@tinycloud/node-sdk 2.1.0-beta.1 → 2.1.0-beta.3

package/dist/index.cjs

@@ -17327,8 +17327,25 @@ var NodeUserAuthorization = class {
     this.enablePublicSpace = config.enablePublicSpace ?? true;
     this.nonce = config.nonce;
     this.siweConfig = config.siweConfig;
+    this._manifest = config.manifest;
     this.sessionManager = this.wasm.createSessionManager();
   }
+  /**
+   * Return the manifest currently driving sign-in behavior, or
+   * `undefined` if none is set. Used by TinyCloudWeb/TinyCloudNode
+   * internals to surface the manifest for requestPermissions flows
+   * without forcing the caller to track it separately.
+   */
+  get manifest() {
+    return this._manifest;
+  }
+  /**
+   * Install or replace the stored manifest. Takes effect on the next
+   * `signIn()` call — the current session (if any) is not touched.
+   */
+  setManifest(manifest) {
+    this._manifest = manifest;
+  }
   /**
    * The current active session (web-core compatible).
    */
@@ -17345,6 +17362,39 @@ var NodeUserAuthorization = class {
   get nodeFeatures() {
     return this._nodeFeatures;
   }
+  /**
+   * Compute the `abilities` map the WASM `prepareSession` call should
+   * see at sign-in time.
+   *
+   * When a manifest is installed, we resolve it and union together:
+   * - the app's own `resources` (what it needs at runtime)
+   * - every `additionalDelegates[*].permissions` list (what it will
+   *   re-delegate to other DIDs post sign-in)
+   *
+   * into the short-service / path / full-URN-actions shape the WASM
+   * layer expects. This is the key invariant that lets
+   * {@link TinyCloudNode.delegateTo} issue manifest-declared
+   * delegations via the session key (no wallet prompt): the session's
+   * own recap already covers every action those delegations need.
+   *
+   * When no manifest is installed, we fall back to the
+   * {@link defaultActions} table so existing callers see no change.
+   *
+   * This is a pure function of `this._manifest` + `this.defaultActions`
+   * — the manifest resolution performs no I/O and throws a
+   * {@link ManifestValidationError} on structural problems (missing
+   * id/name, unparseable expiry, etc), which will surface at sign-in
+   * rather than being silently swallowed.
+   *
+   * @internal
+   */
+  resolveSignInAbilities() {
+    if (this._manifest === void 0) {
+      return this.defaultActions;
+    }
+    const resolved = (0, import_sdk_core.resolveManifest)(this._manifest);
+    return (0, import_sdk_core.manifestAbilitiesUnion)(resolved);
+  }
   /**
    * Build SIWE overrides from the top-level nonce and siweConfig.
    * - Top-level `nonce` is seeded first so `siweConfig.nonce` wins if both are set.
@@ -17548,7 +17598,7 @@ var NodeUserAuthorization = class {
     const now = /* @__PURE__ */ new Date();
     const expirationTime = new Date(now.getTime() + this.sessionExpirationMs);
     const prepared = this.wasm.prepareSession({
-      abilities: this.defaultActions,
+      abilities: this.resolveSignInAbilities(),
       address,
       chainId,
       domain: this.domain,
@@ -17691,7 +17741,7 @@ var NodeUserAuthorization = class {
     const now = /* @__PURE__ */ new Date();
     const expirationTime = new Date(now.getTime() + this.sessionExpirationMs);
     const prepared = this.wasm.prepareSession({
-      abilities: this.defaultActions,
+      abilities: this.resolveSignInAbilities(),
       address,
       chainId,
       domain: this.domain,
@@ -18197,12 +18247,35 @@ var _TinyCloudNode = class _TinyCloudNode {
       enablePublicSpace: config.enablePublicSpace ?? true,
       spaceCreationHandler: config.spaceCreationHandler,
       nonce: config.nonce,
-      siweConfig: config.siweConfig
+      siweConfig: config.siweConfig,
+      manifest: config.manifest
     });
     this.tc = new import_sdk_core4.TinyCloud(this.auth, {
       invokeAny: this.wasmBindings.invokeAny
     });
   }
+  /**
+   * Install or replace the manifest that drives the SIWE recap at
+   * sign-in. Takes effect on the next `signIn()` call — the current
+   * session (if any) is not touched. Wire this up from a higher
+   * layer (e.g. TinyCloudWeb.setManifest) so the manifest is kept
+   * in sync across the stack.
