@tinycloud/node-sdk 2.2.0-beta.5 → 2.2.0-beta.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{core-DdMPUB5s.d.cts → core-C3s0bgRe.d.cts} +14 -1
- package/dist/{core-DdMPUB5s.d.ts → core-C3s0bgRe.d.ts} +14 -1
- package/dist/core.cjs +348 -155
- package/dist/core.cjs.map +1 -1
- package/dist/core.d.cts +2 -2
- package/dist/core.d.ts +2 -2
- package/dist/core.js +254 -58
- package/dist/core.js.map +1 -1
- package/dist/index.cjs +351 -158
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +2 -2
- package/dist/index.d.ts +2 -2
- package/dist/index.js +255 -58
- package/dist/index.js.map +1 -1
- package/package.json +2 -2
package/dist/index.cjs
CHANGED
|
@@ -17025,69 +17025,70 @@ var require_utils2 = __commonJS({
|
|
|
17025
17025
|
// src/index.ts
|
|
17026
17026
|
var index_exports = {};
|
|
17027
17027
|
__export(index_exports, {
|
|
17028
|
-
ACCOUNT_REGISTRY_PATH: () =>
|
|
17029
|
-
ACCOUNT_REGISTRY_SPACE: () =>
|
|
17030
|
-
AutoApproveSpaceCreationHandler: () =>
|
|
17031
|
-
CapabilityKeyRegistry: () =>
|
|
17032
|
-
CapabilityKeyRegistryErrorCodes: () =>
|
|
17033
|
-
DEFAULT_MANIFEST_SPACE: () =>
|
|
17034
|
-
DEFAULT_MANIFEST_VERSION: () =>
|
|
17035
|
-
DataVaultService: () =>
|
|
17036
|
-
DatabaseHandle: () =>
|
|
17028
|
+
ACCOUNT_REGISTRY_PATH: () => import_sdk_core9.ACCOUNT_REGISTRY_PATH,
|
|
17029
|
+
ACCOUNT_REGISTRY_SPACE: () => import_sdk_core9.ACCOUNT_REGISTRY_SPACE,
|
|
17030
|
+
AutoApproveSpaceCreationHandler: () => import_sdk_core8.AutoApproveSpaceCreationHandler,
|
|
17031
|
+
CapabilityKeyRegistry: () => import_sdk_core16.CapabilityKeyRegistry,
|
|
17032
|
+
CapabilityKeyRegistryErrorCodes: () => import_sdk_core16.CapabilityKeyRegistryErrorCodes,
|
|
17033
|
+
DEFAULT_MANIFEST_SPACE: () => import_sdk_core9.DEFAULT_MANIFEST_SPACE,
|
|
17034
|
+
DEFAULT_MANIFEST_VERSION: () => import_sdk_core9.DEFAULT_MANIFEST_VERSION,
|
|
17035
|
+
DataVaultService: () => import_sdk_core13.DataVaultService,
|
|
17036
|
+
DatabaseHandle: () => import_sdk_core11.DatabaseHandle,
|
|
17037
17037
|
DelegatedAccess: () => DelegatedAccess,
|
|
17038
|
-
DelegationErrorCodes: () =>
|
|
17039
|
-
DelegationManager: () =>
|
|
17040
|
-
DuckDbAction: () =>
|
|
17041
|
-
DuckDbDatabaseHandle: () =>
|
|
17042
|
-
DuckDbService: () =>
|
|
17038
|
+
DelegationErrorCodes: () => import_sdk_core15.DelegationErrorCodes,
|
|
17039
|
+
DelegationManager: () => import_sdk_core15.DelegationManager,
|
|
17040
|
+
DuckDbAction: () => import_sdk_core12.DuckDbAction,
|
|
17041
|
+
DuckDbDatabaseHandle: () => import_sdk_core12.DuckDbDatabaseHandle,
|
|
17042
|
+
DuckDbService: () => import_sdk_core12.DuckDbService,
|
|
17043
17043
|
FileSessionStorage: () => FileSessionStorage,
|
|
17044
|
-
HooksService: () =>
|
|
17045
|
-
KVService: () =>
|
|
17046
|
-
ManifestValidationError: () =>
|
|
17044
|
+
HooksService: () => import_sdk_core14.HooksService,
|
|
17045
|
+
KVService: () => import_sdk_core10.KVService,
|
|
17046
|
+
ManifestValidationError: () => import_sdk_core9.ManifestValidationError,
|
|
17047
17047
|
MemorySessionStorage: () => MemorySessionStorage,
|
|
17048
17048
|
NodeUserAuthorization: () => NodeUserAuthorization,
|
|
17049
17049
|
NodeWasmBindings: () => NodeWasmBindings,
|
|
17050
|
-
PermissionNotInManifestError: () =>
|
|
17051
|
-
PrefixedKVService: () =>
|
|
17050
|
+
PermissionNotInManifestError: () => import_sdk_core9.PermissionNotInManifestError,
|
|
17051
|
+
PrefixedKVService: () => import_sdk_core10.PrefixedKVService,
|
|
17052
17052
|
PrivateKeySigner: () => PrivateKeySigner,
|
|
17053
|
-
ProtocolMismatchError: () =>
|
|
17054
|
-
SQLAction: () =>
|
|
17055
|
-
SQLService: () =>
|
|
17056
|
-
|
|
17057
|
-
|
|
17058
|
-
|
|
17059
|
-
|
|
17060
|
-
|
|
17061
|
-
|
|
17062
|
-
|
|
17063
|
-
|
|
17053
|
+
ProtocolMismatchError: () => import_sdk_core18.ProtocolMismatchError,
|
|
17054
|
+
SQLAction: () => import_sdk_core11.SQLAction,
|
|
17055
|
+
SQLService: () => import_sdk_core11.SQLService,
|
|
17056
|
+
SecretsService: () => import_sdk_core13.SecretsService,
|
|
17057
|
+
ServiceContext: () => import_sdk_core19.ServiceContext,
|
|
17058
|
+
SessionExpiredError: () => import_sdk_core9.SessionExpiredError,
|
|
17059
|
+
SharingService: () => import_sdk_core15.SharingService,
|
|
17060
|
+
SilentNotificationHandler: () => import_sdk_core8.SilentNotificationHandler,
|
|
17061
|
+
Space: () => import_sdk_core17.Space,
|
|
17062
|
+
SpaceErrorCodes: () => import_sdk_core17.SpaceErrorCodes,
|
|
17063
|
+
SpaceService: () => import_sdk_core17.SpaceService,
|
|
17064
|
+
TinyCloud: () => import_sdk_core7.TinyCloud,
|
|
17064
17065
|
TinyCloudNode: () => TinyCloudNode,
|
|
17065
|
-
UnsupportedFeatureError: () =>
|
|
17066
|
-
VaultHeaders: () =>
|
|
17067
|
-
VaultPublicSpaceKVActions: () =>
|
|
17068
|
-
VersionCheckError: () =>
|
|
17066
|
+
UnsupportedFeatureError: () => import_sdk_core18.UnsupportedFeatureError,
|
|
17067
|
+
VaultHeaders: () => import_sdk_core13.VaultHeaders,
|
|
17068
|
+
VaultPublicSpaceKVActions: () => import_sdk_core13.VaultPublicSpaceKVActions,
|
|
17069
|
+
VersionCheckError: () => import_sdk_core18.VersionCheckError,
|
|
17069
17070
|
WasmKeyProvider: () => WasmKeyProvider,
|
|
17070
|
-
buildSpaceUri: () =>
|
|
17071
|
-
checkNodeInfo: () =>
|
|
17072
|
-
composeManifestRequest: () =>
|
|
17073
|
-
createCapabilityKeyRegistry: () =>
|
|
17074
|
-
createSharingService: () =>
|
|
17075
|
-
createSpaceService: () =>
|
|
17076
|
-
createVaultCrypto: () =>
|
|
17071
|
+
buildSpaceUri: () => import_sdk_core17.buildSpaceUri,
