@tinycloud/node-sdk 2.3.0-beta.2 → 2.3.0-beta.3

package/dist/{core-CWdCZ8q6.d.cts → core-CNyXnUx9.d.cts}

@@ -1406,7 +1406,6 @@ declare class TinyCloudNode {
     private findRuntimeGrantsForPermissionEntries;
     private runtimeDelegationFromSession;
     private runtimeGrantFromDelegation;
-    private didWithoutFragment;
     private installRuntimeGrantFromServiceSession;
     private delegatedResourcesForEntries;
     private operationsFromDelegation;

package/dist/{core-CWdCZ8q6.d.ts → core-CNyXnUx9.d.ts}

@@ -1406,7 +1406,6 @@ declare class TinyCloudNode {
     private findRuntimeGrantsForPermissionEntries;
     private runtimeDelegationFromSession;
     private runtimeGrantFromDelegation;
-    private didWithoutFragment;
     private installRuntimeGrantFromServiceSession;
     private delegatedResourcesForEntries;
     private operationsFromDelegation;

package/dist/core.cjs

@@ -47,6 +47,7 @@ __export(core_exports, {
   DuckDbDatabaseHandle: () => import_sdk_core12.DuckDbDatabaseHandle,
   DuckDbService: () => import_sdk_core12.DuckDbService,
   FileSessionStorage: () => FileSessionStorage,
+  IdentityParseError: () => import_sdk_core8.IdentityParseError,
   KVService: () => import_sdk_core10.KVService,
   ManifestValidationError: () => import_sdk_core9.ManifestValidationError,
   MemorySessionStorage: () => MemorySessionStorage,
@@ -73,7 +74,11 @@ __export(core_exports, {
   VaultPublicSpaceKVActions: () => import_sdk_core13.VaultPublicSpaceKVActions,
   VersionCheckError: () => import_sdk_core17.VersionCheckError,
   WasmKeyProvider: () => WasmKeyProvider,
+  addressStorageKey: () => import_sdk_core8.addressStorageKey,
   buildSpaceUri: () => import_sdk_core16.buildSpaceUri,
+  canonicalizeAddress: () => import_sdk_core8.canonicalizeAddress,
+  canonicalizeDid: () => import_sdk_core8.canonicalizeDid,
+  canonicalizeDidUrl: () => import_sdk_core8.canonicalizeDidUrl,
   canonicalizeSecretScope: () => import_sdk_core13.canonicalizeSecretScope,
   checkNodeInfo: () => import_sdk_core17.checkNodeInfo,
   composeManifestRequest: () => import_sdk_core9.composeManifestRequest,
@@ -85,14 +90,22 @@ __export(core_exports, {
   defaultSignStrategy: () => defaultSignStrategy,
   defaultSpaceCreationHandler: () => import_sdk_core8.defaultSpaceCreationHandler,
   deserializeDelegation: () => deserializeDelegation,
+  didCacheKey: () => import_sdk_core8.didCacheKey,
+  didEquals: () => import_sdk_core8.didEquals,
   expandActionShortNames: () => import_sdk_core9.expandActionShortNames,
   expandPermissionEntries: () => import_sdk_core9.expandPermissionEntries,
   expandPermissionEntry: () => import_sdk_core9.expandPermissionEntry,
   isCapabilitySubset: () => import_sdk_core9.isCapabilitySubset,
+  isEvmAddress: () => import_sdk_core8.isEvmAddress,
   loadManifest: () => import_sdk_core9.loadManifest,
+  makePkhSpaceId: () => import_sdk_core8.makePkhSpaceId,
   makePublicSpaceId: () => import_sdk_core16.makePublicSpaceId,
   parseExpiry: () => import_sdk_core9.parseExpiry,
+  parsePkhDid: () => import_sdk_core8.parsePkhDid,
   parseSpaceUri: () => import_sdk_core16.parseSpaceUri,
+  pkhDid: () => import_sdk_core8.pkhDid,
+  principalDid: () => import_sdk_core8.principalDid,
+  principalDidEquals: () => import_sdk_core8.principalDidEquals,
   resolveManifest: () => import_sdk_core9.resolveManifest,
   resolveSecretListPrefix: () => import_sdk_core13.resolveSecretListPrefix,
   resolveSecretPath: () => import_sdk_core13.resolveSecretPath,
@@ -421,15 +434,16 @@ var NodeUserAuthorization = class {
    * expired-at-epoch-zero.
