- package/docs/api/classes/PersistentVaultSecretCustody.md +93 -0
- package/docs/api/classes/PersistentVaultSecretDestinationGrantRegistry.md +125 -0
- package/docs/api/classes/PersistentVaultSecretRepository.md +127 -0
- package/docs/api/classes/VaultCore.md +264 -237
- package/docs/api/classes/VaultCoreError.md +3 -3
- package/docs/api/enumerations/AuditAction.md +143 -0
- package/docs/api/enumerations/AuditOutcome.md +35 -0
- package/docs/api/enumerations/DispatchStatus.md +35 -0
- package/docs/api/enumerations/IdentityErrorCode.md +1 -1
- package/docs/api/enumerations/OwnerClientErrorCode.md +1 -1
- package/docs/api/functions/createAgentClient.md +1 -15
- package/docs/api/functions/createIdentity.md +2 -2
- package/docs/api/functions/createOwnerClient.md +17 -0
- package/docs/api/functions/createOwnerSession.md +1 -1
- package/docs/api/functions/createPersistentVaultCoreDependencies.md +4 -4
- package/docs/api/functions/createVault.md +1 -1
- package/docs/api/functions/createVaultCore.md +1 -1
- package/docs/api/functions/createVaultCoreDependencies.md +1 -1
- package/docs/api/functions/createVaultService.md +5 -13
- package/docs/api/functions/createWorkspaceStorage.md +1 -1
- package/docs/api/functions/deriveRootAgentId.md +17 -0
- package/docs/api/functions/deriveVaultWorkingKeyFromPassword.md +1 -1
- package/docs/api/functions/getDefaultWorkspaceDir.md +1 -1
- package/docs/api/functions/handleVaultAgentControlHttp.md +2 -2
- package/docs/api/functions/handleVaultHttpDispatch.md +2 -2
- package/docs/api/functions/initializeVaultCustody.md +7 -3
- package/docs/api/functions/listVaults.md +1 -1
- package/docs/api/functions/readVaultProfile.md +1 -1
- package/docs/api/functions/recoverVault.md +1 -1
- package/docs/api/functions/recoverVaultWorkingKey.md +4 -8
- package/docs/api/functions/restoreIdentity.md +1 -1
- package/docs/api/functions/updateVaultMetadata.md +1 -1
- package/docs/api/functions/writeVaultProfile.md +1 -1
- package/docs/api/interfaces/AgentClient.md +20 -59
- package/docs/api/interfaces/AgentDispatchIntent.md +1 -1
- package/docs/api/interfaces/AgentDispatchTransport.md +12 -44
- package/docs/api/interfaces/AgentIdentity.md +3 -3
- package/docs/api/interfaces/AgentIdentityRecord.md +47 -0
- package/docs/api/interfaces/AgentRequestResult.md +35 -0
- package/docs/api/interfaces/AgentRuntimeManifest.md +55 -0
- package/docs/api/interfaces/AgentSecretGrant.md +41 -0
- package/docs/api/interfaces/AgentSigner.md +1 -1
- package/docs/api/interfaces/AgentVisibleRequestRecord.md +53 -0
- package/docs/api/interfaces/AgentVisibleSecretRecord.md +65 -0
- package/docs/api/interfaces/AuditEntry.md +83 -0
- package/docs/api/interfaces/CbioRuntime.md +13 -154
- package/docs/api/interfaces/CreateAgentClientOptions.md +4 -10
- package/docs/api/interfaces/CreateIdentityOptions.md +1 -1
- package/docs/api/interfaces/{CreateVaultClientOptions.md → CreateOwnerClientOptions.md} +9 -11
- package/docs/api/interfaces/CreateOwnerSessionOptions.md +3 -121
- package/docs/api/interfaces/CreatePersistentVaultCoreDependenciesOptions.md +3 -131
- package/docs/api/interfaces/CreateVaultOptions.md +1 -125
- package/docs/api/interfaces/CreatedVault.md +2 -2
- package/docs/api/interfaces/DefaultPolicyEngineOptions.md +1 -13
- package/docs/api/interfaces/DispatchAuthorization.md +43 -0
- package/docs/api/interfaces/DispatchInstruction.md +47 -0
- package/docs/api/interfaces/DispatchRequest.md +83 -0
- package/docs/api/interfaces/DispatchResult.md +53 -0
- package/docs/api/interfaces/IStorageProvider.md +13 -1
- package/docs/api/interfaces/InitializeVaultCustodyOptions.md +31 -11
- package/docs/api/interfaces/InitializedVaultCustody.md +1 -7
- package/docs/api/interfaces/OwnerAgentProvisionResult.md +2 -2
- package/docs/api/interfaces/OwnerClient.md +401 -0
- package/docs/api/interfaces/OwnerCreateSecretInput.md +1 -1
- package/docs/api/interfaces/OwnerRemoveSecretInput.md +1 -1
- package/docs/api/interfaces/OwnerRequestRecord.md +97 -0
- package/docs/api/interfaces/OwnerSensitiveActionConfirmation.md +1 -1
- package/docs/api/interfaces/OwnerSensitiveActionContext.md +1 -1
- package/docs/api/interfaces/OwnerSession.md +3 -3
- package/docs/api/interfaces/OwnerUpdateSecretInput.md +1 -1
- package/docs/api/interfaces/OwnerVisibleRequestRecord.md +73 -0
- package/docs/api/interfaces/RecoverVaultOptions.md +1 -125
- package/docs/api/interfaces/RecoveredVault.md +2 -2
- package/docs/api/interfaces/RequestRecord.md +107 -0
- package/docs/api/interfaces/RestoreIdentityOptions.md +1 -1
- package/docs/api/interfaces/SecretAlias.md +11 -0
- package/docs/api/interfaces/SecretDestinationGrant.md +41 -0
