@tinycloud/node-sdk 2.4.0-beta.1 → 2.4.0-beta.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{core-Dbzm1kA_.d.cts → core-DiVEwp2P.d.cts} +105 -5
- package/dist/{core-Dbzm1kA_.d.ts → core-DiVEwp2P.d.ts} +105 -5
- package/dist/core.cjs +377 -218
- package/dist/core.cjs.map +1 -1
- package/dist/core.d.cts +2 -2
- package/dist/core.d.ts +2 -2
- package/dist/core.js +205 -44
- package/dist/core.js.map +1 -1
- package/dist/index.cjs +448 -261
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +2 -2
- package/dist/index.d.ts +2 -2
- package/dist/index.js +236 -48
- package/dist/index.js.map +1 -1
- package/package.json +2 -2
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, Manifest, ComposedManifestRequest, ClientSession, TinyCloudSession, Extension, SignInOptions, Delegation, DelegatedResource, TelemetryConfig, IKVService, ISQLService, IDuckDbService, IHooksService, INotificationHandler, IENSResolver, IDataVaultService, IEncryptionService, NetworkDescriptor, ISecretsService, ICapabilityKeyRegistry,
|
|
1
|
+
import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, Manifest, ComposedManifestRequest, ClientSession, TinyCloudSession, Extension, SignInOptions, Delegation, DelegatedResource, PermissionEntry, TelemetryConfig, IKVService, ISQLService, IDuckDbService, IHooksService, INotificationHandler, IENSResolver, AccountService, IDataVaultService, IEncryptionService, NetworkDescriptor, ISecretsService, ICapabilityKeyRegistry, DelegationManager, ISpaceService, ISpace, ISharingService, CreateDelegationParams, DelegationResult, ResolvedDelegate, KeyProvider, ISessionManager, JWK } from '@tinycloud/sdk-core';
|
|
2
2
|
import { EventEmitter } from 'events';
|
|
3
3
|
import { InvokeFunction } from '@tinycloud/sdk-services';
|
|
4
4
|
|
|
@@ -540,6 +540,69 @@ interface PortableDelegation extends Omit<Delegation, "isRevoked"> {
|
|
|
540
540
|
*/
|
|
541
541
|
resources?: DelegatedResource[];
|
|
542
542
|
}
|
|
543
|
+
/**
|
|
544
|
+
* The transport shape `tc auth request --emit` produces and that an owner
|
|
545
|
+
* grants to its requester. Only the fields the grant logic needs are declared;
|
|
546
|
+
* the CLI artifact carries more (posture, captured command, ...) and remains a
|
|
547
|
+
* structural superset of this interface.
|
|
548
|
+
*/
|
|
549
|
+
interface AuthRequestArtifact {
|
|
550
|
+
kind: "tinycloud.auth.request";
|
|
551
|
+
version: 1;
|
|
552
|
+
requestId: string;
|
|
553
|
+
/** The requester's session DID — the audience the grant is issued to. */
|
|
554
|
+
sessionDid: string;
|
|
555
|
+
/** The capabilities the requester is asking the owner to delegate. */
|
|
556
|
+
requested: PermissionEntry[];
|
|
557
|
+
/** Optional lifetime override carried from the request. */
|
|
558
|
+
requestedExpiry?: string | number;
|
|
559
|
+
}
|
|
560
|
+
/**
|
|
561
|
+
* The transport shape returned by {@link grantAuthRequest} (and written by
|
|
562
|
+
* `tc auth grant`). `tc auth import` accepts this artifact directly.
