@tinycloud/node-sdk 2.0.4 → 2.1.0-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/core.cjs +428 -93
- package/dist/core.cjs.map +1 -1
- package/dist/core.d.cts +102 -3
- package/dist/core.d.ts +102 -3
- package/dist/core.js +363 -17
- package/dist/core.js.map +1 -1
- package/dist/index.cjs +435 -95
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +5 -3
- package/dist/index.d.ts +5 -3
- package/dist/index.js +380 -19
- package/dist/index.js.map +1 -1
- package/package.json +5 -4
package/dist/core.cjs
CHANGED
|
@@ -20,55 +20,64 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
|
|
|
20
20
|
// src/core.ts
|
|
21
21
|
var core_exports = {};
|
|
22
22
|
__export(core_exports, {
|
|
23
|
-
AutoApproveSpaceCreationHandler: () =>
|
|
24
|
-
CapabilityKeyRegistry: () =>
|
|
25
|
-
CapabilityKeyRegistryErrorCodes: () =>
|
|
26
|
-
DataVaultService: () =>
|
|
27
|
-
DatabaseHandle: () =>
|
|
23
|
+
AutoApproveSpaceCreationHandler: () => import_sdk_core7.AutoApproveSpaceCreationHandler,
|
|
24
|
+
CapabilityKeyRegistry: () => import_sdk_core14.CapabilityKeyRegistry,
|
|
25
|
+
CapabilityKeyRegistryErrorCodes: () => import_sdk_core14.CapabilityKeyRegistryErrorCodes,
|
|
26
|
+
DataVaultService: () => import_sdk_core12.DataVaultService,
|
|
27
|
+
DatabaseHandle: () => import_sdk_core10.DatabaseHandle,
|
|
28
28
|
DelegatedAccess: () => DelegatedAccess,
|
|
29
|
-
DelegationErrorCodes: () =>
|
|
30
|
-
DelegationManager: () =>
|
|
31
|
-
DuckDbAction: () =>
|
|
32
|
-
DuckDbDatabaseHandle: () =>
|
|
33
|
-
DuckDbService: () =>
|
|
29
|
+
DelegationErrorCodes: () => import_sdk_core13.DelegationErrorCodes,
|
|
30
|
+
DelegationManager: () => import_sdk_core13.DelegationManager,
|
|
31
|
+
DuckDbAction: () => import_sdk_core11.DuckDbAction,
|
|
32
|
+
DuckDbDatabaseHandle: () => import_sdk_core11.DuckDbDatabaseHandle,
|
|
33
|
+
DuckDbService: () => import_sdk_core11.DuckDbService,
|
|
34
34
|
FileSessionStorage: () => FileSessionStorage,
|
|
35
|
-
KVService: () =>
|
|
35
|
+
KVService: () => import_sdk_core9.KVService,
|
|
36
|
+
ManifestValidationError: () => import_sdk_core8.ManifestValidationError,
|
|
36
37
|
MemorySessionStorage: () => MemorySessionStorage,
|
|
37
38
|
NodeUserAuthorization: () => NodeUserAuthorization,
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
39
|
+
PermissionNotInManifestError: () => import_sdk_core8.PermissionNotInManifestError,
|
|
40
|
+
PrefixedKVService: () => import_sdk_core9.PrefixedKVService,
|
|
41
|
+
ProtocolMismatchError: () => import_sdk_core16.ProtocolMismatchError,
|
|
42
|
+
SQLAction: () => import_sdk_core10.SQLAction,
|
|
43
|
+
SQLService: () => import_sdk_core10.SQLService,
|
|
44
|
+
ServiceContext: () => import_sdk_core17.ServiceContext,
|
|
45
|
+
SessionExpiredError: () => import_sdk_core8.SessionExpiredError,
|
|
46
|
+
SharingService: () => import_sdk_core13.SharingService,
|
|
47
|
+
SilentNotificationHandler: () => import_sdk_core7.SilentNotificationHandler,
|
|
48
|
+
Space: () => import_sdk_core15.Space,
|
|
49
|
+
SpaceErrorCodes: () => import_sdk_core15.SpaceErrorCodes,
|
|
50
|
+
SpaceService: () => import_sdk_core15.SpaceService,
|
|
51
|
+
TinyCloud: () => import_sdk_core6.TinyCloud,
|
|
49
52
|
TinyCloudNode: () => TinyCloudNode,
|
|
50
|
-
UnsupportedFeatureError: () =>
|
|
51
|
-
VaultHeaders: () =>
|
|
52
|
-
VaultPublicSpaceKVActions: () =>
|
|
53
|
-
VersionCheckError: () =>
|
|
53
|
+
UnsupportedFeatureError: () => import_sdk_core16.UnsupportedFeatureError,
|
|
54
|
+
VaultHeaders: () => import_sdk_core12.VaultHeaders,
|
|
55
|
+
VaultPublicSpaceKVActions: () => import_sdk_core12.VaultPublicSpaceKVActions,
|
|
56
|
+
VersionCheckError: () => import_sdk_core16.VersionCheckError,
|
|
54
57
|
WasmKeyProvider: () => WasmKeyProvider,
|
|
55
|
-
buildSpaceUri: () =>
|
|
56
|
-
checkNodeInfo: () =>
|
|
57
|
-
createCapabilityKeyRegistry: () =>
|
|
58
|
-
createSharingService: () =>
|
|
59
|
-
createSpaceService: () =>
|
|
60
|
-
createVaultCrypto: () =>
|
|
58
|
+
buildSpaceUri: () => import_sdk_core15.buildSpaceUri,
|
|
59
|
+
checkNodeInfo: () => import_sdk_core16.checkNodeInfo,
|
|
60
|
+
createCapabilityKeyRegistry: () => import_sdk_core14.createCapabilityKeyRegistry,
|
|
61
|
+
createSharingService: () => import_sdk_core13.createSharingService,
|
|
62
|
+
createSpaceService: () => import_sdk_core15.createSpaceService,
|
|
63
|
+
createVaultCrypto: () => import_sdk_core12.createVaultCrypto,
|
|
61
64
|
createWasmKeyProvider: () => createWasmKeyProvider,
|
|
62
65
|
defaultSignStrategy: () => defaultSignStrategy,
|
|
63
|
-
defaultSpaceCreationHandler: () =>
|
|
66
|
+
defaultSpaceCreationHandler: () => import_sdk_core7.defaultSpaceCreationHandler,
|
|
64
67
|
deserializeDelegation: () => deserializeDelegation,
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
+
expandActionShortNames: () => import_sdk_core8.expandActionShortNames,
|
|
69
|
+
isCapabilitySubset: () => import_sdk_core8.isCapabilitySubset,
|
|
70
|
+
loadManifest: () => import_sdk_core8.loadManifest,
|
|
71
|
+
makePublicSpaceId: () => import_sdk_core15.makePublicSpaceId,
|
|
72
|
+
parseExpiry: () => import_sdk_core8.parseExpiry,
