@tinycloud/node-sdk 2.4.0-beta.10 → 2.4.0-beta.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.cts CHANGED
@@ -1,6 +1,6 @@
1
1
  import { ISigner, Bytes, IWasmBindings, ISessionManager } from '@tinycloud/sdk-core';
2
2
  export { ACCOUNT_REGISTRY_PATH, ACCOUNT_REGISTRY_SPACE, AccountApplication, AccountApplicationListOptions, AccountDelegation, AccountDelegationListOptions, AccountDelegationRevokeOptions, AccountIndexRebuildResult, AccountIndexStatus, AccountIndexedReadOptions, AccountService, AccountServiceConfig, AccountSpace, AccountSpaceListOptions, AccountStatus, AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, BuildCanonicalDecryptRequestInput, BuildDecryptFactsInput, BuildDecryptInvocationInput, BuiltDecryptInvocation, CallbackStrategy, CanonicalAddress, CanonicalDecryptRequest, CanonicalJson, CanonicalParsedNetworkId, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, ComposeManifestOptions, ComposedManifestRequest, CreateDelegationParams, DECRYPT_ACTION, DECRYPT_FACT_TYPE, DECRYPT_RESULT_TYPE, DEFAULT_ENCRYPTION_ALG, DEFAULT_KEY_VERSION, DEFAULT_MANIFEST_SPACE, DEFAULT_MANIFEST_VERSION, DEFAULT_SIGNED_READ_URL_EXPIRY_MS, DataVaultConfig, DataVaultService, DatabaseHandle, DecryptCapabilityProof, DecryptEnvelopeOptions, DecryptInvocationFact, DecryptInvocationSigner, DecryptRequestBody, DecryptResponseBody, DecryptTransport, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DidCacheKeyOptions, DidEqualsOptions, DiscoverNetworkInput, DiscoveredNetwork, DiscoverySource, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, ENCRYPTION_NETWORK_URN_PREFIX, ENCRYPTION_SERVICE, ENCRYPTION_SERVICE_SHORT, ENVELOPE_VERSION, EncodedShareData, EncryptToNetworkInput, EncryptToNetworkOptions, EncryptToNetworkResult, EncryptionCrypto, EncryptionError, EncryptionErrorInput, EncryptionService, EncryptionServiceConfig, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, HookEvent, HookServiceName, HookStreamEvent, HookSubscription, HookWebhookListOptions, HookWebhookRecord, HookWebhookRegistration, HookWebhookScope, HookWebhookUnregisterOptions, HooksService, HooksServiceConfig, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IEncryptionService, IHooksService, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISecretsService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IdentityParseError, IngestOptions, InlineEncryptedEnvelope, InvokeFunction, JWK, KVCreateSignedReadUrlOptions, KVResponse, KVService, KVServiceConfig, KVSignedReadUrlResponse, KeyInfo, KeyProvider, KeyType, Manifest, ManifestDefaults, ManifestRegistryRecord, ManifestSecretActions, ManifestValidationError, NETWORK_NAME_PATTERN, NetworkDescriptor, NetworkIdError, NodeDescriptorFetcher, ParsedNetworkId, PermissionEntry, PermissionNotInManifestError, PersistedSessionData, PkhDidParts, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, RandomReceiverKeyInput, ReceiveOptions, ReceiverKeyPair, ReceiverKeySigner, ResolvedCapabilities, ResolvedDelegate, ResolvedSecretPath, ResourceCapability, SECRET_NAME_RE, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, SecretPayload, SecretScopeOptions, SecretsError, SecretsService, ServiceContext, ServiceContextConfig, ServiceSession, SessionExpiredError, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignInOptions, SignRequest, SignResponse, SignedReceiverKeyInput, SilentNotificationHandler, Space, SpaceAbilitiesMap, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, SubscribeOptions, TableInfo, TelemetryConfig, TelemetryEventHandler, TinyCloud, TinyCloudConfig, TinyCloudSession, UnsupportedFeatureError