@the-ai-company/cbio-node-runtime 1.65.0 → 1.66.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/vault-core/contracts.d.ts +1 -2
- package/dist/vault-core/core.js +6 -8
- package/dist/vault-core/core.js.map +1 -1
- package/dist/vault-core/defaults.d.ts +5 -4
- package/dist/vault-core/defaults.js +32 -15
- package/dist/vault-core/defaults.js.map +1 -1
- package/dist/vault-core/persistence.d.ts +17 -2
- package/dist/vault-core/persistence.js +70 -22
- package/dist/vault-core/persistence.js.map +1 -1
- package/dist/vault-core/ports.d.ts +1 -1
- package/docs/IDENTITY_MODEL.md +1 -1
- package/docs/REFERENCE.md +1 -1
- package/docs/api/README.md +2 -2
- package/docs/api/classes/IdentityError.md +1 -1
- package/docs/api/classes/OwnerClientError.md +1 -1
- package/docs/api/classes/PersistentVaultAgentIdentityRegistry.md +1 -1
- package/docs/api/classes/PersistentVaultAgentSecretGrantRegistry.md +1 -1
- package/docs/api/classes/PersistentVaultAuditLog.md +1 -1
- package/docs/api/classes/PersistentVaultSecretCustody.md +1 -1
- package/docs/api/classes/PersistentVaultSecretDestinationGrantRegistry.md +1 -1
- package/docs/api/classes/PersistentVaultSecretRepository.md +1 -1
- package/docs/api/classes/VaultCore.md +1 -1
- package/docs/api/classes/VaultCoreError.md +1 -1
- package/docs/api/enumerations/AuditOperation.md +1 -1
- package/docs/api/enumerations/DispatchStatus.md +1 -1
- package/docs/api/enumerations/IdentityErrorCode.md +1 -1
- package/docs/api/enumerations/OwnerClientErrorCode.md +1 -1
- package/docs/api/functions/createAgentClient.md +1 -1
- package/docs/api/functions/createIdentity.md +1 -1
- package/docs/api/functions/createOwnerClient.md +1 -1
- package/docs/api/functions/createOwnerSession.md +1 -1
- package/docs/api/functions/createPersistentVaultCoreDependencies.md +1 -1
- package/docs/api/functions/createVault.md +1 -1
- package/docs/api/functions/createVaultCore.md +1 -1
- package/docs/api/functions/createVaultCoreDependencies.md +1 -1
- package/docs/api/functions/createVaultService.md +1 -1
- package/docs/api/functions/createWorkspaceStorage.md +1 -1
- package/docs/api/functions/deriveRootAgentId.md +1 -1
- package/docs/api/functions/deriveVaultWorkingKeyFromPassword.md +1 -1
- package/docs/api/functions/getDefaultWorkspaceDir.md +1 -1
- package/docs/api/functions/handleVaultAgentControlHttp.md +1 -1
- package/docs/api/functions/handleVaultHttpDispatch.md +1 -1
- package/docs/api/functions/initializeVaultCustody.md +1 -1
- package/docs/api/functions/listVaults.md +1 -1
- package/docs/api/functions/readVaultProfile.md +1 -1
- package/docs/api/functions/recoverVault.md +1 -1
- package/docs/api/functions/recoverVaultWorkingKey.md +1 -1
- package/docs/api/functions/restoreIdentity.md +1 -1
- package/docs/api/functions/updateVaultMetadata.md +1 -1
- package/docs/api/functions/writeVaultProfile.md +1 -1
- package/docs/api/interfaces/AgentClient.md +1 -1
- package/docs/api/interfaces/AgentDispatchIntent.md +1 -1
- package/docs/api/interfaces/AgentDispatchTransport.md +1 -1
- package/docs/api/interfaces/AgentIdentity.md +1 -1
- package/docs/api/interfaces/AgentIdentityRecord.md +3 -3
- package/docs/api/interfaces/AgentRequestResult.md +1 -1
- package/docs/api/interfaces/AgentRuntimeManifest.md +1 -1
- package/docs/api/interfaces/AgentSecretGrant.md +1 -1
- package/docs/api/interfaces/AgentSigner.md +1 -1