|
|
73
|
+
parseSpaceUri: () => import_sdk_core15.parseSpaceUri,
|
|
74
|
+
resolveManifest: () => import_sdk_core8.resolveManifest,
|
|
75
|
+
serializeDelegation: () => serializeDelegation,
|
|
76
|
+
validateManifest: () => import_sdk_core8.validateManifest
|
|
68
77
|
});
|
|
69
78
|
module.exports = __toCommonJS(core_exports);
|
|
70
|
-
var import_sdk_core5 = require("@tinycloud/sdk-core");
|
|
71
79
|
var import_sdk_core6 = require("@tinycloud/sdk-core");
|
|
80
|
+
var import_sdk_core7 = require("@tinycloud/sdk-core");
|
|
72
81
|
|
|
73
82
|
// src/storage/MemorySessionStorage.ts
|
|
74
83
|
var MemorySessionStorage = class {
|
|
@@ -311,12 +320,22 @@ var NodeUserAuthorization = class {
|
|
|
311
320
|
},
|
|
312
321
|
capabilities: {
|
|
313
322
|
"": ["tinycloud.capabilities/read"]
|
|
323
|
+
},
|
|
324
|
+
hooks: {
|
|
325
|
+
"": [
|
|
326
|
+
"tinycloud.hooks/subscribe",
|
|
327
|
+
"tinycloud.hooks/register",
|
|
328
|
+
"tinycloud.hooks/list",
|
|
329
|
+
"tinycloud.hooks/unregister"
|
|
330
|
+
]
|
|
314
331
|
}
|
|
315
332
|
};
|
|
316
333
|
this.sessionExpirationMs = config.sessionExpirationMs ?? 60 * 60 * 1e3;
|
|
317
334
|
this.autoCreateSpace = config.autoCreateSpace ?? false;
|
|
318
335
|
this.spaceCreationHandler = config.spaceCreationHandler;
|
|
319
|
-
this.tinycloudHosts = config.tinycloudHosts ?? [
|
|
336
|
+
this.tinycloudHosts = config.tinycloudHosts ?? [
|
|
337
|
+
"https://node.tinycloud.xyz"
|
|
338
|
+
];
|
|
320
339
|
this.enablePublicSpace = config.enablePublicSpace ?? true;
|
|
321
340
|
this.nonce = config.nonce;
|
|
322
341
|
this.siweConfig = config.siweConfig;
|
|
@@ -456,7 +475,10 @@ var NodeUserAuthorization = class {
|
|
|
456
475
|
throw err;
|
|
457
476
|
}
|
|
458
477
|
} catch (error) {
|
|
459
|
-
handler.onSpaceCreationFailed?.(
|
|
478
|
+
handler.onSpaceCreationFailed?.(
|
|
479
|
+
creationContext,
|
|
480
|
+
error instanceof Error ? error : new Error(String(error))
|
|
481
|
+
);
|
|
460
482
|
throw error;
|
|
461
483
|
}
|
|
462
484
|
await new Promise((resolve) => setTimeout(resolve, 100));
|
|
@@ -490,7 +512,10 @@ var NodeUserAuthorization = class {
|
|
|
490
512
|
throw err;
|
|
491
513
|
}
|
|
492
514
|
} catch (error) {
|
|
493
|
-
handler.onSpaceCreationFailed?.(
|
|
515
|
+
handler.onSpaceCreationFailed?.(
|
|
516
|
+
creationContext,
|
|
517
|
+
error instanceof Error ? error : new Error(String(error))
|
|
518
|
+
);
|
|
494
519
|
throw error;
|
|
495
520
|
}
|
|
496
521
|
await new Promise((resolve) => setTimeout(resolve, 100));
|
|
@@ -599,7 +624,10 @@ var NodeUserAuthorization = class {
|
|
|
599
624
|
this._tinyCloudSession = tinyCloudSession;
|
|
600
625
|
this._address = address;
|
|
601
626
|
this._chainId = chainId;
|
|
602
|
-
const nodeInfo = await (0, import_sdk_core2.checkNodeInfo)(
|
|
627
|
+
const nodeInfo = await (0, import_sdk_core2.checkNodeInfo)(
|
|
628
|
+
this.tinycloudHosts[0],
|
|
629
|
+
this.wasm.protocolVersion()
|
|
630
|
+
);
|
|
603
631
|
this._nodeFeatures = nodeInfo.features;
|
|
604
632
|
for (const ext of this.extensions) {
|
|
605
633
|
if (ext.afterSignIn) {
|
|
@@ -759,7 +787,10 @@ var NodeUserAuthorization = class {
|
|
|
759
787
|
this._tinyCloudSession = tinyCloudSession;
|
|
760
788
|
this._address = address;
|
|
761
789
|
this._chainId = chainId;
|
|
762
|
-
const nodeInfo = await (0, import_sdk_core2.checkNodeInfo)(
|
|
790
|
+
const nodeInfo = await (0, import_sdk_core2.checkNodeInfo)(
|
|
791
|
+
this.tinycloudHosts[0],
|
|
792
|
+
this.wasm.protocolVersion()
|
|
793
|
+
);
|
|
763
794
|
this._nodeFeatures = nodeInfo.features;
|
|
764
795
|
for (const ext of this.extensions) {
|
|
765
796
|
if (ext.afterSignIn) {
|
|
@@ -810,7 +841,9 @@ var NodeUserAuthorization = class {
|
|
|
810
841
|
);
|
|
811
842
|
}
|
|
812
843
|
default:
|
|
813
|
-
throw new Error(
|
|
844
|
+
throw new Error(
|
|
845
|
+
`Unknown sign strategy: ${this.signStrategy.type}`
|
|
846
|
+
);
|
|
814
847
|
}
|
|
815
848
|
}
|
|
816
849
|
/**
|
|
@@ -838,7 +871,7 @@ var NodeUserAuthorization = class {
|
|
|
838
871
|
};
|
|
839
872
|
|
|
840
873
|
// src/TinyCloudNode.ts
|
|
841
|
-
var
|
|
874
|
+
var import_sdk_core5 = require("@tinycloud/sdk-core");
|
|
842
875
|
|
|
843
876
|
// src/DelegatedAccess.ts
|
|
844
877
|
var import_sdk_core3 = require("@tinycloud/sdk-core");
|
|
@@ -862,6 +895,9 @@ var DelegatedAccess = class {
|
|
|
862
895
|
this._duckdb = new import_sdk_core3.DuckDbService({});
|
|
863
896
|
this._duckdb.initialize(this._serviceContext);
|
|
864
897
|
this._serviceContext.registerService("duckdb", this._duckdb);
|
|
898
|
+
this._hooks = new import_sdk_core3.HooksService({});
|
|
899
|
+
this._hooks.initialize(this._serviceContext);
|
|
900
|
+
this._serviceContext.registerService("hooks", this._hooks);
|
|
865
901
|
const serviceSession = {
|
|
866
902
|
delegationHeader: session.delegationHeader,
|
|
867
903
|
delegationCid: session.delegationCid,
|
|
@@ -907,6 +943,12 @@ var DelegatedAccess = class {
|
|
|
907
943
|
get duckdb() {
|
|
908
944
|
return this._duckdb;
|
|
909
945
|
}
|
|
946
|
+
/**
|
|
947
|
+
* Hooks write-stream subscriptions on the delegated space.
