@the-ai-company/cbio-node-runtime 1.72.0 → 1.74.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +20 -35
- package/dist/clients/agent/client.d.ts +7 -6
- package/dist/clients/agent/client.js +32 -16
- package/dist/clients/agent/client.js.map +1 -1
- package/dist/clients/agent/contracts.d.ts +9 -4
- package/dist/clients/agent/index.d.ts +1 -1
- package/dist/clients/owner/client.js +19 -19
- package/dist/clients/owner/client.js.map +1 -1
- package/dist/clients/owner/contracts.d.ts +2 -2
- package/dist/public-types.d.ts +3 -3
- package/dist/public-types.js +1 -1
- package/dist/public-types.js.map +1 -1
- package/dist/runtime/bootstrap.js +30 -14
- package/dist/runtime/bootstrap.js.map +1 -1
- package/dist/runtime/index.d.ts +3 -3
- package/dist/runtime/index.js +1 -1
- package/dist/runtime/index.js.map +1 -1
- package/dist/storage/prefix.d.ts +1 -1
- package/dist/storage/prefix.js +2 -2
- package/dist/storage/prefix.js.map +1 -1
- package/dist/vault-core/contracts.d.ts +30 -142
- package/dist/vault-core/contracts.js +0 -20
- package/dist/vault-core/contracts.js.map +1 -1
- package/dist/vault-core/core.d.ts +17 -9
- package/dist/vault-core/core.js +85 -225
- package/dist/vault-core/core.js.map +1 -1
- package/dist/vault-core/defaults.d.ts +2 -4
- package/dist/vault-core/defaults.js +50 -47
- package/dist/vault-core/defaults.js.map +1 -1
- package/dist/vault-core/index.d.ts +2 -2
- package/dist/vault-core/index.js +1 -1
- package/dist/vault-core/index.js.map +1 -1
- package/dist/vault-core/persistence.d.ts +2 -4
- package/dist/vault-core/persistence.js +82 -85
- package/dist/vault-core/persistence.js.map +1 -1
- package/dist/vault-core/ports.d.ts +2 -4
- package/dist/vault-ingress/defaults.d.ts +3 -2
- package/dist/vault-ingress/defaults.js +6 -3
- package/dist/vault-ingress/defaults.js.map +1 -1
- package/dist/vault-ingress/index.d.ts +14 -5
- package/dist/vault-ingress/index.js +23 -29
- package/dist/vault-ingress/index.js.map +1 -1
- package/dist/vault-ingress/remote-transport.d.ts +3 -2
- package/dist/vault-ingress/remote-transport.js +19 -7
- package/dist/vault-ingress/remote-transport.js.map +1 -1
- package/dist/vault-ingress/server-utils.d.ts +1 -2
- package/dist/vault-ingress/server-utils.js +1 -1
- package/dist/vault-ingress/server-utils.js.map +1 -1
- package/docs/ARCHITECTURE.md +16 -14
- package/docs/REFERENCE.md +20 -37
- package/docs/api/README.md +6 -9
- package/docs/api/classes/IdentityError.md +1 -1
- package/docs/api/classes/OwnerClientError.md +1 -1
- package/docs/api/classes/PersistentVaultAgentIdentityRegistry.md +3 -3
- package/docs/api/classes/PersistentVaultAgentSecretGrantRegistry.md +6 -6
- package/docs/api/classes/PersistentVaultAuditLog.md +2 -2
- package/docs/api/classes/PersistentVaultSecretCustody.md +4 -4
- package/docs/api/classes/PersistentVaultSecretDestinationGrantRegistry.md +7 -7
- package/docs/api/classes/PersistentVaultSecretRepository.md +4 -6
- package/docs/api/classes/VaultCore.md +55 -21
- package/docs/api/classes/VaultCoreError.md +1 -1
- package/docs/api/enumerations/DispatchStatus.md +1 -1
- package/docs/api/enumerations/IdentityErrorCode.md +1 -1
- package/docs/api/enumerations/OwnerClientErrorCode.md +1 -1
- package/docs/api/functions/createAgentClient.md +1 -3
- package/docs/api/functions/createIdentity.md +1 -1
- package/docs/api/functions/createOwnerClient.md +1 -1
- package/docs/api/functions/createPersistentVaultCoreDependencies.md +1 -1
- package/docs/api/functions/createVault.md +1 -1
- package/docs/api/functions/createVaultCore.md +1 -1
- package/docs/api/functions/createVaultCoreDependencies.md +1 -1
- package/docs/api/functions/createVaultService.md +1 -1
- package/docs/api/functions/createWorkspaceStorage.md +1 -1
- package/docs/api/functions/deriveRootAgentId.md +1 -1
- package/docs/api/functions/deriveVaultWorkingKeyFromPassword.md +1 -1
- package/docs/api/functions/getDefaultWorkspaceDir.md +1 -1
- package/docs/api/functions/handleVaultAgentControlHttp.md +1 -1
- package/docs/api/functions/handleVaultAuditSse.md +1 -1
- package/docs/api/functions/handleVaultHttpDispatch.md +1 -1
- package/docs/api/functions/handleVaultPendingDispatchSse.md +1 -1
- package/docs/api/functions/initializeVaultCustody.md +1 -1
- package/docs/api/functions/listVaults.md +1 -1
- package/docs/api/functions/openOwnerSession.md +1 -1
- package/docs/api/functions/readVaultProfile.md +1 -1
- package/docs/api/functions/recoverVault.md +1 -1
- package/docs/api/functions/recoverVaultWorkingKey.md +1 -1
- package/docs/api/functions/restoreIdentity.md +1 -1
- package/docs/api/functions/updateVaultMetadata.md +1 -1
- package/docs/api/functions/writeVaultProfile.md +1 -1
- package/docs/api/interfaces/AgentAuditTestPingInput.md +17 -0
- package/docs/api/interfaces/AgentClient.md +23 -5
- package/docs/api/interfaces/AgentDispatchIntent.md +1 -1
- package/docs/api/interfaces/AgentDispatchTransport.md +21 -5
- package/docs/api/interfaces/AgentIdentity.md +1 -1
- package/docs/api/interfaces/AgentIdentityRecord.md +2 -2
- package/docs/api/interfaces/AgentRequestRecord.md +93 -11
- package/docs/api/interfaces/AgentRuntimeManifest.md +1 -1
- package/docs/api/interfaces/AgentSecretGrant.md +3 -3
- package/docs/api/interfaces/AgentSigner.md +1 -1
- package/docs/api/interfaces/AuditEntry.md +9 -59
- package/docs/api/interfaces/CbioRuntime.md +1 -3
- package/docs/api/interfaces/CreateAgentClientOptions.md +1 -1
- package/docs/api/interfaces/CreateIdentityOptions.md +1 -1
- package/docs/api/interfaces/CreateOwnerClientOptions.md +1 -1
- package/docs/api/interfaces/CreatePersistentVaultCoreDependenciesOptions.md +1 -1
- package/docs/api/interfaces/CreateVaultOptions.md +1 -1
- package/docs/api/interfaces/CreatedVault.md +1 -1
- package/docs/api/interfaces/DefaultPolicyEngineOptions.md +1 -1
- package/docs/api/interfaces/DispatchAuthorization.md +3 -3
- package/docs/api/interfaces/DispatchInstruction.md +3 -3
- package/docs/api/interfaces/DispatchRequest.md +4 -4
- package/docs/api/interfaces/DispatchResult.md +2 -2
- package/docs/api/interfaces/IStorageProvider.md +1 -1
- package/docs/api/interfaces/InitializeVaultCustodyOptions.md +1 -1
- package/docs/api/interfaces/InitializedVaultCustody.md +1 -1
- package/docs/api/interfaces/OpenOwnerSessionOptions.md +1 -1
- package/docs/api/interfaces/OwnerAgentProvisionResult.md +1 -1
- package/docs/api/interfaces/OwnerAuditSubscription.md +3 -3
- package/docs/api/interfaces/OwnerClient.md +5 -5
- package/docs/api/interfaces/OwnerCreateSecretInput.md +1 -1
- package/docs/api/interfaces/OwnerPendingDispatchSubscription.md +1 -1
- package/docs/api/interfaces/OwnerRemoveSecretInput.md +1 -1
- package/docs/api/interfaces/OwnerRequestRecord.md +73 -11
- package/docs/api/interfaces/OwnerSensitiveActionConfirmation.md +1 -1
- package/docs/api/interfaces/OwnerSensitiveActionContext.md +1 -1
- package/docs/api/interfaces/OwnerSession.md +1 -1
- package/docs/api/interfaces/OwnerUpdateSecretInput.md +1 -1
- package/docs/api/interfaces/PendingDispatchEvent.md +1 -1
- package/docs/api/interfaces/RecoverVaultOptions.md +1 -1