|
|
563
|
+
*/
|
|
564
|
+
interface AuthDelegationArtifact {
|
|
565
|
+
kind: "tinycloud.auth.delegation";
|
|
566
|
+
version: 1;
|
|
567
|
+
requestId: string;
|
|
568
|
+
delegationCid: string;
|
|
569
|
+
delegation: PortableDelegation;
|
|
570
|
+
permissions: PermissionEntry[];
|
|
571
|
+
expiry: string;
|
|
572
|
+
/** Whether issuing the delegation triggered a wallet prompt. */
|
|
573
|
+
prompted: boolean;
|
|
574
|
+
}
|
|
575
|
+
/**
|
|
576
|
+
* Minimal owner-side capability {@link grantAuthRequest} needs: the signed
|
|
577
|
+
* `delegateTo` primitive. `TinyCloudNode` satisfies this directly; web/SDK
|
|
578
|
+
* contexts can supply any object that exposes the same method.
|
|
579
|
+
*/
|
|
580
|
+
interface DelegationAuthority {
|
|
581
|
+
delegateTo(did: string, permissions: PermissionEntry[], options?: {
|
|
582
|
+
expiry?: string | number;
|
|
583
|
+
forceWalletSign?: boolean;
|
|
584
|
+
}): Promise<{
|
|
585
|
+
delegation: PortableDelegation;
|
|
586
|
+
prompted: boolean;
|
|
587
|
+
}>;
|
|
588
|
+
}
|
|
589
|
+
/**
|
|
590
|
+
* Turn a delegation REQUEST into a signed GRANT.
|
|
591
|
+
*
|
|
592
|
+
* Lifts the body of `tc auth grant` into the SDK so the request→grant
|
|
593
|
+
* handshake is callable programmatically (future SDK/web owner tooling and the
|
|
594
|
+
* KV delegation inbox), with the CLI verb reduced to a thin wrapper. The owner
|
|
595
|
+
* `authority` (a `TinyCloudNode`) signs a delegation scoped to exactly the
|
|
596
|
+
* requested caps, audienced to the requester's `sessionDid`, honoring the
|
|
597
|
+
* request's expiry. The returned artifact round-trips through `tc auth import`.
|
|
598
|
+
*
|
|
599
|
+
* Authorization is enforced cryptographically by `delegateTo`: caps that are
|
|
600
|
+
* not derivable from the owner's own session capability chain are rejected
|
|
601
|
+
* (it throws), so this never widens authority the owner doesn't hold.
|
|
602
|
+
*/
|
|
603
|
+
declare function grantAuthRequest(authority: DelegationAuthority, request: AuthRequestArtifact, options?: {
|
|
604
|
+
expiry?: string | number;
|
|
605
|
+
}): Promise<AuthDelegationArtifact>;
|
|
543
606
|
/**
|
|
544
607
|
* Serialize a PortableDelegation for transport (e.g., over network).
|
|
545
608
|
*/
|
|
@@ -796,6 +859,7 @@ declare class TinyCloudNode {
|
|
|
796
859
|
private _encryption?;
|
|
797
860
|
private _baseSecrets?;
|
|
798
861
|
private _secrets?;
|
|
862
|
+
private _account?;
|
|
799
863
|
/** Cached public KV with proper delegation (set by ensurePublicSpace) */
|
|
800
864
|
private _publicKV?;
|
|
801
865
|
/** Session key ID - always available */
|
|
@@ -898,6 +962,15 @@ declare class TinyCloudNode {
|
|
|
898
962
|
* Available after signIn().
|
|
899
963
|
*/
|
|
900
964
|
get spaceId(): string | undefined;
|
|
965
|
+
/**
|
|
966
|
+
* Get the account space ID for this wallet identity.
|
|
967
|
+
* Available after wallet-backed sign-in or a restored session with address metadata.
|
|
968
|
+
*/
|
|
969
|
+
get accountSpaceId(): string | undefined;
|
|
970
|
+
/**
|
|
971
|
+
* Account-level application and delegation helpers.
|
|
972
|
+
*/
|
|
973
|
+
get account(): AccountService;
|
|
901
974
|
/**
|
|
902
975
|
* Get the current TinyCloud session.
|
|
903
976
|
* Available after signIn().
