@tinycloud/node-sdk 2.4.0-beta.1 → 2.4.0-beta.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,4 +1,4 @@
1
- import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, Manifest, ComposedManifestRequest, ClientSession, TinyCloudSession, Extension, SignInOptions, Delegation, DelegatedResource, TelemetryConfig, IKVService, ISQLService, IDuckDbService, IHooksService, INotificationHandler, IENSResolver, IDataVaultService, IEncryptionService, NetworkDescriptor, ISecretsService, ICapabilityKeyRegistry, PermissionEntry, DelegationManager, ISpaceService, ISpace, ISharingService, CreateDelegationParams, DelegationResult, ResolvedDelegate, KeyProvider, ISessionManager, JWK } from '@tinycloud/sdk-core';
1
+ import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, Manifest, ComposedManifestRequest, ClientSession, TinyCloudSession, Extension, SignInOptions, Delegation, DelegatedResource, PermissionEntry, TelemetryConfig, IKVService, ISQLService, IDuckDbService, IHooksService, INotificationHandler, IENSResolver, AccountService, IDataVaultService, IEncryptionService, NetworkDescriptor, ISecretsService, ICapabilityKeyRegistry, DelegationManager, ISpaceService, ISpace, ISharingService, CreateDelegationParams, DelegationResult, ResolvedDelegate, KeyProvider, ISessionManager, JWK } from '@tinycloud/sdk-core';
2
2
  import { EventEmitter } from 'events';
3
3
  import { InvokeFunction } from '@tinycloud/sdk-services';
4
4
 
@@ -332,8 +332,31 @@ declare class NodeUserAuthorization implements IUserAuthorization {
332
332
  * `siwe` is the load-bearing one because `extractSiweExpiration` returns
333
333
  * undefined for missing SIWEs and the SDK then treats the session as
334
334
  * expired-at-epoch-zero.
335
+ *
336
+ * @param hosts - The TinyCloud hosts this session was created against,
337
+ * as persisted in {@link PersistedSessionData.tinycloudHosts}. When
338
+ * present (and non-empty) they are adopted directly so the restored
339
+ * session resolves to the same node as the original sign-in without
340
+ * re-running registry/fallback resolution. When absent (old session)
341
+ * hosts are resolved lazily on the first host-needing call via
342
+ * {@link ensureTinyCloudHosts}.
343
+ */
344
+ setRestoredTinyCloudSession(session: TinyCloudSession, hosts?: string[]): void;
345
+ /**
346
+ * Ensure `tinycloudHosts` are resolved before a host-needing call.
347
+ *
348
+ * Fresh sign-in resolves hosts up front; a restored session may not have
349
+ * (old persisted sessions predate {@link PersistedSessionData.tinycloudHosts}).
350
+ * This guard makes a restored session resolve the node exactly like a fresh
351
+ * sign-in — persisted hosts are preferred (already set by
352
+ * {@link setRestoredTinyCloudSession}), otherwise the registry/fallback
353
+ * resolution runs lazily here. Idempotent: {@link resolveTinyCloudHostsForSignIn}
354
+ * early-returns when hosts are already set.
355
+ *
356
+ * Throws if hosts are unset and the restored session has no address/chainId
357
+ * to resolve from — a real failure that must surface, not be masked.
335
358
  */
336
- setRestoredTinyCloudSession(session: TinyCloudSession): void;
359
+ ensureTinyCloudHosts(): Promise<void>;
337
360
  private resolveTinyCloudHostsForSignIn;
338
361
  private requireTinyCloudHosts;
339
362
  private get primaryTinyCloudHost();
@@ -540,6 +563,69 @@ interface PortableDelegation extends Omit<Delegation, "isRevoked"> {
540
563
  */
541
564
  resources?: DelegatedResource[];
542
565
  }
566
+ /**
567
+ * The transport shape `tc auth request --emit` produces and that an owner
568
+ * grants to its requester. Only the fields the grant logic needs are declared;
569
+ * the CLI artifact carries more (posture, captured command, ...) and remains a
570
+ * structural superset of this interface.
