@tinycloud/node-sdk 2.3.0 → 2.4.0-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{core-BdlIWB-K.d.cts → core-Dbzm1kA_.d.cts} +43 -0
- package/dist/{core-BdlIWB-K.d.ts → core-Dbzm1kA_.d.ts} +43 -0
- package/dist/core.cjs +100 -20
- package/dist/core.cjs.map +1 -1
- package/dist/core.d.cts +1 -1
- package/dist/core.d.ts +1 -1
- package/dist/core.js +100 -20
- package/dist/core.js.map +1 -1
- package/dist/index.cjs +100 -20
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +100 -20
- package/dist/index.js.map +1 -1
- package/package.json +2 -2
package/dist/core.d.cts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
export { ACCOUNT_REGISTRY_PATH, ACCOUNT_REGISTRY_SPACE, AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, CallbackStrategy, CanonicalAddress, CanonicalParsedNetworkId, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, ComposeManifestOptions, ComposedManifestRequest, CreateDelegationParams, DEFAULT_MANIFEST_SPACE, DEFAULT_MANIFEST_VERSION, DEFAULT_SIGNED_READ_URL_EXPIRY_MS, DataVaultConfig, DataVaultService, DatabaseHandle, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DidCacheKeyOptions, DidEqualsOptions, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, EncodedShareData, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISecretsService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IdentityParseError, IngestOptions, InvokeFunction, JWK, KVCreateSignedReadUrlOptions, KVResponse, KVService, KVServiceConfig, KVSignedReadUrlResponse, KeyInfo, KeyProvider, KeyType, Manifest, ManifestDefaults, ManifestRegistryRecord, ManifestSecretActions, ManifestValidationError, PermissionEntry, PermissionNotInManifestError, PersistedSessionData, PkhDidParts, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, ReceiveOptions, ResolvedCapabilities, ResolvedDelegate, ResolvedSecretPath, ResourceCapability, SECRET_NAME_RE, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, SecretPayload, SecretScopeOptions, SecretsError, SecretsService, ServiceContext, ServiceContextConfig, ServiceSession, SessionExpiredError, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignInOptions, SignRequest, SignResponse, SilentNotificationHandler, Space, SpaceAbilitiesMap, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, TableInfo, TelemetryConfig, TelemetryEventHandler, TinyCloud, TinyCloudConfig, TinyCloudSession, UnsupportedFeatureError, VAULT_PERMISSION_SERVICE, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VersionCheckError, ViewInfo, WasmVaultFunctions, addressStorageKey, buildSpaceUri, canonicalizeAddress, canonicalizeDid, canonicalizeDidUrl, canonicalizeNetworkId, canonicalizeSecretScope, checkNodeInfo, composeManifestRequest, createCapabilityKeyRegistry, createSharingService, createSpaceService, createVaultCrypto, defaultSpaceCreationHandler, didCacheKey, didEquals, expandActionShortNames, expandPermissionEntries, expandPermissionEntry, isCapabilitySubset, isEvmAddress, loadManifest, makePkhSpaceId, makePublicSpaceId, parseCanonicalNetworkId, parseExpiry, parsePkhDid, parseSpaceUri, pkhDid, principalDid, principalDidEquals, resolveManifest, resolveSecretListPrefix, resolveSecretPath, resourceCapabilitiesToSpaceAbilitiesMap, validateManifest } from '@tinycloud/sdk-core';
|
|
2
|
-
export { D as DelegateToOptions, a as DelegateToResult, b as DelegatedAccess, F as FileSessionStorage, M as MemorySessionStorage, N as NodeEventEmitterStrategy, c as NodeUserAuthorization, d as NodeUserAuthorizationConfig, P as PortableDelegation, e as RuntimePermissionGrantOptions, S as SignStrategy, T as TinyCloudNode, f as TinyCloudNodeConfig, W as WasmKeyProvider, g as WasmKeyProviderConfig, h as createWasmKeyProvider, i as defaultSignStrategy, j as deserializeDelegation, s as serializeDelegation } from './core-
|
|
2
|
+
export { D as DelegateToOptions, a as DelegateToResult, b as DelegatedAccess, F as FileSessionStorage, M as MemorySessionStorage, N as NodeEventEmitterStrategy, c as NodeUserAuthorization, d as NodeUserAuthorizationConfig, P as PortableDelegation, e as RuntimePermissionGrantOptions, S as SignStrategy, T as TinyCloudNode, f as TinyCloudNodeConfig, W as WasmKeyProvider, g as WasmKeyProviderConfig, h as createWasmKeyProvider, i as defaultSignStrategy, j as deserializeDelegation, s as serializeDelegation } from './core-Dbzm1kA_.cjs';
