npm - @tinycloud/node-sdk - Versions diffs - 1.2.0 → 1.4.0 - Mend

@tinycloud/node-sdk 1.2.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.cjs CHANGED Viewed

@@ -17025,40 +17025,44 @@ var require_utils2 = __commonJS({
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
-  CapabilityKeyRegistry: () => import_sdk_core9.CapabilityKeyRegistry,
-  CapabilityKeyRegistryErrorCodes: () => import_sdk_core9.CapabilityKeyRegistryErrorCodes,
+  CapabilityKeyRegistry: () => import_sdk_core10.CapabilityKeyRegistry,
+  CapabilityKeyRegistryErrorCodes: () => import_sdk_core10.CapabilityKeyRegistryErrorCodes,
+  DataVaultService: () => import_sdk_core8.DataVaultService,
   DatabaseHandle: () => import_sdk_core7.DatabaseHandle,
   DelegatedAccess: () => DelegatedAccess,
-  DelegationErrorCodes: () => import_sdk_core8.DelegationErrorCodes,
-  DelegationManager: () => import_sdk_core8.DelegationManager,
+  DelegationErrorCodes: () => import_sdk_core9.DelegationErrorCodes,
+  DelegationManager: () => import_sdk_core9.DelegationManager,
   FileSessionStorage: () => FileSessionStorage,
   KVService: () => import_sdk_core6.KVService,
   MemorySessionStorage: () => MemorySessionStorage,
   NodeUserAuthorization: () => NodeUserAuthorization,
   PrefixedKVService: () => import_sdk_core6.PrefixedKVService,
   PrivateKeySigner: () => PrivateKeySigner,
-  ProtocolMismatchError: () => import_sdk_core11.ProtocolMismatchError,
+  ProtocolMismatchError: () => import_sdk_core12.ProtocolMismatchError,
   SQLAction: () => import_sdk_core7.SQLAction,
   SQLService: () => import_sdk_core7.SQLService,
-  ServiceContext: () => import_sdk_core12.ServiceContext,
-  SharingService: () => import_sdk_core8.SharingService,
-  Space: () => import_sdk_core10.Space,
-  SpaceErrorCodes: () => import_sdk_core10.SpaceErrorCodes,
-  SpaceService: () => import_sdk_core10.SpaceService,
+  ServiceContext: () => import_sdk_core13.ServiceContext,
+  SharingService: () => import_sdk_core9.SharingService,
+  Space: () => import_sdk_core11.Space,
+  SpaceErrorCodes: () => import_sdk_core11.SpaceErrorCodes,
+  SpaceService: () => import_sdk_core11.SpaceService,
   TinyCloud: () => import_sdk_core5.TinyCloud,
   TinyCloudNode: () => TinyCloudNode,
-  VersionCheckError: () => import_sdk_core11.VersionCheckError,
+  VaultAction: () => import_sdk_core8.VaultAction,
+  VaultHeaders: () => import_sdk_core8.VaultHeaders,
+  VersionCheckError: () => import_sdk_core12.VersionCheckError,
   WasmKeyProvider: () => WasmKeyProvider,
-  buildSpaceUri: () => import_sdk_core10.buildSpaceUri,
-  checkNodeVersion: () => import_sdk_core11.checkNodeVersion,
-  createCapabilityKeyRegistry: () => import_sdk_core9.createCapabilityKeyRegistry,
-  createSharingService: () => import_sdk_core8.createSharingService,
-  createSpaceService: () => import_sdk_core10.createSpaceService,
+  buildSpaceUri: () => import_sdk_core11.buildSpaceUri,
+  checkNodeVersion: () => import_sdk_core12.checkNodeVersion,
+  createCapabilityKeyRegistry: () => import_sdk_core10.createCapabilityKeyRegistry,
+  createSharingService: () => import_sdk_core9.createSharingService,
+  createSpaceService: () => import_sdk_core11.createSpaceService,
+  createVaultCrypto: () => import_sdk_core8.createVaultCrypto,
   createWasmKeyProvider: () => createWasmKeyProvider,
   defaultSignStrategy: () => defaultSignStrategy,
   deserializeDelegation: () => deserializeDelegation,
-  makePublicSpaceId: () => import_sdk_core10.makePublicSpaceId,
-  parseSpaceUri: () => import_sdk_core10.parseSpaceUri,
+  makePublicSpaceId: () => import_sdk_core11.makePublicSpaceId,
+  parseSpaceUri: () => import_sdk_core11.parseSpaceUri,
   serializeDelegation: () => serializeDelegation
 });
 module.exports = __toCommonJS(index_exports);
