@tinycloud/node-sdk 2.1.0-beta.1 → 2.1.0-beta.3

package/dist/core.d.cts

@@ -1,4 +1,4 @@
-import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, ClientSession, TinyCloudSession, Extension, Delegation, IKVService, ISQLService, IDuckDbService, IHooksService, INotificationHandler, IENSResolver, IDataVaultService, ICapabilityKeyRegistry, DelegationManager, ISpaceService, ISharingService, CreateDelegationParams, DelegationResult, PermissionEntry, KeyProvider, ISessionManager, JWK } from '@tinycloud/sdk-core';
+import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, Manifest, ClientSession, TinyCloudSession, Extension, Delegation, DelegatedResource, IKVService, ISQLService, IDuckDbService, IHooksService, INotificationHandler, IENSResolver, IDataVaultService, ICapabilityKeyRegistry, DelegationManager, ISpaceService, ISharingService, CreateDelegationParams, DelegationResult, PermissionEntry, KeyProvider, ISessionManager, JWK } from '@tinycloud/sdk-core';
 export { AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, CallbackStrategy, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, CreateDelegationParams, DataVaultConfig, DataVaultService, DatabaseHandle, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, EncodedShareData, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IngestOptions, InvokeFunction, JWK, KVResponse, KVService, KVServiceConfig, KeyInfo, KeyProvider, KeyType, Manifest, ManifestDefaults, ManifestDelegation, ManifestValidationError, PermissionEntry, PermissionNotInManifestError, PersistedSessionData, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, ReceiveOptions, ResolvedCapabilities, ResolvedDelegate, ResourceCapability, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, ServiceContext, ServiceContextConfig, ServiceSession, SessionExpiredError, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignRequest, SignResponse, SilentNotificationHandler, Space, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, TableInfo, TinyCloud, TinyCloudConfig, TinyCloudSession, UnsupportedFeatureError, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VersionCheckError, ViewInfo, WasmVaultFunctions, buildSpaceUri, checkNodeInfo, createCapabilityKeyRegistry, createSharingService, createSpaceService, createVaultCrypto, defaultSpaceCreationHandler, expandActionShortNames, isCapabilitySubset, loadManifest, makePublicSpaceId, parseExpiry, parseSpaceUri, resolveManifest, validateManifest } from '@tinycloud/sdk-core';
 import { EventEmitter } from 'events';
 import { InvokeFunction } from '@tinycloud/sdk-services';
@@ -203,6 +203,25 @@ interface NodeUserAuthorizationConfig {
     nonce?: string;
     /** Optional SIWE configuration overrides (e.g., nonce for server-provided nonces) */
     siweConfig?: SiweConfig;
+    /**
+     * App manifest used to drive the SIWE recap at sign-in.
+     *
+     * When set, `signIn` resolves the manifest (via
+     * {@link resolveManifest}), unions the app's own permissions with
+     * every `delegations[*].permissions` list, converts to the WASM
+     * abilities shape, and uses that map as the session's granted
+     * capabilities — *instead* of `defaultActions`.
+     *
+     * This is what makes manifest-declared pre-delegations usable: the
+     * session key's recap covers both the app's runtime needs and the
+     * downstream delegation targets, so `delegateTo` can issue the
+     * sub-delegation via the session-key UCAN path without a wallet
+     * prompt.
+     *
+     * When omitted, `signIn` falls back to `defaultActions` for
+     * backwards compatibility.
+     */
+    manifest?: Manifest;
 }
 /**
  * Node.js implementation of IUserAuthorization.
@@ -253,6 +272,12 @@ declare class NodeUserAuthorization implements IUserAuthorization {
     private readonly nonce?;
     private readonly siweConfig?;
     private readonly wasm;
+    /**
+     * Stored manifest, if one was provided at construction time. Used by
+     * {@link signIn} to derive the session's granted capabilities instead
+     * of falling back to {@link defaultActions}.