|
|
948
|
+
*/
|
|
949
|
+
get hooks() {
|
|
950
|
+
return this._hooks;
|
|
951
|
+
}
|
|
910
952
|
};
|
|
911
953
|
|
|
912
954
|
// src/keys/WasmKeyProvider.ts
|
|
@@ -984,9 +1026,69 @@ function createWasmKeyProvider(sessionManager) {
|
|
|
984
1026
|
return new WasmKeyProvider({ sessionManager });
|
|
985
1027
|
}
|
|
986
1028
|
|
|
1029
|
+
// src/delegateToHelpers.ts
|
|
1030
|
+
var import_sdk_core4 = require("@tinycloud/sdk-core");
|
|
1031
|
+
function legacyParamsToPermissionEntries(actions, path, spaceIdOverride) {
|
|
1032
|
+
const byService = /* @__PURE__ */ new Map();
|
|
1033
|
+
for (const a of actions) {
|
|
1034
|
+
const slashIdx = a.indexOf("/");
|
|
1035
|
+
if (slashIdx === -1) {
|
|
1036
|
+
continue;
|
|
1037
|
+
}
|
|
1038
|
+
const service = a.slice(0, slashIdx);
|
|
1039
|
+
if (!service.startsWith("tinycloud.")) {
|
|
1040
|
+
continue;
|
|
1041
|
+
}
|
|
1042
|
+
const list = byService.get(service);
|
|
1043
|
+
if (list === void 0) {
|
|
1044
|
+
byService.set(service, [a]);
|
|
1045
|
+
} else {
|
|
1046
|
+
list.push(a);
|
|
1047
|
+
}
|
|
1048
|
+
}
|
|
1049
|
+
const space = spaceIdOverride ?? "default";
|
|
1050
|
+
const entries = [];
|
|
1051
|
+
for (const [service, actionList] of byService) {
|
|
1052
|
+
entries.push({
|
|
1053
|
+
service,
|
|
1054
|
+
space,
|
|
1055
|
+
path,
|
|
1056
|
+
actions: actionList
|
|
1057
|
+
});
|
|
1058
|
+
}
|
|
1059
|
+
return entries;
|
|
1060
|
+
}
|
|
1061
|
+
function resolveExpiryMs(expiry) {
|
|
1062
|
+
if (expiry === void 0) {
|
|
1063
|
+
return 60 * 60 * 1e3;
|
|
1064
|
+
}
|
|
1065
|
+
if (typeof expiry === "number") {
|
|
1066
|
+
if (!Number.isFinite(expiry) || expiry <= 0) {
|
|
1067
|
+
throw new Error(
|
|
1068
|
+
`delegateTo expiry must be a positive finite number (got ${expiry})`
|
|
1069
|
+
);
|
|
1070
|
+
}
|
|
1071
|
+
return expiry;
|
|
1072
|
+
}
|
|
1073
|
+
return (0, import_sdk_core4.parseExpiry)(expiry);
|
|
1074
|
+
}
|
|
1075
|
+
function extractSiweExpiration(siwe) {
|
|
1076
|
+
const parsed = new import_sdk_core4.SiweMessage(siwe);
|
|
1077
|
+
if (parsed.expirationTime === void 0 || parsed.expirationTime === null) {
|
|
1078
|
+
return void 0;
|
|
1079
|
+
}
|
|
1080
|
+
const d = new Date(parsed.expirationTime);
|
|
1081
|
+
if (Number.isNaN(d.getTime())) {
|
|
1082
|
+
throw new Error(
|
|
1083
|
+
`Session SIWE has unparseable expirationTime: ${parsed.expirationTime}`
|
|
1084
|
+
);
|
|
1085
|
+
}
|
|
1086
|
+
return d;
|
|
1087
|
+
}
|
|
1088
|
+
|
|
987
1089
|
// src/TinyCloudNode.ts
|
|
988
1090
|
var DEFAULT_HOST = "https://node.tinycloud.xyz";
|
|
989
|
-
var
|
|
1091
|
+
var _TinyCloudNode = class _TinyCloudNode {
|
|
990
1092
|
/**
|
|
991
1093
|
* Create a new TinyCloudNode instance.
|
|
992
1094
|
*
|
|
@@ -1041,12 +1143,12 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
1041
1143
|
throw new Error("Failed to get session key JWK");
|
|
1042
1144
|
}
|
|
1043
1145
|
this.sessionKeyJwk = JSON.parse(jwkStr);
|
|
1044
|
-
this._capabilityRegistry = new
|
|
1146
|
+
this._capabilityRegistry = new import_sdk_core5.CapabilityKeyRegistry();
|
|
1045
1147
|
this._keyProvider = new WasmKeyProvider({
|
|
1046
1148
|
sessionManager: this.sessionManager
|
|
1047
1149
|
});
|
|
1048
|
-
this.notificationHandler = config.notificationHandler ?? new
|
|
1049
|
-
this._sharingService = new
|
|
1150
|
+
this.notificationHandler = config.notificationHandler ?? new import_sdk_core5.SilentNotificationHandler();
|
|
1151
|
+
this._sharingService = new import_sdk_core5.SharingService({
|
|
1050
1152
|
hosts: [this.config.host],
|
|
1051
1153
|
// session: undefined - not needed for receive()
|
|
1052
1154
|
invoke: this.wasmBindings.invoke,
|
|
@@ -1056,8 +1158,8 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
1056
1158
|
// delegationManager: undefined - not needed for receive()
|
|
1057
1159
|
createKVService: (config2) => {
|
|
1058
1160
|
const prefix = config2.pathPrefix?.replace(/\/$/, "");
|
|
1059
|
-
const kvService = new
|
|
1060
|
-
const kvContext = new
|
|
1161
|
+
const kvService = new import_sdk_core5.KVService({ prefix });
|
|
1162
|
+
const kvContext = new import_sdk_core5.ServiceContext({
|
|
1061
1163
|
invoke: config2.invoke,
|
|
1062
1164
|
fetch: config2.fetch ?? globalThis.fetch.bind(globalThis),
|
|
1063
1165
|
hosts: config2.hosts
|
|
@@ -1112,7 +1214,9 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
1112
1214
|
nonce: config.nonce,
|
|
1113
1215
|
siweConfig: config.siweConfig
|
|
1114
1216
|
});
|
|
1115
|
-
this.tc = new
|
|
1217
|
+
this.tc = new import_sdk_core5.TinyCloud(this.auth, {
|
|
1218
|
+
invokeAny: this.wasmBindings.invokeAny
|
|
1219
|
+
});
|
|
1116
1220
|
}
|
|
1117
1221
|
/**
|
|
1118
1222
|
* Get the primary identity DID for this user.
