@tinycloud/node-sdk 2.3.1-beta.0 → 2.4.0-beta.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{core-D2hPECHW.d.cts → core-DiVEwp2P.d.cts} +125 -4
- package/dist/{core-D2hPECHW.d.ts → core-DiVEwp2P.d.ts} +125 -4
- package/dist/core.cjs +421 -216
- package/dist/core.cjs.map +1 -1
- package/dist/core.d.cts +2 -2
- package/dist/core.d.ts +2 -2
- package/dist/core.js +250 -43
- package/dist/core.js.map +1 -1
- package/dist/index.cjs +492 -259
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +2 -2
- package/dist/index.d.ts +2 -2
- package/dist/index.js +281 -47
- package/dist/index.js.map +1 -1
- package/package.json +2 -2
package/dist/index.d.cts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { ISigner, Bytes, IWasmBindings, ISessionManager } from '@tinycloud/sdk-core';
|
|
2
|
-
export { ACCOUNT_REGISTRY_PATH, ACCOUNT_REGISTRY_SPACE, AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, BuildCanonicalDecryptRequestInput, BuildDecryptFactsInput, BuildDecryptInvocationInput, BuiltDecryptInvocation, CallbackStrategy, CanonicalAddress, CanonicalDecryptRequest, CanonicalJson, CanonicalParsedNetworkId, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, ComposeManifestOptions, ComposedManifestRequest, CreateDelegationParams, DECRYPT_ACTION, DECRYPT_FACT_TYPE, DECRYPT_RESULT_TYPE, DEFAULT_ENCRYPTION_ALG, DEFAULT_KEY_VERSION, DEFAULT_MANIFEST_SPACE, DEFAULT_MANIFEST_VERSION, DEFAULT_SIGNED_READ_URL_EXPIRY_MS, DataVaultConfig, DataVaultService, DatabaseHandle, DecryptCapabilityProof, DecryptEnvelopeOptions, DecryptInvocationFact, DecryptInvocationSigner, DecryptRequestBody, DecryptResponseBody, DecryptTransport, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DidCacheKeyOptions, DidEqualsOptions, DiscoverNetworkInput, DiscoveredNetwork, DiscoverySource, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, ENCRYPTION_NETWORK_URN_PREFIX, ENCRYPTION_SERVICE, ENCRYPTION_SERVICE_SHORT, ENVELOPE_VERSION, EncodedShareData, EncryptToNetworkInput, EncryptToNetworkOptions, EncryptToNetworkResult, EncryptionCrypto, EncryptionError, EncryptionErrorInput, EncryptionService, EncryptionServiceConfig, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, HookEvent, HookServiceName, HookStreamEvent, HookSubscription, HookWebhookListOptions, HookWebhookRecord, HookWebhookRegistration, HookWebhookScope, HookWebhookUnregisterOptions, HooksService, HooksServiceConfig, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IEncryptionService, IHooksService, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISecretsService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IdentityParseError, IngestOptions, InlineEncryptedEnvelope, InvokeFunction, JWK, KVCreateSignedReadUrlOptions, KVResponse, KVService, KVServiceConfig, KVSignedReadUrlResponse, KeyInfo, KeyProvider, KeyType, Manifest, ManifestDefaults, ManifestRegistryRecord, ManifestSecretActions, ManifestValidationError, NETWORK_NAME_PATTERN, NetworkDescriptor, NetworkIdError, NodeDescriptorFetcher, ParsedNetworkId, PermissionEntry, PermissionNotInManifestError, PersistedSessionData, PkhDidParts, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, RandomReceiverKeyInput, ReceiveOptions, ReceiverKeyPair, ReceiverKeySigner, ResolvedCapabilities, ResolvedDelegate, ResolvedSecretPath, ResourceCapability, SECRET_NAME_RE, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, SecretPayload, SecretScopeOptions, SecretsError, SecretsService, ServiceContext, ServiceContextConfig, ServiceSession, SessionExpiredError, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignInOptions, SignRequest, SignResponse, SignedReceiverKeyInput, SilentNotificationHandler, Space, SpaceAbilitiesMap, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, SubscribeOptions, TableInfo, TelemetryConfig, TelemetryEventHandler, TinyCloud, TinyCloudConfig, TinyCloudSession, UnsupportedFeatureError, VAULT_PERMISSION_SERVICE, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VerifyDecryptResponseInput, VersionCheckError, ViewInfo, WasmVaultFunctions, WellKnownDescriptorFetcher, addressStorageKey, buildCanonicalDecryptRequest, buildDecryptAttenuation, buildDecryptFacts, buildDecryptInvocation, buildNetworkId, buildSpaceUri, canonicalHashHex, canonicalSignedResponse, canonicalizeAddress, canonicalizeDid, canonicalizeDidUrl, canonicalizeEncryptionJson, canonicalizeNetworkId, canonicalizeSecretScope, checkDecryptInvocationInput, checkNodeInfo, composeManifestRequest, createCapabilityKeyRegistry, createSharingService, createSpaceService, createVaultCrypto, decryptEnvelopeWithKey, defaultSpaceCreationHandler, deriveSignedReceiverKey, didCacheKey, didEquals, discoverNetwork, encryptToNetwork, encryptionBase64Decode, encryptionBase64Encode, encryptionError, encryptionUtf8Decode, encryptionUtf8Encode, ensureNetworkUsableForDecrypt, expandActionShortNames, expandPermissionEntries, expandPermissionEntry, generateRandomReceiverKey, hexDecode, hexEncode, isCapabilitySubset, isEvmAddress, isNetworkId, loadManifest, makePkhSpaceId, makePublicSpaceId, networkDiscoveryKey, openWrappedKey, parseCanonicalNetworkId, parseExpiry, parseNetworkId, parsePkhDid, parseSpaceUri, pkhDid, principalDid, principalDidEquals, resolveManifest, resolveSecretListPrefix, resolveSecretPath, resourceCapabilitiesToSpaceAbilitiesMap, validateEnvelope, validateManifest, verifyDecryptResponse } from '@tinycloud/sdk-core';
|
|
3
|
-
export { D as DelegateToOptions,
|
|
2
|
+
