@tinycloud/node-sdk 2.2.0-beta.5 → 2.2.0-beta.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{core-DdMPUB5s.d.cts → core-C3s0bgRe.d.cts} +14 -1
- package/dist/{core-DdMPUB5s.d.ts → core-C3s0bgRe.d.ts} +14 -1
- package/dist/core.cjs +348 -155
- package/dist/core.cjs.map +1 -1
- package/dist/core.d.cts +2 -2
- package/dist/core.d.ts +2 -2
- package/dist/core.js +254 -58
- package/dist/core.js.map +1 -1
- package/dist/index.cjs +351 -158
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +2 -2
- package/dist/index.d.ts +2 -2
- package/dist/index.js +255 -58
- package/dist/index.js.map +1 -1
- package/package.json +2 -2
package/dist/core.cjs
CHANGED
|
@@ -20,70 +20,71 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
|
|
|
20
20
|
// src/core.ts
|
|
21
21
|
var core_exports = {};
|
|
22
22
|
__export(core_exports, {
|
|
23
|
-
ACCOUNT_REGISTRY_PATH: () =>
|
|
24
|
-
ACCOUNT_REGISTRY_SPACE: () =>
|
|
25
|
-
AutoApproveSpaceCreationHandler: () =>
|
|
26
|
-
CapabilityKeyRegistry: () =>
|
|
27
|
-
CapabilityKeyRegistryErrorCodes: () =>
|
|
28
|
-
DEFAULT_MANIFEST_SPACE: () =>
|
|
29
|
-
DEFAULT_MANIFEST_VERSION: () =>
|
|
30
|
-
DataVaultService: () =>
|
|
31
|
-
DatabaseHandle: () =>
|
|
23
|
+
ACCOUNT_REGISTRY_PATH: () => import_sdk_core9.ACCOUNT_REGISTRY_PATH,
|
|
24
|
+
ACCOUNT_REGISTRY_SPACE: () => import_sdk_core9.ACCOUNT_REGISTRY_SPACE,
|
|
25
|
+
AutoApproveSpaceCreationHandler: () => import_sdk_core8.AutoApproveSpaceCreationHandler,
|
|
26
|
+
CapabilityKeyRegistry: () => import_sdk_core15.CapabilityKeyRegistry,
|
|
27
|
+
CapabilityKeyRegistryErrorCodes: () => import_sdk_core15.CapabilityKeyRegistryErrorCodes,
|
|
28
|
+
DEFAULT_MANIFEST_SPACE: () => import_sdk_core9.DEFAULT_MANIFEST_SPACE,
|
|
29
|
+
DEFAULT_MANIFEST_VERSION: () => import_sdk_core9.DEFAULT_MANIFEST_VERSION,
|
|
30
|
+
DataVaultService: () => import_sdk_core13.DataVaultService,
|
|
31
|
+
DatabaseHandle: () => import_sdk_core11.DatabaseHandle,
|
|
32
32
|
DelegatedAccess: () => DelegatedAccess,
|
|
33
|
-
DelegationErrorCodes: () =>
|
|
34
|
-
DelegationManager: () =>
|
|
35
|
-
DuckDbAction: () =>
|
|
36
|
-
DuckDbDatabaseHandle: () =>
|
|
37
|
-
DuckDbService: () =>
|
|
33
|
+
DelegationErrorCodes: () => import_sdk_core14.DelegationErrorCodes,
|
|
34
|
+
DelegationManager: () => import_sdk_core14.DelegationManager,
|
|
35
|
+
DuckDbAction: () => import_sdk_core12.DuckDbAction,
|
|
36
|
+
DuckDbDatabaseHandle: () => import_sdk_core12.DuckDbDatabaseHandle,
|
|
37
|
+
DuckDbService: () => import_sdk_core12.DuckDbService,
|
|
38
38
|
FileSessionStorage: () => FileSessionStorage,
|
|
39
|
-
KVService: () =>
|
|
40
|
-
ManifestValidationError: () =>
|
|
39
|
+
KVService: () => import_sdk_core10.KVService,
|
|
40
|
+
ManifestValidationError: () => import_sdk_core9.ManifestValidationError,
|
|
41
41
|
MemorySessionStorage: () => MemorySessionStorage,
|
|
42
42
|
NodeUserAuthorization: () => NodeUserAuthorization,
|
|
43
|
-
PermissionNotInManifestError: () =>
|
|
44
|
-
PrefixedKVService: () =>
|
|
45
|
-
ProtocolMismatchError: () =>
|
|
46
|
-
SQLAction: () =>
|
|
47
|
-
SQLService: () =>
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
43
|
+
PermissionNotInManifestError: () => import_sdk_core9.PermissionNotInManifestError,
|
|
44
|
+
PrefixedKVService: () => import_sdk_core10.PrefixedKVService,
|
|
45
|
+
ProtocolMismatchError: () => import_sdk_core17.ProtocolMismatchError,
|
|
46
|
+
SQLAction: () => import_sdk_core11.SQLAction,
|
|
47
|
+
SQLService: () => import_sdk_core11.SQLService,
|
|
48
|
+
SecretsService: () => import_sdk_core13.SecretsService,
|
|
49
|
+
ServiceContext: () => import_sdk_core18.ServiceContext,
|
|
50
|
+
SessionExpiredError: () => import_sdk_core9.SessionExpiredError,
|
|
51
|
+
SharingService: () => import_sdk_core14.SharingService,
|
|
52
|
+
SilentNotificationHandler: () => import_sdk_core8.SilentNotificationHandler,
|
|
53
|
+
Space: () => import_sdk_core16.Space,
|
|
54
|
+
SpaceErrorCodes: () => import_sdk_core16.SpaceErrorCodes,
|
|
55
|
+
SpaceService: () => import_sdk_core16.SpaceService,
|
|
56
|
+
TinyCloud: () => import_sdk_core7.TinyCloud,
|
|
56
57
|
TinyCloudNode: () => TinyCloudNode,
|
|
57
|
-
UnsupportedFeatureError: () =>
|
|
58
|
-
VaultHeaders: () =>
|
|
59
|
-
VaultPublicSpaceKVActions: () =>
|
|
60
|
-
VersionCheckError: () =>
|
|
58
|
+
UnsupportedFeatureError: () => import_sdk_core17.UnsupportedFeatureError,
|
|
59
|
+
VaultHeaders: () => import_sdk_core13.VaultHeaders,
|
|
60
|
+
VaultPublicSpaceKVActions: () => import_sdk_core13.VaultPublicSpaceKVActions,
|
|
61
|
+
VersionCheckError: () => import_sdk_core17.VersionCheckError,
|
|
61
62
|
WasmKeyProvider: () => WasmKeyProvider,
|
|
62
|
-
buildSpaceUri: () =>
|
|
63
|
-
checkNodeInfo: () =>
|
|
64
|
-
composeManifestRequest: () =>
|
|
65
|
-
createCapabilityKeyRegistry: () =>
|
|
66
|
-
createSharingService: () =>
|
|
67
|
-
createSpaceService: () =>
|
|
68
|
-
createVaultCrypto: () =>
|
|
63
|
+
buildSpaceUri: () => import_sdk_core16.buildSpaceUri,
|
|
64
|
+
checkNodeInfo: () => import_sdk_core17.checkNodeInfo,
|
|
65
|
+
composeManifestRequest: () => import_sdk_core9.composeManifestRequest,
|
|
66
|
+
createCapabilityKeyRegistry: () => import_sdk_core15.createCapabilityKeyRegistry,
|
|
67
|
+
createSharingService: () => import_sdk_core14.createSharingService,
|
|