|
|
@@ -1181,6 +1285,7 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
1181
1285
|
this._kv = void 0;
|
|
1182
1286
|
this._sql = void 0;
|
|
1183
1287
|
this._duckdb = void 0;
|
|
1288
|
+
this._hooks = void 0;
|
|
1184
1289
|
this._serviceContext = void 0;
|
|
1185
1290
|
await this.tc.signIn();
|
|
1186
1291
|
this.initializeServices();
|
|
@@ -1200,6 +1305,7 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
1200
1305
|
this._kv = void 0;
|
|
1201
1306
|
this._sql = void 0;
|
|
1202
1307
|
this._duckdb = void 0;
|
|
1308
|
+
this._hooks = void 0;
|
|
1203
1309
|
this._serviceContext = void 0;
|
|
1204
1310
|
if (sessionData.address) {
|
|
1205
1311
|
this._address = sessionData.address;
|
|
@@ -1207,20 +1313,24 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
1207
1313
|
if (sessionData.chainId) {
|
|
1208
1314
|
this._chainId = sessionData.chainId;
|
|
1209
1315
|
}
|
|
1210
|
-
this._serviceContext = new
|
|
1316
|
+
this._serviceContext = new import_sdk_core5.ServiceContext({
|
|
1211
1317
|
invoke: this.wasmBindings.invoke,
|
|
1318
|
+
invokeAny: this.wasmBindings.invokeAny,
|
|
1212
1319
|
fetch: globalThis.fetch.bind(globalThis),
|
|
1213
1320
|
hosts: [this.config.host]
|
|
1214
1321
|
});
|
|
1215
|
-
this._kv = new
|
|
1322
|
+
this._kv = new import_sdk_core5.KVService({});
|
|
1216
1323
|
this._kv.initialize(this._serviceContext);
|
|
1217
1324
|
this._serviceContext.registerService("kv", this._kv);
|
|
1218
|
-
this._sql = new
|
|
1325
|
+
this._sql = new import_sdk_core5.SQLService({});
|
|
1219
1326
|
this._sql.initialize(this._serviceContext);
|
|
1220
1327
|
this._serviceContext.registerService("sql", this._sql);
|
|
1221
|
-
this._duckdb = new
|
|
1328
|
+
this._duckdb = new import_sdk_core5.DuckDbService({});
|
|
1222
1329
|
this._duckdb.initialize(this._serviceContext);
|
|
1223
1330
|
this._serviceContext.registerService("duckdb", this._duckdb);
|
|
1331
|
+
this._hooks = new import_sdk_core5.HooksService({});
|
|
1332
|
+
this._hooks.initialize(this._serviceContext);
|
|
1333
|
+
this._serviceContext.registerService("hooks", this._hooks);
|
|
1224
1334
|
const serviceSession = {
|
|
1225
1335
|
delegationHeader: sessionData.delegationHeader,
|
|
1226
1336
|
delegationCid: sessionData.delegationCid,
|
|
@@ -1230,7 +1340,7 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
1230
1340
|
};
|
|
1231
1341
|
this._serviceContext.setSession(serviceSession);
|
|
1232
1342
|
const wasm = this.wasmBindings;
|
|
1233
|
-
const vaultCrypto = (0,
|
|
1343
|
+
const vaultCrypto = (0, import_sdk_core5.createVaultCrypto)({
|
|
1234
1344
|
vault_encrypt: wasm.vault_encrypt,
|
|
1235
1345
|
vault_decrypt: wasm.vault_decrypt,
|
|
1236
1346
|
vault_derive_key: wasm.vault_derive_key,
|
|
@@ -1240,7 +1350,7 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
1240
1350
|
vault_sha256: wasm.vault_sha256
|
|
1241
1351
|
});
|
|
1242
1352
|
const self = this;
|
|
1243
|
-
this._vault = new
|
|
1353
|
+
this._vault = new import_sdk_core5.DataVaultService({
|
|
1244
1354
|
spaceId: sessionData.spaceId,
|
|
1245
1355
|
crypto: vaultCrypto,
|
|
1246
1356
|
tc: {
|
|
@@ -1256,8 +1366,8 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
1256
1366
|
get publicKV() {
|
|
1257
1367
|
return self._publicKV ?? self.tc.publicKV;
|
|
1258
1368
|
},
|
|
1259
|
-
readPublicSpace: (host, spaceId, key) =>
|
|
1260
|
-
makePublicSpaceId:
|
|
1369
|
+
readPublicSpace: (host, spaceId, key) => import_sdk_core5.TinyCloud.readPublicSpace(host, spaceId, key),
|
|
1370
|
+
makePublicSpaceId: import_sdk_core5.TinyCloud.makePublicSpaceId,
|
|
1261
1371
|
did: this.did,
|
|
1262
1372
|
address: sessionData.address ?? this._address ?? "",
|
|
1263
1373
|
chainId: sessionData.chainId ?? this._chainId,
|
|
@@ -1320,7 +1430,9 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
1320
1430
|
nonce: this.config.nonce,
|
|
1321
1431
|
siweConfig: this.config.siweConfig
|
|
1322
1432
|
});
|
|
1323
|
-
this.tc = new
|
|
1433
|
+
this.tc = new import_sdk_core5.TinyCloud(this.auth, {
|
|
1434
|
+
invokeAny: this.wasmBindings.invokeAny
|
|
1435
|
+
});
|
|
1324
1436
|
this.config.prefix = prefix;
|
|
1325
1437
|
}
|
|
1326
1438
|
/**
|
|
@@ -1358,7 +1470,9 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
1358
1470
|
nonce: this.config.nonce,
|
|
1359
1471
|
siweConfig: this.config.siweConfig
|
|
1360
1472
|
});
|
|
1361
|
-
this.tc = new
|
|
1473
|
+
this.tc = new import_sdk_core5.TinyCloud(this.auth, {
|
|
1474
|
+
invokeAny: this.wasmBindings.invokeAny
|
|
1475
|
+
});
|
|
1362
1476
|
this.config.prefix = prefix;
|
|
1363
1477
|
}
|
|
1364
1478
|
/**
|
|
@@ -1371,25 +1485,29 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
1371
1485
|
return;
|
|
1372
1486
|
}
|
|
1373
1487
|
this.tc.initializeServices(this.wasmBindings.invoke, [this.config.host]);
|
|
1374
|
-
this._serviceContext = new
|
|
1488
|
+
this._serviceContext = new import_sdk_core5.ServiceContext({
|
|
1375
1489
|
invoke: this.wasmBindings.invoke,
|
|
1490
|
+
invokeAny: this.wasmBindings.invokeAny,
|
|
1376
1491
|
fetch: globalThis.fetch.bind(globalThis),
|
|
1377
1492
|
hosts: [this.config.host]
|
|
1378
1493
|
});
|
|
1379
|
-
this._kv = new
|
|
1494
|
+
this._kv = new import_sdk_core5.KVService({});
|
|
1380
1495
|
this._kv.initialize(this._serviceContext);
|
|
1381
1496
|
this._serviceContext.registerService("kv", this._kv);
|
|
1382
1497
|
const features = this.nodeFeatures;
|
|
1383
1498
|
if (features.length === 0 || features.includes("sql")) {
|
|
1384
|
-
this._sql = new
|
|
1499
|
+
this._sql = new import_sdk_core5.SQLService({});
|
|
1385
1500
|
this._sql.initialize(this._serviceContext);