- package/docs/api/interfaces/RecoveredVault.md +1 -1
- package/docs/api/interfaces/RequestRecord.md +8 -7
- package/docs/api/interfaces/RestoreIdentityOptions.md +1 -1
- package/docs/api/interfaces/SecretDestinationGrant.md +3 -3
- package/docs/api/interfaces/SecretRecord.md +7 -7
- package/docs/api/interfaces/Signer.md +1 -1
- package/docs/api/interfaces/VaultApproveDispatchInput.md +1 -1
- package/docs/api/interfaces/VaultAuditQueryInput.md +1 -1
- package/docs/api/interfaces/VaultCoreDependenciesOptions.md +1 -1
- package/docs/api/interfaces/VaultCreateAgentInput.md +1 -1
- package/docs/api/interfaces/VaultExportSecretInput.md +1 -1
- package/docs/api/interfaces/VaultGetRequestInput.md +1 -1
- package/docs/api/interfaces/VaultGrantAgentSecretInput.md +1 -1
- package/docs/api/interfaces/VaultGrantSecretDestinationInput.md +1 -1
- package/docs/api/interfaces/VaultImportAgentInput.md +1 -1
- package/docs/api/interfaces/VaultIssueSessionTokenInput.md +1 -1
- package/docs/api/interfaces/VaultListAgentsInput.md +1 -1
- package/docs/api/interfaces/VaultListGrantsInput.md +1 -1
- package/docs/api/interfaces/VaultListRequestsInput.md +1 -1
- package/docs/api/interfaces/VaultListSecretsInput.md +1 -1
- package/docs/api/interfaces/VaultMetadata.md +1 -1
- package/docs/api/interfaces/VaultObject.md +1 -1
- package/docs/api/interfaces/VaultPrincipal.md +1 -1
- package/docs/api/interfaces/VaultProfile.md +1 -1
- package/docs/api/interfaces/VaultReadAgentPrivateKeyInput.md +1 -1
- package/docs/api/interfaces/VaultReadSecretPlaintextInput.md +1 -1
- package/docs/api/interfaces/VaultRevokeAgentSecretInput.md +1 -1
- package/docs/api/interfaces/VaultRevokeSecretDestinationInput.md +1 -1
- package/docs/api/interfaces/VaultRevokeSessionTokenInput.md +1 -1
- package/docs/api/interfaces/VaultService.md +28 -12
- package/docs/api/interfaces/VaultUpdateAgentInput.md +1 -1
- package/docs/api/type-aliases/AgentId.md +1 -1
- package/docs/api/type-aliases/AgentRequestResult.md +1 -1
- package/docs/api/type-aliases/CbioRuntimeModule.md +1 -1
- package/docs/api/type-aliases/DispatchApprovalDecision.md +1 -1
- package/docs/api/type-aliases/GrantStatus.md +1 -1
- package/docs/api/type-aliases/SecretAlias.md +7 -0
- package/docs/api/type-aliases/SecretId.md +7 -0
- package/docs/api/type-aliases/SecretLifecycleStatus.md +1 -1
- package/docs/api/type-aliases/VaultId.md +7 -0
- package/docs/api/type-aliases/VaultPrincipalKind.md +1 -1
- package/docs/api/variables/DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY.md +1 -1
- package/docs/zh/README.md +33 -66
- package/package.json +1 -1
- package/docs/api/enumerations/AuditOperation.md +0 -107
- package/docs/api/interfaces/AgentVisibleRequestRecord.md +0 -59
- package/docs/api/interfaces/AgentVisibleSecretRecord.md +0 -65
- package/docs/api/interfaces/OwnerVisibleRequestRecord.md +0 -79
- package/docs/api/interfaces/SecretAlias.md +0 -11
- package/docs/api/interfaces/SecretId.md +0 -11
- package/docs/api/interfaces/VaultId.md +0 -11
|
@@ -54,31 +54,19 @@ class LocalVaultService {
|
|
|
54
54
|
return this._authority.ownerListSecrets(request.owner);
|
|
55
55
|
}
|
|
56
56
|
async ownerGrantAgentSecret(request) {
|
|
57
|
-
|
|
58
|
-
if (!secret_id)
|
|
59
|
-
throw new Error("secret_id required for grant");
|
|
60
|
-
return this._authority.ownerGrantAgentSecret(request.actor, request.root_agent_id, secret_id, request);
|
|
57
|
+
return this._authority.ownerGrantAgentSecret(request.actor, request.root_agent_id, request.secret_id, request);
|
|
61
58
|
}
|
|
62
59
|
async ownerGrantSecretDestination(request) {
|
|
63
|
-
|
|
64
|
-
if (!secret_id)
|
|
65
|
-
throw new Error("secret_id required for grant");
|
|
66
|
-
return this._authority.ownerGrantSecretDestination(request.actor, secret_id, request.site_id, request);
|
|
60
|
+
return this._authority.ownerGrantSecretDestination(request.actor, request.secret_id, request.site_id, request);
|
|
67
61
|
}
|
|
68
62
|
async ownerRevokeAgentSecret(request) {
|
|
69
|
-
|
|
70
|
-
if (!secret_id)
|
|
71
|
-
throw new Error("secret_id required for grant");
|
|
72
|
-
return this._authority.ownerRevokeAgentSecret(request.actor, request.root_agent_id, secret_id, request);
|
|
63
|
+
return this._authority.ownerRevokeAgentSecret(request.actor, request.root_agent_id, request.secret_id, request);
|
|
73
64
|
}
|
|
74
65
|
async ownerRevokeSecretDestination(request) {
|
|
75
|
-
|
|
76
|
-
if (!secret_id)
|
|
77
|
-
throw new Error("secret_id required for grant");
|
|
78
|
-
return this._authority.ownerRevokeSecretDestination(request.actor, secret_id, request.site_id, request);
|
|
66
|
+
return this._authority.ownerRevokeSecretDestination(request.actor, request.secret_id, request.site_id, request);
|
|
79
67
|
}
|
|
80
68
|
async ownerListGrants(request) {
|
|
81
|
-
const secret_id = request.secret_id;
|
|
69
|
+
const secret_id = request.secret_id; // Using request.secret_id from the new unified types
|
|
82
70
|
return this._authority.ownerListGrants(request.actor, request.root_agent_id, secret_id);
|
|
83
71
|
}
|
|
84
72
|
ownerIssueSessionToken(request) {
|
|
@@ -114,10 +102,13 @@ class LocalVaultService {
|
|
|
114
102
|
agentGetRuntimeManifest(request) {
|
|
115
103
|
return this._authority.agentGetRuntimeManifest(request);
|
|
116
104
|
}
|
|
105
|
+
agentAuditTestPing(request) {
|
|
106
|
+
return this._authority.agentAuditTestPing(request);
|
|
107
|
+
}
|
|
117
108
|
async agentHandleDispatch(request) {
|
|
118
109
|
try {
|
|
119
110
|
const result = await this._authority.agentDispatchSecret({
|
|
120
|
-
vault_id:
|
|
111
|
+
vault_id: request.vault_id,
|
|
121
112
|
request_id: request.request_id,
|
|
122
113
|
requested_at: request.requested_at,
|
|
123
114
|
agent: { kind: "agent", id: request.root_agent_id },
|
|
@@ -129,7 +120,7 @@ class LocalVaultService {
|
|
|
129
120
|
requested_at: request.requested_at,
|
|
130
121
|
},
|
|
131
122
|
reason: request.reason,
|
|
132
|
-
|
|
123
|
+
secret_id: request.secret_id,
|
|
133
124
|
target_url: request.target_url,
|
|
134
125
|
method: request.method,
|
|
135
126
|
headers: request.headers,
|
|
@@ -150,7 +141,7 @@ class LocalVaultService {
|
|
|
150
141
|
async agentHandleControl(request) {
|
|
151
142
|
try {
|
|
152
143
|
const base = {
|
|
153
|
-
vault_id:
|
|
144
|
+
vault_id: request.vault_id,
|
|
154
145
|
request_id: request.request_id,
|
|
155
146
|
requested_at: request.requested_at,
|
|
156
147
|
agent: { kind: "agent", id: request.root_agent_id },
|
|
@@ -176,6 +167,9 @@ class LocalVaultService {
|
|
|
176
167
|
case "get_manifest":
|
|
177
168
|
result = await this.agentGetRuntimeManifest(base);
|
|
178
169
|
break;
|
|
170
|
+
case "audit_test_ping":
|
|
171
|
+
result = await this.agentAuditTestPing({ ...base, label: request.label });
|
|
172
|
+
break;
|
|
179
173
|
}
|
|
180
174
|
return { ok: true, result };
|
|
181
175
|
}
|
|
@@ -189,31 +183,31 @@ class LocalVaultService {
|
|
|
189
183
|
let result;
|
|
190
184
|
switch (request.action) {
|
|
191
185
|
case "list_agents":
|
|
192
|
-
result = await this.ownerListAgents({ vault_id:
