npm - @tinycloud/node-sdk - Versions diffs - 2.2.0-beta.6 → 2.2.0-beta.8 - Mend

@tinycloud/node-sdk 2.2.0-beta.6 → 2.2.0-beta.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/{core-DdMPUB5s.d.cts → core-DcJ27GsA.d.cts} +71 -4
package/dist/{core-DdMPUB5s.d.ts → core-DcJ27GsA.d.ts} +71 -4
package/dist/core.cjs +794 -168
package/dist/core.cjs.map +1 -1
package/dist/core.d.cts +2 -2
package/dist/core.d.ts +2 -2
package/dist/core.js +700 -71
package/dist/core.js.map +1 -1
package/dist/index.cjs +797 -171
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +2 -2
package/dist/index.d.ts +2 -2
package/dist/index.js +701 -71
package/dist/index.js.map +1 -1
package/package.json +2 -2

package/dist/{core-DdMPUB5s.d.cts → core-DcJ27GsA.d.cts} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, Manifest, ComposedManifestRequest, ClientSession, TinyCloudSession, Extension, SignInOptions, Delegation, DelegatedResource, IKVService, ISQLService, IDuckDbService, IHooksService, INotificationHandler, IENSResolver, IDataVaultService, ICapabilityKeyRegistry, DelegationManager, ISpaceService, ISharingService, CreateDelegationParams, DelegationResult, PermissionEntry, ResolvedDelegate, KeyProvider, ISessionManager, JWK } from '@tinycloud/sdk-core';
+import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, Manifest, ComposedManifestRequest, ClientSession, TinyCloudSession, Extension, SignInOptions, Delegation, DelegatedResource, IKVService, ISQLService, IDuckDbService, IHooksService, INotificationHandler, IENSResolver, IDataVaultService, ISecretsService, ICapabilityKeyRegistry, PermissionEntry, DelegationManager, ISpaceService, ISpace, ISharingService, CreateDelegationParams, DelegationResult, ResolvedDelegate, KeyProvider, ISessionManager, JWK } from '@tinycloud/sdk-core';
 import { EventEmitter } from 'events';
 import { InvokeFunction } from '@tinycloud/sdk-services';
@@ -739,6 +739,13 @@ interface DelegateToResult {
     delegation: PortableDelegation;
     prompted: boolean;
 }
+/**
+ * Options for runtime permission escalation.
+ */
+interface RuntimePermissionGrantOptions {
+    /** Override expiry. ms-format string ("7d", "1h") or raw milliseconds. */
+    expiry?: string | number;
+}
 /**
  * High-level TinyCloud API for Node.js environments.
  *
@@ -770,6 +777,8 @@ declare class TinyCloudNode {
     private _duckdb?;
     private _hooks?;
     private _vault?;
+    private _baseSecrets?;
+    private _secrets?;
     /** Cached public KV with proper delegation (set by ensurePublicSpace) */
     private _publicKV?;
     /** Session key ID - always available */
@@ -783,9 +792,12 @@ declare class TinyCloudNode {
     private _sharingService;
     private _delegationManager?;
     private _spaceService?;
+    private runtimePermissionGrants;
     private get nodeFeatures();
     /** SIWE domain — uses config override or defaults to app.tinycloud.xyz */
     private get siweDomain();
+    private readonly invokeWithRuntimePermissions;
+    private readonly invokeAnyWithRuntimePermissions;
     /**
      * Create a new TinyCloudNode instance.
      *
@@ -949,6 +961,8 @@ declare class TinyCloudNode {
      * @internal
      */
     private initializeServices;
+    private createSpaceScopedKVService;
+    private createVaultService;
     /**
      * Initialize the v2 delegation system services.
      * @internal
@@ -1006,6 +1020,11 @@ declare class TinyCloudNode {
      * Call `vault.unlock(signer)` after signIn() to derive encryption keys.
      */
     get vault(): IDataVaultService;
+    /**
+     * App-facing secrets API backed by the `secrets` space vault.
+     */
+    get secrets(): ISecretsService;
+    private getBaseSecrets;
     /**
      * Hooks write stream subscription API.
      */
@@ -1052,6 +1071,28 @@ declare class TinyCloudNode {
         /** Get a delegation by CID */
         get: (cid: string) => Delegation | undefined;
     };
+    /**
+     * Check whether the current session or an approved runtime delegation covers
+     * every requested permission.