|
|
1386
1501
|
this._serviceContext.registerService("sql", this._sql);
|
|
1387
1502
|
}
|
|
1388
1503
|
if (features.length === 0 || features.includes("duckdb")) {
|
|
1389
|
-
this._duckdb = new
|
|
1504
|
+
this._duckdb = new import_sdk_core5.DuckDbService({});
|
|
1390
1505
|
this._duckdb.initialize(this._serviceContext);
|
|
1391
1506
|
this._serviceContext.registerService("duckdb", this._duckdb);
|
|
1392
1507
|
}
|
|
1508
|
+
this._hooks = new import_sdk_core5.HooksService({});
|
|
1509
|
+
this._hooks.initialize(this._serviceContext);
|
|
1510
|
+
this._serviceContext.registerService("hooks", this._hooks);
|
|
1393
1511
|
const serviceSession = {
|
|
1394
1512
|
delegationHeader: session.delegationHeader,
|
|
1395
1513
|
delegationCid: session.delegationCid,
|
|
@@ -1400,7 +1518,7 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
1400
1518
|
this._serviceContext.setSession(serviceSession);
|
|
1401
1519
|
this.tc.serviceContext.setSession(serviceSession);
|
|
1402
1520
|
const wasm = this.wasmBindings;
|
|
1403
|
-
const vaultCrypto = (0,
|
|
1521
|
+
const vaultCrypto = (0, import_sdk_core5.createVaultCrypto)({
|
|
1404
1522
|
vault_encrypt: wasm.vault_encrypt,
|
|
1405
1523
|
vault_decrypt: wasm.vault_decrypt,
|
|
1406
1524
|
vault_derive_key: wasm.vault_derive_key,
|
|
@@ -1410,7 +1528,7 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
1410
1528
|
vault_sha256: wasm.vault_sha256
|
|
1411
1529
|
});
|
|
1412
1530
|
const self = this;
|
|
1413
|
-
this._vault = new
|
|
1531
|
+
this._vault = new import_sdk_core5.DataVaultService({
|
|
1414
1532
|
spaceId: session.spaceId,
|
|
1415
1533
|
crypto: vaultCrypto,
|
|
1416
1534
|
tc: {
|
|
@@ -1426,8 +1544,8 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
1426
1544
|
get publicKV() {
|
|
1427
1545
|
return self._publicKV ?? self.tc.publicKV;
|
|
1428
1546
|
},
|
|
1429
|
-
readPublicSpace: (host, spaceId, key) =>
|
|
1430
|
-
makePublicSpaceId:
|
|
1547
|
+
readPublicSpace: (host, spaceId, key) => import_sdk_core5.TinyCloud.readPublicSpace(host, spaceId, key),
|
|
1548
|
+
makePublicSpaceId: import_sdk_core5.TinyCloud.makePublicSpaceId,
|
|
1431
1549
|
did: this.did,
|
|
1432
1550
|
address: this._address,
|
|
1433
1551
|
chainId: this._chainId,
|
|
@@ -1443,7 +1561,7 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
1443
1561
|
* @internal
|
|
1444
1562
|
*/
|
|
1445
1563
|
initializeV2Services(serviceSession) {
|
|
1446
|
-
this._capabilityRegistry = new
|
|
1564
|
+
this._capabilityRegistry = new import_sdk_core5.CapabilityKeyRegistry();
|
|
1447
1565
|
const tcSession = this.auth?.tinyCloudSession;
|
|
1448
1566
|
if (tcSession && this._address) {
|
|
1449
1567
|
const sessionKey = {
|
|
@@ -1517,13 +1635,13 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
1517
1635
|
}
|
|
1518
1636
|
this._capabilityRegistry.registerKey(sessionKey, delegations);
|
|
1519
1637
|
}
|
|
1520
|
-
this._delegationManager = new
|
|
1638
|
+
this._delegationManager = new import_sdk_core5.DelegationManager({
|
|
1521
1639
|
hosts: [this.config.host],
|
|
1522
1640
|
session: serviceSession,
|
|
1523
1641
|
invoke: this.wasmBindings.invoke,
|
|
1524
1642
|
fetch: globalThis.fetch.bind(globalThis)
|
|
1525
1643
|
});
|
|
1526
|
-
this._spaceService = new
|
|
1644
|
+
this._spaceService = new import_sdk_core5.SpaceService({
|
|
1527
1645
|
hosts: [this.config.host],
|
|
1528
1646
|
session: serviceSession,
|
|
1529
1647
|
invoke: this.wasmBindings.invoke,
|
|
@@ -1531,9 +1649,9 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
1531
1649
|
capabilityRegistry: this._capabilityRegistry,
|
|
1532
1650
|
userDid: this.did,
|
|
1533
1651
|
createKVService: (spaceId) => {
|
|
1534
|
-
const kvService = new
|
|
1652
|
+
const kvService = new import_sdk_core5.KVService({});
|
|
1535
1653
|
if (this._serviceContext) {
|
|
1536
|
-
const spaceScopedContext = new
|
|
1654
|
+
const spaceScopedContext = new import_sdk_core5.ServiceContext({
|
|
1537
1655
|
invoke: this._serviceContext.invoke,
|
|
1538
1656
|
fetch: this._serviceContext.fetch,
|
|
1539
1657
|
hosts: this._serviceContext.hosts
|
|
@@ -1672,7 +1790,7 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
1672
1790
|
...prepared,
|
|
1673
1791
|
signature
|
|
1674
1792
|
});
|
|
1675
|
-
const activateResult = await (0,
|
|
1793
|
+
const activateResult = await (0, import_sdk_core5.activateSessionWithHost)(
|
|
1676
1794
|
host,
|
|
1677
1795
|
delegationSession.delegationHeader
|
|
1678
1796
|
);
|
|
@@ -1739,7 +1857,7 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
1739
1857
|
if (!this._sql) {
|
|
1740
1858
|
const features = this.nodeFeatures;
|
|
1741
1859
|
if (features.length > 0 && !features.includes("sql")) {
|
|
1742
|
-
throw new
|
|
1860
|
+
throw new import_sdk_core5.UnsupportedFeatureError("sql", this.config.host, features);
|
|
1743
1861
|
}
|
|
1744
1862
|
throw new Error("Not signed in. Call signIn() first.");
|
|
1745
1863
|
}
|
|
@@ -1752,7 +1870,7 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
1752
1870
|
if (!this._duckdb) {
|
|
1753
1871
|
const features = this.nodeFeatures;
|
|
1754
1872
|
if (features.length > 0 && !features.includes("duckdb")) {
|
|
1755
|
-
throw new
|
|
1873
|
+
throw new import_sdk_core5.UnsupportedFeatureError("duckdb", this.config.host, features);
|
|
1756
1874
|
}
|
|
1757
1875
|
throw new Error("Not signed in. Call signIn() first.");
|
|
1758
1876
|
}
|
|
@@ -1768,6 +1886,15 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
1768
1886
|
}
|
|
1769
1887
|
return this._vault;
|
|
1770
1888
|
}
|
|
1889
|
+
/**
|
|
1890
|
+
* Hooks write stream subscription API.
