@tinycloud/node-sdk 2.1.0-beta.0 → 2.1.0-beta.2

package/dist/core.d.cts

@@ -1,5 +1,5 @@
-import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, ClientSession, TinyCloudSession, Extension, Delegation, IKVService, ISQLService, IDuckDbService, IHooksService, INotificationHandler, IENSResolver, IDataVaultService, ICapabilityKeyRegistry, DelegationManager, ISpaceService, ISharingService, CreateDelegationParams, DelegationResult, KeyProvider, ISessionManager, JWK } from '@tinycloud/sdk-core';
-export { AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, CallbackStrategy, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, CreateDelegationParams, DataVaultConfig, DataVaultService, DatabaseHandle, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, EncodedShareData, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IngestOptions, InvokeFunction, JWK, KVResponse, KVService, KVServiceConfig, KeyInfo, KeyProvider, KeyType, PersistedSessionData, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, ReceiveOptions, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, ServiceContext, ServiceContextConfig, ServiceSession, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignRequest, SignResponse, SilentNotificationHandler, Space, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, TableInfo, TinyCloud, TinyCloudConfig, TinyCloudSession, UnsupportedFeatureError, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VersionCheckError, ViewInfo, WasmVaultFunctions, buildSpaceUri, checkNodeInfo, createCapabilityKeyRegistry, createSharingService, createSpaceService, createVaultCrypto, defaultSpaceCreationHandler, makePublicSpaceId, parseSpaceUri } from '@tinycloud/sdk-core';
+import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, Manifest, ClientSession, TinyCloudSession, Extension, Delegation, DelegatedResource, IKVService, ISQLService, IDuckDbService, IHooksService, INotificationHandler, IENSResolver, IDataVaultService, ICapabilityKeyRegistry, DelegationManager, ISpaceService, ISharingService, CreateDelegationParams, DelegationResult, PermissionEntry, KeyProvider, ISessionManager, JWK } from '@tinycloud/sdk-core';
+export { AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, CallbackStrategy, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, CreateDelegationParams, DataVaultConfig, DataVaultService, DatabaseHandle, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, EncodedShareData, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IngestOptions, InvokeFunction, JWK, KVResponse, KVService, KVServiceConfig, KeyInfo, KeyProvider, KeyType, Manifest, ManifestDefaults, ManifestDelegation, ManifestValidationError, PermissionEntry, PermissionNotInManifestError, PersistedSessionData, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, ReceiveOptions, ResolvedCapabilities, ResolvedDelegate, ResourceCapability, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, ServiceContext, ServiceContextConfig, ServiceSession, SessionExpiredError, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignRequest, SignResponse, SilentNotificationHandler, Space, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, TableInfo, TinyCloud, TinyCloudConfig, TinyCloudSession, UnsupportedFeatureError, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VersionCheckError, ViewInfo, WasmVaultFunctions, buildSpaceUri, checkNodeInfo, createCapabilityKeyRegistry, createSharingService, createSpaceService, createVaultCrypto, defaultSpaceCreationHandler, expandActionShortNames, isCapabilitySubset, loadManifest, makePublicSpaceId, parseExpiry, parseSpaceUri, resolveManifest, validateManifest } from '@tinycloud/sdk-core';
 import { EventEmitter } from 'events';
 import { InvokeFunction } from '@tinycloud/sdk-services';
 
@@ -203,6 +203,25 @@ interface NodeUserAuthorizationConfig {
     nonce?: string;
     /** Optional SIWE configuration overrides (e.g., nonce for server-provided nonces) */
     siweConfig?: SiweConfig;
+    /**
+     * App manifest used to drive the SIWE recap at sign-in.
+     *
+     * When set, `signIn` resolves the manifest (via
+     * {@link resolveManifest}), unions the app's own permissions with
+     * every `delegations[*].permissions` list, converts to the WASM
+     * abilities shape, and uses that map as the session's granted
+     * capabilities — *instead* of `defaultActions`.
+     *
+     * This is what makes manifest-declared pre-delegations usable: the
+     * session key's recap covers both the app's runtime needs and the
+     * downstream delegation targets, so `delegateTo` can issue the
+     * sub-delegation via the session-key UCAN path without a wallet
+     * prompt.
+     *
+     * When omitted, `signIn` falls back to `defaultActions` for
+     * backwards compatibility.
+     */
+    manifest?: Manifest;
 }
 /**
  * Node.js implementation of IUserAuthorization.
