npm - @tinycloud/node-sdk - Versions diffs - 2.0.4 → 2.1.0-beta.1 - Mend

@tinycloud/node-sdk 2.0.4 → 2.1.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/core.d.cts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, ClientSession, TinyCloudSession, Extension, Delegation, IKVService, ISQLService, IDuckDbService, INotificationHandler, IENSResolver, IDataVaultService, ICapabilityKeyRegistry, DelegationManager, ISpaceService, ISharingService, CreateDelegationParams, DelegationResult, KeyProvider, ISessionManager, JWK } from '@tinycloud/sdk-core';
-export { AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, CallbackStrategy, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, CreateDelegationParams, DataVaultConfig, DataVaultService, DatabaseHandle, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, EncodedShareData, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IngestOptions, InvokeFunction, JWK, KVResponse, KVService, KVServiceConfig, KeyInfo, KeyProvider, KeyType, PersistedSessionData, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, ReceiveOptions, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, ServiceContext, ServiceContextConfig, ServiceSession, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignRequest, SignResponse, SilentNotificationHandler, Space, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, TableInfo, TinyCloud, TinyCloudConfig, TinyCloudSession, UnsupportedFeatureError, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VersionCheckError, ViewInfo, WasmVaultFunctions, buildSpaceUri, checkNodeInfo, createCapabilityKeyRegistry, createSharingService, createSpaceService, createVaultCrypto, defaultSpaceCreationHandler, makePublicSpaceId, parseSpaceUri } from '@tinycloud/sdk-core';
+import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, ClientSession, TinyCloudSession, Extension, Delegation, IKVService, ISQLService, IDuckDbService, IHooksService, INotificationHandler, IENSResolver, IDataVaultService, ICapabilityKeyRegistry, DelegationManager, ISpaceService, ISharingService, CreateDelegationParams, DelegationResult, PermissionEntry, KeyProvider, ISessionManager, JWK } from '@tinycloud/sdk-core';
+export { AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, CallbackStrategy, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, CreateDelegationParams, DataVaultConfig, DataVaultService, DatabaseHandle, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, EncodedShareData, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IngestOptions, InvokeFunction, JWK, KVResponse, KVService, KVServiceConfig, KeyInfo, KeyProvider, KeyType, Manifest, ManifestDefaults, ManifestDelegation, ManifestValidationError, PermissionEntry, PermissionNotInManifestError, PersistedSessionData, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, ReceiveOptions, ResolvedCapabilities, ResolvedDelegate, ResourceCapability, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, ServiceContext, ServiceContextConfig, ServiceSession, SessionExpiredError, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignRequest, SignResponse, SilentNotificationHandler, Space, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, TableInfo, TinyCloud, TinyCloudConfig, TinyCloudSession, UnsupportedFeatureError, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VersionCheckError, ViewInfo, WasmVaultFunctions, buildSpaceUri, checkNodeInfo, createCapabilityKeyRegistry, createSharingService, createSpaceService, createVaultCrypto, defaultSpaceCreationHandler, expandActionShortNames, isCapabilitySubset, loadManifest, makePublicSpaceId, parseExpiry, parseSpaceUri, resolveManifest, validateManifest } from '@tinycloud/sdk-core';
 import { EventEmitter } from 'events';
 import { InvokeFunction } from '@tinycloud/sdk-services';
@@ -444,6 +444,7 @@ declare class DelegatedAccess {
     private _kv;
     private _sql;
     private _duckdb;
+    private _hooks;
     constructor(session: TinyCloudSession, delegation: PortableDelegation, host: string, invoke: InvokeFunction);
     /**
      * Get the delegation this access was created from.
@@ -469,6 +470,10 @@ declare class DelegatedAccess {
      * DuckDB operations on the delegated space.
      */
     get duckdb(): IDuckDbService;
+    /**
+     * Hooks write-stream subscriptions on the delegated space.
+     */
+    get hooks(): IHooksService;
 }
 /**
@@ -545,6 +550,35 @@ interface TinyCloudNodeConfig {
     /** Optional SIWE configuration overrides (e.g., nonce for server-provided nonces) */
     siweConfig?: SiweConfig;
 }
+/**
+ * Options for {@link TinyCloudNode.delegateTo}.