571
+ */
572
+ interface AuthRequestArtifact {
573
+ kind: "tinycloud.auth.request";
574
+ version: 1;
575
+ requestId: string;
576
+ /** The requester's session DID — the audience the grant is issued to. */
577
+ sessionDid: string;
578
+ /** The capabilities the requester is asking the owner to delegate. */
579
+ requested: PermissionEntry[];
580
+ /** Optional lifetime override carried from the request. */
581
+ requestedExpiry?: string | number;
582
+ }
583
+ /**
584
+ * The transport shape returned by {@link grantAuthRequest} (and written by
585
+ * `tc auth grant`). `tc auth import` accepts this artifact directly.
586
+ */
587
+ interface AuthDelegationArtifact {
588
+ kind: "tinycloud.auth.delegation";
589
+ version: 1;
590
+ requestId: string;
591
+ delegationCid: string;
592
+ delegation: PortableDelegation;
593
+ permissions: PermissionEntry[];
594
+ expiry: string;
595
+ /** Whether issuing the delegation triggered a wallet prompt. */
596
+ prompted: boolean;
597
+ }
598
+ /**
599
+ * Minimal owner-side capability {@link grantAuthRequest} needs: the signed
600
+ * `delegateTo` primitive. `TinyCloudNode` satisfies this directly; web/SDK
601
+ * contexts can supply any object that exposes the same method.
602
+ */
603
+ interface DelegationAuthority {
604
+ delegateTo(did: string, permissions: PermissionEntry[], options?: {
605
+ expiry?: string | number;
606
+ forceWalletSign?: boolean;
607
+ }): Promise<{
608
+ delegation: PortableDelegation;
609
+ prompted: boolean;
610
+ }>;
611
+ }
612
+ /**
613
+ * Turn a delegation REQUEST into a signed GRANT.
614
+ *
615
+ * Lifts the body of `tc auth grant` into the SDK so the request→grant
616
+ * handshake is callable programmatically (future SDK/web owner tooling and the
617
+ * KV delegation inbox), with the CLI verb reduced to a thin wrapper. The owner
618
+ * `authority` (a `TinyCloudNode`) signs a delegation scoped to exactly the
619
+ * requested caps, audienced to the requester's `sessionDid`, honoring the
620
+ * request's expiry. The returned artifact round-trips through `tc auth import`.
621
+ *
622
+ * Authorization is enforced cryptographically by `delegateTo`: caps that are
623
+ * not derivable from the owner's own session capability chain are rejected
624
+ * (it throws), so this never widens authority the owner doesn't hold.
625
+ */
626
+ declare function grantAuthRequest(authority: DelegationAuthority, request: AuthRequestArtifact, options?: {
627
+ expiry?: string | number;
628
+ }): Promise<AuthDelegationArtifact>;
543
629
  /**
544
630
  * Serialize a PortableDelegation for transport (e.g., over network).
545
631
  */
@@ -796,6 +882,7 @@ declare class TinyCloudNode {
796
882
  private _encryption?;
797
883
  private _baseSecrets?;
798
884
  private _secrets?;
885
+ private _account?;
799
886
  /** Cached public KV with proper delegation (set by ensurePublicSpace) */
800
887
  private _publicKV?;
801
888
  /** Session key ID - always available */
@@ -898,6 +985,15 @@ declare class TinyCloudNode {
898
985
  * Available after signIn().
899
986
  */
900
987
  get spaceId(): string | undefined;
988
+ /**
989
+ * Get the account space ID for this wallet identity.
990
+ * Available after wallet-backed sign-in or a restored session with address metadata.
991
+ */
992
+ get accountSpaceId(): string | undefined;
993
+ /**
994
+ * Account-level application and delegation helpers.
