@the-ai-company/cbio-node-runtime 1.72.0 → 1.74.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +20 -35
- package/dist/clients/agent/client.d.ts +7 -6
- package/dist/clients/agent/client.js +32 -16
- package/dist/clients/agent/client.js.map +1 -1
- package/dist/clients/agent/contracts.d.ts +9 -4
- package/dist/clients/agent/index.d.ts +1 -1
- package/dist/clients/owner/client.js +19 -19
- package/dist/clients/owner/client.js.map +1 -1
- package/dist/clients/owner/contracts.d.ts +2 -2
- package/dist/public-types.d.ts +3 -3
- package/dist/public-types.js +1 -1
- package/dist/public-types.js.map +1 -1
- package/dist/runtime/bootstrap.js +30 -14
- package/dist/runtime/bootstrap.js.map +1 -1
- package/dist/runtime/index.d.ts +3 -3
- package/dist/runtime/index.js +1 -1
- package/dist/runtime/index.js.map +1 -1
- package/dist/storage/prefix.d.ts +1 -1
- package/dist/storage/prefix.js +2 -2
- package/dist/storage/prefix.js.map +1 -1
- package/dist/vault-core/contracts.d.ts +30 -142
- package/dist/vault-core/contracts.js +0 -20
- package/dist/vault-core/contracts.js.map +1 -1
- package/dist/vault-core/core.d.ts +17 -9
- package/dist/vault-core/core.js +85 -225
- package/dist/vault-core/core.js.map +1 -1
- package/dist/vault-core/defaults.d.ts +2 -4
- package/dist/vault-core/defaults.js +50 -47
- package/dist/vault-core/defaults.js.map +1 -1
- package/dist/vault-core/index.d.ts +2 -2
- package/dist/vault-core/index.js +1 -1
- package/dist/vault-core/index.js.map +1 -1
- package/dist/vault-core/persistence.d.ts +2 -4
- package/dist/vault-core/persistence.js +82 -85
- package/dist/vault-core/persistence.js.map +1 -1
- package/dist/vault-core/ports.d.ts +2 -4
- package/dist/vault-ingress/defaults.d.ts +3 -2
- package/dist/vault-ingress/defaults.js +6 -3
- package/dist/vault-ingress/defaults.js.map +1 -1
- package/dist/vault-ingress/index.d.ts +14 -5
- package/dist/vault-ingress/index.js +23 -29
- package/dist/vault-ingress/index.js.map +1 -1
- package/dist/vault-ingress/remote-transport.d.ts +3 -2
- package/dist/vault-ingress/remote-transport.js +19 -7
- package/dist/vault-ingress/remote-transport.js.map +1 -1
- package/dist/vault-ingress/server-utils.d.ts +1 -2
- package/dist/vault-ingress/server-utils.js +1 -1
- package/dist/vault-ingress/server-utils.js.map +1 -1
- package/docs/ARCHITECTURE.md +16 -14
- package/docs/REFERENCE.md +20 -37
- package/docs/api/README.md +6 -9
- package/docs/api/classes/IdentityError.md +1 -1
- package/docs/api/classes/OwnerClientError.md +1 -1
- package/docs/api/classes/PersistentVaultAgentIdentityRegistry.md +3 -3
- package/docs/api/classes/PersistentVaultAgentSecretGrantRegistry.md +6 -6
- package/docs/api/classes/PersistentVaultAuditLog.md +2 -2
- package/docs/api/classes/PersistentVaultSecretCustody.md +4 -4
- package/docs/api/classes/PersistentVaultSecretDestinationGrantRegistry.md +7 -7
- package/docs/api/classes/PersistentVaultSecretRepository.md +4 -6
- package/docs/api/classes/VaultCore.md +55 -21
- package/docs/api/classes/VaultCoreError.md +1 -1
- package/docs/api/enumerations/DispatchStatus.md +1 -1
- package/docs/api/enumerations/IdentityErrorCode.md +1 -1
- package/docs/api/enumerations/OwnerClientErrorCode.md +1 -1
- package/docs/api/functions/createAgentClient.md +1 -3
- package/docs/api/functions/createIdentity.md +1 -1
- package/docs/api/functions/createOwnerClient.md +1 -1
- package/docs/api/functions/createPersistentVaultCoreDependencies.md +1 -1
- package/docs/api/functions/createVault.md +1 -1
- package/docs/api/functions/createVaultCore.md +1 -1
- package/docs/api/functions/createVaultCoreDependencies.md +1 -1
- package/docs/api/functions/createVaultService.md +1 -1
- package/docs/api/functions/createWorkspaceStorage.md +1 -1
- package/docs/api/functions/deriveRootAgentId.md +1 -1
- package/docs/api/functions/deriveVaultWorkingKeyFromPassword.md +1 -1
- package/docs/api/functions/getDefaultWorkspaceDir.md +1 -1
- package/docs/api/functions/handleVaultAgentControlHttp.md +1 -1
- package/docs/api/functions/handleVaultAuditSse.md +1 -1
- package/docs/api/functions/handleVaultHttpDispatch.md +1 -1
- package/docs/api/functions/handleVaultPendingDispatchSse.md +1 -1
- package/docs/api/functions/initializeVaultCustody.md +1 -1
- package/docs/api/functions/listVaults.md +1 -1
- package/docs/api/functions/openOwnerSession.md +1 -1
- package/docs/api/functions/readVaultProfile.md +1 -1
- package/docs/api/functions/recoverVault.md +1 -1
- package/docs/api/functions/recoverVaultWorkingKey.md +1 -1
- package/docs/api/functions/restoreIdentity.md +1 -1
- package/docs/api/functions/updateVaultMetadata.md +1 -1
- package/docs/api/functions/writeVaultProfile.md +1 -1
- package/docs/api/interfaces/AgentAuditTestPingInput.md +17 -0
- package/docs/api/interfaces/AgentClient.md +23 -5
- package/docs/api/interfaces/AgentDispatchIntent.md +1 -1
- package/docs/api/interfaces/AgentDispatchTransport.md +21 -5
- package/docs/api/interfaces/AgentIdentity.md +1 -1
- package/docs/api/interfaces/AgentIdentityRecord.md +2 -2
- package/docs/api/interfaces/AgentRequestRecord.md +93 -11
- package/docs/api/interfaces/AgentRuntimeManifest.md +1 -1
- package/docs/api/interfaces/AgentSecretGrant.md +3 -3
- package/docs/api/interfaces/AgentSigner.md +1 -1
- package/docs/api/interfaces/AuditEntry.md +9 -59
- package/docs/api/interfaces/CbioRuntime.md +1 -3
- package/docs/api/interfaces/CreateAgentClientOptions.md +1 -1
- package/docs/api/interfaces/CreateIdentityOptions.md +1 -1
- package/docs/api/interfaces/CreateOwnerClientOptions.md +1 -1