+ *
+ * `expiry` accepts either an ms-format duration string (e.g. `"7d"`, `"1h"`)
+ * or a raw number of milliseconds. When omitted, the default is 1 hour.
+ *
+ * `forceWalletSign` bypasses the derivability check and sends the
+ * delegation through the legacy wallet-signed SIWE path, which always
+ * triggers a wallet prompt. Used for testing, for explicit wallet
+ * confirmation flows, and by the legacy `createDelegation` fallback.
+ */
+interface DelegateToOptions {
+    /** Override expiry. ms-format string ("7d", "1h") or raw milliseconds. */
+    expiry?: string | number;
+    /** Force the wallet-signed SIWE path even if the caps are derivable. Default false. */
+    forceWalletSign?: boolean;
+}
+/**
+ * Result of {@link TinyCloudNode.delegateTo}.
+ *
+ * `prompted` indicates whether a wallet prompt was shown — `true` for the
+ * legacy wallet path (always), `false` for the session-key UCAN path (never).
+ * Callers wiring single-prompt sign-in flows use this to assert that their
+ * capability chain was derivable.
+ */
+interface DelegateToResult {
+    delegation: PortableDelegation;
+    prompted: boolean;
+}
 /**
  * High-level TinyCloud API for Node.js environments.
  *
@@ -573,6 +607,7 @@ declare class TinyCloudNode {
     private _kv?;
     private _sql?;
     private _duckdb?;
+    private _hooks?;
     private _vault?;
     /** Cached public KV with proper delegation (set by ensurePublicSpace) */
     private _publicKV?;
@@ -776,6 +811,10 @@ declare class TinyCloudNode {
      * Call `vault.unlock(signer)` after signIn() to derive encryption keys.
      */
     get vault(): IDataVaultService;
+    /**
+     * Hooks write stream subscription API.
+     */
+    get hooks(): IHooksService;
     /**
      * Get the CapabilityKeyRegistry for managing keys and their capabilities.
      *
@@ -967,6 +1006,58 @@ declare class TinyCloudNode {
      * @returns Result containing boolean permission status
      */
     checkPermission(path: string, action: string): Promise<DelegationResult<boolean>>;
+    /**
+     * Safety margin before the session's own expiry at which {@link delegateTo}
+     * will refuse to issue a derived delegation. Prevents issuing sub-delegations
+     * that would be invalid by the time the recipient used them. Spec: 60 seconds.
+     *
+     * @internal
+     */
+    private static readonly SESSION_EXPIRY_SAFETY_MARGIN_MS;
+    /**
+     * Issue a delegation using the capability-chain flow.
+     *
+     * When the requested permissions are a subset of the current session's
+     * recap, the delegation is signed by the session key via WASM — no wallet
+     * prompt. When they are not, a {@link PermissionNotInManifestError} is
+     * raised so the caller can trigger an escalation flow (e.g.
+     * `TinyCloudWeb.requestPermissions`). Passing `forceWalletSign: true`
+     * bypasses the derivability check and always uses the wallet-signed SIWE
+     * path — used by the legacy `createDelegation` fallback and by callers
+     * that want explicit wallet confirmation.
+     *
+     * Current limitation: exactly one {@link PermissionEntry} per call. For
+     * multi-resource delegation, call `delegateTo` multiple times. This keeps
+     * each delegation a single `(spaceId, path)` grant, which matches the
+     * underlying `PortableDelegation` shape.
+     *
+     * @throws {@link SessionExpiredError} when there is no session or the
+     *   current session has expired (or will within the 60s safety margin).
+     * @throws {@link PermissionNotInManifestError} when the requested entries
+     *   are not a subset of the granted session capabilities and
+     *   `forceWalletSign` is not set.
+     */
+    delegateTo(did: string, permissions: PermissionEntry[], options?: DelegateToOptions): Promise<DelegateToResult>;
+    /**
+     * Issue a delegation via the session-key UCAN WASM path.
+     *
+     * The caller has already verified the request is derivable from the
+     * current session; we just need to shape the inputs for
+     * {@link createDelegationWrapper}.