995
+ */
996
+ get account(): AccountService;
901
997
  /**
902
998
  * Get the current TinyCloud session.
903
999
  * Available after signIn().
@@ -913,7 +1009,11 @@ declare class TinyCloudNode {
913
1009
  signIn(options?: SignInOptions): Promise<void>;
914
1010
  private ownedSpaceId;
915
1011
  private writeManifestRegistryRecords;
916
- private ensureOwnedSpaceHosted;
1012
+ private scheduleAccountRegistrySync;
1013
+ private withAccountRegistryRetry;
1014
+ private requestedEncryptionNetworkIds;
1015
+ private ensureRequestedEncryptionNetworks;
1016
+ private ensureOwnedSpaceHostedById;
917
1017
  /**
918
1018
  * Host one of this user's owned spaces by name (e.g. `"applications"`).
919
1019
  *
@@ -924,7 +1024,7 @@ declare class TinyCloudNode {
924
1024
  * caller is the root authority of their own owned spaces, so no additional
925
1025
  * delegation is required.
926
1026
  *
927
- * Unlike {@link ensureOwnedSpaceHosted}, this always submits the host
1027
+ * Unlike {@link ensureOwnedSpaceHostedById}, this always submits the host
928
1028
  * delegation rather than inferring hosting from session activation: a space
929
1029
  * the current session has never referenced is reported neither as
930
1030
  * `activated` nor `skipped`, so activation-based detection would wrongly
@@ -935,6 +1035,27 @@ declare class TinyCloudNode {
935
1035
  * @returns The hosted space URI.
936
1036
  */
937
1037
  hostOwnedSpace(name: string): Promise<string>;
1038
+ /**
1039
+ * Ensure one of this user's owned spaces (e.g. `"secrets"`) is hosted on the
1040
+ * server.
1041
+ *
1042
+ * At sign-in, a full-authority session auto-hosts the owner's `secrets`
1043
+ * space, but a session created with a manifest / capabilityRequest does not.
1044
+ * Such a session can therefore hold valid `tinycloud.kv/*` capabilities for
1045
+ * the owned `secrets` space yet still fail its first scoped
1046
+ * `secrets.put(...)` with `404 Space not found`, because the space was never
1047
+ * registered on the node.
1048
+ *
1049
+ * Calling this resolves `name` to the owner's owned-space URI
1050
+ * (`tinycloud:pkh:eip155:<chain>:<addr>:<name>`) and hosts it via the
1051
+ * host-SIWE delegation flow. The host SIWE is idempotent server-side, so it
1052
+ * is safe to call whether or not the space already exists; do not gate it on
1053
+ * a prior existence check. Must be called after {@link signIn}.
1054
+ *
1055
+ * @param name - The owned space name (e.g. `"secrets"`).
1056
+ * @returns The hosted owned-space URI.
1057
+ */
1058
+ ensureOwnedSpaceHosted(name: string): Promise<string>;
938
1059
  /**
939
1060
  * Restore a previously established session from stored delegation data.
940
1061
  *
@@ -969,7 +1090,32 @@ declare class TinyCloudNode {
969
1090
  * for callers that need to round-trip the full session shape.
970
1091
  */
971
1092
  signature?: string;
1093
+ /**
1094
+ * The TinyCloud hosts this session was created against (from
1095
+ * {@link PersistedSessionData.tinycloudHosts}). When present they are
1096
+ * adopted so the restored session targets the same node as the
1097
+ * original sign-in — without this, service calls fall back to the
1098
+ * default host and the auth layer throws "TinyCloud hosts have not
1099
+ * been resolved". When absent (old persisted session) hosts resolve
1100
+ * lazily via the registry/fallback on the first host-needing call.
1101
+ */
1102
+ tinycloudHosts?: string[];
972
1103
  }): Promise<void>;
1104
+ /**
1105
+ * Resolve the host a restored session should target.