68
|
+
createSpaceService: () => import_sdk_core16.createSpaceService,
|
|
69
|
+
createVaultCrypto: () => import_sdk_core13.createVaultCrypto,
|
|
69
70
|
createWasmKeyProvider: () => createWasmKeyProvider,
|
|
70
71
|
defaultSignStrategy: () => defaultSignStrategy,
|
|
71
|
-
defaultSpaceCreationHandler: () =>
|
|
72
|
+
defaultSpaceCreationHandler: () => import_sdk_core8.defaultSpaceCreationHandler,
|
|
72
73
|
deserializeDelegation: () => deserializeDelegation,
|
|
73
|
-
expandActionShortNames: () =>
|
|
74
|
-
isCapabilitySubset: () =>
|
|
75
|
-
loadManifest: () =>
|
|
76
|
-
makePublicSpaceId: () =>
|
|
77
|
-
parseExpiry: () =>
|
|
78
|
-
parseSpaceUri: () =>
|
|
79
|
-
resolveManifest: () =>
|
|
80
|
-
resourceCapabilitiesToSpaceAbilitiesMap: () =>
|
|
74
|
+
expandActionShortNames: () => import_sdk_core9.expandActionShortNames,
|
|
75
|
+
isCapabilitySubset: () => import_sdk_core9.isCapabilitySubset,
|
|
76
|
+
loadManifest: () => import_sdk_core9.loadManifest,
|
|
77
|
+
makePublicSpaceId: () => import_sdk_core16.makePublicSpaceId,
|
|
78
|
+
parseExpiry: () => import_sdk_core9.parseExpiry,
|
|
79
|
+
parseSpaceUri: () => import_sdk_core16.parseSpaceUri,
|
|
80
|
+
resolveManifest: () => import_sdk_core9.resolveManifest,
|
|
81
|
+
resourceCapabilitiesToSpaceAbilitiesMap: () => import_sdk_core9.resourceCapabilitiesToSpaceAbilitiesMap,
|
|
81
82
|
serializeDelegation: () => serializeDelegation,
|
|
82
|
-
validateManifest: () =>
|
|
83
|
+
validateManifest: () => import_sdk_core9.validateManifest
|
|
83
84
|
});
|
|
84
85
|
module.exports = __toCommonJS(core_exports);
|
|
85
|
-
var import_sdk_core6 = require("@tinycloud/sdk-core");
|
|
86
86
|
var import_sdk_core7 = require("@tinycloud/sdk-core");
|
|
87
|
+
var import_sdk_core8 = require("@tinycloud/sdk-core");
|
|
87
88
|
|
|
88
89
|
// src/storage/MemorySessionStorage.ts
|
|
89
90
|
var MemorySessionStorage = class {
|
|
@@ -1019,7 +1020,7 @@ var NodeUserAuthorization = class {
|
|
|
1019
1020
|
};
|
|
1020
1021
|
|
|
1021
1022
|
// src/TinyCloudNode.ts
|
|
1022
|
-
var
|
|
1023
|
+
var import_sdk_core6 = require("@tinycloud/sdk-core");
|
|
1023
1024
|
|
|
1024
1025
|
// src/DelegatedAccess.ts
|
|
1025
1026
|
var import_sdk_core3 = require("@tinycloud/sdk-core");
|
|
@@ -1252,6 +1253,176 @@ function extractSiweExpiration(siwe) {
|
|
|
1252
1253
|
return d;
|
|
1253
1254
|
}
|
|
1254
1255
|
|
|
1256
|
+
// src/NodeSecretsService.ts
|
|
1257
|
+
var import_sdk_core5 = require("@tinycloud/sdk-core");
|
|
1258
|
+
var SECRET_NAME_RE = /^[A-Z][A-Z0-9_]*$/;
|
|
1259
|
+
var SECRET_PREFIX = "secrets/";
|
|
1260
|
+
var SECRETS_SPACE = "secrets";
|
|
1261
|
+
function ok() {
|
|
1262
|
+
return { ok: true, data: void 0 };
|
|
1263
|
+
}
|
|
1264
|
+
function secretsError(code, message, cause) {
|
|
1265
|
+
return {
|
|
1266
|
+
ok: false,
|
|
1267
|
+
error: {
|
|
1268
|
+
code,
|
|
1269
|
+
service: "secrets",
|
|
1270
|
+
message,
|
|
1271
|
+
...cause ? { cause } : {}
|
|
1272
|
+
}
|
|
1273
|
+
};
|
|
1274
|
+
}
|
|
1275
|
+
function actionUrn(action) {
|
|
1276
|
+
return `tinycloud.kv/${action}`;
|
|
1277
|
+
}
|
|
1278
|
+
function secretResourcePath(base, name) {
|
|
1279
|
+
return `${base}/${SECRET_PREFIX}${name}`;
|
|
1280
|
+
}
|
|
1281
|
+
function secretPermissionEntries(name, action) {
|
|
1282
|
+
return [
|
|
1283
|
+
{
|
|
1284
|
+
service: "tinycloud.kv",
|
|
1285
|
+
space: SECRETS_SPACE,
|
|
1286
|
+
path: secretResourcePath("keys", name),
|
|
1287
|
+
actions: [action],
|
|
1288
|
+
skipPrefix: true
|
|
1289
|
+
},
|
|
1290
|
+
{
|
|
1291
|
+
service: "tinycloud.kv",
|
|
1292
|
+
space: SECRETS_SPACE,
|
|
1293
|
+
path: secretResourcePath("vault", name),
|
|
1294
|
+
actions: [action],
|
|
1295
|
+
skipPrefix: true
|
|
1296
|
+
}
|
|
1297
|
+
];
|
|
1298
|
+
}
|
|
1299
|
+
function isSecretsSpace(space) {
|
|
1300
|
+
return space === SECRETS_SPACE || space.endsWith(`:${SECRETS_SPACE}`);
|
|
1301
|
+
}
|
|
1302
|
+
function composeEscalatedManifest(manifest, additional) {
|
|
1303
|
+
if (Array.isArray(manifest)) {
|
|
1304
|
+
const [primary, ...rest] = manifest;
|
|
1305
|
+
return [
|
|
1306
|
+
{
|
|
1307
|
+
...primary,
|
|
1308
|
+
permissions: [...primary.permissions ?? [], ...additional]
|
|
1309
|
+
},
|
|
1310
|
+
...rest
|
|
1311
|
+
];
|
|
1312
|
+
}
|
|
1313
|
+
return {
|
|
1314
|
+
...manifest,
|
|
1315
|
+
permissions: [...manifest.permissions ?? [], ...additional]
|
|
1316
|
+
};
|
|
1317
|
+
}
|
|
1318
|
+
var NodeSecretsService = class {
|
|
1319
|
+
constructor(config) {
|
|
1320
|
+
this.config = config;
|
|
1321
|
+
this.shouldRestoreUnlock = false;
|
|
1322
|
+
}
|
|
1323
|
+
get vault() {
|
|
1324
|
+
return this.service.vault;
|
|
1325
|
+
}
|
|
1326
|
+
get isUnlocked() {
|
|
1327
|
+
return this.service.isUnlocked;
|
|
1328
|
+
}
|
|
1329
|
+
async unlock(signer) {
|
|
1330
|
+
if (signer !== void 0) {
|
|
1331
|
+
this.unlockSigner = signer;
|
|
1332
|
+
}
|
|
1333
|
+
const result = await this.service.unlock(signer);
|
|
1334
|
+
if (result.ok) {
|
|
1335
|
+
this.shouldRestoreUnlock = true;
|
|
1336
|
+
}
|
|
1337
|
+
return result;
|
|
1338
|
+
}
|
|
1339
|
+
lock() {
|
|
1340
|
+
this.shouldRestoreUnlock = false;
|
|
1341
|
+
this.service.lock();
|
|
1342
|
+
}
|
|
1343
|
+
get(name) {
|
|
1344
|
+
return this.service.get(name);
|
|
1345
|
+