+     */
+    hasRuntimePermissions(permissions: PermissionEntry[]): boolean;
+    /**
+     * Return installed runtime permission delegations. When `permissions` is
+     * provided, only delegations currently covering those permissions are
+     * returned. Base-session manifest permissions are not represented here.
+     */
+    getRuntimePermissionDelegations(permissions?: PermissionEntry[]): PortableDelegation[];
+    /**
+     * Install a portable runtime permission delegation into this SDK instance so
+     * matching service calls and downstream `delegateTo()` calls can use it.
+     */
+    useRuntimeDelegation(delegation: PortableDelegation): Promise<void>;
+    /**
+     * Store additional permissions as narrow delegations to the current session
+     * key. Future service invocations automatically use a stored delegation when
+     * its `(space, service, path, action)` covers the request.
+     */
+    grantRuntimePermissions(permissions: PermissionEntry[], options?: RuntimePermissionGrantOptions): Promise<PortableDelegation[]>;
     /**
      * Get the DelegationManager for delegation CRUD operations.
      *
@@ -1108,6 +1149,10 @@ declare class TinyCloudNode {
      * @see spaces
      */
     get spaceService(): ISpaceService;
+    /**
+     * Get a Space object by short name or full URI.
+     */
+    space(nameOrUri: string): ISpace;
     /**
      * Get the SharingService for creating and receiving v2 sharing links.
      *
@@ -1213,8 +1258,9 @@ declare class TinyCloudNode {
      * Issue a delegation using the capability-chain flow.
      *
      * When every requested permission is a subset of the current
-     * session's recap, the delegation is signed by the session key via
-     * WASM — no wallet prompt. When at least one is NOT derivable, a
+     * session's recap, or of one installed runtime permission delegation,
+     * the delegation is signed by the session key via WASM — no wallet
+     * prompt. When at least one is NOT derivable, a
      * {@link PermissionNotInManifestError} is raised (carrying the
      * missing entries) so the caller can trigger an escalation flow
      * (e.g. `TinyCloudWeb.requestPermissions`). Passing
@@ -1278,7 +1324,28 @@ declare class TinyCloudNode {
      * @internal
      */
     private createDelegationViaWasmPath;
+    private createDelegationViaRuntimeGrant;
     private resolvePermissionSpace;
+    private expandPermissionEntries;
+    private shortServiceName;
+    private permissionsToAbilities;
+    private permissionOperations;
+    private sessionCoversPermissionEntries;
+    private permissionEntriesToOperations;
+    private findRuntimeGrantsForPermissionEntries;
+    private runtimeDelegationFromSession;
+    private runtimeGrantFromDelegation;
+    private delegatedResourcesForEntries;
+    private operationsFromDelegation;
+    private flatDelegationResources;
+    private selectInvocationSession;
+    private findGrantForOperations;
+    private findGrantForOperation;
+    private pruneExpiredRuntimePermissionGrants;
+    private operationCovers;
+    private actionContains;
+    private invocationServiceName;
+    private pathContains;
     /**
      * Issue a delegation via the legacy wallet-signed SIWE path for a single
      * {@link PermissionEntry}. Shares the implementation with the public
@@ -1468,4 +1535,4 @@ declare class WasmKeyProvider implements KeyProvider {
  */
 declare function createWasmKeyProvider(sessionManager: SessionManagerWithListing): WasmKeyProvider;
-export { type DelegateToOptions as D, FileSessionStorage as F, MemorySessionStorage as M, type NodeEventEmitterStrategy as N, type PortableDelegation as P, type RestorableSession as R, type SignStrategy as S, TinyCloudNode as T, WasmKeyProvider as W, type DelegateToResult as a, DelegatedAccess as b, NodeUserAuthorization as c, type NodeUserAuthorizationConfig as d, type TinyCloudNodeConfig as e, type WasmKeyProviderConfig as f, createWasmKeyProvider as g, defaultSignStrategy as h, deserializeDelegation as i, serializeDelegation as s };
