@tinycloud/node-sdk 2.4.0 → 2.5.0-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{core-DfE4s_Rg.d.cts → core-ojeY-wet.d.cts} +37 -5
- package/dist/{core-DfE4s_Rg.d.ts → core-ojeY-wet.d.ts} +37 -5
- package/dist/core.cjs +175 -37
- package/dist/core.cjs.map +1 -1
- package/dist/core.d.cts +1 -1
- package/dist/core.d.ts +1 -1
- package/dist/core.js +175 -37
- package/dist/core.js.map +1 -1
- package/dist/index.cjs +175 -37
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +175 -37
- package/dist/index.js.map +1 -1
- package/package.json +2 -2
package/dist/index.d.cts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { ISigner, Bytes, IWasmBindings, ISessionManager } from '@tinycloud/sdk-core';
|
|
2
2
|
export { ACCOUNT_REGISTRY_PATH, ACCOUNT_REGISTRY_SPACE, AccountApplication, AccountApplicationListOptions, AccountDelegation, AccountDelegationListOptions, AccountDelegationRevokeOptions, AccountIndexEnsureResult, AccountIndexRebuildResult, AccountIndexStatus, AccountIndexedReadOptions, AccountService, AccountServiceConfig, AccountSpace, AccountSpaceListOptions, AccountStatus, AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, BuildCanonicalDecryptRequestInput, BuildDecryptFactsInput, BuildDecryptInvocationInput, BuiltDecryptInvocation, CallbackStrategy, CanonicalAddress, CanonicalDecryptRequest, CanonicalJson, CanonicalParsedNetworkId, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, ComposeManifestOptions, ComposedManifestRequest, CreateDelegationParams, DECRYPT_ACTION, DECRYPT_FACT_TYPE, DECRYPT_RESULT_TYPE, DEFAULT_ENCRYPTION_ALG, DEFAULT_KEY_VERSION, DEFAULT_MANIFEST_SPACE, DEFAULT_MANIFEST_VERSION, DEFAULT_SIGNED_READ_URL_EXPIRY_MS, DataVaultConfig, DataVaultService, DatabaseHandle, DecryptCapabilityProof, DecryptEnvelopeOptions, DecryptInvocationFact, DecryptInvocationSigner, DecryptRequestBody, DecryptResponseBody, DecryptTransport, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DidCacheKeyOptions, DidEqualsOptions, DiscoverNetworkInput, DiscoveredNetwork, DiscoverySource, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, ENCRYPTION_NETWORK_URN_PREFIX, ENCRYPTION_SERVICE, ENCRYPTION_SERVICE_SHORT, ENVELOPE_VERSION, EncodedShareData, EncryptToNetworkInput, EncryptToNetworkOptions, EncryptToNetworkResult, EncryptionCrypto, EncryptionError, EncryptionErrorInput, EncryptionService, EncryptionServiceConfig, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, HookEvent, HookServiceName, HookStreamEvent, HookSubscription, HookWebhookListOptions, HookWebhookRecord, HookWebhookRegistration, HookWebhookScope, HookWebhookUnregisterOptions, HooksService, HooksServiceConfig, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IEncryptionService, IHooksService, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISecretsService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IdentityParseError, IngestOptions, InlineEncryptedEnvelope, InvokeFunction, JWK, KVCreateSignedReadUrlOptions, KVResponse, KVService, KVServiceConfig, KVSignedReadUrlResponse, KeyInfo, KeyProvider, KeyType, Manifest, ManifestDefaults, ManifestRegistryRecord, ManifestSecretActions, ManifestValidationError, NETWORK_NAME_PATTERN, NetworkDescriptor, NetworkIdError, NodeDescriptorFetcher, OpenKeyCallbackStrategy, OpenKeySigningRequestBody, OpenKeySigningResponseBody, OpenKeySigningStrategyOptions, ParsedNetworkId, PermissionEntry, PermissionNotInManifestError, PersistedSessionData, PkhDidParts, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, RandomReceiverKeyInput, ReceiveOptions, ReceiverKeyPair, ReceiverKeySigner, ResolvedCapabilities, ResolvedDelegate, ResolvedSecretPath, ResourceCapability, SECRET_NAME_RE, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, SecretPayload, SecretScopeOptions, SecretsError, SecretsService, ServiceContext, ServiceContextConfig, ServiceSession, SessionExpiredError, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignInOptions, SignRequest, SignResponse, SignedReceiverKeyInput, SilentNotificationHandler, Space, SpaceAbilitiesMap, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, SubscribeOptions, TableInfo, TelemetryConfig, TelemetryEventHandler, TinyCloud, TinyCloudConfig, TinyCloudDebugEnableOptions, TinyCloudDebugEvent, TinyCloudDebugLevel, TinyCloudDebugLogger, TinyCloudDebugTimer, TinyCloudSession, UnsupportedFeatureError, VAULT_PERMISSION_SERVICE, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VerifyDecryptResponseInput, VersionCheckError, ViewInfo, WasmVaultFunctions, WellKnownDescriptorFetcher, addressStorageKey, buildCanonicalDecryptRequest, buildDecryptAttenuation, buildDecryptFacts, buildDecryptInvocation, buildNetworkId, buildSpaceUri, canonicalHashHex, canonicalSignedResponse, canonicalizeAddress, canonicalizeDid, canonicalizeDidUrl, canonicalizeEncryptionJson, canonicalizeNetworkId, canonicalizeSecretScope, checkDecryptInvocationInput, checkNodeInfo, clearTinyCloudDebugLogs, composeManifestRequest, createCapabilityKeyRegistry, createOpenKeyCallbackSigningStrategy, createSharingService, createSpaceService, createVaultCrypto, decryptEnvelopeWithKey, defaultSpaceCreationHandler, deriveSignedReceiverKey, didCacheKey, didEquals, disableTinyCloudDebug, discoverNetwork, enableTinyCloudDebug, encryptToNetwork, encryptionBase64Decode, encryptionBase64Encode, encryptionError, encryptionUtf8Decode, encryptionUtf8Encode, ensureNetworkUsableForDecrypt, expandActionShortNames, expandPermissionEntries, expandPermissionEntry, generateRandomReceiverKey, getTinyCloudDebugLogs, hexDecode, hexEncode, installTinyCloudDebugGlobals, isCapabilitySubset, isEvmAddress, isNetworkId, loadManifest, makePkhSpaceId, makePublicSpaceId, networkDiscoveryKey, openWrappedKey, parseCanonicalNetworkId, parseExpiry, parseNetworkId, parsePkhDid, parseSpaceUri, pkhDid, principalDid, principalDidEquals, resolveManifest, resolveSecretListPrefix, resolveSecretPath, resourceCapabilitiesToSpaceAbilitiesMap, tinyCloudDebugLogger, validateEnvelope, validateManifest, verifyDecryptResponse } from '@tinycloud/sdk-core';
|
|
3
|
-
export { A as AuthDelegationArtifact, a as AuthRequestArtifact, D as DelegateToOptions, b as DelegateToResult, c as DelegatedAccess, d as DelegationAuthority, F as FileSessionStorage, M as MemorySessionStorage, N as NodeEventEmitterStrategy, e as NodeUserAuthorization, f as NodeUserAuthorizationConfig, P as PortableDelegation, R as RestorableSession, g as RuntimePermissionGrantOptions, S as SignStrategy, T as TinyCloudNode, h as TinyCloudNodeConfig, W as WasmKeyProvider, i as WasmKeyProviderConfig, j as createWasmKeyProvider, k as defaultSignStrategy, l as deserializeDelegation, m as grantAuthRequest, s as serializeDelegation } from './core-