+     */
+    private _manifest?;
     private sessionManager;
     private extensions;
     private _session?;
@@ -261,6 +286,18 @@ declare class NodeUserAuthorization implements IUserAuthorization {
     private _chainId?;
     private _nodeFeatures;
     constructor(config: NodeUserAuthorizationConfig);
+    /**
+     * Return the manifest currently driving sign-in behavior, or
+     * `undefined` if none is set. Used by TinyCloudWeb/TinyCloudNode
+     * internals to surface the manifest for requestPermissions flows
+     * without forcing the caller to track it separately.
+     */
+    get manifest(): Manifest | undefined;
+    /**
+     * Install or replace the stored manifest. Takes effect on the next
+     * `signIn()` call — the current session (if any) is not touched.
+     */
+    setManifest(manifest: Manifest | undefined): void;
     /**
      * The current active session (web-core compatible).
      */
@@ -271,6 +308,33 @@ declare class NodeUserAuthorization implements IUserAuthorization {
      */
     get tinyCloudSession(): TinyCloudSession | undefined;
     get nodeFeatures(): string[];
+    /**
+     * Compute the `abilities` map the WASM `prepareSession` call should
+     * see at sign-in time.
+     *
+     * When a manifest is installed, we resolve it and union together:
+     * - the app's own `resources` (what it needs at runtime)
+     * - every `additionalDelegates[*].permissions` list (what it will
+     *   re-delegate to other DIDs post sign-in)
+     *
+     * into the short-service / path / full-URN-actions shape the WASM
+     * layer expects. This is the key invariant that lets
+     * {@link TinyCloudNode.delegateTo} issue manifest-declared
+     * delegations via the session key (no wallet prompt): the session's
+     * own recap already covers every action those delegations need.
+     *
+     * When no manifest is installed, we fall back to the
+     * {@link defaultActions} table so existing callers see no change.
+     *
+     * This is a pure function of `this._manifest` + `this.defaultActions`
+     * — the manifest resolution performs no I/O and throws a
+     * {@link ManifestValidationError} on structural problems (missing
+     * id/name, unparseable expiry, etc), which will surface at sign-in
+     * rather than being silently swallowed.
+     *
+     * @internal
+     */
+    private resolveSignInAbilities;
     /**
      * Build SIWE overrides from the top-level nonce and siweConfig.
      * - Top-level `nonce` is seeded first so `siweConfig.nonce` wins if both are set.
@@ -404,6 +468,12 @@ declare class NodeUserAuthorization implements IUserAuthorization {
  * - `ownerAddress`: Space owner's address for session creation
  * - `chainId`: Chain ID for session creation
  * - `host`: Optional server URL
+ * - `resources`: Multi-resource grant breakdown (present when the
+ *   delegation was issued via the multi-resource WASM path, i.e. one
+ *   UCAN covering multiple `(service, path, actions)` entries). The
+ *   flat `path` + `actions` fields mirror the first entry for
+ *   single-resource callers; consumers that need the full picture
+ *   read `resources`.
  */
 interface PortableDelegation extends Omit<Delegation, "isRevoked"> {
     /** The authorization header for this delegation (structured format) */
@@ -420,6 +490,14 @@ interface PortableDelegation extends Omit<Delegation, "isRevoked"> {
     disableSubDelegation?: boolean;
     /** Companion delegation for the user's public space (auto-created when includePublicSpace is true) */
     publicDelegation?: PortableDelegation;
+    /**
+     * Full multi-resource grant breakdown. Present when the delegation
+     * was issued via the multi-resource WASM path; each entry describes
+     * one `(service, space, path, actions)` grant carried by the single
+     * underlying UCAN. When absent, only the flat `path` + `actions`
+     * fields are authoritative (legacy single-resource shape).
+     */
+    resources?: DelegatedResource[];
 }
 /**
  * Serialize a PortableDelegation for transport (e.g., over network).
@@ -549,6 +627,22 @@ interface TinyCloudNodeConfig {
     nonce?: string;
     /** Optional SIWE configuration overrides (e.g., nonce for server-provided nonces) */
     siweConfig?: SiweConfig;
+    /**
+     * App manifest driving the SIWE recap at sign-in.