    */
   setRestoredTinyCloudSession(session) {
-    this._tinyCloudSession = session;
-    this._address = session.address;
+    const address = (0, import_sdk_core2.canonicalizeAddress)(session.address);
+    this._tinyCloudSession = { ...session, address };
+    this._address = address;
     this._chainId = session.chainId;
   }
   async resolveTinyCloudHostsForSignIn(address, chainId) {
     if (this.tinycloudHosts && this.tinycloudHosts.length > 0) {
       return;
     }
-    const subject = `did:pkh:eip155:${chainId}:${address}`;
+    const subject = (0, import_sdk_core2.pkhDid)(address, chainId);
     const resolved = await (0, import_sdk_core2.resolveTinyCloudHosts)(subject, {
       registryUrl: this.tinycloudRegistryUrl,
       fallbackHosts: this.tinycloudFallbackHosts
@@ -493,19 +507,19 @@ var NodeUserAuthorization = class {
     if (space.startsWith("tinycloud:")) {
       return space;
     }
-    return this.wasm.makeSpaceId(address, chainId, space);
+    return (0, import_sdk_core2.makePkhSpaceId)(address, chainId, space);
   }
   defaultEncryptionNetworkId(address, chainId) {
-    return `urn:tinycloud:encryption:did:pkh:eip155:${chainId}:${address}:default`;
+    return `urn:tinycloud:encryption:${(0, import_sdk_core2.pkhDid)(address, chainId)}:default`;
   }
   resolveSignInCapabilities(address, chainId) {
     const request = this.getCapabilityRequest();
     if (request === void 0) {
       const defaultNetworkId = this.defaultEncryptionNetworkId(address, chainId);
-      const secretsSpaceId = this.wasm.makeSpaceId(address, chainId, "secrets");
+      const secretsSpaceId = (0, import_sdk_core2.makePkhSpaceId)(address, chainId, "secrets");
       return {
         abilities: this.defaultActions,
-        spaceId: this.wasm.makeSpaceId(address, chainId, this.spacePrefix),
+        spaceId: (0, import_sdk_core2.makePkhSpaceId)(address, chainId, this.spacePrefix),
         spaceAbilities: {
           [secretsSpaceId]: {
             kv: {
@@ -767,9 +781,9 @@ var NodeUserAuthorization = class {
    * @param options - Optional per-call SIWE overrides for this sign-in only
    */
   async signIn(options) {
-    this._address = await this.signer.getAddress();
+    this._address = (0, import_sdk_core2.canonicalizeAddress)(await this.signer.getAddress());
     this._chainId = await this.signer.getChainId();
-    const address = this.wasm.ensureEip55(this._address);
+    const address = this._address;
     const chainId = this._chainId;
     await this.resolveTinyCloudHostsForSignIn(address, chainId);
     const keyId = `session-${Date.now()}`;
@@ -814,7 +828,7 @@ var NodeUserAuthorization = class {
       siwe: prepared.siwe,
       signature
     };
-    const spacesMetadata = this.enablePublicSpace ? { public: this.wasm.makeSpaceId(address, chainId, "public") } : void 0;
+    const spacesMetadata = this.enablePublicSpace ? { public: (0, import_sdk_core2.makePkhSpaceId)(address, chainId, "public") } : void 0;
     const tinyCloudSession = {
       address,
       chainId,
@@ -889,7 +903,7 @@ var NodeUserAuthorization = class {
    */
   async signMessage(message) {
     if (!this._address) {
-      this._address = await this.signer.getAddress();
+      this._address = (0, import_sdk_core2.canonicalizeAddress)(await this.signer.getAddress());
     }
     if (!this._chainId) {
       this._chainId = await this.signer.getChainId();
@@ -916,7 +930,7 @@ var NodeUserAuthorization = class {
    * ```
    */
   async prepareSessionForSigning() {
-    const address = this.wasm.ensureEip55(await this.signer.getAddress());
+    const address = (0, import_sdk_core2.canonicalizeAddress)(await this.signer.getAddress());
     const chainId = await this.signer.getChainId();
     const keyId = `session-${Date.now()}`;
     this.sessionManager.renameSessionKeyId("default", keyId);
@@ -966,7 +980,7 @@ var NodeUserAuthorization = class {
       ...prepared,
       signature
     });
-    const address = this.wasm.ensureEip55(await this.signer.getAddress());