|
|
3
3
|
import 'events';
|
|
4
4
|
import '@tinycloud/sdk-services';
|
package/dist/core.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
export { ACCOUNT_REGISTRY_PATH, ACCOUNT_REGISTRY_SPACE, AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, CallbackStrategy, CanonicalAddress, CanonicalParsedNetworkId, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, ComposeManifestOptions, ComposedManifestRequest, CreateDelegationParams, DEFAULT_MANIFEST_SPACE, DEFAULT_MANIFEST_VERSION, DEFAULT_SIGNED_READ_URL_EXPIRY_MS, DataVaultConfig, DataVaultService, DatabaseHandle, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DidCacheKeyOptions, DidEqualsOptions, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, EncodedShareData, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISecretsService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IdentityParseError, IngestOptions, InvokeFunction, JWK, KVCreateSignedReadUrlOptions, KVResponse, KVService, KVServiceConfig, KVSignedReadUrlResponse, KeyInfo, KeyProvider, KeyType, Manifest, ManifestDefaults, ManifestRegistryRecord, ManifestSecretActions, ManifestValidationError, PermissionEntry, PermissionNotInManifestError, PersistedSessionData, PkhDidParts, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, ReceiveOptions, ResolvedCapabilities, ResolvedDelegate, ResolvedSecretPath, ResourceCapability, SECRET_NAME_RE, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, SecretPayload, SecretScopeOptions, SecretsError, SecretsService, ServiceContext, ServiceContextConfig, ServiceSession, SessionExpiredError, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignInOptions, SignRequest, SignResponse, SilentNotificationHandler, Space, SpaceAbilitiesMap, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, TableInfo, TelemetryConfig, TelemetryEventHandler, TinyCloud, TinyCloudConfig, TinyCloudSession, UnsupportedFeatureError, VAULT_PERMISSION_SERVICE, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VersionCheckError, ViewInfo, WasmVaultFunctions, addressStorageKey, buildSpaceUri, canonicalizeAddress, canonicalizeDid, canonicalizeDidUrl, canonicalizeNetworkId, canonicalizeSecretScope, checkNodeInfo, composeManifestRequest, createCapabilityKeyRegistry, createSharingService, createSpaceService, createVaultCrypto, defaultSpaceCreationHandler, didCacheKey, didEquals, expandActionShortNames, expandPermissionEntries, expandPermissionEntry, isCapabilitySubset, isEvmAddress, loadManifest, makePkhSpaceId, makePublicSpaceId, parseCanonicalNetworkId, parseExpiry, parsePkhDid, parseSpaceUri, pkhDid, principalDid, principalDidEquals, resolveManifest, resolveSecretListPrefix, resolveSecretPath, resourceCapabilitiesToSpaceAbilitiesMap, validateManifest } from '@tinycloud/sdk-core';
|
|
2
|
-
export { D as DelegateToOptions, a as DelegateToResult, b as DelegatedAccess, F as FileSessionStorage, M as MemorySessionStorage, N as NodeEventEmitterStrategy, c as NodeUserAuthorization, d as NodeUserAuthorizationConfig, P as PortableDelegation, e as RuntimePermissionGrantOptions, S as SignStrategy, T as TinyCloudNode, f as TinyCloudNodeConfig, W as WasmKeyProvider, g as WasmKeyProviderConfig, h as createWasmKeyProvider, i as defaultSignStrategy, j as deserializeDelegation, s as serializeDelegation } from './core-
|
|
2
|
+
export { D as DelegateToOptions, a as DelegateToResult, b as DelegatedAccess, F as FileSessionStorage, M as MemorySessionStorage, N as NodeEventEmitterStrategy, c as NodeUserAuthorization, d as NodeUserAuthorizationConfig, P as PortableDelegation, e as RuntimePermissionGrantOptions, S as SignStrategy, T as TinyCloudNode, f as TinyCloudNodeConfig, W as WasmKeyProvider, g as WasmKeyProviderConfig, h as createWasmKeyProvider, i as defaultSignStrategy, j as deserializeDelegation, s as serializeDelegation } from './core-Dbzm1kA_.js';
|
|
3
3
|
import 'events';
|
|
4
4
|
import '@tinycloud/sdk-services';
|
package/dist/core.js
CHANGED
|
@@ -1939,6 +1939,52 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
1939
1939
|
);
|
|
1940
1940
|
}
|
|
1941
1941
|
}
|
|
1942
|
+
/**
|
|
1943
|
+
* Host one of this user's owned spaces by name (e.g. `"applications"`).