- package/docs/api/interfaces/CreatePersistentVaultCoreDependenciesOptions.md +1 -1
- package/docs/api/interfaces/CreateVaultOptions.md +1 -1
- package/docs/api/interfaces/CreatedVault.md +1 -1
- package/docs/api/interfaces/DefaultPolicyEngineOptions.md +1 -1
- package/docs/api/interfaces/DispatchAuthorization.md +3 -3
- package/docs/api/interfaces/DispatchInstruction.md +3 -3
- package/docs/api/interfaces/DispatchRequest.md +4 -4
- package/docs/api/interfaces/DispatchResult.md +2 -2
- package/docs/api/interfaces/IStorageProvider.md +1 -1
- package/docs/api/interfaces/InitializeVaultCustodyOptions.md +1 -1
- package/docs/api/interfaces/InitializedVaultCustody.md +1 -1
- package/docs/api/interfaces/OpenOwnerSessionOptions.md +1 -1
- package/docs/api/interfaces/OwnerAgentProvisionResult.md +1 -1
- package/docs/api/interfaces/OwnerAuditSubscription.md +3 -3
- package/docs/api/interfaces/OwnerClient.md +5 -5
- package/docs/api/interfaces/OwnerCreateSecretInput.md +1 -1
- package/docs/api/interfaces/OwnerPendingDispatchSubscription.md +1 -1
- package/docs/api/interfaces/OwnerRemoveSecretInput.md +1 -1
- package/docs/api/interfaces/OwnerRequestRecord.md +73 -11
- package/docs/api/interfaces/OwnerSensitiveActionConfirmation.md +1 -1
- package/docs/api/interfaces/OwnerSensitiveActionContext.md +1 -1
- package/docs/api/interfaces/OwnerSession.md +1 -1
- package/docs/api/interfaces/OwnerUpdateSecretInput.md +1 -1
- package/docs/api/interfaces/PendingDispatchEvent.md +1 -1
- package/docs/api/interfaces/RecoverVaultOptions.md +1 -1
- package/docs/api/interfaces/RecoveredVault.md +1 -1
- package/docs/api/interfaces/RequestRecord.md +8 -7
- package/docs/api/interfaces/RestoreIdentityOptions.md +1 -1
- package/docs/api/interfaces/SecretDestinationGrant.md +3 -3
- package/docs/api/interfaces/SecretRecord.md +7 -7
- package/docs/api/interfaces/Signer.md +1 -1
- package/docs/api/interfaces/VaultApproveDispatchInput.md +1 -1
- package/docs/api/interfaces/VaultAuditQueryInput.md +1 -1
- package/docs/api/interfaces/VaultCoreDependenciesOptions.md +1 -1
- package/docs/api/interfaces/VaultCreateAgentInput.md +1 -1
- package/docs/api/interfaces/VaultExportSecretInput.md +1 -1
- package/docs/api/interfaces/VaultGetRequestInput.md +1 -1
- package/docs/api/interfaces/VaultGrantAgentSecretInput.md +1 -1
- package/docs/api/interfaces/VaultGrantSecretDestinationInput.md +1 -1
- package/docs/api/interfaces/VaultImportAgentInput.md +1 -1
- package/docs/api/interfaces/VaultIssueSessionTokenInput.md +1 -1
- package/docs/api/interfaces/VaultListAgentsInput.md +1 -1
- package/docs/api/interfaces/VaultListGrantsInput.md +1 -1
- package/docs/api/interfaces/VaultListRequestsInput.md +1 -1
- package/docs/api/interfaces/VaultListSecretsInput.md +1 -1
- package/docs/api/interfaces/VaultMetadata.md +1 -1
- package/docs/api/interfaces/VaultObject.md +1 -1
- package/docs/api/interfaces/VaultPrincipal.md +1 -1
- package/docs/api/interfaces/VaultProfile.md +1 -1
- package/docs/api/interfaces/VaultReadAgentPrivateKeyInput.md +1 -1
- package/docs/api/interfaces/VaultReadSecretPlaintextInput.md +1 -1
- package/docs/api/interfaces/VaultRevokeAgentSecretInput.md +1 -1
- package/docs/api/interfaces/VaultRevokeSecretDestinationInput.md +1 -1
- package/docs/api/interfaces/VaultRevokeSessionTokenInput.md +1 -1
- package/docs/api/interfaces/VaultService.md +28 -12
- package/docs/api/interfaces/VaultUpdateAgentInput.md +1 -1
- package/docs/api/type-aliases/AgentId.md +1 -1
- package/docs/api/type-aliases/AgentRequestResult.md +1 -1
- package/docs/api/type-aliases/CbioRuntimeModule.md +1 -1
- package/docs/api/type-aliases/DispatchApprovalDecision.md +1 -1
- package/docs/api/type-aliases/GrantStatus.md +1 -1
- package/docs/api/type-aliases/SecretAlias.md +7 -0
- package/docs/api/type-aliases/SecretId.md +7 -0
- package/docs/api/type-aliases/SecretLifecycleStatus.md +1 -1
- package/docs/api/type-aliases/VaultId.md +7 -0
- package/docs/api/type-aliases/VaultPrincipalKind.md +1 -1
- package/docs/api/variables/DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY.md +1 -1
- package/docs/zh/README.md +33 -66
- package/package.json +1 -1
- package/docs/api/enumerations/AuditOperation.md +0 -107
- package/docs/api/interfaces/AgentVisibleRequestRecord.md +0 -59
- package/docs/api/interfaces/AgentVisibleSecretRecord.md +0 -65
- package/docs/api/interfaces/OwnerVisibleRequestRecord.md +0 -79
- package/docs/api/interfaces/SecretAlias.md +0 -11
- package/docs/api/interfaces/SecretId.md +0 -11
- package/docs/api/interfaces/VaultId.md +0 -11
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { createVaultCore } from "../vault-core/core.js";
|
|
2
|
-
import { createPersistentVaultCoreDependencies, } from "../vault-core/index.js";
|
|
2
|
+
import { createPersistentVaultCoreDependencies, createVaultCoreDependencies, } from "../vault-core/index.js";
|
|
3
3
|
import { deriveVaultWorkingKeyFromPassword } from "../protocol/crypto.js";
|
|
4
4
|
import { wrapVaultCoreAsVaultService, } from "../vault-ingress/index.js";
|
|
5
5
|
import { createPrefixedStorage } from "../storage/prefix.js";
|
|
@@ -44,8 +44,14 @@ async function verifyVaultPassword(storage, vault_id, password) {
|
|
|
44
44
|
return false;
|
|
45
45
|
}
|
|
46
46
|
const vaultWorkingKey = deriveVaultWorkingKeyFromPassword(normalizedPassword, vault_id);
|
|
47
|
-
|
|
48
|
-
|
|
47
|
+
try {
|
|
48
|
+
const profile = await readVaultProfile(storage, vaultWorkingKey, vault_id);
|
|
49
|
+
return profile !== null;
|
|
50
|
+
}
|
|
51
|
+
catch {
|
|
52
|
+
// Password verification should be boolean-only and never leak low-level crypto errors.
