@tinycloud/node-sdk 2.2.0-beta.7 → 2.2.0-beta.8

package/dist/{core-C3s0bgRe.d.cts → core-DcJ27GsA.d.cts}

@@ -1,4 +1,4 @@
-import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, Manifest, ComposedManifestRequest, ClientSession, TinyCloudSession, Extension, SignInOptions, Delegation, DelegatedResource, IKVService, ISQLService, IDuckDbService, IHooksService, INotificationHandler, IENSResolver, IDataVaultService, ISecretsService, ICapabilityKeyRegistry, DelegationManager, ISpaceService, ISpace, ISharingService, CreateDelegationParams, DelegationResult, PermissionEntry, ResolvedDelegate, KeyProvider, ISessionManager, JWK } from '@tinycloud/sdk-core';
+import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, Manifest, ComposedManifestRequest, ClientSession, TinyCloudSession, Extension, SignInOptions, Delegation, DelegatedResource, IKVService, ISQLService, IDuckDbService, IHooksService, INotificationHandler, IENSResolver, IDataVaultService, ISecretsService, ICapabilityKeyRegistry, PermissionEntry, DelegationManager, ISpaceService, ISpace, ISharingService, CreateDelegationParams, DelegationResult, ResolvedDelegate, KeyProvider, ISessionManager, JWK } from '@tinycloud/sdk-core';
 import { EventEmitter } from 'events';
 import { InvokeFunction } from '@tinycloud/sdk-services';
 
@@ -739,6 +739,13 @@ interface DelegateToResult {
     delegation: PortableDelegation;
     prompted: boolean;
 }
+/**
+ * Options for runtime permission escalation.
+ */
+interface RuntimePermissionGrantOptions {
+    /** Override expiry. ms-format string ("7d", "1h") or raw milliseconds. */
+    expiry?: string | number;
+}
 /**
  * High-level TinyCloud API for Node.js environments.
  *
@@ -785,9 +792,12 @@ declare class TinyCloudNode {
     private _sharingService;
     private _delegationManager?;
     private _spaceService?;
+    private runtimePermissionGrants;
     private get nodeFeatures();
     /** SIWE domain — uses config override or defaults to app.tinycloud.xyz */
     private get siweDomain();
+    private readonly invokeWithRuntimePermissions;
+    private readonly invokeAnyWithRuntimePermissions;
     /**
      * Create a new TinyCloudNode instance.
      *
@@ -1061,6 +1071,28 @@ declare class TinyCloudNode {
         /** Get a delegation by CID */
         get: (cid: string) => Delegation | undefined;
     };
+    /**
+     * Check whether the current session or an approved runtime delegation covers
+     * every requested permission.
+     */
+    hasRuntimePermissions(permissions: PermissionEntry[]): boolean;
+    /**
+     * Return installed runtime permission delegations. When `permissions` is
+     * provided, only delegations currently covering those permissions are
+     * returned. Base-session manifest permissions are not represented here.
+     */
+    getRuntimePermissionDelegations(permissions?: PermissionEntry[]): PortableDelegation[];
+    /**
+     * Install a portable runtime permission delegation into this SDK instance so
+     * matching service calls and downstream `delegateTo()` calls can use it.
+     */
+    useRuntimeDelegation(delegation: PortableDelegation): Promise<void>;
+    /**
+     * Store additional permissions as narrow delegations to the current session
+     * key. Future service invocations automatically use a stored delegation when
+     * its `(space, service, path, action)` covers the request.
+     */
+    grantRuntimePermissions(permissions: PermissionEntry[], options?: RuntimePermissionGrantOptions): Promise<PortableDelegation[]>;
     /**
      * Get the DelegationManager for delegation CRUD operations.
      *
@@ -1226,8 +1258,9 @@ declare class TinyCloudNode {
      * Issue a delegation using the capability-chain flow.
      *
      * When every requested permission is a subset of the current
-     * session's recap, the delegation is signed by the session key via
-     * WASM — no wallet prompt. When at least one is NOT derivable, a
+     * session's recap, or of one installed runtime permission delegation,
+     * the delegation is signed by the session key via WASM — no wallet
+     * prompt. When at least one is NOT derivable, a
      * {@link PermissionNotInManifestError} is raised (carrying the
      * missing entries) so the caller can trigger an escalation flow
      * (e.g. `TinyCloudWeb.requestPermissions`). Passing
@@ -1291,7 +1324,28 @@ declare class TinyCloudNode {
      * @internal
      */
     private createDelegationViaWasmPath;
+    private createDelegationViaRuntimeGrant;
     private resolvePermissionSpace;
+    private expandPermissionEntries;
+    private shortServiceName;
+    private permissionsToAbilities;
+    private permissionOperations;
+    private sessionCoversPermissionEntries;
+    private permissionEntriesToOperations;
+    private findRuntimeGrantsForPermissionEntries;
+    private runtimeDelegationFromSession;
+    private runtimeGrantFromDelegation;
+    private delegatedResourcesForEntries;
+    private operationsFromDelegation;
+    private flatDelegationResources;
+    private selectInvocationSession;
+    private findGrantForOperations;
+    private findGrantForOperation;
+    private pruneExpiredRuntimePermissionGrants;
+    private operationCovers;
+    private actionContains;
+    private invocationServiceName;
+    private pathContains;
     /**
      * Issue a delegation via the legacy wallet-signed SIWE path for a single
      * {@link PermissionEntry}. Shares the implementation with the public
@@ -1481,4 +1535,4 @@ declare class WasmKeyProvider implements KeyProvider {
  */
 declare function createWasmKeyProvider(sessionManager: SessionManagerWithListing): WasmKeyProvider;
 