+     *
+     * When set, `signIn()` resolves the manifest, unions the app's own
+     * permissions with every manifest-declared delegation's permissions,
+     * and uses that union as the session's granted capabilities — NOT
+     * the legacy `defaultActions` table. This is what makes
+     * `delegateTo(manifestDeclaredDid, permissions)` work without a
+     * wallet prompt: the session key's recap already covers the
+     * delegation target's needs at sign-in time.
+     *
+     * When omitted, `signIn()` falls back to `defaultActions` for
+     * backwards compatibility with callers that pre-date the manifest
+     * flow.
+     */
+    manifest?: Manifest;
 }
 /**
  * Options for {@link TinyCloudNode.delegateTo}.
@@ -654,6 +748,19 @@ declare class TinyCloudNode {
      * @internal
      */
     private setupAuth;
+    /**
+     * Install or replace the manifest that drives the SIWE recap at
+     * sign-in. Takes effect on the next `signIn()` call — the current
+     * session (if any) is not touched. Wire this up from a higher
+     * layer (e.g. TinyCloudWeb.setManifest) so the manifest is kept
+     * in sync across the stack.
+     */
+    setManifest(manifest: Manifest | undefined): void;
+    /**
+     * Return the manifest currently installed on the auth handler,
+     * or `undefined` if none is set.
+     */
+    get manifest(): Manifest | undefined;
     /**
      * Get the primary identity DID for this user.
      * - If wallet connected and signed in: returns PKH DID (did:pkh:eip155:{chainId}:{address})
@@ -778,7 +885,19 @@ declare class TinyCloudNode {
     private getSessionExpiry;
     /**
      * Wrapper for the WASM createDelegation function.
-     * Adapts the WASM interface to what SharingService expects.
+     *
+     * The WASM call now takes a multi-resource `abilities` map
+     * (matching `prepareSession`'s shape) and emits ONE UCAN that
+     * covers every `(service, path, actions)` entry. We mirror the raw
+     * result back through `CreateDelegationWasmResult`, converting the
+     * seconds-since-epoch `expiry` to a Date and normalizing the
+     * `delegateDid` → `delegateDID` case.
+     *
+     * Both SharingService (single-entry) and
+     * {@link TinyCloudNode.delegateTo} (multi-entry) drive this through
+     * the same code path so there's exactly one place that touches the
+     * WASM boundary.
+     *
      * @internal
      */
     private createDelegationWrapper;
@@ -1017,33 +1136,53 @@ declare class TinyCloudNode {
     /**
      * Issue a delegation using the capability-chain flow.
      *
-     * When the requested permissions are a subset of the current session's
-     * recap, the delegation is signed by the session key via WASM — no wallet
-     * prompt. When they are not, a {@link PermissionNotInManifestError} is
-     * raised so the caller can trigger an escalation flow (e.g.
-     * `TinyCloudWeb.requestPermissions`). Passing `forceWalletSign: true`
-     * bypasses the derivability check and always uses the wallet-signed SIWE
-     * path — used by the legacy `createDelegation` fallback and by callers
-     * that want explicit wallet confirmation.
-     *
-     * Current limitation: exactly one {@link PermissionEntry} per call. For
-     * multi-resource delegation, call `delegateTo` multiple times. This keeps
-     * each delegation a single `(spaceId, path)` grant, which matches the
-     * underlying `PortableDelegation` shape.
-     *
-     * @throws {@link SessionExpiredError} when there is no session or the
-     *   current session has expired (or will within the 60s safety margin).
-     * @throws {@link PermissionNotInManifestError} when the requested entries
-     *   are not a subset of the granted session capabilities and
+     * When every requested permission is a subset of the current
+     * session's recap, the delegation is signed by the session key via
+     * WASM — no wallet prompt. When at least one is NOT derivable, a
+     * {@link PermissionNotInManifestError} is raised (carrying the
+     * missing entries) so the caller can trigger an escalation flow
+     * (e.g. `TinyCloudWeb.requestPermissions`). Passing
+     * `forceWalletSign: true` bypasses the derivability check and
+     * always uses the wallet-signed SIWE path — used by the legacy
+     * `createDelegation` fallback and by callers that want explicit
+     * wallet confirmation.