@@ -17365,6 +17369,7 @@ var _NodeUserAuthorization = class _NodeUserAuthorization {
     this.sessionExpirationMs = config.sessionExpirationMs ?? 60 * 60 * 1e3;
     this.autoCreateSpace = config.autoCreateSpace ?? false;
     this.tinycloudHosts = config.tinycloudHosts ?? ["https://node.tinycloud.xyz"];
+    this.enablePublicSpace = config.enablePublicSpace ?? true;
     this.sessionManager = new import_node_sdk_wasm2.TCWSessionManager();
   }
   /**
@@ -17396,12 +17401,12 @@ var _NodeUserAuthorization = class _NodeUserAuthorization {
    * Create the space on the TinyCloud server (host delegation).
    * This registers the user as the owner of the space.
    */
-  async hostSpace() {
+  async hostSpace(targetSpaceId) {
     if (!this._tinyCloudSession || !this._address || !this._chainId) {
       throw new Error("Must be signed in to host space");
     }
     const host = this.tinycloudHosts[0];
-    const spaceId = this._tinyCloudSession.spaceId;
+    const spaceId = targetSpaceId ?? this._tinyCloudSession.spaceId;
     const peerId = await (0, import_sdk_core2.fetchPeerId)(host, spaceId);
     const siwe = (0, import_node_sdk_wasm2.generateHostSIWEMessage)({
       address: this._address,
@@ -17416,6 +17421,13 @@ var _NodeUserAuthorization = class _NodeUserAuthorization {
     const result = await (0, import_sdk_core2.submitHostDelegation)(host, headers);
     return result.success;
   }
+  /**
+   * Create a specific space on the server via host delegation.
+   * Used for lazy creation of additional spaces (e.g., public).
+   */
+  async hostPublicSpace(spaceId) {
+    return this.hostSpace(spaceId);
+  }
   /**
    * Ensure the user's space exists on the TinyCloud server.
    * Creates the space if it doesn't exist and autoCreateSpace is enabled.
@@ -17429,11 +17441,33 @@ var _NodeUserAuthorization = class _NodeUserAuthorization {
       throw new Error("Must be signed in to ensure space exists");
     }
     const host = this.tinycloudHosts[0];
+    const primarySpaceId = this._tinyCloudSession.spaceId;
     const result = await (0, import_sdk_core2.activateSessionWithHost)(
       host,
       this._tinyCloudSession.delegationHeader
     );
     if (result.success) {
+      const primarySkipped = result.skipped?.includes(primarySpaceId);
+      if (!primarySkipped) {
+        return;
+      }
+      if (!this.autoCreateSpace) {
+        return;
+      }
+      const created = await this.hostSpace();
+      if (!created) {
+        throw new Error(`Failed to create space: ${primarySpaceId}`);
+      }
+      await new Promise((resolve) => setTimeout(resolve, 100));
+      const retryResult = await (0, import_sdk_core2.activateSessionWithHost)(
+        host,
+        this._tinyCloudSession.delegationHeader
+      );
+      if (!retryResult.success) {
+        throw new Error(
+          `Failed to activate session after creating space: ${retryResult.error}`
+        );
+      }
       return;
     }
     if (result.status === 404) {
@@ -17442,9 +17476,7 @@ var _NodeUserAuthorization = class _NodeUserAuthorization {
       }
       const created = await this.hostSpace();
       if (!created) {
-        throw new Error(
-          `Failed to create space: ${this._tinyCloudSession.spaceId}`
-        );
+        throw new Error(`Failed to create space: ${primarySpaceId}`);
       }
       await new Promise((resolve) => setTimeout(resolve, 100));
       const retryResult = await (0, import_sdk_core2.activateSessionWithHost)(
@@ -17512,11 +17544,13 @@ var _NodeUserAuthorization = class _NodeUserAuthorization {
       siwe: prepared.siwe,
       signature: signature2
     };
+    const spacesMetadata = this.enablePublicSpace ? { public: (0, import_node_sdk_wasm2.makeSpaceId)(address, chainId, "public") } : void 0;
     const tinyCloudSession = {
       address,
       chainId,