|
|
186
|
+
result = await this.ownerListAgents({ vault_id: request.vault_id, actor: { kind: "owner", id: request.actor_id || "owner" }, request_id: "internal", requested_at: new Date().toISOString() });
|
|
193
187
|
break;
|
|
194
188
|
case "list_requests":
|
|
195
|
-
result = await this.ownerListRequests({ vault_id:
|
|
189
|
+
result = await this.ownerListRequests({ vault_id: request.vault_id, actor: { kind: "owner", id: request.actor_id || "owner" }, root_agent_id: request.root_agent_id, request_id: "internal", requested_at: new Date().toISOString() });
|
|
196
190
|
break;
|
|
197
191
|
case "get_request":
|
|
198
|
-
result = await this.ownerGetRequest({ vault_id:
|
|
192
|
+
result = await this.ownerGetRequest({ vault_id: request.vault_id, actor: { kind: "owner", id: request.actor_id || "owner" }, target_request_id: request.request_id, request_id: "internal", requested_at: new Date().toISOString() });
|
|
199
193
|
break;
|
|
200
194
|
case "list_secrets":
|
|
201
|
-
result = await this.ownerListSecrets({ vault_id:
|
|
195
|
+
result = await this.ownerListSecrets({ vault_id: request.vault_id, owner: { kind: "owner", id: request.actor_id || "owner" } });
|
|
202
196
|
break;
|
|
203
197
|
case "list_grants":
|
|
204
|
-
result = await this.ownerListGrants({ vault_id:
|
|
198
|
+
result = await this.ownerListGrants({ vault_id: request.vault_id, actor: { kind: "owner", id: request.actor_id || "owner" }, root_agent_id: request.root_agent_id, secret_id: request.secret_alias, request_id: "internal", requested_at: new Date().toISOString() });
|
|
205
199
|
break;
|
|
206
200
|
case "approve_dispatch":
|
|
207
|
-
result = await this.ownerApproveDispatch({ vault_id:
|
|
201
|
+
result = await this.ownerApproveDispatch({ vault_id: request.vault_id, actor: { kind: "owner", id: request.actor_id || "owner" }, request_id: request.request_id, decision: request.decision, requested_at: new Date().toISOString() });
|
|
208
202
|
break;
|
|
209
203
|
case "create_secret":
|
|
210
|
-
result = await this.ownerCreateSecret({ kind: "owner.create_secret", vault_id:
|
|
204
|
+
result = await this.ownerCreateSecret({ kind: "owner.create_secret", vault_id: request.vault_id, owner: actor, request_id: "internal", alias: request.alias, plaintext: request.plaintext, requested_at: request.requested_at || new Date().toISOString() });
|
|
211
205
|
break;
|
|
212
206
|
case "update_secret":
|
|
213
|
-
result = await this.ownerUpdateSecret({ kind: "owner.update_secret", vault_id:
|
|
207
|
+
result = await this.ownerUpdateSecret({ kind: "owner.update_secret", vault_id: request.vault_id, owner: actor, request_id: "internal", alias: request.alias, new_alias: request.new_alias, plaintext: request.plaintext, requested_at: request.requested_at || new Date().toISOString() });
|
|
214
208
|
break;
|
|
215
209
|
case "remove_secret":
|
|
216
|
-
await this.ownerRemoveSecret({ kind: "owner.remove_secret", vault_id:
|
|
210
|
+
await this.ownerRemoveSecret({ kind: "owner.remove_secret", vault_id: request.vault_id, owner: actor, request_id: "internal", alias: request.alias, requested_at: request.requested_at || new Date().toISOString() });
|
|
217
211
|
result = { ok: true };
|
|
218
212
|
break;
|
|
219
213
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/vault-ingress/index.ts"],"names":[],"mappings":"AA4BA,SAAS,wBAAwB,CAAC,KAAc;IAC9C,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QAC1C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,wBAAwB,CAAC,KAAK,CAAC,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,wBAAwB,CAAC,KAAK,CAAC,CAAC,CAAC,CACpF,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/vault-ingress/index.ts"],"names":[],"mappings":"AA4BA,SAAS,wBAAwB,CAAC,KAAc;IAC9C,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QAC1C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,wBAAwB,CAAC,KAAK,CAAC,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,wBAAwB,CAAC,KAAK,CAAC,CAAC,CAAC,CACpF,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAwID,MAAM,iBAAiB;IAEF;IACA;IAFnB,YACmB,UAAqB,EACrB,aAA2B,KAAK;QADhC,eAAU,GAAV,UAAU,CAAW;QACrB,eAAU,GAAV,UAAU,CAAsB;IAChD,CAAC;IAEJ,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;IAClC,CAAC;IAED,0BAA0B,CAAC,OAA0C;QACnE,OAAO,IAAI,CAAC,UAAU,CAAC,0BAA0B,CAAC,OAAO,CAAC,CAAC;IAC7D,CAAC;IAED,wBAAwB,CAAC,OAAyE;QAChG,OAAO,IAAI,CAAC,UAAU,CAAC,wBAAwB,CAAC,OAAO,CAAC,CAAC;IAC3D,CAAC;IAID,iBAAiB,CAAC,OAAkE;QAClF,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACpD,CAAC;IAED,iBAAiB,CAAC,OAAkE;QAClF,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACpD,CAAC;IAED,iBAAiB,CAAC,OAAkE;QAClF,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACpD,CAAC;IAED,cAAc,CAAC,OAA0B;QACvC,OAAO,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IAC7E,CAAC;IAED,iBAAiB,CAAC,OAAiC;QACjD,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IAChF,CAAC;IAED,eAAe,CAAC,OAA+B;QAC7C,OAAO,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IACxD,CAAC;IAED,iBAAiB,CAAC,OAAkE;QAClF,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IACxF,CAAC;IAED,eAAe,CAAC,OAAgE;QAC9E,OAAO,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAC1F,CAAC;IAED,gBAAgB,CAAC,OAA0E;QACzF,OAAO,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,KAAY,CAAC,CAAC;IAChE,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,OAAsE;QAChG,OAAO,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IACxH,CAAC;IAED,KAAK,CAAC,2BAA2B,CAAC,OAA4E;QAC5G,OAAO,IAAI,CAAC,UAAU,CAAC,2BAA2B,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACxH,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,OAAuE;QAClG,OAAO,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IACzH,CAAC;IAED,KAAK,CAAC,4BAA4B,CAAC,OAA6E;QAC9G,OAAO,IAAI,CAAC,UAAU,CAAC,4BAA4B,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACzH,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,OAAgE;QAIpF,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,qDAAqD;QAC1F,OAAO,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;IACjG,CAAC;IAED,sBAAsB,CAAC,OAAuE;QAC5F,OAAO,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;IACzD,CAAC;IAED,+BAA+B,CAAC,KAAyC;QACvE,OAAO,IAAI,CAAC,UAAU,CAAC,+BAA+B,CAAC,KAAK,CAAC,CAAC;IAChE,CAAC;IAED,uBAAuB,CAAC,OAAwF;QAC9G,OAAO,IAAI,CAAC,UAAU,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;IAC1D,CAAC;IAED,aAAa,CAAC,OAAwB;QACpC,OAAO,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;IACtD,CAAC;IAED,oBAAoB,CAAC,OAAqE;QACxF,OAAO,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAAC,OAAO,CAAC,KAAY,EAAE,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC1G,CAAC;IAED,sBAAsB,CAAC,YAA+E;QACpG,OAAO,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC,YAAY,CAAC,CAAC;IAC9D,CAAC;IACD,YAAY,CAAC,YAAqE;QAChF,OAAO,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;IACpD,CAAC;IAED,gBAAgB,CAAC,OAAiE;QAChF,OAAO,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACnD,CAAC;IAED,iBAAiB,CAAC,OAAkE;QAClF,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACpD,CAAC;IAED,eAAe,CAAC,OAAgE;QAC9E,OAAO,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;IAClD,CAAC;IAED,uBAAuB,CAAC,OAAwE;QAC