, VAULT_PERMISSION_SERVICE, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VerifyDecryptResponseInput, VersionCheckError, ViewInfo, WasmVaultFunctions, WellKnownDescriptorFetcher, addressStorageKey, buildCanonicalDecryptRequest, buildDecryptAttenuation, buildDecryptFacts, buildDecryptInvocation, buildNetworkId, buildSpaceUri, canonicalHashHex, canonicalSignedResponse, canonicalizeAddress, canonicalizeDid, canonicalizeDidUrl, canonicalizeEncryptionJson, canonicalizeNetworkId, canonicalizeSecretScope, checkDecryptInvocationInput, checkNodeInfo, composeManifestRequest, createCapabilityKeyRegistry, createSharingService, createSpaceService, createVaultCrypto, decryptEnvelopeWithKey, defaultSpaceCreationHandler, deriveSignedReceiverKey, didCacheKey, didEquals, discoverNetwork, encryptToNetwork, encryptionBase64Decode, encryptionBase64Encode, encryptionError, encryptionUtf8Decode, encryptionUtf8Encode, ensureNetworkUsableForDecrypt, expandActionShortNames, expandPermissionEntries, expandPermissionEntry, generateRandomReceiverKey, hexDecode, hexEncode, isCapabilitySubset, isEvmAddress, isNetworkId, loadManifest, makePkhSpaceId, makePublicSpaceId, networkDiscoveryKey, openWrappedKey, parseCanonicalNetworkId, parseExpiry, parseNetworkId, parsePkhDid, parseSpaceUri, pkhDid, principalDid, principalDidEquals, resolveManifest, resolveSecretListPrefix, resolveSecretPath, resourceCapabilitiesToSpaceAbilitiesMap, validateEnvelope, validateManifest, verifyDecryptResponse } from '@tinycloud/sdk-core';
3
- export { A as AuthDelegationArtifact, a as AuthRequestArtifact, D as DelegateToOptions, b as DelegateToResult, c as DelegatedAccess, d as DelegationAuthority, F as FileSessionStorage, M as MemorySessionStorage, N as NodeEventEmitterStrategy, e as NodeUserAuthorization, f as NodeUserAuthorizationConfig, P as PortableDelegation, R as RestorableSession, g as RuntimePermissionGrantOptions, S as SignStrategy, T as TinyCloudNode, h as TinyCloudNodeConfig, W as WasmKeyProvider, i as WasmKeyProviderConfig, j as createWasmKeyProvider, k as defaultSignStrategy, l as deserializeDelegation, m as grantAuthRequest, s as serializeDelegation } from './core-DiVEwp2P.cjs';
3
+ export { A as AuthDelegationArtifact, a as AuthRequestArtifact, D as DelegateToOptions, b as DelegateToResult, c as DelegatedAccess, d as DelegationAuthority, F as FileSessionStorage, M as MemorySessionStorage, N as NodeEventEmitterStrategy, e as NodeUserAuthorization, f as NodeUserAuthorizationConfig, P as PortableDelegation, R as RestorableSession, g as RuntimePermissionGrantOptions, S as SignStrategy, T as TinyCloudNode, h as TinyCloudNodeConfig, W as WasmKeyProvider, i as WasmKeyProviderConfig, j as createWasmKeyProvider, k as defaultSignStrategy, l as deserializeDelegation, m as grantAuthRequest, s as serializeDelegation } from './core--mjBU9Jq.cjs';
4
4
  import { invoke, invokeAny, computeCid, prepareSession, completeSessionSetup, ensureEip55, makeSpaceId, createDelegation, parseRecapFromSiwe, generateHostSIWEMessage, siweToDelegationHeaders, protocolVersion, vault_encrypt, vault_decrypt, vault_derive_key, vault_x25519_from_seed, vault_x25519_dh, vault_random_bytes, vault_sha256 } from '@tinycloud/node-sdk-wasm';
5
5
  import 'events';
6
6
  import '@tinycloud/sdk-services';
package/dist/index.d.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  import { ISigner, Bytes, IWasmBindings, ISessionManager } from '@tinycloud/sdk-core';
2
2