|
|
17072
|
+
checkNodeInfo: () => import_sdk_core18.checkNodeInfo,
|
|
17073
|
+
composeManifestRequest: () => import_sdk_core9.composeManifestRequest,
|
|
17074
|
+
createCapabilityKeyRegistry: () => import_sdk_core16.createCapabilityKeyRegistry,
|
|
17075
|
+
createSharingService: () => import_sdk_core15.createSharingService,
|
|
17076
|
+
createSpaceService: () => import_sdk_core17.createSpaceService,
|
|
17077
|
+
createVaultCrypto: () => import_sdk_core13.createVaultCrypto,
|
|
17077
17078
|
createWasmKeyProvider: () => createWasmKeyProvider,
|
|
17078
17079
|
defaultSignStrategy: () => defaultSignStrategy,
|
|
17079
|
-
defaultSpaceCreationHandler: () =>
|
|
17080
|
+
defaultSpaceCreationHandler: () => import_sdk_core8.defaultSpaceCreationHandler,
|
|
17080
17081
|
deserializeDelegation: () => deserializeDelegation,
|
|
17081
|
-
expandActionShortNames: () =>
|
|
17082
|
-
isCapabilitySubset: () =>
|
|
17083
|
-
loadManifest: () =>
|
|
17084
|
-
makePublicSpaceId: () =>
|
|
17085
|
-
parseExpiry: () =>
|
|
17086
|
-
parseSpaceUri: () =>
|
|
17087
|
-
resolveManifest: () =>
|
|
17088
|
-
resourceCapabilitiesToSpaceAbilitiesMap: () =>
|
|
17082
|
+
expandActionShortNames: () => import_sdk_core9.expandActionShortNames,
|
|
17083
|
+
isCapabilitySubset: () => import_sdk_core9.isCapabilitySubset,
|
|
17084
|
+
loadManifest: () => import_sdk_core9.loadManifest,
|
|
17085
|
+
makePublicSpaceId: () => import_sdk_core17.makePublicSpaceId,
|
|
17086
|
+
parseExpiry: () => import_sdk_core9.parseExpiry,
|
|
17087
|
+
parseSpaceUri: () => import_sdk_core17.parseSpaceUri,
|
|
17088
|
+
resolveManifest: () => import_sdk_core9.resolveManifest,
|
|
17089
|
+
resourceCapabilitiesToSpaceAbilitiesMap: () => import_sdk_core9.resourceCapabilitiesToSpaceAbilitiesMap,
|
|
17089
17090
|
serializeDelegation: () => serializeDelegation,
|
|
17090
|
-
validateManifest: () =>
|
|
17091
|
+
validateManifest: () => import_sdk_core9.validateManifest
|
|
17091
17092
|
});
|
|
17092
17093
|
module.exports = __toCommonJS(index_exports);
|
|
17093
17094
|
|
|
@@ -17191,7 +17192,7 @@ var PrivateKeySigner = class {
|
|
|
17191
17192
|
};
|
|
17192
17193
|
|
|
17193
17194
|
// src/TinyCloudNode.ts
|
|
17194
|
-
var
|
|
17195
|
+
var import_sdk_core5 = require("@tinycloud/sdk-core");
|
|
17195
17196
|
|
|
17196
17197
|
// src/authorization/NodeUserAuthorization.ts
|
|
17197
17198
|
var import_sdk_core = require("@tinycloud/sdk-core");
|
|
@@ -18237,6 +18238,176 @@ function extractSiweExpiration(siwe) {
|
|
|
18237
18238
|
return d;
|
|
18238
18239
|
}
|
|
18239
18240
|
|
|
18241
|
+
// src/NodeSecretsService.ts
|
|
18242
|
+
var import_sdk_core4 = require("@tinycloud/sdk-core");
|
|
18243
|
+
var SECRET_NAME_RE = /^[A-Z][A-Z0-9_]*$/;
|
|
18244
|
+
var SECRET_PREFIX = "secrets/";
|
|
18245
|
+
var SECRETS_SPACE = "secrets";
|
|
18246
|
+
function ok() {
|
|
18247
|
+
return { ok: true, data: void 0 };
|
|
18248
|
+
}
|
|
18249
|
+
function secretsError(code, message, cause) {
|
|
18250
|
+
return {
|
|
18251
|
+
ok: false,
|
|
18252
|
+
error: {
|
|
18253
|
+
code,
|
|
18254
|
+
service: "secrets",
|
|
18255
|
+
message,
|
|
18256
|
+
...cause ? { cause } : {}
|
|
18257
|
+
}
|
|
18258
|
+
};
|
|
18259
|
+
}
|
|
18260
|
+
function actionUrn(action) {
|
|
18261
|
+
return `tinycloud.kv/${action}`;
|
|
18262
|
+
}
|
|
18263
|
+
function secretResourcePath(base2, name) {
|
|
18264
|
+
return `${base2}/${SECRET_PREFIX}${name}`;
|
|
18265
|
+
}
|
|
18266
|
+
function secretPermissionEntries(name, action) {
|
|
18267
|
+
return [
|
|
18268
|
+
{
|
|
18269
|
+
service: "tinycloud.kv",
|
|
18270
|
+
space: SECRETS_SPACE,
|
|
18271
|
+
path: secretResourcePath("keys", name),
|
|
18272
|
+
actions: [action],
|
|
18273
|
+
skipPrefix: true
|
|
18274
|
+
},
|
|
18275
|
+
{
|
|
18276
|
+
service: "tinycloud.kv",
|
|
18277
|
+
space: SECRETS_SPACE,
|
|
18278
|
+
path: secretResourcePath("vault", name),
|
|
18279
|
+
actions: [action],
|
|
18280
|
+
skipPrefix: true
|
|
18281
|
+
}
|
|
18282
|
+
];
|
|
18283
|
+
}
|
|
18284
|
+
function isSecretsSpace(space) {
|
|
18285
|
+
return space === SECRETS_SPACE || space.endsWith(`:${SECRETS_SPACE}`);
|
|
18286
|
+
}
|
|
18287
|
+
function composeEscalatedManifest(manifest, additional) {
|
|
18288
|
+
if (Array.isArray(manifest)) {
|
|
18289
|
+
const [primary, ...rest] = manifest;
|
|
18290
|
+
return [
|
|
18291
|
+
{
|
|
18292
|
+
...primary,
|
|
18293
|
+
permissions: [...primary.permissions ?? [], ...additional]
|
|
18294
|
+
},
|
|
18295
|
+
...rest
|
|
18296
|
+
];
|
|
18297
|
+
}
|
|
18298
|
+
return {
|
|
18299
|
+
...manifest,
|
|
18300
|
+
permissions: [...manifest.permissions ?? [], ...additional]
|
|
18301
|
+
};
|
|
18302
|
+
}
|
|
18303
|
+
var NodeSecretsService = class {
|
|
18304
|
+
constructor(config) {
|
|
18305
|
+
this.config = config;
|
|
18306
|
+
this.shouldRestoreUnlock = false;
|
|
18307
|
+
}
|
|
18308
|
+
get vault() {
|
|
18309
|
+
return this.service.vault;
|
|
18310
|
+
}
|
|
18311
|
+
get isUnlocked() {
|
|
18312
|
+
return this.service.isUnlocked;
|
|
18313
|
+
}
|
|
18314
|
+
async unlock(signer) {
|
|
18315
|
+
if (signer !== void 0) {
|
|
18316
|
+
this.unlockSigner = signer;
|
|
18317
|
+
}
|
|
18318
|
+
const result = await this.service.unlock(signer);
|
|
18319
|
+
if (result.ok) {
|
|
18320
|
+
this.shouldRestoreUnlock = true;
|
|
18321
|
+
}
|
|
18322
|
+
return result;
|
|
18323
|
+
}
|
|
18324
|
+
lock() {
|
|
18325
|
+
this.shouldRestoreUnlock = false;
|
|
18326
|
+
this.service.lock();
