npm - @the-ai-company/cbio-node-runtime - Versions diffs - 1.63.7 → 1.64.0 - Mend

@the-ai-company/cbio-node-runtime 1.63.7 → 1.64.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (191) hide show

package/README.md +11 -5
package/dist/clients/agent/client.d.ts +2 -2
package/dist/clients/agent/client.js +46 -49
package/dist/clients/agent/client.js.map +1 -1
package/dist/clients/agent/contracts.d.ts +5 -5
package/dist/clients/owner/client.js +209 -195
package/dist/clients/owner/client.js.map +1 -1
package/dist/clients/owner/contracts.d.ts +47 -48
package/dist/protocol/childSecretNaming.d.ts +1 -1
package/dist/protocol/childSecretNaming.js +2 -2
package/dist/protocol/childSecretNaming.js.map +1 -1
package/dist/protocol/crypto.d.ts +4 -4
package/dist/protocol/crypto.js +14 -14
package/dist/protocol/crypto.js.map +1 -1
package/dist/protocol/identity.d.ts +2 -2
package/dist/protocol/identity.js +4 -4
package/dist/protocol/identity.js.map +1 -1
package/dist/public-types.d.ts +1 -1
package/dist/public-types.js +1 -1
package/dist/public-types.js.map +1 -1
package/dist/runtime/bootstrap.d.ts +6 -6
package/dist/runtime/bootstrap.js +26 -26
package/dist/runtime/bootstrap.js.map +1 -1
package/dist/runtime/identity.d.ts +6 -6
package/dist/runtime/identity.js +14 -12
package/dist/runtime/identity.js.map +1 -1
package/dist/runtime/index.d.ts +1 -1
package/dist/runtime/index.js +1 -1
package/dist/runtime/index.js.map +1 -1
package/dist/runtime/owner-session.d.ts +1 -5
package/dist/runtime/owner-session.js +4 -5
package/dist/runtime/owner-session.js.map +1 -1
package/dist/runtime/vault-metadata.d.ts +2 -2
package/dist/runtime/vault-metadata.js +2 -2
package/dist/runtime/vault-metadata.js.map +1 -1
package/dist/vault-core/contracts.d.ts +235 -238
package/dist/vault-core/contracts.js +25 -34
package/dist/vault-core/contracts.js.map +1 -1
package/dist/vault-core/core.d.ts +41 -42
package/dist/vault-core/core.js +251 -274
package/dist/vault-core/core.js.map +1 -1
package/dist/vault-core/defaults.d.ts +25 -25
package/dist/vault-core/defaults.js +95 -95
package/dist/vault-core/defaults.js.map +1 -1
package/dist/vault-core/errors.d.ts +1 -1
package/dist/vault-core/errors.js.map +1 -1
package/dist/vault-core/index.d.ts +2 -2
package/dist/vault-core/index.js +2 -2
package/dist/vault-core/index.js.map +1 -1
package/dist/vault-core/persistence.d.ts +19 -19
package/dist/vault-core/persistence.js +78 -67
package/dist/vault-core/persistence.js.map +1 -1
package/dist/vault-core/ports.d.ts +23 -23
package/dist/vault-core/tool-metadata.js +6 -6
package/dist/vault-core/tool-metadata.js.map +1 -1
package/dist/vault-ingress/defaults.d.ts +2 -2
package/dist/vault-ingress/defaults.js +10 -10
package/dist/vault-ingress/defaults.js.map +1 -1
package/dist/vault-ingress/index.d.ts +46 -47
package/dist/vault-ingress/index.js +34 -37
package/dist/vault-ingress/index.js.map +1 -1
package/dist/vault-ingress/remote-transport.d.ts +2 -2
package/dist/vault-ingress/remote-transport.js +27 -27
package/dist/vault-ingress/remote-transport.js.map +1 -1
package/docs/ARCHITECTURE.md +1 -1
package/docs/CUSTODY_MODEL.md +3 -3
package/docs/IDENTITY_MODEL.md +4 -4
package/docs/REFERENCE.md +27 -2
package/docs/api/README.md +3 -4
package/docs/api/classes/IdentityError.md +1 -1
package/docs/api/classes/OwnerClientError.md +1 -1
package/docs/api/classes/PersistentVaultAgentIdentityRegistry.md +6 -6