+     *
+     * @internal
+     */
+    private createDelegationViaWasmPath;
+    /**
+     * Issue a delegation via the legacy wallet-signed SIWE path for a single
+     * {@link PermissionEntry}. Shares the implementation with the public
+     * `createDelegation` method via {@link createDelegationWalletPath} so
+     * both entry points hit exactly the same SIWE / signer / public-space
+     * logic without mutual recursion.
+     *
+     * @internal
+     */
+    private createDelegationLegacyWalletPath;
     /**
      * Create a delegation from this user to another user.
      *
@@ -992,6 +1083,14 @@ declare class TinyCloudNode {
         /** Include a companion delegation for the user's public space (default: true) */
         includePublicSpace?: boolean;
     }): Promise<PortableDelegation>;
+    /**
+     * Legacy wallet-signed SIWE delegation path. Lifted from the original
+     * `createDelegation` body verbatim so both the legacy public method and
+     * `delegateTo({ forceWalletSign: true })` hit the same code.
+     *
+     * @internal
+     */
+    private createDelegationWalletPath;
     /**
      * Use a delegation received from another user.
      *
@@ -1138,4 +1237,4 @@ declare class WasmKeyProvider implements KeyProvider {
  */
 declare function createWasmKeyProvider(sessionManager: SessionManagerWithListing): WasmKeyProvider;
-export { DelegatedAccess, FileSessionStorage, MemorySessionStorage, type NodeEventEmitterStrategy, NodeUserAuthorization, type NodeUserAuthorizationConfig, type PortableDelegation, type SignStrategy, TinyCloudNode, type TinyCloudNodeConfig, WasmKeyProvider, type WasmKeyProviderConfig, createWasmKeyProvider, defaultSignStrategy, deserializeDelegation, serializeDelegation };
+export { type DelegateToOptions, type DelegateToResult, DelegatedAccess, FileSessionStorage, MemorySessionStorage, type NodeEventEmitterStrategy, NodeUserAuthorization, type NodeUserAuthorizationConfig, type PortableDelegation, type SignStrategy, TinyCloudNode, type TinyCloudNodeConfig, WasmKeyProvider, type WasmKeyProviderConfig, createWasmKeyProvider, defaultSignStrategy, deserializeDelegation, serializeDelegation };

package/dist/core.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, ClientSession, TinyCloudSession, Extension, Delegation, IKVService, ISQLService, IDuckDbService, INotificationHandler, IENSResolver, IDataVaultService, ICapabilityKeyRegistry, DelegationManager, ISpaceService, ISharingService, CreateDelegationParams, DelegationResult, KeyProvider, ISessionManager, JWK } from '@tinycloud/sdk-core';
-export { AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, CallbackStrategy, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, CreateDelegationParams, DataVaultConfig, DataVaultService, DatabaseHandle, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, EncodedShareData, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IngestOptions, InvokeFunction, JWK, KVResponse, KVService, KVServiceConfig, KeyInfo, KeyProvider, KeyType, PersistedSessionData, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, ReceiveOptions, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, ServiceContext, ServiceContextConfig, ServiceSession, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignRequest, SignResponse, SilentNotificationHandler, Space, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, TableInfo, TinyCloud, TinyCloudConfig, TinyCloudSession, UnsupportedFeatureError, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VersionCheckError, ViewInfo, WasmVaultFunctions, buildSpaceUri, checkNodeInfo, createCapabilityKeyRegistry, createSharingService, createSpaceService, createVaultCrypto, defaultSpaceCreationHandler, makePublicSpaceId, parseSpaceUri } from '@tinycloud/sdk-core';
+import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, ClientSession, TinyCloudSession, Extension, Delegation, IKVService, ISQLService, IDuckDbService, IHooksService, INotificationHandler, IENSResolver, IDataVaultService, ICapabilityKeyRegistry, DelegationManager, ISpaceService, ISharingService, CreateDelegationParams, DelegationResult, PermissionEntry, KeyProvider, ISessionManager, JWK } from '@tinycloud/sdk-core';