@@ -253,6 +272,12 @@ declare class NodeUserAuthorization implements IUserAuthorization {
     private readonly nonce?;
     private readonly siweConfig?;
     private readonly wasm;
+    /**
+     * Stored manifest, if one was provided at construction time. Used by
+     * {@link signIn} to derive the session's granted capabilities instead
+     * of falling back to {@link defaultActions}.
+     */
+    private _manifest?;
     private sessionManager;
     private extensions;
     private _session?;
@@ -261,6 +286,18 @@ declare class NodeUserAuthorization implements IUserAuthorization {
     private _chainId?;
     private _nodeFeatures;
     constructor(config: NodeUserAuthorizationConfig);
+    /**
+     * Return the manifest currently driving sign-in behavior, or
+     * `undefined` if none is set. Used by TinyCloudWeb/TinyCloudNode
+     * internals to surface the manifest for requestPermissions flows
+     * without forcing the caller to track it separately.
+     */
+    get manifest(): Manifest | undefined;
+    /**
+     * Install or replace the stored manifest. Takes effect on the next
+     * `signIn()` call — the current session (if any) is not touched.
+     */
+    setManifest(manifest: Manifest | undefined): void;
     /**
      * The current active session (web-core compatible).
      */
@@ -271,6 +308,33 @@ declare class NodeUserAuthorization implements IUserAuthorization {
      */
     get tinyCloudSession(): TinyCloudSession | undefined;
     get nodeFeatures(): string[];
+    /**
+     * Compute the `abilities` map the WASM `prepareSession` call should
+     * see at sign-in time.
+     *
+     * When a manifest is installed, we resolve it and union together:
+     * - the app's own `resources` (what it needs at runtime)
+     * - every `additionalDelegates[*].permissions` list (what it will
+     *   re-delegate to other DIDs post sign-in)
+     *
+     * into the short-service / path / full-URN-actions shape the WASM
+     * layer expects. This is the key invariant that lets
+     * {@link TinyCloudNode.delegateTo} issue manifest-declared
+     * delegations via the session key (no wallet prompt): the session's
+     * own recap already covers every action those delegations need.
+     *
+     * When no manifest is installed, we fall back to the
+     * {@link defaultActions} table so existing callers see no change.
+     *
+     * This is a pure function of `this._manifest` + `this.defaultActions`
+     * — the manifest resolution performs no I/O and throws a
+     * {@link ManifestValidationError} on structural problems (missing
+     * id/name, unparseable expiry, etc), which will surface at sign-in
+     * rather than being silently swallowed.
+     *
+     * @internal
+     */
+    private resolveSignInAbilities;
     /**
      * Build SIWE overrides from the top-level nonce and siweConfig.
      * - Top-level `nonce` is seeded first so `siweConfig.nonce` wins if both are set.
@@ -404,6 +468,12 @@ declare class NodeUserAuthorization implements IUserAuthorization {
  * - `ownerAddress`: Space owner's address for session creation
  * - `chainId`: Chain ID for session creation
  * - `host`: Optional server URL
+ * - `resources`: Multi-resource grant breakdown (present when the
+ *   delegation was issued via the multi-resource WASM path, i.e. one
+ *   UCAN covering multiple `(service, path, actions)` entries). The
+ *   flat `path` + `actions` fields mirror the first entry for
+ *   single-resource callers; consumers that need the full picture
+ *   read `resources`.
  */
 interface PortableDelegation extends Omit<Delegation, "isRevoked"> {
     /** The authorization header for this delegation (structured format) */
@@ -420,6 +490,14 @@ interface PortableDelegation extends Omit<Delegation, "isRevoked"> {
     disableSubDelegation?: boolean;
     /** Companion delegation for the user's public space (auto-created when includePublicSpace is true) */
     publicDelegation?: PortableDelegation;
+    /**
+     * Full multi-resource grant breakdown. Present when the delegation
+     * was issued via the multi-resource WASM path; each entry describes
+     * one `(service, space, path, actions)` grant carried by the single
+     * underlying UCAN. When absent, only the flat `path` + `actions`
+     * fields are authoritative (legacy single-resource shape).
+     */
+    resources?: DelegatedResource[];
 }
 /**
  * Serialize a PortableDelegation for transport (e.g., over network).
@@ -549,6 +627,51 @@ interface TinyCloudNodeConfig {
     nonce?: string;
     /** Optional SIWE configuration overrides (e.g., nonce for server-provided nonces) */
     siweConfig?: SiweConfig;
+    /**
+     * App manifest driving the SIWE recap at sign-in.