|
|
53
|
+
return false;
|
|
54
|
+
}
|
|
49
55
|
}
|
|
50
56
|
export async function createVault(storageOrOptions, maybeOptions) {
|
|
51
57
|
const { storage: workspaceStorage, options } = resolveStorage(storageOrOptions, maybeOptions);
|
|
@@ -55,11 +61,16 @@ export async function createVault(storageOrOptions, maybeOptions) {
|
|
|
55
61
|
const vault_id = createVaultIdValue();
|
|
56
62
|
const storage = createPrefixedStorage(workspaceStorage, vaultStoragePrefix(vault_id));
|
|
57
63
|
const vaultWorkingKey = deriveVaultWorkingKeyFromPassword(options.password, vault_id);
|
|
58
|
-
const deps =
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
64
|
+
const deps = (typeof storage.getBaseDir === "function" && storage.getBaseDir())
|
|
65
|
+
? createPersistentVaultCoreDependencies(storage, {
|
|
66
|
+
...options,
|
|
67
|
+
vault_id,
|
|
68
|
+
vaultWorkingKey,
|
|
69
|
+
})
|
|
70
|
+
: createVaultCoreDependencies({
|
|
71
|
+
...options,
|
|
72
|
+
vault_id,
|
|
73
|
+
});
|
|
63
74
|
const core = createVaultCore(deps);
|
|
64
75
|
const nickname = options.nickname?.trim() ? options.nickname.trim() : undefined;
|
|
65
76
|
// Single encrypted profile block. Hold the password to see everything.
|
|
@@ -80,11 +91,16 @@ export async function recoverVault(storageOrOptions, maybeOptions) {
|
|
|
80
91
|
const { storage: workspaceStorage, options } = resolveStorage(storageOrOptions, maybeOptions);
|
|
81
92
|
const storage = createPrefixedStorage(workspaceStorage, vaultStoragePrefix(options.vault_id));
|
|
82
93
|
const vaultWorkingKey = deriveVaultWorkingKeyFromPassword(options.password, options.vault_id);
|
|
83
|
-
const deps =
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
94
|
+
const deps = (typeof storage.getBaseDir === "function" && storage.getBaseDir())
|
|
95
|
+
? createPersistentVaultCoreDependencies(storage, {
|
|
96
|
+
...options,
|
|
97
|
+
vault_id: options.vault_id,
|
|
98
|
+
vaultWorkingKey,
|
|
99
|
+
})
|
|
100
|
+
: createVaultCoreDependencies({
|
|
101
|
+
...options,
|
|
102
|
+
vault_id: options.vault_id,
|
|
103
|
+
});
|
|
88
104
|
const core = createVaultCore(deps);
|
|
89
105
|
const profile = await readVaultProfile(storage, vaultWorkingKey, options.vault_id);
|
|
90
106
|
if (!profile) {
|
|
@@ -126,7 +142,7 @@ export async function listVaults(storage) {
|
|
|
126
142
|
* Updates the metadata (like nickname) of an existing vault.
|
|
127
143
|
*/
|
|
128
144
|
export async function updateVaultMetadata(vault, options) {
|
|
129
|
-
const vault_id = vault.core.vault_id
|
|
145
|
+
const vault_id = vault.core.vault_id;
|
|
130
146
|
const vaultWorkingKey = deriveVaultWorkingKeyFromPassword(options.password, vault_id);
|
|
131
147
|
// Read current profile to preserve other fields
|
|
132
148
|
const current = await readVaultProfile(vault.storage, vaultWorkingKey, vault_id);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bootstrap.js","sourceRoot":"","sources":["../../src/runtime/bootstrap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EACL,qCAAqC,
|
|
1
|
+
{"version":3,"file":"bootstrap.js","sourceRoot":"","sources":["../../src/runtime/bootstrap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EACL,qCAAqC,EACrC,2BAA2B,GAG5B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,iCAAiC,EAAE,MAAM,uBAAuB,CAAC;AAC1E,OAAO,EACL,2BAA2B,GAG5B,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAErD,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAE/D,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAC1E,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAEhE,MAAM,4BAA4B,GAAG,CAAC,CAAC;AACvC,MAAM,gCAAgC,GAAG,KAAK,4BAA4B,EAAE,CAAC;AAE7E,SAAS,kBAAkB,CAAC,QAAgB;IAC1C,OAAO,UAAU,QAAQ,GAAG,gCAAgC,EAAE,CAAC;AACjE,CAAC;AAED,SAAS,wBAAwB,CAAC,KAAa;IAC7C,MAAM,KAAK,GAAG,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC1C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO;QACL,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;QAClB,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;KACvC,CAAC;AACJ,CAAC;AAoDD,SAAS,cAAc,CACrB,gBAAsF,EACtF,YAAuD;IAEvD,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,OAAO,GAAG,OAAO,gBAAgB,KAAK,QAAQ;YAClD,CAAC,CAAC,IAAI,iBAAiB,CAAC,gBAAgB,CAAC;YACzC,CAAC,CAAC,gBAAoC,CAAC;QACzC,OAAO;YACL,OAAO;YACP,OAAO,EAAE,YAAY;SACtB,CAAC;IACJ,CAAC;IACD,gEAAgE;IAChE,OAAO;QACL,OAAO,EAAE,sBAAsB,EAAE;QACjC,OAAO,EAAE,gBAA4D;KACtE,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,OAAyB,EAAE,QAAgB,EAAE,QAAgB;IAC9F,MAAM,kBAAkB,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC3C,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,eAAe,GAAG,iCAAiC,CAAC,kBAAkB,EAAE,QAAQ,CAAC,CAAC;IACxF,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,OAAO,EAAE,eAAe,EAAE,QAAQ,CAAC,CAAC;QAC3E,OAAO,OAAO,KAAK,IAAI,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,uFAAuF;QACvF,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAwBD,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,gBAAgE,EAChE,YAAiC;IAEjC,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,OAAO,EAAE,GAAG,cAAc,CAAC,gBAAgB,EAAE,YAAY,CAG3F,CAAC;IACF,IAAI,UAAU,IAAK,OAA8C,EAAE,CAAC;QAClE,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;IAC9E,CAAC;IACD,MAAM,QAAQ,GAAG,kBAAkB,EAAE,CAAC;IACtC,MAAM,OAAO,GAAG,qBAAqB,CAAC,gBAAgB,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC;IACtF,MAAM,eAAe,GAAG,iCAAiC,CAAC,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAEtF,MAAM,IAAI,GAAG,CAAC,OAAQ,OAAe,CAAC,UAAU,KAAK,UAAU,IAAK,OAAe,CAAC,UAAU,EAAE,CAAC;QAC/F,CAAC,CAAC,qCAAqC,CAAC,OAAc,EAAE;YACpD,GAAG