|
|
1891
|
+
*/
|
|
1892
|
+
get hooks() {
|
|
1893
|
+
if (!this._hooks) {
|
|
1894
|
+
throw new Error("Not signed in. Call signIn() first.");
|
|
1895
|
+
}
|
|
1896
|
+
return this._hooks;
|
|
1897
|
+
}
|
|
1771
1898
|
// ===========================================================================
|
|
1772
1899
|
// v2 Service Accessors
|
|
1773
1900
|
// ===========================================================================
|
|
@@ -1982,7 +2109,7 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
1982
2109
|
...prepared,
|
|
1983
2110
|
signature
|
|
1984
2111
|
});
|
|
1985
|
-
const activateResult = await (0,
|
|
2112
|
+
const activateResult = await (0, import_sdk_core5.activateSessionWithHost)(
|
|
1986
2113
|
this.config.host,
|
|
1987
2114
|
delegationSession.delegationHeader
|
|
1988
2115
|
);
|
|
@@ -2009,8 +2136,8 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
2009
2136
|
}]);
|
|
2010
2137
|
}
|
|
2011
2138
|
if (this._serviceContext) {
|
|
2012
|
-
const publicKV = new
|
|
2013
|
-
const publicContext = new
|
|
2139
|
+
const publicKV = new import_sdk_core5.KVService({ prefix: "" });
|
|
2140
|
+
const publicContext = new import_sdk_core5.ServiceContext({
|
|
2014
2141
|
invoke: this.wasmBindings.invoke,
|
|
2015
2142
|
fetch: this._serviceContext.fetch,
|
|
2016
2143
|
hosts: this._serviceContext.hosts
|
|
@@ -2095,6 +2222,150 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
2095
2222
|
async checkPermission(path, action) {
|
|
2096
2223
|
return this.delegationManager.checkPermission(path, action);
|
|
2097
2224
|
}
|
|
2225
|
+
/**
|
|
2226
|
+
* Issue a delegation using the capability-chain flow.
|
|
2227
|
+
*
|
|
2228
|
+
* When the requested permissions are a subset of the current session's
|
|
2229
|
+
* recap, the delegation is signed by the session key via WASM — no wallet
|
|
2230
|
+
* prompt. When they are not, a {@link PermissionNotInManifestError} is
|
|
2231
|
+
* raised so the caller can trigger an escalation flow (e.g.
|
|
2232
|
+
* `TinyCloudWeb.requestPermissions`). Passing `forceWalletSign: true`
|
|
2233
|
+
* bypasses the derivability check and always uses the wallet-signed SIWE
|
|
2234
|
+
* path — used by the legacy `createDelegation` fallback and by callers
|
|
2235
|
+
* that want explicit wallet confirmation.
|
|
2236
|
+
*
|
|
2237
|
+
* Current limitation: exactly one {@link PermissionEntry} per call. For
|
|
2238
|
+
* multi-resource delegation, call `delegateTo` multiple times. This keeps
|
|
2239
|
+
* each delegation a single `(spaceId, path)` grant, which matches the
|
|
2240
|
+
* underlying `PortableDelegation` shape.
|
|
2241
|
+
*
|
|
2242
|
+
* @throws {@link SessionExpiredError} when there is no session or the
|
|
2243
|
+
* current session has expired (or will within the 60s safety margin).
|
|
2244
|
+
* @throws {@link PermissionNotInManifestError} when the requested entries
|
|
2245
|
+
* are not a subset of the granted session capabilities and
|
|
2246
|
+
* `forceWalletSign` is not set.
|
|
2247
|
+
*/
|
|
2248
|
+
async delegateTo(did, permissions, options) {
|
|
2249
|
+
const session = this.auth?.tinyCloudSession;
|
|
2250
|
+
if (!session) {
|
|
2251
|
+
throw new import_sdk_core5.SessionExpiredError(/* @__PURE__ */ new Date(0));
|
|
2252
|
+
}
|
|
2253
|
+
const sessionExpiry = extractSiweExpiration(session.siwe);
|
|
2254
|
+
if (sessionExpiry !== void 0) {
|
|
2255
|
+
const now2 = Date.now();
|
|
2256
|
+
const marginMs = _TinyCloudNode.SESSION_EXPIRY_SAFETY_MARGIN_MS;
|
|
2257
|
+
if (sessionExpiry.getTime() <= now2 + marginMs) {
|
|
2258
|
+
throw new import_sdk_core5.SessionExpiredError(sessionExpiry);
|
|
2259
|
+
}
|
|
2260
|
+
}
|
|
2261
|
+
if (!Array.isArray(permissions) || permissions.length === 0) {
|
|
2262
|
+
throw new Error(
|
|
2263
|
+
"delegateTo requires a non-empty permissions array"
|
|
2264
|
+
);
|
|
2265
|
+
}
|
|
2266
|
+
if (permissions.length > 1) {
|
|
2267
|
+
throw new Error(
|
|
2268
|
+
"delegateTo currently supports one permission entry per call. Call delegateTo multiple times for multi-resource delegation."
|
|
2269
|
+
);
|
|
2270
|
+
}
|
|
2271
|
+
const entry = permissions[0];
|
|
2272
|
+
const expandedEntry = {
|
|
2273
|
+
...entry,
|
|
2274
|
+
actions: (0, import_sdk_core5.expandActionShortNames)(entry.service, entry.actions)
|
|
2275
|
+
};
|
|
2276
|
+
const now = /* @__PURE__ */ new Date();
|
|
2277
|
+
const expiryMs = resolveExpiryMs(options?.expiry);
|
|
2278
|
+
const expirationTime = new Date(now.getTime() + expiryMs);
|
|
2279
|
+
let effectiveExpiration = expirationTime;
|
|
2280
|
+
if (sessionExpiry !== void 0 && sessionExpiry < expirationTime) {
|
|
2281
|
+
effectiveExpiration = sessionExpiry;
|
|
2282
|
+
}
|
|
2283
|
+
if (options?.forceWalletSign) {
|
|
2284
|
+
const delegation2 = await this.createDelegationLegacyWalletPath(
|
|
2285
|
+
did,
|
|
2286
|
+
expandedEntry,
|
|
2287
|
+
effectiveExpiration
|
|
2288
|
+
);
|
|
2289
|
+
return { delegation: delegation2, prompted: true };
|
|
2290
|
+
}
|
|
2291
|
+
const granted = (0, import_sdk_core5.parseRecapCapabilities)(
|
|
2292
|
+
(siwe) => this.wasmBindings.parseRecapFromSiwe(siwe),
|
|
2293
|
+
session.siwe
|
|
2294
|
+
);
|
|
2295
|
+
const requested = [expandedEntry];
|
|
2296
|
+
const { subset, missing } = (0, import_sdk_core5.isCapabilitySubset)(requested, granted);
|
|
2297
|
+
if (!subset) {
|
|
2298
|
+
throw new import_sdk_core5.PermissionNotInManifestError(missing, granted);
|
|
2299
|
+
}
|
|
2300
|
+
const delegation = await this.createDelegationViaWasmPath(
|
|
2301
|
+
did,
|
|
2302
|
+
expandedEntry,
|
|
2303
|
+
effectiveExpiration,
|
|
2304
|
+
session
|
|
2305
|
+
);
|
|
2306
|
+
return { delegation, prompted: false };
|
|
2307
|
+
}
|
|
2308
|
+
/**
|
|
2309
|
+
* Issue a delegation via the session-key UCAN WASM path.
|
|
2310
|
+
*
|
|
2311
|
+
* The caller has already verified the request is derivable from the
|
|
2312
|
+
* current session; we just need to shape the inputs for
|
|
2313
|
+
* {@link createDelegationWrapper}.