       sessionKey: keyId,
       spaceId,
+      spaces: spacesMetadata,
       delegationCid: session.delegationCid,
       delegationHeader: session.delegationHeader,
       verificationMethod: this.sessionManager.getDID(keyId),
@@ -17534,6 +17568,7 @@ var _NodeUserAuthorization = class _NodeUserAuthorization {
         delegationHeader: session.delegationHeader,
         delegationCid: session.delegationCid,
         spaceId,
+        spaces: spacesMetadata,
         verificationMethod: this.sessionManager.getDID(keyId)
       },
       expiresAt: expirationTime.toISOString(),
@@ -17663,11 +17698,13 @@ var _NodeUserAuthorization = class _NodeUserAuthorization {
       siwe: prepared.siwe,
       signature: signature2
     };
+    const spacesMetadata = this.enablePublicSpace ? { public: (0, import_node_sdk_wasm2.makeSpaceId)(address, chainId, "public") } : void 0;
     const tinyCloudSession = {
       address,
       chainId,
       sessionKey: keyId,
       spaceId: prepared.spaceId,
+      spaces: spacesMetadata,
       delegationCid: session.delegationCid,
       delegationHeader: session.delegationHeader,
       verificationMethod: this.sessionManager.getDID(keyId),
@@ -17689,6 +17726,7 @@ var _NodeUserAuthorization = class _NodeUserAuthorization {
         delegationHeader: session.delegationHeader,
         delegationCid: session.delegationCid,
         spaceId: prepared.spaceId,
+        spaces: spacesMetadata,
         verificationMethod: this.sessionManager.getDID(keyId)
       },
       expiresAt,
@@ -18009,7 +18047,8 @@ var _TinyCloudNode = class _TinyCloudNode {
         spacePrefix: config.prefix,
         sessionExpirationMs: config.sessionExpirationMs ?? 60 * 60 * 1e3,
         tinycloudHosts: [host],
-        autoCreateSpace: config.autoCreateSpace
+        autoCreateSpace: config.autoCreateSpace,
+        enablePublicSpace: config.enablePublicSpace ?? true
       });
       this.tc = new import_sdk_core4.TinyCloud(this.auth);
     }
@@ -18083,6 +18122,46 @@ var _TinyCloudNode = class _TinyCloudNode {
     await this.tc.signIn();
     this.initializeServices();
   }
+  /**
+   * Restore a previously established session from stored delegation data.
+   *
+   * This is used by the CLI to restore a session that was created via the
+   * browser-based delegation flow (OpenKey `/delegate` page). Instead of
+   * signing in with a private key, it injects the delegation data directly.
+   *
+   * @param sessionData - The stored delegation data from the browser flow
+   */
+  async restoreSession(sessionData) {
+    this._kv = void 0;
+    this._sql = void 0;
+    this._serviceContext = void 0;
+    if (sessionData.address) {
+      this._address = sessionData.address;
+    }
+    if (sessionData.chainId) {
+      this._chainId = sessionData.chainId;
+    }
+    this._serviceContext = new import_sdk_core4.ServiceContext({
+      invoke: import_node_sdk_wasm4.invoke,
+      fetch: globalThis.fetch.bind(globalThis),
+      hosts: [this.config.host]
+    });
+    this._kv = new import_sdk_core4.KVService({});
+    this._kv.initialize(this._serviceContext);
+    this._serviceContext.registerService("kv", this._kv);
+    this._sql = new import_sdk_core4.SQLService({});
+    this._sql.initialize(this._serviceContext);
+    this._serviceContext.registerService("sql", this._sql);
+    const serviceSession = {
+      delegationHeader: sessionData.delegationHeader,
+      delegationCid: sessionData.delegationCid,
+      spaceId: sessionData.spaceId,
+      verificationMethod: sessionData.verificationMethod,
+      jwk: sessionData.jwk
+    };
+    this._serviceContext.setSession(serviceSession);
+    this.initializeV2Services(serviceSession);
+  }
   /**
    * Connect a wallet to upgrade from session-only mode to wallet mode.