+     *
+     * When set, `signIn()` resolves the manifest, unions the app's own
+     * permissions with every manifest-declared delegation's permissions,
+     * and uses that union as the session's granted capabilities — NOT
+     * the legacy `defaultActions` table. This is what makes
+     * `delegateTo(manifestDeclaredDid, permissions)` work without a
+     * wallet prompt: the session key's recap already covers the
+     * delegation target's needs at sign-in time.
+     *
+     * When omitted, `signIn()` falls back to `defaultActions` for
+     * backwards compatibility with callers that pre-date the manifest
+     * flow.
+     */
+    manifest?: Manifest;
+}
+/**
+ * Options for {@link TinyCloudNode.delegateTo}.
+ *
+ * `expiry` accepts either an ms-format duration string (e.g. `"7d"`, `"1h"`)
+ * or a raw number of milliseconds. When omitted, the default is 1 hour.
+ *
+ * `forceWalletSign` bypasses the derivability check and sends the
+ * delegation through the legacy wallet-signed SIWE path, which always
+ * triggers a wallet prompt. Used for testing, for explicit wallet
+ * confirmation flows, and by the legacy `createDelegation` fallback.
+ */
+interface DelegateToOptions {
+    /** Override expiry. ms-format string ("7d", "1h") or raw milliseconds. */
+    expiry?: string | number;
+    /** Force the wallet-signed SIWE path even if the caps are derivable. Default false. */
+    forceWalletSign?: boolean;
+}
+/**
+ * Result of {@link TinyCloudNode.delegateTo}.
+ *
+ * `prompted` indicates whether a wallet prompt was shown — `true` for the
+ * legacy wallet path (always), `false` for the session-key UCAN path (never).
+ * Callers wiring single-prompt sign-in flows use this to assert that their
+ * capability chain was derivable.
+ */
+interface DelegateToResult {
+    delegation: PortableDelegation;
+    prompted: boolean;
 }
 /**
  * High-level TinyCloud API for Node.js environments.
@@ -625,6 +748,19 @@ declare class TinyCloudNode {
      * @internal
      */
     private setupAuth;
+    /**
+     * Install or replace the manifest that drives the SIWE recap at
+     * sign-in. Takes effect on the next `signIn()` call — the current
+     * session (if any) is not touched. Wire this up from a higher
+     * layer (e.g. TinyCloudWeb.setManifest) so the manifest is kept
+     * in sync across the stack.
+     */
+    setManifest(manifest: Manifest | undefined): void;
+    /**
+     * Return the manifest currently installed on the auth handler,
+     * or `undefined` if none is set.
+     */
+    get manifest(): Manifest | undefined;
     /**
      * Get the primary identity DID for this user.
      * - If wallet connected and signed in: returns PKH DID (did:pkh:eip155:{chainId}:{address})
@@ -749,7 +885,19 @@ declare class TinyCloudNode {
     private getSessionExpiry;
     /**
      * Wrapper for the WASM createDelegation function.
-     * Adapts the WASM interface to what SharingService expects.
+     *
+     * The WASM call now takes a multi-resource `abilities` map
+     * (matching `prepareSession`'s shape) and emits ONE UCAN that
+     * covers every `(service, path, actions)` entry. We mirror the raw
+     * result back through `CreateDelegationWasmResult`, converting the
+     * seconds-since-epoch `expiry` to a Date and normalizing the
+     * `delegateDid` → `delegateDID` case.
+     *
+     * Both SharingService (single-entry) and
+     * {@link TinyCloudNode.delegateTo} (multi-entry) drive this through
+     * the same code path so there's exactly one place that touches the
+     * WASM boundary.
+     *
      * @internal
      */
     private createDelegationWrapper;
@@ -977,6 +1125,78 @@ declare class TinyCloudNode {
      * @returns Result containing boolean permission status
      */
     checkPermission(path: string, action: string): Promise<DelegationResult<boolean>>;
+    /**
+     * Safety margin before the session's own expiry at which {@link delegateTo}
+     * will refuse to issue a derived delegation. Prevents issuing sub-delegations
+     * that would be invalid by the time the recipient used them. Spec: 60 seconds.
+     *
+     * @internal
+     */
+    private static readonly SESSION_EXPIRY_SAFETY_MARGIN_MS;
+    /**
+     * Issue a delegation using the capability-chain flow.