|
|
3
|
+
export { A as AuthDelegationArtifact, a as AuthRequestArtifact, D as DelegateToOptions, b as DelegateToResult, c as DelegatedAccess, d as DelegationAuthority, F as FileSessionStorage, M as MemorySessionStorage, N as NodeEventEmitterStrategy, e as NodeUserAuthorization, f as NodeUserAuthorizationConfig, P as PortableDelegation, R as RestorableSession, g as RuntimePermissionGrantOptions, S as SignStrategy, T as TinyCloudNode, h as TinyCloudNodeConfig, W as WasmKeyProvider, i as WasmKeyProviderConfig, j as createWasmKeyProvider, k as defaultSignStrategy, l as deserializeDelegation, m as grantAuthRequest, s as serializeDelegation } from './core-ojeY-wet.cjs';
|
|
4
4
|
import { invoke, invokeAny, computeCid, prepareSession, completeSessionSetup, ensureEip55, makeSpaceId, createDelegation, parseRecapFromSiwe, generateHostSIWEMessage, siweToDelegationHeaders, protocolVersion, vault_encrypt, vault_decrypt, vault_derive_key, vault_x25519_from_seed, vault_x25519_dh, vault_random_bytes, vault_sha256 } from '@tinycloud/node-sdk-wasm';
|
|
5
5
|
import 'events';
|
|
6
6
|
import '@tinycloud/sdk-services';
|
package/dist/index.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { ISigner, Bytes, IWasmBindings, ISessionManager } from '@tinycloud/sdk-core';
|
|
2
2
|
export { ACCOUNT_REGISTRY_PATH, ACCOUNT_REGISTRY_SPACE, AccountApplication, AccountApplicationListOptions, AccountDelegation, AccountDelegationListOptions, AccountDelegationRevokeOptions, AccountIndexEnsureResult, AccountIndexRebuildResult, AccountIndexStatus, AccountIndexedReadOptions, AccountService, AccountServiceConfig, AccountSpace, AccountSpaceListOptions, AccountStatus, AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, BuildCanonicalDecryptRequestInput, BuildDecryptFactsInput, BuildDecryptInvocationInput, BuiltDecryptInvocation, CallbackStrategy, CanonicalAddress, CanonicalDecryptRequest, CanonicalJson, CanonicalParsedNetworkId, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, ComposeManifestOptions, ComposedManifestRequest, CreateDelegationParams, DECRYPT_ACTION, DECRYPT_FACT_TYPE, DECRYPT_RESULT_TYPE, DEFAULT_ENCRYPTION_ALG, DEFAULT_KEY_VERSION, DEFAULT_MANIFEST_SPACE, DEFAULT_MANIFEST_VERSION, DEFAULT_SIGNED_READ_URL_EXPIRY_MS, DataVaultConfig, DataVaultService, DatabaseHandle, DecryptCapabilityProof, DecryptEnvelopeOptions, DecryptInvocationFact, DecryptInvocationSigner, DecryptRequestBody, DecryptResponseBody, DecryptTransport, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DidCacheKeyOptions, DidEqualsOptions, DiscoverNetworkInput, DiscoveredNetwork, DiscoverySource, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, ENCRYPTION_NETWORK_URN_PREFIX, ENCRYPTION_SERVICE, ENCRYPTION_SERVICE_SHORT, ENVELOPE_VERSION, EncodedShareData, EncryptToNetworkInput, EncryptToNetworkOptions, EncryptToNetworkResult, EncryptionCrypto, EncryptionError, EncryptionErrorInput, EncryptionService, EncryptionServiceConfig, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, HookEvent, HookServiceName, HookStreamEvent, HookSubscription, HookWebhookListOptions, HookWebhookRecord, HookWebhookRegistration, HookWebhookScope, HookWebhookUnregisterOptions, HooksService, HooksServiceConfig, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IEncryptionService, IHooksService, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISecretsService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IdentityParseError, IngestOptions, InlineEncryptedEnvelope, InvokeFunction, JWK, KVCreateSignedReadUrlOptions, KVResponse, KVService, KVServiceConfig, KVSignedReadUrlResponse, KeyInfo, KeyProvider, KeyType, Manifest, ManifestDefaults, ManifestRegistryRecord, ManifestSecretActions, ManifestValidationError, NETWORK_NAME_PATTERN, NetworkDescriptor, NetworkIdError, NodeDescriptorFetcher, OpenKeyCallbackStrategy, OpenKeySigningRequestBody, OpenKeySigningResponseBody, OpenKeySigningStrategyOptions, ParsedNetworkId, PermissionEntry, PermissionNotInManifestError, PersistedSessionData, PkhDidParts, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, RandomReceiverKeyInput, ReceiveOptions, ReceiverKeyPair, ReceiverKeySigner, ResolvedCapabilities, ResolvedDelegate, ResolvedSecretPath, ResourceCapability, SECRET_NAME_RE, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, SecretPayload, SecretScopeOptions, SecretsError, SecretsService, ServiceContext, ServiceContextConfig, ServiceSession, SessionExpiredError, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignInOptions, SignRequest, SignResponse, SignedReceiverKeyInput, SilentNotificationHandler, Space, SpaceAbilitiesMap, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, SubscribeOptions, TableInfo, TelemetryConfig, TelemetryEventHandler, TinyCloud, TinyCloudConfig, TinyCloudDebugEnableOptions, TinyCloudDebugEvent, TinyCloudDebugLevel, TinyCloudDebugLogger, TinyCloudDebugTimer, TinyCloudSession, UnsupportedFeatureError, VAULT_PERMISSION_SERVICE, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VerifyDecryptResponseInput, VersionCheckError, ViewInfo, WasmVaultFunctions, WellKnownDescriptorFetcher, addressStorageKey, buildCanonicalDecryptRequest, buildDecryptAttenuation, buildDecryptFacts, buildDecryptInvocation, buildNetworkId, buildSpaceUri, canonicalHashHex, canonicalSignedResponse, canonicalizeAddress, canonicalizeDid, canonicalizeDidUrl, canonicalizeEncryptionJson, canonicalizeNetworkId, canonicalizeSecretScope, checkDecryptInvocationInput, checkNodeInfo, clearTinyCloudDebugLogs, composeManifestRequest, createCapabilityKeyRegistry, createOpenKeyCallbackSigningStrategy, createSharingService, createSpaceService, createVaultCrypto, decryptEnvelopeWithKey, defaultSpaceCreationHandler, deriveSignedReceiverKey, didCacheKey, didEquals, disableTinyCloudDebug, discoverNetwork, enableTinyCloudDebug, encryptToNetwork, encryptionBase64Decode, encryptionBase64Encode, encryptionError, encryptionUtf8Decode, encryptionUtf8Encode, ensureNetworkUsableForDecrypt, expandActionShortNames, expandPermissionEntries, expandPermissionEntry, generateRandomReceiverKey, getTinyCloudDebugLogs, hexDecode, hexEncode, installTinyCloudDebugGlobals, isCapabilitySubset, isEvmAddress, isNetworkId, loadManifest, makePkhSpaceId, makePublicSpaceId, networkDiscoveryKey, openWrappedKey, parseCanonicalNetworkId, parseExpiry, parseNetworkId, parsePkhDid, parseSpaceUri, pkhDid, principalDid, principalDidEquals, resolveManifest, resolveSecretListPrefix, resolveSecretPath, resourceCapabilitiesToSpaceAbilitiesMap, tinyCloudDebugLogger, validateEnvelope, validateManifest, verifyDecryptResponse } from '@tinycloud/sdk-core';
|
|
3
|
-