9F,OAAO,IAAI,CAAC,UAAU,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;IAC1D,CAAC;IAED,kBAAkB,CAAC,OAAmE;QACpF,OAAO,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;IACrD,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,OAAkC;QAC1D,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC;gBACvD,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,aAAa,EAAE;gBACnD,KAAK,EAAE;oBACL,aAAa,EAAE,OAAO,CAAC,aAAa;oBACpC,SAAS,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS;oBAClC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK;oBAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;iBACnC;gBACD,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,IAAI,EAAE,OAAO,CAAC,IAAI;aACnB,CAAC,CAAC;YACH,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QAC9B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE;oBACL,IAAI,EAAG,KAAa,CAAC,IAAI,IAAI,uBAAuB;oBACpD,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;iBAChE;aACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,OAAiC;QACxD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG;gBACX,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,KAAK,EAAE,EAAE,IAAI,EAAE,OAAgB,EAAE,EAAE,EAAE,OAAO,CAAC,aAAa,EAAE;gBAC5D,KAAK,EAAE;oBACL,aAAa,EAAE,OAAO,CAAC,aAAa;oBACpC,SAAS,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS;oBAClC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK;oBAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;iBACnC;aACF,CAAC;YACF,IAAI,MAAW,CAAC;YAChB,QAAQ,OAAO,CAAC,MAAM,EAAE,CAAC;gBACvB,KAAK,cAAc;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;oBAAC,MAAM;gBACvE,KAAK,eAAe;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;oBAAC,MAAM;gBACzE,KAAK,qBAAqB;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,EAAE,GAAG,IAAI,EAAE,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAAC;oBAAC,MAAM;gBAClI,KAAK,cAAc;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;oBAAC,MAAM;gBAC9E,KAAK,iBAAiB;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,EAAE,GAAG,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;oBAAC,MAAM;YAC3G,CAAC;YACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QAC9B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,IAAI,EAAG,KAAa,CAAC,IAAI,IAAI,sBAAsB,EAAE,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;QACxJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,OAAiC;QACxD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,EAAE,IAAI,EAAE,OAAgB,EAAE,EAAE,EAAE,OAAO,CAAC,QAAQ,IAAI,OAAO,EAAE,CAAC;YAC1E,IAAI,MAAW,CAAC;YAChB,QAAQ,OAAO,CAAC,MAAM,EAAE,CAAC;gBACvB,KAAK,aAAa;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,QAAQ,IAAI,OAAO,EAAE,EAAE,UAAU,EAAE,UAAU,EAAE,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;oBAAC,MAAM;gBAC1N,KAAK,eAAe;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,QAAQ,IAAI,OAAO,EAAE,EAAE,aAAa,EAAE,OAAO,CAAC,aAAa,EAAE,UAAU,EAAE,UAAU,EAAE,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;oBAAC,MAAM;gBACpQ,KAAK,aAAa;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,QAAQ,IAAI,OAAO,EAAE,EAAE,iBAAiB,EAAE,OAAO,CAAC,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;oBAAC,MAAM;gBACjQ,KAAK,cAAc;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,QAAQ,IAAI,OAAO,EAAE,EAAE,CAAC,CAAC;oBAAC,MAAM;gBAC5J,KAAK,aAAa;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,QAAQ,IAAI,OAAO,EAAE,EAAE,aAAa,EAAE,OAAO,CAAC,aAAa,EAAE,SAAS,EAAE,OAAO,CAAC,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;oBAAC,MAAM;gBACjS,KAAK,kBAAkB;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,QAAQ,IAAI,OAAO,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;oBAAC,MAAM;gBACxQ,KAAK,eAAe;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,EAAE,IAAI,EAAE,qBAAqB,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,YAAY,EAAE,OAAO,CAAC,YAAY,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;oBAAC,MAAM;gBAC1R,KAAK,eAAe;oBAAE,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,EAAE,IAAI,EAAE,qBAAqB,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,YAAY,EAAE,OAAO,CAAC,YAAY,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;oBAAC,MAAM;gBACxT,KAAK,eAAe;oBAAE,MAAM,IAAI,CAAC,iBAAiB,CAAC,EAAE,IAAI,EAAE,qBAAqB,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,YAAY,EAAE,OAAO,CAAC,YAAY,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;oBAAC,MAAM,GAAG,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;oBAAC,MAAM;YAC5Q,CAAC;YACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QAC9B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,IAAI,EAAG,KAAa,CAAC,IAAI,IAAI,sBAAsB,EAAE,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;QACxJ,CAAC;IACH,CAAC;CACF;AAED,MAAM,UAAU,kBAAkB,CAAC,SAAoB,EAAE,OAAsC;IAC7F,OAAO,IAAI,iBAAiB,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;AAC9D,CAAC;AAED,0CAA0C;AAC1C,MAAM,CAAC,MAAM,2BAA2B,GAAG,kBAAkB,CAAC"}
|
|
@@ -17,9 +17,10 @@ export declare class AgentDispatchHttpTransport implements AgentDispatchTranspor
|
|
|
17
17
|
agent_secrets: readonly AgentSecretGrant[];
|
|
18
18
|
secret_destinations: readonly SecretDestinationGrant[];
|
|
19
19
|
}>;
|
|
20
|
-
agentListSecrets(request: import("../vault-core/index.js").AgentListSecretsRequest): Promise<readonly import("../vault-core/index.js").
|
|
21
|
-
agentListRequests(request: import("../vault-core/index.js").AgentListRequestsRequest): Promise<readonly import("../vault-core/index.js").
|
|
20
|
+
agentListSecrets(request: import("../vault-core/index.js").AgentListSecretsRequest): Promise<readonly import("../vault-core/index.js").SecretRecord[]>;
|
|
21
|
+
agentListRequests(request: import("../vault-core/index.js").AgentListRequestsRequest): Promise<readonly import("../vault-core/index.js").AgentRequestRecord[]>;
|
|
22
22
|
agentGetRequest(request: import("../vault-core/index.js").AgentGetRequestRequest): Promise<import("../vault-core/index.js").AgentRequestResult>;
|
|
23
23
|
agentGetRuntimeManifest(request: import("../vault-core/index.js").AgentGetRuntimeManifestRequest): Promise<import("../vault-core/index.js").AgentRuntimeManifest>;
|
|
24
|
+
agentAuditTestPing(request: import("../vault-core/index.js").AgentAuditTestPingRequest): Promise<import("../vault-core/index.js").AuditEntry>;
|
|
24
25
|
private _postControl;
|
|
25
26
|
}
|
|
@@ -16,12 +16,12 @@ export class AgentDispatchHttpTransport {
|
|
|
16
16
|
}
|
|
17
17
|
async agentDispatch(request) {
|
|
18
18
|
const remoteRequest = {
|
|
19
|
-
vault_id: request.vault_id
|
|
19
|
+
vault_id: request.vault_id,
|
|
20
20
|
request_id: request.request_id,
|
|
21
21
|
requested_at: request.requested_at,
|
|
22
22
|
root_agent_id: request.agent.id,
|
|
23
23
|
reason: request.reason,
|
|
24
|
-
|
|
24
|
+
secret_id: request.secret_id,
|
|
25
25
|
target_url: request.target_url,
|
|
26
26
|
method: request.method,
|
|
27
27
|
headers: request.headers,
|
|
@@ -51,7 +51,7 @@ export class AgentDispatchHttpTransport {
|
|
|
51
51
|
async agentListGrants(request) {
|
|
52
52
|
const payload = await this._postControl({
|
|
53
53
|
action: "list_grants",
|
|
54
|
-
vault_id: request.vault_id
|
|
54
|
+
vault_id: request.vault_id,
|
|
55
55
|
request_id: request.request_id,
