@tinycloud/node-sdk 2.4.0-beta.1 → 2.4.0-beta.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{core-Dbzm1kA_.d.cts → core-DiVEwp2P.d.cts} +105 -5
- package/dist/{core-Dbzm1kA_.d.ts → core-DiVEwp2P.d.ts} +105 -5
- package/dist/core.cjs +377 -218
- package/dist/core.cjs.map +1 -1
- package/dist/core.d.cts +2 -2
- package/dist/core.d.ts +2 -2
- package/dist/core.js +205 -44
- package/dist/core.js.map +1 -1
- package/dist/index.cjs +448 -261
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +2 -2
- package/dist/index.d.ts +2 -2
- package/dist/index.js +236 -48
- package/dist/index.js.map +1 -1
- package/package.json +2 -2
package/dist/index.d.cts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { ISigner, Bytes, IWasmBindings, ISessionManager } from '@tinycloud/sdk-core';
|
|
2
|
-
export { ACCOUNT_REGISTRY_PATH, ACCOUNT_REGISTRY_SPACE, AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, BuildCanonicalDecryptRequestInput, BuildDecryptFactsInput, BuildDecryptInvocationInput, BuiltDecryptInvocation, CallbackStrategy, CanonicalAddress, CanonicalDecryptRequest, CanonicalJson, CanonicalParsedNetworkId, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, ComposeManifestOptions, ComposedManifestRequest, CreateDelegationParams, DECRYPT_ACTION, DECRYPT_FACT_TYPE, DECRYPT_RESULT_TYPE, DEFAULT_ENCRYPTION_ALG, DEFAULT_KEY_VERSION, DEFAULT_MANIFEST_SPACE, DEFAULT_MANIFEST_VERSION, DEFAULT_SIGNED_READ_URL_EXPIRY_MS, DataVaultConfig, DataVaultService, DatabaseHandle, DecryptCapabilityProof, DecryptEnvelopeOptions, DecryptInvocationFact, DecryptInvocationSigner, DecryptRequestBody, DecryptResponseBody, DecryptTransport, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DidCacheKeyOptions, DidEqualsOptions, DiscoverNetworkInput, DiscoveredNetwork, DiscoverySource, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, ENCRYPTION_NETWORK_URN_PREFIX, ENCRYPTION_SERVICE, ENCRYPTION_SERVICE_SHORT, ENVELOPE_VERSION, EncodedShareData, EncryptToNetworkInput, EncryptToNetworkOptions, EncryptToNetworkResult, EncryptionCrypto, EncryptionError, EncryptionErrorInput, EncryptionService, EncryptionServiceConfig, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, HookEvent, HookServiceName, HookStreamEvent, HookSubscription, HookWebhookListOptions, HookWebhookRecord, HookWebhookRegistration, HookWebhookScope, HookWebhookUnregisterOptions, HooksService, HooksServiceConfig, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IEncryptionService, IHooksService, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISecretsService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IdentityParseError, IngestOptions, InlineEncryptedEnvelope, InvokeFunction, JWK, KVCreateSignedReadUrlOptions, KVResponse, KVService, KVServiceConfig, KVSignedReadUrlResponse, KeyInfo, KeyProvider, KeyType, Manifest, ManifestDefaults, ManifestRegistryRecord, ManifestSecretActions, ManifestValidationError, NETWORK_NAME_PATTERN, NetworkDescriptor, NetworkIdError, NodeDescriptorFetcher, ParsedNetworkId, PermissionEntry, PermissionNotInManifestError, PersistedSessionData, PkhDidParts, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, RandomReceiverKeyInput, ReceiveOptions, ReceiverKeyPair, ReceiverKeySigner, ResolvedCapabilities, ResolvedDelegate, ResolvedSecretPath, ResourceCapability, SECRET_NAME_RE, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, SecretPayload, SecretScopeOptions, SecretsError, SecretsService, ServiceContext, ServiceContextConfig, ServiceSession, SessionExpiredError, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignInOptions, SignRequest, SignResponse, SignedReceiverKeyInput, SilentNotificationHandler, Space, SpaceAbilitiesMap, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, SubscribeOptions, TableInfo, TelemetryConfig, TelemetryEventHandler, TinyCloud, TinyCloudConfig, TinyCloudSession, UnsupportedFeatureError, VAULT_PERMISSION_SERVICE, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VerifyDecryptResponseInput, VersionCheckError, ViewInfo, WasmVaultFunctions, WellKnownDescriptorFetcher, addressStorageKey, buildCanonicalDecryptRequest, buildDecryptAttenuation, buildDecryptFacts, buildDecryptInvocation, buildNetworkId, buildSpaceUri, canonicalHashHex, canonicalSignedResponse, canonicalizeAddress, canonicalizeDid, canonicalizeDidUrl, canonicalizeEncryptionJson, canonicalizeNetworkId, canonicalizeSecretScope, checkDecryptInvocationInput, checkNodeInfo, composeManifestRequest, createCapabilityKeyRegistry, createSharingService, createSpaceService, createVaultCrypto, decryptEnvelopeWithKey, defaultSpaceCreationHandler, deriveSignedReceiverKey, didCacheKey, didEquals, discoverNetwork, encryptToNetwork, encryptionBase64Decode, encryptionBase64Encode, encryptionError, encryptionUtf8Decode, encryptionUtf8Encode, ensureNetworkUsableForDecrypt, expandActionShortNames, expandPermissionEntries, expandPermissionEntry, generateRandomReceiverKey, hexDecode, hexEncode, isCapabilitySubset, isEvmAddress, isNetworkId, loadManifest, makePkhSpaceId, makePublicSpaceId, networkDiscoveryKey, openWrappedKey, parseCanonicalNetworkId, parseExpiry, parseNetworkId, parsePkhDid, parseSpaceUri, pkhDid, principalDid, principalDidEquals, resolveManifest, resolveSecretListPrefix, resolveSecretPath, resourceCapabilitiesToSpaceAbilitiesMap, validateEnvelope, validateManifest, verifyDecryptResponse } from '@tinycloud/sdk-core';
|
|
3
|
-
export { D as DelegateToOptions,
|
|
2
|
+