    *
@@ -18124,7 +18203,8 @@ var _TinyCloudNode = class _TinyCloudNode {
       spacePrefix: prefix,
       sessionExpirationMs: this.config.sessionExpirationMs ?? 60 * 60 * 1e3,
       tinycloudHosts: [host],
-      autoCreateSpace: this.config.autoCreateSpace
+      autoCreateSpace: this.config.autoCreateSpace,
+      enablePublicSpace: this.config.enablePublicSpace ?? true
     });
     this.tc = new import_sdk_core4.TinyCloud(this.auth);
     this.config.prefix = prefix;
@@ -18138,6 +18218,7 @@ var _TinyCloudNode = class _TinyCloudNode {
     if (!session) {
       return;
     }
+    this.tc.initializeServices(import_node_sdk_wasm4.invoke, [this.config.host]);
     this._serviceContext = new import_sdk_core4.ServiceContext({
       invoke: import_node_sdk_wasm4.invoke,
       fetch: globalThis.fetch.bind(globalThis),
@@ -18157,6 +18238,43 @@ var _TinyCloudNode = class _TinyCloudNode {
       jwk: session.jwk
     };
     this._serviceContext.setSession(serviceSession);
+    this.tc.serviceContext.setSession(serviceSession);
+    const vaultCrypto = (0, import_sdk_core4.createVaultCrypto)({
+      vault_encrypt: import_node_sdk_wasm4.vault_encrypt,
+      vault_decrypt: import_node_sdk_wasm4.vault_decrypt,
+      vault_derive_key: import_node_sdk_wasm4.vault_derive_key,
+      vault_x25519_from_seed: import_node_sdk_wasm4.vault_x25519_from_seed,
+      vault_x25519_dh: import_node_sdk_wasm4.vault_x25519_dh,
+      vault_random_bytes: import_node_sdk_wasm4.vault_random_bytes,
+      vault_sha256: import_node_sdk_wasm4.vault_sha256
+    });
+    const self2 = this;
+    this._vault = new import_sdk_core4.DataVaultService({
+      spaceId: session.spaceId,
+      crypto: vaultCrypto,
+      tc: {
+        kv: this._kv,
+        ensurePublicSpace: async () => {
+          try {
+            await self2.ensurePublicSpace();
+            return { ok: true, data: void 0 };
+          } catch (error) {
+            return { ok: false, error: { code: "STORAGE_ERROR", message: error instanceof Error ? error.message : String(error), service: "vault" } };
+          }
+        },
+        get publicKV() {
+          return self2._publicKV ?? self2.tc.publicKV;
+        },
+        readPublicSpace: (host, spaceId, key2) => import_sdk_core4.TinyCloud.readPublicSpace(host, spaceId, key2),
+        makePublicSpaceId: import_sdk_core4.TinyCloud.makePublicSpaceId,
+        did: this.did,
+        address: this._address,
+        chainId: this._chainId,
+        hosts: [this.config.host]
+      }
+    });
+    this._vault.initialize(this._serviceContext);
+    this._serviceContext.registerService("vault", this._vault);
     this.initializeV2Services(serviceSession);
   }
   /**
@@ -18197,7 +18315,32 @@ var _TinyCloudNode = class _TinyCloudNode {
         isRevoked: false,
         allowSubDelegation: true
       };
-      this._capabilityRegistry.registerKey(sessionKey, [rootDelegation]);
+      const delegations = [rootDelegation];
+      if (tcSession.spaces) {
+        for (const [spaceName, spaceId] of Object.entries(tcSession.spaces)) {
+          delegations.push({
+            cid: tcSession.delegationCid,
+            delegateDID: tcSession.verificationMethod,
+            spaceId,
+            path: "",
+            actions: [
+              "tinycloud.kv/put",
+              "tinycloud.kv/get",
+              "tinycloud.kv/del",
+              "tinycloud.kv/list",
+              "tinycloud.kv/metadata",
+              "tinycloud.sql/read",
+              "tinycloud.sql/write",
+              "tinycloud.sql/admin",
+              "tinycloud.sql/*"
+            ],
+            expiry: this.getSessionExpiry(),
+            isRevoked: false,