export { ACCOUNT_REGISTRY_PATH, ACCOUNT_REGISTRY_SPACE, AccountApplication, AccountApplicationListOptions, AccountDelegation, AccountDelegationListOptions, AccountDelegationRevokeOptions, AccountIndexRebuildResult, AccountIndexStatus, AccountIndexedReadOptions, AccountService, AccountServiceConfig, AccountSpace, AccountSpaceListOptions, AccountStatus, AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, BuildCanonicalDecryptRequestInput, BuildDecryptFactsInput, BuildDecryptInvocationInput, BuiltDecryptInvocation, CallbackStrategy, CanonicalAddress, CanonicalDecryptRequest, CanonicalJson, CanonicalParsedNetworkId, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, ComposeManifestOptions, ComposedManifestRequest, CreateDelegationParams, DECRYPT_ACTION, DECRYPT_FACT_TYPE, DECRYPT_RESULT_TYPE, DEFAULT_ENCRYPTION_ALG, DEFAULT_KEY_VERSION, DEFAULT_MANIFEST_SPACE, DEFAULT_MANIFEST_VERSION, DEFAULT_SIGNED_READ_URL_EXPIRY_MS, DataVaultConfig, DataVaultService, DatabaseHandle, DecryptCapabilityProof, DecryptEnvelopeOptions, DecryptInvocationFact, DecryptInvocationSigner, DecryptRequestBody, DecryptResponseBody, DecryptTransport, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DidCacheKeyOptions, DidEqualsOptions, DiscoverNetworkInput, DiscoveredNetwork, DiscoverySource, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, ENCRYPTION_NETWORK_URN_PREFIX, ENCRYPTION_SERVICE, ENCRYPTION_SERVICE_SHORT, ENVELOPE_VERSION, EncodedShareData, EncryptToNetworkInput, EncryptToNetworkOptions, EncryptToNetworkResult, EncryptionCrypto, EncryptionError, EncryptionErrorInput, EncryptionService, EncryptionServiceConfig, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, HookEvent, HookServiceName, HookStreamEvent, HookSubscription, HookWebhookListOptions, HookWebhookRecord, HookWebhookRegistration, HookWebhookScope, HookWebhookUnregisterOptions, HooksService, HooksServiceConfig, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IEncryptionService, IHooksService, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISecretsService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IdentityParseError, IngestOptions, InlineEncryptedEnvelope, InvokeFunction, JWK, KVCreateSignedReadUrlOptions, KVResponse, KVService, KVServiceConfig, KVSignedReadUrlResponse, KeyInfo, KeyProvider, KeyType, Manifest, ManifestDefaults, ManifestRegistryRecord, ManifestSecretActions, ManifestValidationError, NETWORK_NAME_PATTERN, NetworkDescriptor, NetworkIdError, NodeDescriptorFetcher, ParsedNetworkId, PermissionEntry, PermissionNotInManifestError, PersistedSessionData, PkhDidParts, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, RandomReceiverKeyInput, ReceiveOptions, ReceiverKeyPair, ReceiverKeySigner, ResolvedCapabilities, ResolvedDelegate, ResolvedSecretPath, ResourceCapability, SECRET_NAME_RE, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, SecretPayload, SecretScopeOptions, SecretsError, SecretsService, ServiceContext, ServiceContextConfig, ServiceSession, SessionExpiredError, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignInOptions, SignRequest, SignResponse, SignedReceiverKeyInput, SilentNotificationHandler, Space, SpaceAbilitiesMap, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, SubscribeOptions, TableInfo, TelemetryConfig, TelemetryEventHandler, TinyCloud, TinyCloudConfig, TinyCloudSession, UnsupportedFeatureError, VAULT_PERMISSION_SERVICE, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VerifyDecryptResponseInput, VersionCheckError, ViewInfo, WasmVaultFunctions, WellKnownDescriptorFetcher, addressStorageKey, buildCanonicalDecryptRequest, buildDecryptAttenuation, buildDecryptFacts, buildDecryptInvocation, buildNetworkId, buildSpaceUri, canonicalHashHex, canonicalSignedResponse, canonicalizeAddress, canonicalizeDid, canonicalizeDidUrl, canonicalizeEncryptionJson, canonicalizeNetworkId, canonicalizeSecretScope, checkDecryptInvocationInput, checkNodeInfo, composeManifestRequest, createCapabilityKeyRegistry, createSharingService, createSpaceService, createVaultCrypto, decryptEnvelopeWithKey, defaultSpaceCreationHandler, deriveSignedReceiverKey, didCacheKey, didEquals, discoverNetwork, encryptToNetwork, encryptionBase64Decode, encryptionBase64Encode, encryptionError, encryptionUtf8Decode, encryptionUtf8Encode, ensureNetworkUsableForDecrypt, expandActionShortNames, expandPermissionEntries, expandPermissionEntry, generateRandomReceiverKey, hexDecode, hexEncode, isCapabilitySubset, isEvmAddress, isNetworkId, loadManifest, makePkhSpaceId, makePublicSpaceId, networkDiscoveryKey, openWrappedKey, parseCanonicalNetworkId, parseExpiry, parseNetworkId, parsePkhDid, parseSpaceUri, pkhDid, principalDid, principalDidEquals, resolveManifest, resolveSecretListPrefix, resolveSecretPath, resourceCapabilitiesToSpaceAbilitiesMap, validateEnvelope, validateManifest, verifyDecryptResponse } from '@tinycloud/sdk-core';
|
|
3
|
+
export { A as AuthDelegationArtifact, a as AuthRequestArtifact, D as DelegateToOptions, b as DelegateToResult, c as DelegatedAccess, d as DelegationAuthority, F as FileSessionStorage, M as MemorySessionStorage, N as NodeEventEmitterStrategy, e as NodeUserAuthorization, f as NodeUserAuthorizationConfig, P as PortableDelegation, R as RestorableSession, g as RuntimePermissionGrantOptions, S as SignStrategy, T as TinyCloudNode, h as TinyCloudNodeConfig, W as WasmKeyProvider, i as WasmKeyProviderConfig, j as createWasmKeyProvider, k as defaultSignStrategy, l as deserializeDelegation, m as grantAuthRequest, s as serializeDelegation } from './core-DiVEwp2P.cjs';
|
|
4
4
|
import { invoke, invokeAny, computeCid, prepareSession, completeSessionSetup, ensureEip55, makeSpaceId, createDelegation, parseRecapFromSiwe, generateHostSIWEMessage, siweToDelegationHeaders, protocolVersion, vault_encrypt, vault_decrypt, vault_derive_key, vault_x25519_from_seed, vault_x25519_dh, vault_random_bytes, vault_sha256 } from '@tinycloud/node-sdk-wasm';
|
|
5
5
|
import 'events';
|
|
6
6
|
import '@tinycloud/sdk-services';
|
package/dist/index.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { ISigner, Bytes, IWasmBindings, ISessionManager } from '@tinycloud/sdk-core';
|
|
2
|
-