,OAAO;YACV,QAAQ;YACR,eAAe;SAChB,CAAC;QACJ,CAAC,CAAC,2BAA2B,CAAC;YAC1B,GAAG,OAAO;YACV,QAAQ;SACT,CAAC,CAAC;IACP,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IAEnC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IAEhF,uEAAuE;IACvE,MAAM,iBAAiB,CAAC,OAAO,EAAE;QAC/B,QAAQ;QACR,QAAQ;QACR,GAAG,OAAO,CAAC,QAAQ;KACpB,EAAE,eAAe,EAAE,QAAQ,CAAC,CAAC;IAE9B,OAAO;QACL,IAAI;QACJ,KAAK,EAAE,2BAA2B,CAAC,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC;QACvD,QAAQ;QACR,OAAO;QACP,cAAc,EAAE,KAAK,EAAE,QAAgB,EAAE,EAAE,CAAC,mBAAmB,CAAC,OAAO,EAAE,QAAQ,EAAE,QAAQ,CAAC;KAC7F,CAAC;AACJ,CAAC;AAwBD,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,gBAAiE,EACjE,YAAkC;IAElC,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,OAAO,EAAE,GAAG,cAAc,CAAC,gBAAgB,EAAE,YAAY,CAG3F,CAAC;IACF,MAAM,OAAO,GAAG,qBAAqB,CAAC,gBAAgB,EAAE,kBAAkB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC9F,MAAM,eAAe,GAAG,iCAAiC,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC9F,MAAM,IAAI,GAAG,CAAC,OAAQ,OAAe,CAAC,UAAU,KAAK,UAAU,IAAK,OAAe,CAAC,UAAU,EAAE,CAAC;QAC/F,CAAC,CAAC,qCAAqC,CAAC,OAAc,EAAE;YACpD,GAAG,OAAO;YACV,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,eAAe;SAChB,CAAC;QACJ,CAAC,CAAC,2BAA2B,CAAC;YAC1B,GAAG,OAAO;YACV,QAAQ,EAAE,OAAO,CAAC,QAAQ;SAC3B,CAAC,CAAC;IACP,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACnC,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,OAAO,EAAE,eAAe,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IACnF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IAED,OAAO;QACL,IAAI;QACJ,KAAK,EAAE,2BAA2B,CAAC,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC;QACvD,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,OAAO;QACP,cAAc,EAAE,KAAK,EAAE,QAAgB,EAAE,EAAE,CAAC,mBAAmB,CAAC,OAAO,EAAE,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC;KACrG,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,OAAyB;IACxD,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC7C,MAAM,eAAe,GAAG,IAAI,GAAG,EAAkB,CAAC;IAClD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,wBAAwB,CAAC,KAAK,CAAC,CAAC;QAC/C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,SAAS;QACX,CAAC;QACD,MAAM,OAAO,GAAG,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACrD,IAAI,OAAO,KAAK,SAAS,IAAI,MAAM,CAAC,OAAO,GAAG,OAAO,EAAE,CAAC;YACtD,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,eAAe,CAAC,IAAI,EAAE,CAAC,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,KAAoC,EACpC,OAAgF;IAEhF,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC;IACrC,MAAM,eAAe,GAAG,iCAAiC,CAAC,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAEtF,gDAAgD;IAChD,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,KAAK,CAAC,OAAO,EAAE,eAAe,EAAE,QAAQ,CAAC,CAAC;IAEjF,MAAM,iBAAiB,CAAC,KAAK,CAAC,OAAO,EAAE;QACrC,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC;QAClB,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,OAAO,EAAE,QAAQ;QAC/C,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC;KAC5B,EAAE,eAAe,EAAE,QAAQ,CAAC,CAAC;AAChC,CAAC"}
|
package/dist/runtime/index.d.ts
CHANGED
|
@@ -14,10 +14,10 @@ export { createWorkspaceStorage, getDefaultWorkspaceDir, } from "./workspace-sto
|
|
|
14
14
|
export { createVault, recoverVault, listVaults, updateVaultMetadata, type CreateVaultOptions, type CreatedVault, type RecoverVaultOptions, type RecoveredVault, type VaultObject, type VaultMetadata, } from "./bootstrap.js";
|
|
15
15
|
export { openOwnerSession, type OwnerSession, type OpenOwnerSessionOptions, } from "./owner-session.js";
|
|
16
16
|
export { createVaultCore, VaultCore, VaultCoreError, createVaultCoreDependencies, type VaultCoreDependenciesOptions, type DefaultPolicyEngineOptions, DefaultPolicyEngine, createPersistentVaultCoreDependencies, initializeVaultCustody, recoverVaultWorkingKey, DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY, type InitializeVaultCustodyOptions, type InitializedVaultCustody, type CreatePersistentVaultCoreDependenciesOptions, PersistentVaultAgentIdentityRegistry, PersistentVaultAuditLog, PersistentVaultAgentSecretGrantRegistry, PersistentVaultSecretDestinationGrantRegistry, PersistentVaultSecretCustody, PersistentVaultSecretRepository, } from "../vault-core/index.js";
|
|
17
|
-
export type { AgentId, AgentSecretGrant, SecretDestinationGrant, GrantStatus, AgentIdentityRecord,
|
|
18
|
-
export { DispatchStatus,
|
|
17
|
+
export type { AgentId, AgentSecretGrant, SecretDestinationGrant, GrantStatus, AgentIdentityRecord, AgentRuntimeManifest, AgentRequestRecord, OwnerRequestRecord, AgentRequestResult, DispatchApprovalDecision, AuditEntry, DispatchAuthorization, DispatchInstruction, DispatchRequest, DispatchResult, PendingDispatchEvent, OwnerPendingDispatchSubscription, OwnerAuditSubscription, RequestRecord, SecretAlias, SecretId, SecretLifecycleStatus, SecretRecord, VaultPrincipal, VaultPrincipalKind, VaultId, } from "../vault-core/index.js";
|
|
18
|
+
export { DispatchStatus, } from "../vault-core/index.js";
|
|
19
19
|
export { createOwnerClient, type OwnerClient, type CreateOwnerClientOptions, type VaultAuditQueryInput, type VaultExportSecretInput, type VaultReadSecretPlaintextInput, type VaultReadAgentPrivateKeyInput, type OwnerSensitiveActionConfirmation, type OwnerSensitiveActionContext, type VaultGrantAgentSecretInput, type VaultGrantSecretDestinationInput, type VaultRevokeAgentSecretInput, type VaultRevokeSecretDestinationInput, type VaultListGrantsInput, type VaultImportAgentInput, type VaultCreateAgentInput, type OwnerAgentProvisionResult, type OwnerCreateSecretInput, type OwnerUpdateSecretInput, type OwnerRemoveSecretInput, type VaultUpdateAgentInput, type VaultListAgentsInput, type VaultListRequestsInput, type VaultGetRequestInput, type VaultListSecretsInput, type VaultIssueSessionTokenInput, type VaultRevokeSessionTokenInput, type VaultApproveDispatchInput, } from "../clients/owner/index.js";