-export { type DelegateToOptions as D, FileSessionStorage as F, MemorySessionStorage as M, type NodeEventEmitterStrategy as N, type PortableDelegation as P, type RestorableSession as R, type SignStrategy as S, TinyCloudNode as T, WasmKeyProvider as W, type DelegateToResult as a, DelegatedAccess as b, NodeUserAuthorization as c, type NodeUserAuthorizationConfig as d, type TinyCloudNodeConfig as e, type WasmKeyProviderConfig as f, createWasmKeyProvider as g, defaultSignStrategy as h, deserializeDelegation as i, serializeDelegation as s };
+export { type DelegateToOptions as D, FileSessionStorage as F, MemorySessionStorage as M, type NodeEventEmitterStrategy as N, type PortableDelegation as P, type RestorableSession as R, type SignStrategy as S, TinyCloudNode as T, WasmKeyProvider as W, type DelegateToResult as a, DelegatedAccess as b, NodeUserAuthorization as c, type NodeUserAuthorizationConfig as d, type RuntimePermissionGrantOptions as e, type TinyCloudNodeConfig as f, type WasmKeyProviderConfig as g, createWasmKeyProvider as h, defaultSignStrategy as i, deserializeDelegation as j, serializeDelegation as s };

package/dist/{core-C3s0bgRe.d.ts → core-DcJ27GsA.d.ts}

@@ -1,4 +1,4 @@
-import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, Manifest, ComposedManifestRequest, ClientSession, TinyCloudSession, Extension, SignInOptions, Delegation, DelegatedResource, IKVService, ISQLService, IDuckDbService, IHooksService, INotificationHandler, IENSResolver, IDataVaultService, ISecretsService, ICapabilityKeyRegistry, DelegationManager, ISpaceService, ISpace, ISharingService, CreateDelegationParams, DelegationResult, PermissionEntry, ResolvedDelegate, KeyProvider, ISessionManager, JWK } from '@tinycloud/sdk-core';
+import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, Manifest, ComposedManifestRequest, ClientSession, TinyCloudSession, Extension, SignInOptions, Delegation, DelegatedResource, IKVService, ISQLService, IDuckDbService, IHooksService, INotificationHandler, IENSResolver, IDataVaultService, ISecretsService, ICapabilityKeyRegistry, PermissionEntry, DelegationManager, ISpaceService, ISpace, ISharingService, CreateDelegationParams, DelegationResult, ResolvedDelegate, KeyProvider, ISessionManager, JWK } from '@tinycloud/sdk-core';
 import { EventEmitter } from 'events';
 import { InvokeFunction } from '@tinycloud/sdk-services';
 