package/docs/api/classes/PersistentVaultAgentSecretGrantRegistry.md +12 -12
package/docs/api/classes/PersistentVaultAuditLog.md +1 -1
package/docs/api/classes/PersistentVaultSecretCustody.md +7 -7
package/docs/api/classes/PersistentVaultSecretDestinationGrantRegistry.md +12 -12
package/docs/api/classes/PersistentVaultSecretRepository.md +7 -7
package/docs/api/classes/VaultCore.md +53 -69
package/docs/api/classes/VaultCoreError.md +1 -1
package/docs/api/enumerations/AuditOperation.md +137 -0
package/docs/api/enumerations/DispatchStatus.md +1 -1
package/docs/api/enumerations/IdentityErrorCode.md +1 -1
package/docs/api/enumerations/OwnerClientErrorCode.md +1 -1
package/docs/api/functions/createAgentClient.md +1 -1
package/docs/api/functions/createIdentity.md +2 -2
package/docs/api/functions/createOwnerClient.md +1 -1
package/docs/api/functions/createOwnerSession.md +1 -1
package/docs/api/functions/createPersistentVaultCoreDependencies.md +3 -3
package/docs/api/functions/createVault.md +1 -1
package/docs/api/functions/createVaultCore.md +1 -1
package/docs/api/functions/createVaultCoreDependencies.md +1 -1
package/docs/api/functions/createVaultService.md +1 -1
package/docs/api/functions/createWorkspaceStorage.md +1 -1
package/docs/api/functions/deriveRootAgentId.md +3 -3
package/docs/api/functions/deriveVaultWorkingKeyFromPassword.md +4 -4
package/docs/api/functions/getDefaultWorkspaceDir.md +1 -1
package/docs/api/functions/handleVaultAgentControlHttp.md +1 -1
package/docs/api/functions/handleVaultHttpDispatch.md +1 -1
package/docs/api/functions/initializeVaultCustody.md +1 -1
package/docs/api/functions/listVaults.md +1 -1
package/docs/api/functions/readVaultProfile.md +3 -3
package/docs/api/functions/recoverVault.md +4 -4
package/docs/api/functions/recoverVaultWorkingKey.md +1 -1
package/docs/api/functions/restoreIdentity.md +3 -3
package/docs/api/functions/updateVaultMetadata.md +1 -1
package/docs/api/functions/writeVaultProfile.md +3 -3
package/docs/api/interfaces/AgentClient.md +3 -3
package/docs/api/interfaces/AgentDispatchIntent.md +7 -7
package/docs/api/interfaces/AgentDispatchTransport.md +1 -1
package/docs/api/interfaces/AgentIdentity.md +3 -3
package/docs/api/interfaces/AgentIdentityRecord.md +11 -11
package/docs/api/interfaces/AgentRequestResult.md +9 -9
package/docs/api/interfaces/AgentRuntimeManifest.md +13 -13
package/docs/api/interfaces/AgentSecretGrant.md +11 -11
package/docs/api/interfaces/AgentSigner.md +1 -1
package/docs/api/interfaces/AgentVisibleRequestRecord.md +13 -13
package/docs/api/interfaces/AgentVisibleSecretRecord.md +13 -13
package/docs/api/interfaces/AuditEntry.md +45 -25
package/docs/api/interfaces/CbioRuntime.md +10 -10
package/docs/api/interfaces/CreateAgentClientOptions.md +1 -1
package/docs/api/interfaces/CreateIdentityOptions.md +1 -1
package/docs/api/interfaces/CreateOwnerClientOptions.md +3 -13
package/docs/api/interfaces/CreateOwnerSessionOptions.md +4 -10
package/docs/api/interfaces/CreatePersistentVaultCoreDependenciesOptions.md +3 -3
package/docs/api/interfaces/CreateVaultOptions.md +2 -2
package/docs/api/interfaces/CreatedVault.md +1 -1
package/docs/api/interfaces/DefaultPolicyEngineOptions.md +9 -9
package/docs/api/interfaces/DispatchAuthorization.md +11 -11
package/docs/api/interfaces/DispatchInstruction.md +9 -9
package/docs/api/interfaces/DispatchRequest.md +11 -11
package/docs/api/interfaces/DispatchResult.md +11 -11