|
|
18327
|
+
}
|
|
18328
|
+
get(name) {
|
|
18329
|
+
return this.service.get(name);
|
|
18330
|
+
}
|
|
18331
|
+
async put(name, value) {
|
|
18332
|
+
const permission = await this.ensureMutationPermission(name, "put");
|
|
18333
|
+
if (!permission.ok) return permission;
|
|
18334
|
+
return this.service.put(name, value);
|
|
18335
|
+
}
|
|
18336
|
+
async delete(name) {
|
|
18337
|
+
const permission = await this.ensureMutationPermission(name, "del");
|
|
18338
|
+
if (!permission.ok) return permission;
|
|
18339
|
+
return this.service.delete(name);
|
|
18340
|
+
}
|
|
18341
|
+
list() {
|
|
18342
|
+
return this.service.list();
|
|
18343
|
+
}
|
|
18344
|
+
get service() {
|
|
18345
|
+
return this.config.getService();
|
|
18346
|
+
}
|
|
18347
|
+
async ensureMutationPermission(name, action) {
|
|
18348
|
+
if (!SECRET_NAME_RE.test(name)) {
|
|
18349
|
+
return secretsError(
|
|
18350
|
+
import_sdk_core4.ErrorCodes.INVALID_INPUT,
|
|
18351
|
+
`Invalid secret name ${JSON.stringify(name)}. Secret names must match ${SECRET_NAME_RE.source}.`
|
|
18352
|
+
);
|
|
18353
|
+
}
|
|
18354
|
+
if (this.hasMutationPermission(name, action)) {
|
|
18355
|
+
return ok();
|
|
18356
|
+
}
|
|
18357
|
+
if (!this.config.canEscalate()) {
|
|
18358
|
+
return secretsError(
|
|
18359
|
+
import_sdk_core4.ErrorCodes.PERMISSION_DENIED,
|
|
18360
|
+
`Cannot autosign ${actionUrn(action)} for ${name}; TinyCloudNode needs wallet mode with a signer or privateKey.`
|
|
18361
|
+
);
|
|
18362
|
+
}
|
|
18363
|
+
const manifest = this.config.getManifest();
|
|
18364
|
+
if (manifest === void 0) {
|
|
18365
|
+
return secretsError(
|
|
18366
|
+
import_sdk_core4.ErrorCodes.PERMISSION_DENIED,
|
|
18367
|
+
`Cannot autosign ${actionUrn(action)} for ${name}; set a manifest before mutating secrets.`
|
|
18368
|
+
);
|
|
18369
|
+
}
|
|
18370
|
+
try {
|
|
18371
|
+
this.config.setManifest(
|
|
18372
|
+
composeEscalatedManifest(
|
|
18373
|
+
manifest,
|
|
18374
|
+
secretPermissionEntries(name, action)
|
|
18375
|
+
)
|
|
18376
|
+
);
|
|
18377
|
+
await this.config.signIn();
|
|
18378
|
+
return this.restoreUnlockAfterEscalation();
|
|
18379
|
+
} catch (error) {
|
|
18380
|
+
return secretsError(
|
|
18381
|
+
import_sdk_core4.ErrorCodes.PERMISSION_DENIED,
|
|
18382
|
+
error instanceof Error ? error.message : `Autosign escalation for ${actionUrn(action)} on ${name} failed.`,
|
|
18383
|
+
error instanceof Error ? error : void 0
|
|
18384
|
+
);
|
|
18385
|
+
}
|
|
18386
|
+
}
|
|
18387
|
+
async restoreUnlockAfterEscalation() {
|
|
18388
|
+
if (!this.shouldRestoreUnlock) {
|
|
18389
|
+
return ok();
|
|
18390
|
+
}
|
|
18391
|
+
return this.service.unlock(this.unlockSigner);
|
|
18392
|
+
}
|
|
18393
|
+
hasMutationPermission(name, action) {
|
|
18394
|
+
const manifest = this.config.getManifest();
|
|
18395
|
+
if (manifest === void 0) {
|
|
18396
|
+
return false;
|
|
18397
|
+
}
|
|
18398
|
+
const manifests = Array.isArray(manifest) ? manifest : [manifest];
|
|
18399
|
+
const requiredAction = actionUrn(action);
|
|
18400
|
+
return manifests.some((entry) => {
|
|
18401
|
+
const resolved = (0, import_sdk_core4.resolveManifest)(entry);
|
|
18402
|
+
return ["keys", "vault"].every(
|
|
18403
|
+
(base2) => resolved.resources.some(
|
|
18404
|
+
(resource) => resource.service === "tinycloud.kv" && isSecretsSpace(resource.space) && resource.path === secretResourcePath(base2, name) && resource.actions.includes(requiredAction)
|
|
18405
|
+
)
|
|
18406
|
+
);
|
|
18407
|
+
});
|
|
18408
|
+
}
|
|
18409
|
+
};
|
|
18410
|
+
|
|
18240
18411
|
// src/TinyCloudNode.ts
|
|
18241
18412
|
var DEFAULT_HOST = "https://node.tinycloud.xyz";
|
|
18242
18413
|
var _TinyCloudNode = class _TinyCloudNode {
|
|
@@ -18295,12 +18466,12 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18295
18466
|
throw new Error("Failed to get session key JWK");
|
|
18296
18467
|
}
|
|
18297
18468
|
this.sessionKeyJwk = JSON.parse(jwkStr);
|
|
18298
|
-
this._capabilityRegistry = new
|
|
18469
|
+
this._capabilityRegistry = new import_sdk_core5.CapabilityKeyRegistry();
|
|
18299
18470
|
this._keyProvider = new WasmKeyProvider({
|
|
18300
18471
|
sessionManager: this.sessionManager
|
|
18301
18472
|
});
|
|
18302
|
-
this.notificationHandler = config.notificationHandler ?? new
|
|
18303
|
-
this._sharingService = new
|
|
18473
|
+
this.notificationHandler = config.notificationHandler ?? new import_sdk_core5.SilentNotificationHandler();
|
|
18474
|
+
this._sharingService = new import_sdk_core5.SharingService({
|
|
18304
18475
|
hosts: [this.config.host],
|
|
18305
18476
|
// session: undefined - not needed for receive()
|
|
18306
18477
|
invoke: this.wasmBindings.invoke,
|
|
@@ -18310,8 +18481,8 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18310
18481
|
// delegationManager: undefined - not needed for receive()
|
|
18311
18482
|
createKVService: (config2) => {
|
|
18312
18483
|
const prefix = config2.pathPrefix?.replace(/\/$/, "");
|
|
18313
|
-
const kvService = new
|
|
18314
|
-
const kvContext = new
|
|
18484
|
+
const kvService = new import_sdk_core5.KVService({ prefix });
|
|
18485
|
+
const kvContext = new import_sdk_core5.ServiceContext({
|
|
18315
18486
|
invoke: config2.invoke,
|
|
18316
18487
|
fetch: config2.fetch ?? globalThis.fetch.bind(globalThis),
|
|
18317
18488
|
hosts: config2.hosts
|
|
@@ -18370,7 +18541,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18370
18541
|
capabilityRequest: config.capabilityRequest,
|
|
18371
18542
|