}
|
|
1346
|
+
async put(name, value) {
|
|
1347
|
+
const permission = await this.ensureMutationPermission(name, "put");
|
|
1348
|
+
if (!permission.ok) return permission;
|
|
1349
|
+
return this.service.put(name, value);
|
|
1350
|
+
}
|
|
1351
|
+
async delete(name) {
|
|
1352
|
+
const permission = await this.ensureMutationPermission(name, "del");
|
|
1353
|
+
if (!permission.ok) return permission;
|
|
1354
|
+
return this.service.delete(name);
|
|
1355
|
+
}
|
|
1356
|
+
list() {
|
|
1357
|
+
return this.service.list();
|
|
1358
|
+
}
|
|
1359
|
+
get service() {
|
|
1360
|
+
return this.config.getService();
|
|
1361
|
+
}
|
|
1362
|
+
async ensureMutationPermission(name, action) {
|
|
1363
|
+
if (!SECRET_NAME_RE.test(name)) {
|
|
1364
|
+
return secretsError(
|
|
1365
|
+
import_sdk_core5.ErrorCodes.INVALID_INPUT,
|
|
1366
|
+
`Invalid secret name ${JSON.stringify(name)}. Secret names must match ${SECRET_NAME_RE.source}.`
|
|
1367
|
+
);
|
|
1368
|
+
}
|
|
1369
|
+
if (this.hasMutationPermission(name, action)) {
|
|
1370
|
+
return ok();
|
|
1371
|
+
}
|
|
1372
|
+
if (!this.config.canEscalate()) {
|
|
1373
|
+
return secretsError(
|
|
1374
|
+
import_sdk_core5.ErrorCodes.PERMISSION_DENIED,
|
|
1375
|
+
`Cannot autosign ${actionUrn(action)} for ${name}; TinyCloudNode needs wallet mode with a signer or privateKey.`
|
|
1376
|
+
);
|
|
1377
|
+
}
|
|
1378
|
+
const manifest = this.config.getManifest();
|
|
1379
|
+
if (manifest === void 0) {
|
|
1380
|
+
return secretsError(
|
|
1381
|
+
import_sdk_core5.ErrorCodes.PERMISSION_DENIED,
|
|
1382
|
+
`Cannot autosign ${actionUrn(action)} for ${name}; set a manifest before mutating secrets.`
|
|
1383
|
+
);
|
|
1384
|
+
}
|
|
1385
|
+
try {
|
|
1386
|
+
this.config.setManifest(
|
|
1387
|
+
composeEscalatedManifest(
|
|
1388
|
+
manifest,
|
|
1389
|
+
secretPermissionEntries(name, action)
|
|
1390
|
+
)
|
|
1391
|
+
);
|
|
1392
|
+
await this.config.signIn();
|
|
1393
|
+
return this.restoreUnlockAfterEscalation();
|
|
1394
|
+
} catch (error) {
|
|
1395
|
+
return secretsError(
|
|
1396
|
+
import_sdk_core5.ErrorCodes.PERMISSION_DENIED,
|
|
1397
|
+
error instanceof Error ? error.message : `Autosign escalation for ${actionUrn(action)} on ${name} failed.`,
|
|
1398
|
+
error instanceof Error ? error : void 0
|
|
1399
|
+
);
|
|
1400
|
+
}
|
|
1401
|
+
}
|
|
1402
|
+
async restoreUnlockAfterEscalation() {
|
|
1403
|
+
if (!this.shouldRestoreUnlock) {
|
|
1404
|
+
return ok();
|
|
1405
|
+
}
|
|
1406
|
+
return this.service.unlock(this.unlockSigner);
|
|
1407
|
+
}
|
|
1408
|
+
hasMutationPermission(name, action) {
|
|
1409
|
+
const manifest = this.config.getManifest();
|
|
1410
|
+
if (manifest === void 0) {
|
|
1411
|
+
return false;
|
|
1412
|
+
}
|
|
1413
|
+
const manifests = Array.isArray(manifest) ? manifest : [manifest];
|
|
1414
|
+
const requiredAction = actionUrn(action);
|
|
1415
|
+
return manifests.some((entry) => {
|
|
1416
|
+
const resolved = (0, import_sdk_core5.resolveManifest)(entry);
|
|
1417
|
+
return ["keys", "vault"].every(
|
|
1418
|
+
(base) => resolved.resources.some(
|
|
1419
|
+
(resource) => resource.service === "tinycloud.kv" && isSecretsSpace(resource.space) && resource.path === secretResourcePath(base, name) && resource.actions.includes(requiredAction)
|
|
1420
|
+
)
|
|
1421
|
+
);
|
|
1422
|
+
});
|
|
1423
|
+
}
|
|
1424
|
+
};
|
|
1425
|
+
|
|
1255
1426
|
// src/TinyCloudNode.ts
|
|
1256
1427
|
var DEFAULT_HOST = "https://node.tinycloud.xyz";
|
|
1257
1428
|
var _TinyCloudNode = class _TinyCloudNode {
|
|
@@ -1310,12 +1481,12 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
1310
1481
|
throw new Error("Failed to get session key JWK");
|
|
1311
1482
|
}
|
|
1312
1483
|
this.sessionKeyJwk = JSON.parse(jwkStr);
|
|
1313
|
-
this._capabilityRegistry = new
|
|
1484
|
+
this._capabilityRegistry = new import_sdk_core6.CapabilityKeyRegistry();
|
|
1314
1485
|
this._keyProvider = new WasmKeyProvider({
|
|
1315
1486
|
sessionManager: this.sessionManager
|
|
1316
1487
|
});
|
|
1317
|
-
this.notificationHandler = config.notificationHandler ?? new
|
|
1318
|
-
this._sharingService = new
|
|
1488
|
+
this.notificationHandler = config.notificationHandler ?? new import_sdk_core6.SilentNotificationHandler();
|
|
1489
|
+
this._sharingService = new import_sdk_core6.SharingService({
|
|
1319
1490
|
hosts: [this.config.host],
|
|
1320
1491
|
// session: undefined - not needed for receive()
|
|
1321
1492
|
invoke: this.wasmBindings.invoke,
|
|
@@ -1325,8 +1496,8 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
1325
1496
|
// delegationManager: undefined - not needed for receive()
|
|
1326
1497
|
createKVService: (config2) => {
|
|
1327
1498
|
const prefix = config2.pathPrefix?.replace(/\/$/, "");
|
|
1328
|
-
const kvService = new
|
|
1329
|
-
const kvContext = new
|
|
1499
|
+
const kvService = new import_sdk_core6.KVService({ prefix });
|
|
1500
|
+
const kvContext = new import_sdk_core6.ServiceContext({
|
|
1330
1501
|
invoke: config2.invoke,
|
|
1331
1502
|
fetch: config2.fetch ?? globalThis.fetch.bind(globalThis),
|
|
1332
1503
|
hosts: config2.hosts
|
|
@@ -1385,7 +1556,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
1385
1556
|
capabilityRequest: config.capabilityRequest,
|
|
1386
1557
|
includeAccountRegistryPermissions: config.includeAccountRegistryPermissions