- package/docs/api/interfaces/SecretId.md +11 -0
- package/docs/api/interfaces/SecretRecord.md +89 -0
- package/docs/api/interfaces/Signer.md +1 -1
- package/docs/api/interfaces/VaultApproveDispatchInput.md +3 -9
- package/docs/api/interfaces/VaultAuditQueryInput.md +1 -1
- package/docs/api/interfaces/VaultCoreDependenciesOptions.md +1 -5
- package/docs/api/interfaces/VaultCreateAgentInput.md +1 -1
- package/docs/api/interfaces/VaultExportSecretInput.md +1 -1
- package/docs/api/interfaces/VaultGetRequestInput.md +17 -0
- package/docs/api/interfaces/VaultGrantAgentSecretInput.md +23 -0
- package/docs/api/interfaces/VaultGrantSecretDestinationInput.md +23 -0
- package/docs/api/interfaces/VaultId.md +11 -0
- package/docs/api/interfaces/VaultImportAgentInput.md +1 -1
- package/docs/api/interfaces/VaultIssueSessionTokenInput.md +5 -5
- package/docs/api/interfaces/VaultListAgentsInput.md +1 -1
- package/docs/api/interfaces/VaultListGrantsInput.md +23 -0
- package/docs/api/interfaces/VaultListRequestsInput.md +17 -0
- package/docs/api/interfaces/VaultListSecretsInput.md +1 -1
- package/docs/api/interfaces/VaultMetadata.md +1 -1
- package/docs/api/interfaces/VaultObject.md +2 -2
- package/docs/api/interfaces/VaultPrincipal.md +17 -0
- package/docs/api/interfaces/VaultProfile.md +1 -1
- package/docs/api/interfaces/VaultReadAgentPrivateKeyInput.md +7 -7
- package/docs/api/interfaces/VaultReadSecretPlaintextInput.md +1 -1
- package/docs/api/interfaces/VaultRevokeAgentSecretInput.md +23 -0
- package/docs/api/interfaces/VaultRevokeSecretDestinationInput.md +23 -0
- package/docs/api/interfaces/VaultRevokeSessionTokenInput.md +1 -1
- package/docs/api/interfaces/VaultService.md +511 -0
- package/docs/api/interfaces/VaultUpdateAgentInput.md +7 -7
- package/docs/api/type-aliases/AgentId.md +7 -0
- package/docs/api/type-aliases/CbioRuntimeModule.md +1 -1
- package/docs/api/type-aliases/DispatchApprovalDecision.md +7 -0
- package/docs/api/type-aliases/GrantStatus.md +7 -0
- package/docs/api/type-aliases/SecretLifecycleStatus.md +7 -0
- package/docs/api/type-aliases/VaultPrincipalKind.md +7 -0
- package/docs/api/variables/DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY.md +2 -2
- package/docs/es/README.md +3 -3
- package/docs/fr/README.md +3 -3
- package/docs/ja/README.md +5 -5
- package/docs/ko/README.md +5 -5
- package/docs/pt/README.md +3 -3
- package/docs/zh/PROCESS_ISOLATION.md +2 -2
- package/docs/zh/README.md +47 -63
- package/examples/process-isolation.ts +26 -35
- package/package.json +1 -1
- package/docs/api/functions/createOwnerHttpFlowBoundary.md +0 -17
- package/docs/api/functions/createStandardAcquireBoundary.md +0 -31
- package/docs/api/functions/createStandardDispatchBoundary.md +0 -23
- package/docs/api/functions/createVaultClient.md +0 -32
- package/docs/api/functions/deriveIdentityId.md +0 -17
- package/docs/api/functions/wrapVaultCoreAsVaultService.md +0 -31
- package/docs/api/interfaces/AgentSubmitCapabilityRequestInput.md +0 -41
- package/docs/api/interfaces/VaultApproveCapabilityRequestInput.md +0 -23
- package/docs/api/interfaces/VaultClient.md +0 -473
- package/docs/api/interfaces/VaultGrantCapabilityInput.md +0 -79
- package/docs/api/interfaces/VaultGrantCapabilityRequest.md +0 -23
- package/docs/api/interfaces/VaultIdentity.md +0 -11
- package/docs/api/interfaces/VaultListCapabilitiesInput.md +0 -17
- package/docs/api/interfaces/VaultRegisterFlowInput.md +0 -77
- package/docs/api/interfaces/VaultRevokeCapabilityInput.md +0 -23
- package/docs/api/interfaces/VaultSigner.md +0 -21
- package/docs/api/interfaces/VaultSubmitCapabilityRequestInput.md +0 -73
- package/docs/api/type-aliases/AgentCapabilityEnvelope.md +0 -7
- package/docs/api/type-aliases/AgentVisibleSecretRecord.md +0 -7
- package/docs/api/type-aliases/CreateOwnerClientOptions.md +0 -7
- package/docs/api/type-aliases/OwnerAgentView.md +0 -7
- package/docs/api/type-aliases/OwnerClient.md +0 -13
- package/docs/api/type-aliases/OwnerGrantCapabilityInput.md +0 -7
- package/docs/api/type-aliases/OwnerPendingApprovalView.md +0 -7
- package/docs/api/type-aliases/OwnerRequestDetailView.md +0 -7
- package/docs/api/type-aliases/OwnerRequestSummaryView.md +0 -7
- package/docs/api/type-aliases/OwnerSecretView.md +0 -7
|
@@ -1,6 +1,3 @@
|
|
|
1
|
-
import { createVaultCore, DispatchStatus, } from "../vault-core/index.js";
|
|
2
|
-
import { applyResponseReadPolicy } from "../vault-core/read-policy.js";
|
|
3
|
-
import { createOwnerHttpFlowBoundary, createStandardAcquireBoundary, toOwnerHttpFlowBoundary, } from "./flow-factories.js";
|
|
4
1
|
function redactResponseShapeValue(value) {
|
|
5
2
|
if (value === null || value === undefined) {
|