1106
+ *
1107
+ * Mirrors fresh sign-in host resolution but for the restore path:
1108
+ * an explicit/pinned host always wins, then the hosts the session was
1109
+ * persisted with, then a lazy registry/fallback resolution for sessions
1110
+ * that predate the persisted `tinycloudHosts` field. Returns `undefined`
1111
+ * only when there's nothing to resolve from (no explicit host, no
1112
+ * persisted hosts, and no address/chainId) — in which case the existing
1113
+ * `config.host` (default) is left in place.
1114
+ *
1115
+ * Resolution failures are surfaced, not swallowed: a genuinely broken
1116
+ * registry lookup throws rather than silently falling back to a wrong host.
1117
+ */
1118
+ private resolveRestoredHost;
973
1119
  /**
974
1120
  * Resolve the currently-active TinyCloudSession, preferring the auth
975
1121
  * layer's value (wallet mode) and falling back to the node-level
@@ -1129,7 +1275,7 @@ declare class TinyCloudNode {
1129
1275
  get encryption(): IEncryptionService;
1130
1276
  getEncryptionNetwork(nameOrNetworkId?: string): Promise<NetworkDescriptor | null>;
1131
1277
  createEncryptionNetwork(name?: string): Promise<NetworkDescriptor>;
1132
- ensureEncryptionNetwork(name?: string): Promise<NetworkDescriptor>;
1278
+ ensureEncryptionNetwork(nameOrNetworkId?: string): Promise<NetworkDescriptor>;
1133
1279
  /**
1134
1280
  * App-facing secrets API backed by the `secrets` space vault.
1135
1281
  */
@@ -1475,6 +1621,8 @@ declare class TinyCloudNode {
1475
1621
  private findGrantForOperation;
1476
1622
  private pruneExpiredRuntimePermissionGrants;
1477
1623
  private operationCovers;
1624
+ private spaceIdsEqual;
1625
+ private normalizeSpaceAddress;
1478
1626
  private actionContains;
1479
1627
  private invocationServiceName;
1480
1628
  private isEncryptionNetworkOperation;
@@ -1669,4 +1817,4 @@ declare class WasmKeyProvider implements KeyProvider {
1669
1817
  */
1670
1818
  declare function createWasmKeyProvider(sessionManager: SessionManagerWithListing): WasmKeyProvider;
1671
1819
 
1672
- export { type DelegateToOptions as D, FileSessionStorage as F, MemorySessionStorage as M, type NodeEventEmitterStrategy as N, type PortableDelegation as P, type RestorableSession as R, type SignStrategy as S, TinyCloudNode as T, WasmKeyProvider as W, type DelegateToResult as a, DelegatedAccess as b, NodeUserAuthorization as c, type NodeUserAuthorizationConfig as d, type RuntimePermissionGrantOptions as e, type TinyCloudNodeConfig as f, type WasmKeyProviderConfig as g, createWasmKeyProvider as h, defaultSignStrategy as i, deserializeDelegation as j, serializeDelegation as s };
1820
+ export { type AuthDelegationArtifact as A, type DelegateToOptions as D, FileSessionStorage as F, MemorySessionStorage as M, type NodeEventEmitterStrategy as N, type PortableDelegation as P, type RestorableSession as R, type SignStrategy as S, TinyCloudNode as T, WasmKeyProvider as W, type AuthRequestArtifact as a, type DelegateToResult as b, DelegatedAccess as c, type DelegationAuthority as d, NodeUserAuthorization as e, type NodeUserAuthorizationConfig as f, type RuntimePermissionGrantOptions as g, type TinyCloudNodeConfig as h, type WasmKeyProviderConfig as i, createWasmKeyProvider as j, defaultSignStrategy as k, deserializeDelegation as l, grantAuthRequest as m, serializeDelegation as s };
@@ -1,4 +1,4 @@
1