+     *
+     * When every requested permission is a subset of the current
+     * session's recap, the delegation is signed by the session key via
+     * WASM — no wallet prompt. When at least one is NOT derivable, a
+     * {@link PermissionNotInManifestError} is raised (carrying the
+     * missing entries) so the caller can trigger an escalation flow
+     * (e.g. `TinyCloudWeb.requestPermissions`). Passing
+     * `forceWalletSign: true` bypasses the derivability check and
+     * always uses the wallet-signed SIWE path — used by the legacy
+     * `createDelegation` fallback and by callers that want explicit
+     * wallet confirmation.
+     *
+     * Multi-entry delegations are now emitted as **one** signed UCAN:
+     * the underlying WASM `createDelegation` takes a full
+     * `HashMap<Service, HashMap<Path, Vec<Ability>>>` abilities map
+     * and produces a single attenuation carrying every
+     * `(service, path, actions)` entry. The returned
+     * {@link DelegateToResult.delegation} is that single blob, and
+     * apps can POST it to their backend exactly like a single-entry
+     * delegation (the server verifies all granted resources from one
+     * UCAN).
+     *
+     * For single-entry requests the `PortableDelegation.path` and
+     * `.actions` fields mirror the one granted entry. For
+     * multi-entry requests they mirror the **first** entry (stable
+     * lexicographic order from the Rust side); consumers that need
+     * the full picture read `PortableDelegation.resources`.
+     *
+     * @throws {@link SessionExpiredError} when there is no session or
+     *   the current session has expired (or will within the 60s
+     *   safety margin).
+     * @throws {@link PermissionNotInManifestError} when any requested
+     *   entry is not a subset of the granted session capabilities and
+     *   `forceWalletSign` is not set.
+     */
+    delegateTo(did: string, permissions: PermissionEntry[], options?: DelegateToOptions): Promise<DelegateToResult>;
+    /**
+     * Issue a delegation via the session-key UCAN WASM path.
+     *
+     * The caller has already verified every entry is derivable from
+     * the current session; we build one multi-resource abilities map
+     * and emit one signed UCAN covering them all.
+     *
+     * All entries must share the same target space (the UCAN is
+     * scoped to a single space). If they don't, this throws — mixing
+     * spaces in a single delegation is not supported by the underlying
+     * Rust create_delegation call and the resulting UCAN would be
+     * under-specified.
+     *
+     * @internal
+     */
+    private createDelegationViaWasmPath;
+    /**
+     * Issue a delegation via the legacy wallet-signed SIWE path for a single
+     * {@link PermissionEntry}. Shares the implementation with the public
+     * `createDelegation` method via {@link createDelegationWalletPath} so
+     * both entry points hit exactly the same SIWE / signer / public-space
+     * logic without mutual recursion.
+     *
+     * @internal
+     */
+    private createDelegationLegacyWalletPath;
     /**
      * Create a delegation from this user to another user.
      *
@@ -1002,6 +1222,14 @@ declare class TinyCloudNode {
         /** Include a companion delegation for the user's public space (default: true) */
         includePublicSpace?: boolean;
     }): Promise<PortableDelegation>;
+    /**
+     * Legacy wallet-signed SIWE delegation path. Lifted from the original
+     * `createDelegation` body verbatim so both the legacy public method and
+     * `delegateTo({ forceWalletSign: true })` hit the same code.
+     *
+     * @internal
+     */
+    private createDelegationWalletPath;
     /**
      * Use a delegation received from another user.