|
|
56
56
|
requested_at: request.requested_at,
|
|
57
57
|
root_agent_id: request.agent.id,
|
|
@@ -62,7 +62,7 @@ export class AgentDispatchHttpTransport {
|
|
|
62
62
|
async agentListSecrets(request) {
|
|
63
63
|
const payload = await this._postControl({
|
|
64
64
|
action: "list_secrets",
|
|
65
|
-
vault_id: request.vault_id
|
|
65
|
+
vault_id: request.vault_id,
|
|
66
66
|
request_id: request.request_id,
|
|
67
67
|
requested_at: request.requested_at,
|
|
68
68
|
root_agent_id: request.agent.id,
|
|
@@ -73,7 +73,7 @@ export class AgentDispatchHttpTransport {
|
|
|
73
73
|
async agentListRequests(request) {
|
|
74
74
|
const payload = await this._postControl({
|
|
75
75
|
action: "list_requests",
|
|
76
|
-
vault_id: request.vault_id
|
|
76
|
+
vault_id: request.vault_id,
|
|
77
77
|
request_id: request.request_id,
|
|
78
78
|
requested_at: request.requested_at,
|
|
79
79
|
root_agent_id: request.agent.id,
|
|
@@ -84,7 +84,7 @@ export class AgentDispatchHttpTransport {
|
|
|
84
84
|
async agentGetRequest(request) {
|
|
85
85
|
const payload = await this._postControl({
|
|
86
86
|
action: "read_request_result",
|
|
87
|
-
vault_id: request.vault_id
|
|
87
|
+
vault_id: request.vault_id,
|
|
88
88
|
request_id: request.request_id,
|
|
89
89
|
requested_at: request.requested_at,
|
|
90
90
|
target_request_id: request.target_request_id,
|
|
@@ -96,7 +96,7 @@ export class AgentDispatchHttpTransport {
|
|
|
96
96
|
async agentGetRuntimeManifest(request) {
|
|
97
97
|
const payload = await this._postControl({
|
|
98
98
|
action: "get_manifest",
|
|
99
|
-
vault_id: request.vault_id
|
|
99
|
+
vault_id: request.vault_id,
|
|
100
100
|
request_id: request.request_id,
|
|
101
101
|
requested_at: request.requested_at,
|
|
102
102
|
root_agent_id: request.agent.id,
|
|
@@ -104,6 +104,18 @@ export class AgentDispatchHttpTransport {
|
|
|
104
104
|
});
|
|
105
105
|
return payload;
|
|
106
106
|
}
|
|
107
|
+
async agentAuditTestPing(request) {
|
|
108
|
+
const payload = await this._postControl({
|
|
109
|
+
action: "audit_test_ping",
|
|
110
|
+
vault_id: request.vault_id,
|
|
111
|
+
request_id: request.request_id,
|
|
112
|
+
requested_at: request.requested_at,
|
|
113
|
+
root_agent_id: request.agent.id,
|
|
114
|
+
label: request.label,
|
|
115
|
+
proof: { token: request.proof.token },
|
|
116
|
+
});
|
|
117
|
+
return payload;
|
|
118
|
+
}
|
|
107
119
|
async _postControl(body) {
|
|
108
120
|
const response = await this._fetchImpl(this._controlUrl, {
|
|
109
121
|
method: "POST",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"remote-transport.js","sourceRoot":"","sources":["../../src/vault-ingress/remote-transport.ts"],"names":[],"mappings":"AAIA;;;GAGG;AACH;;GAEG;AACH,MAAM,OAAO,0BAA0B;IAElB;IACA;IACA;IAHnB,YACmB,IAAY,EACZ,aAA2B,KAAK,EAChC,cAAsB,IAAI,GAAG,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC,QAAQ,EAAE;QAFjE,SAAI,GAAJ,IAAI,CAAQ;QACZ,eAAU,GAAV,UAAU,CAAsB;QAChC,gBAAW,GAAX,WAAW,CAAsD;IACjF,CAAC;IAEJ,KAAK,CAAC,aAAa,CAAC,OAAwB;QAC1C,MAAM,aAAa,GAA8B;YAC/C,QAAQ,EAAE,OAAO,CAAC,QAAQ
|
|
1
|
+
{"version":3,"file":"remote-transport.js","sourceRoot":"","sources":["../../src/vault-ingress/remote-transport.ts"],"names":[],"mappings":"AAIA;;;GAGG;AACH;;GAEG;AACH,MAAM,OAAO,0BAA0B;IAElB;IACA;IACA;IAHnB,YACmB,IAAY,EACZ,aAA2B,KAAK,EAChC,cAAsB,IAAI,GAAG,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC,QAAQ,EAAE;QAFjE,SAAI,GAAJ,IAAI,CAAQ;QACZ,eAAU,GAAV,UAAU,CAAsB;QAChC,gBAAW,GAAX,WAAW,CAAsD;IACjF,CAAC;IAEJ,KAAK,CAAC,aAAa,CAAC,OAAwB;QAC1C,MAAM,aAAa,GAA8B;YAC/C,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,aAAa,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YAC/B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,KAAK,EAAE;gBACL,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK;aAC3B;SACF,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE;YAChD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC;SACpC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,sCAAsC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;QAClG,CAAC;QAED,MAAM,OAAO,GAAiE,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpG,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC1E,KAAa,CAAC,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC;YACzC,MAAM,KAAK,CAAC;QACd,CAAC;QAED,OAAO,OAAO,CAAC,MAAM,CAAC;IACxB,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,OAAgE;QACpF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACtC,MAAM,EAAE,aAAa;YACrB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,aAAa,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YAC/B,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE;SACtC,CAAC,CAAC;QACH,OAAO,OAAiH,CAAC;IAC3H,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,OAAiE;QACtF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACtC,MAAM,EAAE,cAAc;YACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,aAAa,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YAC/B,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE;SACtC,CAAC,CAAC;QACH,OAAO,OAAmE,CAAC;IAC7E,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,OAAkE;QACxF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACtC,MAAM,EAAE,eAAe;YACvB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,aAAa,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YAC/B,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE;SACtC,CAAC,CAAC;QACH,OAAO,OAAyE,CAAC;IACnF,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,OAAgE;QACpF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACtC,MAAM,EAAE,qBAAqB;YAC7B,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;YAC5C,aAAa,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YAC/B,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE;SACtC,CAAC,CAAC;QACH,OAAO,OAA8D,CAAC;IACxE,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,OAAwE;QACpG,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACtC,MAAM,EAAE,cAAc;YACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,aAAa,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YAC/B,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE;SACtC,CAAC,CAAC;QACH,OAAO,OAAgE,CAAC;IAC1E,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,OAAmE;QAC1F,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACtC,MAAM,EAAE,iBAAiB;YACzB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,aAAa,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YAC/B,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE;SACtC,CAAC,CAAC;QACH,OAAO,OAAsD,CAAC;IAChE,CAAC;IAEO,KAAK,CAAC,YAAY,CAAC,IAAa;QACtC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,EAAE;YACvD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,sCAAsC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;QAClG,CAAC;QACD,MAAM,OAAO,GAAyG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC5I,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC1E,KAAa,CAAC,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC;YACzC,MAAM,KAAK,CAAC;QACd,CAAC;QACD,OAAO,OAAO,CAAC,MAAM,CAAC;IACxB,CAAC;CACF"}
|
|
@@ -1,8 +1,7 @@
|
|
|
1
1
|
import type { VaultService, VaultAgentDispatchResponse, VaultAgentDispatchErrorResponse, VaultAgentControlResponse, VaultAgentControlErrorResponse } from "./index.js";