|
|
20
|
-
export { createAgentClient, type AgentClient, type CreateAgentClientOptions, type AgentIdentity, type AgentDispatchIntent, type AgentDispatchTransport, type AgentSigner, } from "../clients/agent/index.js";
|
|
20
|
+
export { createAgentClient, type AgentClient, type CreateAgentClientOptions, type AgentIdentity, type AgentDispatchIntent, type AgentAuditTestPingInput, type AgentDispatchTransport, type AgentSigner, } from "../clients/agent/index.js";
|
|
21
21
|
export { createVaultService, type VaultService, } from "../vault-ingress/index.js";
|
|
22
22
|
export { handleVaultHttpDispatch, handleVaultAgentControlHttp, handleVaultAuditSse, handleVaultPendingDispatchSse, } from "../vault-ingress/server-utils.js";
|
|
23
23
|
export { AgentDispatchHttpTransport } from "../vault-ingress/remote-transport.js";
|
package/dist/runtime/index.js
CHANGED
|
@@ -13,7 +13,7 @@ export { createWorkspaceStorage, getDefaultWorkspaceDir, } from "./workspace-sto
|
|
|
13
13
|
export { createVault, recoverVault, listVaults, updateVaultMetadata, } from "./bootstrap.js";
|
|
14
14
|
export { openOwnerSession, } from "./owner-session.js";
|
|
15
15
|
export { createVaultCore, VaultCore, VaultCoreError, createVaultCoreDependencies, DefaultPolicyEngine, createPersistentVaultCoreDependencies, initializeVaultCustody, recoverVaultWorkingKey, DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY, PersistentVaultAgentIdentityRegistry, PersistentVaultAuditLog, PersistentVaultAgentSecretGrantRegistry, PersistentVaultSecretDestinationGrantRegistry, PersistentVaultSecretCustody, PersistentVaultSecretRepository, } from "../vault-core/index.js";
|
|
16
|
-
export { DispatchStatus,
|
|
16
|
+
export { DispatchStatus, } from "../vault-core/index.js";
|
|
17
17
|
export { createOwnerClient, } from "../clients/owner/index.js";
|
|
18
18
|
export { createAgentClient, } from "../clients/agent/index.js";
|
|
19
19
|
export { createVaultService, } from "../vault-ingress/index.js";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACxG,OAAO,EAAE,eAAe,EAAE,WAAW,EAAe,iCAAiC,EAAE,MAAM,uBAAuB,CAAC;AACrH,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAE5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EACL,cAAc,EACd,eAAe,GAIhB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,gBAAgB,EAChB,iBAAiB,GAElB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,WAAW,EACX,YAAY,EACZ,UAAU,EACV,mBAAmB,GAOpB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,gBAAgB,GAGjB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,eAAe,EACf,SAAS,EACT,cAAc,EACd,2BAA2B,EAG3B,mBAAmB,EACnB,qCAAqC,EACrC,sBAAsB,EACtB,sBAAsB,EACtB,kCAAkC,EAIlC,oCAAoC,EACpC,uBAAuB,EACvB,uCAAuC,EACvC,6CAA6C,EAE7C,4BAA4B,EAC5B,+BAA+B,GAChC,MAAM,wBAAwB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACxG,OAAO,EAAE,eAAe,EAAE,WAAW,EAAe,iCAAiC,EAAE,MAAM,uBAAuB,CAAC;AACrH,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAE5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EACL,cAAc,EACd,eAAe,GAIhB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,gBAAgB,EAChB,iBAAiB,GAElB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,WAAW,EACX,YAAY,EACZ,UAAU,EACV,mBAAmB,GAOpB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,gBAAgB,GAGjB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,eAAe,EACf,SAAS,EACT,cAAc,EACd,2BAA2B,EAG3B,mBAAmB,EACnB,qCAAqC,EACrC,sBAAsB,EACtB,sBAAsB,EACtB,kCAAkC,EAIlC,oCAAoC,EACpC,uBAAuB,EACvB,uCAAuC,EACvC,6CAA6C,EAE7C,4BAA4B,EAC5B,+BAA+B,GAChC,MAAM,wBAAwB,CAAC;AAgChC,OAAO,EACL,cAAc,GACf,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,iBAAiB,GA6BlB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,iBAAiB,GAQlB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,kBAAkB,GAEnB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,uBAAuB,EACvB,2BAA2B,EAC3B,mBAAmB,EACnB,6BAA6B,GAC9B,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,0BAA0B,EAAE,MAAM,sCAAsC,CAAC;AAClF,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC"}
|
package/dist/storage/prefix.d.ts
CHANGED
|
@@ -3,7 +3,7 @@ export declare class PrefixStorageProvider implements IStorageProvider {
|
|
|
3
3
|
private readonly base;
|
|
4
4
|
private readonly prefix;
|
|
5
5
|
constructor(base: IStorageProvider, prefix: string);
|
|
6
|
-
getBaseDir(): string;
|
|
6
|
+
getBaseDir?(): string;
|
|
7
7
|
private key;
|
|
8
8
|
read(key: string): Promise<Buffer | null>;
|
|
9
9
|
write(key: string, data: Buffer): Promise<void>;
|
package/dist/storage/prefix.js
CHANGED
|
@@ -10,10 +10,10 @@ export class PrefixStorageProvider {
|
|
|
10
10
|
this.prefix = prefix;
|
|
11
11
|
}
|
|
12
12
|
getBaseDir() {
|
|
13
|
-
if (this.base.getBaseDir) {
|
|
13
|
+
if (typeof this.base.getBaseDir === 'function') {
|
|
14
14
|
return path.join(this.base.getBaseDir(), this.prefix);
|
|
15
15
|
}
|
|
16
|
-
return
|
|
16
|
+
return undefined; // Trigger falsy check in bootstrap
|
|
17
17
|
}
|
|
18
18
|
key(key) {
|
|
19
19
|