+   */
+  setManifest(manifest) {
+    if (!this.auth) {
+      throw new Error(
+        "setManifest requires wallet mode. Provide a signer or privateKey in the TinyCloudNode config."
+      );
+    }
+    this.auth.setManifest(manifest);
+  }
+  /**
+   * Return the manifest currently installed on the auth handler,
+   * or `undefined` if none is set.
+   */
+  get manifest() {
+    return this.auth?.manifest;
+  }
   /**
    * Get the primary identity DID for this user.
    * - If wallet connected and signed in: returns PKH DID (did:pkh:eip155:{chainId}:{address})
@@ -18709,7 +18782,19 @@ var _TinyCloudNode = class _TinyCloudNode {
   }
   /**
    * Wrapper for the WASM createDelegation function.
-   * Adapts the WASM interface to what SharingService expects.
+   *
+   * The WASM call now takes a multi-resource `abilities` map
+   * (matching `prepareSession`'s shape) and emits ONE UCAN that
+   * covers every `(service, path, actions)` entry. We mirror the raw
+   * result back through `CreateDelegationWasmResult`, converting the
+   * seconds-since-epoch `expiry` to a Date and normalizing the
+   * `delegateDid` → `delegateDID` case.
+   *
+   * Both SharingService (single-entry) and
+   * {@link TinyCloudNode.delegateTo} (multi-entry) drive this through
+   * the same code path so there's exactly one place that touches the
+   * WASM boundary.
+   *
    * @internal
    */
   createDelegationWrapper(params) {
@@ -18724,18 +18809,19 @@ var _TinyCloudNode = class _TinyCloudNode {
       wasmSession,
       params.delegateDID,
       params.spaceId,
-      params.path,
-      params.actions,
+      params.abilities,
       params.expirationSecs,
       params.notBeforeSecs
     );
     return {
       delegation: result.delegation,
       cid: result.cid,
-      delegateDID: result.delegateDid,
-      path: result.path,
-      actions: result.actions,
-      expiry: new Date(result.expiry * 1e3)
+      // Rust serde `rename_all = "camelCase"` emits `delegateDid`
+      // (lowercase d); the TypeScript interface uses `delegateDID`
+      // (historical, matches Delegation.delegateDID). Normalize here.
+      delegateDID: result.delegateDid ?? result.delegateDID,
+      expiry: new Date(result.expiry * 1e3),
+      resources: result.resources
     };
   }
   /**
@@ -19210,24 +19296,38 @@ var _TinyCloudNode = class _TinyCloudNode {
   /**
    * Issue a delegation using the capability-chain flow.
    *
-   * When the requested permissions are a subset of the current session's
-   * recap, the delegation is signed by the session key via WASM — no wallet
-   * prompt. When they are not, a {@link PermissionNotInManifestError} is
-   * raised so the caller can trigger an escalation flow (e.g.
-   * `TinyCloudWeb.requestPermissions`). Passing `forceWalletSign: true`
-   * bypasses the derivability check and always uses the wallet-signed SIWE
-   * path — used by the legacy `createDelegation` fallback and by callers
-   * that want explicit wallet confirmation.
+   * When every requested permission is a subset of the current
+   * session's recap, the delegation is signed by the session key via
+   * WASM — no wallet prompt. When at least one is NOT derivable, a
+   * {@link PermissionNotInManifestError} is raised (carrying the
+   * missing entries) so the caller can trigger an escalation flow
+   * (e.g. `TinyCloudWeb.requestPermissions`). Passing
+   * `forceWalletSign: true` bypasses the derivability check and
+   * always uses the wallet-signed SIWE path — used by the legacy
+   * `createDelegation` fallback and by callers that want explicit
+   * wallet confirmation.