|
|
1944
|
+
*
|
|
1945
|
+
* Resolves the name to the owned space URI
|
|
1946
|
+
* (`tinycloud:pkh:eip155:<chain>:<addr>:<name>`) and registers it on the
|
|
1947
|
+
* server via the host-SIWE delegation flow, so subsequent KV/SQL writes to
|
|
1948
|
+
* that space succeed instead of returning `404 - Space not found`. The
|
|
1949
|
+
* caller is the root authority of their own owned spaces, so no additional
|
|
1950
|
+
* delegation is required.
|
|
1951
|
+
*
|
|
1952
|
+
* Unlike {@link ensureOwnedSpaceHosted}, this always submits the host
|
|
1953
|
+
* delegation rather than inferring hosting from session activation: a space
|
|
1954
|
+
* the current session has never referenced is reported neither as
|
|
1955
|
+
* `activated` nor `skipped`, so activation-based detection would wrongly
|
|
1956
|
+
* skip the host. The host SIWE is idempotent server-side, so re-hosting an
|
|
1957
|
+
* existing space is a safe no-op. Must be called after {@link signIn}.
|
|
1958
|
+
*
|
|
1959
|
+
* @param name - The owned space name (e.g. `"applications"`).
|
|
1960
|
+
* @returns The hosted space URI.
|
|
1961
|
+
*/
|
|
1962
|
+
async hostOwnedSpace(name) {
|
|
1963
|
+
if (!this.auth || !this.auth.tinyCloudSession) {
|
|
1964
|
+
throw new Error("Not signed in. Call signIn() first.");
|
|
1965
|
+
}
|
|
1966
|
+
const spaceId = this.ownedSpaceId(name);
|
|
1967
|
+
const host = this.hosts[0] ?? this.config.host;
|
|
1968
|
+
if (!host) {
|
|
1969
|
+
throw new Error("Owned space hosting requires a TinyCloud host");
|
|
1970
|
+
}
|
|
1971
|
+
const hosted = await this.auth.hostOwnedSpace(
|
|
1972
|
+
spaceId
|
|
1973
|
+
);
|
|
1974
|
+
if (!hosted) {
|
|
1975
|
+
throw new Error(`Failed to host owned space: ${spaceId}`);
|
|
1976
|
+
}
|
|
1977
|
+
const activation = await activateSessionWithHost2(
|
|
1978
|
+
host,
|
|
1979
|
+
this.auth.tinyCloudSession.delegationHeader
|
|
1980
|
+
);
|
|
1981
|
+
if (!activation.success || activation.skipped?.includes(spaceId)) {
|
|
1982
|
+
throw new Error(
|
|
1983
|
+
`Failed to activate session for owned space ${spaceId}: ${activation.error ?? "space was skipped"}`
|
|
1984
|
+
);
|
|
1985
|
+
}
|
|
1986
|
+
return spaceId;
|
|
1987
|
+
}
|
|
1942
1988
|
/**
|
|
1943
1989
|
* Restore a previously established session from stored delegation data.
|
|
1944
1990
|
*
|
|
@@ -3919,6 +3965,59 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
3919
3965
|
actions
|
|
3920
3966
|
}));
|
|
3921
3967
|
}
|
|
3968
|
+
/**
|
|
3969
|
+
* Build the abilities/rawAbilities maps for a wallet-mode activation
|
|
3970
|
+
* sub-delegation from the FULL resource set of a received delegation.
|
|
3971
|
+
*
|
|
3972
|
+
* Each entry in `delegation.resources[]` is one `(service, space, path,
|
|
3973
|
+
* actions)` grant; the flat top-level `path`/`actions` mirror only the
|
|
3974
|
+
* first resource. We must reconstruct every grant so the activated
|
|
3975
|
+
* session carries all of them (e.g. both `tinycloud.kv/get` and
|
|
3976
|
+
* `tinycloud.encryption/decrypt`) — not just the primary one.
|
|
3977
|
+
*
|
|
3978
|
+
* Encryption resources are raw network URNs (space-independent) and go
|
|
3979
|
+
* into `rawAbilities`. All other resources are space-scoped and go into
|
|
3980
|
+
* `abilities` keyed by short service name. The activation `prepareSession`
|
|
3981
|
+
* call uses a single `spaceId` (`delegation.spaceId`), so every
|
|
3982
|
+
* non-encryption resource must target that same space — which is exactly
|
|
3983
|
+
* what the multi-resource issuance path enforces. A resource targeting a
|
|
3984
|
+
* different space cannot be activated in one call, so we fail loudly
|
|
3985
|
+
* rather than silently dropping it.