|
|
2
|
-
import type { AuditOperation } from "../vault-core/index.js";
|
|
3
2
|
export interface VaultAuditSseOptions {
|
|
4
3
|
afterEventId?: string;
|
|
5
|
-
|
|
4
|
+
function_names?: readonly string[];
|
|
6
5
|
root_agent_id?: string;
|
|
7
6
|
request_id?: string;
|
|
8
7
|
signal?: AbortSignal;
|
|
@@ -90,7 +90,7 @@ export function handleVaultAuditSse(service, options = {}) {
|
|
|
90
90
|
controller.enqueue(createSseCommentFrame("connected"));
|
|
91
91
|
const subscription = {
|
|
92
92
|
afterEventId: options.afterEventId,
|
|
93
|
-
|
|
93
|
+
function_names: options.function_names,
|
|
94
94
|
root_agent_id: options.root_agent_id,
|
|
95
95
|
request_id: options.request_id,
|
|
96
96
|
onEvent: (entry) => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server-utils.js","sourceRoot":"","sources":["../../src/vault-ingress/server-utils.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"server-utils.js","sourceRoot":"","sources":["../../src/vault-ingress/server-utils.ts"],"names":[],"mappings":"AAyBA,SAAS,cAAc,CAAC,KAAwB;IAC9C,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC7D,CAAC;AAED,SAAS,mBAAmB,CAAC,SAAiB,EAAE,OAAe,EAAE,OAAgB;IAC/E,OAAO,cAAc,CAAC;QACpB,OAAO,OAAO,EAAE;QAChB,UAAU,SAAS,EAAE;QACrB,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,SAAS,IAAI,EAAE,CAAC;KACtE,CAAC,CAAC;AACL,CAAC;AAED,SAAS,qBAAqB,CAAC,OAAe;IAC5C,OAAO,cAAc,CAAC,CAAC,KAAK,OAAO,EAAE,CAAC,CAAC,CAAC;AAC1C,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,OAAqB,EACrB,IAAa;IAEb,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,OAAO;YACL,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,EAAE,IAAI,EAAE,4BAA4B,EAAE,OAAO,EAAE,oCAAoC,EAAE;SAC7F,CAAC;IACJ,CAAC;IACD,MAAM,OAAO,GAAG,IAA0C,CAAC;IAC3D,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,EAAE,CAAC;QAC1B,OAAO;YACL,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,EAAE,IAAI,EAAE,6BAA6B,EAAE,OAAO,EAAE,gDAAgD,EAAE;SAC1G,CAAC;IACJ,CAAC;IACD,OAAO,OAAO,CAAC,mBAAmB,CAAC,OAAoC,CAAC,CAAC;AAC3E,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,OAAqB,EACrB,IAAa;IAEb,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,OAAO;YACL,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,EAAE,IAAI,EAAE,4BAA4B,EAAE,OAAO,EAAE,oCAAoC,EAAE;SAC7F,CAAC;IACJ,CAAC;IACD,MAAM,OAAO,GAAG,IAAyC,CAAC;IAC1D,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,EAAE,CAAC;QAC1B,OAAO;YACL,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,EAAE,IAAI,EAAE,6BAA6B,EAAE,OAAO,EAAE,+CAA+C,EAAE;SACzG,CAAC;IACJ,CAAC;IACD,OAAO,OAAO,CAAC,kBAAkB,CAAC,OAAmC,CAAC,CAAC;AACzE,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CACjC,OAAqB,EACrB,UAAgC,EAAE;IAElC,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,aAAa,CAAC;IACrD,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,KAAK,CAAC;IACvD,IAAI,WAAW,GAAG,GAAG,EAAE,GAAE,CAAC,CAAC;IAC3B,IAAI,IAAI,GAA0C,IAAI,CAAC;IACvD,IAAI,MAAM,GAAG,KAAK,CAAC;IAEnB,MAAM,OAAO,GAAG,GAAG,EAAE;QACnB,IAAI,MAAM;YAAE,OAAO;QACnB,MAAM,GAAG,IAAI,CAAC;QACd,IAAI,IAAI,EAAE,CAAC;YACT,aAAa,CAAC,IAAI,CAAC,CAAC;YACpB,IAAI,GAAG,IAAI,CAAC;QACd,CAAC;QACD,WAAW,EAAE,CAAC;IAChB,CAAC,CAAC;IAEF,MAAM,MAAM,GAAG,IAAI,cAAc,CAAa;QAC5C,KAAK,CAAC,UAAU;YACd,MAAM,KAAK,GAAG,GAAG,EAAE;gBACjB,IAAI,MAAM;oBAAE,OAAO;gBACnB,OAAO,EAAE,CAAC;gBACV,UAAU,CAAC,KAAK,EAAE,CAAC;YACrB,CAAC,CAAC;YAEF,IAAI,OAAO,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC;gBAC5B,KAAK,EAAE,CAAC;gBACR,OAAO;YACT,CAAC;YAED,UAAU,CAAC,OAAO,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC,CAAC;YAEvD,MAAM,YAAY,GAA2B;gBAC3C,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,cAAc,EAAE,OAAO,CAAC,cAAc;gBACtC,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;oBACjB,IAAI,MAAM;wBAAE,OAAO;oBACnB,UAAU,CAAC,OAAO,CAAC,mBAAmB,CAAC,SAAS,EAAE,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;gBAC5E,CAAC;aACF,CAAC;YACF,WAAW,GAAG,OAAO,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;YAEjD,IAAI,cAAc,GAAG,CAAC,EAAE,CAAC;gBACvB,IAAI,GAAG,WAAW,CAAC,GAAG,EAAE;oBACtB,IAAI,MAAM;wBAAE,OAAO;oBACnB,UAAU,CAAC,OAAO,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC,CAAC;gBACpD,CAAC,EAAE,cAAc,CAAC,CAAC;gBACnB,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;YACjB,CAAC;YAED,OAAO,CAAC,MAAM,EAAE,gBAAgB,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QACnE,CAAC;QACD,MAAM;YACJ,OAAO,EAAE,CAAC;QACZ,CAAC;KACF,CAAC,CAAC;IAEH,OAAO,IAAI,QAAQ,CAAC,MAAM,EAAE;QAC1B,OAAO,EAAE;YACP,cAAc,EAAE,kCAAkC;YAClD,eAAe,EAAE,wBAAwB;YACzC,UAAU,EAAE,YAAY;SACzB;KACF,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,6BAA6B,CAC3C,OAAqB,EACrB,UAA0C,EAAE;IAE5C,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,kBAAkB,CAAC;IAC1D,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,KAAK,CAAC;IACvD,IAAI,WAAW,GAAG,GAAG,EAAE,GAAE,CAAC,CAAC;IAC3B,IAAI,IAAI,GAA0C,IAAI,CAAC;IACvD,IAAI,MAAM,GAAG,KAAK,CAAC;IAEnB,MAAM,OAAO,GAAG,GAAG,EAAE;QACnB,IAAI,MAAM;YAAE,OAAO;QACnB,MAAM,GAAG,IAAI,CAAC;QACd,IAAI,IAAI,EAAE,CAAC;YACT,aAAa,CAAC,IAAI,CAAC,CAAC;YACpB,IAAI,GAAG,IAAI,CAAC;QACd,CAAC;QACD,WAAW,EAAE,CAAC;IAChB,CAAC,CAAC;IAEF,MAAM,MAAM,GAAG,IAAI,cAAc,CAAa;QAC5C,KAAK,CAAC,UAAU;YACd,MAAM,KAAK,GAAG,GAAG,EAAE;gBACjB,IAAI,MAAM;oBAAE,OAAO;gBACnB,OAAO,EAAE,CAAC;gBACV,UAAU,CAAC,KAAK,EAAE,CAAC;YACrB,CAAC,CAAC;YAEF,IAAI,OAAO,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC;gBAC5B,KAAK,EAAE,CAAC;gBACR,OAAO;YACT,CAAC;YAED,UAAU,CAAC,OAAO,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC,CAAC;YAEvD,WAAW,GAAG,OAAO,CAAC,sBAAsB,CAAC;gBAC3C,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;oBACjB,IAAI,MAAM;wBAAE,OAAO;oBACnB,UAAU,CAAC,OAAO,CAAC,mBAAmB,CAAC,SAAS,EAAE,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;gBAC5E,CAAC;aACF,CAAC,CAAC;YAEH,IAAI,cAAc,GAAG,CAAC,EAAE,CAAC;gBACvB,IAAI,GAAG,WAAW,CAAC,GAAG,EAAE;oBACtB,IAAI,MAAM;wBAAE,OAAO;oBACnB,UAAU,CAAC,OAAO,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC,CAAC;gBACpD,CAAC,EAAE,cAAc,CAAC,CAAC;gBACnB,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;YACjB,CAAC;YAED,OAAO,CAAC,MAAM,EAAE,gBAAgB,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QACnE,CAAC;QACD,MAAM;YACJ,OAAO,EAAE,CAAC;QACZ,CAAC;KACF,CAAC,CAAC;IAEH,OAAO,IAAI,QAAQ,CAAC,MAAM,EAAE;QAC1B,OAAO,EAAE;YACP,cAAc,EAAE,kCAAkC;YAClD,eAAe,EAAE,wBAAwB;YACzC,UAAU,EAAE,YAAY;SACzB;KACF,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG"}
|
package/docs/ARCHITECTURE.md
CHANGED
|
@@ -1,37 +1,39 @@
|
|
|
1
|
-
# Architecture (v1.
|
|
1
|
+
# Architecture (v1.72.0)
|
|
2
2
|
|
|
3
|
-
The cbio runtime follows a **Vault** architecture: a unified, authority-centric model where security is grounded in proof-of-knowledge (passwords)
|
|
3
|
+
The cbio runtime follows a **Vault** architecture: a unified, authority-centric model where security is grounded in proof-of-knowledge (passwords) and a "Zero-Wrapper" unified ID system.
|
|
4
4
|
|
|
5
5
|
## Core Principles
|
|
6
6
|
|
|
7
7
|
1. **Authority via Password**: Administrative control is granted by unlocking the vault with its master password.
|
|
8
8
|
2. **Unified Storage**: All vault state (secrets, metadata, registries) is stored in a single encrypted partition.