      *
@@ -1148,4 +1376,4 @@ declare class WasmKeyProvider implements KeyProvider {
  */
 declare function createWasmKeyProvider(sessionManager: SessionManagerWithListing): WasmKeyProvider;
 
-export { DelegatedAccess, FileSessionStorage, MemorySessionStorage, type NodeEventEmitterStrategy, NodeUserAuthorization, type NodeUserAuthorizationConfig, type PortableDelegation, type SignStrategy, TinyCloudNode, type TinyCloudNodeConfig, WasmKeyProvider, type WasmKeyProviderConfig, createWasmKeyProvider, defaultSignStrategy, deserializeDelegation, serializeDelegation };
+export { type DelegateToOptions, type DelegateToResult, DelegatedAccess, FileSessionStorage, MemorySessionStorage, type NodeEventEmitterStrategy, NodeUserAuthorization, type NodeUserAuthorizationConfig, type PortableDelegation, type SignStrategy, TinyCloudNode, type TinyCloudNodeConfig, WasmKeyProvider, type WasmKeyProviderConfig, createWasmKeyProvider, defaultSignStrategy, deserializeDelegation, serializeDelegation };

package/dist/core.d.ts

@@ -1,5 +1,5 @@
-import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, ClientSession, TinyCloudSession, Extension, Delegation, IKVService, ISQLService, IDuckDbService, IHooksService, INotificationHandler, IENSResolver, IDataVaultService, ICapabilityKeyRegistry, DelegationManager, ISpaceService, ISharingService, CreateDelegationParams, DelegationResult, KeyProvider, ISessionManager, JWK } from '@tinycloud/sdk-core';
-export { AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, CallbackStrategy, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, CreateDelegationParams, DataVaultConfig, DataVaultService, DatabaseHandle, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, EncodedShareData, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IngestOptions, InvokeFunction, JWK, KVResponse, KVService, KVServiceConfig, KeyInfo, KeyProvider, KeyType, PersistedSessionData, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, ReceiveOptions, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, ServiceContext, ServiceContextConfig, ServiceSession, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignRequest, SignResponse, SilentNotificationHandler, Space, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, TableInfo, TinyCloud, TinyCloudConfig, TinyCloudSession, UnsupportedFeatureError, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VersionCheckError, ViewInfo, WasmVaultFunctions, buildSpaceUri, checkNodeInfo, createCapabilityKeyRegistry, createSharingService, createSpaceService, createVaultCrypto, defaultSpaceCreationHandler, makePublicSpaceId, parseSpaceUri } from '@tinycloud/sdk-core';
+import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, Manifest, ClientSession, TinyCloudSession, Extension, Delegation, DelegatedResource, IKVService, ISQLService, IDuckDbService, IHooksService, INotificationHandler, IENSResolver, IDataVaultService, ICapabilityKeyRegistry, DelegationManager, ISpaceService, ISharingService, CreateDelegationParams, DelegationResult, PermissionEntry, KeyProvider, ISessionManager, JWK } from '@tinycloud/sdk-core';
+export { AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, CallbackStrategy, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, CreateDelegationParams, DataVaultConfig, DataVaultService, DatabaseHandle, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, EncodedShareData, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IngestOptions, InvokeFunction, JWK, KVResponse, KVService, KVServiceConfig, KeyInfo, KeyProvider, KeyType, Manifest, ManifestDefaults, ManifestDelegation, ManifestValidationError, PermissionEntry, PermissionNotInManifestError, PersistedSessionData, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, ReceiveOptions, ResolvedCapabilities, ResolvedDelegate, ResourceCapability, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, ServiceContext, ServiceContextConfig, ServiceSession, SessionExpiredError, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignRequest, SignResponse, SilentNotificationHandler, Space, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, TableInfo, TinyCloud, TinyCloudConfig, TinyCloudSession, UnsupportedFeatureError, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VersionCheckError, ViewInfo, WasmVaultFunctions, buildSpaceUri, checkNodeInfo, createCapabilityKeyRegistry, createSharingService, createSpaceService, createVaultCrypto, defaultSpaceCreationHandler, expandActionShortNames, isCapabilitySubset, loadManifest, makePublicSpaceId, parseExpiry, parseSpaceUri, resolveManifest, validateManifest } from '@tinycloud/sdk-core';
 import { EventEmitter } from 'events';
 import { InvokeFunction } from '@tinycloud/sdk-services';
 
@@ -203,6 +203,25 @@ interface NodeUserAuthorizationConfig {
     nonce?: string;
     /** Optional SIWE configuration overrides (e.g., nonce for server-provided nonces) */
     siweConfig?: SiweConfig;
+    /**
+     * App manifest used to drive the SIWE recap at sign-in.
+     *
+     * When set, `signIn` resolves the manifest (via
+     * {@link resolveManifest}), unions the app's own permissions with
+     * every `delegations[*].permissions` list, converts to the WASM
+     * abilities shape, and uses that map as the session's granted
+     * capabilities — *instead* of `defaultActions`.
+     *
+     * This is what makes manifest-declared pre-delegations usable: the
+     * session key's recap covers both the app's runtime needs and the
+     * downstream delegation targets, so `delegateTo` can issue the
+     * sub-delegation via the session-key UCAN path without a wallet
+     * prompt.
+     *
+     * When omitted, `signIn` falls back to `defaultActions` for
+     * backwards compatibility.
+     */
+    manifest?: Manifest;
 }
 /**
  * Node.js implementation of IUserAuthorization.