export { ACCOUNT_REGISTRY_PATH, ACCOUNT_REGISTRY_SPACE, AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, BuildCanonicalDecryptRequestInput, BuildDecryptFactsInput, BuildDecryptInvocationInput, BuiltDecryptInvocation, CallbackStrategy, CanonicalAddress, CanonicalDecryptRequest, CanonicalJson, CanonicalParsedNetworkId, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, ComposeManifestOptions, ComposedManifestRequest, CreateDelegationParams, DECRYPT_ACTION, DECRYPT_FACT_TYPE, DECRYPT_RESULT_TYPE, DEFAULT_ENCRYPTION_ALG, DEFAULT_KEY_VERSION, DEFAULT_MANIFEST_SPACE, DEFAULT_MANIFEST_VERSION, DEFAULT_SIGNED_READ_URL_EXPIRY_MS, DataVaultConfig, DataVaultService, DatabaseHandle, DecryptCapabilityProof, DecryptEnvelopeOptions, DecryptInvocationFact, DecryptInvocationSigner, DecryptRequestBody, DecryptResponseBody, DecryptTransport, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DidCacheKeyOptions, DidEqualsOptions, DiscoverNetworkInput, DiscoveredNetwork, DiscoverySource, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, ENCRYPTION_NETWORK_URN_PREFIX, ENCRYPTION_SERVICE, ENCRYPTION_SERVICE_SHORT, ENVELOPE_VERSION, EncodedShareData, EncryptToNetworkInput, EncryptToNetworkOptions, EncryptToNetworkResult, EncryptionCrypto, EncryptionError, EncryptionErrorInput, EncryptionService, EncryptionServiceConfig, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, HookEvent, HookServiceName, HookStreamEvent, HookSubscription, HookWebhookListOptions, HookWebhookRecord, HookWebhookRegistration, HookWebhookScope, HookWebhookUnregisterOptions, HooksService, HooksServiceConfig, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IEncryptionService, IHooksService, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISecretsService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IdentityParseError, IngestOptions, InlineEncryptedEnvelope, InvokeFunction, JWK, KVCreateSignedReadUrlOptions, KVResponse, KVService, KVServiceConfig, KVSignedReadUrlResponse, KeyInfo, KeyProvider, KeyType, Manifest, ManifestDefaults, ManifestRegistryRecord, ManifestSecretActions, ManifestValidationError, NETWORK_NAME_PATTERN, NetworkDescriptor, NetworkIdError, NodeDescriptorFetcher, ParsedNetworkId, PermissionEntry, PermissionNotInManifestError, PersistedSessionData, PkhDidParts, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, RandomReceiverKeyInput, ReceiveOptions, ReceiverKeyPair, ReceiverKeySigner, ResolvedCapabilities, ResolvedDelegate, ResolvedSecretPath, ResourceCapability, SECRET_NAME_RE, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, SecretPayload, SecretScopeOptions, SecretsError, SecretsService, ServiceContext, ServiceContextConfig, ServiceSession, SessionExpiredError, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignInOptions, SignRequest, SignResponse, SignedReceiverKeyInput, SilentNotificationHandler, Space, SpaceAbilitiesMap, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, SubscribeOptions, TableInfo, TelemetryConfig, TelemetryEventHandler, TinyCloud, TinyCloudConfig, TinyCloudSession, UnsupportedFeatureError, VAULT_PERMISSION_SERVICE, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VerifyDecryptResponseInput, VersionCheckError, ViewInfo, WasmVaultFunctions, WellKnownDescriptorFetcher, addressStorageKey, buildCanonicalDecryptRequest, buildDecryptAttenuation, buildDecryptFacts, buildDecryptInvocation, buildNetworkId, buildSpaceUri, canonicalHashHex, canonicalSignedResponse, canonicalizeAddress, canonicalizeDid, canonicalizeDidUrl, canonicalizeEncryptionJson, canonicalizeNetworkId, canonicalizeSecretScope, checkDecryptInvocationInput, checkNodeInfo, composeManifestRequest, createCapabilityKeyRegistry, createSharingService, createSpaceService, createVaultCrypto, decryptEnvelopeWithKey, defaultSpaceCreationHandler, deriveSignedReceiverKey, didCacheKey, didEquals, discoverNetwork, encryptToNetwork, encryptionBase64Decode, encryptionBase64Encode, encryptionError, encryptionUtf8Decode, encryptionUtf8Encode, ensureNetworkUsableForDecrypt, expandActionShortNames, expandPermissionEntries, expandPermissionEntry, generateRandomReceiverKey, hexDecode, hexEncode, isCapabilitySubset, isEvmAddress, isNetworkId, loadManifest, makePkhSpaceId, makePublicSpaceId, networkDiscoveryKey, openWrappedKey, parseCanonicalNetworkId, parseExpiry, parseNetworkId, parsePkhDid, parseSpaceUri, pkhDid, principalDid, principalDidEquals, resolveManifest, resolveSecretListPrefix, resolveSecretPath, resourceCapabilitiesToSpaceAbilitiesMap, validateEnvelope, validateManifest, verifyDecryptResponse } from '@tinycloud/sdk-core';
|
|
3
|
-
export { D as DelegateToOptions,
|
|
2
|
+
export { ACCOUNT_REGISTRY_PATH, ACCOUNT_REGISTRY_SPACE, AccountApplication, AccountApplicationListOptions, AccountDelegation, AccountDelegationListOptions, AccountDelegationRevokeOptions, AccountIndexRebuildResult, AccountIndexStatus, AccountIndexedReadOptions, AccountService, AccountServiceConfig, AccountSpace, AccountSpaceListOptions, AccountStatus, AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, BuildCanonicalDecryptRequestInput, BuildDecryptFactsInput, BuildDecryptInvocationInput, BuiltDecryptInvocation, CallbackStrategy, CanonicalAddress, CanonicalDecryptRequest, CanonicalJson, CanonicalParsedNetworkId, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, ComposeManifestOptions, ComposedManifestRequest, CreateDelegationParams, DECRYPT_ACTION, DECRYPT_FACT_TYPE, DECRYPT_RESULT_TYPE, DEFAULT_ENCRYPTION_ALG, DEFAULT_KEY_VERSION, DEFAULT_MANIFEST_SPACE, DEFAULT_MANIFEST_VERSION, DEFAULT_SIGNED_READ_URL_EXPIRY_MS, DataVaultConfig, DataVaultService, DatabaseHandle, DecryptCapabilityProof, DecryptEnvelopeOptions, DecryptInvocationFact, DecryptInvocationSigner, DecryptRequestBody, DecryptResponseBody, DecryptTransport, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DidCacheKeyOptions, DidEqualsOptions, DiscoverNetworkInput, DiscoveredNetwork, DiscoverySource, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, ENCRYPTION_NETWORK_URN_PREFIX, ENCRYPTION_SERVICE, ENCRYPTION_SERVICE_SHORT, ENVELOPE_VERSION, EncodedShareData, EncryptToNetworkInput, EncryptToNetworkOptions, EncryptToNetworkResult, EncryptionCrypto, EncryptionError, EncryptionErrorInput, EncryptionService, EncryptionServiceConfig, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, HookEvent, HookServiceName, HookStreamEvent, HookSubscription, HookWebhookListOptions, HookWebhookRecord, HookWebhookRegistration, HookWebhookScope, HookWebhookUnregisterOptions, HooksService, HooksServiceConfig, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IEncryptionService, IHooksService, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISecretsService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IdentityParseError, IngestOptions, InlineEncryptedEnvelope, InvokeFunction, JWK, KVCreateSignedReadUrlOptions, KVResponse, KVService, KVServiceConfig, KVSignedReadUrlResponse, KeyInfo, KeyProvider, KeyType, Manifest, ManifestDefaults, ManifestRegistryRecord, ManifestSecretActions, ManifestValidationError, NETWORK_NAME_PATTERN, NetworkDescriptor, NetworkIdError, NodeDescriptorFetcher, ParsedNetworkId, PermissionEntry, PermissionNotInManifestError, PersistedSessionData, PkhDidParts, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, RandomReceiverKeyInput, ReceiveOptions, ReceiverKeyPair, ReceiverKeySigner, ResolvedCapabilities, ResolvedDelegate, ResolvedSecretPath, ResourceCapability, SECRET_NAME_RE, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, SecretPayload, SecretScopeOptions, SecretsError, SecretsService, ServiceContext, ServiceContextConfig, ServiceSession, SessionExpiredError, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignInOptions, SignRequest, SignResponse, SignedReceiverKeyInput, SilentNotificationHandler, Space, SpaceAbilitiesMap, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, SubscribeOptions, TableInfo, TelemetryConfig, TelemetryEventHandler, TinyCloud, TinyCloudConfig, TinyCloudSession, UnsupportedFeatureError, VAULT_PERMISSION_SERVICE, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VerifyDecryptResponseInput, VersionCheckError, ViewInfo, WasmVaultFunctions, WellKnownDescriptorFetcher, addressStorageKey, buildCanonicalDecryptRequest, buildDecryptAttenuation, buildDecryptFacts, buildDecryptInvocation, buildNetworkId, buildSpaceUri, canonicalHashHex, canonicalSignedResponse, canonicalizeAddress, canonicalizeDid, canonicalizeDidUrl, canonicalizeEncryptionJson, canonicalizeNetworkId, canonicalizeSecretScope, checkDecryptInvocationInput, checkNodeInfo, composeManifestRequest, createCapabilityKeyRegistry, createSharingService, createSpaceService, createVaultCrypto, decryptEnvelopeWithKey, defaultSpaceCreationHandler, deriveSignedReceiverKey, didCacheKey, didEquals, discoverNetwork, encryptToNetwork, encryptionBase64Decode, encryptionBase64Encode, encryptionError, encryptionUtf8Decode, encryptionUtf8Encode, ensureNetworkUsableForDecrypt, expandActionShortNames, expandPermissionEntries, expandPermissionEntry, generateRandomReceiverKey, hexDecode, hexEncode, isCapabilitySubset, isEvmAddress, isNetworkId, loadManifest, makePkhSpaceId, makePublicSpaceId, networkDiscoveryKey, openWrappedKey, parseCanonicalNetworkId, parseExpiry, parseNetworkId, parsePkhDid, parseSpaceUri, pkhDid, principalDid, principalDidEquals, resolveManifest, resolveSecretListPrefix, resolveSecretPath, resourceCapabilitiesToSpaceAbilitiesMap, validateEnvelope, validateManifest, verifyDecryptResponse } from '@tinycloud/sdk-core';
|
|
3
|
+
export { A as AuthDelegationArtifact, a as AuthRequestArtifact, D as DelegateToOptions, b as DelegateToResult, c as DelegatedAccess, d as DelegationAuthority, F as FileSessionStorage, M as MemorySessionStorage, N as NodeEventEmitterStrategy, e as NodeUserAuthorization, f as NodeUserAuthorizationConfig, P as PortableDelegation, R as RestorableSession, g as RuntimePermissionGrantOptions, S as SignStrategy, T as TinyCloudNode, h as TinyCloudNodeConfig, W as WasmKeyProvider, i as WasmKeyProviderConfig, j as createWasmKeyProvider, k as defaultSignStrategy, l as deserializeDelegation, m as grantAuthRequest, s as serializeDelegation } from './core-DiVEwp2P.js';
|
|
4
4
|
import { invoke, invokeAny, computeCid, prepareSession, completeSessionSetup, ensureEip55, makeSpaceId, createDelegation, parseRecapFromSiwe, generateHostSIWEMessage, siweToDelegationHeaders, protocolVersion, vault_encrypt, vault_decrypt, vault_derive_key, vault_x25519_from_seed, vault_x25519_dh, vault_random_bytes, vault_sha256 } from '@tinycloud/node-sdk-wasm';
|
|
5
5
|
import 'events';
|
|
6
6
|
import '@tinycloud/sdk-services';
|
package/dist/index.js
CHANGED
|
@@ -17186,7 +17186,8 @@ import {
|
|
|
17186
17186
|
verifyDidKeyEd25519Signature,
|
|
17187
17187
|
canonicalizeAddress as canonicalizeAddress2,
|
|
17188
17188
|
pkhDid as pkhDid2,
|
|
17189
|
-
principalDidEquals
|
|
17189
|
+
principalDidEquals as principalDidEquals2,
|
|
17190
|
+
parseNetworkId as parseNetworkId2
|
|
17190
17191
|
} from "@tinycloud/sdk-core";
|
|
17191
17192
|
|
|
17192
17193
|
// src/authorization/NodeUserAuthorization.ts
|
|
@@ -17199,6 +17200,8 @@ import {
|
|
|
17199
17200
|
DEFAULT_MANIFEST_SPACE,
|
|
17200
17201
|
ENCRYPTION_PERMISSION_SERVICE,
|
|
17201
17202
|
composeManifestRequest,
|
|
17203
|
+
parseNetworkId,
|
|
17204
|
+
principalDidEquals,
|
|
17202
17205
|
resourceCapabilitiesToAbilitiesMap,
|
|
17203
17206
|
resourceCapabilitiesToSpaceAbilitiesMap,
|
|
17204
17207
|
resolveTinyCloudHosts,
|
|
@@ -17283,6 +17286,25 @@ var MemorySessionStorage = class {
|
|
|
17283
17286
|
};
|
|
17284
17287
|
|
|
17285
17288
|
// src/authorization/NodeUserAuthorization.ts
|
|
17289
|
+
var DECRYPT_ACTION = "tinycloud.encryption/decrypt";
|
|
17290
|
+
var NETWORK_CREATE_ACTION = "tinycloud.encryption/network.create";
|
|
17291
|
+
function didPrincipalMatches(actual, expected) {
|
|
17292
|
+
try {
|
|
17293
|
+