export { ACCOUNT_REGISTRY_PATH, ACCOUNT_REGISTRY_SPACE, AccountApplication, AccountApplicationListOptions, AccountDelegation, AccountDelegationListOptions, AccountDelegationRevokeOptions, AccountIndexRebuildResult, AccountIndexStatus, AccountIndexedReadOptions, AccountService, AccountServiceConfig, AccountSpace, AccountSpaceListOptions, AccountStatus, AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, BuildCanonicalDecryptRequestInput, BuildDecryptFactsInput, BuildDecryptInvocationInput, BuiltDecryptInvocation, CallbackStrategy, CanonicalAddress, CanonicalDecryptRequest, CanonicalJson, CanonicalParsedNetworkId, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, ComposeManifestOptions, ComposedManifestRequest, CreateDelegationParams, DECRYPT_ACTION, DECRYPT_FACT_TYPE, DECRYPT_RESULT_TYPE, DEFAULT_ENCRYPTION_ALG, DEFAULT_KEY_VERSION, DEFAULT_MANIFEST_SPACE, DEFAULT_MANIFEST_VERSION, DEFAULT_SIGNED_READ_URL_EXPIRY_MS, DataVaultConfig, DataVaultService, DatabaseHandle, DecryptCapabilityProof, DecryptEnvelopeOptions, DecryptInvocationFact, DecryptInvocationSigner, DecryptRequestBody, DecryptResponseBody, DecryptTransport, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DidCacheKeyOptions, DidEqualsOptions, DiscoverNetworkInput, DiscoveredNetwork, DiscoverySource, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, ENCRYPTION_NETWORK_URN_PREFIX, ENCRYPTION_SERVICE, ENCRYPTION_SERVICE_SHORT, ENVELOPE_VERSION, EncodedShareData, EncryptToNetworkInput, EncryptToNetworkOptions, EncryptToNetworkResult, EncryptionCrypto, EncryptionError, EncryptionErrorInput, EncryptionService, EncryptionServiceConfig, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, HookEvent, HookServiceName, HookStreamEvent, HookSubscription, HookWebhookListOptions, HookWebhookRecord, HookWebhookRegistration, HookWebhookScope, HookWebhookUnregisterOptions, HooksService, HooksServiceConfig, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IEncryptionService, IHooksService, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISecretsService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IdentityParseError, IngestOptions, InlineEncryptedEnvelope, InvokeFunction, JWK, KVCreateSignedReadUrlOptions, KVResponse, KVService, KVServiceConfig, KVSignedReadUrlResponse, KeyInfo, KeyProvider, KeyType, Manifest, ManifestDefaults, ManifestRegistryRecord, ManifestSecretActions, ManifestValidationError, NETWORK_NAME_PATTERN, NetworkDescriptor, NetworkIdError, NodeDescriptorFetcher, ParsedNetworkId, PermissionEntry, PermissionNotInManifestError, PersistedSessionData, PkhDidParts, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, RandomReceiverKeyInput, ReceiveOptions, ReceiverKeyPair, ReceiverKeySigner, ResolvedCapabilities, ResolvedDelegate, ResolvedSecretPath, ResourceCapability, SECRET_NAME_RE, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, SecretPayload, SecretScopeOptions, SecretsError, SecretsService, ServiceContext, ServiceContextConfig, ServiceSession, SessionExpiredError, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignInOptions, SignRequest, SignResponse, SignedReceiverKeyInput, SilentNotificationHandler, Space, SpaceAbilitiesMap, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, SubscribeOptions, TableInfo, TelemetryConfig, TelemetryEventHandler, TinyCloud, TinyCloudConfig, TinyCloudSession, UnsupportedFeatureError, VAULT_PERMISSION_SERVICE, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VerifyDecryptResponseInput, VersionCheckError, ViewInfo, WasmVaultFunctions, WellKnownDescriptorFetcher, addressStorageKey, buildCanonicalDecryptRequest, buildDecryptAttenuation, buildDecryptFacts, buildDecryptInvocation, buildNetworkId, buildSpaceUri, canonicalHashHex, canonicalSignedResponse, canonicalizeAddress, canonicalizeDid, canonicalizeDidUrl, canonicalizeEncryptionJson, canonicalizeNetworkId, canonicalizeSecretScope, checkDecryptInvocationInput, checkNodeInfo, composeManifestRequest, createCapabilityKeyRegistry, createSharingService, createSpaceService, createVaultCrypto, decryptEnvelopeWithKey, defaultSpaceCreationHandler, deriveSignedReceiverKey, didCacheKey, didEquals, discoverNetwork, encryptToNetwork, encryptionBase64Decode, encryptionBase64Encode, encryptionError, encryptionUtf8Decode, encryptionUtf8Encode, ensureNetworkUsableForDecrypt, expandActionShortNames, expandPermissionEntries, expandPermissionEntry, generateRandomReceiverKey, hexDecode, hexEncode, isCapabilitySubset, isEvmAddress, isNetworkId, loadManifest, makePkhSpaceId, makePublicSpaceId, networkDiscoveryKey, openWrappedKey, parseCanonicalNetworkId, parseExpiry, parseNetworkId, parsePkhDid, parseSpaceUri, pkhDid, principalDid, principalDidEquals, resolveManifest, resolveSecretListPrefix, resolveSecretPath, resourceCapabilitiesToSpaceAbilitiesMap, validateEnvelope, validateManifest, verifyDecryptResponse } from '@tinycloud/sdk-core';
|
|
3
|
+
export { A as AuthDelegationArtifact, a as AuthRequestArtifact, D as DelegateToOptions, b as DelegateToResult, c as DelegatedAccess, d as DelegationAuthority, F as FileSessionStorage, M as MemorySessionStorage, N as NodeEventEmitterStrategy, e as NodeUserAuthorization, f as NodeUserAuthorizationConfig, P as PortableDelegation, R as RestorableSession, g as RuntimePermissionGrantOptions, S as SignStrategy, T as TinyCloudNode, h as TinyCloudNodeConfig, W as WasmKeyProvider, i as WasmKeyProviderConfig, j as createWasmKeyProvider, k as defaultSignStrategy, l as deserializeDelegation, m as grantAuthRequest, s as serializeDelegation } from './core-DiVEwp2P.cjs';
|
|
4
4
|
import { invoke, invokeAny, computeCid, prepareSession, completeSessionSetup, ensureEip55, makeSpaceId, createDelegation, parseRecapFromSiwe, generateHostSIWEMessage, siweToDelegationHeaders, protocolVersion, vault_encrypt, vault_decrypt, vault_derive_key, vault_x25519_from_seed, vault_x25519_dh, vault_random_bytes, vault_sha256 } from '@tinycloud/node-sdk-wasm';
|
|
5
5
|
import 'events';
|
|
6
6
|
import '@tinycloud/sdk-services';
|
package/dist/index.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { ISigner, Bytes, IWasmBindings, ISessionManager } from '@tinycloud/sdk-core';
|
|
2
|
-