@@ -253,6 +272,12 @@ declare class NodeUserAuthorization implements IUserAuthorization {
     private readonly nonce?;
     private readonly siweConfig?;
     private readonly wasm;
+    /**
+     * Stored manifest, if one was provided at construction time. Used by
+     * {@link signIn} to derive the session's granted capabilities instead
+     * of falling back to {@link defaultActions}.
+     */
+    private _manifest?;
     private sessionManager;
     private extensions;
     private _session?;
@@ -261,6 +286,18 @@ declare class NodeUserAuthorization implements IUserAuthorization {
     private _chainId?;
     private _nodeFeatures;
     constructor(config: NodeUserAuthorizationConfig);
+    /**
+     * Return the manifest currently driving sign-in behavior, or
+     * `undefined` if none is set. Used by TinyCloudWeb/TinyCloudNode
+     * internals to surface the manifest for requestPermissions flows
+     * without forcing the caller to track it separately.
+     */
+    get manifest(): Manifest | undefined;
+    /**
+     * Install or replace the stored manifest. Takes effect on the next
+     * `signIn()` call — the current session (if any) is not touched.
+     */
+    setManifest(manifest: Manifest | undefined): void;
     /**
      * The current active session (web-core compatible).
      */
@@ -271,6 +308,33 @@ declare class NodeUserAuthorization implements IUserAuthorization {
      */
     get tinyCloudSession(): TinyCloudSession | undefined;
     get nodeFeatures(): string[];
+    /**
+     * Compute the `abilities` map the WASM `prepareSession` call should
+     * see at sign-in time.
+     *
+     * When a manifest is installed, we resolve it and union together:
+     * - the app's own `resources` (what it needs at runtime)
+     * - every `additionalDelegates[*].permissions` list (what it will
+     *   re-delegate to other DIDs post sign-in)
+     *
+     * into the short-service / path / full-URN-actions shape the WASM
+     * layer expects. This is the key invariant that lets
+     * {@link TinyCloudNode.delegateTo} issue manifest-declared
+     * delegations via the session key (no wallet prompt): the session's
+     * own recap already covers every action those delegations need.
+     *
+     * When no manifest is installed, we fall back to the
+     * {@link defaultActions} table so existing callers see no change.
+     *
+     * This is a pure function of `this._manifest` + `this.defaultActions`
+     * — the manifest resolution performs no I/O and throws a
+     * {@link ManifestValidationError} on structural problems (missing
+     * id/name, unparseable expiry, etc), which will surface at sign-in
+     * rather than being silently swallowed.
+     *
+     * @internal
+     */
+    private resolveSignInAbilities;
     /**
      * Build SIWE overrides from the top-level nonce and siweConfig.
      * - Top-level `nonce` is seeded first so `siweConfig.nonce` wins if both are set.
@@ -404,6 +468,12 @@ declare class NodeUserAuthorization implements IUserAuthorization {
  * - `ownerAddress`: Space owner's address for session creation
  * - `chainId`: Chain ID for session creation
  * - `host`: Optional server URL
+ * - `resources`: Multi-resource grant breakdown (present when the
+ *   delegation was issued via the multi-resource WASM path, i.e. one
+ *   UCAN covering multiple `(service, path, actions)` entries). The
+ *   flat `path` + `actions` fields mirror the first entry for
+ *   single-resource callers; consumers that need the full picture
+ *   read `resources`.
  */
 interface PortableDelegation extends Omit<Delegation, "isRevoked"> {
     /** The authorization header for this delegation (structured format) */
@@ -420,6 +490,14 @@ interface PortableDelegation extends Omit<Delegation, "isRevoked"> {
     disableSubDelegation?: boolean;
     /** Companion delegation for the user's public space (auto-created when includePublicSpace is true) */
     publicDelegation?: PortableDelegation;
+    /**
+     * Full multi-resource grant breakdown. Present when the delegation
+     * was issued via the multi-resource WASM path; each entry describes
+     * one `(service, space, path, actions)` grant carried by the single
+     * underlying UCAN. When absent, only the flat `path` + `actions`
+     * fields are authoritative (legacy single-resource shape).
+     */
+    resources?: DelegatedResource[];
 }
 /**
  * Serialize a PortableDelegation for transport (e.g., over network).
@@ -549,6 +627,51 @@ interface TinyCloudNodeConfig {
     nonce?: string;
     /** Optional SIWE configuration overrides (e.g., nonce for server-provided nonces) */
     siweConfig?: SiweConfig;
+    /**
+     * App manifest driving the SIWE recap at sign-in.