|
|
2314
|
+
*
|
|
2315
|
+
* @internal
|
|
2316
|
+
*/
|
|
2317
|
+
async createDelegationViaWasmPath(did, entry, expirationTime, session) {
|
|
2318
|
+
const spaceId = entry.space === "default" ? session.spaceId : entry.space;
|
|
2319
|
+
const serviceSession = {
|
|
2320
|
+
delegationHeader: session.delegationHeader,
|
|
2321
|
+
delegationCid: session.delegationCid,
|
|
2322
|
+
jwk: session.jwk,
|
|
2323
|
+
spaceId,
|
|
2324
|
+
verificationMethod: session.verificationMethod
|
|
2325
|
+
};
|
|
2326
|
+
const expirationSecs = Math.floor(expirationTime.getTime() / 1e3);
|
|
2327
|
+
const result = this.createDelegationWrapper({
|
|
2328
|
+
session: serviceSession,
|
|
2329
|
+
delegateDID: did,
|
|
2330
|
+
spaceId,
|
|
2331
|
+
path: entry.path,
|
|
2332
|
+
actions: entry.actions,
|
|
2333
|
+
expirationSecs
|
|
2334
|
+
});
|
|
2335
|
+
return {
|
|
2336
|
+
cid: result.cid,
|
|
2337
|
+
delegationHeader: { Authorization: `Bearer ${result.delegation}` },
|
|
2338
|
+
spaceId,
|
|
2339
|
+
path: entry.path,
|
|
2340
|
+
actions: entry.actions,
|
|
2341
|
+
disableSubDelegation: false,
|
|
2342
|
+
expiry: result.expiry,
|
|
2343
|
+
delegateDID: did,
|
|
2344
|
+
ownerAddress: session.address,
|
|
2345
|
+
chainId: session.chainId,
|
|
2346
|
+
host: this.config.host
|
|
2347
|
+
};
|
|
2348
|
+
}
|
|
2349
|
+
/**
|
|
2350
|
+
* Issue a delegation via the legacy wallet-signed SIWE path for a single
|
|
2351
|
+
* {@link PermissionEntry}. Shares the implementation with the public
|
|
2352
|
+
* `createDelegation` method via {@link createDelegationWalletPath} so
|
|
2353
|
+
* both entry points hit exactly the same SIWE / signer / public-space
|
|
2354
|
+
* logic without mutual recursion.
|
|
2355
|
+
*
|
|
2356
|
+
* @internal
|
|
2357
|
+
*/
|
|
2358
|
+
async createDelegationLegacyWalletPath(delegateDID, entry, expirationTime) {
|
|
2359
|
+
const spaceIdOverride = entry.space === "default" ? void 0 : entry.space;
|
|
2360
|
+
return this.createDelegationWalletPath({
|
|
2361
|
+
path: entry.path,
|
|
2362
|
+
actions: entry.actions,
|
|
2363
|
+
delegateDID,
|
|
2364
|
+
includePublicSpace: true,
|
|
2365
|
+
expiryMs: Math.max(0, expirationTime.getTime() - Date.now()),
|
|
2366
|
+
spaceIdOverride
|
|
2367
|
+
});
|
|
2368
|
+
}
|
|
2098
2369
|
/**
|
|
2099
2370
|
* Create a delegation from this user to another user.
|
|
2100
2371
|
*
|
|
@@ -2105,6 +2376,51 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
2105
2376
|
* @returns A portable delegation that can be sent to the recipient
|
|
2106
2377
|
*/
|
|
2107
2378
|
async createDelegation(params) {
|
|
2379
|
+
if (!this.signer) {
|
|
2380
|
+
throw new Error("Cannot createDelegation() in session-only mode. Requires wallet mode.");
|
|
2381
|
+
}
|
|
2382
|
+
if (!this.auth?.tinyCloudSession) {
|
|
2383
|
+
throw new Error("Not signed in. Call signIn() first.");
|
|
2384
|
+
}
|
|
2385
|
+
let resolvedDelegateDID = params.delegateDID;
|
|
2386
|
+
if (resolvedDelegateDID.endsWith(".eth") && this.config.ensResolver) {
|
|
2387
|
+
const address = await this.config.ensResolver.resolveAddress(resolvedDelegateDID);
|
|
2388
|
+
if (!address) throw new Error(`Could not resolve ENS name: ${resolvedDelegateDID}`);
|
|
2389
|
+
resolvedDelegateDID = `did:pkh:eip155:1:${address}`;
|
|
2390
|
+
}
|
|
2391
|
+
const entries = legacyParamsToPermissionEntries(
|
|
2392
|
+
params.actions,
|
|
2393
|
+
params.path,
|
|
2394
|
+
params.spaceIdOverride
|
|
2395
|
+
);
|
|
2396
|
+
if (entries.length === 1) {
|
|
2397
|
+
try {
|
|
2398
|
+
const result = await this.delegateTo(
|
|
2399
|
+
resolvedDelegateDID,
|
|
2400
|
+
[entries[0]],
|
|
2401
|
+
params.expiryMs !== void 0 ? { expiry: params.expiryMs } : void 0
|
|
2402
|
+
);
|
|
2403
|
+
return result.delegation;
|
|
2404
|
+
} catch (err) {
|
|
2405
|
+
if (err instanceof import_sdk_core5.PermissionNotInManifestError) {
|
|
2406
|
+
} else {
|
|
2407
|
+
throw err;
|
|
2408
|
+
}
|
|
2409
|
+
}
|
|
2410
|
+
}
|
|
2411
|
+
return this.createDelegationWalletPath({
|
|
2412
|
+
...params,
|
|
2413
|
+
delegateDID: resolvedDelegateDID
|
|
2414
|
+
});
|
|
2415
|
+
}
|
|
2416
|
+
/**
|
|
2417
|
+
* Legacy wallet-signed SIWE delegation path. Lifted from the original
|
|
2418
|
+
* `createDelegation` body verbatim so both the legacy public method and
|
|
2419
|
+
* `delegateTo({ forceWalletSign: true })` hit the same code.