package/docs/api/interfaces/IStorageProvider.md +1 -1
package/docs/api/interfaces/InitializeVaultCustodyOptions.md +1 -1
package/docs/api/interfaces/InitializedVaultCustody.md +1 -1
package/docs/api/interfaces/OwnerAgentProvisionResult.md +3 -3
package/docs/api/interfaces/OwnerClient.md +43 -11
package/docs/api/interfaces/OwnerCreateSecretInput.md +3 -3
package/docs/api/interfaces/OwnerRemoveSecretInput.md +3 -3
package/docs/api/interfaces/OwnerRequestRecord.md +19 -19
package/docs/api/interfaces/OwnerSensitiveActionConfirmation.md +1 -1
package/docs/api/interfaces/OwnerSensitiveActionContext.md +1 -1
package/docs/api/interfaces/OwnerSession.md +3 -3
package/docs/api/interfaces/OwnerUpdateSecretInput.md +3 -3
package/docs/api/interfaces/OwnerVisibleRequestRecord.md +21 -21
package/docs/api/interfaces/RecoverVaultOptions.md +4 -4
package/docs/api/interfaces/RecoveredVault.md +1 -1
package/docs/api/interfaces/RequestRecord.md +19 -19
package/docs/api/interfaces/RestoreIdentityOptions.md +1 -1
package/docs/api/interfaces/SecretAlias.md +1 -1
package/docs/api/interfaces/SecretDestinationGrant.md +11 -11
package/docs/api/interfaces/SecretId.md +1 -1
package/docs/api/interfaces/SecretRecord.md +13 -13
package/docs/api/interfaces/Signer.md +1 -1
package/docs/api/interfaces/VaultApproveDispatchInput.md +5 -5
package/docs/api/interfaces/VaultAuditQueryInput.md +7 -7
package/docs/api/interfaces/VaultCoreDependenciesOptions.md +5 -5
package/docs/api/interfaces/VaultCreateAgentInput.md +3 -3
package/docs/api/interfaces/VaultExportSecretInput.md +3 -3
package/docs/api/interfaces/VaultGetRequestInput.md +5 -5
package/docs/api/interfaces/VaultGrantAgentSecretInput.md +7 -7
package/docs/api/interfaces/VaultGrantSecretDestinationInput.md +7 -7
package/docs/api/interfaces/VaultId.md +1 -1
package/docs/api/interfaces/VaultImportAgentInput.md +5 -5
package/docs/api/interfaces/VaultIssueSessionTokenInput.md +5 -5
package/docs/api/interfaces/VaultListAgentsInput.md +3 -3
package/docs/api/interfaces/VaultListGrantsInput.md +7 -7
package/docs/api/interfaces/VaultListRequestsInput.md +5 -5
package/docs/api/interfaces/VaultListSecretsInput.md +3 -3
package/docs/api/interfaces/VaultMetadata.md +1 -1
package/docs/api/interfaces/VaultObject.md +1 -1
package/docs/api/interfaces/VaultPrincipal.md +1 -1
package/docs/api/interfaces/VaultProfile.md +1 -1
package/docs/api/interfaces/VaultReadAgentPrivateKeyInput.md +5 -5
package/docs/api/interfaces/VaultReadSecretPlaintextInput.md +3 -3
package/docs/api/interfaces/VaultRevokeAgentSecretInput.md +7 -7
package/docs/api/interfaces/VaultRevokeSecretDestinationInput.md +7 -7
package/docs/api/interfaces/VaultRevokeSessionTokenInput.md +1 -1
package/docs/api/interfaces/VaultService.md +8 -24
package/docs/api/interfaces/VaultUpdateAgentInput.md +5 -5
package/docs/api/type-aliases/AgentId.md +1 -1
package/docs/api/type-aliases/CbioRuntimeModule.md +1 -1
package/docs/api/type-aliases/DispatchApprovalDecision.md +1 -1
package/docs/api/type-aliases/GrantStatus.md +1 -1
package/docs/api/type-aliases/SecretLifecycleStatus.md +1 -1
package/docs/api/type-aliases/VaultPrincipalKind.md +1 -1
package/docs/api/variables/DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY.md +1 -1
package/docs/zh/README.md +9 -3
package/examples/process-isolation.ts +21 -21
package/package.json +2 -2
package/docs/api/enumerations/AuditAction.md +0 -143
package/docs/api/enumerations/AuditOutcome.md +0 -35