export { ACCOUNT_REGISTRY_PATH, ACCOUNT_REGISTRY_SPACE, AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, BuildCanonicalDecryptRequestInput, BuildDecryptFactsInput, BuildDecryptInvocationInput, BuiltDecryptInvocation, CallbackStrategy, CanonicalAddress, CanonicalDecryptRequest, CanonicalJson, CanonicalParsedNetworkId, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, ComposeManifestOptions, ComposedManifestRequest, CreateDelegationParams, DECRYPT_ACTION, DECRYPT_FACT_TYPE, DECRYPT_RESULT_TYPE, DEFAULT_ENCRYPTION_ALG, DEFAULT_KEY_VERSION, DEFAULT_MANIFEST_SPACE, DEFAULT_MANIFEST_VERSION, DEFAULT_SIGNED_READ_URL_EXPIRY_MS, DataVaultConfig, DataVaultService, DatabaseHandle, DecryptCapabilityProof, DecryptEnvelopeOptions, DecryptInvocationFact, DecryptInvocationSigner, DecryptRequestBody, DecryptResponseBody, DecryptTransport, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DidCacheKeyOptions, DidEqualsOptions, DiscoverNetworkInput, DiscoveredNetwork, DiscoverySource, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, ENCRYPTION_NETWORK_URN_PREFIX, ENCRYPTION_SERVICE, ENCRYPTION_SERVICE_SHORT, ENVELOPE_VERSION, EncodedShareData, EncryptToNetworkInput, EncryptToNetworkOptions, EncryptToNetworkResult, EncryptionCrypto, EncryptionError, EncryptionErrorInput, EncryptionService, EncryptionServiceConfig, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, HookEvent, HookServiceName, HookStreamEvent, HookSubscription, HookWebhookListOptions, HookWebhookRecord, HookWebhookRegistration, HookWebhookScope, HookWebhookUnregisterOptions, HooksService, HooksServiceConfig, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IEncryptionService, IHooksService, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISecretsService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IdentityParseError, IngestOptions, InlineEncryptedEnvelope, InvokeFunction, JWK, KVCreateSignedReadUrlOptions, KVResponse, KVService, KVServiceConfig, KVSignedReadUrlResponse, KeyInfo, KeyProvider, KeyType, Manifest, ManifestDefaults, ManifestRegistryRecord, ManifestSecretActions, ManifestValidationError, NETWORK_NAME_PATTERN, NetworkDescriptor, NetworkIdError, NodeDescriptorFetcher, ParsedNetworkId, PermissionEntry, PermissionNotInManifestError, PersistedSessionData, PkhDidParts, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, RandomReceiverKeyInput, ReceiveOptions, ReceiverKeyPair, ReceiverKeySigner, ResolvedCapabilities, ResolvedDelegate, ResolvedSecretPath, ResourceCapability, SECRET_NAME_RE, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, SecretPayload, SecretScopeOptions, SecretsError, SecretsService, ServiceContext, ServiceContextConfig, ServiceSession, SessionExpiredError, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignInOptions, SignRequest, SignResponse, SignedReceiverKeyInput, SilentNotificationHandler, Space, SpaceAbilitiesMap, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, SubscribeOptions, TableInfo, TelemetryConfig, TelemetryEventHandler, TinyCloud, TinyCloudConfig, TinyCloudSession, UnsupportedFeatureError, VAULT_PERMISSION_SERVICE, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VerifyDecryptResponseInput, VersionCheckError, ViewInfo, WasmVaultFunctions, WellKnownDescriptorFetcher, addressStorageKey, buildCanonicalDecryptRequest, buildDecryptAttenuation, buildDecryptFacts, buildDecryptInvocation, buildNetworkId, buildSpaceUri, canonicalHashHex, canonicalSignedResponse, canonicalizeAddress, canonicalizeDid, canonicalizeDidUrl, canonicalizeEncryptionJson, canonicalizeNetworkId, canonicalizeSecretScope, checkDecryptInvocationInput, checkNodeInfo, composeManifestRequest, createCapabilityKeyRegistry, createSharingService, createSpaceService, createVaultCrypto, decryptEnvelopeWithKey, defaultSpaceCreationHandler, deriveSignedReceiverKey, didCacheKey, didEquals, discoverNetwork, encryptToNetwork, encryptionBase64Decode, encryptionBase64Encode, encryptionError, encryptionUtf8Decode, encryptionUtf8Encode, ensureNetworkUsableForDecrypt, expandActionShortNames, expandPermissionEntries, expandPermissionEntry, generateRandomReceiverKey, hexDecode, hexEncode, isCapabilitySubset, isEvmAddress, isNetworkId, loadManifest, makePkhSpaceId, makePublicSpaceId, networkDiscoveryKey, openWrappedKey, parseCanonicalNetworkId, parseExpiry, parseNetworkId, parsePkhDid, parseSpaceUri, pkhDid, principalDid, principalDidEquals, resolveManifest, resolveSecretListPrefix, resolveSecretPath, resourceCapabilitiesToSpaceAbilitiesMap, validateEnvelope, validateManifest, verifyDecryptResponse } from '@tinycloud/sdk-core';
|
|
3
|
-
export { D as DelegateToOptions,
|
|
2
|
+
export { ACCOUNT_REGISTRY_PATH, ACCOUNT_REGISTRY_SPACE, AccountApplication, AccountApplicationListOptions, AccountDelegation, AccountDelegationListOptions, AccountDelegationRevokeOptions, AccountIndexRebuildResult, AccountIndexStatus, AccountIndexedReadOptions, AccountService, AccountServiceConfig, AccountSpace, AccountSpaceListOptions, AccountStatus, AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, BuildCanonicalDecryptRequestInput, BuildDecryptFactsInput, BuildDecryptInvocationInput, BuiltDecryptInvocation, CallbackStrategy, CanonicalAddress, CanonicalDecryptRequest, CanonicalJson, CanonicalParsedNetworkId, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, ComposeManifestOptions, ComposedManifestRequest, CreateDelegationParams, DECRYPT_ACTION, DECRYPT_FACT_TYPE, DECRYPT_RESULT_TYPE, DEFAULT_ENCRYPTION_ALG, DEFAULT_KEY_VERSION, DEFAULT_MANIFEST_SPACE, DEFAULT_MANIFEST_VERSION, DEFAULT_SIGNED_READ_URL_EXPIRY_MS, DataVaultConfig, DataVaultService, DatabaseHandle, DecryptCapabilityProof, DecryptEnvelopeOptions, DecryptInvocationFact, DecryptInvocationSigner, DecryptRequestBody, DecryptResponseBody, DecryptTransport, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DidCacheKeyOptions, DidEqualsOptions, DiscoverNetworkInput, DiscoveredNetwork, DiscoverySource, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, ENCRYPTION_NETWORK_URN_PREFIX, ENCRYPTION_SERVICE, ENCRYPTION_SERVICE_SHORT, ENVELOPE_VERSION, EncodedShareData, EncryptToNetworkInput, EncryptToNetworkOptions, EncryptToNetworkResult, EncryptionCrypto, EncryptionError, EncryptionErrorInput, EncryptionService, EncryptionServiceConfig, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, HookEvent, HookServiceName, HookStreamEvent, HookSubscription, HookWebhookListOptions, HookWebhookRecord, HookWebhookRegistration, HookWebhookScope, HookWebhookUnregisterOptions, HooksService, HooksServiceConfig, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IEncryptionService, IHooksService, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISecretsService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IdentityParseError, IngestOptions, InlineEncryptedEnvelope, InvokeFunction, JWK, KVCreateSignedReadUrlOptions, KVResponse, KVService, KVServiceConfig, KVSignedReadUrlResponse, KeyInfo, KeyProvider, KeyType, Manifest, ManifestDefaults, ManifestRegistryRecord, ManifestSecretActions, ManifestValidationError, NETWORK_NAME_PATTERN, NetworkDescriptor, NetworkIdError, NodeDescriptorFetcher, ParsedNetworkId, PermissionEntry, PermissionNotInManifestError, PersistedSessionData, PkhDidParts, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, RandomReceiverKeyInput, ReceiveOptions, ReceiverKeyPair, ReceiverKeySigner, ResolvedCapabilities, ResolvedDelegate, ResolvedSecretPath, ResourceCapability, SECRET_NAME_RE, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, SecretPayload, SecretScopeOptions, SecretsError, SecretsService, ServiceContext, ServiceContextConfig, ServiceSession, SessionExpiredError, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignInOptions, SignRequest, SignResponse, SignedReceiverKeyInput, SilentNotificationHandler, Space, SpaceAbilitiesMap, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, SubscribeOptions, TableInfo, TelemetryConfig, TelemetryEventHandler, TinyCloud, TinyCloudConfig, TinyCloudSession, UnsupportedFeatureError, VAULT_PERMISSION_SERVICE, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VerifyDecryptResponseInput, VersionCheckError, ViewInfo, WasmVaultFunctions, WellKnownDescriptorFetcher, addressStorageKey, buildCanonicalDecryptRequest, buildDecryptAttenuation, buildDecryptFacts, buildDecryptInvocation, buildNetworkId, buildSpaceUri, canonicalHashHex, canonicalSignedResponse, canonicalizeAddress, canonicalizeDid, canonicalizeDidUrl, canonicalizeEncryptionJson, canonicalizeNetworkId, canonicalizeSecretScope, checkDecryptInvocationInput, checkNodeInfo, composeManifestRequest, createCapabilityKeyRegistry, createSharingService, createSpaceService, createVaultCrypto, decryptEnvelopeWithKey, defaultSpaceCreationHandler, deriveSignedReceiverKey, didCacheKey, didEquals, discoverNetwork, encryptToNetwork, encryptionBase64Decode, encryptionBase64Encode, encryptionError, encryptionUtf8Decode, encryptionUtf8Encode, ensureNetworkUsableForDecrypt, expandActionShortNames, expandPermissionEntries, expandPermissionEntry, generateRandomReceiverKey, hexDecode, hexEncode, isCapabilitySubset, isEvmAddress, isNetworkId, loadManifest, makePkhSpaceId, makePublicSpaceId, networkDiscoveryKey, openWrappedKey, parseCanonicalNetworkId, parseExpiry, parseNetworkId, parsePkhDid, parseSpaceUri, pkhDid, principalDid, principalDidEquals, resolveManifest, resolveSecretListPrefix, resolveSecretPath, resourceCapabilitiesToSpaceAbilitiesMap, validateEnvelope, validateManifest, verifyDecryptResponse } from '@tinycloud/sdk-core';
|
|
3
|
+
export { A as AuthDelegationArtifact, a as AuthRequestArtifact, D as DelegateToOptions, b as DelegateToResult, c as DelegatedAccess, d as DelegationAuthority, F as FileSessionStorage, M as MemorySessionStorage, N as NodeEventEmitterStrategy, e as NodeUserAuthorization, f as NodeUserAuthorizationConfig, P as PortableDelegation, R as RestorableSession, g as RuntimePermissionGrantOptions, S as SignStrategy, T as TinyCloudNode, h as TinyCloudNodeConfig, W as WasmKeyProvider, i as WasmKeyProviderConfig, j as createWasmKeyProvider, k as defaultSignStrategy, l as deserializeDelegation, m as grantAuthRequest, s as serializeDelegation } from './core-DiVEwp2P.js';
|
|
4
4
|
import { invoke, invokeAny, computeCid, prepareSession, completeSessionSetup, ensureEip55, makeSpaceId, createDelegation, parseRecapFromSiwe, generateHostSIWEMessage, siweToDelegationHeaders, protocolVersion, vault_encrypt, vault_decrypt, vault_derive_key, vault_x25519_from_seed, vault_x25519_dh, vault_random_bytes, vault_sha256 } from '@tinycloud/node-sdk-wasm';
|
|
5
5
|
import 'events';
|
|
6
6
|
import '@tinycloud/sdk-services';
|
package/dist/index.js
CHANGED
|
@@ -17186,7 +17186,8 @@ import {
|
|
|
17186
17186
|
verifyDidKeyEd25519Signature,
|
|
17187
17187
|
canonicalizeAddress as canonicalizeAddress2,
|
|
17188
17188
|
pkhDid as pkhDid2,
|
|
17189
|
-
principalDidEquals
|
|
17189
|
+
principalDidEquals as principalDidEquals2,
|
|
17190
|
+
parseNetworkId as parseNetworkId2
|
|
17190
17191
|
} from "@tinycloud/sdk-core";
|
|
17191
17192
|
|
|
17192
17193
|
// src/authorization/NodeUserAuthorization.ts
|
|
@@ -17199,6 +17200,8 @@ import {
|
|
|
17199
17200
|
DEFAULT_MANIFEST_SPACE,
|
|
17200
17201
|
ENCRYPTION_PERMISSION_SERVICE,
|
|
17201
17202
|
composeManifestRequest,
|
|
17203
|
+
parseNetworkId,
|
|
17204
|
+
principalDidEquals,
|
|
17202
17205
|
resourceCapabilitiesToAbilitiesMap,
|
|
17203
17206
|
resourceCapabilitiesToSpaceAbilitiesMap,
|
|
17204
17207
|
resolveTinyCloudHosts,
|
|
@@ -17283,6 +17286,25 @@ var MemorySessionStorage = class {
|
|
|
17283
17286
|
};
|
|
17284
17287
|
|
|
17285
17288
|
// src/authorization/NodeUserAuthorization.ts
|
|
17289
|
+
var DECRYPT_ACTION = "tinycloud.encryption/decrypt";
|
|
17290
|
+
var NETWORK_CREATE_ACTION = "tinycloud.encryption/network.create";
|
|
17291
|
+
function didPrincipalMatches(actual, expected) {
|
|
17292
|
+
try {
|
|
17293
|
+