- package/docs/api/interfaces/AgentVisibleRequestRecord.md +1 -1
- package/docs/api/interfaces/AgentVisibleSecretRecord.md +1 -1
- package/docs/api/interfaces/AuditEntry.md +1 -1
- package/docs/api/interfaces/CbioRuntime.md +1 -1
- package/docs/api/interfaces/CreateAgentClientOptions.md +1 -1
- package/docs/api/interfaces/CreateIdentityOptions.md +1 -1
- package/docs/api/interfaces/CreateOwnerClientOptions.md +1 -1
- package/docs/api/interfaces/CreateOwnerSessionOptions.md +91 -1
- package/docs/api/interfaces/CreatePersistentVaultCoreDependenciesOptions.md +71 -1
- package/docs/api/interfaces/CreateVaultOptions.md +91 -1
- package/docs/api/interfaces/CreatedVault.md +1 -1
- package/docs/api/interfaces/DefaultPolicyEngineOptions.md +1 -1
- package/docs/api/interfaces/DispatchAuthorization.md +1 -1
- package/docs/api/interfaces/DispatchInstruction.md +1 -1
- package/docs/api/interfaces/DispatchRequest.md +1 -1
- package/docs/api/interfaces/DispatchResult.md +1 -1
- package/docs/api/interfaces/IStorageProvider.md +1 -1
- package/docs/api/interfaces/InitializeVaultCustodyOptions.md +1 -1
- package/docs/api/interfaces/InitializedVaultCustody.md +1 -1
- package/docs/api/interfaces/OwnerAgentProvisionResult.md +1 -1
- package/docs/api/interfaces/OwnerClient.md +1 -1
- package/docs/api/interfaces/OwnerCreateSecretInput.md +1 -1
- package/docs/api/interfaces/OwnerRemoveSecretInput.md +1 -1
- package/docs/api/interfaces/OwnerRequestRecord.md +1 -1
- package/docs/api/interfaces/OwnerSensitiveActionConfirmation.md +1 -1
- package/docs/api/interfaces/OwnerSensitiveActionContext.md +1 -1
- package/docs/api/interfaces/OwnerSession.md +1 -1
- package/docs/api/interfaces/OwnerUpdateSecretInput.md +1 -1
- package/docs/api/interfaces/OwnerVisibleRequestRecord.md +1 -1
- package/docs/api/interfaces/RecoverVaultOptions.md +91 -1
- package/docs/api/interfaces/RecoveredVault.md +1 -1
- package/docs/api/interfaces/RequestRecord.md +1 -1
- package/docs/api/interfaces/RestoreIdentityOptions.md +1 -1
- package/docs/api/interfaces/SecretAlias.md +1 -1
- package/docs/api/interfaces/SecretDestinationGrant.md +1 -1
- package/docs/api/interfaces/SecretId.md +1 -1
- package/docs/api/interfaces/SecretRecord.md +1 -1
- package/docs/api/interfaces/Signer.md +1 -1
- package/docs/api/interfaces/VaultApproveDispatchInput.md +1 -1
- package/docs/api/interfaces/VaultAuditQueryInput.md +1 -1
- package/docs/api/interfaces/VaultCoreDependenciesOptions.md +3 -3
- package/docs/api/interfaces/VaultCreateAgentInput.md +1 -1
- package/docs/api/interfaces/VaultExportSecretInput.md +1 -1
- package/docs/api/interfaces/VaultGetRequestInput.md +1 -1
- package/docs/api/interfaces/VaultGrantAgentSecretInput.md +1 -1
- package/docs/api/interfaces/VaultGrantSecretDestinationInput.md +1 -1
- package/docs/api/interfaces/VaultId.md +1 -1
- package/docs/api/interfaces/VaultImportAgentInput.md +1 -1
- package/docs/api/interfaces/VaultIssueSessionTokenInput.md +1 -1
- package/docs/api/interfaces/VaultListAgentsInput.md +1 -1
- package/docs/api/interfaces/VaultListGrantsInput.md +1 -1
- package/docs/api/interfaces/VaultListRequestsInput.md +1 -1
- package/docs/api/interfaces/VaultListSecretsInput.md +1 -1
- package/docs/api/interfaces/VaultMetadata.md +1 -1
- package/docs/api/interfaces/VaultObject.md +1 -1
- package/docs/api/interfaces/VaultPrincipal.md +1 -1
- package/docs/api/interfaces/VaultProfile.md +1 -1