+    const address = (0, import_sdk_core2.canonicalizeAddress)(await this.signer.getAddress());
     const chainId = await this.signer.getChainId();
     await this.resolveTinyCloudHostsForSignIn(address, chainId);
     const clientSession = {
@@ -977,7 +991,7 @@ var NodeUserAuthorization = class {
       siwe: prepared.siwe,
       signature
     };
-    const spacesMetadata = this.enablePublicSpace ? { public: this.wasm.makeSpaceId(address, chainId, "public") } : void 0;
+    const spacesMetadata = this.enablePublicSpace ? { public: (0, import_sdk_core2.makePkhSpaceId)(address, chainId, "public") } : void 0;
     const tinyCloudSession = {
       address,
       chainId,
@@ -1507,6 +1521,13 @@ var NETWORK_CREATE_ACTION = "tinycloud.encryption/network.create";
 var DECRYPT_ACTION = "tinycloud.encryption/decrypt";
 var NETWORK_ADMIN_TYPE = "tinycloud.encryption.network-admin/v1";
 var DEFAULT_SESSION_EXPIRATION_MS = import_sdk_core6.EXPIRY.SESSION_MS;
+function didPrincipalMatches(actual, expected) {
+  try {
+    return (0, import_sdk_core6.principalDidEquals)(actual, expected);
+  } catch {
+    return actual === expected;
+  }
+}
 function base64UrlEncode(bytes) {
   const alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
   let output = "";
@@ -1803,7 +1824,7 @@ var _TinyCloudNode = class _TinyCloudNode {
    */
   get did() {
     if (this._address) {
-      return `did:pkh:eip155:${this._chainId}:${this._address}`;
+      return (0, import_sdk_core6.pkhDid)(this._address, this._chainId);
     }
     return this.sessionManager.getDID(this.sessionKeyId);
   }
@@ -1820,7 +1841,7 @@ var _TinyCloudNode = class _TinyCloudNode {
    * Get the Ethereum address for this user.
    */
   get address() {
-    return this._address;
+    return this.auth?.address() ?? this._address;
   }
   /**
    * Check if this instance is in session-only mode (no wallet).
@@ -1858,7 +1879,7 @@ var _TinyCloudNode = class _TinyCloudNode {
       );
     }
     await this.wasmBindings.ensureInitialized?.();
-    this._address = await this.signer.getAddress();
+    this._address = (0, import_sdk_core6.canonicalizeAddress)(await this.signer.getAddress());
     this._chainId = await this.signer.getChainId();
     this._kv = void 0;
     this._sql = void 0;
@@ -1965,8 +1986,9 @@ var _TinyCloudNode = class _TinyCloudNode {
     this._spaceService = void 0;
     this._serviceContext = void 0;
     this.runtimePermissionGrants = [];
-    if (sessionData.address) {
-      this._address = sessionData.address;
+    const restoredAddress = sessionData.address ? (0, import_sdk_core6.canonicalizeAddress)(sessionData.address) : void 0;
+    if (restoredAddress) {
+      this._address = restoredAddress;
     }
     if (sessionData.chainId) {
       this._chainId = sessionData.chainId;
@@ -2001,9 +2023,9 @@ var _TinyCloudNode = class _TinyCloudNode {
     this._vault.initialize(this._serviceContext);
     this._serviceContext.registerService("vault", this._vault);
     this.initializeV2Services(serviceSession);
-    if (sessionData.siwe && sessionData.address && sessionData.chainId) {
+    if (sessionData.siwe && restoredAddress && sessionData.chainId) {
       const tcSession = {
-        address: sessionData.address,
+        address: restoredAddress,
         chainId: sessionData.chainId,
         sessionKey: JSON.stringify(sessionData.jwk),
         spaceId: sessionData.spaceId,
@@ -2342,8 +2364,8 @@ var _TinyCloudNode = class _TinyCloudNode {
         fetchByNetworkId: (networkId) => this.getEncryptionNetwork(networkId)
       },
       wellKnown: {
-        fetchWellKnown: async (ownerDid, discoveryKey) => {
-          if (!this._address || ownerDid !== this.did) {
+        fetchWellKnown: async (principal, discoveryKey) => {
+          if (!this._address || !didPrincipalMatches(principal, this.did)) {
             return null;
           }
           if (!this.config.host) {
@@ -2667,7 +2689,7 @@ var _TinyCloudNode = class _TinyCloudNode {
       return {
         cid: delegationSession.delegationCid,
         delegateDID: params.shareKeyDID,