|
|
2420
|
+
*
|
|
2421
|
+
* @internal
|
|
2422
|
+
*/
|
|
2423
|
+
async createDelegationWalletPath(params) {
|
|
2108
2424
|
if (!this.signer) {
|
|
2109
2425
|
throw new Error("Cannot createDelegation() in session-only mode. Requires wallet mode.");
|
|
2110
2426
|
}
|
|
@@ -2112,11 +2428,6 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
2112
2428
|
if (!session) {
|
|
2113
2429
|
throw new Error("Not signed in. Call signIn() first.");
|
|
2114
2430
|
}
|
|
2115
|
-
if (params.delegateDID.endsWith(".eth") && this.config.ensResolver) {
|
|
2116
|
-
const address = await this.config.ensResolver.resolveAddress(params.delegateDID);
|
|
2117
|
-
if (!address) throw new Error(`Could not resolve ENS name: ${params.delegateDID}`);
|
|
2118
|
-
params = { ...params, delegateDID: `did:pkh:eip155:1:${address}` };
|
|
2119
|
-
}
|
|
2120
2431
|
const abilities = {};
|
|
2121
2432
|
const kvActions = params.actions.filter((a) => a.startsWith("tinycloud.kv/"));
|
|
2122
2433
|
const sqlActions = params.actions.filter((a) => a.startsWith("tinycloud.sql/"));
|
|
@@ -2149,7 +2460,7 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
2149
2460
|
...prepared,
|
|
2150
2461
|
signature
|
|
2151
2462
|
});
|
|
2152
|
-
const activateResult = await (0,
|
|
2463
|
+
const activateResult = await (0, import_sdk_core5.activateSessionWithHost)(
|
|
2153
2464
|
this.config.host,
|
|
2154
2465
|
delegationSession.delegationHeader
|
|
2155
2466
|
);
|
|
@@ -2171,7 +2482,7 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
2171
2482
|
};
|
|
2172
2483
|
const hasKvActions = params.actions.some((a) => a.startsWith("tinycloud.kv/"));
|
|
2173
2484
|
if (hasKvActions && params.includePublicSpace !== false) {
|
|
2174
|
-
const publicSpaceId = (0,
|
|
2485
|
+
const publicSpaceId = (0, import_sdk_core5.makePublicSpaceId)(
|
|
2175
2486
|
this.wasmBindings.ensureEip55(session.address),
|
|
2176
2487
|
session.chainId
|
|
2177
2488
|
);
|
|
@@ -2194,7 +2505,7 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
2194
2505
|
...publicPrepared,
|
|
2195
2506
|
signature: publicSignature
|
|
2196
2507
|
});
|
|
2197
|
-
const publicActivateResult = await (0,
|
|
2508
|
+
const publicActivateResult = await (0, import_sdk_core5.activateSessionWithHost)(
|
|
2198
2509
|
this.config.host,
|
|
2199
2510
|
publicSession.delegationHeader
|
|
2200
2511
|
);
|
|
@@ -2293,7 +2604,7 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
2293
2604
|
...prepared,
|
|
2294
2605
|
signature
|
|
2295
2606
|
});
|
|
2296
|
-
const activateResult = await (0,
|
|
2607
|
+
const activateResult = await (0, import_sdk_core5.activateSessionWithHost)(
|
|
2297
2608
|
targetHost,
|
|
2298
2609
|
invokerSession.delegationHeader
|
|
2299
2610
|
);
|
|
@@ -2382,7 +2693,7 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
2382
2693
|
...prepared,
|
|
2383
2694
|
signature
|
|
2384
2695
|
});
|
|
2385
|
-
const activateResult = await (0,
|
|
2696
|
+
const activateResult = await (0, import_sdk_core5.activateSessionWithHost)(
|
|
2386
2697
|
targetHost,
|
|
2387
2698
|
subDelegationSession.delegationHeader
|
|
2388
2699
|
);
|
|
@@ -2404,6 +2715,21 @@ var TinyCloudNode = class _TinyCloudNode {
|
|
|
2404
2715
|
};
|
|
2405
2716
|
}
|
|
2406
2717
|
};
|
|
2718
|
+
// ===========================================================================
|
|
2719
|
+
// Capability-chain delegation (spec: .claude/specs/capability-chain.md)
|
|
2720
|
+
// ===========================================================================
|
|
2721
|
+
/**
|
|
2722
|
+
* Safety margin before the session's own expiry at which {@link delegateTo}
|
|
2723
|
+
* will refuse to issue a derived delegation. Prevents issuing sub-delegations
|
|
2724
|
+
* that would be invalid by the time the recipient used them. Spec: 60 seconds.
|
|
2725
|
+
*
|
|
2726
|
+
* @internal
|
|
2727
|
+
*/
|
|
2728
|
+
_TinyCloudNode.SESSION_EXPIRY_SAFETY_MARGIN_MS = 6e4;
|
|
2729
|
+
var TinyCloudNode = _TinyCloudNode;
|
|
2730
|
+
|
|
2731
|
+
// src/core.ts
|
|
2732
|
+
var import_sdk_core8 = require("@tinycloud/sdk-core");
|
|
2407
2733
|
|
|
2408
2734
|
// src/delegation.ts
|
|
2409
2735
|
function serializeDelegation(delegation) {
|
|
@@ -2422,8 +2748,6 @@ function deserializeDelegation(data) {
|
|
|
2422
2748
|
}
|
|
2423
2749
|
|
|
2424
2750
|
// src/core.ts
|
|
2425
|
-
var import_sdk_core7 = require("@tinycloud/sdk-core");
|
|
2426
|
-
var import_sdk_core8 = require("@tinycloud/sdk-core");
|
|
2427
2751
|
var import_sdk_core9 = require("@tinycloud/sdk-core");
|
|
2428
2752
|
var import_sdk_core10 = require("@tinycloud/sdk-core");
|
|
2429
2753
|
var import_sdk_core11 = require("@tinycloud/sdk-core");
|
|
@@ -2431,6 +2755,8 @@ var import_sdk_core12 = require("@tinycloud/sdk-core");
|
|
|
2431
2755
|
var import_sdk_core13 = require("@tinycloud/sdk-core");
|
|
2432
2756
|
var import_sdk_core14 = require("@tinycloud/sdk-core");
|
|
2433
2757
|
var import_sdk_core15 = require("@tinycloud/sdk-core");
|
|
2758
|
+
var import_sdk_core16 = require("@tinycloud/sdk-core");
|
|
2759
|
+
var import_sdk_core17 = require("@tinycloud/sdk-core");
|
|
2434
2760
|
// Annotate the CommonJS export names for ESM import in node:
|
|
2435
2761
|
0 && (module.exports = {
|
|
2436
2762
|
AutoApproveSpaceCreationHandler,
|
|
@@ -2446,13 +2772,16 @@ var import_sdk_core15 = require("@tinycloud/sdk-core");
|
|
|
2446
2772
|
DuckDbService,
|
|
2447
2773
|
FileSessionStorage,
|
|
2448
2774
|
KVService,
|
|
2775
|
+
ManifestValidationError,
|
|
2449
2776
|
MemorySessionStorage,
|
|
2450
2777
|
NodeUserAuthorization,
|
|
2778
|
+
PermissionNotInManifestError,
|
|
2451
2779
|
PrefixedKVService,
|
|
2452
2780
|
ProtocolMismatchError,
|
|
2453
2781
|
SQLAction,
|
|
2454
2782
|
SQLService,
|
|
2455
2783
|
ServiceContext,
|
|
2784
|
+
SessionExpiredError,
|
|
2456
2785
|
SharingService,
|
|
2457
2786
|
SilentNotificationHandler,
|
|
2458
2787
|
Space,
|
|
@@ -2475,8 +2804,14 @@ var import_sdk_core15 = require("@tinycloud/sdk-core");
|
|
|
2475
2804
|
defaultSignStrategy,
|
|
2476
2805
|
defaultSpaceCreationHandler,
|
|
2477
2806
|
deserializeDelegation,
|
|
2807
|
+
expandActionShortNames,
|
|
2808
|
+
isCapabilitySubset,
|
|
2809
|
+
loadManifest,
|
|
2478
2810
|
makePublicSpaceId,
|
|
2811
|
+
parseExpiry,
|
|
2479
2812
|
parseSpaceUri,
|
|
2480
|
-
|
|
2813
|
+
resolveManifest,
|
|
2814
|
+
serializeDelegation,
|
|
2815
|
+
validateManifest
|
|
2481
2816
|
});
|
|
2482
2817
|
//# sourceMappingURL=core.cjs.map
|