    *
-   * Current limitation: exactly one {@link PermissionEntry} per call. For
-   * multi-resource delegation, call `delegateTo` multiple times. This keeps
-   * each delegation a single `(spaceId, path)` grant, which matches the
-   * underlying `PortableDelegation` shape.
+   * Multi-entry delegations are now emitted as **one** signed UCAN:
+   * the underlying WASM `createDelegation` takes a full
+   * `HashMap<Service, HashMap<Path, Vec<Ability>>>` abilities map
+   * and produces a single attenuation carrying every
+   * `(service, path, actions)` entry. The returned
+   * {@link DelegateToResult.delegation} is that single blob, and
+   * apps can POST it to their backend exactly like a single-entry
+   * delegation (the server verifies all granted resources from one
+   * UCAN).
    *
-   * @throws {@link SessionExpiredError} when there is no session or the
-   *   current session has expired (or will within the 60s safety margin).
-   * @throws {@link PermissionNotInManifestError} when the requested entries
-   *   are not a subset of the granted session capabilities and
+   * For single-entry requests the `PortableDelegation.path` and
+   * `.actions` fields mirror the one granted entry. For
+   * multi-entry requests they mirror the **first** entry (stable
+   * lexicographic order from the Rust side); consumers that need
+   * the full picture read `PortableDelegation.resources`.
+   *
+   * @throws {@link SessionExpiredError} when there is no session or
+   *   the current session has expired (or will within the 60s
+   *   safety margin).
+   * @throws {@link PermissionNotInManifestError} when any requested
+   *   entry is not a subset of the granted session capabilities and
    *   `forceWalletSign` is not set.
    */
   async delegateTo(did, permissions, options) {
@@ -19248,16 +19348,10 @@ var _TinyCloudNode = class _TinyCloudNode {
         "delegateTo requires a non-empty permissions array"
       );
     }
-    if (permissions.length > 1) {
-      throw new Error(
-        "delegateTo currently supports one permission entry per call. Call delegateTo multiple times for multi-resource delegation."
-      );
-    }
-    const entry = permissions[0];
-    const expandedEntry = {
+    const expandedEntries = permissions.map((entry) => ({
       ...entry,
       actions: (0, import_sdk_core4.expandActionShortNames)(entry.service, entry.actions)
-    };
+    }));
     const now = /* @__PURE__ */ new Date();
     const expiryMs = resolveExpiryMs(options?.expiry);
     const expirationTime = new Date(now.getTime() + expiryMs);
@@ -19266,9 +19360,14 @@ var _TinyCloudNode = class _TinyCloudNode {
       effectiveExpiration = sessionExpiry;
     }
     if (options?.forceWalletSign) {
+      if (expandedEntries.length > 1) {
+        throw new Error(
+          "delegateTo with forceWalletSign=true supports at most one PermissionEntry. Multi-entry requests must go through the session-key UCAN path (drop forceWalletSign) or the legacy createDelegation method."
+        );
+      }
       const delegation2 = await this.createDelegationLegacyWalletPath(
         did,
-        expandedEntry,
+        expandedEntries[0],
         effectiveExpiration
       );
       return { delegation: delegation2, prompted: true };
@@ -19277,14 +19376,13 @@ var _TinyCloudNode = class _TinyCloudNode {
       (siwe) => this.wasmBindings.parseRecapFromSiwe(siwe),
       session.siwe
     );
-    const requested = [expandedEntry];
-    const { subset, missing } = (0, import_sdk_core4.isCapabilitySubset)(requested, granted);
+    const { subset, missing } = (0, import_sdk_core4.isCapabilitySubset)(expandedEntries, granted);
     if (!subset) {
       throw new import_sdk_core4.PermissionNotInManifestError(missing, granted);
     }
     const delegation = await this.createDelegationViaWasmPath(
       did,
-      expandedEntry,
+      expandedEntries,
       effectiveExpiration,
       session
     );
@@ -19293,14 +19391,60 @@ var _TinyCloudNode = class _TinyCloudNode {
   /**
    * Issue a delegation via the session-key UCAN WASM path.