return principalDidEquals(actual, expected);
|
|
17294
|
+
} catch {
|
|
17295
|
+
return actual === expected;
|
|
17296
|
+
}
|
|
17297
|
+
}
|
|
17298
|
+
function addRawAbility(rawAbilities, resource, action) {
|
|
17299
|
+
const actions = rawAbilities[resource];
|
|
17300
|
+
if (actions === void 0) {
|
|
17301
|
+
rawAbilities[resource] = [action];
|
|
17302
|
+
return;
|
|
17303
|
+
}
|
|
17304
|
+
if (!actions.includes(action)) {
|
|
17305
|
+
actions.push(action);
|
|
17306
|
+
}
|
|
17307
|
+
}
|
|
17286
17308
|
var NodeUserAuthorization = class {
|
|
17287
17309
|
constructor(config) {
|
|
17288
17310
|
this.extensions = [];
|
|
@@ -17309,6 +17331,7 @@ var NodeUserAuthorization = class {
|
|
|
17309
17331
|
"": [
|
|
17310
17332
|
"tinycloud.sql/read",
|
|
17311
17333
|
"tinycloud.sql/write",
|
|
17334
|
+
"tinycloud.sql/ddl",
|
|
17312
17335
|
"tinycloud.sql/admin",
|
|
17313
17336
|
"tinycloud.sql/export"
|
|
17314
17337
|
]
|
|
@@ -17512,20 +17535,18 @@ var NodeUserAuthorization = class {
|
|
|
17512
17535
|
};
|
|
17513
17536
|
}
|
|
17514
17537
|
const rawAbilities = {};
|
|
17538
|
+
const currentDid = pkhDid(address, chainId);
|
|
17515
17539
|
const spaceResources = request.resources.filter((entry) => {
|
|
17516
17540
|
if (entry.service !== ENCRYPTION_PERMISSION_SERVICE) {
|
|
17517
17541
|
return true;
|
|
17518
17542
|
}
|
|
17519
|
-
const
|
|
17520
|
-
|
|
17521
|
-
|
|
17522
|
-
|
|
17523
|
-
const
|
|
17524
|
-
|
|
17525
|
-
|
|
17526
|
-
existing.push(action);
|
|
17527
|
-
seen.add(action);
|
|
17528
|
-
}
|
|
17543
|
+
for (const action of entry.actions) {
|
|
17544
|
+
addRawAbility(rawAbilities, entry.path, action);
|
|
17545
|
+
}
|
|
17546
|
+
if (entry.actions.includes(DECRYPT_ACTION)) {
|
|
17547
|
+
const parsed = parseNetworkId(entry.path);
|
|
17548
|
+
if (didPrincipalMatches(parsed.ownerDid, currentDid)) {
|
|
17549
|
+
addRawAbility(rawAbilities, entry.path, NETWORK_CREATE_ACTION);
|
|
17529
17550
|
}
|
|
17530
17551
|
}
|
|
17531
17552
|
return false;
|
|
@@ -18084,6 +18105,9 @@ var NodeUserAuthorization = class {
|
|
|
18084
18105
|
}
|
|
18085
18106
|
};
|
|
18086
18107
|
|
|
18108
|
+
// src/account/AccountService.ts
|
|
18109
|
+
import { AccountService } from "@tinycloud/sdk-core";
|
|
18110
|
+
|
|
18087
18111
|
// src/DelegatedAccess.ts
|
|
18088
18112
|
import {
|
|
18089
18113
|
KVService,
|
|
@@ -18501,13 +18525,13 @@ var NodeSecretsService = class {
|
|
|
18501
18525
|
// src/TinyCloudNode.ts
|
|
18502
18526
|
var DEFAULT_HOST = "https://node.tinycloud.xyz";
|
|
18503
18527
|
var DEFAULT_ENCRYPTION_NETWORK_NAME = "default";
|
|
18504
|
-
var
|
|
18505
|
-
var
|
|
18528
|
+
var NETWORK_CREATE_ACTION2 = "tinycloud.encryption/network.create";
|
|
18529
|
+
var DECRYPT_ACTION2 = "tinycloud.encryption/decrypt";
|
|
18506
18530
|
var NETWORK_ADMIN_TYPE = "tinycloud.encryption.network-admin/v1";
|
|
18507
18531
|
var DEFAULT_SESSION_EXPIRATION_MS = EXPIRY3.SESSION_MS;
|
|
18508
|
-
function
|
|
18532
|
+
function didPrincipalMatches2(actual, expected) {
|
|
18509
18533
|
try {
|
|
18510
|
-
return
|
|
18534
|
+
return principalDidEquals2(actual, expected);
|
|
18511
18535
|
} catch {
|
|
18512
18536
|
return actual === expected;
|
|
18513
18537
|
}
|
|
@@ -18844,6 +18868,37 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18844
18868
|
get spaceId() {
|
|
18845
18869
|
return this.auth?.tinyCloudSession?.spaceId;
|
|
18846
18870
|
}
|
|
18871
|
+
/**
|
|
18872
|
+
* Get the account space ID for this wallet identity.
|
|
18873
|
+
* Available after wallet-backed sign-in or a restored session with address metadata.
|
|
18874
|
+
*/
|
|
18875
|
+
get accountSpaceId() {
|
|
18876
|
+
if (!this._address) {
|
|
18877
|
+
return void 0;
|
|
18878
|
+
}
|
|
18879
|
+
return this.wasmBindings.makeSpaceId(this._address, this._chainId, ACCOUNT_REGISTRY_SPACE);
|
|
18880
|
+
}
|
|
18881
|
+
/**
|
|
18882
|
+
* Account-level application and delegation helpers.
|
|
18883
|
+
*/
|
|
18884
|
+
get account() {
|
|
18885
|
+
if (!this._account) {
|
|
18886
|
+
this._account = new AccountService({
|
|
18887
|
+
getDid: () => this.did,
|
|
18888
|
+
getHost: () => this.hosts[0] ?? this.config.host,
|
|
18889
|
+
getPrimarySpaceId: () => this.spaceId,
|
|
18890
|
+
getAccountSpaceId: () => this.accountSpaceId,
|
|
18891
|
+
getSpaces: () => this.spaces,
|
|
18892
|
+
getAccountDb: () => this.accountSpaceId ? this.sqlForSpace(this.accountSpaceId).db("account") : void 0,
|
|
18893
|
+
ensureAccountSpaceHosted: async () => {
|
|
18894
|
+
if (this.accountSpaceId && this.auth) {
|
|
18895
|
+
await this.ensureOwnedSpaceHostedById(this.accountSpaceId);
|
|
18896
|
+
}
|
|
18897
|
+
}
|
|
18898
|
+
});
|
|
18899
|
+
}
|
|
18900
|
+
return this._account;
|
|
18901
|
+
}
|
|
18847
18902
|
/**
|
|
18848
18903
|
* Get the current TinyCloud session.
|
|
18849
18904
|
* Available after signIn().
|
|
@@ -18881,10 +18936,11 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18881
18936
|
await this.tc.signIn(options);
|
|
18882
18937
|
this.syncResolvedHostFromAuth();
|
|
18883
18938
|
this.initializeServices();
|
|
18939
|
+
await this.ensureRequestedEncryptionNetworks();
|
|
18884
18940
|
if (this.config.manifest === void 0 && this.config.capabilityRequest === void 0) {
|
|
18885
|
-
await this.
|
|
18941
|
+
await this.ensureOwnedSpaceHostedById(this.ownedSpaceId("secrets"));
|
|
18886
18942
|
}
|
|
18887
|
-
|
|
18943
|
+
this.scheduleAccountRegistrySync();
|
|
18888
18944
|
this.notificationHandler.success("Successfully signed in");
|
|
18889
18945
|
}
|
|
18890
18946
|
ownedSpaceId(name) {
|
|
@@ -18902,22 +18958,68 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18902
18958
|
throw new Error("Manifest registry write requires wallet mode");
|
|
18903
18959
|
}
|
|
18904
18960
|
const accountSpaceId = this.ownedSpaceId(ACCOUNT_REGISTRY_SPACE);
|
|
18905
|
-
await this.