|
|
9
|
-
3. **
|
|
10
|
-
4. **
|
|
11
|
-
5. **
|
|
9
|
+
3. **Unified ID Architecture**: All identifies (VaultId, SecretId, AgentId) are managed as native strings, eliminating redundant object wrappers.
|
|
10
|
+
4. **Managed Agency**: The vault acts as a custodian for its agents, managing their identity material internally.
|
|
11
|
+
5. **Process Isolation**: Sensitive cryptographic operations are physically separated from agent execution environments.
|
|
12
|
+
6. **Fact-Based Auditability**: The system logs objective facts (function calls and parameters) rather than opaque operation categories.
|
|
13
|
+
7. **Environment Resilience**: Native support for memory-only fallback when filesystem-backed storage is unavailable.
|
|
12
14
|
|
|
13
15
|
## Identity and Roles
|
|
14
16
|
|
|
15
17
|
The runtime distinguishes between administrative authority and delegated agency:
|
|
16
18
|
|
|
17
19
|
- **`vault-master` (Role)**: The implicit administrative role held by anyone who successfully unlocks the vault.
|
|
18
|
-
- **`agent` (Role)**: A delegated principal identified by a unique `AgentId
|
|
19
|
-
- **Managed Identity**: An identity whose private keys are stored within the vault.
|
|
20
|
+
- **`agent` (Role)**: A delegated principal identified by a unique `AgentId` (a raw string).
|
|
21
|
+
- **Managed Identity**: An identity whose private keys are stored within the vault's encrypted custody.
|
|
20
22
|
- **External Identity**: An identity represented by a public key, with private keys managed externally.
|
|
21
23
|
|
|
22
24
|
## Components
|
|
23
25
|
|
|
24
|
-
- **`vault-core`**: The secure engine. Stores secret
|
|
25
|
-
- **`clients/owner`**: The administrative interface. Used for
|
|
26
|
+
- **`vault-core`**: The secure engine. Stores secret materials, validates transactions, and maintains the fact-based audit log.
|
|
27
|
+
- **`clients/owner`**: The administrative interface. Used for managing secrets, agents, and grants.
|
|
26
28
|
- **`clients/agent`**: The consumer interface. Used by agents to request signed dispatches and introspect their identity/grants.
|
|
27
29
|
- **`vault-ingress`**: The protocol layer that provides the entry points for external system integration.
|
|
28
30
|
|
|
29
31
|
## Simplified Authorization Model (Grants)
|
|
30
32
|
|
|
31
|
-
The
|
|
33
|
+
The system uses a streamlined **Grant** model:
|
|
32
34
|
|
|
33
|
-
1. **Agent-Secret Grants**:
|
|
34
|
-
2. **Secret-Destination Grants**:
|
|
35
|
+
1. **Agent-Secret Grants**: Authorize an agent to use a specific secret instance (identified internally by its stable `secret_id` UUID).
|
|
36
|
+
2. **Secret-Destination Grants**: Authorize a secret instance to be dispatched to a specific domain (e.g., `api.example.com`).
|
|
35
37
|
|
|
36
38
|
A dispatch is permitted only if **both** grants exist and are in `approved` status. Because grants are bound to the internal stable ID, renaming a secret alias does not invalidate existing permissions.
|
|
37
39
|
|
|
@@ -54,7 +56,7 @@ All vault data is stored under a versioned prefix: `vaults/<vault-id>_v1/`.
|
|
|
54
56
|
- **`grants/agent_secrets/`**: White-list of agents authorized for specific secrets.
|
|
55
57
|
- **`grants/secret_destinations/`**: White-list of domains authorized for specific secrets.
|
|
56
58
|
- **`requests/`**: History of dispatches and pending approvals.
|
|
57
|
-
- **`audit/`**: Append-only log.
|
|
59
|
+
- **`audit/`**: Append-only fact log.
|
|
58
60
|
|
|
59
61
|
## Process Isolation (A/B Architecture)
|
|
60
62
|
|
|
@@ -66,5 +68,5 @@ To prevent secret leakage, the runtime is designed for physical separation:
|
|
|
66
68
|
|
|
67
69
|
1. **Locked by Default**: Before unlocking, the vault reveals nothing but its ID.
|
|
68
70
|
2. **Secret Separation**: Plaintext secrets never leave the memory space of `vault-core`.
|
|
69
|
-
3. **
|
|
71
|
+
3. **Fact-logging**: Every action is recorded as a function-call event bound to a principal.
|
|
70
72
|
4. **Grant Gating**: Agents can only act on secrets for which they have valid, approved grants.
|
package/docs/REFERENCE.md
CHANGED
|
@@ -1,22 +1,20 @@
|
|
|
1
|
-
# CBIO Vault Runtime Reference (v1.
|
|
1
|
+
# CBIO Vault Runtime Reference (v1.72.0)
|
|
2
2
|
|
|
3
3
|
This document describes the current implemented runtime surface for the **Vault**.
|
|
4
4
|
|
|
5
5
|
## Primary API Surface
|
|
6
6
|
|
|
7
|
-
The v1.
|
|
7
|
+
The v1.72.0 runtime centers on a streamlined **Grant-based** authorization model and a **Unified ID Architecture**, providing a "Zero-Configuration" workflow for agents.
|
|
8
8
|
|
|
9
9
|
### Main Constructors and Entrypoints
|
|
10
10
|
|
|
11
|
-
- `createVault(...)` - Initialize a new vault using a master password.
|
|
11
|
+
- `createVault(...)` - Initialize a new vault using a master password. Supports automatic memory-only fallback.
|
|
12
12
|
- `recoverVault(...)` - Reopen an existing vault using its master password.
|
|
13
13
|
- `createOwnerClient(...)` - Create an administrative client (Owner).
|
|
14
14
|
- `createAgentClient(...)` - Create an agent client (Consumer).
|
|
15
15
|
|
|
16
16
|
## Identity and Access Control
|
|
17
17
|
|
|
18
|
-
## Identity and Access Control
|
|
19
|
-
|
|
20
18
|
### 0. Secret Management
|
|
21
19
|
|
|
22
20
|
Alias namespaces are **globally unique** within a Vault. Secrets are managed with strict, predictable semantics:
|
|
@@ -29,23 +27,12 @@ Alias namespaces are **globally unique** within a Vault. Secrets are managed wit
|
|
|
29
27
|
|
|
30
28
|
**Batch atomicity**: When an array is passed, all preconditions are verified first. If any check fails, nothing is written.
|
|
31
29
|
|
|
32
|
-
```ts
|
|
33
|
-
// Single
|
|
34
|
-
await client.ownerCreateSecret({ alias: 'key', plaintext: '...' });
|
|
35
|
-
|
|
36
|
-
// Batch — atomic: all-or-nothing
|
|
37
|
-
await client.ownerCreateSecret([
|
|
38
|
-
{ alias: 'key-a', plaintext: '...' },
|
|
39
|
-
{ alias: 'key-b', plaintext: '...' },
|
|
40
|
-
]);
|
|
41
|
-
```
|
|
42
|
-
|
|
43
30
|
### 1. Agent Identities
|
|
44
31
|
- `ownerCreateAgent(...)`: Provision a new agent identity and return a session token.
|
|
45
32
|
- `ownerListAgents()`: Enumerate all registered agents.
|
|
46
33
|
|
|
47
34
|
### 2. Grant Management (Access Control)
|
|
48
|
-
The system uses a domain-level white-list model.
|
|
35
|
+
The system uses a domain-level white-list model. All grants are bound to the underlying stable `secret_id` (UUID), making them resilient to secret renames.
|
|
49
36
|
|
|
50
37
|
- `ownerGrantAgentSecret(...)`: Authorize an agent to use a specific secret.
|
|
51
38
|
- `ownerGrantSecretDestination(...)`: Authorize a secret for a specific domain.
|
|
@@ -56,30 +43,26 @@ The system uses a domain-level white-list model. Note that while these methods a
|
|
|
56
43
|
### 3. Dispatch and Approval (HITL)
|
|
57
44
|
- `agentDispatch(...)`: Attempt a secret-driven HTTP request. Returns `SUCCEEDED`, `DENIED`, `FAILED`, or `AWAITING_APPROVAL`.
|
|
58
45
|
- `ownerListRequests(...)`: Review approval-waiting (`AWAITING_APPROVAL`) or historical dispatches.
|
|
59
|
-
- `ownerOnAudit({ afterEventId,
|
|
60
|
-
- `ownerOnPendingDispatch({ afterEventId, onEvent })`: Subscribe to persisted pending-dispatch events.
|
|
61
|
-
- `handleVaultAuditSse(vault, { afterEventId,
|
|
62
|
-
- `handleVaultPendingDispatchSse(vault, { afterEventId, signal })`: Bridge pending-dispatch events to browser or cross-process consumers over SSE.