+            allowSubDelegation: true
+          });
+        }
+      }
+      this._capabilityRegistry.registerKey(sessionKey, delegations);
     }
     this._delegationManager = new import_sdk_core4.DelegationManager({
       hosts: [this.config.host],
@@ -18215,7 +18358,16 @@ var _TinyCloudNode = class _TinyCloudNode {
       createKVService: (spaceId) => {
         const kvService = new import_sdk_core4.KVService({});
         if (this._serviceContext) {
-          kvService.initialize(this._serviceContext);
+          const spaceScopedContext = new import_sdk_core4.ServiceContext({
+            invoke: this._serviceContext.invoke,
+            fetch: this._serviceContext.fetch,
+            hosts: this._serviceContext.hosts
+          });
+          const session = this._serviceContext.session;
+          if (session) {
+            spaceScopedContext.setSession({ ...session, spaceId });
+          }
+          kvService.initialize(spaceScopedContext);
         }
         return kvService;
       },
@@ -18350,6 +18502,16 @@ var _TinyCloudNode = class _TinyCloudNode {
     }
     return this._sql;
   }
+  /**
+   * Data Vault operations - client-side encrypted KV storage.
+   * Call `vault.unlock(signer)` after signIn() to derive encryption keys.
+   */
+  get vault() {
+    if (!this._vault) {
+      throw new Error("Not signed in. Call signIn() first.");
+    }
+    return this._vault;
+  }
   // ===========================================================================
   // v2 Service Accessors
   // ===========================================================================
@@ -18523,21 +18685,99 @@ var _TinyCloudNode = class _TinyCloudNode {
   // Public Space Methods
   // ===========================================================================
   /**
-   * Ensure the user's public space exists.
-   * Creates it via spaces.create('public') if it doesn't.
-   * Requires the user to be signed in.
+   * Ensure the user's public space exists and is accessible.
+   * Creates the space and activates a session delegation for it.
+   * This is the trigger for lazy public space creation — call it
+   * before writing to spaces.get('public').kv.
    */
   async ensurePublicSpace() {
-    if (!this.tc) {
+    if (!this.auth || !this.session || !this.signer) {
       throw new Error("Not signed in. Call signIn() first.");
     }
-    return this.tc.ensurePublicSpace();
+    const publicSpaceId = this.session.spaces?.public;
+    if (!publicSpaceId) {
+      throw new Error("Public space not enabled. Set enablePublicSpace: true in config.");
+    }
+    await this.auth.hostPublicSpace(publicSpaceId);
+    const kvActions = [
+      "tinycloud.kv/put",
+      "tinycloud.kv/get",
+      "tinycloud.kv/del",
+      "tinycloud.kv/list",
+      "tinycloud.kv/metadata"
+    ];
+    const abilities = { kv: { "": kvActions } };
+    const now = /* @__PURE__ */ new Date();
+    const expiryMs = 60 * 60 * 1e3;
+    const expirationTime = new Date(now.getTime() + expiryMs);
+    const prepared = (0, import_node_sdk_wasm4.prepareSession)({
+      abilities,
+      address: (0, import_node_sdk_wasm4.ensureEip55)(this.session.address),
+      chainId: this.session.chainId,
+      domain: new URL(this.config.host).hostname,
+      issuedAt: now.toISOString(),
+      expirationTime: expirationTime.toISOString(),
+      spaceId: publicSpaceId,
+      jwk: this.session.jwk,
+      parents: [this.session.delegationCid]
+    });
+    const signature2 = await this.signer.signMessage(prepared.siwe);
+    const delegationSession = (0, import_node_sdk_wasm4.completeSessionSetup)({
+      ...prepared,
+      signature: signature2
+    });