+     *
+     * Multi-entry delegations are now emitted as **one** signed UCAN:
+     * the underlying WASM `createDelegation` takes a full
+     * `HashMap<Service, HashMap<Path, Vec<Ability>>>` abilities map
+     * and produces a single attenuation carrying every
+     * `(service, path, actions)` entry. The returned
+     * {@link DelegateToResult.delegation} is that single blob, and
+     * apps can POST it to their backend exactly like a single-entry
+     * delegation (the server verifies all granted resources from one
+     * UCAN).
+     *
+     * For single-entry requests the `PortableDelegation.path` and
+     * `.actions` fields mirror the one granted entry. For
+     * multi-entry requests they mirror the **first** entry (stable
+     * lexicographic order from the Rust side); consumers that need
+     * the full picture read `PortableDelegation.resources`.
+     *
+     * @throws {@link SessionExpiredError} when there is no session or
+     *   the current session has expired (or will within the 60s
+     *   safety margin).
+     * @throws {@link PermissionNotInManifestError} when any requested
+     *   entry is not a subset of the granted session capabilities and
      *   `forceWalletSign` is not set.
      */
     delegateTo(did: string, permissions: PermissionEntry[], options?: DelegateToOptions): Promise<DelegateToResult>;
     /**
      * Issue a delegation via the session-key UCAN WASM path.
      *
-     * The caller has already verified the request is derivable from the
-     * current session; we just need to shape the inputs for
-     * {@link createDelegationWrapper}.
+     * The caller has already verified every entry is derivable from
+     * the current session; we build one multi-resource abilities map
+     * and emit one signed UCAN covering them all.
+     *
+     * All entries must share the same target space (the UCAN is
+     * scoped to a single space). If they don't, this throws — mixing
+     * spaces in a single delegation is not supported by the underlying
+     * Rust create_delegation call and the resulting UCAN would be
+     * under-specified.
      *
      * @internal
      */

package/dist/core.d.ts

@@ -1,4 +1,4 @@
-import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, ClientSession, TinyCloudSession, Extension, Delegation, IKVService, ISQLService, IDuckDbService, IHooksService, INotificationHandler, IENSResolver, IDataVaultService, ICapabilityKeyRegistry, DelegationManager, ISpaceService, ISharingService, CreateDelegationParams, DelegationResult, PermissionEntry, KeyProvider, ISessionManager, JWK } from '@tinycloud/sdk-core';
+import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, Manifest, ClientSession, TinyCloudSession, Extension, Delegation, DelegatedResource, IKVService, ISQLService, IDuckDbService, IHooksService, INotificationHandler, IENSResolver, IDataVaultService, ICapabilityKeyRegistry, DelegationManager, ISpaceService, ISharingService, CreateDelegationParams, DelegationResult, PermissionEntry, KeyProvider, ISessionManager, JWK } from '@tinycloud/sdk-core';
 export { AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, CallbackStrategy, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, CreateDelegationParams, DataVaultConfig, DataVaultService, DatabaseHandle, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, EncodedShareData, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IngestOptions, InvokeFunction, JWK, KVResponse, KVService, KVServiceConfig, KeyInfo, KeyProvider, KeyType, Manifest, ManifestDefaults, ManifestDelegation, ManifestValidationError, PermissionEntry, PermissionNotInManifestError, PersistedSessionData, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, ReceiveOptions, ResolvedCapabilities, ResolvedDelegate, ResourceCapability, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, ServiceContext, ServiceContextConfig, ServiceSession, SessionExpiredError, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignRequest, SignResponse, SilentNotificationHandler, Space, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, TableInfo, TinyCloud, TinyCloudConfig, TinyCloudSession, UnsupportedFeatureError, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VersionCheckError, ViewInfo, WasmVaultFunctions, buildSpaceUri, checkNodeInfo, createCapabilityKeyRegistry, createSharingService, createSpaceService, createVaultCrypto, defaultSpaceCreationHandler, expandActionShortNames, isCapabilitySubset, loadManifest, makePublicSpaceId, parseExpiry, parseSpaceUri, resolveManifest, validateManifest } from '@tinycloud/sdk-core';
 import { EventEmitter } from 'events';
 import { InvokeFunction } from '@tinycloud/sdk-services';
@@ -203,6 +203,25 @@ interface NodeUserAuthorizationConfig {
     nonce?: string;
     /** Optional SIWE configuration overrides (e.g., nonce for server-provided nonces) */
     siweConfig?: SiweConfig;
+    /**
+     * App manifest used to drive the SIWE recap at sign-in.