- import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, Manifest, ComposedManifestRequest, ClientSession, TinyCloudSession, Extension, SignInOptions, Delegation, DelegatedResource, TelemetryConfig, IKVService, ISQLService, IDuckDbService, IHooksService, INotificationHandler, IENSResolver, IDataVaultService, IEncryptionService, NetworkDescriptor, ISecretsService, ICapabilityKeyRegistry, PermissionEntry, DelegationManager, ISpaceService, ISpace, ISharingService, CreateDelegationParams, DelegationResult, ResolvedDelegate, KeyProvider, ISessionManager, JWK } from '@tinycloud/sdk-core';
1
+ import { ISessionStorage, PersistedSessionData, AutoSignStrategy, AutoRejectStrategy, CallbackStrategy, IUserAuthorization, ISigner, ISpaceCreationHandler, IWasmBindings, SiweConfig, Manifest, ComposedManifestRequest, ClientSession, TinyCloudSession, Extension, SignInOptions, Delegation, DelegatedResource, PermissionEntry, TelemetryConfig, IKVService, ISQLService, IDuckDbService, IHooksService, INotificationHandler, IENSResolver, AccountService, IDataVaultService, IEncryptionService, NetworkDescriptor, ISecretsService, ICapabilityKeyRegistry, DelegationManager, ISpaceService, ISpace, ISharingService, CreateDelegationParams, DelegationResult, ResolvedDelegate, KeyProvider, ISessionManager, JWK } from '@tinycloud/sdk-core';
2
2
  import { EventEmitter } from 'events';
3
3
  import { InvokeFunction } from '@tinycloud/sdk-services';
4
4
 
@@ -332,8 +332,31 @@ declare class NodeUserAuthorization implements IUserAuthorization {
332
332
  * `siwe` is the load-bearing one because `extractSiweExpiration` returns
333
333
  * undefined for missing SIWEs and the SDK then treats the session as
334
334
  * expired-at-epoch-zero.
335
+ *
336
+ * @param hosts - The TinyCloud hosts this session was created against,
337
+ * as persisted in {@link PersistedSessionData.tinycloudHosts}. When
338
+ * present (and non-empty) they are adopted directly so the restored
339
+ * session resolves to the same node as the original sign-in without
340
+ * re-running registry/fallback resolution. When absent (old session)
341
+ * hosts are resolved lazily on the first host-needing call via
342
+ * {@link ensureTinyCloudHosts}.
343
+ */
344
+ setRestoredTinyCloudSession(session: TinyCloudSession, hosts?: string[]): void;
345
+ /**
346
+ * Ensure `tinycloudHosts` are resolved before a host-needing call.
347
+ *
348
+ * Fresh sign-in resolves hosts up front; a restored session may not have
349
+ * (old persisted sessions predate {@link PersistedSessionData.tinycloudHosts}).
350
+ * This guard makes a restored session resolve the node exactly like a fresh
351
+ * sign-in — persisted hosts are preferred (already set by
352
+ * {@link setRestoredTinyCloudSession}), otherwise the registry/fallback
353
+ * resolution runs lazily here. Idempotent: {@link resolveTinyCloudHostsForSignIn}
354
+ * early-returns when hosts are already set.
355
+ *
356
+ * Throws if hosts are unset and the restored session has no address/chainId
357
+ * to resolve from — a real failure that must surface, not be masked.
335
358
  */
336
- setRestoredTinyCloudSession(session: TinyCloudSession): void;
359
+ ensureTinyCloudHosts(): Promise<void>;
337
360
  private resolveTinyCloudHostsForSignIn;
338
361
  private requireTinyCloudHosts;
339
362
  private get primaryTinyCloudHost();
@@ -540,6 +563,69 @@ interface PortableDelegation extends Omit<Delegation, "isRevoked"> {
540
563
  */
541
564
  resources?: DelegatedResource[];
542
565
  }
566
+ /**
567
+ * The transport shape `tc auth request --emit` produces and that an owner
568
+ * grants to its requester. Only the fields the grant logic needs are declared;
569
+ * the CLI artifact carries more (posture, captured command, ...) and remains a
570
+ * structural superset of this interface.