|
|
1387
1558
|
});
|
|
1388
|
-
this.tc = new
|
|
1559
|
+
this.tc = new import_sdk_core6.TinyCloud(this.auth, {
|
|
1389
1560
|
invokeAny: this.wasmBindings.invokeAny
|
|
1390
1561
|
});
|
|
1391
1562
|
}
|
|
@@ -1506,6 +1677,10 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
1506
1677
|
this._sql = void 0;
|
|
1507
1678
|
this._duckdb = void 0;
|
|
1508
1679
|
this._hooks = void 0;
|
|
1680
|
+
this._vault = void 0;
|
|
1681
|
+
this._baseSecrets = void 0;
|
|
1682
|
+
this._secrets = void 0;
|
|
1683
|
+
this._spaceService = void 0;
|
|
1509
1684
|
this._serviceContext = void 0;
|
|
1510
1685
|
await this.tc.signIn(options);
|
|
1511
1686
|
this.syncResolvedHostFromAuth();
|
|
@@ -1527,7 +1702,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
1527
1702
|
if (!this.auth || !this.signer) {
|
|
1528
1703
|
throw new Error("Manifest registry write requires wallet mode");
|
|
1529
1704
|
}
|
|
1530
|
-
const accountSpaceId = this.ownedSpaceId(
|
|
1705
|
+
const accountSpaceId = this.ownedSpaceId(import_sdk_core6.ACCOUNT_REGISTRY_SPACE);
|
|
1531
1706
|
await this.ensureOwnedSpaceHosted(accountSpaceId);
|
|
1532
1707
|
const accountKV = this.spaces.get(accountSpaceId).kv;
|
|
1533
1708
|
for (const record of request.registryRecords) {
|
|
@@ -1555,7 +1730,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
1555
1730
|
if (!host) {
|
|
1556
1731
|
throw new Error("Owned space hosting requires a TinyCloud host");
|
|
1557
1732
|
}
|
|
1558
|
-
const activation = await (0,
|
|
1733
|
+
const activation = await (0, import_sdk_core6.activateSessionWithHost)(host, session.delegationHeader);
|
|
1559
1734
|
if (activation.success && !activation.skipped?.includes(spaceId)) {
|
|
1560
1735
|
return;
|
|
1561
1736
|
}
|
|
@@ -1569,7 +1744,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
1569
1744
|
throw new Error(`Failed to create owned space: ${spaceId}`);
|
|
1570
1745
|
}
|
|
1571
1746
|
await new Promise((resolve) => setTimeout(resolve, 100));
|
|
1572
|
-
const retry = await (0,
|
|
1747
|
+
const retry = await (0, import_sdk_core6.activateSessionWithHost)(host, session.delegationHeader);
|
|
1573
1748
|
if (!retry.success || retry.skipped?.includes(spaceId)) {
|
|
1574
1749
|
throw new Error(
|
|
1575
1750
|
`Failed to activate session after creating owned space ${spaceId}: ${retry.error ?? "space was skipped"}`
|
|
@@ -1591,6 +1766,10 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
1591
1766
|
this._sql = void 0;
|
|
1592
1767
|
this._duckdb = void 0;
|
|
1593
1768
|
this._hooks = void 0;
|
|
1769
|
+
this._vault = void 0;
|
|
1770
|
+
this._baseSecrets = void 0;
|
|
1771
|
+
this._secrets = void 0;
|
|
1772
|
+
this._spaceService = void 0;
|
|
1594
1773
|
this._serviceContext = void 0;
|
|
1595
1774
|
if (sessionData.address) {
|
|
1596
1775
|
this._address = sessionData.address;
|
|
@@ -1598,22 +1777,22 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
1598
1777
|
if (sessionData.chainId) {
|
|
1599
1778
|
this._chainId = sessionData.chainId;
|
|
1600
1779
|
}
|
|
1601
|
-
this._serviceContext = new
|
|
1780
|
+
this._serviceContext = new import_sdk_core6.ServiceContext({
|
|
1602
1781
|
invoke: this.wasmBindings.invoke,
|
|
1603
1782
|
invokeAny: this.wasmBindings.invokeAny,
|
|
1604
1783
|
fetch: globalThis.fetch.bind(globalThis),
|
|
1605
1784
|
hosts: [this.config.host]
|
|
1606
1785
|
});
|
|
1607
|
-
this._kv = new
|
|
1786
|
+
this._kv = new import_sdk_core6.KVService({});
|
|
1608
1787
|
this._kv.initialize(this._serviceContext);
|
|
1609
1788
|
this._serviceContext.registerService("kv", this._kv);
|
|
1610
|
-
this._sql = new
|
|
1789
|
+
this._sql = new import_sdk_core6.SQLService({});
|
|
1611
1790
|
this._sql.initialize(this._serviceContext);
|
|
1612
1791
|
this._serviceContext.registerService("sql", this._sql);
|
|
1613
|
-
this._duckdb = new
|
|
1792
|
+
this._duckdb = new import_sdk_core6.DuckDbService({});
|
|
1614
1793
|
this._duckdb.initialize(this._serviceContext);
|
|
1615
1794
|
this._serviceContext.registerService("duckdb", this._duckdb);
|
|
1616
|
-
this._hooks = new
|
|
1795
|
+
this._hooks = new import_sdk_core6.HooksService({});
|
|
1617
1796
|
this._hooks.initialize(this._serviceContext);
|
|
1618
1797
|
this._serviceContext.registerService("hooks", this._hooks);
|
|
1619
1798
|
const serviceSession = {
|
|
@@ -1624,41 +1803,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
1624
1803
|
jwk: sessionData.jwk
|
|
1625
1804
|
};
|
|
1626
1805
|
this._serviceContext.setSession(serviceSession);
|
|
1627
|
-
|
|
1628
|
-
const vaultCrypto = (0, import_sdk_core5.createVaultCrypto)({
|
|
1629
|
-
vault_encrypt: wasm.vault_encrypt,
|
|
1630
|
-
vault_decrypt: wasm.vault_decrypt,
|
|
1631
|
-
vault_derive_key: wasm.vault_derive_key,
|
|
1632
|
-
vault_x25519_from_seed: wasm.vault_x25519_from_seed,
|
|
1633
|
-
vault_x25519_dh: wasm.vault_x25519_dh,
|
|
1634
|
-
vault_random_bytes: wasm.vault_random_bytes,
|
|
1635
|
-
vault_sha256: wasm.vault_sha256
|
|
1636
|
-
});
|
|
1637
|
-
const self = this;
|
|
1638
|
-
this._vault = new import_sdk_core5.DataVaultService({
|
|
1639
|
-
spaceId: sessionData.spaceId,
|
|
1640
|
-
crypto: vaultCrypto,
|
|
1641
|
-
tc: {
|
|
1642
|
-
kv: this._kv,
|
|
1643
|
-
ensurePublicSpace: async () => {
|
|
1644
|
-
try {
|
|
1645
|
-
await self.ensurePublicSpace();
|
|
1646
|
-