return joinPrefix(this.prefix, key);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"prefix.js","sourceRoot":"","sources":["../../src/storage/prefix.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAGlC,SAAS,UAAU,CAAC,MAAc,EAAE,GAAW;IAC7C,OAAO,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;AAC3C,CAAC;AAED,MAAM,OAAO,qBAAqB;IAEb;IACA;IAFnB,YACmB,IAAsB,EACtB,MAAc;QADd,SAAI,GAAJ,IAAI,CAAkB;QACtB,WAAM,GAAN,MAAM,CAAQ;IAC9B,CAAC;IAEJ,UAAU;QACR,IAAI,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"prefix.js","sourceRoot":"","sources":["../../src/storage/prefix.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAGlC,SAAS,UAAU,CAAC,MAAc,EAAE,GAAW;IAC7C,OAAO,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;AAC3C,CAAC;AAED,MAAM,OAAO,qBAAqB;IAEb;IACA;IAFnB,YACmB,IAAsB,EACtB,MAAc;QADd,SAAI,GAAJ,IAAI,CAAkB;QACtB,WAAM,GAAN,MAAM,CAAQ;IAC9B,CAAC;IAEJ,UAAU;QACR,IAAI,OAAQ,IAAI,CAAC,IAAY,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;YACxD,OAAO,IAAI,CAAC,IAAI,CAAE,IAAI,CAAC,IAAY,CAAC,UAAU,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QACjE,CAAC;QACD,OAAO,SAAgB,CAAC,CAAC,mCAAmC;IAC9D,CAAC;IAGO,GAAG,CAAC,GAAW;QACrB,OAAO,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,CAAC,GAAW;QACd,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,GAAW,EAAE,IAAY;QAC7B,OAAO,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;IAC9C,CAAC;IAED,MAAM,CAAC,GAAW;QAChB,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IACzC,CAAC;IAED,GAAG,CAAC,GAAW;QACb,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IACtC,CAAC;IAED,MAAM,CAAE,OAAe,EAAE,KAAa;QACpC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;QACzE,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;IAC9D,CAAC;IAED,QAAQ,CAAK,GAAW,EAAE,IAAsB;QAC9C,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACxB,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;IACjD,CAAC;CACF;AAED,MAAM,UAAU,qBAAqB,CAAC,IAAsB,EAAE,MAAc;IAC1E,OAAO,IAAI,qBAAqB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;AACjD,CAAC"}
|
|
@@ -4,24 +4,17 @@ export interface VaultPrincipal {
|
|
|
4
4
|
kind: VaultPrincipalKind;
|
|
5
5
|
id: string;
|
|
6
6
|
}
|
|
7
|
-
export
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
export
|
|
11
|
-
|
|
12
|
-
}
|
|
13
|
-
export interface SecretAlias {
|
|
14
|
-
readonly value: string;
|
|
15
|
-
}
|
|
16
|
-
export interface SecretVersion {
|
|
17
|
-
readonly value: string;
|
|
18
|
-
}
|
|
7
|
+
export type VaultId = string;
|
|
8
|
+
export type SecretId = string;
|
|
9
|
+
export type SecretAlias = string;
|
|
10
|
+
export type SecretVersion = string;
|
|
11
|
+
export type SecretIdPreference = string;
|
|
19
12
|
export type SecretLifecycleStatus = "ACTIVE" | "SUPERSEDED" | "REMOVED";
|
|
20
13
|
export interface SecretRecord {
|
|
21
14
|
vault_id: VaultId;
|
|
22
15
|
secret_id: SecretId;
|
|
23
16
|
alias: SecretAlias;
|
|
24
|
-
version:
|
|
17
|
+
version: string;
|
|
25
18
|
lifecycle_status: SecretLifecycleStatus;
|
|
26
19
|
previousSecretId?: SecretId;
|
|
27
20
|
supersededBySecretId?: SecretId;
|
|
@@ -164,18 +157,6 @@ export interface AgentProof {
|
|
|
164
157
|
signature?: string;
|
|
165
158
|
token?: string;
|
|
166
159
|
}
|
|
167
|
-
export interface AgentVisibleSecretRecord {
|
|
168
|
-
vault_id: VaultId;
|
|
169
|
-
secret_id: SecretId;
|
|
170
|
-
alias: SecretAlias;
|
|
171
|
-
version: SecretVersion;
|
|
172
|
-
lifecycle_status: SecretLifecycleStatus;
|
|
173
|
-
issuer_id: string | null;
|
|
174
|
-
source: SecretSource;
|
|
175
|
-
created_at: string;
|
|
176
|
-
updated_at: string;
|
|
177
|
-
granted: boolean;
|
|
178
|
-
}
|
|
179
160
|
export interface AgentGetRuntimeManifestRequest {
|
|
180
161
|
vault_id: VaultId;
|
|
181
162
|
request_id: string;
|
|
@@ -201,7 +182,7 @@ export interface AgentSelfContext {
|
|
|
201
182
|
}
|
|
202
183
|
export interface AgentRuntimeManifest {
|
|
203
184
|
root_agent_id: string;
|
|
204
|
-
vault_id:
|
|
185
|
+
vault_id: VaultId;
|
|
205
186
|
vault_nickname?: string;
|
|
206
187
|
issued_at: string;
|
|
207
188
|
agent: AgentSelfContext;
|
|
@@ -223,7 +204,6 @@ export interface RequestRecord {
|
|
|
223
204
|
method: string;
|
|
224
205
|
headers?: Record<string, string>;
|
|
225
206
|
body?: string;
|
|
226
|
-
secret_alias?: string;
|
|
227
207
|
secret_id: SecretId | null;
|
|
228
208
|
};
|
|
229
209
|
response?: {
|
|
@@ -253,81 +233,9 @@ export interface OwnerPendingDispatchSubscription {
|
|
|
253
233
|
afterEventId?: string;
|
|
254
234
|
onEvent(event: PendingDispatchEvent): void;
|
|
255
235
|
}
|
|
256
|
-
export interface
|
|
257
|
-
request_id: string;
|
|
258
|
-
created_at: string;
|
|
259
|
-
reason: string;
|
|
260
|
-
target_url: string;
|
|
261
|
-
execution_status: DispatchStatus;
|
|
262
|
-
response_status?: number;
|
|
263
|
-
error?: string;
|
|
264
|
-
has_response_body: boolean;
|
|
265
|
-
secret_id?: SecretId;
|
|
236
|
+
export interface OwnerRequestRecord extends RequestRecord {
|
|
266
237
|
}
|
|
267
|
-
export interface
|
|
268
|
-
request_id: string;
|
|
269
|
-
created_at: string;
|
|
270
|
-
root_agent_id: string;
|
|
271
|
-
reason: string;
|
|
272
|
-
target_url: string;
|
|
273
|
-
execution_status: DispatchStatus;
|
|
274
|
-
response_status?: number;
|
|
275
|
-
error?: string;
|
|
276
|
-
has_response_body: boolean;
|
|
277
|
-
missing_grants?: {
|
|
278
|
-
agent_secret?: boolean;
|
|
279
|
-
secret_destination?: boolean;
|
|
280
|
-
};
|
|
281
|
-
secret_id?: SecretId;
|
|
282
|
-
}
|
|
283
|
-
export interface OwnerRequestRecord {
|
|
284
|
-
request_id: string;
|
|
285
|
-
created_at: string;
|
|
286
|
-
requested_at: string;
|
|
287
|
-
root_agent_id: string;
|
|
288
|
-
reason: string;
|
|
289
|
-
request: {
|
|
290
|
-
target_url: string;
|
|
291
|
-
method: string;
|
|
292
|
-
headers?: Record<string, string>;
|
|
293