includeAccountRegistryPermissions: config.includeAccountRegistryPermissions
|
|
18372
18543
|
});
|
|
18373
|
-
this.tc = new
|
|
18544
|
+
this.tc = new import_sdk_core5.TinyCloud(this.auth, {
|
|
18374
18545
|
invokeAny: this.wasmBindings.invokeAny
|
|
18375
18546
|
});
|
|
18376
18547
|
}
|
|
@@ -18491,6 +18662,10 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18491
18662
|
this._sql = void 0;
|
|
18492
18663
|
this._duckdb = void 0;
|
|
18493
18664
|
this._hooks = void 0;
|
|
18665
|
+
this._vault = void 0;
|
|
18666
|
+
this._baseSecrets = void 0;
|
|
18667
|
+
this._secrets = void 0;
|
|
18668
|
+
this._spaceService = void 0;
|
|
18494
18669
|
this._serviceContext = void 0;
|
|
18495
18670
|
await this.tc.signIn(options);
|
|
18496
18671
|
this.syncResolvedHostFromAuth();
|
|
@@ -18512,7 +18687,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18512
18687
|
if (!this.auth || !this.signer) {
|
|
18513
18688
|
throw new Error("Manifest registry write requires wallet mode");
|
|
18514
18689
|
}
|
|
18515
|
-
const accountSpaceId = this.ownedSpaceId(
|
|
18690
|
+
const accountSpaceId = this.ownedSpaceId(import_sdk_core5.ACCOUNT_REGISTRY_SPACE);
|
|
18516
18691
|
await this.ensureOwnedSpaceHosted(accountSpaceId);
|
|
18517
18692
|
const accountKV = this.spaces.get(accountSpaceId).kv;
|
|
18518
18693
|
for (const record of request.registryRecords) {
|
|
@@ -18540,7 +18715,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18540
18715
|
if (!host) {
|
|
18541
18716
|
throw new Error("Owned space hosting requires a TinyCloud host");
|
|
18542
18717
|
}
|
|
18543
|
-
const activation = await (0,
|
|
18718
|
+
const activation = await (0, import_sdk_core5.activateSessionWithHost)(host, session.delegationHeader);
|
|
18544
18719
|
if (activation.success && !activation.skipped?.includes(spaceId)) {
|
|
18545
18720
|
return;
|
|
18546
18721
|
}
|
|
@@ -18554,7 +18729,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18554
18729
|
throw new Error(`Failed to create owned space: ${spaceId}`);
|
|
18555
18730
|
}
|
|
18556
18731
|
await new Promise((resolve) => setTimeout(resolve, 100));
|
|
18557
|
-
const retry = await (0,
|
|
18732
|
+
const retry = await (0, import_sdk_core5.activateSessionWithHost)(host, session.delegationHeader);
|
|
18558
18733
|
if (!retry.success || retry.skipped?.includes(spaceId)) {
|
|
18559
18734
|
throw new Error(
|
|
18560
18735
|
`Failed to activate session after creating owned space ${spaceId}: ${retry.error ?? "space was skipped"}`
|
|
@@ -18576,6 +18751,10 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18576
18751
|
this._sql = void 0;
|
|
18577
18752
|
this._duckdb = void 0;
|
|
18578
18753
|
this._hooks = void 0;
|
|
18754
|
+
this._vault = void 0;
|
|
18755
|
+
this._baseSecrets = void 0;
|
|
18756
|
+
this._secrets = void 0;
|
|
18757
|
+
this._spaceService = void 0;
|
|
18579
18758
|
this._serviceContext = void 0;
|
|
18580
18759
|
if (sessionData.address) {
|
|
18581
18760
|
this._address = sessionData.address;
|
|
@@ -18583,22 +18762,22 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18583
18762
|
if (sessionData.chainId) {
|
|
18584
18763
|
this._chainId = sessionData.chainId;
|
|
18585
18764
|
}
|
|
18586
|
-
this._serviceContext = new
|
|
18765
|
+
this._serviceContext = new import_sdk_core5.ServiceContext({
|
|
18587
18766
|
invoke: this.wasmBindings.invoke,
|
|
18588
18767
|
invokeAny: this.wasmBindings.invokeAny,
|
|
18589
18768
|
fetch: globalThis.fetch.bind(globalThis),
|
|
18590
18769
|
hosts: [this.config.host]
|
|
18591
18770
|
});
|
|
18592
|
-
this._kv = new
|
|
18771
|
+
this._kv = new import_sdk_core5.KVService({});
|
|
18593
18772
|
this._kv.initialize(this._serviceContext);
|
|
18594
18773
|
this._serviceContext.registerService("kv", this._kv);
|
|
18595
|
-
this._sql = new
|
|
18774
|
+
this._sql = new import_sdk_core5.SQLService({});
|
|
18596
18775
|
this._sql.initialize(this._serviceContext);
|
|
18597
18776
|
this._serviceContext.registerService("sql", this._sql);
|
|
18598
|
-
this._duckdb = new
|
|
18777
|
+
this._duckdb = new import_sdk_core5.DuckDbService({});
|
|
18599
18778
|
this._duckdb.initialize(this._serviceContext);
|
|
18600
18779
|
this._serviceContext.registerService("duckdb", this._duckdb);
|
|
18601
|
-
this._hooks = new
|
|
18780
|
+
this._hooks = new import_sdk_core5.HooksService({});
|
|
18602
18781
|
this._hooks.initialize(this._serviceContext);
|
|
18603
18782
|
this._serviceContext.registerService("hooks", this._hooks);
|
|
18604
18783
|
const serviceSession = {
|
|
@@ -18609,41 +18788,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18609
18788
|
jwk: sessionData.jwk
|
|
18610
18789
|
};
|
|
18611
18790
|
this._serviceContext.setSession(serviceSession);
|
|
18612
|
-
|
|
18613
|
-
const vaultCrypto = (0, import_sdk_core4.createVaultCrypto)({
|
|
18614
|
-
vault_encrypt: wasm.vault_encrypt,
|
|
18615
|
-
vault_decrypt: wasm.vault_decrypt,
|
|
18616
|
-
vault_derive_key: wasm.vault_derive_key,
|
|
18617
|
-
vault_x25519_from_seed: wasm.vault_x25519_from_seed,
|
|
18618
|
-
vault_x25519_dh: wasm.vault_x25519_dh,
|
|
18619
|
-
vault_random_bytes: wasm.vault_random_bytes,
|
|
18620
|
-
vault_sha256: wasm.vault_sha256
|
|
18621
|
-
});
|
|
18622
|
-
const self2 = this;
|
|
18623
|
-
this._vault = new import_sdk_core4.DataVaultService({
|
|
18624
|
-
spaceId: sessionData.spaceId,
|
|
18625
|
-
crypto: vaultCrypto,
|
|
18626
|
-
tc: {
|
|
18627
|
-
kv: this._kv,
|
|
18628
|
-
ensurePublicSpace: async () => {
|
|
18629
|
-
try {
|
|
18630
|
-
await self2.ensurePublicSpace();