- package/docs/api/interfaces/VaultReadAgentPrivateKeyInput.md +1 -1
- package/docs/api/interfaces/VaultReadSecretPlaintextInput.md +1 -1
- package/docs/api/interfaces/VaultRevokeAgentSecretInput.md +1 -1
- package/docs/api/interfaces/VaultRevokeSecretDestinationInput.md +1 -1
- package/docs/api/interfaces/VaultRevokeSessionTokenInput.md +1 -1
- package/docs/api/interfaces/VaultService.md +1 -1
- package/docs/api/interfaces/VaultUpdateAgentInput.md +1 -1
- package/docs/api/type-aliases/AgentId.md +1 -1
- package/docs/api/type-aliases/CbioRuntimeModule.md +1 -1
- package/docs/api/type-aliases/DispatchApprovalDecision.md +1 -1
- package/docs/api/type-aliases/GrantStatus.md +1 -1
- package/docs/api/type-aliases/SecretLifecycleStatus.md +1 -1
- package/docs/api/type-aliases/VaultPrincipalKind.md +1 -1
- package/docs/api/variables/DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY.md +1 -1
- package/docs/zh/README.md +2 -2
- package/package.json +2 -2
|
@@ -82,7 +82,7 @@ export interface VaultCoreDependencies {
|
|
|
82
82
|
requests: RequestRecordRegistry;
|
|
83
83
|
agentProofVerifier: AgentProofVerifier;
|
|
84
84
|
replayGuard: ReplayGuard;
|
|
85
|
-
|
|
85
|
+
sessionTokenRegistry: ISessionTokenRegistry;
|
|
86
86
|
clock: Clock;
|
|
87
87
|
ids: IdGenerator;
|
|
88
88
|
}
|
package/docs/IDENTITY_MODEL.md
CHANGED
|
@@ -18,7 +18,7 @@ A principal represented by a public/private keypair managed *outside* the vault.
|
|
|
18
18
|
An identity whose public/private keypair is generated and stored **inside** the vault.
|
|
19
19
|
- The vault acts as the custodian of the private key.
|
|
20
20
|
- This is the preferred model for preventing lost keys in isolated agent processes.
|
|
21
|
-
- **Session Tokens**: Managed identities can be accessed via revocable session tokens (`sat_...`), allowing agents to authenticate without holding the private key in memory.
|
|
21
|
+
- **Session Tokens**: Managed identities can be accessed via revocable session tokens (`sat_...`), allowing agents to authenticate without holding the private key in memory. In the default in-memory runtime, each managed agent has exactly one current session token.
|
|
22
22
|
|
|
23
23
|
## Identifying Principals
|
|
24
24
|
|
package/docs/REFERENCE.md
CHANGED
|
@@ -64,7 +64,7 @@ The system uses a domain-level white-list model:
|
|
|
64
64
|
|
|
65
65
|
### Deployment Models
|
|
66
66
|
1. **Managed**: The runtime handles private keys internally.
|
|
67
|
-
2. **Session-based**: Agents use
|
|
67
|
+
2. **Session-based**: Agents use revocable `sat_...` session tokens issued by the owner. In the default in-memory runtime, each agent has exactly one current token at a time.
|
|
68
68
|
|
|
69
69
|
### Storage Layout
|
|
70
70
|
- `profile.sealed`: Vault metadata.
|
package/docs/api/README.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
[**CBIO Node Runtime Agent API v1.
|
|
1
|
+
[**CBIO Node Runtime Agent API v1.66.0**](../README.md)
|
|
2
2
|
|
|
3
3
|
***
|
|
4
4
|
|
|
@@ -36,9 +36,9 @@
|
|
|
36
36
|
|
|
37
37
|
***
|
|
38
38
|
|
|
39
|
-
### session\
|
|
39
|
+
### session\_token?
|
|
40
40
|
|
|
41
|
-
> `optional` **session\
|
|
41
|
+
> `optional` **session\_token?**: `StoredSessionToken`
|
|
42
42
|
|
|
43
43
|
***
|
|
44
44
|
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
[**CBIO Node Runtime Agent API v1.