-        delegatorDID: `did:pkh:eip155:${session.chainId}:${session.address}`,
+        delegatorDID: (0, import_sdk_core6.pkhDid)(session.address, session.chainId),
         spaceId: params.spaceId,
         path: params.path,
         actions: params.actions,
@@ -2999,13 +3021,8 @@ var _TinyCloudNode = class _TinyCloudNode {
     if (delegation.expiry.getTime() <= Date.now()) {
       throw new import_sdk_core6.SessionExpiredError(delegation.expiry);
     }
-    const expectedDids = /* @__PURE__ */ new Set([
-      session.verificationMethod,
-      this.didWithoutFragment(session.verificationMethod),
-      this.sessionDid,
-      this.didWithoutFragment(this.sessionDid)
-    ]);
-    if (!expectedDids.has(delegation.delegateDID)) {
+    const expectedDids = [session.verificationMethod, this.sessionDid];
+    if (!expectedDids.some((did) => didPrincipalMatches(delegation.delegateDID, did))) {
       throw new Error(
         `Runtime delegation targets ${delegation.delegateDID} but this session key is ${session.verificationMethod}.`
       );
@@ -3532,7 +3549,9 @@ var _TinyCloudNode = class _TinyCloudNode {
         "materializeDelegation requires a composed manifest request"
       );
     }
-    const target = request.delegationTargets.find((entry) => entry.did === did);
+    const target = request.delegationTargets.find(
+      (entry) => didPrincipalMatches(entry.did, did)
+    );
     if (!target) {
       throw new Error(`No manifest delegation target found for DID ${did}`);
     }
@@ -3840,10 +3859,6 @@ var _TinyCloudNode = class _TinyCloudNode {
       expiresAt: delegation.expiry
     };
   }
-  didWithoutFragment(did) {
-    const fragment = did.indexOf("#");
-    return fragment === -1 ? did : did.slice(0, fragment);
-  }
   installRuntimeGrantFromServiceSession(delegation, session, expiresAt) {
     const operations = this.operationsFromDelegation(delegation);
     if (operations.length === 0) {
@@ -4039,7 +4054,7 @@ var _TinyCloudNode = class _TinyCloudNode {
     if (resolvedDelegateDID.endsWith(".eth") && this.config.ensResolver) {
       const address = await this.config.ensResolver.resolveAddress(resolvedDelegateDID);
       if (!address) throw new Error(`Could not resolve ENS name: ${resolvedDelegateDID}`);
-      resolvedDelegateDID = `did:pkh:eip155:1:${address}`;
+      resolvedDelegateDID = (0, import_sdk_core6.pkhDid)(address, 1);
     }
     const entries = legacyParamsToPermissionEntries(
       params.actions,
@@ -4196,7 +4211,7 @@ var _TinyCloudNode = class _TinyCloudNode {
     const targetHost = delegation.host ?? this.config.host;
     if (this.isSessionOnly) {
       const myDid = this.did;
-      if (delegation.delegateDID !== myDid) {
+      if (!didPrincipalMatches(delegation.delegateDID, myDid)) {
         throw new Error(
           `Delegation targets ${delegation.delegateDID} but this user's DID is ${myDid}. The delegation must target this user's DID.`
         );
@@ -4457,6 +4472,7 @@ var import_sdk_core18 = require("@tinycloud/sdk-core");
   DuckDbDatabaseHandle,
   DuckDbService,
   FileSessionStorage,
+  IdentityParseError,
   KVService,
   ManifestValidationError,
   MemorySessionStorage,
@@ -4483,7 +4499,11 @@ var import_sdk_core18 = require("@tinycloud/sdk-core");
   VaultPublicSpaceKVActions,
   VersionCheckError,
   WasmKeyProvider,
+  addressStorageKey,
   buildSpaceUri,
+  canonicalizeAddress,
+  canonicalizeDid,
+  canonicalizeDidUrl,
   canonicalizeSecretScope,
   checkNodeInfo,
   composeManifestRequest,
@@ -4495,14 +4515,22 @@ var import_sdk_core18 = require("@tinycloud/sdk-core");
   defaultSignStrategy,
   defaultSpaceCreationHandler,
   deserializeDelegation,
+  didCacheKey,
+  didEquals,
   expandActionShortNames,
   expandPermissionEntries,
   expandPermissionEntry,
   isCapabilitySubset,
+  isEvmAddress,
   loadManifest,
+  makePkhSpaceId,
   makePublicSpaceId,
   parseExpiry,
+  parsePkhDid,
   parseSpaceUri,
+  pkhDid,
+  principalDid,
+  principalDidEquals,
   resolveManifest,
   resolveSecretListPrefix,
   resolveSecretPath,