package/docs/api/type-aliases/GrantStatus.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.63.7**](../README.md)
+[**CBIO Node Runtime Agent API v1.64.0**](../README.md)
 ***

package/docs/api/type-aliases/SecretLifecycleStatus.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.63.7**](../README.md)
+[**CBIO Node Runtime Agent API v1.64.0**](../README.md)
 ***

package/docs/api/type-aliases/VaultPrincipalKind.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.63.7**](../README.md)
+[**CBIO Node Runtime Agent API v1.64.0**](../README.md)
 ***

package/docs/api/variables/DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY.md CHANGED Viewed

@@ -1,4 +1,4 @@
-[**CBIO Node Runtime Agent API v1.63.7**](../README.md)
+[**CBIO Node Runtime Agent API v1.64.0**](../README.md)
 ***

package/docs/zh/README.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # cbio Vault Runtime（中文文档）
-cbio Vault Runtime 采用 **Sovereign Vault（主权保险箱）** 架构：管理权限扎根于主密码，Agent 身份与机密材料由保险箱加密托管。
+cbio Vault Runtime 采用 **Vault（保险箱）** 架构：管理权限扎根于主密码，Agent 身份与机密材料由保险箱加密托管。
 ---
@@ -97,12 +97,18 @@ const sessionToken = createdAgent.sessionToken;
 v1.65+ 采用了简化的 **Grant（授权）** 模型，通过白名单控制访问：
 ```ts
-// 1. 创建机密
+// 1. 创建机密（严格语义：别名重复则报错）
 const record = await client.ownerCreateSecret({
   alias: 'api-token',
   plaintext: 'secret-value'
 });
+// 1b. 批量创建（原子性：全部成功或全部失败）
+await client.ownerCreateSecret([
+  { alias: 'stripe-key', plaintext: 'sk_test_...' },
+  { alias: 'openai-key', plaintext: 'sk-proj-...' }
+]);
 // 2. 授权 Agent 使用该机密
 await client.ownerGrantAgentSecret({
   rootAgentId,
@@ -112,7 +118,7 @@ await client.ownerGrantAgentSecret({
 // 3. 授权该机密可发送至的目标域名
 await client.ownerGrantSecretDestination({
   secretAlias: 'api-token',
-  domain: 'api.example.com',
+  siteId: 'api.example.com',
 });
 ```