export { A as AuthDelegationArtifact, a as AuthRequestArtifact, D as DelegateToOptions, b as DelegateToResult, c as DelegatedAccess, d as DelegationAuthority, F as FileSessionStorage, M as MemorySessionStorage, N as NodeEventEmitterStrategy, e as NodeUserAuthorization, f as NodeUserAuthorizationConfig, P as PortableDelegation, R as RestorableSession, g as RuntimePermissionGrantOptions, S as SignStrategy, T as TinyCloudNode, h as TinyCloudNodeConfig, W as WasmKeyProvider, i as WasmKeyProviderConfig, j as createWasmKeyProvider, k as defaultSignStrategy, l as deserializeDelegation, m as grantAuthRequest, s as serializeDelegation } from './core-
|
|
3
|
+
export { A as AuthDelegationArtifact, a as AuthRequestArtifact, D as DelegateToOptions, b as DelegateToResult, c as DelegatedAccess, d as DelegationAuthority, F as FileSessionStorage, M as MemorySessionStorage, N as NodeEventEmitterStrategy, e as NodeUserAuthorization, f as NodeUserAuthorizationConfig, P as PortableDelegation, R as RestorableSession, g as RuntimePermissionGrantOptions, S as SignStrategy, T as TinyCloudNode, h as TinyCloudNodeConfig, W as WasmKeyProvider, i as WasmKeyProviderConfig, j as createWasmKeyProvider, k as defaultSignStrategy, l as deserializeDelegation, m as grantAuthRequest, s as serializeDelegation } from './core-ojeY-wet.js';
|
|
4
4
|
import { invoke, invokeAny, computeCid, prepareSession, completeSessionSetup, ensureEip55, makeSpaceId, createDelegation, parseRecapFromSiwe, generateHostSIWEMessage, siweToDelegationHeaders, protocolVersion, vault_encrypt, vault_decrypt, vault_derive_key, vault_x25519_from_seed, vault_x25519_dh, vault_random_bytes, vault_sha256 } from '@tinycloud/node-sdk-wasm';
|
|
5
5
|
import 'events';
|
|
6
6
|
import '@tinycloud/sdk-services';
|
package/dist/index.js
CHANGED
|
@@ -17668,7 +17668,7 @@ var NodeUserAuthorization = class {
|
|
|
17668
17668
|
* Create the space on the TinyCloud server (host delegation).
|
|
17669
17669
|
* This registers the user as the owner of the space.
|
|
17670
17670
|
*/
|
|
17671
|
-
async hostSpace(targetSpaceId) {
|
|
17671
|
+
async hostSpace(targetSpaceId, purpose) {
|
|
17672
17672
|
if (!this._tinyCloudSession || !this._address || !this._chainId) {
|
|
17673
17673
|
throw new Error("Must be signed in to host space");
|
|
17674
17674
|
}
|
|
@@ -17684,7 +17684,7 @@ var NodeUserAuthorization = class {
|
|
|
17684
17684
|
spaceId,
|
|
17685
17685
|
peerId
|
|
17686
17686
|
});
|
|
17687
|
-
const signature2 = await this.signMessage(siwe);
|
|
17687
|
+
const signature2 = await this.signMessage(siwe, purpose);
|
|
17688
17688
|
const headers = this.wasm.siweToDelegationHeaders({ siwe, signature: signature2 });
|
|
17689
17689
|
const result = await submitHostDelegation(host, headers);
|
|
17690
17690
|
return result.success;
|
|
@@ -17700,8 +17700,8 @@ var NodeUserAuthorization = class {
|
|
|
17700
17700
|
* Create a specific owned space on the server via host delegation.
|
|
17701
17701
|
* Used by manifest registry setup for the account space.
|
|
17702
17702
|
*/
|
|
17703
|
-
async hostOwnedSpace(spaceId) {
|
|
17704
|
-
return this.hostSpace(spaceId);
|
|
17703
|
+
async hostOwnedSpace(spaceId, purpose) {
|
|
17704
|
+
return this.hostSpace(spaceId, purpose);
|
|
17705
17705
|
}
|
|
17706
17706
|
/**
|
|
17707
17707
|
* Ensure the user's space exists on the TinyCloud server.