|
|
18631
|
-
return { ok: true, data: void 0 };
|
|
18632
|
-
} catch (error) {
|
|
18633
|
-
return { ok: false, error: { code: "STORAGE_ERROR", message: error instanceof Error ? error.message : String(error), service: "vault" } };
|
|
18634
|
-
}
|
|
18635
|
-
},
|
|
18636
|
-
get publicKV() {
|
|
18637
|
-
return self2._publicKV ?? self2.tc.publicKV;
|
|
18638
|
-
},
|
|
18639
|
-
readPublicSpace: (host, spaceId, key2) => import_sdk_core4.TinyCloud.readPublicSpace(host, spaceId, key2),
|
|
18640
|
-
makePublicSpaceId: import_sdk_core4.TinyCloud.makePublicSpaceId,
|
|
18641
|
-
did: this.did,
|
|
18642
|
-
address: sessionData.address ?? this._address ?? "",
|
|
18643
|
-
chainId: sessionData.chainId ?? this._chainId,
|
|
18644
|
-
hosts: [this.config.host]
|
|
18645
|
-
}
|
|
18646
|
-
});
|
|
18791
|
+
this._vault = this.createVaultService(sessionData.spaceId, this._kv);
|
|
18647
18792
|
this._vault.initialize(this._serviceContext);
|
|
18648
18793
|
this._serviceContext.registerService("vault", this._vault);
|
|
18649
18794
|
this.initializeV2Services(serviceSession);
|
|
@@ -18704,7 +18849,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18704
18849
|
capabilityRequest: this.config.capabilityRequest,
|
|
18705
18850
|
includeAccountRegistryPermissions: this.config.includeAccountRegistryPermissions
|
|
18706
18851
|
});
|
|
18707
|
-
this.tc = new
|
|
18852
|
+
this.tc = new import_sdk_core5.TinyCloud(this.auth, {
|
|
18708
18853
|
invokeAny: this.wasmBindings.invokeAny
|
|
18709
18854
|
});
|
|
18710
18855
|
this.config.prefix = prefix;
|
|
@@ -18748,7 +18893,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18748
18893
|
capabilityRequest: this.config.capabilityRequest,
|
|
18749
18894
|
includeAccountRegistryPermissions: this.config.includeAccountRegistryPermissions
|
|
18750
18895
|
});
|
|
18751
|
-
this.tc = new
|
|
18896
|
+
this.tc = new import_sdk_core5.TinyCloud(this.auth, {
|
|
18752
18897
|
invokeAny: this.wasmBindings.invokeAny
|
|
18753
18898
|
});
|
|
18754
18899
|
this.config.prefix = prefix;
|
|
@@ -18763,27 +18908,27 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18763
18908
|
return;
|
|
18764
18909
|
}
|
|
18765
18910
|
this.tc.initializeServices(this.wasmBindings.invoke, [this.config.host]);
|
|
18766
|
-
this._serviceContext = new
|
|
18911
|
+
this._serviceContext = new import_sdk_core5.ServiceContext({
|
|
18767
18912
|
invoke: this.wasmBindings.invoke,
|
|
18768
18913
|
invokeAny: this.wasmBindings.invokeAny,
|
|
18769
18914
|
fetch: globalThis.fetch.bind(globalThis),
|
|
18770
18915
|
hosts: [this.config.host]
|
|
18771
18916
|
});
|
|
18772
|
-
this._kv = new
|
|
18917
|
+
this._kv = new import_sdk_core5.KVService({});
|
|
18773
18918
|
this._kv.initialize(this._serviceContext);
|
|
18774
18919
|
this._serviceContext.registerService("kv", this._kv);
|
|
18775
18920
|
const features = this.nodeFeatures;
|
|
18776
18921
|
if (features.length === 0 || features.includes("sql")) {
|
|
18777
|
-
this._sql = new
|
|
18922
|
+
this._sql = new import_sdk_core5.SQLService({});
|
|
18778
18923
|
this._sql.initialize(this._serviceContext);
|
|
18779
18924
|
this._serviceContext.registerService("sql", this._sql);
|
|
18780
18925
|
}
|
|
18781
18926
|
if (features.length === 0 || features.includes("duckdb")) {
|
|
18782
|
-
this._duckdb = new
|
|
18927
|
+
this._duckdb = new import_sdk_core5.DuckDbService({});
|
|
18783
18928
|
this._duckdb.initialize(this._serviceContext);
|
|
18784
18929
|
this._serviceContext.registerService("duckdb", this._duckdb);
|
|
18785
18930
|
}
|
|
18786
|
-
this._hooks = new
|
|
18931
|
+
this._hooks = new import_sdk_core5.HooksService({});
|
|
18787
18932
|
this._hooks.initialize(this._serviceContext);
|
|
18788
18933
|
this._serviceContext.registerService("hooks", this._hooks);
|
|
18789
18934
|
const serviceSession = {
|
|
@@ -18795,8 +18940,30 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18795
18940
|
};
|
|
18796
18941
|
this._serviceContext.setSession(serviceSession);
|
|
18797
18942
|
this.tc.serviceContext.setSession(serviceSession);
|
|
18943
|
+
this._vault = this.createVaultService(session.spaceId, this._kv);
|
|
18944
|
+
this._vault.initialize(this._serviceContext);
|
|
18945
|
+
this._serviceContext.registerService("vault", this._vault);
|
|
18946
|
+
this.initializeV2Services(serviceSession);
|
|
18947
|
+
}
|
|
18948
|
+
createSpaceScopedKVService(spaceId) {
|
|
18949
|
+
const kvService = new import_sdk_core5.KVService({});
|
|
18950
|
+
if (this._serviceContext) {
|
|
18951
|
+
const spaceScopedContext = new import_sdk_core5.ServiceContext({
|
|
18952
|
+
invoke: this._serviceContext.invoke,
|
|
18953
|
+
fetch: this._serviceContext.fetch,
|
|
18954
|
+
hosts: this._serviceContext.hosts
|
|
18955
|
+
});
|
|
18956
|
+
const session = this._serviceContext.session;
|
|
18957
|
+
if (session) {
|
|
18958
|
+
spaceScopedContext.setSession({ ...session, spaceId });
|
|
18959
|
+
}
|
|
18960
|
+
kvService.initialize(spaceScopedContext);
|
|
18961
|
+
}
|
|
18962
|
+
return kvService;
|
|
18963
|
+
}
|
|
18964
|
+
createVaultService(spaceId, kv) {
|
|
18798
18965
|
const wasm = this.wasmBindings;
|
|
18799
|
-
const vaultCrypto = (0,
|
|
18966
|
+
const vaultCrypto = (0, import_sdk_core5.createVaultCrypto)({
|
|
18800
18967
|
vault_encrypt: wasm.vault_encrypt,
|
|
18801
18968
|
vault_decrypt: wasm.vault_decrypt,
|
|
18802
18969
|
vault_derive_key: wasm.vault_derive_key,
|
|
@@ -18806,11 +18973,11 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18806