package/examples/process-isolation.ts CHANGED Viewed

@@ -74,8 +74,8 @@ async function runAgentDemo(port: number, agentRecord: any, token: string) {
   try {
     const result = await agentClient.agentDispatch({
-      secretAlias: "api-token",
-      targetUrl: "https://httpbin.org/post",
+      secret_alias: "api-token",
+      target_url: "https://httpbin.org/post",
       method: "POST",
       reason: "LLM agent needs to perform isolated dispatch",
       body: JSON.stringify({ message: "Hello from isolated Process A" }),
@@ -101,48 +101,48 @@ async function main() {
   // Owner registers the agent and a grant (simulated local call for setup)
   await vault.ownerRegisterAgentIdentity({
-    vaultId: vault.vaultId,
-    requestId: `setup:${Date.now()}:register_agent`,
-    owner: { kind: "owner", id: ownerIdentity.rootAgentId },
+    vault_id: vault.vault_id,
+    request_id: `setup:${Date.now()}:register_agent`,
+    owner: { kind: "owner", id: ownerIdentity.root_agent_id },
     agentRecord: {
-      vaultId: vault.vaultId,
-      rootAgentId: agentRecord.rootAgentId,
-      publicKey: agentRecord.publicKey,
+      vault_id: vault.vault_id,
+      root_agent_id: agentRecord.root_agent_id,
+      public_key: agentRecord.public_key,
     },
-    requestedAt: new Date().toISOString(),
+    requested_at: new Date().toISOString(),
   });
   // Owner writes a secret (simulated local call for setup)
   const secret = await vault.ownerCreateSecret({
     kind: "owner.create_secret",
-    vaultId: vault.vaultId,
-    requestId: `setup:${Date.now()}:write_secret`,
-    owner: { kind: "owner", id: ownerIdentity.rootAgentId },
+    vault_id: vault.vault_id,
+    request_id: `setup:${Date.now()}:write_secret`,
+    owner: { kind: "owner", id: ownerIdentity.root_agent_id },
     alias: "api-token",
     plaintext: "SK-PROD-12345",
     source: { kind: "manual" },
-    requestedAt: new Date().toISOString(),
+    requested_at: new Date().toISOString(),
   });
   // Owner grants permissions (New Grant-based API)
   await vault.ownerGrantAgentSecret(
-    { kind: "owner", id: ownerIdentity.rootAgentId },
-    agentRecord.rootAgentId,
+    { kind: "owner", id: ownerIdentity.root_agent_id },
+    agentRecord.root_agent_id,
     "api-token"
   );
   await vault.ownerGrantSecretDestination(
-    { kind: "owner", id: ownerIdentity.rootAgentId },
+    { kind: "owner", id: ownerIdentity.root_agent_id },
     "api-token",
     "httpbin.org"
   );
   const session = await vault.ownerIssueSessionToken({
-    vaultId: vault.vaultId,
-    requestId: `setup:${Date.now()}:issue_session_token`,
-    actor: { kind: "owner", id: ownerIdentity.rootAgentId },
-    rootAgentId: agentRecord.rootAgentId,
-    requestedAt: new Date().toISOString(),
+    vault_id: vault.vault_id,
+    request_id: `setup:${Date.now()}:issue_session_token`,
+    actor: { kind: "owner", id: ownerIdentity.root_agent_id },
+    root_agent_id: agentRecord.root_agent_id,
+    requested_at: new Date().toISOString(),
   });
   // 3. Run the "LLM Agent" (Process A)

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@the-ai-company/cbio-node-runtime",
-  "version": "1.63.7",
+  "version": "1.64.0",
   "publishConfig": {
     "access": "public"
   },
@@ -28,7 +28,7 @@
   "scripts": {
     "build": "tsc",
     "build:docs": "npx typedoc --options typedoc.json",
-    "release": "npx standard-version && npm publish",
+    "release": "npm test && npx standard-version && npm publish",
     "prepare": "npm run build && npm run build:docs",
     "test": "npm run build && npm run test:types && npm run test:acceptance",
     "test:types": "tsc -p tsconfig.type-tests.json --noEmit",