|
|
@@ -17851,7 +17851,8 @@ var NodeUserAuthorization = class {
|
|
|
17851
17851
|
address,
|
|
17852
17852
|
chainId,
|
|
17853
17853
|
message: prepared.siwe,
|
|
17854
|
-
type: "siwe"
|
|
17854
|
+
type: "siwe",
|
|
17855
|
+
purpose: "bootstrap-session"
|
|
17855
17856
|
});
|
|
17856
17857
|
const session = this.wasm.completeSessionSetup({
|
|
17857
17858
|
...prepared,
|
|
@@ -17915,7 +17916,8 @@ var NodeUserAuthorization = class {
|
|
|
17915
17916
|
address,
|
|
17916
17917
|
chainId,
|
|
17917
17918
|
message: prepared.siwe,
|
|
17918
|
-
type: "siwe"
|
|
17919
|
+
type: "siwe",
|
|
17920
|
+
purpose: "sign-in"
|
|
17919
17921
|
});
|
|
17920
17922
|
const session = this.wasm.completeSessionSetup({
|
|
17921
17923
|
...prepared,
|
|
@@ -18003,7 +18005,7 @@ var NodeUserAuthorization = class {
|
|
|
18003
18005
|
/**
|
|
18004
18006
|
* Sign a message with the connected signer.
|
|
18005
18007
|
*/
|
|
18006
|
-
async signMessage(message) {
|
|
18008
|
+
async signMessage(message, purpose) {
|
|
18007
18009
|
if (!this._address) {
|
|
18008
18010
|
this._address = canonicalizeAddress(await this.signer.getAddress());
|
|
18009
18011
|
}
|
|
@@ -18014,7 +18016,8 @@ var NodeUserAuthorization = class {
|
|
|
18014
18016
|
address: this._address,
|
|
18015
18017
|
chainId: this._chainId,
|
|
18016
18018
|
message,
|
|
18017
|
-
type: "message"
|
|
18019
|
+
type: "message",
|
|
18020
|
+
...purpose ? { purpose } : {}
|
|
18018
18021
|
});
|
|
18019
18022
|
}
|
|
18020
18023
|
/**
|
|
@@ -18502,12 +18505,12 @@ function displayActionUrn(action) {
|
|
|
18502
18505
|
function secretActionName(action) {
|
|
18503
18506
|
return action;
|
|
18504
18507
|
}
|
|
18505
|
-
function secretPermissionEntries(name, options, action, encryptionNetworkId) {
|
|
18508
|
+
function secretPermissionEntries(name, options, action, space, encryptionNetworkId) {
|
|
18506
18509
|
const entries = [];
|
|
18507
18510
|
const path = action === "list" ? resolveSecretListPrefix(options) : resolveSecretPath(name, options).permissionPaths.vault;
|
|
18508
18511
|
entries.push({
|
|
18509
18512
|
service: "tinycloud.kv",
|
|
18510
|
-
space
|
|
18513
|
+
space,
|
|
18511
18514
|
path,
|
|
18512
18515
|
actions: [secretActionName(action)],
|
|
18513
18516
|
skipPrefix: true
|
|
@@ -18522,11 +18525,23 @@ function secretPermissionEntries(name, options, action, encryptionNetworkId) {
|
|
|
18522
18525
|
}
|
|
18523
18526
|
return entries;
|
|
18524
18527
|
}
|
|
18528
|
+
function normalizeSpace(space, resolveSpace) {
|
|
18529
|
+
if (!space) return void 0;
|
|
18530
|
+
if (space.startsWith("tinycloud:")) return space;
|
|
18531
|
+
return resolveSpace?.(space) ?? space;
|
|
18532
|
+
}
|
|
18533
|
+
function spaceMatches(granted, requested, resolveSpace) {
|
|
18534
|
+
if (!granted || !requested) return false;
|