    *
-   * The caller has already verified the request is derivable from the
-   * current session; we just need to shape the inputs for
-   * {@link createDelegationWrapper}.
+   * The caller has already verified every entry is derivable from
+   * the current session; we build one multi-resource abilities map
+   * and emit one signed UCAN covering them all.
+   *
+   * All entries must share the same target space (the UCAN is
+   * scoped to a single space). If they don't, this throws — mixing
+   * spaces in a single delegation is not supported by the underlying
+   * Rust create_delegation call and the resulting UCAN would be
+   * under-specified.
    *
    * @internal
    */
-  async createDelegationViaWasmPath(did, entry, expirationTime, session) {
-    const spaceId = entry.space === "default" ? session.spaceId : entry.space;
+  async createDelegationViaWasmPath(did, entries, expirationTime, session) {
+    if (entries.length === 0) {
+      throw new Error(
+        "createDelegationViaWasmPath requires a non-empty entries array"
+      );
+    }
+    const resolvedSpaces = /* @__PURE__ */ new Set();
+    for (const entry of entries) {
+      const spaceId2 = entry.space === "default" ? session.spaceId : entry.space;
+      resolvedSpaces.add(spaceId2);
+    }
+    if (resolvedSpaces.size !== 1) {
+      throw new Error(
+        `delegateTo: all permission entries must target the same space, got ${resolvedSpaces.size}: ${JSON.stringify([...resolvedSpaces])}`
+      );
+    }
+    const spaceId = [...resolvedSpaces][0];
+    const abilities = {};
+    for (const entry of entries) {
+      const shortService = import_sdk_core4.SERVICE_LONG_TO_SHORT[entry.service];
+      if (shortService === void 0) {
+        throw new Error(
+          `delegateTo: unknown service '${entry.service}' \u2014 no short-form mapping`
+        );
+      }
+      if (abilities[shortService] === void 0) {
+        abilities[shortService] = {};
+      }
+      const pathsMap = abilities[shortService];
+      const existing = pathsMap[entry.path];
+      if (existing === void 0) {
+        pathsMap[entry.path] = [...entry.actions];
+      } else {
+        const seen = new Set(existing);
+        for (const action of entry.actions) {
+          if (!seen.has(action)) {
+            existing.push(action);
+            seen.add(action);
+          }
+        }
+      }
+    }
     const serviceSession = {
       delegationHeader: session.delegationHeader,
       delegationCid: session.delegationCid,
@@ -19313,16 +19457,17 @@ var _TinyCloudNode = class _TinyCloudNode {
       session: serviceSession,
       delegateDID: did,
       spaceId,
-      path: entry.path,
-      actions: entry.actions,
+      abilities,
       expirationSecs
     });
+    const primary = result.resources[0];
     return {
       cid: result.cid,
       delegationHeader: { Authorization: `Bearer ${result.delegation}` },
       spaceId,
-      path: entry.path,
-      actions: entry.actions,
+      path: primary.path,
+      actions: primary.actions,
+      resources: result.resources,
       disableSubDelegation: false,
       expiry: result.expiry,
       delegateDID: did,
@@ -19378,19 +19523,17 @@ var _TinyCloudNode = class _TinyCloudNode {
       params.path,
       params.spaceIdOverride
     );
-    if (entries.length === 1) {
-      try {
-        const result = await this.delegateTo(
-          resolvedDelegateDID,
-          [entries[0]],
-          params.expiryMs !== void 0 ? { expiry: params.expiryMs } : void 0
-        );
-        return result.delegation;
-      } catch (err) {
-        if (err instanceof import_sdk_core4.PermissionNotInManifestError) {
-        } else {
-          throw err;
-        }
+    try {
+      const result = await this.delegateTo(
+        resolvedDelegateDID,
+        entries,
+        params.expiryMs !== void 0 ? { expiry: params.expiryMs } : void 0
+      );
+      return result.delegation;
+    } catch (err) {
+      if (err instanceof import_sdk_core4.PermissionNotInManifestError) {
+      } else {
+        throw err;
       }
     }
     return this.createDelegationWalletPath({