return { ok: true, data: void 0 };
|
|
1647
|
-
} catch (error) {
|
|
1648
|
-
return { ok: false, error: { code: "STORAGE_ERROR", message: error instanceof Error ? error.message : String(error), service: "vault" } };
|
|
1649
|
-
}
|
|
1650
|
-
},
|
|
1651
|
-
get publicKV() {
|
|
1652
|
-
return self._publicKV ?? self.tc.publicKV;
|
|
1653
|
-
},
|
|
1654
|
-
readPublicSpace: (host, spaceId, key) => import_sdk_core5.TinyCloud.readPublicSpace(host, spaceId, key),
|
|
1655
|
-
makePublicSpaceId: import_sdk_core5.TinyCloud.makePublicSpaceId,
|
|
1656
|
-
did: this.did,
|
|
1657
|
-
address: sessionData.address ?? this._address ?? "",
|
|
1658
|
-
chainId: sessionData.chainId ?? this._chainId,
|
|
1659
|
-
hosts: [this.config.host]
|
|
1660
|
-
}
|
|
1661
|
-
});
|
|
1806
|
+
this._vault = this.createVaultService(sessionData.spaceId, this._kv);
|
|
1662
1807
|
this._vault.initialize(this._serviceContext);
|
|
1663
1808
|
this._serviceContext.registerService("vault", this._vault);
|
|
1664
1809
|
this.initializeV2Services(serviceSession);
|
|
@@ -1719,7 +1864,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
1719
1864
|
capabilityRequest: this.config.capabilityRequest,
|
|
1720
1865
|
includeAccountRegistryPermissions: this.config.includeAccountRegistryPermissions
|
|
1721
1866
|
});
|
|
1722
|
-
this.tc = new
|
|
1867
|
+
this.tc = new import_sdk_core6.TinyCloud(this.auth, {
|
|
1723
1868
|
invokeAny: this.wasmBindings.invokeAny
|
|
1724
1869
|
});
|
|
1725
1870
|
this.config.prefix = prefix;
|
|
@@ -1763,7 +1908,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
1763
1908
|
capabilityRequest: this.config.capabilityRequest,
|
|
1764
1909
|
includeAccountRegistryPermissions: this.config.includeAccountRegistryPermissions
|
|
1765
1910
|
});
|
|
1766
|
-
this.tc = new
|
|
1911
|
+
this.tc = new import_sdk_core6.TinyCloud(this.auth, {
|
|
1767
1912
|
invokeAny: this.wasmBindings.invokeAny
|
|
1768
1913
|
});
|
|
1769
1914
|
this.config.prefix = prefix;
|
|
@@ -1778,27 +1923,27 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
1778
1923
|
return;
|
|
1779
1924
|
}
|
|
1780
1925
|
this.tc.initializeServices(this.wasmBindings.invoke, [this.config.host]);
|
|
1781
|
-
this._serviceContext = new
|
|
1926
|
+
this._serviceContext = new import_sdk_core6.ServiceContext({
|
|
1782
1927
|
invoke: this.wasmBindings.invoke,
|
|
1783
1928
|
invokeAny: this.wasmBindings.invokeAny,
|
|
1784
1929
|
fetch: globalThis.fetch.bind(globalThis),
|
|
1785
1930
|
hosts: [this.config.host]
|
|
1786
1931
|
});
|
|
1787
|
-
this._kv = new
|
|
1932
|
+
this._kv = new import_sdk_core6.KVService({});
|
|
1788
1933
|
this._kv.initialize(this._serviceContext);
|
|
1789
1934
|
this._serviceContext.registerService("kv", this._kv);
|
|
1790
1935
|
const features = this.nodeFeatures;
|
|
1791
1936
|
if (features.length === 0 || features.includes("sql")) {
|
|
1792
|
-
this._sql = new
|
|
1937
|
+
this._sql = new import_sdk_core6.SQLService({});
|
|
1793
1938
|
this._sql.initialize(this._serviceContext);
|
|
1794
1939
|
this._serviceContext.registerService("sql", this._sql);
|
|
1795
1940
|
}
|
|
1796
1941
|
if (features.length === 0 || features.includes("duckdb")) {
|
|
1797
|
-
this._duckdb = new
|
|
1942
|
+
this._duckdb = new import_sdk_core6.DuckDbService({});
|
|
1798
1943
|
this._duckdb.initialize(this._serviceContext);
|
|
1799
1944
|
this._serviceContext.registerService("duckdb", this._duckdb);
|
|
1800
1945
|
}
|
|
1801
|
-
this._hooks = new
|
|
1946
|
+
this._hooks = new import_sdk_core6.HooksService({});
|
|
1802
1947
|
this._hooks.initialize(this._serviceContext);
|
|
1803
1948
|
this._serviceContext.registerService("hooks", this._hooks);
|
|
1804
1949
|
const serviceSession = {
|
|
@@ -1810,8 +1955,30 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
1810
1955
|
};
|
|
1811
1956
|
this._serviceContext.setSession(serviceSession);
|
|
1812
1957
|
this.tc.serviceContext.setSession(serviceSession);
|
|
1958
|
+
this._vault = this.createVaultService(session.spaceId, this._kv);
|
|
1959
|
+
this._vault.initialize(this._serviceContext);
|
|
1960
|
+
this._serviceContext.registerService("vault", this._vault);
|
|
1961
|
+
this.initializeV2Services(serviceSession);
|
|
1962
|
+
}
|
|
1963
|
+
createSpaceScopedKVService(spaceId) {
|
|
1964
|
+
const kvService = new import_sdk_core6.KVService({});
|
|
1965
|
+
if (this._serviceContext) {
|
|
1966
|
+
const spaceScopedContext = new import_sdk_core6.ServiceContext({
|
|
1967
|
+
invoke: this._serviceContext.invoke,
|
|
1968
|
+
fetch: this._serviceContext.fetch,
|
|
1969
|
+
hosts: this._serviceContext.hosts
|
|
1970
|
+
});
|
|
1971
|
+
const session = this._serviceContext.session;
|
|
1972
|
+
if (session) {
|
|
1973
|
+
spaceScopedContext.setSession({ ...session, spaceId });
|
|
1974
|
+
}
|
|
1975
|
+
kvService.initialize(spaceScopedContext);
|
|
1976
|
+
}
|
|
1977
|
+
return kvService;
|
|
1978
|
+
}
|
|
1979
|
+
createVaultService(spaceId, kv) {
|
|
1813
1980
|
const wasm = this.wasmBindings;
|
|
1814
|
-
const vaultCrypto = (0,
|
|
1981
|
+
const vaultCrypto = (0, import_sdk_core6.createVaultCrypto)({
|
|
1815
1982
|
vault_encrypt: wasm.vault_encrypt,
|
|
1816
1983
|
vault_decrypt: wasm.vault_decrypt,
|
|
1817
1984
|
vault_derive_key: wasm.vault_derive_key,
|
|
@@ -1821,11 +1988,11 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