|
|
@@ -913,7 +986,11 @@ declare class TinyCloudNode {
|
|
|
913
986
|
signIn(options?: SignInOptions): Promise<void>;
|
|
914
987
|
private ownedSpaceId;
|
|
915
988
|
private writeManifestRegistryRecords;
|
|
916
|
-
private
|
|
989
|
+
private scheduleAccountRegistrySync;
|
|
990
|
+
private withAccountRegistryRetry;
|
|
991
|
+
private requestedEncryptionNetworkIds;
|
|
992
|
+
private ensureRequestedEncryptionNetworks;
|
|
993
|
+
private ensureOwnedSpaceHostedById;
|
|
917
994
|
/**
|
|
918
995
|
* Host one of this user's owned spaces by name (e.g. `"applications"`).
|
|
919
996
|
*
|
|
@@ -924,7 +1001,7 @@ declare class TinyCloudNode {
|
|
|
924
1001
|
* caller is the root authority of their own owned spaces, so no additional
|
|
925
1002
|
* delegation is required.
|
|
926
1003
|
*
|
|
927
|
-
* Unlike {@link
|
|
1004
|
+
* Unlike {@link ensureOwnedSpaceHostedById}, this always submits the host
|
|
928
1005
|
* delegation rather than inferring hosting from session activation: a space
|
|
929
1006
|
* the current session has never referenced is reported neither as
|
|
930
1007
|
* `activated` nor `skipped`, so activation-based detection would wrongly
|
|
@@ -935,6 +1012,27 @@ declare class TinyCloudNode {
|
|
|
935
1012
|
* @returns The hosted space URI.
|
|
936
1013
|
*/
|
|
937
1014
|
hostOwnedSpace(name: string): Promise<string>;
|
|
1015
|
+
/**
|
|
1016
|
+
* Ensure one of this user's owned spaces (e.g. `"secrets"`) is hosted on the
|
|
1017
|
+
* server.
|
|
1018
|
+
*
|
|
1019
|
+
* At sign-in, a full-authority session auto-hosts the owner's `secrets`
|
|
1020
|
+
* space, but a session created with a manifest / capabilityRequest does not.
|
|
1021
|
+
* Such a session can therefore hold valid `tinycloud.kv/*` capabilities for
|
|
1022
|
+
* the owned `secrets` space yet still fail its first scoped
|
|
1023
|
+
* `secrets.put(...)` with `404 Space not found`, because the space was never
|
|
1024
|
+
* registered on the node.
|
|
1025
|
+
*
|
|
1026
|
+
* Calling this resolves `name` to the owner's owned-space URI
|
|
1027
|
+
* (`tinycloud:pkh:eip155:<chain>:<addr>:<name>`) and hosts it via the
|
|
1028
|
+
* host-SIWE delegation flow. The host SIWE is idempotent server-side, so it
|
|
1029
|
+
* is safe to call whether or not the space already exists; do not gate it on
|
|
1030
|
+
* a prior existence check. Must be called after {@link signIn}.
|
|
1031
|
+
*
|
|
1032
|
+
* @param name - The owned space name (e.g. `"secrets"`).
|
|
1033
|
+
* @returns The hosted owned-space URI.
|
|
1034
|
+
*/
|
|
1035
|
+
ensureOwnedSpaceHosted(name: string): Promise<string>;
|
|
938
1036
|
/**
|
|
939
1037
|
* Restore a previously established session from stored delegation data.
|
|
940
1038
|
*
|
|
@@ -1129,7 +1227,7 @@ declare class TinyCloudNode {
|
|
|
1129
1227
|
get encryption(): IEncryptionService;
|
|
1130
1228
|
getEncryptionNetwork(nameOrNetworkId?: string): Promise<NetworkDescriptor | null>;
|
|
1131
1229
|
createEncryptionNetwork(name?: string): Promise<NetworkDescriptor>;
|
|
1132
|
-
ensureEncryptionNetwork(
|
|
1230
|
+
ensureEncryptionNetwork(nameOrNetworkId?: string): Promise<NetworkDescriptor>;
|
|
1133
1231
|
/**
|
|
1134
1232
|
* App-facing secrets API backed by the `secrets` space vault.