|
-
body?: string;
|
|
294
|
-
secret_alias?: string;
|
|
295
|
-
secret_id?: SecretId;
|
|
296
|
-
};
|
|
297
|
-
response?: {
|
|
298
|
-
status?: number;
|
|
299
|
-
headers?: Record<string, string>;
|
|
300
|
-
body?: string;
|
|
301
|
-
error?: string;
|
|
302
|
-
};
|
|
303
|
-
execution_status: DispatchStatus;
|
|
304
|
-
missing_grants?: {
|
|
305
|
-
agent_secret?: boolean;
|
|
306
|
-
secret_destination?: boolean;
|
|
307
|
-
};
|
|
308
|
-
secret_id?: SecretId;
|
|
309
|
-
}
|
|
310
|
-
export interface AgentRequestRecord {
|
|
311
|
-
request_id: string;
|
|
312
|
-
created_at: string;
|
|
313
|
-
requested_at: string;
|
|
314
|
-
reason: string;
|
|
315
|
-
request: {
|
|
316
|
-
target_url: string;
|
|
317
|
-
method: string;
|
|
318
|
-
headers?: Record<string, string>;
|
|
319
|
-
body?: string;
|
|
320
|
-
secret_alias?: string;
|
|
321
|
-
secret_id?: SecretId;
|
|
322
|
-
};
|
|
323
|
-
response?: {
|
|
324
|
-
status?: number;
|
|
325
|
-
headers?: Record<string, string>;
|
|
326
|
-
body?: string;
|
|
327
|
-
error?: string;
|
|
328
|
-
};
|
|
329
|
-
execution_status: DispatchStatus;
|
|
330
|
-
secret_id?: SecretId;
|
|
238
|
+
export interface AgentRequestRecord extends RequestRecord {
|
|
331
239
|
}
|
|
332
240
|
export interface VaultToolDefinition {
|
|
333
241
|
name: string;
|
|
@@ -371,6 +279,16 @@ export interface AgentGetRequestRequest {
|
|
|
371
279
|
proof: AgentProof;
|
|
372
280
|
target_request_id: string;
|
|
373
281
|
}
|
|
282
|
+
export interface AgentAuditTestPingRequest {
|
|
283
|
+
vault_id: VaultId;
|
|
284
|
+
request_id: string;
|
|
285
|
+
requested_at: string;
|
|
286
|
+
agent: VaultPrincipal & {
|
|
287
|
+
kind: "agent";
|
|
288
|
+
};
|
|
289
|
+
proof: AgentProof;
|
|
290
|
+
label?: string;
|
|
291
|
+
}
|
|
374
292
|
export interface OwnerListRequestsRequest {
|
|
375
293
|
vault_id: VaultId;
|
|
376
294
|
request_id: string;
|
|
@@ -406,7 +324,7 @@ export interface DispatchRequest {
|
|
|
406
324
|
kind: "agent";
|
|
407
325
|
};
|
|
408
326
|
proof: AgentProof;
|
|
409
|
-
|
|
327
|
+
secret_id?: SecretId;
|
|
410
328
|
reason: string;
|
|
411
329
|
target_url: string;
|
|
412
330
|
method: string;
|
|
@@ -454,52 +372,22 @@ export interface DispatchResult {
|
|
|
454
372
|
}
|
|
455
373
|
export type AgentRequestResult = AgentRequestRecord;
|
|
456
374
|
export interface AuditQuery {
|
|
457
|
-
vault_id:
|
|
375
|
+
vault_id: VaultId;
|
|
458
376
|
actor_id?: string;
|
|
459
377
|
root_agent_id?: string;
|
|
460
|
-
|
|
461
|
-
secret_id?: string;
|
|
378
|
+
secret_id?: SecretId;
|
|
462
379
|
request_id?: string;
|
|
463
380
|
since?: string;
|
|
464
381
|
}
|
|
465
|
-
export declare enum AuditOperation {
|
|
466
|
-
IDENTITY_REGISTER = "identity.register",
|
|
467
|
-
IDENTITY_UPDATE = "identity.update",
|
|
468
|
-
IDENTITY_ISSUE_TOKEN = "identity.issue_token",
|
|
469
|
-
IDENTITY_REVOKE_TOKEN = "identity.revoke_token",
|
|
470
|
-
GRANT_SECRET = "grant.grant_secret",
|
|
471
|
-
GRANT_DESTINATION = "grant.grant_destination",
|
|
472
|
-
REVOKE_SECRET = "grant.revoke_secret",
|
|
473
|
-
REVOKE_DESTINATION = "grant.revoke_destination",
|
|
474
|
-
SECRET_WRITE = "secret.write",
|
|
475
|
-
SECRET_EXPORT = "secret.export",
|
|
476
|
-
SECRET_BATCH_EXPORT = "secret.batch_export",
|
|
477
|
-
SECRET_DELETE = "secret.delete",
|
|
478
|
-
POLICY_EVALUATE = "policy.evaluate_dispatch",
|
|
479
|
-
SECRET_DISPATCH = "secret.dispatch",
|
|
480
|
-
DISPATCH_APPROVE = "dispatch.approve",
|
|
481
|
-
DISPATCH_REJECT = "dispatch.reject",
|
|
482
|
-
DISPATCH_HOLD = "dispatch.pending_approval"
|
|
483
|
-
}
|
|
484
382
|
export interface AuditEntry {
|
|
485
383
|
event_id: string;
|
|
486
384
|
ts: string;
|
|
487
|
-
vault_id:
|
|
385
|
+
vault_id: VaultId;
|
|
488
386
|
actor: VaultPrincipal;
|
|
489
|
-
|
|
490
|
-
|
|
491
|
-
|
|
492
|
-
|
|
493
|
-
secret_alias?: string;
|
|
494
|
-
secret_id?: string;
|
|
495
|
-
root_agent_id?: string;
|
|
496
|
-
site_id?: string;
|
|
497
|
-
target?: {
|
|
498
|
-
kind: "http" | "other";
|
|
499
|
-
url: string;
|
|
500
|
-
};
|
|
501
|
-
detail: string;
|
|
502
|
-
error_code?: string | null;
|
|
387
|
+
function_name: string;
|
|
388
|
+
input: Record<string, any>;
|
|
389
|
+
output?: any;
|
|
390
|
+
error?: string;
|
|
503
391
|
}
|
|
504
392
|
export interface AgentIdentityRecord {
|
|
505
393
|
vault_id: VaultId;
|
|
@@ -533,7 +421,7 @@ export interface OwnerAuditRequest {
|
|
|
533
421
|
}
|
|
534
422
|
export interface OwnerAuditSubscription {
|
|
535
423
|
afterEventId?: string;
|
|
536
|
-
|
|
424
|
+
function_names?: readonly string[];
|
|
537
425
|
root_agent_id?: string;
|
|
538
426
|
request_id?: string;
|
|
539
427
|
onEvent(entry: AuditEntry): void;
|
|
@@ -550,7 +438,7 @@ export interface OwnerExportSecretRequest {
|
|
|
550
438
|
export interface OwnerSecretExport {
|
|
551
439
|
vault_id: VaultId;
|
|
552
440
|
secret_id: SecretId;
|
|
553
|
-
alias:
|
|
441
|
+
alias: string;
|
|
554
442
|
plaintext: string;
|
|
555
443
|
exported_at: string;
|
|
556
444
|
}
|
|
@@ -569,7 +457,7 @@ export interface OwnerListGrantsRequest {
|
|
|
569
457
|
kind: "owner";
|
|
570
458
|
};
|
|
571
459
|
root_agent_id?: string;
|
|
572
|
-
|
|
460
|
+
secret_id?: SecretId;
|
|
573
461
|
site_id?: string;
|
|
574
462
|
requested_at: string;
|
|
575
463
|
}
|
|
@@ -6,24 +6,4 @@ export var DispatchStatus;
|
|
|
6
6
|
DispatchStatus["IN_PROGRESS"] = "IN_PROGRESS";
|
|
7
7
|
DispatchStatus["AWAITING_APPROVAL"] = "AWAITING_APPROVAL";