1821
1988
|
vault_sha256: wasm.vault_sha256
|
|
1822
1989
|
});
|
|
1823
1990
|
const self = this;
|
|
1824
|
-
|
|
1825
|
-
spaceId
|
|
1991
|
+
return new import_sdk_core6.DataVaultService({
|
|
1992
|
+
spaceId,
|
|
1826
1993
|
crypto: vaultCrypto,
|
|
1827
1994
|
tc: {
|
|
1828
|
-
kv
|
|
1995
|
+
kv,
|
|
1829
1996
|
ensurePublicSpace: async () => {
|
|
1830
1997
|
try {
|
|
1831
1998
|
await self.ensurePublicSpace();
|
|
@@ -1837,24 +2004,21 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
1837
2004
|
get publicKV() {
|
|
1838
2005
|
return self._publicKV ?? self.tc.publicKV;
|
|
1839
2006
|
},
|
|
1840
|
-
readPublicSpace: (host,
|
|
1841
|
-
makePublicSpaceId:
|
|
2007
|
+
readPublicSpace: (host, targetSpaceId, key) => import_sdk_core6.TinyCloud.readPublicSpace(host, targetSpaceId, key),
|
|
2008
|
+
makePublicSpaceId: import_sdk_core6.TinyCloud.makePublicSpaceId,
|
|
1842
2009
|
did: this.did,
|
|
1843
|
-
address: this._address,
|
|
2010
|
+
address: this._address ?? "",
|
|
1844
2011
|
chainId: this._chainId,
|
|
1845
2012
|
hosts: [this.config.host]
|
|
1846
2013
|
}
|
|
1847
2014
|
});
|
|
1848
|
-
this._vault.initialize(this._serviceContext);
|
|
1849
|
-
this._serviceContext.registerService("vault", this._vault);
|
|
1850
|
-
this.initializeV2Services(serviceSession);
|
|
1851
2015
|
}
|
|
1852
2016
|
/**
|
|
1853
2017
|
* Initialize the v2 delegation system services.
|
|
1854
2018
|
* @internal
|
|
1855
2019
|
*/
|
|
1856
2020
|
initializeV2Services(serviceSession) {
|
|
1857
|
-
this._capabilityRegistry = new
|
|
2021
|
+
this._capabilityRegistry = new import_sdk_core6.CapabilityKeyRegistry();
|
|
1858
2022
|
const tcSession = this.auth?.tinyCloudSession;
|
|
1859
2023
|
if (tcSession && this._address) {
|
|
1860
2024
|
const sessionKey = {
|
|
@@ -1928,13 +2092,13 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
1928
2092
|
}
|
|
1929
2093
|
this._capabilityRegistry.registerKey(sessionKey, delegations);
|
|
1930
2094
|
}
|
|
1931
|
-
this._delegationManager = new
|
|
2095
|
+
this._delegationManager = new import_sdk_core6.DelegationManager({
|
|
1932
2096
|
hosts: [this.config.host],
|
|
1933
2097
|
session: serviceSession,
|
|
1934
2098
|
invoke: this.wasmBindings.invoke,
|
|
1935
2099
|
fetch: globalThis.fetch.bind(globalThis)
|
|
1936
2100
|
});
|
|
1937
|
-
this._spaceService = new
|
|
2101
|
+
this._spaceService = new import_sdk_core6.SpaceService({
|
|
1938
2102
|
hosts: [this.config.host],
|
|
1939
2103
|
session: serviceSession,
|
|
1940
2104
|
invoke: this.wasmBindings.invoke,
|
|
@@ -1942,20 +2106,15 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
1942
2106
|
capabilityRegistry: this._capabilityRegistry,
|
|
1943
2107
|
userDid: this.did,
|
|
1944
2108
|
createKVService: (spaceId) => {
|
|
1945
|
-
|
|
2109
|
+
return this.createSpaceScopedKVService(spaceId);
|
|
2110
|
+
},
|
|
2111
|
+
createVaultService: (spaceId) => {
|
|
2112
|
+
const kvService = this.createSpaceScopedKVService(spaceId);
|
|
2113
|
+
const vaultService = this.createVaultService(spaceId, kvService);
|
|
1946
2114
|
if (this._serviceContext) {
|
|
1947
|
-
|
|
1948
|
-
invoke: this._serviceContext.invoke,
|
|
1949
|
-
fetch: this._serviceContext.fetch,
|
|
1950
|
-
hosts: this._serviceContext.hosts
|
|
1951
|
-
});
|
|
1952
|
-
const session = this._serviceContext.session;
|
|
1953
|
-
if (session) {
|
|
1954
|
-
spaceScopedContext.setSession({ ...session, spaceId });
|
|
1955
|
-
}
|
|
1956
|
-
kvService.initialize(spaceScopedContext);
|
|
2115
|
+
vaultService.initialize(this._serviceContext);
|
|
1957
2116
|
}
|
|
1958
|
-
return
|
|
2117
|
+
return vaultService;
|
|
1959
2118
|
},
|
|
1960
2119
|
// Enable space.delegations.create() via SIWE-based delegation
|
|
1961
2120
|
createDelegation: async (params) => {
|
|
@@ -2096,7 +2255,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
2096
2255
|
...prepared,
|
|
2097
2256
|
signature
|
|
2098
2257
|
});
|
|
2099
|
-
const activateResult = await (0,
|
|
2258
|
+
const activateResult = await (0, import_sdk_core6.activateSessionWithHost)(
|
|
2100
2259
|
host,
|
|
2101
2260
|
delegationSession.delegationHeader
|
|
2102
2261
|
);
|
|
@@ -2163,7 +2322,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
2163
2322
|
if (!this._sql) {
|
|
2164
2323
|
const features = this.nodeFeatures;
|
|
2165
2324
|
if (features.length > 0 && !features.includes("sql")) {
|
|
2166
|
-
throw new
|
|
2325
|
+
throw new import_sdk_core6.UnsupportedFeatureError("sql", this.config.host, features);
|
|
2167
2326
|
}
|
|
2168
2327
|
throw new Error("Not signed in. Call signIn() first.");
|
|
2169
2328
|
}
|
|
@@ -2176,7 +2335,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
2176
2335
|
if (!this._duckdb) {
|
|
2177
2336
|
const features = this.nodeFeatures;
|
|
2178
2337
|
if (features.length > 0 && !features.includes("duckdb")) {
|
|
2179
|
-
throw new
|
|
2338
|
+
throw new import_sdk_core6.UnsupportedFeatureError("duckdb", this.config.host, features);
|
|
2180
2339
|
}
|
|
2181
2340
|
throw new Error("Not signed in. Call signIn() first.");
|
|
2182
2341
|
}
|
|
@@ -2192,6 +2351,33 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
2192
2351
|
}
|
|
2193
2352
|
return this._vault;
|
|
2194
2353
|
}
|
|
2354
|
+
/**
|
|
2355
|
+
* App-facing secrets API backed by the `secrets` space vault.