|
|
1135
1233
|
*/
|
|
@@ -1475,6 +1573,8 @@ declare class TinyCloudNode {
|
|
|
1475
1573
|
private findGrantForOperation;
|
|
1476
1574
|
private pruneExpiredRuntimePermissionGrants;
|
|
1477
1575
|
private operationCovers;
|
|
1576
|
+
private spaceIdsEqual;
|
|
1577
|
+
private normalizeSpaceAddress;
|
|
1478
1578
|
private actionContains;
|
|
1479
1579
|
private invocationServiceName;
|
|
1480
1580
|
private isEncryptionNetworkOperation;
|
|
@@ -1669,4 +1769,4 @@ declare class WasmKeyProvider implements KeyProvider {
|
|
|
1669
1769
|
*/
|
|
1670
1770
|
declare function createWasmKeyProvider(sessionManager: SessionManagerWithListing): WasmKeyProvider;
|
|
1671
1771
|
|
|
1672
|
-
export { type DelegateToOptions as D, FileSessionStorage as F, MemorySessionStorage as M, type NodeEventEmitterStrategy as N, type PortableDelegation as P, type RestorableSession as R, type SignStrategy as S, TinyCloudNode as T, WasmKeyProvider as W, type
|
|
1772
|
+
export { type AuthDelegationArtifact as A, type DelegateToOptions as D, FileSessionStorage as F, MemorySessionStorage as M, type NodeEventEmitterStrategy as N, type PortableDelegation as P, type RestorableSession as R, type SignStrategy as S, TinyCloudNode as T, WasmKeyProvider as W, type AuthRequestArtifact as a, type DelegateToResult as b, DelegatedAccess as c, type DelegationAuthority as d, NodeUserAuthorization as e, type NodeUserAuthorizationConfig as f, type RuntimePermissionGrantOptions as g, type TinyCloudNodeConfig as h, type WasmKeyProviderConfig as i, createWasmKeyProvider as j, defaultSignStrategy as k, deserializeDelegation as l, grantAuthRequest as m, serializeDelegation as s };
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, Manifest, ComposedManifestRequest, ClientSession, TinyCloudSession, Extension, SignInOptions, Delegation, DelegatedResource, TelemetryConfig, IKVService, ISQLService, IDuckDbService, IHooksService, INotificationHandler, IENSResolver, IDataVaultService, IEncryptionService, NetworkDescriptor, ISecretsService, ICapabilityKeyRegistry,
|
|
1
|
+
import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, Manifest, ComposedManifestRequest, ClientSession, TinyCloudSession, Extension, SignInOptions, Delegation, DelegatedResource, PermissionEntry, TelemetryConfig, IKVService, ISQLService, IDuckDbService, IHooksService, INotificationHandler, IENSResolver, AccountService, IDataVaultService, IEncryptionService, NetworkDescriptor, ISecretsService, ICapabilityKeyRegistry, DelegationManager, ISpaceService, ISpace, ISharingService, CreateDelegationParams, DelegationResult, ResolvedDelegate, KeyProvider, ISessionManager, JWK } from '@tinycloud/sdk-core';
|
|
2
2
|
import { EventEmitter } from 'events';
|
|
3
3
|
import { InvokeFunction } from '@tinycloud/sdk-services';
|
|
4
4
|
|
|
@@ -540,6 +540,69 @@ interface PortableDelegation extends Omit<Delegation, "isRevoked"> {
|
|
|
540
540
|
*/
|
|
541
541
|
resources?: DelegatedResource[];
|
|
542
542
|
}
|
|
543
|
+
/**
|
|
544
|
+
* The transport shape `tc auth request --emit` produces and that an owner
|
|
545
|
+
* grants to its requester. Only the fields the grant logic needs are declared;
|
|
546
|
+
* the CLI artifact carries more (posture, captured command, ...) and remains a
|
|
547
|
+
* structural superset of this interface.