+export { type DelegateToOptions as D, FileSessionStorage as F, MemorySessionStorage as M, type NodeEventEmitterStrategy as N, type PortableDelegation as P, type RestorableSession as R, type SignStrategy as S, TinyCloudNode as T, WasmKeyProvider as W, type DelegateToResult as a, DelegatedAccess as b, NodeUserAuthorization as c, type NodeUserAuthorizationConfig as d, type RuntimePermissionGrantOptions as e, type TinyCloudNodeConfig as f, type WasmKeyProviderConfig as g, createWasmKeyProvider as h, defaultSignStrategy as i, deserializeDelegation as j, serializeDelegation as s };

package/dist/{core-DdMPUB5s.d.ts → core-DcJ27GsA.d.ts} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, Manifest, ComposedManifestRequest, ClientSession, TinyCloudSession, Extension, SignInOptions, Delegation, DelegatedResource, IKVService, ISQLService, IDuckDbService, IHooksService, INotificationHandler, IENSResolver, IDataVaultService, ICapabilityKeyRegistry, DelegationManager, ISpaceService, ISharingService, CreateDelegationParams, DelegationResult, PermissionEntry, ResolvedDelegate, KeyProvider, ISessionManager, JWK } from '@tinycloud/sdk-core';
+import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, Manifest, ComposedManifestRequest, ClientSession, TinyCloudSession, Extension, SignInOptions, Delegation, DelegatedResource, IKVService, ISQLService, IDuckDbService, IHooksService, INotificationHandler, IENSResolver, IDataVaultService, ISecretsService, ICapabilityKeyRegistry, PermissionEntry, DelegationManager, ISpaceService, ISpace, ISharingService, CreateDelegationParams, DelegationResult, ResolvedDelegate, KeyProvider, ISessionManager, JWK } from '@tinycloud/sdk-core';
 import { EventEmitter } from 'events';
 import { InvokeFunction } from '@tinycloud/sdk-services';
@@ -739,6 +739,13 @@ interface DelegateToResult {
     delegation: PortableDelegation;
     prompted: boolean;
 }
+/**
+ * Options for runtime permission escalation.
+ */
+interface RuntimePermissionGrantOptions {
+    /** Override expiry. ms-format string ("7d", "1h") or raw milliseconds. */
+    expiry?: string | number;
+}
 /**
  * High-level TinyCloud API for Node.js environments.
  *
@@ -770,6 +777,8 @@ declare class TinyCloudNode {
     private _duckdb?;
     private _hooks?;
     private _vault?;
+    private _baseSecrets?;
+    private _secrets?;
     /** Cached public KV with proper delegation (set by ensurePublicSpace) */
     private _publicKV?;
     /** Session key ID - always available */
@@ -783,9 +792,12 @@ declare class TinyCloudNode {
     private _sharingService;
     private _delegationManager?;
     private _spaceService?;
+    private runtimePermissionGrants;
     private get nodeFeatures();
     /** SIWE domain — uses config override or defaults to app.tinycloud.xyz */
     private get siweDomain();
+    private readonly invokeWithRuntimePermissions;
+    private readonly invokeAnyWithRuntimePermissions;
     /**
      * Create a new TinyCloudNode instance.
      *
@@ -949,6 +961,8 @@ declare class TinyCloudNode {
      * @internal
      */
     private initializeServices;
+    private createSpaceScopedKVService;
+    private createVaultService;
     /**
      * Initialize the v2 delegation system services.
      * @internal
@@ -1006,6 +1020,11 @@ declare class TinyCloudNode {
      * Call `vault.unlock(signer)` after signIn() to derive encryption keys.
      */
     get vault(): IDataVaultService;
+    /**
+     * App-facing secrets API backed by the `secrets` space vault.
+     */
+    get secrets(): ISecretsService;
+    private getBaseSecrets;
     /**
      * Hooks write stream subscription API.
      */
@@ -1052,6 +1071,28 @@ declare class TinyCloudNode {
         /** Get a delegation by CID */
         get: (cid: string) => Delegation | undefined;
     };
+    /**
+     * Check whether the current session or an approved runtime delegation covers
+     * every requested permission.
+     */
+    hasRuntimePermissions(permissions: PermissionEntry[]): boolean;
+    /**
+     * Return installed runtime permission delegations. When `permissions` is
+     * provided, only delegations currently covering those permissions are
+     * returned. Base-session manifest permissions are not represented here.