|
|
2356
|
+
*/
|
|
2357
|
+
get secrets() {
|
|
2358
|
+
if (!this._spaceService) {
|
|
2359
|
+
throw new Error("Not signed in. Call signIn() first.");
|
|
2360
|
+
}
|
|
2361
|
+
if (!this._secrets) {
|
|
2362
|
+
this._secrets = new NodeSecretsService({
|
|
2363
|
+
getService: () => this.getBaseSecrets(),
|
|
2364
|
+
getManifest: () => this.manifest,
|
|
2365
|
+
setManifest: (manifest) => this.setManifest(manifest),
|
|
2366
|
+
signIn: () => this.signIn(),
|
|
2367
|
+
canEscalate: () => this.signer !== void 0 && this.tc !== void 0
|
|
2368
|
+
});
|
|
2369
|
+
}
|
|
2370
|
+
return this._secrets;
|
|
2371
|
+
}
|
|
2372
|
+
getBaseSecrets() {
|
|
2373
|
+
if (!this._spaceService) {
|
|
2374
|
+
throw new Error("Not signed in. Call signIn() first.");
|
|
2375
|
+
}
|
|
2376
|
+
if (!this._baseSecrets) {
|
|
2377
|
+
this._baseSecrets = new import_sdk_core6.SecretsService(() => this.space("secrets").vault);
|
|
2378
|
+
}
|
|
2379
|
+
return this._baseSecrets;
|
|
2380
|
+
}
|
|
2195
2381
|
/**
|
|
2196
2382
|
* Hooks write stream subscription API.
|
|
2197
2383
|
*/
|
|
@@ -2330,6 +2516,12 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
2330
2516
|
get spaceService() {
|
|
2331
2517
|
return this.spaces;
|
|
2332
2518
|
}
|
|
2519
|
+
/**
|
|
2520
|
+
* Get a Space object by short name or full URI.
|
|
2521
|
+
*/
|
|
2522
|
+
space(nameOrUri) {
|
|
2523
|
+
return this.spaces.get(nameOrUri);
|
|
2524
|
+
}
|
|
2333
2525
|
/**
|
|
2334
2526
|
* Get the SharingService for creating and receiving v2 sharing links.
|
|
2335
2527
|
*
|
|
@@ -2415,7 +2607,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
2415
2607
|
...prepared,
|
|
2416
2608
|
signature
|
|
2417
2609
|
});
|
|
2418
|
-
const activateResult = await (0,
|
|
2610
|
+
const activateResult = await (0, import_sdk_core6.activateSessionWithHost)(
|
|
2419
2611
|
this.config.host,
|
|
2420
2612
|
delegationSession.delegationHeader
|
|
2421
2613
|
);
|
|
@@ -2442,8 +2634,8 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
2442
2634
|
}]);
|
|
2443
2635
|
}
|
|
2444
2636
|
if (this._serviceContext) {
|
|
2445
|
-
const publicKV = new
|
|
2446
|
-
const publicContext = new
|
|
2637
|
+
const publicKV = new import_sdk_core6.KVService({ prefix: "" });
|
|
2638
|
+
const publicContext = new import_sdk_core6.ServiceContext({
|
|
2447
2639
|
invoke: this.wasmBindings.invoke,
|
|
2448
2640
|
fetch: this._serviceContext.fetch,
|
|
2449
2641
|
hosts: this._serviceContext.hosts
|
|
@@ -2568,14 +2760,14 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
2568
2760
|
async delegateTo(did, permissions, options) {
|
|
2569
2761
|
const session = this.auth?.tinyCloudSession;
|
|
2570
2762
|
if (!session) {
|
|
2571
|
-
throw new
|
|
2763
|
+
throw new import_sdk_core6.SessionExpiredError(/* @__PURE__ */ new Date(0));
|
|
2572
2764
|
}
|
|
2573
2765
|
const sessionExpiry = extractSiweExpiration(session.siwe);
|
|
2574
2766
|
if (sessionExpiry !== void 0) {
|
|
2575
2767
|
const now2 = Date.now();
|
|
2576
2768
|
const marginMs = _TinyCloudNode.SESSION_EXPIRY_SAFETY_MARGIN_MS;
|
|
2577
2769
|
if (sessionExpiry.getTime() <= now2 + marginMs) {
|
|
2578
|
-
throw new
|
|
2770
|
+
throw new import_sdk_core6.SessionExpiredError(sessionExpiry);
|
|
2579
2771
|
}
|
|
2580
2772
|
}
|
|
2581
2773
|
if (!Array.isArray(permissions) || permissions.length === 0) {
|
|
@@ -2585,7 +2777,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
2585
2777
|
}
|
|
2586
2778
|
const expandedEntries = permissions.map((entry) => ({
|
|
2587
2779
|
...entry,
|
|
2588
|
-
actions: (0,
|
|
2780
|
+
actions: (0, import_sdk_core6.expandActionShortNames)(entry.service, entry.actions)
|
|
2589
2781
|
}));
|
|
2590
2782
|
const now = /* @__PURE__ */ new Date();
|
|
2591
2783
|
const expiryMs = resolveExpiryMs(options?.expiry);
|
|
@@ -2607,13 +2799,13 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
2607
2799
|
);
|
|
2608
2800
|
return { delegation: delegation2, prompted: true };
|
|
2609
2801
|
}
|
|
2610
|
-
const granted = (0,
|
|
2802
|
+
const granted = (0, import_sdk_core6.parseRecapCapabilities)(
|
|
2611
2803
|
(siwe) => this.wasmBindings.parseRecapFromSiwe(siwe),
|
|
2612
2804
|
session.siwe
|
|
2613
2805
|
);
|
|
2614
|
-
const { subset, missing } = (0,
|
|
2806
|
+
const { subset, missing } = (0, import_sdk_core6.isCapabilitySubset)(expandedEntries, granted);
|
|
2615
2807
|
if (!subset) {
|
|
2616
|
-
throw new
|
|
2808
|
+
throw new import_sdk_core6.PermissionNotInManifestError(missing, granted);
|
|
2617
2809
|
}
|
|
2618
2810
|
const delegation = await this.createDelegationViaWasmPath(
|
|
2619
2811
|
did,
|
|
@@ -2693,7 +2885,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
2693
2885
|
const spaceId = [...resolvedSpaces][0];
|
|
2694
2886
|
const abilities = {};
|
|