|
|
18906
|
-
const
|
|
18907
|
-
|
|
18908
|
-
|
|
18909
|
-
|
|
18910
|
-
|
|
18911
|
-
|
|
18912
|
-
|
|
18913
|
-
|
|
18914
|
-
|
|
18915
|
-
|
|
18916
|
-
|
|
18961
|
+
await this.ensureOwnedSpaceHostedById(accountSpaceId);
|
|
18962
|
+
const result = await this.account.applications.register(request.manifests);
|
|
18963
|
+
if (!result.ok) {
|
|
18964
|
+
throw new Error(
|
|
18965
|
+
`Failed to write manifest registry records: ${result.error.message}`
|
|
18966
|
+
);
|
|
18967
|
+
}
|
|
18968
|
+
}
|
|
18969
|
+
scheduleAccountRegistrySync() {
|
|
18970
|
+
void this.withAccountRegistryRetry(async () => {
|
|
18971
|
+
await this.writeManifestRegistryRecords();
|
|
18972
|
+
const spaces = await this.account.spaces.syncAccessible();
|
|
18973
|
+
if (!spaces.ok) {
|
|
18974
|
+
throw new Error(`Failed to sync account spaces: ${spaces.error.message}`);
|
|
18975
|
+
}
|
|
18976
|
+
});
|
|
18977
|
+
}
|
|
18978
|
+
async withAccountRegistryRetry(task) {
|
|
18979
|
+
const delays = [250, 1e3, 3e3];
|
|
18980
|
+
let lastError;
|
|
18981
|
+
for (let attempt = 0; attempt < delays.length; attempt += 1) {
|
|
18982
|
+
try {
|
|
18983
|
+
await task();
|
|
18984
|
+
return;
|
|
18985
|
+
} catch (error) {
|
|
18986
|
+
lastError = error;
|
|
18987
|
+
if (attempt < delays.length - 1) {
|
|
18988
|
+
await new Promise((resolve) => setTimeout(resolve, delays[attempt]));
|
|
18989
|
+
}
|
|
18990
|
+
}
|
|
18991
|
+
}
|
|
18992
|
+
console.warn(
|
|
18993
|
+
"TinyCloud account registry sync failed after retries",
|
|
18994
|
+
lastError
|
|
18995
|
+
);
|
|
18996
|
+
}
|
|
18997
|
+
requestedEncryptionNetworkIds() {
|
|
18998
|
+
const request = this.capabilityRequest;
|
|
18999
|
+
if (!request) {
|
|
19000
|
+
return [];
|
|
19001
|
+
}
|
|
19002
|
+
const networkIds = /* @__PURE__ */ new Set();
|
|
19003
|
+
for (const resource of request.resources) {
|
|
19004
|
+
if (resource.service === ENCRYPTION_PERMISSION_SERVICE2 && resource.path.startsWith("urn:tinycloud:encryption:") && resource.actions.includes(DECRYPT_ACTION2)) {
|
|
19005
|
+
networkIds.add(resource.path);
|
|
18917
19006
|
}
|
|
18918
19007
|
}
|
|
19008
|
+
return [...networkIds];
|
|
18919
19009
|
}
|
|
18920
|
-
async
|
|
19010
|
+
async ensureRequestedEncryptionNetworks() {
|
|
19011
|
+
if (!this.signer || !this.auth) {
|
|
19012
|
+
return;
|
|
19013
|
+
}
|
|
19014
|
+
for (const networkId of this.requestedEncryptionNetworkIds()) {
|
|
19015
|
+
const parsed = parseNetworkId2(networkId);
|
|
19016
|
+
if (!didPrincipalMatches2(parsed.ownerDid, this.did)) {
|
|
19017
|
+
continue;
|
|
19018
|
+
}
|
|
19019
|
+
await this.ensureEncryptionNetwork(networkId);
|
|
19020
|
+
}
|
|
19021
|
+
}
|
|
19022
|
+
async ensureOwnedSpaceHostedById(spaceId) {
|
|
18921
19023
|
if (!this.auth) {
|
|
18922
19024
|
throw new Error("Owned space hosting requires wallet mode");
|
|
18923
19025
|
}
|
|
@@ -18950,6 +19052,84 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18950
19052
|
);
|
|
18951
19053
|
}
|
|
18952
19054
|
}
|
|
19055
|
+
/**
|
|
19056
|
+
* Host one of this user's owned spaces by name (e.g. `"applications"`).
|
|
19057
|
+
*
|
|
19058
|
+
* Resolves the name to the owned space URI
|
|
19059
|
+
* (`tinycloud:pkh:eip155:<chain>:<addr>:<name>`) and registers it on the
|
|
19060
|
+
* server via the host-SIWE delegation flow, so subsequent KV/SQL writes to
|
|
19061
|
+
* that space succeed instead of returning `404 - Space not found`. The
|
|
19062
|
+
* caller is the root authority of their own owned spaces, so no additional
|
|
19063
|
+
* delegation is required.
|
|
19064
|
+
*
|
|
19065
|
+
* Unlike {@link ensureOwnedSpaceHostedById}, this always submits the host
|
|
19066
|
+
* delegation rather than inferring hosting from session activation: a space
|
|
19067
|
+
* the current session has never referenced is reported neither as
|
|
19068
|
+
* `activated` nor `skipped`, so activation-based detection would wrongly
|
|
19069
|
+
* skip the host. The host SIWE is idempotent server-side, so re-hosting an
|
|
19070
|
+
* existing space is a safe no-op. Must be called after {@link signIn}.
|
|
19071
|
+
*
|
|
19072
|
+
* @param name - The owned space name (e.g. `"applications"`).
|
|
19073
|
+
* @returns The hosted space URI.
|
|
19074
|
+
*/
|
|
19075
|
+
async hostOwnedSpace(name) {
|
|
19076
|
+
if (!this.auth || !this.auth.tinyCloudSession) {
|
|
19077
|
+
throw new Error("Not signed in. Call signIn() first.");
|
|
19078
|
+
}
|
|
19079
|
+
const spaceId = this.ownedSpaceId(name);
|
|
19080
|
+
const host = this.hosts[0] ?? this.config.host;
|
|
19081
|
+
if (!host) {
|
|
19082
|
+
throw new Error("Owned space hosting requires a TinyCloud host");
|
|
19083
|
+
}
|
|
19084
|
+
const hosted = await this.auth.hostOwnedSpace(
|
|
19085
|
+
spaceId
|
|
19086
|
+
);
|
|
19087
|
+
if (!hosted) {
|
|
19088
|
+
throw new Error(`Failed to host owned space: ${spaceId}`);
|
|
19089
|
+
}
|
|
19090
|
+
const activation = await activateSessionWithHost2(
|
|
19091
|
+
host,
|
|
19092
|
+
this.auth.tinyCloudSession.delegationHeader
|
|
19093
|
+
);
|
|
19094
|
+
if (!activation.success || activation.skipped?.includes(spaceId)) {
|
|
19095
|
+
throw new Error(
|
|
19096
|
+
`Failed to activate session for owned space ${spaceId}: ${activation.error ?? "space was skipped"}`
|
|
19097
|
+
);
|
|
19098
|
+
}
|
|
19099
|
+
void this.account.spaces.register({
|
|
19100
|
+
spaceId,
|
|
19101
|
+
name,
|
|
19102
|
+
ownerDid: this.did,
|
|
19103
|
+
type: "owned",
|
|
19104
|
+
permissions: ["*"],
|
|
19105
|
+
status: "active"
|
|
19106
|
+
}).catch(() => {
|
|
19107
|
+
});
|
|
19108
|
+
return spaceId;
|
|
19109
|
+
}
|
|
19110
|
+
/**
|
|
19111
|
+
* Ensure one of this user's owned spaces (e.g. `"secrets"`) is hosted on the
|
|
19112
|
+
* server.
|
|
19113
|
+
*
|
|
19114
|
+
* At sign-in, a full-authority session auto-hosts the owner's `secrets`
|
|
19115
|
+
* space, but a session created with a manifest / capabilityRequest does not.
|
|
19116
|
+
* Such a session can therefore hold valid `tinycloud.kv/*` capabilities for
|
|
19117
|
+
* the owned `secrets` space yet still fail its first scoped
|
|
19118
|
+
* `secrets.put(...)` with `404 Space not found`, because the space was never
|
|
19119
|
+
* registered on the node.
|
|
19120
|
+
*
|
|
19121
|
+
* Calling this resolves `name` to the owner's owned-space URI
|
|
19122
|
+
* (`tinycloud:pkh:eip155:<chain>:<addr>:<name>`) and hosts it via the
|
|
19123
|
+
* host-SIWE delegation flow. The host SIWE is idempotent server-side, so it
|
|
19124
|
+
* is safe to call whether or not the space already exists; do not gate it on
|
|
19125
|
+
* a prior existence check. Must be called after {@link signIn}.