return principalDidEquals(actual, expected);
|
|
17294
|
+
} catch {
|
|
17295
|
+
return actual === expected;
|
|
17296
|
+
}
|
|
17297
|
+
}
|
|
17298
|
+
function addRawAbility(rawAbilities, resource, action) {
|
|
17299
|
+
const actions = rawAbilities[resource];
|
|
17300
|
+
if (actions === void 0) {
|
|
17301
|
+
rawAbilities[resource] = [action];
|
|
17302
|
+
return;
|
|
17303
|
+
}
|
|
17304
|
+
if (!actions.includes(action)) {
|
|
17305
|
+
actions.push(action);
|
|
17306
|
+
}
|
|
17307
|
+
}
|
|
17286
17308
|
var NodeUserAuthorization = class {
|
|
17287
17309
|
constructor(config) {
|
|
17288
17310
|
this.extensions = [];
|
|
@@ -17309,6 +17331,7 @@ var NodeUserAuthorization = class {
|
|
|
17309
17331
|
"": [
|
|
17310
17332
|
"tinycloud.sql/read",
|
|
17311
17333
|
"tinycloud.sql/write",
|
|
17334
|
+
"tinycloud.sql/ddl",
|
|
17312
17335
|
"tinycloud.sql/admin",
|
|
17313
17336
|
"tinycloud.sql/export"
|
|
17314
17337
|
]
|
|
@@ -17512,20 +17535,18 @@ var NodeUserAuthorization = class {
|
|
|
17512
17535
|
};
|
|
17513
17536
|
}
|
|
17514
17537
|
const rawAbilities = {};
|
|
17538
|
+
const currentDid = pkhDid(address, chainId);
|
|
17515
17539
|
const spaceResources = request.resources.filter((entry) => {
|
|
17516
17540
|
if (entry.service !== ENCRYPTION_PERMISSION_SERVICE) {
|
|
17517
17541
|
return true;
|
|
17518
17542
|
}
|
|
17519
|
-
const
|
|
17520
|
-
|
|
17521
|
-
|
|
17522
|
-
|
|
17523
|
-
const
|
|
17524
|
-
|
|
17525
|
-
|
|
17526
|
-
existing.push(action);
|
|
17527
|
-
seen.add(action);
|
|
17528
|
-
}
|
|
17543
|
+
for (const action of entry.actions) {
|
|
17544
|
+
addRawAbility(rawAbilities, entry.path, action);
|
|
17545
|
+
}
|
|
17546
|
+
if (entry.actions.includes(DECRYPT_ACTION)) {
|
|
17547
|
+
const parsed = parseNetworkId(entry.path);
|
|
17548
|
+
if (didPrincipalMatches(parsed.ownerDid, currentDid)) {
|
|
17549
|
+
addRawAbility(rawAbilities, entry.path, NETWORK_CREATE_ACTION);
|
|
17529
17550
|
}
|
|
17530
17551
|
}
|
|
17531
17552
|
return false;
|
|
@@ -18084,6 +18105,9 @@ var NodeUserAuthorization = class {
|
|
|
18084
18105
|
}
|
|
18085
18106
|
};
|
|
18086
18107
|
|
|
18108
|
+
// src/account/AccountService.ts
|
|
18109
|
+
import { AccountService } from "@tinycloud/sdk-core";
|
|
18110
|
+
|
|
18087
18111
|
// src/DelegatedAccess.ts
|
|
18088
18112
|
import {
|
|
18089
18113
|
KVService,
|
|
@@ -18501,13 +18525,13 @@ var NodeSecretsService = class {
|
|
|
18501
18525
|
// src/TinyCloudNode.ts
|
|
18502
18526
|
var DEFAULT_HOST = "https://node.tinycloud.xyz";
|
|
18503
18527
|
var DEFAULT_ENCRYPTION_NETWORK_NAME = "default";
|
|
18504
|
-
var
|
|
18505
|
-
var
|
|
18528
|
+
var NETWORK_CREATE_ACTION2 = "tinycloud.encryption/network.create";
|
|
18529
|
+
var DECRYPT_ACTION2 = "tinycloud.encryption/decrypt";
|
|
18506
18530
|
var NETWORK_ADMIN_TYPE = "tinycloud.encryption.network-admin/v1";
|
|
18507
18531
|
var DEFAULT_SESSION_EXPIRATION_MS = EXPIRY3.SESSION_MS;
|
|
18508
|
-
function
|
|
18532
|
+
function didPrincipalMatches2(actual, expected) {
|
|
18509
18533
|
try {
|
|
18510
|
-
return
|
|
18534
|
+
return principalDidEquals2(actual, expected);
|
|
18511
18535
|
} catch {
|
|
18512
18536
|
return actual === expected;
|
|
18513
18537
|
}
|
|
@@ -18844,6 +18868,37 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18844
18868
|
get spaceId() {
|
|
18845
18869
|
return this.auth?.tinyCloudSession?.spaceId;
|
|
18846
18870
|
}
|
|
18871
|
+
/**
|
|
18872
|
+
* Get the account space ID for this wallet identity.
|
|
18873
|
+
* Available after wallet-backed sign-in or a restored session with address metadata.
|
|
18874
|
+
*/
|
|
18875
|
+
get accountSpaceId() {
|
|
18876
|
+
if (!this._address) {
|
|
18877
|
+
return void 0;
|
|
18878
|
+
}
|
|
18879
|
+
return this.wasmBindings.makeSpaceId(this._address, this._chainId, ACCOUNT_REGISTRY_SPACE);
|
|
18880
|
+
}
|
|
18881
|
+
/**
|
|
18882
|
+
* Account-level application and delegation helpers.
|
|
18883
|
+
*/
|
|
18884
|
+
get account() {
|
|
18885
|
+
if (!this._account) {
|
|
18886
|
+
this._account = new AccountService({
|
|
18887
|
+
getDid: () => this.did,
|
|
18888
|
+
getHost: () => this.hosts[0] ?? this.config.host,
|
|
18889
|
+
getPrimarySpaceId: () => this.spaceId,
|
|
18890
|
+
getAccountSpaceId: () => this.accountSpaceId,
|
|
18891
|
+
getSpaces: () => this.spaces,
|
|
18892
|
+
getAccountDb: () => this.accountSpaceId ? this.sqlForSpace(this.accountSpaceId).db("account") : void 0,
|
|
18893
|
+
ensureAccountSpaceHosted: async () => {
|
|
18894
|
+
if (this.accountSpaceId && this.auth) {
|
|
18895
|
+
await this.ensureOwnedSpaceHostedById(this.accountSpaceId);
|
|
18896
|
+
}
|
|
18897
|
+
}
|
|
18898
|
+
});
|
|
18899
|
+
}
|
|
18900
|
+
return this._account;
|
|
18901
|
+
}
|
|
18847
18902
|
/**
|
|
18848
18903
|
* Get the current TinyCloud session.
|
|
18849
18904
|
* Available after signIn().
|
|
@@ -18881,10 +18936,11 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18881
18936
|
await this.tc.signIn(options);
|
|
18882
18937
|
this.syncResolvedHostFromAuth();
|
|
18883
18938
|
this.initializeServices();
|
|
18939
|
+
await this.ensureRequestedEncryptionNetworks();
|
|
18884
18940
|
if (this.config.manifest === void 0 && this.config.capabilityRequest === void 0) {
|
|
18885
|
-
await this.
|
|
18941
|
+
await this.ensureOwnedSpaceHostedById(this.ownedSpaceId("secrets"));
|
|
18886
18942
|
}
|
|
18887
|
-
|
|
18943
|
+
this.scheduleAccountRegistrySync();
|
|
18888
18944
|
this.notificationHandler.success("Successfully signed in");
|
|
18889
18945
|
}
|
|
18890
18946
|
ownedSpaceId(name) {
|
|
@@ -18902,22 +18958,68 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18902
18958
|
throw new Error("Manifest registry write requires wallet mode");
|
|
18903
18959
|
}
|
|
18904
18960
|
const accountSpaceId = this.ownedSpaceId(ACCOUNT_REGISTRY_SPACE);
|
|
18905
|
-
await this.