  export { ACCOUNT_REGISTRY_PATH, ACCOUNT_REGISTRY_SPACE, AccountApplication, AccountApplicationListOptions, AccountDelegation, AccountDelegationListOptions, AccountDelegationRevokeOptions, AccountIndexRebuildResult, AccountIndexStatus, AccountIndexedReadOptions, AccountService, AccountServiceConfig, AccountSpace, AccountSpaceListOptions, AccountStatus, AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, BuildCanonicalDecryptRequestInput, BuildDecryptFactsInput, BuildDecryptInvocationInput, BuiltDecryptInvocation, CallbackStrategy, CanonicalAddress, CanonicalDecryptRequest, CanonicalJson, CanonicalParsedNetworkId, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, ComposeManifestOptions, ComposedManifestRequest, CreateDelegationParams, DECRYPT_ACTION, DECRYPT_FACT_TYPE, DECRYPT_RESULT_TYPE, DEFAULT_ENCRYPTION_ALG, DEFAULT_KEY_VERSION, DEFAULT_MANIFEST_SPACE, DEFAULT_MANIFEST_VERSION, DEFAULT_SIGNED_READ_URL_EXPIRY_MS, DataVaultConfig, DataVaultService, DatabaseHandle, DecryptCapabilityProof, DecryptEnvelopeOptions, DecryptInvocationFact, DecryptInvocationSigner, DecryptRequestBody, DecryptResponseBody, DecryptTransport, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DidCacheKeyOptions, DidEqualsOptions, DiscoverNetworkInput, DiscoveredNetwork, DiscoverySource, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, ENCRYPTION_NETWORK_URN_PREFIX, ENCRYPTION_SERVICE, ENCRYPTION_SERVICE_SHORT, ENVELOPE_VERSION, EncodedShareData, EncryptToNetworkInput, EncryptToNetworkOptions, EncryptToNetworkResult, EncryptionCrypto, EncryptionError, EncryptionErrorInput, EncryptionService, EncryptionServiceConfig, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, HookEvent, HookServiceName, HookStreamEvent, HookSubscription, HookWebhookListOptions, HookWebhookRecord, HookWebhookRegistration, HookWebhookScope, HookWebhookUnregisterOptions, HooksService, HooksServiceConfig, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IEncryptionService, IHooksService, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISecretsService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IdentityParseError, IngestOptions, InlineEncryptedEnvelope, InvokeFunction, JWK, KVCreateSignedReadUrlOptions, KVResponse, KVService, KVServiceConfig, KVSignedReadUrlResponse, KeyInfo, KeyProvider, KeyType, Manifest, ManifestDefaults, ManifestRegistryRecord, ManifestSecretActions, ManifestValidationError, NETWORK_NAME_PATTERN, NetworkDescriptor, NetworkIdError, NodeDescriptorFetcher, ParsedNetworkId, PermissionEntry, PermissionNotInManifestError, PersistedSessionData, PkhDidParts, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, RandomReceiverKeyInput, ReceiveOptions, ReceiverKeyPair, ReceiverKeySigner, ResolvedCapabilities, ResolvedDelegate, ResolvedSecretPath, ResourceCapability, SECRET_NAME_RE, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, SecretPayload, SecretScopeOptions, SecretsError, SecretsService, ServiceContext, ServiceContextConfig, ServiceSession, SessionExpiredError, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignInOptions, SignRequest, SignResponse, SignedReceiverKeyInput, SilentNotificationHandler, Space, SpaceAbilitiesMap, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, SubscribeOptions, TableInfo, TelemetryConfig, TelemetryEventHandler, TinyCloud, TinyCloudConfig, TinyCloudSession, UnsupportedFeatureError, VAULT_PERMISSION_SERVICE, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VerifyDecryptResponseInput, VersionCheckError, ViewInfo, WasmVaultFunctions, WellKnownDescriptorFetcher, addressStorageKey, buildCanonicalDecryptRequest, buildDecryptAttenuation, buildDecryptFacts, buildDecryptInvocation, buildNetworkId, buildSpaceUri, canonicalHashHex, canonicalSignedResponse, canonicalizeAddress, canonicalizeDid, canonicalizeDidUrl, canonicalizeEncryptionJson, canonicalizeNetworkId, canonicalizeSecretScope, checkDecryptInvocationInput, checkNodeInfo, composeManifestRequest, createCapabilityKeyRegistry, createSharingService, createSpaceService, createVaultCrypto, decryptEnvelopeWithKey, defaultSpaceCreationHandler, deriveSignedReceiverKey, didCacheKey, didEquals, discoverNetwork, encryptToNetwork, encryptionBase64Decode, encryptionBase64Encode, encryptionError, encryptionUtf8Decode, encryptionUtf8Encode, ensureNetworkUsableForDecrypt, expandActionShortNames, expandPermissionEntries, expandPermissionEntry, generateRandomReceiverKey, hexDecode, hexEncode, isCapabilitySubset, isEvmAddress, isNetworkId, loadManifest, makePkhSpaceId, makePublicSpaceId, networkDiscoveryKey, openWrappedKey, parseCanonicalNetworkId, parseExpiry, parseNetworkId, parsePkhDid, parseSpaceUri, pkhDid, principalDid, principalDidEquals, resolveManifest, resolveSecretListPrefix, resolveSecretPath, resourceCapabilitiesToSpaceAbilitiesMap, validateEnvelope, validateManifest, verifyDecryptResponse } from '@tinycloud/sdk-core';
3
- export { A as AuthDelegationArtifact, a as AuthRequestArtifact, D as DelegateToOptions, b as DelegateToResult, c as DelegatedAccess, d as DelegationAuthority, F as FileSessionStorage, M as MemorySessionStorage, N as NodeEventEmitterStrategy, e as NodeUserAuthorization, f as NodeUserAuthorizationConfig, P as PortableDelegation, R as RestorableSession, g as RuntimePermissionGrantOptions, S as SignStrategy, T as TinyCloudNode, h as TinyCloudNodeConfig, W as WasmKeyProvider, i as WasmKeyProviderConfig, j as createWasmKeyProvider, k as defaultSignStrategy, l as deserializeDelegation, m as grantAuthRequest, s as serializeDelegation } from './core-DiVEwp2P.js';
3
+ export { A as AuthDelegationArtifact, a as AuthRequestArtifact, D as DelegateToOptions, b as DelegateToResult, c as DelegatedAccess, d as DelegationAuthority, F as FileSessionStorage, M as MemorySessionStorage, N as NodeEventEmitterStrategy, e as NodeUserAuthorization, f as NodeUserAuthorizationConfig, P as PortableDelegation, R as RestorableSession, g as RuntimePermissionGrantOptions, S as SignStrategy, T as TinyCloudNode, h as TinyCloudNodeConfig, W as WasmKeyProvider, i as WasmKeyProviderConfig, j as createWasmKeyProvider, k as defaultSignStrategy, l as deserializeDelegation, m as grantAuthRequest, s as serializeDelegation } from './core--mjBU9Jq.js';
4
4
  import { invoke, invokeAny, computeCid, prepareSession, completeSessionSetup, ensureEip55, makeSpaceId, createDelegation, parseRecapFromSiwe, generateHostSIWEMessage, siweToDelegationHeaders, protocolVersion, vault_encrypt, vault_decrypt, vault_derive_key, vault_x25519_from_seed, vault_x25519_dh, vault_random_bytes, vault_sha256 } from '@tinycloud/node-sdk-wasm';
5
5
  import 'events';
6
6
  import '@tinycloud/sdk-services';
package/dist/index.js CHANGED
@@ -17186,6 +17186,7 @@ import {
17186
17186
  verifyDidKeyEd25519Signature,
17187
17187
  canonicalizeAddress as canonicalizeAddress2,
17188
17188
  pkhDid as pkhDid2,
17189
+ resolveTinyCloudHosts as resolveTinyCloudHosts2,
17189
17190
  principalDidEquals as principalDidEquals2,
17190
17191
  parseNetworkId as parseNetworkId2
17191
17192
  } from "@tinycloud/sdk-core";
@@ -17423,12 +17424,48 @@ var NodeUserAuthorization = class {
17423
17424
  * `siwe` is the load-bearing one because `extractSiweExpiration` returns
17424
17425
  * undefined for missing SIWEs and the SDK then treats the session as
17425
17426
  * expired-at-epoch-zero.