|
|
548
|
+
*/
|
|
549
|
+
interface AuthRequestArtifact {
|
|
550
|
+
kind: "tinycloud.auth.request";
|
|
551
|
+
version: 1;
|
|
552
|
+
requestId: string;
|
|
553
|
+
/** The requester's session DID — the audience the grant is issued to. */
|
|
554
|
+
sessionDid: string;
|
|
555
|
+
/** The capabilities the requester is asking the owner to delegate. */
|
|
556
|
+
requested: PermissionEntry[];
|
|
557
|
+
/** Optional lifetime override carried from the request. */
|
|
558
|
+
requestedExpiry?: string | number;
|
|
559
|
+
}
|
|
560
|
+
/**
|
|
561
|
+
* The transport shape returned by {@link grantAuthRequest} (and written by
|
|
562
|
+
* `tc auth grant`). `tc auth import` accepts this artifact directly.
|
|
563
|
+
*/
|
|
564
|
+
interface AuthDelegationArtifact {
|
|
565
|
+
kind: "tinycloud.auth.delegation";
|
|
566
|
+
version: 1;
|
|
567
|
+
requestId: string;
|
|
568
|
+
delegationCid: string;
|
|
569
|
+
delegation: PortableDelegation;
|
|
570
|
+
permissions: PermissionEntry[];
|
|
571
|
+
expiry: string;
|
|
572
|
+
/** Whether issuing the delegation triggered a wallet prompt. */
|
|
573
|
+
prompted: boolean;
|
|
574
|
+
}
|
|
575
|
+
/**
|
|
576
|
+
* Minimal owner-side capability {@link grantAuthRequest} needs: the signed
|
|
577
|
+
* `delegateTo` primitive. `TinyCloudNode` satisfies this directly; web/SDK
|
|
578
|
+
* contexts can supply any object that exposes the same method.
|
|
579
|
+
*/
|
|
580
|
+
interface DelegationAuthority {
|
|
581
|
+
delegateTo(did: string, permissions: PermissionEntry[], options?: {
|
|
582
|
+
expiry?: string | number;
|
|
583
|
+
forceWalletSign?: boolean;
|
|
584
|
+
}): Promise<{
|
|
585
|
+
delegation: PortableDelegation;
|
|
586
|
+
prompted: boolean;
|
|
587
|
+
}>;
|
|
588
|
+
}
|
|
589
|
+
/**
|
|
590
|
+
* Turn a delegation REQUEST into a signed GRANT.
|
|
591
|
+
*
|
|
592
|
+
* Lifts the body of `tc auth grant` into the SDK so the request→grant
|
|
593
|
+
* handshake is callable programmatically (future SDK/web owner tooling and the
|
|
594
|
+
* KV delegation inbox), with the CLI verb reduced to a thin wrapper. The owner
|
|
595
|
+
* `authority` (a `TinyCloudNode`) signs a delegation scoped to exactly the
|
|
596
|
+
* requested caps, audienced to the requester's `sessionDid`, honoring the
|
|
597
|
+
* request's expiry. The returned artifact round-trips through `tc auth import`.
|
|
598
|
+
*
|
|
599
|
+
* Authorization is enforced cryptographically by `delegateTo`: caps that are
|
|
600
|
+
* not derivable from the owner's own session capability chain are rejected
|
|
601
|
+
* (it throws), so this never widens authority the owner doesn't hold.
|
|
602
|
+
*/
|
|
603
|
+
declare function grantAuthRequest(authority: DelegationAuthority, request: AuthRequestArtifact, options?: {
|
|
604
|
+
expiry?: string | number;
|
|
605
|
+
}): Promise<AuthDelegationArtifact>;
|
|
543
606
|
/**
|
|
544
607
|
* Serialize a PortableDelegation for transport (e.g., over network).