2695
2887
|
for (const entry of entries) {
|
|
2696
|
-
const shortService =
|
|
2888
|
+
const shortService = import_sdk_core6.SERVICE_LONG_TO_SHORT[entry.service];
|
|
2697
2889
|
if (shortService === void 0) {
|
|
2698
2890
|
throw new Error(
|
|
2699
2891
|
`delegateTo: unknown service '${entry.service}' \u2014 no short-form mapping`
|
|
@@ -2733,7 +2925,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
2733
2925
|
});
|
|
2734
2926
|
const primary = result.resources[0];
|
|
2735
2927
|
const delegationHeader = { Authorization: result.delegation };
|
|
2736
|
-
const activateResult = await (0,
|
|
2928
|
+
const activateResult = await (0, import_sdk_core6.activateSessionWithHost)(
|
|
2737
2929
|
this.config.host,
|
|
2738
2930
|
delegationHeader
|
|
2739
2931
|
);
|
|
@@ -2829,7 +3021,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
2829
3021
|
);
|
|
2830
3022
|
return result.delegation;
|
|
2831
3023
|
} catch (err) {
|
|
2832
|
-
if (err instanceof
|
|
3024
|
+
if (err instanceof import_sdk_core6.PermissionNotInManifestError) {
|
|
2833
3025
|
} else {
|
|
2834
3026
|
throw err;
|
|
2835
3027
|
}
|
|
@@ -2886,7 +3078,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
2886
3078
|
...prepared,
|
|
2887
3079
|
signature
|
|
2888
3080
|
});
|
|
2889
|
-
const activateResult = await (0,
|
|
3081
|
+
const activateResult = await (0, import_sdk_core6.activateSessionWithHost)(
|
|
2890
3082
|
this.config.host,
|
|
2891
3083
|
delegationSession.delegationHeader
|
|
2892
3084
|
);
|
|
@@ -2908,7 +3100,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
2908
3100
|
};
|
|
2909
3101
|
const hasKvActions = params.actions.some((a) => a.startsWith("tinycloud.kv/"));
|
|
2910
3102
|
if (hasKvActions && params.includePublicSpace !== false) {
|
|
2911
|
-
const publicSpaceId = (0,
|
|
3103
|
+
const publicSpaceId = (0, import_sdk_core6.makePublicSpaceId)(
|
|
2912
3104
|
this.wasmBindings.ensureEip55(session.address),
|
|
2913
3105
|
session.chainId
|
|
2914
3106
|
);
|
|
@@ -2931,7 +3123,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
2931
3123
|
...publicPrepared,
|
|
2932
3124
|
signature: publicSignature
|
|
2933
3125
|
});
|
|
2934
|
-
const publicActivateResult = await (0,
|
|
3126
|
+
const publicActivateResult = await (0, import_sdk_core6.activateSessionWithHost)(
|
|
2935
3127
|
this.config.host,
|
|
2936
3128
|
publicSession.delegationHeader
|
|
2937
3129
|
);
|
|
@@ -3030,7 +3222,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
3030
3222
|
...prepared,
|
|
3031
3223
|
signature
|
|
3032
3224
|
});
|
|
3033
|
-
const activateResult = await (0,
|
|
3225
|
+
const activateResult = await (0, import_sdk_core6.activateSessionWithHost)(
|
|
3034
3226
|
targetHost,
|
|
3035
3227
|
invokerSession.delegationHeader
|
|
3036
3228
|
);
|
|
@@ -3119,7 +3311,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
3119
3311
|
...prepared,
|
|
3120
3312
|
signature
|
|
3121
3313
|
});
|
|
3122
|
-
const activateResult = await (0,
|
|
3314
|
+
const activateResult = await (0, import_sdk_core6.activateSessionWithHost)(
|
|
3123
3315
|
targetHost,
|
|
3124
3316
|
subDelegationSession.delegationHeader
|
|
3125
3317
|
);
|
|
@@ -3155,7 +3347,7 @@ _TinyCloudNode.SESSION_EXPIRY_SAFETY_MARGIN_MS = 6e4;
|
|
|
3155
3347
|
var TinyCloudNode = _TinyCloudNode;
|
|
3156
3348
|
|
|
3157
3349
|
// src/core.ts
|
|
3158
|
-
var
|
|
3350
|
+
var import_sdk_core9 = require("@tinycloud/sdk-core");
|
|
3159
3351
|
|
|
3160
3352
|
// src/delegation.ts
|
|
3161
3353
|
function serializeDelegation(delegation) {
|
|
@@ -3174,7 +3366,6 @@ function deserializeDelegation(data) {
|
|
|
3174
3366
|
}
|
|
3175
3367
|
|
|
3176
3368
|
// src/core.ts
|
|
3177
|
-
var import_sdk_core9 = require("@tinycloud/sdk-core");
|
|
3178
3369
|
var import_sdk_core10 = require("@tinycloud/sdk-core");
|
|
3179
3370
|
var import_sdk_core11 = require("@tinycloud/sdk-core");
|
|
3180
3371
|
var import_sdk_core12 = require("@tinycloud/sdk-core");
|
|
@@ -3183,6 +3374,7 @@ var import_sdk_core14 = require("@tinycloud/sdk-core");
|
|
|
3183
3374
|
var import_sdk_core15 = require("@tinycloud/sdk-core");
|
|
3184
3375
|
var import_sdk_core16 = require("@tinycloud/sdk-core");
|
|
3185
3376
|
var import_sdk_core17 = require("@tinycloud/sdk-core");
|
|
3377
|
+
var import_sdk_core18 = require("@tinycloud/sdk-core");
|
|
3186
3378
|
// Annotate the CommonJS export names for ESM import in node:
|
|
3187
3379
|
0 && (module.exports = {
|
|
3188
3380
|
ACCOUNT_REGISTRY_PATH,
|
|
@@ -3210,6 +3402,7 @@ var import_sdk_core17 = require("@tinycloud/sdk-core");
|
|
|
3210
3402
|
ProtocolMismatchError,
|
|
3211
3403
|
SQLAction,
|
|
3212
3404
|
SQLService,
|
|
3405
|
+
SecretsService,
|
|
3213
3406
|
ServiceContext,
|
|
3214
3407
|
SessionExpiredError,
|
|
3215
3408
|
SharingService,
|