|
|
1
|
+
[**CBIO Node Runtime Agent API v1.66.0**](../README.md)
|
|
2
2
|
|
|
3
3
|
***
|
|
4
4
|
|
|
@@ -10,12 +10,82 @@
|
|
|
10
10
|
|
|
11
11
|
## Properties
|
|
12
12
|
|
|
13
|
+
### authHeaderName?
|
|
14
|
+
|
|
15
|
+
> `optional` **authHeaderName?**: `string`
|
|
16
|
+
|
|
17
|
+
#### Inherited from
|
|
18
|
+
|
|
19
|
+
[`CreatePersistentVaultCoreDependenciesOptions`](CreatePersistentVaultCoreDependenciesOptions.md).[`authHeaderName`](CreatePersistentVaultCoreDependenciesOptions.md#authheadername)
|
|
20
|
+
|
|
21
|
+
***
|
|
22
|
+
|
|
23
|
+
### authPrefix?
|
|
24
|
+
|
|
25
|
+
> `optional` **authPrefix?**: `string`
|
|
26
|
+
|
|
27
|
+
#### Inherited from
|
|
28
|
+
|
|
29
|
+
[`CreatePersistentVaultCoreDependenciesOptions`](CreatePersistentVaultCoreDependenciesOptions.md).[`authPrefix`](CreatePersistentVaultCoreDependenciesOptions.md#authprefix)
|
|
30
|
+
|
|
31
|
+
***
|
|
32
|
+
|
|
13
33
|
### clock?
|
|
14
34
|
|
|
15
35
|
> `optional` **clock?**: `Clock`
|
|
16
36
|
|
|
17
37
|
***
|
|
18
38
|
|
|
39
|
+
### fetchImpl?
|
|
40
|
+
|
|
41
|
+
> `optional` **fetchImpl?**: \{(`input`, `init?`): `Promise`\<`Response`\>; (`input`, `init?`): `Promise`\<`Response`\>; \}
|
|
42
|
+
|
|
43
|
+
#### Call Signature
|
|
44
|
+
|
|
45
|
+
> (`input`, `init?`): `Promise`\<`Response`\>
|
|
46
|
+
|
|
47
|
+
[MDN Reference](https://developer.mozilla.org/docs/Web/API/Window/fetch)
|
|
48
|
+
|
|
49
|
+
##### Parameters
|
|
50
|
+
|
|
51
|
+
###### input
|
|
52
|
+
|
|
53
|
+
`URL` \| `RequestInfo`
|
|
54
|
+
|
|
55
|
+
###### init?
|
|
56
|
+
|
|
57
|
+
`RequestInit`
|
|
58
|
+
|
|
59
|
+
##### Returns
|
|
60
|
+
|
|
61
|
+
`Promise`\<`Response`\>
|
|
62
|
+
|
|
63
|
+
#### Call Signature
|
|
64
|
+
|
|
65
|
+
> (`input`, `init?`): `Promise`\<`Response`\>
|
|
66
|
+
|
|
67
|
+
[MDN Reference](https://developer.mozilla.org/docs/Web/API/Window/fetch)
|
|
68
|
+
|
|
69
|
+
##### Parameters
|
|
70
|
+
|
|
71
|
+
###### input
|
|
72
|
+
|
|
73
|
+
`string` \| `URL` \| `Request`
|
|
74
|
+
|
|
75
|
+
###### init?
|
|
76
|
+
|
|
77
|
+
`RequestInit`
|
|
78
|
+
|
|
79
|
+
##### Returns
|
|
80
|
+
|
|
81
|
+
`Promise`\<`Response`\>
|
|
82
|
+
|
|
83
|
+
#### Inherited from
|
|
84
|
+
|
|
85
|
+
[`CreatePersistentVaultCoreDependenciesOptions`](CreatePersistentVaultCoreDependenciesOptions.md).[`fetchImpl`](CreatePersistentVaultCoreDependenciesOptions.md#fetchimpl)
|
|
86
|
+
|
|
87
|
+
***
|
|
88
|
+
|
|
19
89
|
### password
|
|
20
90
|
|
|
21
91
|
> **password**: `string`
|
|
@@ -26,6 +96,26 @@
|
|
|
26
96
|
|
|
27
97
|
***
|
|
28
98
|
|
|
99
|
+
### proofVerifier?
|
|
100
|
+
|
|
101
|
+
> `optional` **proofVerifier?**: `SignatureAgentProofVerifierOptions`
|
|
102
|
+
|
|
103
|
+
#### Inherited from
|
|
104
|
+
|
|
105
|
+
[`CreatePersistentVaultCoreDependenciesOptions`](CreatePersistentVaultCoreDependenciesOptions.md).[`proofVerifier`](CreatePersistentVaultCoreDependenciesOptions.md#proofverifier)