|
|
46
|
+
- `ownerOnAudit({ afterEventId, function_names, root_agent_id, request_id, onEvent })`: Subscribe to the append-only audit log.
|
|
47
|
+
- `ownerOnPendingDispatch({ afterEventId, onEvent })`: Subscribe to persisted pending-dispatch events.
|
|
48
|
+
- `handleVaultAuditSse(vault, { afterEventId, function_names, root_agent_id, request_id, signal })`: Bridge the audit log to browser or cross-process consumers over SSE.
|
|
63
49
|
- `ownerApproveDispatch(...)`: Resolve a pending request.
|
|
64
|
-
- `allow_once`: Execute once, no permanent change.
|
|
65
|
-
- `allow_and_grant`: Execute and automatically provision permanent grants.
|
|
66
|
-
- `deny`: Reject the request.
|
|
67
50
|
|
|
68
51
|
## Storage and Lifecycle
|
|
69
52
|
|
|
70
|
-
###
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
- `
|
|
76
|
-
- `
|
|
77
|
-
- `
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
- `
|
|
81
|
-
|
|
82
|
-
|
|
53
|
+
### 1. Managed Identity
|
|
54
|
+
The runtime handles private keys internally. Key material for agents is stored in the encrypted `custody` table of the vault.
|
|
55
|
+
|
|
56
|
+
### 2. Unified ID Architecture
|
|
57
|
+
All identifiers are managed as native `string` types:
|
|
58
|
+
- `VaultId`: `vault_...` (UUID)
|
|
59
|
+
- `SecretId`: `secret_...` (UUID)
|
|
60
|
+
- `AgentId`: `agt_...` (root_agent_id)
|
|
61
|
+
|
|
62
|
+
### 3. Fact-Based Audit Log
|
|
63
|
+
The audit log records objective facts about function calls. Instead of high-level operation types, it logs the `function_name` and the associated ID parameters.
|
|
64
|
+
|
|
65
|
+
---
|
|
83
66
|
|
|
84
67
|
## Build & Integration
|
|
85
68
|
|
package/docs/api/README.md
CHANGED
|
@@ -1,12 +1,11 @@
|
|
|
1
|
-
**CBIO Node Runtime Agent API v1.
|
|
1
|
+
**CBIO Node Runtime Agent API v1.74.0**
|
|
2
2
|
|
|
3
3
|
***
|
|
4
4
|
|
|
5
|
-
# CBIO Node Runtime Agent API v1.
|
|
5
|
+
# CBIO Node Runtime Agent API v1.74.0
|
|
6
6
|
|
|
7
7
|
## Enumerations
|
|
8
8
|
|
|
9
|
-
- [AuditOperation](enumerations/AuditOperation.md)
|
|
10
9
|
- [DispatchStatus](enumerations/DispatchStatus.md)
|
|
11
10
|
- [IdentityErrorCode](enumerations/IdentityErrorCode.md)
|
|
12
11
|
- [OwnerClientErrorCode](enumerations/OwnerClientErrorCode.md)
|
|
@@ -26,6 +25,7 @@
|
|
|
26
25
|
|
|
27
26
|
## Interfaces
|
|
28
27
|
|
|
28
|
+
- [AgentAuditTestPingInput](interfaces/AgentAuditTestPingInput.md)
|
|
29
29
|
- [AgentClient](interfaces/AgentClient.md)
|
|
30
30
|
- [AgentDispatchIntent](interfaces/AgentDispatchIntent.md)
|
|
31
31
|
- [AgentDispatchTransport](interfaces/AgentDispatchTransport.md)
|
|
@@ -35,8 +35,6 @@
|
|
|
35
35
|
- [AgentRuntimeManifest](interfaces/AgentRuntimeManifest.md)
|
|
36
36
|
- [AgentSecretGrant](interfaces/AgentSecretGrant.md)
|
|
37
37
|
- [AgentSigner](interfaces/AgentSigner.md)
|
|
38
|
-
- [AgentVisibleRequestRecord](interfaces/AgentVisibleRequestRecord.md)
|
|
39
|
-
- [AgentVisibleSecretRecord](interfaces/AgentVisibleSecretRecord.md)
|
|
40
38
|
- [AuditEntry](interfaces/AuditEntry.md)
|
|
41
39
|
- [CbioRuntime](interfaces/CbioRuntime.md)
|
|
42
40
|
- [CreateAgentClientOptions](interfaces/CreateAgentClientOptions.md)
|
|
@@ -65,15 +63,12 @@
|
|
|
65
63
|
- [OwnerSensitiveActionContext](interfaces/OwnerSensitiveActionContext.md)
|
|
66
64
|
- [OwnerSession](interfaces/OwnerSession.md)
|
|
67
65
|
- [OwnerUpdateSecretInput](interfaces/OwnerUpdateSecretInput.md)
|
|
68
|
-
- [OwnerVisibleRequestRecord](interfaces/OwnerVisibleRequestRecord.md)
|
|
69
66
|
- [PendingDispatchEvent](interfaces/PendingDispatchEvent.md)
|
|
70
67
|
- [RecoveredVault](interfaces/RecoveredVault.md)
|
|
71
68
|
- [RecoverVaultOptions](interfaces/RecoverVaultOptions.md)
|
|
72
69
|
- [RequestRecord](interfaces/RequestRecord.md)
|
|
73
70
|
- [RestoreIdentityOptions](interfaces/RestoreIdentityOptions.md)
|
|
74
|
-
- [SecretAlias](interfaces/SecretAlias.md)
|
|
75
71
|
- [SecretDestinationGrant](interfaces/SecretDestinationGrant.md)
|
|
76
|
-
- [SecretId](interfaces/SecretId.md)
|
|
77
72
|
- [SecretRecord](interfaces/SecretRecord.md)
|
|
78
73
|
- [Signer](interfaces/Signer.md)
|
|
79
74
|
- [VaultApproveDispatchInput](interfaces/VaultApproveDispatchInput.md)
|
|
@@ -84,7 +79,6 @@
|
|
|
84
79
|
- [VaultGetRequestInput](interfaces/VaultGetRequestInput.md)
|
|
85
80
|
- [VaultGrantAgentSecretInput](interfaces/VaultGrantAgentSecretInput.md)
|
|
86
81
|
- [VaultGrantSecretDestinationInput](interfaces/VaultGrantSecretDestinationInput.md)
|
|
87
|
-
- [VaultId](interfaces/VaultId.md)
|
|
88
82
|
- [VaultImportAgentInput](interfaces/VaultImportAgentInput.md)
|
|
89
83
|
- [VaultIssueSessionTokenInput](interfaces/VaultIssueSessionTokenInput.md)
|
|
90
84
|
- [VaultListAgentsInput](interfaces/VaultListAgentsInput.md)
|
|
@@ -110,7 +104,10 @@
|
|
|
110
104
|
- [CbioRuntimeModule](type-aliases/CbioRuntimeModule.md)
|
|
111
105
|
- [DispatchApprovalDecision](type-aliases/DispatchApprovalDecision.md)
|
|
112
106
|
- [GrantStatus](type-aliases/GrantStatus.md)
|
|
107
|
+
- [SecretAlias](type-aliases/SecretAlias.md)
|
|
108
|
+
- [SecretId](type-aliases/SecretId.md)
|
|
113
109
|
- [SecretLifecycleStatus](type-aliases/SecretLifecycleStatus.md)
|
|
110
|
+
- [VaultId](type-aliases/VaultId.md)
|
|
114
111
|
- [VaultPrincipalKind](type-aliases/VaultPrincipalKind.md)
|
|
115
112
|
|
|
116
113
|
## Variables
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
[**CBIO Node Runtime Agent API v1.
|
|
1
|
+
[**CBIO Node Runtime Agent API v1.74.0**](../README.md)
|
|
2
2
|
|
|
3
3
|
***
|
|
4
4
|
|
|
@@ -38,7 +38,7 @@
|
|
|
38
38
|
|
|
39
39
|
##### vault\_id
|
|
40
40
|
|
|
41
|
-
|
|
41
|
+
`string`
|
|
42
42
|
|
|
43
43
|
##### root\_agent\_id
|
|
44
44
|
|
|
@@ -62,7 +62,7 @@
|
|
|
62
62
|
|
|
63
63
|
##### vault\_id
|
|
64
64
|
|
|
65
|
-
|
|
65
|
+
`string`
|
|
66
66
|
|
|
67
67
|
#### Returns
|
|
68
68
|
|