18973
|
vault_sha256: wasm.vault_sha256
|
|
18807
18974
|
});
|
|
18808
18975
|
const self2 = this;
|
|
18809
|
-
|
|
18810
|
-
spaceId
|
|
18976
|
+
return new import_sdk_core5.DataVaultService({
|
|
18977
|
+
spaceId,
|
|
18811
18978
|
crypto: vaultCrypto,
|
|
18812
18979
|
tc: {
|
|
18813
|
-
kv
|
|
18980
|
+
kv,
|
|
18814
18981
|
ensurePublicSpace: async () => {
|
|
18815
18982
|
try {
|
|
18816
18983
|
await self2.ensurePublicSpace();
|
|
@@ -18822,24 +18989,21 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18822
18989
|
get publicKV() {
|
|
18823
18990
|
return self2._publicKV ?? self2.tc.publicKV;
|
|
18824
18991
|
},
|
|
18825
|
-
readPublicSpace: (host,
|
|
18826
|
-
makePublicSpaceId:
|
|
18992
|
+
readPublicSpace: (host, targetSpaceId, key2) => import_sdk_core5.TinyCloud.readPublicSpace(host, targetSpaceId, key2),
|
|
18993
|
+
makePublicSpaceId: import_sdk_core5.TinyCloud.makePublicSpaceId,
|
|
18827
18994
|
did: this.did,
|
|
18828
|
-
address: this._address,
|
|
18995
|
+
address: this._address ?? "",
|
|
18829
18996
|
chainId: this._chainId,
|
|
18830
18997
|
hosts: [this.config.host]
|
|
18831
18998
|
}
|
|
18832
18999
|
});
|
|
18833
|
-
this._vault.initialize(this._serviceContext);
|
|
18834
|
-
this._serviceContext.registerService("vault", this._vault);
|
|
18835
|
-
this.initializeV2Services(serviceSession);
|
|
18836
19000
|
}
|
|
18837
19001
|
/**
|
|
18838
19002
|
* Initialize the v2 delegation system services.
|
|
18839
19003
|
* @internal
|
|
18840
19004
|
*/
|
|
18841
19005
|
initializeV2Services(serviceSession) {
|
|
18842
|
-
this._capabilityRegistry = new
|
|
19006
|
+
this._capabilityRegistry = new import_sdk_core5.CapabilityKeyRegistry();
|
|
18843
19007
|
const tcSession = this.auth?.tinyCloudSession;
|
|
18844
19008
|
if (tcSession && this._address) {
|
|
18845
19009
|
const sessionKey = {
|
|
@@ -18913,13 +19077,13 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18913
19077
|
}
|
|
18914
19078
|
this._capabilityRegistry.registerKey(sessionKey, delegations);
|
|
18915
19079
|
}
|
|
18916
|
-
this._delegationManager = new
|
|
19080
|
+
this._delegationManager = new import_sdk_core5.DelegationManager({
|
|
18917
19081
|
hosts: [this.config.host],
|
|
18918
19082
|
session: serviceSession,
|
|
18919
19083
|
invoke: this.wasmBindings.invoke,
|
|
18920
19084
|
fetch: globalThis.fetch.bind(globalThis)
|
|
18921
19085
|
});
|
|
18922
|
-
this._spaceService = new
|
|
19086
|
+
this._spaceService = new import_sdk_core5.SpaceService({
|
|
18923
19087
|
hosts: [this.config.host],
|
|
18924
19088
|
session: serviceSession,
|
|
18925
19089
|
invoke: this.wasmBindings.invoke,
|
|
@@ -18927,20 +19091,15 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18927
19091
|
capabilityRegistry: this._capabilityRegistry,
|
|
18928
19092
|
userDid: this.did,
|
|
18929
19093
|
createKVService: (spaceId) => {
|
|
18930
|
-
|
|
19094
|
+
return this.createSpaceScopedKVService(spaceId);
|
|
19095
|
+
},
|
|
19096
|
+
createVaultService: (spaceId) => {
|
|
19097
|
+
const kvService = this.createSpaceScopedKVService(spaceId);
|
|
19098
|
+
const vaultService = this.createVaultService(spaceId, kvService);
|
|
18931
19099
|
if (this._serviceContext) {
|
|
18932
|
-
|
|
18933
|
-
invoke: this._serviceContext.invoke,
|
|
18934
|
-
fetch: this._serviceContext.fetch,
|
|
18935
|
-
hosts: this._serviceContext.hosts
|
|
18936
|
-
});
|
|
18937
|
-
const session = this._serviceContext.session;
|
|
18938
|
-
if (session) {
|
|
18939
|
-
spaceScopedContext.setSession({ ...session, spaceId });
|
|
18940
|
-
}
|
|
18941
|
-
kvService.initialize(spaceScopedContext);
|
|
19100
|
+
vaultService.initialize(this._serviceContext);
|
|
18942
19101
|
}
|
|
18943
|
-
return
|
|
19102
|
+
return vaultService;
|
|
18944
19103
|
},
|
|
18945
19104
|
// Enable space.delegations.create() via SIWE-based delegation
|
|
18946
19105
|
createDelegation: async (params) => {
|
|
@@ -19081,7 +19240,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19081
19240
|
...prepared,
|
|
19082
19241
|
signature: signature2
|
|
19083
19242
|
});
|
|
19084
|
-
const activateResult = await (0,
|
|
19243
|
+
const activateResult = await (0, import_sdk_core5.activateSessionWithHost)(
|
|
19085
19244
|
host,
|
|
19086
19245
|
delegationSession.delegationHeader
|
|
19087
19246
|
);
|
|
@@ -19148,7 +19307,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19148
19307
|
if (!this._sql) {
|
|
19149
19308
|
const features = this.nodeFeatures;
|
|
19150
19309
|
if (features.length > 0 && !features.includes("sql")) {
|
|
19151
|
-
throw new
|
|
19310
|
+
throw new import_sdk_core5.UnsupportedFeatureError("sql", this.config.host, features);
|
|
19152
19311
|
}
|
|
19153
19312
|
throw new Error("Not signed in. Call signIn() first.");
|
|
19154
19313
|
}
|
|
@@ -19161,7 +19320,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19161
19320
|
if (!this._duckdb) {
|
|
19162
19321
|
const features = this.nodeFeatures;
|
|
19163
19322
|
if (features.length > 0 && !features.includes("duckdb")) {
|
|
19164
|
-
throw new
|
|
19323
|
+
throw new import_sdk_core5.UnsupportedFeatureError("duckdb", this.config.host, features);
|
|
19165
19324
|
}
|
|
19166
19325
|
throw new Error("Not signed in. Call signIn() first.");
|
|
19167
19326
|
}
|
|
@@ -19177,6 +19336,33 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19177
19336
|
}
|
|
19178
19337
|
return this._vault;
|
|
19179
19338
|
}
|
|
19339
|
+
/**
|
|
19340
|
+
* App-facing secrets API backed by the `secrets` space vault.