|
|
8
8
|
})(DispatchStatus || (DispatchStatus = {}));
|
|
9
|
-
export var AuditOperation;
|
|
10
|
-
(function (AuditOperation) {
|
|
11
|
-
AuditOperation["IDENTITY_REGISTER"] = "identity.register";
|
|
12
|
-
AuditOperation["IDENTITY_UPDATE"] = "identity.update";
|
|
13
|
-
AuditOperation["IDENTITY_ISSUE_TOKEN"] = "identity.issue_token";
|
|
14
|
-
AuditOperation["IDENTITY_REVOKE_TOKEN"] = "identity.revoke_token";
|
|
15
|
-
AuditOperation["GRANT_SECRET"] = "grant.grant_secret";
|
|
16
|
-
AuditOperation["GRANT_DESTINATION"] = "grant.grant_destination";
|
|
17
|
-
AuditOperation["REVOKE_SECRET"] = "grant.revoke_secret";
|
|
18
|
-
AuditOperation["REVOKE_DESTINATION"] = "grant.revoke_destination";
|
|
19
|
-
AuditOperation["SECRET_WRITE"] = "secret.write";
|
|
20
|
-
AuditOperation["SECRET_EXPORT"] = "secret.export";
|
|
21
|
-
AuditOperation["SECRET_BATCH_EXPORT"] = "secret.batch_export";
|
|
22
|
-
AuditOperation["SECRET_DELETE"] = "secret.delete";
|
|
23
|
-
AuditOperation["POLICY_EVALUATE"] = "policy.evaluate_dispatch";
|
|
24
|
-
AuditOperation["SECRET_DISPATCH"] = "secret.dispatch";
|
|
25
|
-
AuditOperation["DISPATCH_APPROVE"] = "dispatch.approve";
|
|
26
|
-
AuditOperation["DISPATCH_REJECT"] = "dispatch.reject";
|
|
27
|
-
AuditOperation["DISPATCH_HOLD"] = "dispatch.pending_approval";
|
|
28
|
-
})(AuditOperation || (AuditOperation = {}));
|
|
29
9
|
//# sourceMappingURL=contracts.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"contracts.js","sourceRoot":"","sources":["../../src/vault-core/contracts.ts"],"names":[],"mappings":"AA+
|
|
1
|
+
{"version":3,"file":"contracts.js","sourceRoot":"","sources":["../../src/vault-core/contracts.ts"],"names":[],"mappings":"AA+WA,MAAM,CAAN,IAAY,cAMX;AAND,WAAY,cAAc;IACxB,yCAAuB,CAAA;IACvB,mCAAiB,CAAA;IACjB,mCAAiB,CAAA;IACjB,6CAA2B,CAAA;IAC3B,yDAAuC,CAAA;AACzC,CAAC,EANW,cAAc,KAAd,cAAc,QAMzB"}
|
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
import { type AgentIdentityRecord, type AgentRuntimeManifest, type
|
|
1
|
+
import { type AgentIdentityRecord, type AgentRuntimeManifest, type AgentRequestRecord, type AuditEntry, type AuditQuery, type DispatchAuthorization, type DispatchRequest, type DispatchResult, type OwnerPendingDispatchSubscription, type OwnerAuditSubscription, type OwnerRequestRecord, type SecretId, type SecretRecord, type VaultId, type VaultPrincipal, type AgentSecretGrant, type SecretDestinationGrant, type DispatchApprovalDecision, type OwnerCreateSecretCommand, type OwnerUpdateSecretCommand, type OwnerSecretExport } from "./contracts.js";
|
|
2
2
|
import type { VaultCoreDependencies } from "./ports.js";
|
|
3
3
|
export declare class VaultCore {
|
|
4
4
|
private readonly _deps;
|
|
5
5
|
constructor(deps: VaultCoreDependencies);
|
|
6
|
-
get vault_id():
|
|
6
|
+
get vault_id(): string;
|
|
7
7
|
private _assertOwnerPrincipal;
|
|
8
8
|
private _appendAudit;
|
|
9
9
|
private _verifyAgentControlProof;
|
|
@@ -53,7 +53,7 @@ export declare class VaultCore {
|
|
|
53
53
|
proof: any;
|
|
54
54
|
request_id: string;
|
|
55
55
|
requested_at: string;
|
|
56
|
-
}): Promise<readonly
|
|
56
|
+
}): Promise<readonly SecretRecord[]>;
|
|
57
57
|
agentListRequests(command: {
|
|
58
58
|
agent: VaultPrincipal & {
|
|
59
59
|
kind: "agent";
|
|
@@ -61,7 +61,7 @@ export declare class VaultCore {
|
|
|
61
61
|
proof: any;
|
|
62
62
|
request_id: string;
|
|
63
63
|
requested_at: string;
|
|
64
|
-
}): Promise<readonly
|
|
64
|
+
}): Promise<readonly AgentRequestRecord[]>;
|
|
65
65
|
agentGetRequest(command: {
|
|
66
66
|
agent: VaultPrincipal & {
|
|
67
67
|
kind: "agent";
|
|
@@ -71,6 +71,15 @@ export declare class VaultCore {
|
|
|
71
71
|
requested_at: string;
|
|
72
72
|
target_request_id: string;
|
|
73
73
|
}): Promise<AgentRequestRecord>;
|
|
74
|
+
agentAuditTestPing(command: {
|
|
75
|
+
agent: VaultPrincipal & {
|
|
76
|
+
kind: "agent";
|
|
77
|
+
};
|
|
78
|
+
proof: any;
|
|
79
|
+
request_id: string;
|
|
80
|
+
requested_at: string;
|
|
81
|
+
label?: string;
|
|
82
|
+
}): Promise<AuditEntry>;
|
|
74
83
|
ownerRegisterAgentIdentity(command: {
|
|
75
84
|
vault_id: VaultId;
|
|
76
85
|
request_id: string;
|
|
@@ -108,13 +117,13 @@ export declare class VaultCore {
|
|
|
108
117
|
}): Promise<readonly AgentIdentityRecord[]>;
|
|
109
118
|
ownerListRequests(actor: VaultPrincipal & {
|
|
110
119
|
kind: "owner";
|
|
111
|
-
}, root_agent_id?: string): Promise<readonly
|
|
120
|
+
}, root_agent_id?: string): Promise<readonly OwnerRequestRecord[]>;
|
|
112
121
|
ownerGetRequest(actor: VaultPrincipal & {
|
|
113
122
|
kind: "owner";
|
|
114
123
|
}, request_id: string): Promise<OwnerRequestRecord>;
|
|
115
124
|
ownerListSecrets(actor: VaultPrincipal & {
|
|
116
125
|
kind: "owner";
|
|
117
|
-
}): Promise<readonly
|
|
126
|
+
}): Promise<readonly SecretRecord[]>;
|
|
118
127
|
ownerIssueSessionToken(request: {
|
|
119
128
|
vault_id: VaultId;
|
|
120
129
|
actor: VaultPrincipal;
|
|
@@ -141,9 +150,8 @@ export declare class VaultCore {
|
|
|
141
150
|
private _recordRequestInternal;
|
|
142
151
|
private _createInitialRequestRecord;
|
|
143
152
|
private _updateRequestRecordInternal;
|
|
144
|
-
private toAgentVisibleRequestRecord;
|
|
145
|
-
private toOwnerVisibleRequestRecord;
|
|
146
|
-
private toOwnerRequestRecord;
|
|
147
153
|
private toAgentRequestRecord;
|
|
154
|
+
private toOwnerRequestRecord;
|
|
155
|
+
private _appendAuditEntry;
|
|
148
156
|
}
|
|
149
157
|
export declare function createVaultCore(deps: VaultCoreDependencies): VaultCore;
|