|
6
3
|
return null;
|
|
@@ -15,46 +12,20 @@ function redactResponseShapeValue(value) {
|
|
|
15
12
|
}
|
|
16
13
|
class LocalVaultService {
|
|
17
14
|
_authority;
|
|
18
|
-
_customFlows;
|
|
19
|
-
_clock;
|
|
20
15
|
_fetchImpl;
|
|
21
|
-
constructor(_authority,
|
|
16
|
+
constructor(_authority, _fetchImpl = fetch) {
|
|
22
17
|
this._authority = _authority;
|
|
23
|
-
this._customFlows = _customFlows;
|
|
24
|
-
this._clock = _clock;
|
|
25
18
|
this._fetchImpl = _fetchImpl;
|
|
26
19
|
}
|
|
27
20
|
get vaultId() {
|
|
28
21
|
return this._authority.vaultId;
|
|
29
22
|
}
|
|
30
|
-
async resolveSecretId(alias) {
|
|
31
|
-
if (!alias)
|
|
32
|
-
return undefined;
|
|
33
|
-
const record = await this._authority._deps.secrets.getByAlias({ value: alias });
|
|
34
|
-
return record?.secretId.value;
|
|
35
|
-
}
|
|
36
|
-
async resolveSecretIds(aliases) {
|
|
37
|
-
if (!aliases?.length)
|
|
38
|
-
return undefined;
|
|
39
|
-
const resolved = await Promise.all(aliases.map((alias) => this.resolveSecretId(alias)));
|
|
40
|
-
const filtered = resolved.filter((value) => typeof value === "string");
|
|
41
|
-
return filtered.length > 0 ? filtered : undefined;
|
|
42
|
-
}
|
|
43
|
-
ownerOnCapabilityState(callback) {
|
|
44
|
-
return this._authority.ownerOnCapabilityState(callback);
|
|
45
|
-
}
|
|
46
|
-
ownerRegisterCapability(request) {
|
|
47
|
-
return this._authority.ownerRegisterCapability(request);
|
|
48
|
-
}
|
|
49
23
|
ownerRegisterAgentIdentity(request) {
|
|
50
24
|
return this._authority.ownerRegisterAgentIdentity(request);
|
|
51
25
|
}
|
|
52
26
|
ownerUpdateAgentIdentity(request) {
|
|
53
27
|
return this._authority.ownerUpdateAgentIdentity(request);
|
|
54
28
|
}
|
|
55
|
-
ownerRegisterCustomFlow(request) {
|
|
56
|
-
return this._authority.ownerRegisterCustomFlow(request);
|
|
57
|
-
}
|
|
58
29
|
ownerCreateSecret(request) {
|
|
59
30
|
return this._authority.ownerCreateSecret(request);
|
|
60
31
|
}
|
|
@@ -67,501 +38,172 @@ class LocalVaultService {
|
|
|
67
38
|
ownerWriteSecret(request) {
|
|
68
39
|
return this._authority.ownerWriteSecret(request);
|
|
69
40
|
}
|
|
70
|
-
|
|
71
|
-
return
|
|
41
|
+
ownerReadAudit(request) {
|
|
42
|
+
return this._authority.ownerReadAudit(request.actor, request.query);
|
|
72
43
|
}
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
return this.redactResponseShape(payload);
|
|
76
|
-
}
|
|
77
|
-
const record = payload;
|
|
78
|
-
const response = {};
|
|
79
|
-
switch (flow) {
|
|
80
|
-
case "oauth_token_response.access_token":
|
|
81
|
-
case "oauth_token_response.refresh_token":
|
|
82
|
-
case "openid_token_response.id_token": {
|
|
83
|
-
if ("token_type" in record) {
|
|
84
|
-
response.token_type = typeof record.token_type === "string" ? record.token_type : null;
|
|
85
|
-
}
|
|
86
|
-
if ("expires_in" in record) {
|
|
87
|
-
response.expires_in = typeof record.expires_in === "number" ? record.expires_in : null;
|
|
88
|
-
}
|
|
89
|
-
if ("scope" in record) {
|
|
90
|
-
response.scope = typeof record.scope === "string" ? record.scope : null;
|
|
91
|
-
}
|
|
92
|
-
break;
|
|
93
|
-
}
|
|
94
|
-
}
|
|
95
|
-
return response;
|
|
44
|
+
ownerExportSecret(request) {
|
|
45
|
+
return this._authority.ownerExportSecret(request.actor, request.alias);
|
|
96
46
|
}
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
throw new Error("VAULT_ACQUISITION_RESPONSE_INVALID");
|
|
100
|
-
}
|
|
101
|
-
const record = payload;
|
|
102
|
-
switch (flow) {
|
|
103
|
-
case "oauth_token_response.access_token": {
|
|
104
|
-
if (typeof record.access_token !== "string" || !record.access_token) {
|
|
105
|
-
throw new Error("VAULT_ACQUISITION_SECRET_NOT_FOUND");
|
|
106
|
-
}
|
|
107
|
-
return record.access_token;
|
|
108
|
-
}
|
|
109
|
-
case "oauth_token_response.refresh_token": {
|
|
110
|
-
if (typeof record.refresh_token !== "string" || !record.refresh_token) {
|
|
111
|
-
throw new Error("VAULT_ACQUISITION_SECRET_NOT_FOUND");
|
|
112
|
-
}
|
|
113
|
-
return record.refresh_token;
|
|
114
|
-
}
|
|
115
|
-
case "openid_token_response.id_token": {
|
|
116
|
-
if (typeof record.id_token !== "string" || !record.id_token) {
|
|
117
|
-
throw new Error("VAULT_ACQUISITION_SECRET_NOT_FOUND");
|
|
118
|
-
}
|
|
119
|
-
return record.id_token;
|
|
120
|
-
}
|
|
121
|
-
}
|
|
47
|
+
ownerListAgents(request) {
|
|
48
|
+
return this._authority.ownerListAgents(request.actor);
|
|
122
49
|
}
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
return null;
|
|
126
|
-
}
|
|
127
|
-
if (contentType?.includes("json")) {
|
|
128
|
-
return JSON.parse(rawPayload);
|
|
129
|
-
}
|
|
130
|
-
try {
|
|
131
|
-
return JSON.parse(rawPayload);