+     */
+    getRuntimePermissionDelegations(permissions?: PermissionEntry[]): PortableDelegation[];
+    /**
+     * Install a portable runtime permission delegation into this SDK instance so
+     * matching service calls and downstream `delegateTo()` calls can use it.
+     */
+    useRuntimeDelegation(delegation: PortableDelegation): Promise<void>;
+    /**
+     * Store additional permissions as narrow delegations to the current session
+     * key. Future service invocations automatically use a stored delegation when
+     * its `(space, service, path, action)` covers the request.
+     */
+    grantRuntimePermissions(permissions: PermissionEntry[], options?: RuntimePermissionGrantOptions): Promise<PortableDelegation[]>;
     /**
      * Get the DelegationManager for delegation CRUD operations.
      *
@@ -1108,6 +1149,10 @@ declare class TinyCloudNode {
      * @see spaces
      */
     get spaceService(): ISpaceService;
+    /**
+     * Get a Space object by short name or full URI.
+     */
+    space(nameOrUri: string): ISpace;
     /**
      * Get the SharingService for creating and receiving v2 sharing links.
      *
@@ -1213,8 +1258,9 @@ declare class TinyCloudNode {
      * Issue a delegation using the capability-chain flow.
      *
      * When every requested permission is a subset of the current
-     * session's recap, the delegation is signed by the session key via
-     * WASM — no wallet prompt. When at least one is NOT derivable, a
+     * session's recap, or of one installed runtime permission delegation,
+     * the delegation is signed by the session key via WASM — no wallet
+     * prompt. When at least one is NOT derivable, a
      * {@link PermissionNotInManifestError} is raised (carrying the
      * missing entries) so the caller can trigger an escalation flow
      * (e.g. `TinyCloudWeb.requestPermissions`). Passing
@@ -1278,7 +1324,28 @@ declare class TinyCloudNode {
      * @internal
      */
     private createDelegationViaWasmPath;
+    private createDelegationViaRuntimeGrant;
     private resolvePermissionSpace;
+    private expandPermissionEntries;
+    private shortServiceName;
+    private permissionsToAbilities;
+    private permissionOperations;
+    private sessionCoversPermissionEntries;
+    private permissionEntriesToOperations;
+    private findRuntimeGrantsForPermissionEntries;
+    private runtimeDelegationFromSession;
+    private runtimeGrantFromDelegation;
+    private delegatedResourcesForEntries;
+    private operationsFromDelegation;
+    private flatDelegationResources;
+    private selectInvocationSession;
+    private findGrantForOperations;
+    private findGrantForOperation;
+    private pruneExpiredRuntimePermissionGrants;
+    private operationCovers;
+    private actionContains;
+    private invocationServiceName;
+    private pathContains;
     /**
      * Issue a delegation via the legacy wallet-signed SIWE path for a single
      * {@link PermissionEntry}. Shares the implementation with the public
@@ -1468,4 +1535,4 @@ declare class WasmKeyProvider implements KeyProvider {
  */
 declare function createWasmKeyProvider(sessionManager: SessionManagerWithListing): WasmKeyProvider;
-export { type DelegateToOptions as D, FileSessionStorage as F, MemorySessionStorage as M, type NodeEventEmitterStrategy as N, type PortableDelegation as P, type RestorableSession as R, type SignStrategy as S, TinyCloudNode as T, WasmKeyProvider as W, type DelegateToResult as a, DelegatedAccess as b, NodeUserAuthorization as c, type NodeUserAuthorizationConfig as d, type TinyCloudNodeConfig as e, type WasmKeyProviderConfig as f, createWasmKeyProvider as g, defaultSignStrategy as h, deserializeDelegation as i, serializeDelegation as s };
+export { type DelegateToOptions as D, FileSessionStorage as F, MemorySessionStorage as M, type NodeEventEmitterStrategy as N, type PortableDelegation as P, type RestorableSession as R, type SignStrategy as S, TinyCloudNode as T, WasmKeyProvider as W, type DelegateToResult as a, DelegatedAccess as b, NodeUserAuthorization as c, type NodeUserAuthorizationConfig as d, type RuntimePermissionGrantOptions as e, type TinyCloudNodeConfig as f, type WasmKeyProviderConfig as g, createWasmKeyProvider as h, defaultSignStrategy as i, deserializeDelegation as j, serializeDelegation as s };