|
|
545
608
|
*/
|
|
@@ -796,6 +859,7 @@ declare class TinyCloudNode {
|
|
|
796
859
|
private _encryption?;
|
|
797
860
|
private _baseSecrets?;
|
|
798
861
|
private _secrets?;
|
|
862
|
+
private _account?;
|
|
799
863
|
/** Cached public KV with proper delegation (set by ensurePublicSpace) */
|
|
800
864
|
private _publicKV?;
|
|
801
865
|
/** Session key ID - always available */
|
|
@@ -898,6 +962,15 @@ declare class TinyCloudNode {
|
|
|
898
962
|
* Available after signIn().
|
|
899
963
|
*/
|
|
900
964
|
get spaceId(): string | undefined;
|
|
965
|
+
/**
|
|
966
|
+
* Get the account space ID for this wallet identity.
|
|
967
|
+
* Available after wallet-backed sign-in or a restored session with address metadata.
|
|
968
|
+
*/
|
|
969
|
+
get accountSpaceId(): string | undefined;
|
|
970
|
+
/**
|
|
971
|
+
* Account-level application and delegation helpers.
|
|
972
|
+
*/
|
|
973
|
+
get account(): AccountService;
|
|
901
974
|
/**
|
|
902
975
|
* Get the current TinyCloud session.
|
|
903
976
|
* Available after signIn().
|
|
@@ -913,7 +986,11 @@ declare class TinyCloudNode {
|
|
|
913
986
|
signIn(options?: SignInOptions): Promise<void>;
|
|
914
987
|
private ownedSpaceId;
|
|
915
988
|
private writeManifestRegistryRecords;
|
|
916
|
-
private
|
|
989
|
+
private scheduleAccountRegistrySync;
|
|
990
|
+
private withAccountRegistryRetry;
|
|
991
|
+
private requestedEncryptionNetworkIds;
|
|
992
|
+
private ensureRequestedEncryptionNetworks;
|
|
993
|
+
private ensureOwnedSpaceHostedById;
|
|
917
994
|
/**
|
|
918
995
|
* Host one of this user's owned spaces by name (e.g. `"applications"`).
|
|
919
996
|
*
|
|
@@ -924,7 +1001,7 @@ declare class TinyCloudNode {
|
|
|
924
1001
|
* caller is the root authority of their own owned spaces, so no additional
|
|
925
1002
|
* delegation is required.
|
|
926
1003
|
*
|
|
927
|
-
* Unlike {@link
|
|
1004
|
+
* Unlike {@link ensureOwnedSpaceHostedById}, this always submits the host
|
|
928
1005
|
* delegation rather than inferring hosting from session activation: a space
|
|
929
1006
|
* the current session has never referenced is reported neither as
|
|
930
1007
|
* `activated` nor `skipped`, so activation-based detection would wrongly
|
|
@@ -935,6 +1012,27 @@ declare class TinyCloudNode {
|
|
|
935
1012
|
* @returns The hosted space URI.
|
|
936
1013
|
*/
|
|
937
1014
|
hostOwnedSpace(name: string): Promise<string>;
|
|
1015
|
+
/**
|
|
1016
|
+
* Ensure one of this user's owned spaces (e.g. `"secrets"`) is hosted on the
|
|
1017
|
+
* server.
|
|
1018
|
+
*
|
|
1019
|
+
* At sign-in, a full-authority session auto-hosts the owner's `secrets`
|
|
1020
|
+
* space, but a session created with a manifest / capabilityRequest does not.
|
|
1021
|
+
* Such a session can therefore hold valid `tinycloud.kv/*` capabilities for
|
|
1022
|
+
* the owned `secrets` space yet still fail its first scoped
|
|
1023
|
+
* `secrets.put(...)` with `404 Space not found`, because the space was never
|
|
1024
|
+
* registered on the node.