|
|
132
|
-
}
|
|
133
|
-
catch {
|
|
134
|
-
return rawPayload;
|
|
135
|
-
}
|
|
50
|
+
ownerListRequests(request) {
|
|
51
|
+
return this._authority.ownerListRequests(request.actor, request.rootAgentId);
|
|
136
52
|
}
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
method: request.method ?? "GET",
|
|
140
|
-
headers: request.headers,
|
|
141
|
-
body: request.body,
|
|
142
|
-
});
|
|
143
|
-
const contentType = response.headers.get("content-type");
|
|
144
|
-
const rawBody = await response.text();
|
|
145
|
-
return {
|
|
146
|
-
contentType,
|
|
147
|
-
rawBody,
|
|
148
|
-
parsedBody: this.parseRawResponse(contentType, rawBody),
|
|
149
|
-
responseStatus: response.status,
|
|
150
|
-
};
|
|
151
|
-
}
|
|
152
|
-
toCustomFlowResponseBody(rawBody, contentType, visibility) {
|
|
153
|
-
if (visibility !== "shape_only") {
|
|
154
|
-
return rawBody;
|
|
155
|
-
}
|
|
156
|
-
return JSON.stringify(this.redactResponseShape(this.parseRawResponse(contentType ?? null, rawBody ?? "")));
|
|
53
|
+
ownerGetRequest(request) {
|
|
54
|
+
return this._authority.ownerGetRequest(request.actor, request.targetRequestId);
|
|
157
55
|
}
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
const value = payload[flow.responseSecret.field];
|
|
167
|
-
if (typeof value !== "string" || !value) {
|
|
168
|
-
throw new Error("VAULT_CUSTOM_FLOW_SECRET_NOT_FOUND");
|
|
169
|
-
}
|
|
170
|
-
return value;
|
|
171
|
-
}
|
|
172
|
-
return null;
|
|
56
|
+
ownerListSecrets(request) {
|
|
57
|
+
return this._authority.ownerListSecrets(request.owner);
|
|
58
|
+
}
|
|
59
|
+
ownerGrantAgentSecret(request) {
|
|
60
|
+
return this._authority.ownerGrantAgentSecret(request.actor, request.rootAgentId, request.secretAlias, request);
|
|
61
|
+
}
|
|
62
|
+
ownerGrantSecretDestination(request) {
|
|
63
|
+
return this._authority.ownerGrantSecretDestination(request.actor, request.secretAlias, request.siteId, request);
|
|
173
64
|
}
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
kind: "trusted_issuer",
|
|
192
|
-
id: request.issuerId,
|
|
193
|
-
},
|
|
194
|
-
alias: request.alias,
|
|
195
|
-
plaintext: this.extractSecretForFlow(request.flow, payload.parsedBody),
|
|
196
|
-
issuerSiteId: request.issuerId,
|
|
197
|
-
source: { kind: "request", requestId },
|
|
198
|
-
requestedAt: request.requestedAt ?? (this._clock?.nowIso() ?? new Date().toISOString()),
|
|
199
|
-
});
|
|
200
|
-
return {
|
|
201
|
-
vaultId: this._authority.vaultId,
|
|
202
|
-
alias: request.alias,
|
|
203
|
-
status: "stored",
|
|
204
|
-
responseStatus: payload.responseStatus,
|
|
205
|
-
contentType: payload.contentType,
|
|
206
|
-
responseShape: this.buildAcquireResponseShape(request.flow, payload.parsedBody),
|
|
207
|
-
};
|
|
65
|
+
ownerRevokeAgentSecret(request) {
|
|
66
|
+
return this._authority.ownerRevokeAgentSecret(request.actor, request.rootAgentId, request.secretAlias, request);
|
|
67
|
+
}
|
|
68
|
+
ownerRevokeSecretDestination(request) {
|
|
69
|
+
return this._authority.ownerRevokeSecretDestination(request.actor, request.secretAlias, request.siteId, request);
|
|
70
|
+
}
|
|
71
|
+
ownerListGrants(request) {
|
|
72
|
+
return this._authority.ownerListGrants(request.actor, request.rootAgentId, request.secretAlias);
|
|
73
|
+
}
|
|
74
|
+
ownerIssueSessionToken(request) {
|
|
75
|
+
return this._authority.ownerIssueSessionToken(request);
|
|
76
|
+
}
|
|
77
|
+
ownerIssueAllAgentSessionTokens(actor) {
|
|
78
|
+
return this._authority.ownerIssueAllAgentSessionTokens(actor);
|
|
79
|
+
}
|
|
80
|
+
ownerRevokeSessionToken(request) {
|
|
81
|
+
return this._authority.ownerRevokeSessionToken(request);
|
|
208
82
|
}
|
|
209
83
|
agentDispatch(request) {
|
|
210
84
|
return this._authority.agentDispatchSecret(request);
|
|
211
85
|
}
|
|
86
|
+
ownerApproveDispatch(request) {
|
|
87
|
+
return this._authority.ownerApproveDispatch(request.actor, request.requestId, request.decision);
|
|
88
|
+
}
|
|
89
|
+
ownerOnPendingDispatch(callback) {
|
|
90
|
+
return this._authority.ownerOnPendingDispatch(callback);
|
|
91
|
+
}
|
|
92
|
+
agentListSecrets(request) {
|
|
93
|
+
return this._authority.agentListSecrets(request);
|
|
94
|
+
}
|
|
95
|
+
agentListRequests(request) {
|
|
96
|
+
return this._authority.agentListRequests(request);
|
|
97
|
+
}
|
|
98
|
+
agentGetRequest(request) {
|
|
99
|
+
return this._authority.agentGetRequest(request);
|
|
100
|
+
}
|
|
101
|
+
agentGetRuntimeManifest(request) {
|
|
102
|
+
return this._authority.agentGetRuntimeManifest(request);
|
|
103
|
+
}
|
|
212
104
|
async agentHandleDispatch(request) {
|
|
213
105
|
try {
|
|
214
|
-
const vaultId = { value: request.vaultId };