package/docs/api/enumerations/AuditAction.md DELETED Viewed

@@ -1,143 +0,0 @@
-[**CBIO Node Runtime Agent API v1.63.7**](../README.md)
-***
-# Enumeration: AuditAction
-## Enumeration Members
-### APPROVE\_DISPATCH
-> **APPROVE\_DISPATCH**: `"APPROVE_DISPATCH"`
-***
-### DELETE\_SECRET
-> **DELETE\_SECRET**: `"DELETE_SECRET"`
-***
-### DISPATCH\_SECRET
-> **DISPATCH\_SECRET**: `"DISPATCH_SECRET"`
-***
-### EVALUATE\_DISPATCH\_POLICY
-> **EVALUATE\_DISPATCH\_POLICY**: `"EVALUATE_DISPATCH_POLICY"`
-***
-### EXPORT\_SECRET
-> **EXPORT\_SECRET**: `"EXPORT_SECRET"`
-***
-### GRANT\_AGENT\_SECRET
-> **GRANT\_AGENT\_SECRET**: `"GRANT_AGENT_SECRET"`
-***
-### GRANT\_SECRET\_DESTINATION
-> **GRANT\_SECRET\_DESTINATION**: `"GRANT_SECRET_DESTINATION"`
-***
-### ISSUE\_SESSION\_TOKEN
-> **ISSUE\_SESSION\_TOKEN**: `"ISSUE_SESSION_TOKEN"`
-***
-### LIST\_AGENTS
-> **LIST\_AGENTS**: `"LIST_AGENTS"`
-***
-### LIST\_GRANTS
-> **LIST\_GRANTS**: `"LIST_GRANTS"`
-***
-### LIST\_REQUESTS
-> **LIST\_REQUESTS**: `"LIST_REQUESTS"`
-***
-### LIST\_SECRETS
-> **LIST\_SECRETS**: `"LIST_SECRETS"`
-***
-### PENDING\_DISPATCH\_APPROVAL
-> **PENDING\_DISPATCH\_APPROVAL**: `"PENDING_DISPATCH_APPROVAL"`
-***
-### READ\_AUDIT
-> **READ\_AUDIT**: `"READ_AUDIT"`
-***
-### READ\_REQUEST
-> **READ\_REQUEST**: `"READ_REQUEST"`
-***
-### REASSIGN\_ALIAS
-> **REASSIGN\_ALIAS**: `"REASSIGN_ALIAS"`
-***
-### REGISTER\_AGENT\_IDENTITY
-> **REGISTER\_AGENT\_IDENTITY**: `"REGISTER_AGENT_IDENTITY"`
-***
-### REJECT\_DISPATCH
-> **REJECT\_DISPATCH**: `"REJECT_DISPATCH"`
-***
-### REVOKE\_AGENT\_SECRET
-> **REVOKE\_AGENT\_SECRET**: `"REVOKE_AGENT_SECRET"`
-***
-### REVOKE\_SECRET\_DESTINATION
-> **REVOKE\_SECRET\_DESTINATION**: `"REVOKE_SECRET_DESTINATION"`
-***
-### REVOKE\_SESSION\_TOKEN
-> **REVOKE\_SESSION\_TOKEN**: `"REVOKE_SESSION_TOKEN"`
-***
-### UPDATE\_AGENT\_IDENTITY
-> **UPDATE\_AGENT\_IDENTITY**: `"UPDATE_AGENT_IDENTITY"`
-***
-### WRITE\_SECRET
-> **WRITE\_SECRET**: `"WRITE_SECRET"`

package/docs/api/enumerations/AuditOutcome.md DELETED Viewed

@@ -1,35 +0,0 @@
-[**CBIO Node Runtime Agent API v1.63.7**](../README.md)
-***
-# Enumeration: AuditOutcome
-## Enumeration Members
-### ALLOWED
-> **ALLOWED**: `"ALLOWED"`
-***
-### DENIED
-> **DENIED**: `"DENIED"`
-***
-### FAILED
-> **FAILED**: `"FAILED"`
-***
-### PENDING
-> **PENDING**: `"PENDING"`
-***
-### SUCCEEDED
-> **SUCCEEDED**: `"SUCCEEDED"`