|
|
3986
|
+
*
|
|
3987
|
+
* @internal
|
|
3988
|
+
*/
|
|
3989
|
+
buildActivationAbilities(delegation) {
|
|
3990
|
+
var _a, _b, _c;
|
|
3991
|
+
const resources = delegation.resources !== void 0 && delegation.resources.length > 0 ? delegation.resources : this.flatDelegationResources(delegation);
|
|
3992
|
+
const abilities = {};
|
|
3993
|
+
const rawAbilities = {};
|
|
3994
|
+
const addActions = (target, actions) => {
|
|
3995
|
+
const seen = new Set(target);
|
|
3996
|
+
for (const action of actions) {
|
|
3997
|
+
if (!seen.has(action)) {
|
|
3998
|
+
target.push(action);
|
|
3999
|
+
seen.add(action);
|
|
4000
|
+
}
|
|
4001
|
+
}
|
|
4002
|
+
};
|
|
4003
|
+
for (const resource of resources) {
|
|
4004
|
+
const service = this.invocationServiceName(resource.service);
|
|
4005
|
+
if (this.isEncryptionNetworkOperation(service, resource.path)) {
|
|
4006
|
+
rawAbilities[_a = resource.path] ?? (rawAbilities[_a] = []);
|
|
4007
|
+
addActions(rawAbilities[resource.path], resource.actions);
|
|
4008
|
+
continue;
|
|
4009
|
+
}
|
|
4010
|
+
if (resource.space !== delegation.spaceId) {
|
|
4011
|
+
throw new Error(
|
|
4012
|
+
`useDelegation: resource targets space '${resource.space}' but the delegation activates space '${delegation.spaceId}'. Multi-space delegations cannot be activated in a single useDelegation call.`
|
|
4013
|
+
);
|
|
4014
|
+
}
|
|
4015
|
+
abilities[service] ?? (abilities[service] = {});
|
|
4016
|
+
(_b = abilities[service])[_c = resource.path] ?? (_b[_c] = []);
|
|
4017
|
+
addActions(abilities[service][resource.path], resource.actions);
|
|
4018
|
+
}
|
|
4019
|
+
return { abilities, rawAbilities };
|
|
4020
|
+
}
|
|
3922
4021
|
selectInvocationSession(fallback, service, path, action) {
|
|
3923
4022
|
const grant = this.findGrantForOperation({
|
|
3924
4023
|
spaceId: fallback.spaceId,
|
|
@@ -4265,26 +4364,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
4265
4364
|
throw new Error("Not signed in. Call signIn() first.");
|
|
4266
4365
|
}
|
|
4267
4366
|
const jwk = mySession.jwk;
|
|
4268
|
-
const abilities =
|
|
4269
|
-
const kvActions = delegation.actions.filter((a) => a.startsWith("tinycloud.kv/"));
|
|
4270
|
-
const sqlActions = delegation.actions.filter((a) => a.startsWith("tinycloud.sql/"));
|
|
4271
|
-
const duckdbActions = delegation.actions.filter((a) => a.startsWith("tinycloud.duckdb/"));
|
|
4272
|
-
const encryptionActions = delegation.actions.filter(
|
|
4273
|
-
(a) => a.startsWith("tinycloud.encryption/")
|
|
4274
|
-
);
|
|
4275
|
-
const rawAbilities = {};
|
|
4276
|
-
if (kvActions.length > 0) {
|
|
4277
|
-
abilities.kv = { [delegation.path]: kvActions };
|
|
4278
|
-
}
|
|
4279
|
-
if (sqlActions.length > 0) {
|
|
4280
|
-
abilities.sql = { [delegation.path]: sqlActions };
|
|
4281
|
-
}
|
|
4282
|
-
if (duckdbActions.length > 0) {
|
|
4283
|
-
abilities.duckdb = { [delegation.path]: duckdbActions };
|
|
4284
|
-
}
|
|
4285
|
-
if (encryptionActions.length > 0 && delegation.path.startsWith("urn:tinycloud:encryption:")) {
|
|
4286
|
-
rawAbilities[delegation.path] = encryptionActions;
|
|
4287
|
-
}
|
|
4367
|
+
const { abilities, rawAbilities } = this.buildActivationAbilities(delegation);
|
|
4288
4368
|
const now = /* @__PURE__ */ new Date();
|
|
4289
4369
|
const maxExpiry = new Date(now.getTime() + 60 * 60 * 1e3);
|
|
4290
4370
|
const expirationTime = delegation.expiry < maxExpiry ? delegation.expiry : maxExpiry;
|