|
|
19341
|
+
*/
|
|
19342
|
+
get secrets() {
|
|
19343
|
+
if (!this._spaceService) {
|
|
19344
|
+
throw new Error("Not signed in. Call signIn() first.");
|
|
19345
|
+
}
|
|
19346
|
+
if (!this._secrets) {
|
|
19347
|
+
this._secrets = new NodeSecretsService({
|
|
19348
|
+
getService: () => this.getBaseSecrets(),
|
|
19349
|
+
getManifest: () => this.manifest,
|
|
19350
|
+
setManifest: (manifest) => this.setManifest(manifest),
|
|
19351
|
+
signIn: () => this.signIn(),
|
|
19352
|
+
canEscalate: () => this.signer !== void 0 && this.tc !== void 0
|
|
19353
|
+
});
|
|
19354
|
+
}
|
|
19355
|
+
return this._secrets;
|
|
19356
|
+
}
|
|
19357
|
+
getBaseSecrets() {
|
|
19358
|
+
if (!this._spaceService) {
|
|
19359
|
+
throw new Error("Not signed in. Call signIn() first.");
|
|
19360
|
+
}
|
|
19361
|
+
if (!this._baseSecrets) {
|
|
19362
|
+
this._baseSecrets = new import_sdk_core5.SecretsService(() => this.space("secrets").vault);
|
|
19363
|
+
}
|
|
19364
|
+
return this._baseSecrets;
|
|
19365
|
+
}
|
|
19180
19366
|
/**
|
|
19181
19367
|
* Hooks write stream subscription API.
|
|
19182
19368
|
*/
|
|
@@ -19315,6 +19501,12 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19315
19501
|
get spaceService() {
|
|
19316
19502
|
return this.spaces;
|
|
19317
19503
|
}
|
|
19504
|
+
/**
|
|
19505
|
+
* Get a Space object by short name or full URI.
|
|
19506
|
+
*/
|
|
19507
|
+
space(nameOrUri) {
|
|
19508
|
+
return this.spaces.get(nameOrUri);
|
|
19509
|
+
}
|
|
19318
19510
|
/**
|
|
19319
19511
|
* Get the SharingService for creating and receiving v2 sharing links.
|
|
19320
19512
|
*
|
|
@@ -19400,7 +19592,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19400
19592
|
...prepared,
|
|
19401
19593
|
signature: signature2
|
|
19402
19594
|
});
|
|
19403
|
-
const activateResult = await (0,
|
|
19595
|
+
const activateResult = await (0, import_sdk_core5.activateSessionWithHost)(
|
|
19404
19596
|
this.config.host,
|
|
19405
19597
|
delegationSession.delegationHeader
|
|
19406
19598
|
);
|
|
@@ -19427,8 +19619,8 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19427
19619
|
}]);
|
|
19428
19620
|
}
|
|
19429
19621
|
if (this._serviceContext) {
|
|
19430
|
-
const publicKV = new
|
|
19431
|
-
const publicContext = new
|
|
19622
|
+
const publicKV = new import_sdk_core5.KVService({ prefix: "" });
|
|
19623
|
+
const publicContext = new import_sdk_core5.ServiceContext({
|
|
19432
19624
|
invoke: this.wasmBindings.invoke,
|
|
19433
19625
|
fetch: this._serviceContext.fetch,
|
|
19434
19626
|
hosts: this._serviceContext.hosts
|
|
@@ -19553,14 +19745,14 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19553
19745
|
async delegateTo(did, permissions, options) {
|
|
19554
19746
|
const session = this.auth?.tinyCloudSession;
|
|
19555
19747
|
if (!session) {
|
|
19556
|
-
throw new
|
|
19748
|
+
throw new import_sdk_core5.SessionExpiredError(/* @__PURE__ */ new Date(0));
|
|
19557
19749
|
}
|
|
19558
19750
|
const sessionExpiry = extractSiweExpiration(session.siwe);
|
|
19559
19751
|
if (sessionExpiry !== void 0) {
|
|
19560
19752
|
const now2 = Date.now();
|
|
19561
19753
|
const marginMs = _TinyCloudNode.SESSION_EXPIRY_SAFETY_MARGIN_MS;
|
|
19562
19754
|
if (sessionExpiry.getTime() <= now2 + marginMs) {
|
|
19563
|
-
throw new
|
|
19755
|
+
throw new import_sdk_core5.SessionExpiredError(sessionExpiry);
|
|
19564
19756
|
}
|
|
19565
19757
|
}
|
|
19566
19758
|
if (!Array.isArray(permissions) || permissions.length === 0) {
|
|
@@ -19570,7 +19762,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19570
19762
|
}
|
|
19571
19763
|
const expandedEntries = permissions.map((entry) => ({
|
|
19572
19764
|
...entry,
|
|
19573
|
-
actions: (0,
|
|
19765
|
+
actions: (0, import_sdk_core5.expandActionShortNames)(entry.service, entry.actions)
|
|
19574
19766
|
}));
|
|
19575
19767
|
const now = /* @__PURE__ */ new Date();
|
|
19576
19768
|
const expiryMs = resolveExpiryMs(options?.expiry);
|
|
@@ -19592,13 +19784,13 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19592
19784
|
);
|
|
19593
19785
|
return { delegation: delegation2, prompted: true };
|
|
19594
19786
|
}
|
|
19595
|
-
const granted = (0,
|
|
19787
|
+
const granted = (0, import_sdk_core5.parseRecapCapabilities)(
|
|
19596
19788
|
(siwe) => this.wasmBindings.parseRecapFromSiwe(siwe),
|
|
19597
19789
|
session.siwe
|
|
19598
19790
|
);
|
|
19599
|
-
const { subset, missing } = (0,
|
|
19791
|
+
const { subset, missing } = (0, import_sdk_core5.isCapabilitySubset)(expandedEntries, granted);
|
|
19600
19792
|
if (!subset) {
|
|
19601
|
-
throw new
|
|
19793
|
+
throw new import_sdk_core5.PermissionNotInManifestError(missing, granted);
|
|
19602
19794
|
}
|
|
19603
19795
|
const delegation = await this.createDelegationViaWasmPath(
|
|
19604
19796
|
did,
|
|
@@ -19678,7 +19870,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19678
19870
|
const spaceId = [...resolvedSpaces][0];
|
|
19679
19871
|
const abilities = {};
|
|
19680
19872
|
for (const entry of entries) {
|
|
19681
|
-
const shortService =
|
|
19873
|
+
const shortService = import_sdk_core5.SERVICE_LONG_TO_SHORT[entry.service];
|
|
19682
19874
|
if (shortService === void 0) {
|
|
19683
19875
|
throw new Error(
|
|
19684
19876
|
`delegateTo: unknown service '${entry.service}' \u2014 no short-form mapping`
|
|
@@ -19718,7 +19910,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19718
19910
|
});
|
|
19719
19911
|
const primary = result.resources[0];
|
|
19720
19912
|
const delegationHeader = { Authorization: result.delegation };
|
|
19721
|
-