|
|
215
|
-
const capability = await this.resolveCapability(vaultId, request.agentId, request.capabilityId);
|
|
216
|
-
const secretId = await this.resolveSecretId(request.secretAlias);
|
|
217
|
-
const customFlow = capability?.operation === "custom_http"
|
|
218
|
-
? await this.resolveCustomFlow(vaultId, capability.customFlowId)
|
|
219
|
-
: null;
|
|
220
|
-
const boundary = customFlow
|
|
221
|
-
? toOwnerHttpFlowBoundary(customFlow)
|
|
222
|
-
: createOwnerHttpFlowBoundary({
|
|
223
|
-
mode: "send_secret",
|
|
224
|
-
targetUrl: request.targetUrl,
|
|
225
|
-
method: request.method,
|
|
226
|
-
responseVisibility: "passthrough",
|
|
227
|
-
});
|
|
228
|
-
if (customFlow) {
|
|
229
|
-
if (request.targetUrl !== boundary.targetUrl || request.method.toUpperCase() !== boundary.method.toUpperCase()) {
|
|
230
|
-
throw new Error("VAULT_CUSTOM_FLOW_BINDING_MISMATCH");
|
|
231
|
-
}
|
|
232
|
-
}
|
|
233
|
-
if (boundary.mode === "acquire_secret") {
|
|
234
|
-
if (!customFlow) {
|
|
235
|
-
throw new Error("VAULT_CUSTOM_FLOW_NOT_FOUND");
|
|
236
|
-
}
|
|
237
|
-
const authorization = await this._authority.agentAuthorizeDispatch({
|
|
238
|
-
vaultId,
|
|
239
|
-
requestId: request.requestId,
|
|
240
|
-
requestedAt: request.requestedAt,
|
|
241
|
-
agent: {
|
|
242
|
-
kind: "agent",
|
|
243
|
-
id: request.agentId,
|
|
244
|
-
},
|
|
245
|
-
capability,
|
|
246
|
-
proof: {
|
|
247
|
-
agentId: request.agentId,
|
|
248
|
-
signature: request.proof.signature,
|
|
249
|
-
token: request.proof.token,
|
|
250
|
-
requestId: request.requestId,
|
|
251
|
-
requestedAt: request.requestedAt,
|
|
252
|
-
},
|
|
253
|
-
secretId: undefined,
|
|
254
|
-
reason: request.reason,
|
|
255
|
-
targetUrl: request.targetUrl,
|
|
256
|
-
method: request.method,
|
|
257
|
-
headers: request.headers,
|
|
258
|
-
body: request.body,
|
|
259
|
-
});
|
|
260
|
-
if (authorization.decision !== "allow") {
|
|
261
|
-
throw new Error("VAULT_CUSTOM_FLOW_DENIED");
|
|
262
|
-
}
|
|
263
|
-
const payload = await this.fetchAndParse({
|
|
264
|
-
url: request.targetUrl,
|
|
265
|
-
method: request.method,
|
|
266
|
-
headers: request.headers,
|
|
267
|
-
body: request.body,
|
|
268
|
-
});
|
|
269
|
-
const acquiredSecret = this.extractCustomFlowSecret(customFlow, payload.parsedBody);
|
|
270
|
-
if (!acquiredSecret || !customFlow.responseSecret) {
|
|
271
|
-
throw new Error("VAULT_CUSTOM_FLOW_SECRET_NOT_FOUND");
|
|
272
|
-
}
|
|
273
|
-
await this._authority._storeCustomFlowSecret(customFlow, customFlow.responseSecret.storeAlias, acquiredSecret);
|
|
274
|
-
return {
|
|
275
|
-
ok: true,
|
|
276
|
-
result: {
|
|
277
|
-
vaultId,
|
|
278
|
-
requestId: request.requestId,
|
|
279
|
-
status: DispatchStatus.SUCCEEDED,
|
|
280
|
-
targetUrl: request.targetUrl,
|
|
281
|
-
method: request.method,
|
|
282
|
-
responseStatus: payload.responseStatus,
|
|
283
|
-
responseBody: applyResponseReadPolicy(this.toCustomFlowResponseBody(payload.rawBody, payload.contentType, boundary.responseVisibility), capability?.read ?? { paths: [] }),
|
|
284
|
-
},
|
|
285
|
-
};
|
|
286
|
-
}
|
|
287
106
|
const result = await this._authority.agentDispatchSecret({
|
|
288
|
-
vaultId,
|
|
107
|
+
vaultId: { value: request.vaultId },
|
|
289
108
|
requestId: request.requestId,
|
|
290
109
|
requestedAt: request.requestedAt,
|
|
291
|
-
agent: {
|
|
292
|
-
kind: "agent",
|
|
293
|
-
id: request.agentId,
|
|
294
|
-
},
|
|
295
|
-
capability,
|
|
110
|
+
agent: { kind: "agent", id: request.rootAgentId },
|
|
296
111
|
proof: {
|
|
297
|
-
|
|
112
|
+
rootAgentId: request.rootAgentId,
|
|
298
113
|
signature: request.proof.signature,
|
|
299
114
|
token: request.proof.token,
|
|
300
115
|
requestId: request.requestId,
|
|
301
116
|
requestedAt: request.requestedAt,
|
|
302
117
|
},
|
|
303
|
-
secretId,
|
|
304
|
-
secretAlias: request.secretAlias,
|
|
305
118
|
reason: request.reason,
|
|
119
|
+
secretAlias: request.secretAlias,
|
|
306
120
|
targetUrl: request.targetUrl,
|
|
307
121
|
method: request.method,
|
|
308
122
|
headers: request.headers,
|
|
309
123
|
body: request.body,
|
|
310
124
|
});
|
|
311
|
-
|
|
312
|
-
if (!customFlow) {
|
|
313
|
-
throw new Error("VAULT_CUSTOM_FLOW_NOT_FOUND");
|
|
314
|
-
}
|
|
315
|
-
const parsedBody = this.parseBody(result.responseBody);
|
|
316
|
-
const acquiredSecret = this.extractCustomFlowSecret(customFlow, parsedBody);
|
|
317
|
-
if (!acquiredSecret || !customFlow.responseSecret) {
|
|
318
|
-
throw new Error("VAULT_CUSTOM_FLOW_SECRET_NOT_FOUND");
|
|
319
|
-
}
|
|
320
|
-
await this._authority._storeCustomFlowSecret(customFlow, customFlow.responseSecret.storeAlias, acquiredSecret);