+     *
+     * When set, `signIn` resolves the manifest (via
+     * {@link resolveManifest}), unions the app's own permissions with
+     * every `delegations[*].permissions` list, converts to the WASM
+     * abilities shape, and uses that map as the session's granted
+     * capabilities — *instead* of `defaultActions`.
+     *
+     * This is what makes manifest-declared pre-delegations usable: the
+     * session key's recap covers both the app's runtime needs and the
+     * downstream delegation targets, so `delegateTo` can issue the
+     * sub-delegation via the session-key UCAN path without a wallet
+     * prompt.
+     *
+     * When omitted, `signIn` falls back to `defaultActions` for
+     * backwards compatibility.
+     */
+    manifest?: Manifest;
 }
 /**
  * Node.js implementation of IUserAuthorization.
@@ -253,6 +272,12 @@ declare class NodeUserAuthorization implements IUserAuthorization {
     private readonly nonce?;
     private readonly siweConfig?;
     private readonly wasm;
+    /**
+     * Stored manifest, if one was provided at construction time. Used by
+     * {@link signIn} to derive the session's granted capabilities instead
+     * of falling back to {@link defaultActions}.
+     */
+    private _manifest?;
     private sessionManager;
     private extensions;
     private _session?;
@@ -261,6 +286,18 @@ declare class NodeUserAuthorization implements IUserAuthorization {
     private _chainId?;
     private _nodeFeatures;
     constructor(config: NodeUserAuthorizationConfig);
+    /**
+     * Return the manifest currently driving sign-in behavior, or
+     * `undefined` if none is set. Used by TinyCloudWeb/TinyCloudNode
+     * internals to surface the manifest for requestPermissions flows
+     * without forcing the caller to track it separately.
+     */
+    get manifest(): Manifest | undefined;
+    /**
+     * Install or replace the stored manifest. Takes effect on the next
+     * `signIn()` call — the current session (if any) is not touched.
+     */
+    setManifest(manifest: Manifest | undefined): void;
     /**
      * The current active session (web-core compatible).
      */
@@ -271,6 +308,33 @@ declare class NodeUserAuthorization implements IUserAuthorization {
      */
     get tinyCloudSession(): TinyCloudSession | undefined;
     get nodeFeatures(): string[];
+    /**
+     * Compute the `abilities` map the WASM `prepareSession` call should
+     * see at sign-in time.
+     *
+     * When a manifest is installed, we resolve it and union together:
+     * - the app's own `resources` (what it needs at runtime)
+     * - every `additionalDelegates[*].permissions` list (what it will
+     *   re-delegate to other DIDs post sign-in)
+     *
+     * into the short-service / path / full-URN-actions shape the WASM
+     * layer expects. This is the key invariant that lets
+     * {@link TinyCloudNode.delegateTo} issue manifest-declared
+     * delegations via the session key (no wallet prompt): the session's
+     * own recap already covers every action those delegations need.
+     *
+     * When no manifest is installed, we fall back to the
+     * {@link defaultActions} table so existing callers see no change.
+     *
+     * This is a pure function of `this._manifest` + `this.defaultActions`
+     * — the manifest resolution performs no I/O and throws a
+     * {@link ManifestValidationError} on structural problems (missing
+     * id/name, unparseable expiry, etc), which will surface at sign-in
+     * rather than being silently swallowed.