@@ -739,6 +739,13 @@ interface DelegateToResult {
     delegation: PortableDelegation;
     prompted: boolean;
 }
+/**
+ * Options for runtime permission escalation.
+ */
+interface RuntimePermissionGrantOptions {
+    /** Override expiry. ms-format string ("7d", "1h") or raw milliseconds. */
+    expiry?: string | number;
+}
 /**
  * High-level TinyCloud API for Node.js environments.
  *
@@ -785,9 +792,12 @@ declare class TinyCloudNode {
     private _sharingService;
     private _delegationManager?;
     private _spaceService?;
+    private runtimePermissionGrants;
     private get nodeFeatures();
     /** SIWE domain — uses config override or defaults to app.tinycloud.xyz */
     private get siweDomain();
+    private readonly invokeWithRuntimePermissions;
+    private readonly invokeAnyWithRuntimePermissions;
     /**
      * Create a new TinyCloudNode instance.
      *
@@ -1061,6 +1071,28 @@ declare class TinyCloudNode {
         /** Get a delegation by CID */
         get: (cid: string) => Delegation | undefined;
     };
+    /**
+     * Check whether the current session or an approved runtime delegation covers
+     * every requested permission.
+     */
+    hasRuntimePermissions(permissions: PermissionEntry[]): boolean;
+    /**
+     * Return installed runtime permission delegations. When `permissions` is
+     * provided, only delegations currently covering those permissions are
+     * returned. Base-session manifest permissions are not represented here.
+     */
+    getRuntimePermissionDelegations(permissions?: PermissionEntry[]): PortableDelegation[];
+    /**
+     * Install a portable runtime permission delegation into this SDK instance so
+     * matching service calls and downstream `delegateTo()` calls can use it.
+     */
+    useRuntimeDelegation(delegation: PortableDelegation): Promise<void>;
+    /**
+     * Store additional permissions as narrow delegations to the current session
+     * key. Future service invocations automatically use a stored delegation when
+     * its `(space, service, path, action)` covers the request.
+     */
+    grantRuntimePermissions(permissions: PermissionEntry[], options?: RuntimePermissionGrantOptions): Promise<PortableDelegation[]>;
     /**
      * Get the DelegationManager for delegation CRUD operations.
      *
@@ -1226,8 +1258,9 @@ declare class TinyCloudNode {
      * Issue a delegation using the capability-chain flow.
      *
      * When every requested permission is a subset of the current
-     * session's recap, the delegation is signed by the session key via
-     * WASM — no wallet prompt. When at least one is NOT derivable, a
+     * session's recap, or of one installed runtime permission delegation,
+     * the delegation is signed by the session key via WASM — no wallet
+     * prompt. When at least one is NOT derivable, a
      * {@link PermissionNotInManifestError} is raised (carrying the
      * missing entries) so the caller can trigger an escalation flow
      * (e.g. `TinyCloudWeb.requestPermissions`). Passing
@@ -1291,7 +1324,28 @@ declare class TinyCloudNode {
      * @internal
      */
     private createDelegationViaWasmPath;
+    private createDelegationViaRuntimeGrant;
     private resolvePermissionSpace;
+    private expandPermissionEntries;
+    private shortServiceName;
+    private permissionsToAbilities;
+    private permissionOperations;
+    private sessionCoversPermissionEntries;
+    private permissionEntriesToOperations;
+    private findRuntimeGrantsForPermissionEntries;
+    private runtimeDelegationFromSession;
+    private runtimeGrantFromDelegation;
+    private delegatedResourcesForEntries;
+    private operationsFromDelegation;
+    private flatDelegationResources;
+    private selectInvocationSession;
+    private findGrantForOperations;
+    private findGrantForOperation;
+    private pruneExpiredRuntimePermissionGrants;
+    private operationCovers;
+    private actionContains;
+    private invocationServiceName;
+    private pathContains;
     /**
      * Issue a delegation via the legacy wallet-signed SIWE path for a single
      * {@link PermissionEntry}. Shares the implementation with the public
@@ -1481,4 +1535,4 @@ declare class WasmKeyProvider implements KeyProvider {
  */
 declare function createWasmKeyProvider(sessionManager: SessionManagerWithListing): WasmKeyProvider;
 
-export { type DelegateToOptions as D, FileSessionStorage as F, MemorySessionStorage as M, type NodeEventEmitterStrategy as N, type PortableDelegation as P, type RestorableSession as R, type SignStrategy as S, TinyCloudNode as T, WasmKeyProvider as W, type DelegateToResult as a, DelegatedAccess as b, NodeUserAuthorization as c, type NodeUserAuthorizationConfig as d, type TinyCloudNodeConfig as e, type WasmKeyProviderConfig as f, createWasmKeyProvider as g, defaultSignStrategy as h, deserializeDelegation as i, serializeDelegation as s };
+export { type DelegateToOptions as D, FileSessionStorage as F, MemorySessionStorage as M, type NodeEventEmitterStrategy as N, type PortableDelegation as P, type RestorableSession as R, type SignStrategy as S, TinyCloudNode as T, WasmKeyProvider as W, type DelegateToResult as a, DelegatedAccess as b, NodeUserAuthorization as c, type NodeUserAuthorizationConfig as d, type RuntimePermissionGrantOptions as e, type TinyCloudNodeConfig as f, type WasmKeyProviderConfig as g, createWasmKeyProvider as h, defaultSignStrategy as i, deserializeDelegation as j, serializeDelegation as s };