17427
+ *
17428
+ * @param hosts - The TinyCloud hosts this session was created against,
17429
+ * as persisted in {@link PersistedSessionData.tinycloudHosts}. When
17430
+ * present (and non-empty) they are adopted directly so the restored
17431
+ * session resolves to the same node as the original sign-in without
17432
+ * re-running registry/fallback resolution. When absent (old session)
17433
+ * hosts are resolved lazily on the first host-needing call via
17434
+ * {@link ensureTinyCloudHosts}.
17426
17435
  */
17427
- setRestoredTinyCloudSession(session) {
17436
+ setRestoredTinyCloudSession(session, hosts) {
17428
17437
  const address = canonicalizeAddress(session.address);
17429
17438
  this._tinyCloudSession = { ...session, address };
17430
17439
  this._address = address;
17431
17440
  this._chainId = session.chainId;
17441
+ if ((!this.tinycloudHosts || this.tinycloudHosts.length === 0) && hosts && hosts.length > 0) {
17442
+ this.tinycloudHosts = [...hosts];
17443
+ }
17444
+ }
17445
+ /**
17446
+ * Ensure `tinycloudHosts` are resolved before a host-needing call.
17447
+ *
17448
+ * Fresh sign-in resolves hosts up front; a restored session may not have
17449
+ * (old persisted sessions predate {@link PersistedSessionData.tinycloudHosts}).
17450
+ * This guard makes a restored session resolve the node exactly like a fresh
17451
+ * sign-in — persisted hosts are preferred (already set by
17452
+ * {@link setRestoredTinyCloudSession}), otherwise the registry/fallback
17453
+ * resolution runs lazily here. Idempotent: {@link resolveTinyCloudHostsForSignIn}
17454
+ * early-returns when hosts are already set.
17455
+ *
17456
+ * Throws if hosts are unset and the restored session has no address/chainId
17457
+ * to resolve from — a real failure that must surface, not be masked.
17458
+ */
17459
+ async ensureTinyCloudHosts() {
17460
+ if (this.tinycloudHosts && this.tinycloudHosts.length > 0) {
17461
+ return;
17462
+ }
17463
+ if (this._address === void 0 || this._chainId === void 0) {
17464
+ throw new Error(
17465
+ "Cannot resolve TinyCloud hosts: no address/chainId available. Sign in or restore a session first."
17466
+ );
17467
+ }
17468
+ await this.resolveTinyCloudHostsForSignIn(this._address, this._chainId);
17432
17469
  }
17433
17470
  async resolveTinyCloudHostsForSignIn(address, chainId) {
17434
17471
  if (this.tinycloudHosts && this.tinycloudHosts.length > 0) {
@@ -17625,6 +17662,7 @@ var NodeUserAuthorization = class {
17625
17662
  if (!this._tinyCloudSession || !this._address || !this._chainId) {
17626
17663
  throw new Error("Must be signed in to host space");
17627
17664
  }
17665
+ await this.ensureTinyCloudHosts();
17628
17666
  const host = this.primaryTinyCloudHost;
17629
17667
  const spaceId = targetSpaceId ?? this._tinyCloudSession.spaceId;
17630
17668
  const peerId = await fetchPeerId(host, spaceId);
@@ -17667,6 +17705,7 @@ var NodeUserAuthorization = class {
17667
17705
  if (!this._tinyCloudSession) {
17668
17706
  throw new Error("Must be signed in to ensure space exists");
17669
17707
  }
17708
+ await this.ensureTinyCloudHosts();
17670
17709
  const host = this.primaryTinyCloudHost;
17671
17710
  const primarySpaceId = this._tinyCloudSession.spaceId;
17672
17711
  const result = await activateSessionWithHost(
@@ -17848,7 +17887,8 @@ var NodeUserAuthorization = class {