|
|
1025
|
+
*
|
|
1026
|
+
* Calling this resolves `name` to the owner's owned-space URI
|
|
1027
|
+
* (`tinycloud:pkh:eip155:<chain>:<addr>:<name>`) and hosts it via the
|
|
1028
|
+
* host-SIWE delegation flow. The host SIWE is idempotent server-side, so it
|
|
1029
|
+
* is safe to call whether or not the space already exists; do not gate it on
|
|
1030
|
+
* a prior existence check. Must be called after {@link signIn}.
|
|
1031
|
+
*
|
|
1032
|
+
* @param name - The owned space name (e.g. `"secrets"`).
|
|
1033
|
+
* @returns The hosted owned-space URI.
|
|
1034
|
+
*/
|
|
1035
|
+
ensureOwnedSpaceHosted(name: string): Promise<string>;
|
|
938
1036
|
/**
|
|
939
1037
|
* Restore a previously established session from stored delegation data.
|
|
940
1038
|
*
|
|
@@ -1129,7 +1227,7 @@ declare class TinyCloudNode {
|
|
|
1129
1227
|
get encryption(): IEncryptionService;
|
|
1130
1228
|
getEncryptionNetwork(nameOrNetworkId?: string): Promise<NetworkDescriptor | null>;
|
|
1131
1229
|
createEncryptionNetwork(name?: string): Promise<NetworkDescriptor>;
|
|
1132
|
-
ensureEncryptionNetwork(
|
|
1230
|
+
ensureEncryptionNetwork(nameOrNetworkId?: string): Promise<NetworkDescriptor>;
|
|
1133
1231
|
/**
|
|
1134
1232
|
* App-facing secrets API backed by the `secrets` space vault.
|
|
1135
1233
|
*/
|
|
@@ -1475,6 +1573,8 @@ declare class TinyCloudNode {
|
|
|
1475
1573
|
private findGrantForOperation;
|
|
1476
1574
|
private pruneExpiredRuntimePermissionGrants;
|
|
1477
1575
|
private operationCovers;
|
|
1576
|
+
private spaceIdsEqual;
|
|
1577
|
+
private normalizeSpaceAddress;
|
|
1478
1578
|
private actionContains;
|
|
1479
1579
|
private invocationServiceName;
|
|
1480
1580
|
private isEncryptionNetworkOperation;
|
|
@@ -1669,4 +1769,4 @@ declare class WasmKeyProvider implements KeyProvider {
|
|
|
1669
1769
|
*/
|
|
1670
1770
|
declare function createWasmKeyProvider(sessionManager: SessionManagerWithListing): WasmKeyProvider;
|
|
1671
1771
|
|
|
1672
|
-
export { type DelegateToOptions as D, FileSessionStorage as F, MemorySessionStorage as M, type NodeEventEmitterStrategy as N, type PortableDelegation as P, type RestorableSession as R, type SignStrategy as S, TinyCloudNode as T, WasmKeyProvider as W, type
|
|
1772
|
+
export { type AuthDelegationArtifact as A, type DelegateToOptions as D, FileSessionStorage as F, MemorySessionStorage as M, type NodeEventEmitterStrategy as N, type PortableDelegation as P, type RestorableSession as R, type SignStrategy as S, TinyCloudNode as T, WasmKeyProvider as W, type AuthRequestArtifact as a, type DelegateToResult as b, DelegatedAccess as c, type DelegationAuthority as d, NodeUserAuthorization as e, type NodeUserAuthorizationConfig as f, type RuntimePermissionGrantOptions as g, type TinyCloudNodeConfig as h, type WasmKeyProviderConfig as i, createWasmKeyProvider as j, defaultSignStrategy as k, deserializeDelegation as l, grantAuthRequest as m, serializeDelegation as s };
|