+     *
+     * When set, `signIn()` resolves the manifest, unions the app's own
+     * permissions with every manifest-declared delegation's permissions,
+     * and uses that union as the session's granted capabilities — NOT
+     * the legacy `defaultActions` table. This is what makes
+     * `delegateTo(manifestDeclaredDid, permissions)` work without a
+     * wallet prompt: the session key's recap already covers the
+     * delegation target's needs at sign-in time.
+     *
+     * When omitted, `signIn()` falls back to `defaultActions` for
+     * backwards compatibility with callers that pre-date the manifest
+     * flow.
+     */
+    manifest?: Manifest;
+}
+/**
+ * Options for {@link TinyCloudNode.delegateTo}.
+ *
+ * `expiry` accepts either an ms-format duration string (e.g. `"7d"`, `"1h"`)
+ * or a raw number of milliseconds. When omitted, the default is 1 hour.
+ *
+ * `forceWalletSign` bypasses the derivability check and sends the
+ * delegation through the legacy wallet-signed SIWE path, which always
+ * triggers a wallet prompt. Used for testing, for explicit wallet
+ * confirmation flows, and by the legacy `createDelegation` fallback.
+ */
+interface DelegateToOptions {
+    /** Override expiry. ms-format string ("7d", "1h") or raw milliseconds. */
+    expiry?: string | number;
+    /** Force the wallet-signed SIWE path even if the caps are derivable. Default false. */
+    forceWalletSign?: boolean;
+}
+/**
+ * Result of {@link TinyCloudNode.delegateTo}.
+ *
+ * `prompted` indicates whether a wallet prompt was shown — `true` for the
+ * legacy wallet path (always), `false` for the session-key UCAN path (never).
+ * Callers wiring single-prompt sign-in flows use this to assert that their
+ * capability chain was derivable.
+ */
+interface DelegateToResult {
+    delegation: PortableDelegation;
+    prompted: boolean;
 }
 /**
  * High-level TinyCloud API for Node.js environments.
@@ -625,6 +748,19 @@ declare class TinyCloudNode {
      * @internal
      */
     private setupAuth;
+    /**
+     * Install or replace the manifest that drives the SIWE recap at
+     * sign-in. Takes effect on the next `signIn()` call — the current
+     * session (if any) is not touched. Wire this up from a higher
+     * layer (e.g. TinyCloudWeb.setManifest) so the manifest is kept
+     * in sync across the stack.
+     */
+    setManifest(manifest: Manifest | undefined): void;
+    /**
+     * Return the manifest currently installed on the auth handler,
+     * or `undefined` if none is set.
+     */
+    get manifest(): Manifest | undefined;
     /**
      * Get the primary identity DID for this user.
      * - If wallet connected and signed in: returns PKH DID (did:pkh:eip155:{chainId}:{address})
@@ -749,7 +885,19 @@ declare class TinyCloudNode {
     private getSessionExpiry;
     /**
      * Wrapper for the WASM createDelegation function.
-     * Adapts the WASM interface to what SharingService expects.
+     *
+     * The WASM call now takes a multi-resource `abilities` map
+     * (matching `prepareSession`'s shape) and emits ONE UCAN that
+     * covers every `(service, path, actions)` entry. We mirror the raw
+     * result back through `CreateDelegationWasmResult`, converting the
+     * seconds-since-epoch `expiry` to a Date and normalizing the
+     * `delegateDid` → `delegateDID` case.
+     *
+     * Both SharingService (single-entry) and
+     * {@link TinyCloudNode.delegateTo} (multi-entry) drive this through
+     * the same code path so there's exactly one place that touches the
+     * WASM boundary.
+     *
      * @internal
      */
     private createDelegationWrapper;
@@ -977,6 +1125,78 @@ declare class TinyCloudNode {
      * @returns Result containing boolean permission status
      */
     checkPermission(path: string, action: string): Promise<DelegationResult<boolean>>;
+    /**
+     * Safety margin before the session's own expiry at which {@link delegateTo}
+     * will refuse to issue a derived delegation. Prevents issuing sub-delegations
+     * that would be invalid by the time the recipient used them. Spec: 60 seconds.
+     *
+     * @internal
+     */
+    private static readonly SESSION_EXPIRY_SAFETY_MARGIN_MS;
+    /**
+     * Issue a delegation using the capability-chain flow.