|
|
19126
|
+
*
|
|
19127
|
+
* @param name - The owned space name (e.g. `"secrets"`).
|
|
19128
|
+
* @returns The hosted owned-space URI.
|
|
19129
|
+
*/
|
|
19130
|
+
async ensureOwnedSpaceHosted(name) {
|
|
19131
|
+
return this.hostOwnedSpace(name);
|
|
19132
|
+
}
|
|
18953
19133
|
/**
|
|
18954
19134
|
* Restore a previously established session from stored delegation data.
|
|
18955
19135
|
*
|
|
@@ -19339,7 +19519,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19339
19519
|
const signed2 = await this.signRawNetworkAuthorization({
|
|
19340
19520
|
targetNode: input.targetNode,
|
|
19341
19521
|
networkId: input.networkId,
|
|
19342
|
-
action:
|
|
19522
|
+
action: DECRYPT_ACTION2,
|
|
19343
19523
|
facts: input.facts
|
|
19344
19524
|
});
|
|
19345
19525
|
return {
|
|
@@ -19356,7 +19536,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19356
19536
|
},
|
|
19357
19537
|
wellKnown: {
|
|
19358
19538
|
fetchWellKnown: async (principal, discoveryKey) => {
|
|
19359
|
-
if (!this._address || !
|
|
19539
|
+
if (!this._address || !didPrincipalMatches2(principal, this.did)) {
|
|
19360
19540
|
return null;
|
|
19361
19541
|
}
|
|
19362
19542
|
if (!this.config.host) {
|
|
@@ -19565,6 +19745,9 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19565
19745
|
}
|
|
19566
19746
|
};
|
|
19567
19747
|
}
|
|
19748
|
+
},
|
|
19749
|
+
onSpaceRegistered: async (space) => {
|
|
19750
|
+
await this.account.spaces.register(space);
|
|
19568
19751
|
}
|
|
19569
19752
|
});
|
|
19570
19753
|
this._sharingService.updateConfig({
|
|
@@ -19863,12 +20046,12 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19863
20046
|
crypto2.sha256,
|
|
19864
20047
|
body
|
|
19865
20048
|
),
|
|
19866
|
-
action:
|
|
20049
|
+
action: NETWORK_CREATE_ACTION2
|
|
19867
20050
|
};
|
|
19868
20051
|
const signed2 = await this.signRawNetworkAuthorization({
|
|
19869
20052
|
targetNode,
|
|
19870
20053
|
networkId,
|
|
19871
|
-
action:
|
|
20054
|
+
action: NETWORK_CREATE_ACTION2,
|
|
19872
20055
|
facts
|
|
19873
20056
|
});
|
|
19874
20057
|
const response = await fetch(`${this.config.host}/encryption/networks`, {
|
|
@@ -19889,12 +20072,19 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19889
20072
|
const created = await response.json();
|
|
19890
20073
|
return created.descriptor;
|
|
19891
20074
|
}
|
|
19892
|
-
async ensureEncryptionNetwork(
|
|
19893
|
-
const
|
|
20075
|
+
async ensureEncryptionNetwork(nameOrNetworkId = DEFAULT_ENCRYPTION_NETWORK_NAME) {
|
|
20076
|
+
const networkId = nameOrNetworkId.startsWith("urn:tinycloud:encryption:") ? nameOrNetworkId : this.getDefaultEncryptionNetworkId(nameOrNetworkId);
|
|
20077
|
+
const existing = await this.getEncryptionNetwork(networkId);
|
|
19894
20078
|
if (existing) {
|
|
19895
20079
|
return existing;
|
|
19896
20080
|
}
|
|
19897
|
-
|
|
20081
|
+
const parsed = parseNetworkId2(networkId);
|
|
20082
|
+
if (!didPrincipalMatches2(parsed.ownerDid, this.did)) {
|
|
20083
|
+
throw new Error(
|
|
20084
|
+
`Cannot create encryption network ${networkId}: owner ${parsed.ownerDid} does not match signed-in DID ${this.did}`
|
|
20085
|
+
);
|
|
20086
|
+
}
|
|
20087
|
+
return this.createEncryptionNetwork(parsed.name);
|
|
19898
20088
|
}
|
|
19899
20089
|
/**
|
|
19900
20090
|
* App-facing secrets API backed by the `secrets` space vault.
|
|
@@ -20042,7 +20232,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
20042
20232
|
throw new SessionExpiredError(delegation.expiry);
|
|
20043
20233
|
}
|
|
20044
20234
|
const expectedDids = [session.verificationMethod, this.sessionDid];
|
|
20045
|
-
if (!expectedDids.some((did) =>
|
|
20235
|
+
if (!expectedDids.some((did) => didPrincipalMatches2(delegation.delegateDID, did))) {
|
|
20046
20236
|
throw new Error(
|
|
20047
20237
|
`Runtime delegation targets ${delegation.delegateDID} but this session key is ${session.verificationMethod}.`
|
|
20048
20238
|
);
|
|
@@ -20571,7 +20761,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
20571
20761
|
);
|
|
20572
20762
|
}
|
|
20573
20763
|
const target = request.delegationTargets.find(
|
|
20574
|
-
(entry) =>
|
|
20764
|
+
(entry) => didPrincipalMatches2(entry.did, did)
|
|
20575
20765
|
);
|
|
20576
20766
|
if (!target) {
|
|
20577
20767
|
throw new Error(`No manifest delegation target found for DID ${did}`);
|
|
@@ -21021,7 +21211,23 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
21021
21211
|
if (granted.resource !== void 0 || requested.resource !== void 0) {
|
|
21022
21212
|
return granted.resource !== void 0 && requested.resource !== void 0 && granted.resource === requested.resource && this.pathContains(granted.path, requested.path);
|
|
21023
21213
|
}
|
|
21024
|
-
return granted.spaceId !== void 0 && requested.spaceId !== void 0 && granted.spaceId
|
|
21214
|
+
return granted.spaceId !== void 0 && requested.spaceId !== void 0 && this.spaceIdsEqual(granted.spaceId, requested.spaceId) && this.pathContains(granted.path, requested.path);
|
|
21215
|
+
}
|
|
21216
|
+
// Space IDs are `tinycloud:pkh:eip155:<chain>:<0xADDR>:<name>`. The embedded
|
|
21217
|
+
// EIP-155 address is case-insensitive, but the CLI canonicalizes it to
|
|
21218
|
+
// lowercase when building a space URI while stored runtime delegations keep
|
|
21219
|
+
// the EIP-55 checksummed form — so a byte-for-byte compare spuriously rejects
|
|
21220
|
+
// an otherwise-valid grant. Lowercase ONLY the `eip155:<chain>:0x<addr>`
|
|
21221
|
+
// segment and leave everything else (crucially the case-sensitive space NAME)
|
|
21222
|
+
// byte-exact. Mirrors the CLI's `normalizeSpaceForCompare` (OPENKEY_SCOPE_MISMATCH fix).