+    const activateResult = await (0, import_sdk_core4.activateSessionWithHost)(
+      this.config.host,
+      delegationSession.delegationHeader
+    );
+    if (!activateResult.success) {
+      throw new Error(`Failed to activate public space delegation: ${activateResult.error}`);
+    }
+    if (this._capabilityRegistry && this.session) {
+      const sessionKey = {
+        id: this.session.sessionKey,
+        did: this.session.verificationMethod,
+        type: "session",
+        jwk: this.session.jwk,
+        priority: 0
+      };
+      this._capabilityRegistry.registerKey(sessionKey, [{
+        cid: delegationSession.delegationCid,
+        delegateDID: this.session.verificationMethod,
+        spaceId: publicSpaceId,
+        path: "",
+        actions: kvActions,
+        expiry: expirationTime,
+        isRevoked: false,
+        allowSubDelegation: true
+      }]);
+    }
+    if (this._serviceContext) {
+      const publicKV = new import_sdk_core4.KVService({ prefix: "" });
+      const publicContext = new import_sdk_core4.ServiceContext({
+        invoke: import_node_sdk_wasm4.invoke,
+        fetch: this._serviceContext.fetch,
+        hosts: this._serviceContext.hosts
+      });
+      publicContext.setSession({
+        delegationHeader: delegationSession.delegationHeader,
+        delegationCid: delegationSession.delegationCid,
+        spaceId: publicSpaceId,
+        verificationMethod: this.session.verificationMethod,
+        jwk: this.session.jwk
+      });
+      publicKV.initialize(publicContext);
+      this._publicKV = publicKV;
+    }
   }
   /**
    * Get a KVService scoped to the user's own public space.
    * Writes require authentication (owner/delegate).
    */
   get publicKV() {
+    if (this._publicKV) {
+      return this._publicKV;
+    }
     if (!this.tc) {
       throw new Error("Not signed in. Call signIn() first.");
     }
@@ -18635,7 +18875,7 @@ var _TinyCloudNode = class _TinyCloudNode {
       domain: new URL(this.config.host).hostname,
       issuedAt: now.toISOString(),
       expirationTime: expirationTime.toISOString(),
-      spaceId: session.spaceId,
+      spaceId: params.spaceIdOverride ?? session.spaceId,
       delegateUri: params.delegateDID,
       parents: [session.delegationCid]
     });
@@ -18654,7 +18894,7 @@ var _TinyCloudNode = class _TinyCloudNode {
     return {
       cid: delegationSession.delegationCid,
       delegationHeader: delegationSession.delegationHeader,
-      spaceId: session.spaceId,
+      spaceId: params.spaceIdOverride ?? session.spaceId,
       path: params.path,
       actions: params.actions,
       disableSubDelegation: params.disableSubDelegation ?? false,
@@ -18873,10 +19113,12 @@ var import_sdk_core9 = require("@tinycloud/sdk-core");
 var import_sdk_core10 = require("@tinycloud/sdk-core");
 var import_sdk_core11 = require("@tinycloud/sdk-core");
 var import_sdk_core12 = require("@tinycloud/sdk-core");
+var import_sdk_core13 = require("@tinycloud/sdk-core");
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   CapabilityKeyRegistry,
   CapabilityKeyRegistryErrorCodes,
+  DataVaultService,
   DatabaseHandle,
   DelegatedAccess,
   DelegationErrorCodes,
@@ -18897,6 +19139,8 @@ var import_sdk_core12 = require("@tinycloud/sdk-core");
   SpaceService,
   TinyCloud,
   TinyCloudNode,
+  VaultAction,
+  VaultHeaders,
   VersionCheckError,
   WasmKeyProvider,
   buildSpaceUri,
@@ -18904,6 +19148,7 @@ var import_sdk_core12 = require("@tinycloud/sdk-core");
   createCapabilityKeyRegistry,
   createSharingService,
   createSpaceService,
+  createVaultCrypto,
   createWasmKeyProvider,
   defaultSignStrategy,
   deserializeDelegation,