+     *
+     * @internal
+     */
+    private resolveSignInAbilities;
     /**
      * Build SIWE overrides from the top-level nonce and siweConfig.
      * - Top-level `nonce` is seeded first so `siweConfig.nonce` wins if both are set.
@@ -404,6 +468,12 @@ declare class NodeUserAuthorization implements IUserAuthorization {
  * - `ownerAddress`: Space owner's address for session creation
  * - `chainId`: Chain ID for session creation
  * - `host`: Optional server URL
+ * - `resources`: Multi-resource grant breakdown (present when the
+ *   delegation was issued via the multi-resource WASM path, i.e. one
+ *   UCAN covering multiple `(service, path, actions)` entries). The
+ *   flat `path` + `actions` fields mirror the first entry for
+ *   single-resource callers; consumers that need the full picture
+ *   read `resources`.
  */
 interface PortableDelegation extends Omit<Delegation, "isRevoked"> {
     /** The authorization header for this delegation (structured format) */
@@ -420,6 +490,14 @@ interface PortableDelegation extends Omit<Delegation, "isRevoked"> {
     disableSubDelegation?: boolean;
     /** Companion delegation for the user's public space (auto-created when includePublicSpace is true) */
     publicDelegation?: PortableDelegation;
+    /**
+     * Full multi-resource grant breakdown. Present when the delegation
+     * was issued via the multi-resource WASM path; each entry describes
+     * one `(service, space, path, actions)` grant carried by the single
+     * underlying UCAN. When absent, only the flat `path` + `actions`
+     * fields are authoritative (legacy single-resource shape).
+     */
+    resources?: DelegatedResource[];
 }
 /**
  * Serialize a PortableDelegation for transport (e.g., over network).
@@ -549,6 +627,22 @@ interface TinyCloudNodeConfig {
     nonce?: string;
     /** Optional SIWE configuration overrides (e.g., nonce for server-provided nonces) */
     siweConfig?: SiweConfig;
+    /**
+     * App manifest driving the SIWE recap at sign-in.
+     *
+     * When set, `signIn()` resolves the manifest, unions the app's own
+     * permissions with every manifest-declared delegation's permissions,
+     * and uses that union as the session's granted capabilities — NOT
+     * the legacy `defaultActions` table. This is what makes
+     * `delegateTo(manifestDeclaredDid, permissions)` work without a
+     * wallet prompt: the session key's recap already covers the
+     * delegation target's needs at sign-in time.
+     *
+     * When omitted, `signIn()` falls back to `defaultActions` for
+     * backwards compatibility with callers that pre-date the manifest
+     * flow.
+     */
+    manifest?: Manifest;
 }
 /**
  * Options for {@link TinyCloudNode.delegateTo}.
@@ -654,6 +748,19 @@ declare class TinyCloudNode {
      * @internal
      */
     private setupAuth;
+    /**
+     * Install or replace the manifest that drives the SIWE recap at
+     * sign-in. Takes effect on the next `signIn()` call — the current
+     * session (if any) is not touched. Wire this up from a higher
+     * layer (e.g. TinyCloudWeb.setManifest) so the manifest is kept
+     * in sync across the stack.
+     */
+    setManifest(manifest: Manifest | undefined): void;
+    /**
+     * Return the manifest currently installed on the auth handler,
+     * or `undefined` if none is set.
+     */
+    get manifest(): Manifest | undefined;
     /**
      * Get the primary identity DID for this user.
      * - If wallet connected and signed in: returns PKH DID (did:pkh:eip155:{chainId}:{address})
@@ -778,7 +885,19 @@ declare class TinyCloudNode {
     private getSessionExpiry;
     /**
      * Wrapper for the WASM createDelegation function.
-     * Adapts the WASM interface to what SharingService expects.
+     *
+     * The WASM call now takes a multi-resource `abilities` map
+     * (matching `prepareSession`'s shape) and emits ONE UCAN that
+     * covers every `(service, path, actions)` entry. We mirror the raw
+     * result back through `CreateDelegationWasmResult`, converting the
+     * seconds-since-epoch `expiry` to a Date and normalizing the
+     * `delegateDid` → `delegateDID` case.