|
|
106
|
+
|
|
107
|
+
***
|
|
108
|
+
|
|
109
|
+
### replayGuard?
|
|
110
|
+
|
|
111
|
+
> `optional` **replayGuard?**: `ReplayGuard`
|
|
112
|
+
|
|
113
|
+
#### Inherited from
|
|
114
|
+
|
|
115
|
+
[`CreatePersistentVaultCoreDependenciesOptions`](CreatePersistentVaultCoreDependenciesOptions.md).[`replayGuard`](CreatePersistentVaultCoreDependenciesOptions.md#replayguard)
|
|
116
|
+
|
|
117
|
+
***
|
|
118
|
+
|
|
29
119
|
### sensitiveActionVerifier?
|
|
30
120
|
|
|
31
121
|
> `optional` **sensitiveActionVerifier?**: (`confirmation`, `context`) => `boolean` \| `Promise`\<`boolean`\>
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
[**CBIO Node Runtime Agent API v1.
|
|
1
|
+
[**CBIO Node Runtime Agent API v1.66.0**](../README.md)
|
|
2
2
|
|
|
3
3
|
***
|
|
4
4
|
|
|
@@ -6,6 +6,76 @@
|
|
|
6
6
|
|
|
7
7
|
## Properties
|
|
8
8
|
|
|
9
|
+
### authHeaderName?
|
|
10
|
+
|
|
11
|
+
> `optional` **authHeaderName?**: `string`
|
|
12
|
+
|
|
13
|
+
***
|
|
14
|
+
|
|
15
|
+
### authPrefix?
|
|
16
|
+
|
|
17
|
+
> `optional` **authPrefix?**: `string`
|
|
18
|
+
|
|
19
|
+
***
|
|
20
|
+
|
|
21
|
+
### fetchImpl?
|
|
22
|
+
|
|
23
|
+
> `optional` **fetchImpl?**: \{(`input`, `init?`): `Promise`\<`Response`\>; (`input`, `init?`): `Promise`\<`Response`\>; \}
|
|
24
|
+
|
|
25
|
+
#### Call Signature
|
|
26
|
+
|
|
27
|
+
> (`input`, `init?`): `Promise`\<`Response`\>
|
|
28
|
+
|
|
29
|
+
[MDN Reference](https://developer.mozilla.org/docs/Web/API/Window/fetch)
|
|
30
|
+
|
|
31
|
+
##### Parameters
|
|
32
|
+
|
|
33
|
+
###### input
|
|
34
|
+
|
|
35
|
+
`URL` \| `RequestInfo`
|
|
36
|
+
|
|
37
|
+
###### init?
|
|
38
|
+
|
|
39
|
+
`RequestInit`
|
|
40
|
+
|
|
41
|
+
##### Returns
|
|
42
|
+
|
|
43
|
+
`Promise`\<`Response`\>
|
|
44
|
+
|
|
45
|
+
#### Call Signature
|
|
46
|
+
|
|
47
|
+
> (`input`, `init?`): `Promise`\<`Response`\>
|
|
48
|
+
|
|
49
|
+
[MDN Reference](https://developer.mozilla.org/docs/Web/API/Window/fetch)
|
|
50
|
+
|
|
51
|
+
##### Parameters
|
|
52
|
+
|
|
53
|
+
###### input
|
|
54
|
+
|
|
55
|
+
`string` \| `URL` \| `Request`
|
|
56
|
+
|
|
57
|
+
###### init?
|
|
58
|
+
|
|
59
|
+
`RequestInit`
|
|
60
|
+
|
|
61
|
+
##### Returns
|
|
62
|
+
|
|
63
|
+
`Promise`\<`Response`\>
|
|
64
|
+
|
|
65
|
+
***
|
|
66
|
+
|
|
67
|
+
### proofVerifier?
|
|
68
|
+
|
|
69
|
+
> `optional` **proofVerifier?**: `SignatureAgentProofVerifierOptions`
|
|
70
|
+
|
|
71
|
+
***
|
|
72
|
+
|
|
73
|
+
### replayGuard?
|
|
74
|
+
|
|
75
|
+
> `optional` **replayGuard?**: `ReplayGuard`
|
|
76
|
+
|
|
77
|
+
***
|
|
78
|
+
|
|
9
79
|
### vault\_id
|
|
10
80
|
|
|
11
81
|
> **vault\_id**: `string`
|