17848
17887
  },
17849
17888
  expiresAt: expirationTime.toISOString(),
17850
17889
  createdAt: now.toISOString(),
17851
- version: "1.0"
17890
+ version: "1.0",
17891
+ tinycloudHosts: this.tinycloudHosts
17852
17892
  };
17853
17893
  await this.sessionStorage.save(address, persistedData);
17854
17894
  this._session = clientSession;
@@ -18015,7 +18055,8 @@ var NodeUserAuthorization = class {
18015
18055
  },
18016
18056
  expiresAt,
18017
18057
  createdAt,
18018
- version: "1.0"
18058
+ version: "1.0",
18059
+ tinycloudHosts: this.tinycloudHosts
18019
18060
  };
18020
18061
  await this.sessionStorage.save(address, persistedData);
18021
18062
  this._session = clientSession;
@@ -19159,6 +19200,14 @@ var _TinyCloudNode = class _TinyCloudNode {
19159
19200
  if (sessionData.chainId) {
19160
19201
  this._chainId = sessionData.chainId;
19161
19202
  }
19203
+ const resolvedHost = await this.resolveRestoredHost(
19204
+ sessionData.tinycloudHosts,
19205
+ restoredAddress,
19206
+ sessionData.chainId
19207
+ );
19208
+ if (resolvedHost) {
19209
+ this.config.host = resolvedHost;
19210
+ }
19162
19211
  this._serviceContext = new ServiceContext2({
19163
19212
  invoke: this.invokeWithRuntimePermissions,
19164
19213
  invokeAny: this.invokeAnyWithRuntimePermissions,
@@ -19204,12 +19253,45 @@ var _TinyCloudNode = class _TinyCloudNode {
19204
19253
  signature: sessionData.signature ?? ""
19205
19254
  };
19206
19255
  if (this.auth) {
19207
- this.auth.setRestoredTinyCloudSession(tcSession);
19256
+ this.auth.setRestoredTinyCloudSession(
19257
+ tcSession,
19258
+ this.config.host ? [this.config.host] : void 0
19259
+ );
19208
19260
  } else {
19209
19261
  this._restoredTcSession = tcSession;
19210
19262
  }
19211
19263
  }
19212
19264
  }
19265
+ /**
19266
+ * Resolve the host a restored session should target.
19267
+ *
19268
+ * Mirrors fresh sign-in host resolution but for the restore path:
19269
+ * an explicit/pinned host always wins, then the hosts the session was
19270
+ * persisted with, then a lazy registry/fallback resolution for sessions
19271
+ * that predate the persisted `tinycloudHosts` field. Returns `undefined`
19272
+ * only when there's nothing to resolve from (no explicit host, no
19273
+ * persisted hosts, and no address/chainId) — in which case the existing
19274
+ * `config.host` (default) is left in place.
19275
+ *
19276
+ * Resolution failures are surfaced, not swallowed: a genuinely broken
19277
+ * registry lookup throws rather than silently falling back to a wrong host.
19278
+ */
19279
+ async resolveRestoredHost(persistedHosts, address, chainId) {
19280
+ if (this.explicitHost) {
19281
+ return this.explicitHost;
19282
+ }
19283
+ if (persistedHosts && persistedHosts.length > 0) {
19284
+ return persistedHosts[0];
19285
+ }
19286
+ if (address === void 0 || chainId === void 0) {
19287
+ return void 0;
19288
+ }
19289
+ const resolved = await resolveTinyCloudHosts2(pkhDid2(address, chainId), {
19290
+ registryUrl: this.config.tinycloudRegistryUrl,
19291
+ fallbackHosts: this.config.tinycloudFallbackHosts
19292
+ });
19293
+ return resolved.hosts[0];
19294
+ }
19213
19295
  /**
19214
19296
  * Resolve the currently-active TinyCloudSession, preferring the auth
19215
19297
  * layer's value (wallet mode) and falling back to the node-level