|
|
18906
|
-
const
|
|
18907
|
-
|
|
18908
|
-
|
|
18909
|
-
|
|
18910
|
-
|
|
18911
|
-
|
|
18912
|
-
|
|
18913
|
-
|
|
18914
|
-
|
|
18915
|
-
|
|
18916
|
-
|
|
18961
|
+
await this.ensureOwnedSpaceHostedById(accountSpaceId);
|
|
18962
|
+
const result = await this.account.applications.register(request.manifests);
|
|
18963
|
+
if (!result.ok) {
|
|
18964
|
+
throw new Error(
|
|
18965
|
+
`Failed to write manifest registry records: ${result.error.message}`
|
|
18966
|
+
);
|
|
18967
|
+
}
|
|
18968
|
+
}
|
|
18969
|
+
scheduleAccountRegistrySync() {
|
|
18970
|
+
void this.withAccountRegistryRetry(async () => {
|
|
18971
|
+
await this.writeManifestRegistryRecords();
|
|
18972
|
+
const spaces = await this.account.spaces.syncAccessible();
|
|
18973
|
+
if (!spaces.ok) {
|
|
18974
|
+
throw new Error(`Failed to sync account spaces: ${spaces.error.message}`);
|
|
18975
|
+
}
|
|
18976
|
+
});
|
|
18977
|
+
}
|
|
18978
|
+
async withAccountRegistryRetry(task) {
|
|
18979
|
+
const delays = [250, 1e3, 3e3];
|
|
18980
|
+
let lastError;
|
|
18981
|
+
for (let attempt = 0; attempt < delays.length; attempt += 1) {
|
|
18982
|
+
try {
|
|
18983
|
+
await task();
|
|
18984
|
+
return;
|
|
18985
|
+
} catch (error) {
|
|
18986
|
+
lastError = error;
|
|
18987
|
+
if (attempt < delays.length - 1) {
|
|
18988
|
+
await new Promise((resolve) => setTimeout(resolve, delays[attempt]));
|
|
18989
|
+
}
|
|
18990
|
+
}
|
|
18991
|
+
}
|
|
18992
|
+
console.warn(
|
|
18993
|
+
"TinyCloud account registry sync failed after retries",
|
|
18994
|
+
lastError
|
|
18995
|
+
);
|
|
18996
|
+
}
|
|
18997
|
+
requestedEncryptionNetworkIds() {
|
|
18998
|
+
const request = this.capabilityRequest;
|
|
18999
|
+
if (!request) {
|
|
19000
|
+
return [];
|
|
19001
|
+
}
|
|
19002
|
+
const networkIds = /* @__PURE__ */ new Set();
|
|
19003
|
+
for (const resource of request.resources) {
|
|
19004
|
+
if (resource.service === ENCRYPTION_PERMISSION_SERVICE2 && resource.path.startsWith("urn:tinycloud:encryption:") && resource.actions.includes(DECRYPT_ACTION2)) {
|
|
19005
|
+
networkIds.add(resource.path);
|
|
19006
|
+
}
|
|
19007
|
+
}
|
|
19008
|
+
return [...networkIds];
|
|
19009
|
+
}
|
|
19010
|
+
async ensureRequestedEncryptionNetworks() {
|
|
19011
|
+
if (!this.signer || !this.auth) {
|
|
19012
|
+
return;
|
|
19013
|
+
}
|
|
19014
|
+
for (const networkId of this.requestedEncryptionNetworkIds()) {
|
|
19015
|
+
const parsed = parseNetworkId2(networkId);
|
|
19016
|
+
if (!didPrincipalMatches2(parsed.ownerDid, this.did)) {
|
|
19017
|
+
continue;
|
|
18917
19018
|
}
|
|
19019
|
+
await this.ensureEncryptionNetwork(networkId);
|
|
18918
19020
|
}
|
|
18919
19021
|
}
|
|
18920
|
-
async
|
|
19022
|
+
async ensureOwnedSpaceHostedById(spaceId) {
|
|
18921
19023
|
if (!this.auth) {
|
|
18922
19024
|
throw new Error("Owned space hosting requires wallet mode");
|
|
18923
19025
|
}
|
|
@@ -18960,7 +19062,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18960
19062
|
* caller is the root authority of their own owned spaces, so no additional
|
|
18961
19063
|
* delegation is required.
|
|
18962
19064
|
*
|
|
18963
|
-
* Unlike {@link
|
|
19065
|
+
* Unlike {@link ensureOwnedSpaceHostedById}, this always submits the host
|
|
18964
19066
|
* delegation rather than inferring hosting from session activation: a space
|
|
18965
19067
|
* the current session has never referenced is reported neither as
|
|
18966
19068
|
* `activated` nor `skipped`, so activation-based detection would wrongly
|
|
@@ -18994,8 +19096,40 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18994
19096
|
`Failed to activate session for owned space ${spaceId}: ${activation.error ?? "space was skipped"}`
|
|
18995
19097
|
);
|
|
18996
19098
|
}
|
|
19099
|
+
void this.account.spaces.register({
|
|
19100
|
+
spaceId,
|
|
19101
|
+
name,
|
|
19102
|
+
ownerDid: this.did,
|
|
19103
|
+
type: "owned",
|
|
19104
|
+
permissions: ["*"],
|
|
19105
|
+
status: "active"
|
|
19106
|
+
}).catch(() => {
|
|
19107
|
+
});
|
|
18997
19108
|
return spaceId;
|
|
18998
19109
|
}
|
|
19110
|
+
/**
|
|
19111
|
+
* Ensure one of this user's owned spaces (e.g. `"secrets"`) is hosted on the
|
|
19112
|
+
* server.
|
|
19113
|
+
*
|
|
19114
|
+
* At sign-in, a full-authority session auto-hosts the owner's `secrets`
|
|
19115
|
+
* space, but a session created with a manifest / capabilityRequest does not.
|
|
19116
|
+
* Such a session can therefore hold valid `tinycloud.kv/*` capabilities for
|
|
19117
|
+
* the owned `secrets` space yet still fail its first scoped
|
|
19118
|
+
* `secrets.put(...)` with `404 Space not found`, because the space was never
|
|
19119
|
+
* registered on the node.
|
|
19120
|
+
*
|
|
19121
|
+
* Calling this resolves `name` to the owner's owned-space URI
|
|
19122
|
+
* (`tinycloud:pkh:eip155:<chain>:<addr>:<name>`) and hosts it via the
|
|
19123
|
+
* host-SIWE delegation flow. The host SIWE is idempotent server-side, so it
|
|
19124
|
+
* is safe to call whether or not the space already exists; do not gate it on
|
|
19125
|
+
* a prior existence check. Must be called after {@link signIn}.
|
|
19126
|
+
*
|
|
19127
|
+
* @param name - The owned space name (e.g. `"secrets"`).
|
|
19128
|
+
* @returns The hosted owned-space URI.
|
|
19129
|
+
*/
|
|
19130
|
+
async ensureOwnedSpaceHosted(name) {
|
|
19131
|
+
return this.hostOwnedSpace(name);
|
|
19132
|
+
}
|
|
18999
19133
|
/**
|
|
19000
19134
|
* Restore a previously established session from stored delegation data.