+export { AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, CallbackStrategy, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, CreateDelegationParams, DataVaultConfig, DataVaultService, DatabaseHandle, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, EncodedShareData, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IngestOptions, InvokeFunction, JWK, KVResponse, KVService, KVServiceConfig, KeyInfo, KeyProvider, KeyType, Manifest, ManifestDefaults, ManifestDelegation, ManifestValidationError, PermissionEntry, PermissionNotInManifestError, PersistedSessionData, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, ReceiveOptions, ResolvedCapabilities, ResolvedDelegate, ResourceCapability, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, ServiceContext, ServiceContextConfig, ServiceSession, SessionExpiredError, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignRequest, SignResponse, SilentNotificationHandler, Space, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, TableInfo, TinyCloud, TinyCloudConfig, TinyCloudSession, UnsupportedFeatureError, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VersionCheckError, ViewInfo, WasmVaultFunctions, buildSpaceUri, checkNodeInfo, createCapabilityKeyRegistry, createSharingService, createSpaceService, createVaultCrypto, defaultSpaceCreationHandler, expandActionShortNames, isCapabilitySubset, loadManifest, makePublicSpaceId, parseExpiry, parseSpaceUri, resolveManifest, validateManifest } from '@tinycloud/sdk-core';
 import { EventEmitter } from 'events';
 import { InvokeFunction } from '@tinycloud/sdk-services';
@@ -444,6 +444,7 @@ declare class DelegatedAccess {
     private _kv;
     private _sql;
     private _duckdb;
+    private _hooks;
     constructor(session: TinyCloudSession, delegation: PortableDelegation, host: string, invoke: InvokeFunction);
     /**
      * Get the delegation this access was created from.
@@ -469,6 +470,10 @@ declare class DelegatedAccess {
      * DuckDB operations on the delegated space.
      */
     get duckdb(): IDuckDbService;
+    /**
+     * Hooks write-stream subscriptions on the delegated space.
+     */
+    get hooks(): IHooksService;
 }
 /**
@@ -545,6 +550,35 @@ interface TinyCloudNodeConfig {
     /** Optional SIWE configuration overrides (e.g., nonce for server-provided nonces) */
     siweConfig?: SiweConfig;
 }
+/**
+ * Options for {@link TinyCloudNode.delegateTo}.
+ *
+ * `expiry` accepts either an ms-format duration string (e.g. `"7d"`, `"1h"`)
+ * or a raw number of milliseconds. When omitted, the default is 1 hour.
+ *
+ * `forceWalletSign` bypasses the derivability check and sends the
+ * delegation through the legacy wallet-signed SIWE path, which always
+ * triggers a wallet prompt. Used for testing, for explicit wallet
+ * confirmation flows, and by the legacy `createDelegation` fallback.
+ */
+interface DelegateToOptions {
+    /** Override expiry. ms-format string ("7d", "1h") or raw milliseconds. */
+    expiry?: string | number;
+    /** Force the wallet-signed SIWE path even if the caps are derivable. Default false. */
+    forceWalletSign?: boolean;
+}
+/**
+ * Result of {@link TinyCloudNode.delegateTo}.
+ *
+ * `prompted` indicates whether a wallet prompt was shown — `true` for the
+ * legacy wallet path (always), `false` for the session-key UCAN path (never).
+ * Callers wiring single-prompt sign-in flows use this to assert that their
+ * capability chain was derivable.
+ */
+interface DelegateToResult {
+    delegation: PortableDelegation;
+    prompted: boolean;
+}
 /**
  * High-level TinyCloud API for Node.js environments.
  *
@@ -573,6 +607,7 @@ declare class TinyCloudNode {
     private _kv?;
     private _sql?;
     private _duckdb?;
+    private _hooks?;
     private _vault?;
     /** Cached public KV with proper delegation (set by ensurePublicSpace) */
     private _publicKV?;
@@ -776,6 +811,10 @@ declare class TinyCloudNode {
      * Call `vault.unlock(signer)` after signIn() to derive encryption keys.
      */
     get vault(): IDataVaultService;
+    /**
+     * Hooks write stream subscription API.
+     */
+    get hooks(): IHooksService;
     /**
      * Get the CapabilityKeyRegistry for managing keys and their capabilities.