+     *
+     * Both SharingService (single-entry) and
+     * {@link TinyCloudNode.delegateTo} (multi-entry) drive this through
+     * the same code path so there's exactly one place that touches the
+     * WASM boundary.
+     *
      * @internal
      */
     private createDelegationWrapper;
@@ -1017,33 +1136,53 @@ declare class TinyCloudNode {
     /**
      * Issue a delegation using the capability-chain flow.
      *
-     * When the requested permissions are a subset of the current session's
-     * recap, the delegation is signed by the session key via WASM — no wallet
-     * prompt. When they are not, a {@link PermissionNotInManifestError} is
-     * raised so the caller can trigger an escalation flow (e.g.
-     * `TinyCloudWeb.requestPermissions`). Passing `forceWalletSign: true`
-     * bypasses the derivability check and always uses the wallet-signed SIWE
-     * path — used by the legacy `createDelegation` fallback and by callers
-     * that want explicit wallet confirmation.
-     *
-     * Current limitation: exactly one {@link PermissionEntry} per call. For
-     * multi-resource delegation, call `delegateTo` multiple times. This keeps
-     * each delegation a single `(spaceId, path)` grant, which matches the
-     * underlying `PortableDelegation` shape.
-     *
-     * @throws {@link SessionExpiredError} when there is no session or the
-     *   current session has expired (or will within the 60s safety margin).
-     * @throws {@link PermissionNotInManifestError} when the requested entries
-     *   are not a subset of the granted session capabilities and
+     * When every requested permission is a subset of the current
+     * session's recap, the delegation is signed by the session key via
+     * WASM — no wallet prompt. When at least one is NOT derivable, a
+     * {@link PermissionNotInManifestError} is raised (carrying the
+     * missing entries) so the caller can trigger an escalation flow
+     * (e.g. `TinyCloudWeb.requestPermissions`). Passing
+     * `forceWalletSign: true` bypasses the derivability check and
+     * always uses the wallet-signed SIWE path — used by the legacy
+     * `createDelegation` fallback and by callers that want explicit
+     * wallet confirmation.
+     *
+     * Multi-entry delegations are now emitted as **one** signed UCAN:
+     * the underlying WASM `createDelegation` takes a full
+     * `HashMap<Service, HashMap<Path, Vec<Ability>>>` abilities map
+     * and produces a single attenuation carrying every
+     * `(service, path, actions)` entry. The returned
+     * {@link DelegateToResult.delegation} is that single blob, and
+     * apps can POST it to their backend exactly like a single-entry
+     * delegation (the server verifies all granted resources from one
+     * UCAN).
+     *
+     * For single-entry requests the `PortableDelegation.path` and
+     * `.actions` fields mirror the one granted entry. For
+     * multi-entry requests they mirror the **first** entry (stable
+     * lexicographic order from the Rust side); consumers that need
+     * the full picture read `PortableDelegation.resources`.
+     *
+     * @throws {@link SessionExpiredError} when there is no session or
+     *   the current session has expired (or will within the 60s
+     *   safety margin).
+     * @throws {@link PermissionNotInManifestError} when any requested
+     *   entry is not a subset of the granted session capabilities and
      *   `forceWalletSign` is not set.
      */
     delegateTo(did: string, permissions: PermissionEntry[], options?: DelegateToOptions): Promise<DelegateToResult>;
     /**
      * Issue a delegation via the session-key UCAN WASM path.
      *
-     * The caller has already verified the request is derivable from the
-     * current session; we just need to shape the inputs for
-     * {@link createDelegationWrapper}.
+     * The caller has already verified every entry is derivable from
+     * the current session; we build one multi-resource abilities map
+     * and emit one signed UCAN covering them all.
+     *
+     * All entries must share the same target space (the UCAN is
+     * scoped to a single space). If they don't, this throws — mixing
+     * spaces in a single delegation is not supported by the underlying
+     * Rust create_delegation call and the resulting UCAN would be
+     * under-specified.
      *
      * @internal
      */