571
+ */
572
+ interface AuthRequestArtifact {
573
+ kind: "tinycloud.auth.request";
574
+ version: 1;
575
+ requestId: string;
576
+ /** The requester's session DID — the audience the grant is issued to. */
577
+ sessionDid: string;
578
+ /** The capabilities the requester is asking the owner to delegate. */
579
+ requested: PermissionEntry[];
580
+ /** Optional lifetime override carried from the request. */
581
+ requestedExpiry?: string | number;
582
+ }
583
+ /**
584
+ * The transport shape returned by {@link grantAuthRequest} (and written by
585
+ * `tc auth grant`). `tc auth import` accepts this artifact directly.
586
+ */
587
+ interface AuthDelegationArtifact {
588
+ kind: "tinycloud.auth.delegation";
589
+ version: 1;
590
+ requestId: string;
591
+ delegationCid: string;
592
+ delegation: PortableDelegation;
593
+ permissions: PermissionEntry[];
594
+ expiry: string;
595
+ /** Whether issuing the delegation triggered a wallet prompt. */
596
+ prompted: boolean;
597
+ }
598
+ /**
599
+ * Minimal owner-side capability {@link grantAuthRequest} needs: the signed
600
+ * `delegateTo` primitive. `TinyCloudNode` satisfies this directly; web/SDK
601
+ * contexts can supply any object that exposes the same method.
602
+ */
603
+ interface DelegationAuthority {
604
+ delegateTo(did: string, permissions: PermissionEntry[], options?: {
605
+ expiry?: string | number;
606
+ forceWalletSign?: boolean;
607
+ }): Promise<{
608
+ delegation: PortableDelegation;
609
+ prompted: boolean;
610
+ }>;
611
+ }
612
+ /**
613
+ * Turn a delegation REQUEST into a signed GRANT.
614
+ *
615
+ * Lifts the body of `tc auth grant` into the SDK so the request→grant
616
+ * handshake is callable programmatically (future SDK/web owner tooling and the
617
+ * KV delegation inbox), with the CLI verb reduced to a thin wrapper. The owner
618
+ * `authority` (a `TinyCloudNode`) signs a delegation scoped to exactly the
619
+ * requested caps, audienced to the requester's `sessionDid`, honoring the
620
+ * request's expiry. The returned artifact round-trips through `tc auth import`.
621
+ *
622
+ * Authorization is enforced cryptographically by `delegateTo`: caps that are
623
+ * not derivable from the owner's own session capability chain are rejected
624
+ * (it throws), so this never widens authority the owner doesn't hold.
625
+ */
626
+ declare function grantAuthRequest(authority: DelegationAuthority, request: AuthRequestArtifact, options?: {
627
+ expiry?: string | number;
628
+ }): Promise<AuthDelegationArtifact>;
543
629
  /**
544
630
  * Serialize a PortableDelegation for transport (e.g., over network).
545
631
  */
@@ -796,6 +882,7 @@ declare class TinyCloudNode {
796
882
  private _encryption?;
797
883
  private _baseSecrets?;
798
884
  private _secrets?;
885
+ private _account?;
799
886
  /** Cached public KV with proper delegation (set by ensurePublicSpace) */
800
887
  private _publicKV?;
801
888
  /** Session key ID - always available */
@@ -898,6 +985,15 @@ declare class TinyCloudNode {
898
985
  * Available after signIn().
899
986
  */
900
987
  get spaceId(): string | undefined;
988
+ /**
989
+ * Get the account space ID for this wallet identity.
990
+ * Available after wallet-backed sign-in or a restored session with address metadata.