      *
@@ -967,6 +1006,58 @@ declare class TinyCloudNode {
      * @returns Result containing boolean permission status
      */
     checkPermission(path: string, action: string): Promise<DelegationResult<boolean>>;
+    /**
+     * Safety margin before the session's own expiry at which {@link delegateTo}
+     * will refuse to issue a derived delegation. Prevents issuing sub-delegations
+     * that would be invalid by the time the recipient used them. Spec: 60 seconds.
+     *
+     * @internal
+     */
+    private static readonly SESSION_EXPIRY_SAFETY_MARGIN_MS;
+    /**
+     * Issue a delegation using the capability-chain flow.
+     *
+     * When the requested permissions are a subset of the current session's
+     * recap, the delegation is signed by the session key via WASM — no wallet
+     * prompt. When they are not, a {@link PermissionNotInManifestError} is
+     * raised so the caller can trigger an escalation flow (e.g.
+     * `TinyCloudWeb.requestPermissions`). Passing `forceWalletSign: true`
+     * bypasses the derivability check and always uses the wallet-signed SIWE
+     * path — used by the legacy `createDelegation` fallback and by callers
+     * that want explicit wallet confirmation.
+     *
+     * Current limitation: exactly one {@link PermissionEntry} per call. For
+     * multi-resource delegation, call `delegateTo` multiple times. This keeps
+     * each delegation a single `(spaceId, path)` grant, which matches the
+     * underlying `PortableDelegation` shape.
+     *
+     * @throws {@link SessionExpiredError} when there is no session or the
+     *   current session has expired (or will within the 60s safety margin).
+     * @throws {@link PermissionNotInManifestError} when the requested entries
+     *   are not a subset of the granted session capabilities and
+     *   `forceWalletSign` is not set.
+     */
+    delegateTo(did: string, permissions: PermissionEntry[], options?: DelegateToOptions): Promise<DelegateToResult>;
+    /**
+     * Issue a delegation via the session-key UCAN WASM path.
+     *
+     * The caller has already verified the request is derivable from the
+     * current session; we just need to shape the inputs for
+     * {@link createDelegationWrapper}.
+     *
+     * @internal
+     */
+    private createDelegationViaWasmPath;
+    /**
+     * Issue a delegation via the legacy wallet-signed SIWE path for a single
+     * {@link PermissionEntry}. Shares the implementation with the public
+     * `createDelegation` method via {@link createDelegationWalletPath} so
+     * both entry points hit exactly the same SIWE / signer / public-space
+     * logic without mutual recursion.
+     *
+     * @internal
+     */
+    private createDelegationLegacyWalletPath;
     /**
      * Create a delegation from this user to another user.
      *
@@ -992,6 +1083,14 @@ declare class TinyCloudNode {
         /** Include a companion delegation for the user's public space (default: true) */
         includePublicSpace?: boolean;
     }): Promise<PortableDelegation>;
+    /**
+     * Legacy wallet-signed SIWE delegation path. Lifted from the original
+     * `createDelegation` body verbatim so both the legacy public method and
+     * `delegateTo({ forceWalletSign: true })` hit the same code.
+     *
+     * @internal
+     */
+    private createDelegationWalletPath;
     /**
      * Use a delegation received from another user.
      *
@@ -1138,4 +1237,4 @@ declare class WasmKeyProvider implements KeyProvider {
  */
 declare function createWasmKeyProvider(sessionManager: SessionManagerWithListing): WasmKeyProvider;
-export { DelegatedAccess, FileSessionStorage, MemorySessionStorage, type NodeEventEmitterStrategy, NodeUserAuthorization, type NodeUserAuthorizationConfig, type PortableDelegation, type SignStrategy, TinyCloudNode, type TinyCloudNodeConfig, WasmKeyProvider, type WasmKeyProviderConfig, createWasmKeyProvider, defaultSignStrategy, deserializeDelegation, serializeDelegation };
+export { type DelegateToOptions, type DelegateToResult, DelegatedAccess, FileSessionStorage, MemorySessionStorage, type NodeEventEmitterStrategy, NodeUserAuthorization, type NodeUserAuthorizationConfig, type PortableDelegation, type SignStrategy, TinyCloudNode, type TinyCloudNodeConfig, WasmKeyProvider, type WasmKeyProviderConfig, createWasmKeyProvider, defaultSignStrategy, deserializeDelegation, serializeDelegation };