|
|
321
|
-
}
|
|
322
|
-
return {
|
|
323
|
-
ok: true,
|
|
324
|
-
result: {
|
|
325
|
-
...result,
|
|
326
|
-
responseBody: applyResponseReadPolicy(this.toCustomFlowResponseBody(result.responseBody, null, boundary.responseVisibility), capability?.read ?? { paths: [] }),
|
|
327
|
-
},
|
|
328
|
-
};
|
|
125
|
+
return { ok: true, result };
|
|
329
126
|
}
|
|
330
127
|
catch (error) {
|
|
331
|
-
const message = error instanceof Error ? error.message : String(error);
|
|
332
|
-
const code = error instanceof Error && "code" in error && typeof error.code === "string"
|
|
333
|
-
? error.code
|
|
334
|
-
: "VAULT_AGENT_DISPATCH_REJECTED";
|
|
335
128
|
return {
|
|
336
129
|
ok: false,
|
|
337
|
-
error: {
|
|
130
|
+
error: {
|
|
131
|
+
code: error.code || "VAULT_DISPATCH_FAILED",
|
|
132
|
+
message: error instanceof Error ? error.message : String(error),
|
|
133
|
+
},
|
|
338
134
|
};
|
|
339
135
|
}
|
|
340
136
|
}
|
|
341
|
-
ownerReadAudit(request) {
|
|
342
|
-
return this._authority.ownerReadAudit(request.actor, request.query, {
|
|
343
|
-
requestId: request.requestId,
|
|
344
|
-
requestedAt: request.requestedAt,
|
|
345
|
-
});
|
|
346
|
-
}
|
|
347
|
-
ownerExportSecret(request) {
|
|
348
|
-
return this._authority.ownerExportSecret(request.actor, request.alias, {
|
|
349
|
-
requestId: request.requestId,
|
|
350
|
-
requestedAt: request.requestedAt,
|
|
351
|
-
});
|
|
352
|
-
}
|
|
353
|
-
ownerDeleteSecret(request) {
|
|
354
|
-
return this._authority.ownerRemoveSecret(request);
|
|
355
|
-
}
|
|
356
|
-
async ownerListAgents(request) {
|
|
357
|
-
return await this._authority.ownerListAgents(request.actor, request);
|
|
358
|
-
}
|
|
359
|
-
async ownerListCapabilities(request) {
|
|
360
|
-
return await this._authority.ownerListCapabilities(request.actor, request.agentId, request);
|
|
361
|
-
}
|
|
362
|
-
async ownerListRequests(request) {
|
|
363
|
-
return await this._authority.ownerListRequests(request.actor, request.agentId, request);
|
|
364
|
-
}
|
|
365
|
-
async ownerGetRequest(request) {
|
|
366
|
-
return await this._authority.ownerGetRequest(request.actor, request.targetRequestId, request);
|
|
367
|
-
}
|
|
368
|
-
async ownerListSecrets(request) {
|
|
369
|
-
return await this._authority.ownerListSecrets(request.owner, request);
|
|
370
|
-
}
|
|
371
|
-
async ownerRevokeCapability(command) {
|
|
372
|
-
return await this._authority.ownerRevokeCapability(command);
|
|
373
|
-
}
|
|
374
|
-
async ownerIssueSessionToken(request) {
|
|
375
|
-
return await this._authority.ownerIssueSessionToken(request);
|
|
376
|
-
}
|
|
377
|
-
async ownerIssueAllAgentSessionTokens(request) {
|
|
378
|
-
return await this._authority.ownerIssueAllAgentSessionTokens(request.actor);
|
|
379
|
-
}
|
|
380
|
-
async ownerRevokeSessionToken(request) {
|
|
381
|
-
return this._authority.ownerRevokeSessionToken(request);
|
|
382
|
-
}
|
|
383
|
-
ownerSubmitCapabilityRequest(request) {
|
|
384
|
-
return this._authority.ownerSubmitCapabilityRequest(request);
|
|
385
|
-
}
|
|
386
|
-
ownerApproveCapabilityRead(request) {
|
|
387
|
-
return this._authority.ownerApproveCapabilityRead(request);
|
|
388
|
-
}
|
|
389
|
-
ownerListCapabilityStates(request) {
|
|
390
|
-
return this._authority.ownerListCapabilityStates(request);
|
|
391
|
-
}
|
|
392
|
-
ownerAllowOnce(request) {
|
|
393
|
-
return this._authority.ownerAllowOnce(request);
|
|
394
|
-
}
|
|
395
|
-
ownerAllowAlways(request) {
|
|
396
|
-
return this._authority.ownerAllowAlways(request);
|
|
397
|
-
}
|
|
398
|
-
ownerDeny(request) {
|
|
399
|
-
return this._authority.ownerDeny(request);
|
|
400
|
-
}
|
|
401
|
-
agentListCapabilities(request) {
|
|
402
|
-
return this._authority.agentListCapabilities(request);
|
|
403
|
-
}
|
|
404
|
-
agentListSecrets(request) {
|
|
405
|
-
return this._authority.agentListSecrets(request);
|
|
406
|
-
}
|
|
407
|
-
agentListRequests(request) {
|
|
408
|
-
return this._authority.agentListRequests(request);
|
|
409
|
-
}
|
|
410
|
-
agentGetRequest(request) {
|
|
411
|
-
return this._authority.agentGetRequest(request);
|
|
412
|
-
}
|
|
413
|
-
agentGetRuntimeManifest(request) {
|
|
414
|
-
return this._authority.agentGetRuntimeManifest(request);
|
|
415
|
-
}
|
|
416
|
-
agentSubmitCapabilityRequest(request) {
|
|
417
|
-
return this._authority.agentSubmitCapabilityRequest(request);
|
|
418
|
-
}
|
|
419
137
|
async agentHandleControl(request) {
|
|
420
138
|
try {
|
|
421
139
|
const base = {
|
|
422
140
|
vaultId: { value: request.vaultId },
|
|
423
141
|
requestId: request.requestId,
|
|
424
142
|
requestedAt: request.requestedAt,
|
|
425
|
-
agent: { kind: "agent", id: request.