|
|
19001
19135
|
*
|
|
@@ -19385,7 +19519,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19385
19519
|
const signed2 = await this.signRawNetworkAuthorization({
|
|
19386
19520
|
targetNode: input.targetNode,
|
|
19387
19521
|
networkId: input.networkId,
|
|
19388
|
-
action:
|
|
19522
|
+
action: DECRYPT_ACTION2,
|
|
19389
19523
|
facts: input.facts
|
|
19390
19524
|
});
|
|
19391
19525
|
return {
|
|
@@ -19402,7 +19536,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19402
19536
|
},
|
|
19403
19537
|
wellKnown: {
|
|
19404
19538
|
fetchWellKnown: async (principal, discoveryKey) => {
|
|
19405
|
-
if (!this._address || !
|
|
19539
|
+
if (!this._address || !didPrincipalMatches2(principal, this.did)) {
|
|
19406
19540
|
return null;
|
|
19407
19541
|
}
|
|
19408
19542
|
if (!this.config.host) {
|
|
@@ -19611,6 +19745,9 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19611
19745
|
}
|
|
19612
19746
|
};
|
|
19613
19747
|
}
|
|
19748
|
+
},
|
|
19749
|
+
onSpaceRegistered: async (space) => {
|
|
19750
|
+
await this.account.spaces.register(space);
|
|
19614
19751
|
}
|
|
19615
19752
|
});
|
|
19616
19753
|
this._sharingService.updateConfig({
|
|
@@ -19909,12 +20046,12 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19909
20046
|
crypto2.sha256,
|
|
19910
20047
|
body
|
|
19911
20048
|
),
|
|
19912
|
-
action:
|
|
20049
|
+
action: NETWORK_CREATE_ACTION2
|
|
19913
20050
|
};
|
|
19914
20051
|
const signed2 = await this.signRawNetworkAuthorization({
|
|
19915
20052
|
targetNode,
|
|
19916
20053
|
networkId,
|
|
19917
|
-
action:
|
|
20054
|
+
action: NETWORK_CREATE_ACTION2,
|
|
19918
20055
|
facts
|
|
19919
20056
|
});
|
|
19920
20057
|
const response = await fetch(`${this.config.host}/encryption/networks`, {
|
|
@@ -19935,12 +20072,19 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19935
20072
|
const created = await response.json();
|
|
19936
20073
|
return created.descriptor;
|
|
19937
20074
|
}
|
|
19938
|
-
async ensureEncryptionNetwork(
|
|
19939
|
-
const
|
|
20075
|
+
async ensureEncryptionNetwork(nameOrNetworkId = DEFAULT_ENCRYPTION_NETWORK_NAME) {
|
|
20076
|
+
const networkId = nameOrNetworkId.startsWith("urn:tinycloud:encryption:") ? nameOrNetworkId : this.getDefaultEncryptionNetworkId(nameOrNetworkId);
|
|
20077
|
+
const existing = await this.getEncryptionNetwork(networkId);
|
|
19940
20078
|
if (existing) {
|
|
19941
20079
|
return existing;
|
|
19942
20080
|
}
|
|
19943
|
-
|
|
20081
|
+
const parsed = parseNetworkId2(networkId);
|
|
20082
|
+
if (!didPrincipalMatches2(parsed.ownerDid, this.did)) {
|
|
20083
|
+
throw new Error(
|
|
20084
|
+
`Cannot create encryption network ${networkId}: owner ${parsed.ownerDid} does not match signed-in DID ${this.did}`
|
|
20085
|
+
);
|
|
20086
|
+
}
|
|
20087
|
+
return this.createEncryptionNetwork(parsed.name);
|
|
19944
20088
|
}
|
|
19945
20089
|
/**
|
|
19946
20090
|
* App-facing secrets API backed by the `secrets` space vault.
|
|
@@ -20088,7 +20232,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
20088
20232
|
throw new SessionExpiredError(delegation.expiry);
|
|
20089
20233
|
}
|
|
20090
20234
|
const expectedDids = [session.verificationMethod, this.sessionDid];
|
|
20091
|
-
if (!expectedDids.some((did) =>
|
|
20235
|
+
if (!expectedDids.some((did) => didPrincipalMatches2(delegation.delegateDID, did))) {
|
|
20092
20236
|
throw new Error(
|
|
20093
20237
|
`Runtime delegation targets ${delegation.delegateDID} but this session key is ${session.verificationMethod}.`
|
|
20094
20238
|
);
|
|
@@ -20617,7 +20761,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
20617
20761
|
);
|
|
20618
20762
|
}
|
|
20619
20763
|
const target = request.delegationTargets.find(
|
|
20620
|
-
(entry) =>
|
|
20764
|
+
(entry) => didPrincipalMatches2(entry.did, did)
|
|
20621
20765
|
);
|
|
20622
20766
|
if (!target) {
|
|
20623
20767
|
throw new Error(`No manifest delegation target found for DID ${did}`);
|
|
@@ -21067,7 +21211,23 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
21067
21211
|
if (granted.resource !== void 0 || requested.resource !== void 0) {
|
|
21068
21212
|
return granted.resource !== void 0 && requested.resource !== void 0 && granted.resource === requested.resource && this.pathContains(granted.path, requested.path);
|
|
21069
21213
|
}
|
|
21070
|
-
return granted.spaceId !== void 0 && requested.spaceId !== void 0 && granted.spaceId
|
|
21214
|
+
return granted.spaceId !== void 0 && requested.spaceId !== void 0 && this.spaceIdsEqual(granted.spaceId, requested.spaceId) && this.pathContains(granted.path, requested.path);
|
|
21215
|
+
}
|
|
21216
|
+
// Space IDs are `tinycloud:pkh:eip155:<chain>:<0xADDR>:<name>`. The embedded
|
|
21217
|
+
// EIP-155 address is case-insensitive, but the CLI canonicalizes it to
|
|
21218
|
+
// lowercase when building a space URI while stored runtime delegations keep
|
|
21219
|
+
// the EIP-55 checksummed form — so a byte-for-byte compare spuriously rejects
|
|
21220
|
+
// an otherwise-valid grant. Lowercase ONLY the `eip155:<chain>:0x<addr>`
|
|
21221
|
+
// segment and leave everything else (crucially the case-sensitive space NAME)
|
|
21222
|
+
// byte-exact. Mirrors the CLI's `normalizeSpaceForCompare` (OPENKEY_SCOPE_MISMATCH fix).