991
+ */
992
+ get accountSpaceId(): string | undefined;
993
+ /**
994
+ * Account-level application and delegation helpers.
995
+ */
996
+ get account(): AccountService;
901
997
  /**
902
998
  * Get the current TinyCloud session.
903
999
  * Available after signIn().
@@ -913,7 +1009,11 @@ declare class TinyCloudNode {
913
1009
  signIn(options?: SignInOptions): Promise<void>;
914
1010
  private ownedSpaceId;
915
1011
  private writeManifestRegistryRecords;
916
- private ensureOwnedSpaceHosted;
1012
+ private scheduleAccountRegistrySync;
1013
+ private withAccountRegistryRetry;
1014
+ private requestedEncryptionNetworkIds;
1015
+ private ensureRequestedEncryptionNetworks;
1016
+ private ensureOwnedSpaceHostedById;
917
1017
  /**
918
1018
  * Host one of this user's owned spaces by name (e.g. `"applications"`).
919
1019
  *
@@ -924,7 +1024,7 @@ declare class TinyCloudNode {
924
1024
  * caller is the root authority of their own owned spaces, so no additional
925
1025
  * delegation is required.
926
1026
  *
927
- * Unlike {@link ensureOwnedSpaceHosted}, this always submits the host
1027
+ * Unlike {@link ensureOwnedSpaceHostedById}, this always submits the host
928
1028
  * delegation rather than inferring hosting from session activation: a space
929
1029
  * the current session has never referenced is reported neither as
930
1030
  * `activated` nor `skipped`, so activation-based detection would wrongly
@@ -935,6 +1035,27 @@ declare class TinyCloudNode {
935
1035
  * @returns The hosted space URI.
936
1036
  */
937
1037
  hostOwnedSpace(name: string): Promise<string>;
1038
+ /**
1039
+ * Ensure one of this user's owned spaces (e.g. `"secrets"`) is hosted on the
1040
+ * server.
1041
+ *
1042
+ * At sign-in, a full-authority session auto-hosts the owner's `secrets`
1043
+ * space, but a session created with a manifest / capabilityRequest does not.
1044
+ * Such a session can therefore hold valid `tinycloud.kv/*` capabilities for
1045
+ * the owned `secrets` space yet still fail its first scoped
1046
+ * `secrets.put(...)` with `404 Space not found`, because the space was never
1047
+ * registered on the node.
1048
+ *
1049
+ * Calling this resolves `name` to the owner's owned-space URI
1050
+ * (`tinycloud:pkh:eip155:<chain>:<addr>:<name>`) and hosts it via the
1051
+ * host-SIWE delegation flow. The host SIWE is idempotent server-side, so it
1052
+ * is safe to call whether or not the space already exists; do not gate it on
1053
+ * a prior existence check. Must be called after {@link signIn}.
1054
+ *
1055
+ * @param name - The owned space name (e.g. `"secrets"`).
1056
+ * @returns The hosted owned-space URI.
1057
+ */
1058
+ ensureOwnedSpaceHosted(name: string): Promise<string>;
938
1059
  /**
939
1060
  * Restore a previously established session from stored delegation data.
940
1061
  *
@@ -969,7 +1090,32 @@ declare class TinyCloudNode {
969
1090
  * for callers that need to round-trip the full session shape.
970
1091
  */
971
1092
  signature?: string;
1093
+ /**
1094
+ * The TinyCloud hosts this session was created against (from
1095
+ * {@link PersistedSessionData.tinycloudHosts}). When present they are
1096
+ * adopted so the restored session targets the same node as the
1097
+ * original sign-in — without this, service calls fall back to the
1098
+ * default host and the auth layer throws "TinyCloud hosts have not
1099
+ * been resolved". When absent (old persisted session) hosts resolve
1100
+ * lazily via the registry/fallback on the first host-needing call.
1101
+ */
1102
+ tinycloudHosts?: string[];
972
1103
  }): Promise<void>;
1104
+ /**
1105
+ * Resolve the host a restored session should target.