|
|
143
|
+
agent: { kind: "agent", id: request.rootAgentId },
|
|
426
144
|
proof: {
|
|
427
|
-
|
|
145
|
+
rootAgentId: request.rootAgentId,
|
|
428
146
|
signature: request.proof.signature,
|
|
429
147
|
token: request.proof.token,
|
|
430
148
|
requestId: request.requestId,
|
|
431
149
|
requestedAt: request.requestedAt,
|
|
432
150
|
},
|
|
433
151
|
};
|
|
152
|
+
let result;
|
|
434
153
|
switch (request.action) {
|
|
435
|
-
case "list_capabilities":
|
|
436
|
-
return { ok: true, result: await this.agentListCapabilities(base) };
|
|
437
154
|
case "list_secrets":
|
|
438
|
-
|
|
155
|
+
result = await this.agentListSecrets(base);
|
|
156
|
+
break;
|
|
439
157
|
case "list_requests":
|
|
440
|
-
|
|
158
|
+
result = await this.agentListRequests(base);
|
|
159
|
+
break;
|
|
441
160
|
case "read_request_result":
|
|
442
|
-
|
|
161
|
+
result = await this.agentGetRequest({ ...base, targetRequestId: request.targetRequestId });
|
|
162
|
+
break;
|
|
443
163
|
case "get_manifest":
|
|
444
|
-
|
|
445
|
-
|
|
446
|
-
{
|
|
447
|
-
const secretIds = await this.resolveSecretIds(request.secretAliases);
|
|
448
|
-
return {
|
|
449
|
-
ok: true,
|
|
450
|
-
result: await this.agentSubmitCapabilityRequest({
|
|
451
|
-
...base,
|
|
452
|
-
capability: {
|
|
453
|
-
operation: request.operation ?? "dispatch_http",
|
|
454
|
-
write: {
|
|
455
|
-
secretIds,
|
|
456
|
-
scope: request.write.scope,
|
|
457
|
-
methods: [...request.write.methods],
|
|
458
|
-
},
|
|
459
|
-
read: {
|
|
460
|
-
paths: [...request.read.paths],
|
|
461
|
-
},
|
|
462
|
-
},
|
|
463
|
-
reason: request.reason,
|
|
464
|
-
}),
|
|
465
|
-
};
|
|
466
|
-
}
|
|
164
|
+
result = await this.agentGetRuntimeManifest(base);
|
|
165
|
+
break;
|
|
467
166
|
}
|
|
167
|
+
return { ok: true, result };
|
|
468
168
|
}
|
|
469
169
|
catch (error) {
|
|
470
|
-
|
|
471
|
-
const code = error instanceof Error && "code" in error && typeof error.code === "string"
|
|
472
|
-
? error.code
|
|
473
|
-
: "VAULT_AGENT_CONTROL_REJECTED";
|
|
474
|
-
return { ok: false, error: { code, message } };
|
|
170
|
+
return { ok: false, error: { code: error.code || "VAULT_CONTROL_FAILED", message: error instanceof Error ? error.message : String(error) } };
|
|
475
171
|
}
|
|
476
172
|
}
|
|
477
173
|
async ownerHandleControl(request) {
|
|
478
|
-
const owner = { kind: "owner", id: request.ownerId ?? "vault-master" };
|
|
479
|
-
const vaultId = { value: request.vaultId };
|
|
480
174
|
try {
|
|
175
|
+
const actor = { kind: "owner", id: request.actorId || "owner" };
|
|
176
|
+
let result;
|
|
481
177
|
switch (request.action) {
|
|
482
|
-
case "list_capability_states":
|
|
483
|
-
return { ok: true, result: await this.ownerListCapabilityStates({ vaultId, owner, agentId: request.agentId, writeGranted: request.writeGranted, readGranted: request.readGranted }) };
|
|
484
|
-
case "approve_capability_read":
|
|
485
|
-
return {
|
|
486
|
-
ok: true,
|
|
487
|
-
result: await this.ownerApproveCapabilityRead({
|
|
488
|
-
vaultId,
|
|
489
|
-
requestId: request.requestId,
|
|
490
|
-
owner,
|
|
491
|
-
read: request.read ? { paths: [...request.read.paths] } : undefined,
|
|
492
|
-
}),
|
|
493
|
-
};
|
|
494
|
-
case "allow_once":
|
|
495
|
-
return { ok: true, result: await this.ownerAllowOnce({ vaultId, requestId: request.requestId, owner }) };
|
|
496
|
-
case "allow_always":
|
|
497
|
-
return { ok: true, result: await this.ownerAllowAlways({ vaultId, requestId: request.requestId, owner }) };
|
|
498
|
-
case "deny":
|
|
499
|
-
return { ok: true, result: await this.ownerDeny({ vaultId, requestId: request.requestId, owner }) };
|
|
500
178
|
case "list_agents":
|
|
501
|
-
|
|
502
|
-
|
|
503
|
-
return { ok: true, result: await this.ownerListCapabilities({ vaultId, actor: owner, agentId: request.agentId, requestId: `owner:list_capabilities:${Date.now()}`, requestedAt: this._clock?.nowIso?.() ?? new Date().toISOString() }) };
|
|
179
|
+
result = await this.ownerListAgents({ vaultId: { value: request.vaultId }, actor: { kind: "owner", id: request.actorId || "owner" }, requestId: "internal", requestedAt: new Date().toISOString() });