|
|
21223
|
+
spaceIdsEqual(a, b) {
|
|
21224
|
+
return this.normalizeSpaceAddress(a) === this.normalizeSpaceAddress(b);
|
|
21225
|
+
}
|
|
21226
|
+
normalizeSpaceAddress(space) {
|
|
21227
|
+
return space.replace(
|
|
21228
|
+
/(eip155:\d+:)(0x[0-9a-fA-F]{40})/,
|
|
21229
|
+
(_match, prefix, addr) => prefix + addr.toLowerCase()
|
|
21230
|
+
);
|
|
21071
21231
|
}
|
|
21072
21232
|
actionContains(grantedAction, requestedAction) {
|
|
21073
21233
|
if (grantedAction === requestedAction) {
|
|
@@ -21331,7 +21491,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
21331
21491
|
const targetHost = delegation.host ?? this.config.host;
|
|
21332
21492
|
if (this.isSessionOnly) {
|
|
21333
21493
|
const myDid = this.did;
|
|
21334
|
-
if (!
|
|
21494
|
+
if (!didPrincipalMatches2(delegation.delegateDID, myDid)) {
|
|
21335
21495
|
throw new Error(
|
|
21336
21496
|
`Delegation targets ${delegation.delegateDID} but this user's DID is ${myDid}. The delegation must target this user's DID.`
|
|
21337
21497
|
);
|
|
@@ -21562,7 +21722,7 @@ import {
|
|
|
21562
21722
|
parsePkhDid,
|
|
21563
21723
|
pkhDid as pkhDid3,
|
|
21564
21724
|
principalDid,
|
|
21565
|
-
principalDidEquals as
|
|
21725
|
+
principalDidEquals as principalDidEquals3,
|
|
21566
21726
|
parseCanonicalNetworkId
|
|
21567
21727
|
} from "@tinycloud/sdk-core";
|
|
21568
21728
|
|
|
@@ -21709,6 +21869,32 @@ import {
|
|
|
21709
21869
|
} from "@tinycloud/sdk-core";
|
|
21710
21870
|
|
|
21711
21871
|
// src/delegation.ts
|
|
21872
|
+
async function grantAuthRequest(authority, request, options) {
|
|
21873
|
+
if (request.kind !== "tinycloud.auth.request") {
|
|
21874
|
+
throw new Error(
|
|
21875
|
+
`grantAuthRequest expects a tinycloud.auth.request artifact, got "${request.kind}".`
|
|
21876
|
+
);
|
|
21877
|
+
}
|
|
21878
|
+
if (!Array.isArray(request.requested) || request.requested.length === 0) {
|
|
21879
|
+
throw new Error("grantAuthRequest request has no requested capabilities.");
|
|
21880
|
+
}
|
|
21881
|
+
const expiry = options?.expiry ?? request.requestedExpiry;
|
|
21882
|
+
const result = await authority.delegateTo(
|
|
21883
|
+
request.sessionDid,
|
|
21884
|
+
request.requested,
|
|
21885
|
+
expiry !== void 0 ? { expiry } : void 0
|
|
21886
|
+
);
|
|
21887
|
+
return {
|
|
21888
|
+
kind: "tinycloud.auth.delegation",
|
|
21889
|
+
version: 1,
|
|
21890
|
+
requestId: request.requestId,
|
|
21891
|
+
delegationCid: result.delegation.cid,
|
|
21892
|
+
delegation: result.delegation,
|
|
21893
|
+
permissions: request.requested,
|
|
21894
|
+
expiry: result.delegation.expiry.toISOString(),
|
|
21895
|
+
prompted: result.prompted
|
|
21896
|
+
};
|
|
21897
|
+
}
|
|
21712
21898
|
function serializeDelegation(delegation) {
|
|
21713
21899
|
return JSON.stringify({
|
|
21714
21900
|
...delegation,
|
|
@@ -21749,7 +21935,7 @@ import {
|
|
|
21749
21935
|
} from "@tinycloud/sdk-core";
|
|
21750
21936
|
import {
|
|
21751
21937
|
EncryptionService as EncryptionService2,
|
|
21752
|
-
parseNetworkId,
|
|
21938
|
+
parseNetworkId as parseNetworkId3,
|
|
21753
21939
|
buildNetworkId,
|
|
21754
21940
|
isNetworkId,
|
|
21755
21941
|
networkDiscoveryKey,
|
|
@@ -21784,7 +21970,7 @@ import {
|
|
|
21784
21970
|
DEFAULT_KEY_VERSION,
|
|
21785
21971
|
DECRYPT_FACT_TYPE,
|
|
21786
21972
|
DECRYPT_RESULT_TYPE,
|
|
21787
|
-
DECRYPT_ACTION as
|
|
21973
|
+
DECRYPT_ACTION as DECRYPT_ACTION3,
|
|
21788
21974
|
ENCRYPTION_SERVICE,
|
|
21789
21975
|
ENCRYPTION_SERVICE_SHORT,
|
|
21790
21976
|
encryptionError
|
|
@@ -21820,10 +22006,11 @@ import { ServiceContext as ServiceContext3 } from "@tinycloud/sdk-core";
|
|
|
21820
22006
|
export {
|
|
21821
22007
|
ACCOUNT_REGISTRY_PATH,
|
|
21822
22008
|
ACCOUNT_REGISTRY_SPACE2 as ACCOUNT_REGISTRY_SPACE,
|
|
22009
|
+
AccountService,
|
|
21823
22010
|
AutoApproveSpaceCreationHandler2 as AutoApproveSpaceCreationHandler,
|
|
21824
22011
|
CapabilityKeyRegistry2 as CapabilityKeyRegistry,
|
|
21825
22012
|
CapabilityKeyRegistryErrorCodes,
|
|
21826
|
-
|
|
22013
|
+
DECRYPT_ACTION3 as DECRYPT_ACTION,
|
|
21827
22014
|
DECRYPT_FACT_TYPE,
|
|
21828
22015
|
DECRYPT_RESULT_TYPE,
|
|
21829
22016
|
DEFAULT_ENCRYPTION_ALG,
|
|
@@ -21919,6 +22106,7 @@ export {
|
|
|
21919
22106
|
expandPermissionEntries2 as expandPermissionEntries,
|
|
21920
22107
|
expandPermissionEntry,
|
|
21921
22108
|
generateRandomReceiverKey,
|
|
22109
|
+
grantAuthRequest,
|
|
21922
22110
|
hexDecode,
|
|
21923
22111
|
hexEncode,
|
|
21924
22112
|
isCapabilitySubset2 as isCapabilitySubset,
|
|
@@ -21931,12 +22119,12 @@ export {
|
|
|
21931
22119
|
openWrappedKey,
|
|
21932
22120
|
parseCanonicalNetworkId,
|
|
21933
22121
|
parseExpiry2 as parseExpiry,
|
|
21934
|
-
parseNetworkId,
|
|
22122
|
+
parseNetworkId3 as parseNetworkId,
|
|
21935
22123
|
parsePkhDid,
|
|
21936
22124
|
parseSpaceUri,
|
|
21937
22125
|
pkhDid3 as pkhDid,
|
|
21938
22126
|
principalDid,
|
|
21939
|
-
|
|
22127
|
+
principalDidEquals3 as principalDidEquals,
|
|
21940
22128
|
resolveManifest2 as resolveManifest,
|
|
21941
22129
|
resolveSecretListPrefix2 as resolveSecretListPrefix,
|
|
21942
22130
|
resolveSecretPath2 as resolveSecretPath,
|