1106
+ *
1107
+ * Mirrors fresh sign-in host resolution but for the restore path:
1108
+ * an explicit/pinned host always wins, then the hosts the session was
1109
+ * persisted with, then a lazy registry/fallback resolution for sessions
1110
+ * that predate the persisted `tinycloudHosts` field. Returns `undefined`
1111
+ * only when there's nothing to resolve from (no explicit host, no
1112
+ * persisted hosts, and no address/chainId) — in which case the existing
1113
+ * `config.host` (default) is left in place.
1114
+ *
1115
+ * Resolution failures are surfaced, not swallowed: a genuinely broken
1116
+ * registry lookup throws rather than silently falling back to a wrong host.
1117
+ */
1118
+ private resolveRestoredHost;
973
1119
  /**
974
1120
  * Resolve the currently-active TinyCloudSession, preferring the auth
975
1121
  * layer's value (wallet mode) and falling back to the node-level
@@ -1129,7 +1275,7 @@ declare class TinyCloudNode {
1129
1275
  get encryption(): IEncryptionService;
1130
1276
  getEncryptionNetwork(nameOrNetworkId?: string): Promise<NetworkDescriptor | null>;
1131
1277
  createEncryptionNetwork(name?: string): Promise<NetworkDescriptor>;
1132
- ensureEncryptionNetwork(name?: string): Promise<NetworkDescriptor>;
1278
+ ensureEncryptionNetwork(nameOrNetworkId?: string): Promise<NetworkDescriptor>;
1133
1279
  /**
1134
1280
  * App-facing secrets API backed by the `secrets` space vault.
1135
1281
  */
@@ -1475,6 +1621,8 @@ declare class TinyCloudNode {
1475
1621
  private findGrantForOperation;
1476
1622
  private pruneExpiredRuntimePermissionGrants;
1477
1623
  private operationCovers;
1624
+ private spaceIdsEqual;
1625
+ private normalizeSpaceAddress;
1478
1626
  private actionContains;
1479
1627
  private invocationServiceName;
1480
1628
  private isEncryptionNetworkOperation;
@@ -1669,4 +1817,4 @@ declare class WasmKeyProvider implements KeyProvider {
1669
1817
  */
1670
1818
  declare function createWasmKeyProvider(sessionManager: SessionManagerWithListing): WasmKeyProvider;
1671
1819
 
1672
- export { type DelegateToOptions as D, FileSessionStorage as F, MemorySessionStorage as M, type NodeEventEmitterStrategy as N, type PortableDelegation as P, type RestorableSession as R, type SignStrategy as S, TinyCloudNode as T, WasmKeyProvider as W, type DelegateToResult as a, DelegatedAccess as b, NodeUserAuthorization as c, type NodeUserAuthorizationConfig as d, type RuntimePermissionGrantOptions as e, type TinyCloudNodeConfig as f, type WasmKeyProviderConfig as g, createWasmKeyProvider as h, defaultSignStrategy as i, deserializeDelegation as j, serializeDelegation as s };
1820
+ export { type AuthDelegationArtifact as A, type DelegateToOptions as D, FileSessionStorage as F, MemorySessionStorage as M, type NodeEventEmitterStrategy as N, type PortableDelegation as P, type RestorableSession as R, type SignStrategy as S, TinyCloudNode as T, WasmKeyProvider as W, type AuthRequestArtifact as a, type DelegateToResult as b, DelegatedAccess as c, type DelegationAuthority as d, NodeUserAuthorization as e, type NodeUserAuthorizationConfig as f, type RuntimePermissionGrantOptions as g, type TinyCloudNodeConfig as h, type WasmKeyProviderConfig as i, createWasmKeyProvider as j, defaultSignStrategy as k, deserializeDelegation as l, grantAuthRequest as m, serializeDelegation as s };