+     *
+     * When every requested permission is a subset of the current
+     * session's recap, the delegation is signed by the session key via
+     * WASM — no wallet prompt. When at least one is NOT derivable, a
+     * {@link PermissionNotInManifestError} is raised (carrying the
+     * missing entries) so the caller can trigger an escalation flow
+     * (e.g. `TinyCloudWeb.requestPermissions`). Passing
+     * `forceWalletSign: true` bypasses the derivability check and
+     * always uses the wallet-signed SIWE path — used by the legacy
+     * `createDelegation` fallback and by callers that want explicit
+     * wallet confirmation.
+     *
+     * Multi-entry delegations are now emitted as **one** signed UCAN:
+     * the underlying WASM `createDelegation` takes a full
+     * `HashMap<Service, HashMap<Path, Vec<Ability>>>` abilities map
+     * and produces a single attenuation carrying every
+     * `(service, path, actions)` entry. The returned
+     * {@link DelegateToResult.delegation} is that single blob, and
+     * apps can POST it to their backend exactly like a single-entry
+     * delegation (the server verifies all granted resources from one
+     * UCAN).
+     *
+     * For single-entry requests the `PortableDelegation.path` and
+     * `.actions` fields mirror the one granted entry. For
+     * multi-entry requests they mirror the **first** entry (stable
+     * lexicographic order from the Rust side); consumers that need
+     * the full picture read `PortableDelegation.resources`.
+     *
+     * @throws {@link SessionExpiredError} when there is no session or
+     *   the current session has expired (or will within the 60s
+     *   safety margin).
+     * @throws {@link PermissionNotInManifestError} when any requested
+     *   entry is not a subset of the granted session capabilities and
+     *   `forceWalletSign` is not set.
+     */
+    delegateTo(did: string, permissions: PermissionEntry[], options?: DelegateToOptions): Promise<DelegateToResult>;
+    /**
+     * Issue a delegation via the session-key UCAN WASM path.
+     *
+     * The caller has already verified every entry is derivable from
+     * the current session; we build one multi-resource abilities map
+     * and emit one signed UCAN covering them all.
+     *
+     * All entries must share the same target space (the UCAN is
+     * scoped to a single space). If they don't, this throws — mixing
+     * spaces in a single delegation is not supported by the underlying
+     * Rust create_delegation call and the resulting UCAN would be
+     * under-specified.
+     *
+     * @internal
+     */
+    private createDelegationViaWasmPath;
+    /**
+     * Issue a delegation via the legacy wallet-signed SIWE path for a single
+     * {@link PermissionEntry}. Shares the implementation with the public
+     * `createDelegation` method via {@link createDelegationWalletPath} so
+     * both entry points hit exactly the same SIWE / signer / public-space
+     * logic without mutual recursion.
+     *
+     * @internal
+     */
+    private createDelegationLegacyWalletPath;
     /**
      * Create a delegation from this user to another user.
      *
@@ -1002,6 +1222,14 @@ declare class TinyCloudNode {
         /** Include a companion delegation for the user's public space (default: true) */
         includePublicSpace?: boolean;
     }): Promise<PortableDelegation>;
+    /**
+     * Legacy wallet-signed SIWE delegation path. Lifted from the original
+     * `createDelegation` body verbatim so both the legacy public method and
+     * `delegateTo({ forceWalletSign: true })` hit the same code.
+     *
+     * @internal
+     */
+    private createDelegationWalletPath;
     /**
      * Use a delegation received from another user.
      *
@@ -1148,4 +1376,4 @@ declare class WasmKeyProvider implements KeyProvider {
  */
 declare function createWasmKeyProvider(sessionManager: SessionManagerWithListing): WasmKeyProvider;
 
-export { DelegatedAccess, FileSessionStorage, MemorySessionStorage, type NodeEventEmitterStrategy, NodeUserAuthorization, type NodeUserAuthorizationConfig, type PortableDelegation, type SignStrategy, TinyCloudNode, type TinyCloudNodeConfig, WasmKeyProvider, type WasmKeyProviderConfig, createWasmKeyProvider, defaultSignStrategy, deserializeDelegation, serializeDelegation };
+export { type DelegateToOptions, type DelegateToResult, DelegatedAccess, FileSessionStorage, MemorySessionStorage, type NodeEventEmitterStrategy, NodeUserAuthorization, type NodeUserAuthorizationConfig, type PortableDelegation, type SignStrategy, TinyCloudNode, type TinyCloudNodeConfig, WasmKeyProvider, type WasmKeyProviderConfig, createWasmKeyProvider, defaultSignStrategy, deserializeDelegation, serializeDelegation };