|
|
21223
|
+
spaceIdsEqual(a, b) {
|
|
21224
|
+
return this.normalizeSpaceAddress(a) === this.normalizeSpaceAddress(b);
|
|
21225
|
+
}
|
|
21226
|
+
normalizeSpaceAddress(space) {
|
|
21227
|
+
return space.replace(
|
|
21228
|
+
/(eip155:\d+:)(0x[0-9a-fA-F]{40})/,
|
|
21229
|
+
(_match, prefix, addr) => prefix + addr.toLowerCase()
|
|
21230
|
+
);
|
|
21025
21231
|
}
|
|
21026
21232
|
actionContains(grantedAction, requestedAction) {
|
|
21027
21233
|
if (grantedAction === requestedAction) {
|
|
@@ -21285,7 +21491,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
21285
21491
|
const targetHost = delegation.host ?? this.config.host;
|
|
21286
21492
|
if (this.isSessionOnly) {
|
|
21287
21493
|
const myDid = this.did;
|
|
21288
|
-
if (!
|
|
21494
|
+
if (!didPrincipalMatches2(delegation.delegateDID, myDid)) {
|
|
21289
21495
|
throw new Error(
|
|
21290
21496
|
`Delegation targets ${delegation.delegateDID} but this user's DID is ${myDid}. The delegation must target this user's DID.`
|
|
21291
21497
|
);
|
|
@@ -21516,7 +21722,7 @@ import {
|
|
|
21516
21722
|
parsePkhDid,
|
|
21517
21723
|
pkhDid as pkhDid3,
|
|
21518
21724
|
principalDid,
|
|
21519
|
-
principalDidEquals as
|
|
21725
|
+
principalDidEquals as principalDidEquals3,
|
|
21520
21726
|
parseCanonicalNetworkId
|
|
21521
21727
|
} from "@tinycloud/sdk-core";
|
|
21522
21728
|
|
|
@@ -21663,6 +21869,32 @@ import {
|
|
|
21663
21869
|
} from "@tinycloud/sdk-core";
|
|
21664
21870
|
|
|
21665
21871
|
// src/delegation.ts
|
|
21872
|
+
async function grantAuthRequest(authority, request, options) {
|
|
21873
|
+
if (request.kind !== "tinycloud.auth.request") {
|
|
21874
|
+
throw new Error(
|
|
21875
|
+
`grantAuthRequest expects a tinycloud.auth.request artifact, got "${request.kind}".`
|
|
21876
|
+
);
|
|
21877
|
+
}
|
|
21878
|
+
if (!Array.isArray(request.requested) || request.requested.length === 0) {
|
|
21879
|
+
throw new Error("grantAuthRequest request has no requested capabilities.");
|
|
21880
|
+
}
|
|
21881
|
+
const expiry = options?.expiry ?? request.requestedExpiry;
|
|
21882
|
+
const result = await authority.delegateTo(
|
|
21883
|
+
request.sessionDid,
|
|
21884
|
+
request.requested,
|
|
21885
|
+
expiry !== void 0 ? { expiry } : void 0
|
|
21886
|
+
);
|
|
21887
|
+
return {
|
|
21888
|
+
kind: "tinycloud.auth.delegation",
|
|
21889
|
+
version: 1,
|
|
21890
|
+
requestId: request.requestId,
|
|
21891
|
+
delegationCid: result.delegation.cid,
|
|
21892
|
+
delegation: result.delegation,
|
|
21893
|
+
permissions: request.requested,
|
|
21894
|
+
expiry: result.delegation.expiry.toISOString(),
|
|
21895
|
+
prompted: result.prompted
|
|
21896
|
+
};
|
|
21897
|
+
}
|
|
21666
21898
|
function serializeDelegation(delegation) {
|
|
21667
21899
|
return JSON.stringify({
|
|
21668
21900
|
...delegation,
|
|
@@ -21703,7 +21935,7 @@ import {
|
|
|
21703
21935
|
} from "@tinycloud/sdk-core";
|
|
21704
21936
|
import {
|
|
21705
21937
|
EncryptionService as EncryptionService2,
|
|
21706
|
-
parseNetworkId,
|
|
21938
|
+
parseNetworkId as parseNetworkId3,
|
|
21707
21939
|
buildNetworkId,
|
|
21708
21940
|
isNetworkId,
|
|
21709
21941
|
networkDiscoveryKey,
|
|
@@ -21738,7 +21970,7 @@ import {
|
|
|
21738
21970
|
DEFAULT_KEY_VERSION,
|
|
21739
21971
|
DECRYPT_FACT_TYPE,
|
|
21740
21972
|
DECRYPT_RESULT_TYPE,
|
|
21741
|
-
DECRYPT_ACTION as
|
|
21973
|
+
DECRYPT_ACTION as DECRYPT_ACTION3,
|
|
21742
21974
|
ENCRYPTION_SERVICE,
|
|
21743
21975
|
ENCRYPTION_SERVICE_SHORT,
|
|
21744
21976
|
encryptionError
|
|
@@ -21774,10 +22006,11 @@ import { ServiceContext as ServiceContext3 } from "@tinycloud/sdk-core";
|
|
|
21774
22006
|
export {
|
|
21775
22007
|
ACCOUNT_REGISTRY_PATH,
|
|
21776
22008
|
ACCOUNT_REGISTRY_SPACE2 as ACCOUNT_REGISTRY_SPACE,
|
|
22009
|
+
AccountService,
|
|
21777
22010
|
AutoApproveSpaceCreationHandler2 as AutoApproveSpaceCreationHandler,
|
|
21778
22011
|
CapabilityKeyRegistry2 as CapabilityKeyRegistry,
|
|
21779
22012
|
CapabilityKeyRegistryErrorCodes,
|
|
21780
|
-
|
|
22013
|
+
DECRYPT_ACTION3 as DECRYPT_ACTION,
|
|
21781
22014
|
DECRYPT_FACT_TYPE,
|
|
21782
22015
|
DECRYPT_RESULT_TYPE,
|
|
21783
22016
|
DEFAULT_ENCRYPTION_ALG,
|
|
@@ -21873,6 +22106,7 @@ export {
|
|
|
21873
22106
|
expandPermissionEntries2 as expandPermissionEntries,
|
|
21874
22107
|
expandPermissionEntry,
|
|
21875
22108
|
generateRandomReceiverKey,
|
|
22109
|
+
grantAuthRequest,
|
|
21876
22110
|
hexDecode,
|
|
21877
22111
|
hexEncode,
|
|
21878
22112
|
isCapabilitySubset2 as isCapabilitySubset,
|
|
@@ -21885,12 +22119,12 @@ export {
|
|
|
21885
22119
|
openWrappedKey,
|
|
21886
22120
|
parseCanonicalNetworkId,
|
|
21887
22121
|
parseExpiry2 as parseExpiry,
|
|
21888
|
-
parseNetworkId,
|
|
22122
|
+
parseNetworkId3 as parseNetworkId,
|
|
21889
22123
|
parsePkhDid,
|
|
21890
22124
|
parseSpaceUri,
|
|
21891
22125
|
pkhDid3 as pkhDid,
|
|
21892
22126
|
principalDid,
|
|
21893
|
-
|
|
22127
|
+
principalDidEquals3 as principalDidEquals,
|
|
21894
22128
|
resolveManifest2 as resolveManifest,
|
|
21895
22129
|
resolveSecretListPrefix2 as resolveSecretListPrefix,
|
|
21896
22130
|
resolveSecretPath2 as resolveSecretPath,
|