const activateResult = await (0,
|
|
19913
|
+
const activateResult = await (0, import_sdk_core5.activateSessionWithHost)(
|
|
19722
19914
|
this.config.host,
|
|
19723
19915
|
delegationHeader
|
|
19724
19916
|
);
|
|
@@ -19814,7 +20006,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19814
20006
|
);
|
|
19815
20007
|
return result.delegation;
|
|
19816
20008
|
} catch (err) {
|
|
19817
|
-
if (err instanceof
|
|
20009
|
+
if (err instanceof import_sdk_core5.PermissionNotInManifestError) {
|
|
19818
20010
|
} else {
|
|
19819
20011
|
throw err;
|
|
19820
20012
|
}
|
|
@@ -19871,7 +20063,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19871
20063
|
...prepared,
|
|
19872
20064
|
signature: signature2
|
|
19873
20065
|
});
|
|
19874
|
-
const activateResult = await (0,
|
|
20066
|
+
const activateResult = await (0, import_sdk_core5.activateSessionWithHost)(
|
|
19875
20067
|
this.config.host,
|
|
19876
20068
|
delegationSession.delegationHeader
|
|
19877
20069
|
);
|
|
@@ -19893,7 +20085,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19893
20085
|
};
|
|
19894
20086
|
const hasKvActions = params.actions.some((a) => a.startsWith("tinycloud.kv/"));
|
|
19895
20087
|
if (hasKvActions && params.includePublicSpace !== false) {
|
|
19896
|
-
const publicSpaceId = (0,
|
|
20088
|
+
const publicSpaceId = (0, import_sdk_core5.makePublicSpaceId)(
|
|
19897
20089
|
this.wasmBindings.ensureEip55(session.address),
|
|
19898
20090
|
session.chainId
|
|
19899
20091
|
);
|
|
@@ -19916,7 +20108,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19916
20108
|
...publicPrepared,
|
|
19917
20109
|
signature: publicSignature
|
|
19918
20110
|
});
|
|
19919
|
-
const publicActivateResult = await (0,
|
|
20111
|
+
const publicActivateResult = await (0, import_sdk_core5.activateSessionWithHost)(
|
|
19920
20112
|
this.config.host,
|
|
19921
20113
|
publicSession.delegationHeader
|
|
19922
20114
|
);
|
|
@@ -20015,7 +20207,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
20015
20207
|
...prepared,
|
|
20016
20208
|
signature: signature2
|
|
20017
20209
|
});
|
|
20018
|
-
const activateResult = await (0,
|
|
20210
|
+
const activateResult = await (0, import_sdk_core5.activateSessionWithHost)(
|
|
20019
20211
|
targetHost,
|
|
20020
20212
|
invokerSession.delegationHeader
|
|
20021
20213
|
);
|
|
@@ -20104,7 +20296,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
20104
20296
|
...prepared,
|
|
20105
20297
|
signature: signature2
|
|
20106
20298
|
});
|
|
20107
|
-
const activateResult = await (0,
|
|
20299
|
+
const activateResult = await (0, import_sdk_core5.activateSessionWithHost)(
|
|
20108
20300
|
targetHost,
|
|
20109
20301
|
subDelegationSession.delegationHeader
|
|
20110
20302
|
);
|
|
@@ -20146,11 +20338,11 @@ TinyCloudNode.registerNodeDefaults({
|
|
|
20146
20338
|
});
|
|
20147
20339
|
|
|
20148
20340
|
// src/index.ts
|
|
20149
|
-
var import_sdk_core6 = require("@tinycloud/sdk-core");
|
|
20150
20341
|
var import_sdk_core7 = require("@tinycloud/sdk-core");
|
|
20342
|
+
var import_sdk_core8 = require("@tinycloud/sdk-core");
|
|
20151
20343
|
|
|
20152
20344
|
// src/storage/FileSessionStorage.ts
|
|
20153
|
-
var
|
|
20345
|
+
var import_sdk_core6 = require("@tinycloud/sdk-core");
|
|
20154
20346
|
var import_fs = require("fs");
|
|
20155
20347
|
var import_path = require("path");
|
|
20156
20348
|
var FileSessionStorage = class {
|
|
@@ -20205,7 +20397,7 @@ var FileSessionStorage = class {
|
|
|
20205
20397
|
try {
|
|
20206
20398
|
const data = (0, import_fs.readFileSync)(filePath, "utf-8");
|
|
20207
20399
|
const parsed = JSON.parse(data);
|
|
20208
|
-
const validation = (0,
|
|
20400
|
+
const validation = (0, import_sdk_core6.validatePersistedSessionData)(parsed);
|
|
20209
20401
|
if (!validation.ok) {
|
|
20210
20402
|
console.warn(`Invalid session data for ${address}:`, validation.error.message);
|
|
20211
20403
|
(0, import_fs.unlinkSync)(filePath);
|
|
@@ -20270,7 +20462,7 @@ var FileSessionStorage = class {
|
|
|
20270
20462
|
};
|
|
20271
20463
|
|
|
20272
20464
|
// src/index.ts
|
|
20273
|
-
var
|
|
20465
|
+
var import_sdk_core9 = require("@tinycloud/sdk-core");
|
|
20274
20466
|
|
|
20275
20467
|
// src/delegation.ts
|
|
20276
20468
|
function serializeDelegation(delegation) {
|
|
@@ -20289,7 +20481,6 @@ function deserializeDelegation(data) {
|
|
|
20289
20481
|
}
|
|
20290
20482
|
|
|
20291
20483
|
// src/index.ts
|
|
20292
|
-
var import_sdk_core9 = require("@tinycloud/sdk-core");
|
|
20293
20484
|
var import_sdk_core10 = require("@tinycloud/sdk-core");
|
|
20294
20485
|
var import_sdk_core11 = require("@tinycloud/sdk-core");
|
|
20295
20486
|
var import_sdk_core12 = require("@tinycloud/sdk-core");
|
|
@@ -20299,6 +20490,7 @@ var import_sdk_core15 = require("@tinycloud/sdk-core");
|
|
|
20299
20490
|
var import_sdk_core16 = require("@tinycloud/sdk-core");
|
|
20300
20491
|
var import_sdk_core17 = require("@tinycloud/sdk-core");
|
|
20301
20492
|
var import_sdk_core18 = require("@tinycloud/sdk-core");
|
|
20493
|
+
var import_sdk_core19 = require("@tinycloud/sdk-core");
|
|
20302
20494
|
// Annotate the CommonJS export names for ESM import in node:
|
|
20303
20495
|
0 && (module.exports = {
|
|
20304
20496
|
ACCOUNT_REGISTRY_PATH,
|
|
@@ -20329,6 +20521,7 @@ var import_sdk_core18 = require("@tinycloud/sdk-core");
|
|
|
20329
20521
|
ProtocolMismatchError,
|
|
20330
20522
|
SQLAction,
|
|
20331
20523
|
SQLService,
|
|
20524
|
+
SecretsService,
|
|
20332
20525
|
ServiceContext,
|
|
20333
20526
|
SessionExpiredError,
|
|
20334
20527
|
SharingService,
|