|
|
180
|
+
break;
|
|
504
181
|
case "list_requests":
|
|
505
|
-
|
|
182
|
+
result = await this.ownerListRequests({ vaultId: { value: request.vaultId }, actor: { kind: "owner", id: request.actorId || "owner" }, rootAgentId: request.rootAgentId, requestId: "internal", requestedAt: new Date().toISOString() });
|
|
183
|
+
break;
|
|
506
184
|
case "get_request":
|
|
507
|
-
|
|
185
|
+
result = await this.ownerGetRequest({ vaultId: { value: request.vaultId }, actor: { kind: "owner", id: request.actorId || "owner" }, targetRequestId: request.requestId, requestId: "internal", requestedAt: new Date().toISOString() });
|
|
186
|
+
break;
|
|
508
187
|
case "list_secrets":
|
|
509
|
-
|
|
188
|
+
result = await this.ownerListSecrets({ vaultId: { value: request.vaultId }, owner: { kind: "owner", id: request.actorId || "owner" } });
|
|
189
|
+
break;
|
|
190
|
+
case "list_grants":
|
|
191
|
+
result = await this.ownerListGrants({ vaultId: { value: request.vaultId }, actor: { kind: "owner", id: request.actorId || "owner" }, rootAgentId: request.rootAgentId, secretAlias: request.secretAlias, requestId: "internal", requestedAt: new Date().toISOString() });
|
|
192
|
+
break;
|
|
193
|
+
case "approve_dispatch":
|
|
194
|
+
result = await this.ownerApproveDispatch({ vaultId: { value: request.vaultId }, actor: { kind: "owner", id: request.actorId || "owner" }, requestId: request.requestId, decision: request.decision, requestedAt: new Date().toISOString() });
|
|
195
|
+
break;
|
|
510
196
|
}
|
|
197
|
+
return { ok: true, result };
|
|
511
198
|
}
|
|
512
199
|
catch (error) {
|
|
513
|
-
|
|
514
|
-
const code = error instanceof Error && "code" in error && typeof error.code === "string"
|
|
515
|
-
? error.code
|
|
516
|
-
: "VAULT_OWNER_CONTROL_REJECTED";
|
|
517
|
-
return { ok: false, error: { code, message } };
|
|
518
|
-
}
|
|
519
|
-
}
|
|
520
|
-
async resolveCapability(vaultId, agentId, capabilityId) {
|
|
521
|
-
if (!capabilityId) {
|
|
522
|
-
return undefined;
|
|
200
|
+
return { ok: false, error: { code: error.code || "VAULT_CONTROL_FAILED", message: error instanceof Error ? error.message : String(error) } };
|
|
523
201
|
}
|
|
524
|
-
const capability = await this._authority._getCapability(vaultId, agentId, capabilityId);
|
|
525
|
-
return capability ?? undefined;
|
|
526
202
|
}
|
|
527
|
-
parseBody(body) {
|
|
528
|
-
if (!body) {
|
|
529
|
-
return null;
|
|
530
|
-
}
|
|
531
|
-
try {
|
|
532
|
-
return JSON.parse(body);
|
|
533
|
-
}
|
|
534
|
-
catch {
|
|
535
|
-
return body;
|
|
536
|
-
}
|
|
537
|
-
}
|
|
538
|
-
async resolveCustomFlow(vaultId, flowId) {
|
|
539
|
-
if (!flowId) {
|
|
540
|
-
throw new Error("VAULT_CUSTOM_FLOW_NOT_PROVIDED");
|
|
541
|
-
}
|
|
542
|
-
if (!this._customFlows) {
|
|
543
|
-
throw new Error("VAULT_CUSTOM_FLOW_RESOLVER_NOT_CONFIGURED");
|
|
544
|
-
}
|
|
545
|
-
const flow = await this._customFlows.get(vaultId, flowId);
|
|
546
|
-
if (!flow) {
|
|
547
|
-
throw new Error("VAULT_CUSTOM_FLOW_NOT_FOUND");
|
|
548
|
-
}
|
|
549
|
-
return flow;
|
|
550
|
-
}
|
|
551
|
-
}
|
|
552
|
-
export function createVaultService(deps, options = {}) {
|
|
553
|
-
return new LocalVaultService(createVaultCore(deps), options.customFlows ?? deps.customFlows, options.clock, options.fetchImpl);
|
|
554
203
|
}
|
|
555
|
-
export function
|
|
556
|
-
return new LocalVaultService(
|
|
204
|
+
export function createVaultService(authority, options) {
|
|
205
|
+
return new LocalVaultService(authority, options?.fetchImpl);
|
|
557
206
|
}
|
|
558
|
-
|
|
559
|
-
export
|
|
560
|
-
export { handleVaultHttpDispatch, handleVaultAgentControlHttp } from "./server-utils.js";
|
|
561
|
-
/*
|
|
562
|
-
* Owner remote control export is intentionally disabled until it has a real
|
|
563
|
-
* authentication story. Restore the export below when that work is done.
|
|
564
|
-
*
|
|
565
|
-
* export { handleVaultOwnerControlHttp } from "./server-utils.js";
|
|
566
|
-
*/
|
|
207
|
+
/** Legacy alias for createVaultService */
|
|
208
|
+
export const wrapVaultCoreAsVaultService = createVaultService;
|
|
567
209
|
//# sourceMappingURL=index.js.map
|