|
18535
|
+
return normalizeSpace(granted, resolveSpace) === normalizeSpace(requested, resolveSpace);
|
|
18536
|
+
}
|
|
18525
18537
|
var NodeSecretsService = class {
|
|
18526
18538
|
constructor(config) {
|
|
18527
18539
|
this.config = config;
|
|
18528
18540
|
this.shouldRestoreUnlock = false;
|
|
18529
18541
|
}
|
|
18542
|
+
get space() {
|
|
18543
|
+
return this.config.space ?? SECRETS_SPACE;
|
|
18544
|
+
}
|
|
18530
18545
|
get vault() {
|
|
18531
18546
|
return this.service.vault;
|
|
18532
18547
|
}
|
|
@@ -18579,6 +18594,7 @@ var NodeSecretsService = class {
|
|
|
18579
18594
|
name,
|
|
18580
18595
|
options,
|
|
18581
18596
|
action,
|
|
18597
|
+
this.space,
|
|
18582
18598
|
action === "get" ? this.config.getEncryptionNetworkId?.() : void 0
|
|
18583
18599
|
);
|
|
18584
18600
|
} catch (error) {
|
|
@@ -18628,7 +18644,7 @@ var NodeSecretsService = class {
|
|
|
18628
18644
|
(entry) => manifests.some((candidate) => {
|
|
18629
18645
|
const resolved = resolveManifest(candidate);
|
|
18630
18646
|
return resolved.resources.some(
|
|
18631
|
-
(resource) => resource.service === entry.service && resource.space
|
|
18647
|
+
(resource) => resource.service === entry.service && spaceMatches(resource.space, entry.space, this.config.resolveSpace) && resource.path === entry.path && entry.actions.every((action) => resource.actions.includes(action))
|
|
18632
18648
|
);
|
|
18633
18649
|
})
|
|
18634
18650
|
);
|
|
@@ -18645,6 +18661,15 @@ var DEFAULT_SESSION_EXPIRATION_MS = EXPIRY3.SESSION_MS;
|
|
|
18645
18661
|
function isOpenKeyAutoSignStrategy(strategy) {
|
|
18646
18662
|
return strategy?.openKeyAutoSign === true;
|
|
18647
18663
|
}
|
|
18664
|
+
function isInteractiveSigner(config) {
|
|
18665
|
+
if (config.privateKey) {
|
|
18666
|
+
return false;
|
|
18667
|
+
}
|
|
18668
|
+
if (isOpenKeyAutoSignStrategy(config.signStrategy)) {
|
|
18669
|
+
return false;
|
|
18670
|
+
}
|
|
18671
|
+
return config.signer !== void 0;
|
|
18672
|
+
}
|
|
18648
18673
|
function didPrincipalMatches2(actual, expected) {
|
|
18649
18674
|
try {
|
|
18650
18675
|
return principalDidEquals2(actual, expected);
|
|
@@ -18652,6 +18677,20 @@ function didPrincipalMatches2(actual, expected) {
|
|
|
18652
18677
|
return actual === expected;
|
|
18653
18678
|
}
|
|
18654
18679
|
}
|
|
18680
|
+
function sharingActionsToAbilities(path, actions) {
|
|
18681
|
+
var _a;
|
|
18682
|
+
const abilities = {};
|
|
18683
|
+
for (const action of actions) {
|
|
18684
|
+
const slash = action.indexOf("/");
|
|
18685
|
+
if (slash === -1) return void 0;
|
|
18686
|
+
const shortService = SERVICE_LONG_TO_SHORT[action.slice(0, slash)];
|
|
18687
|
+
if (shortService === void 0) return void 0;
|
|
18688
|
+
abilities[shortService] ?? (abilities[shortService] = {});
|
|
18689
|
+
(_a = abilities[shortService])[path] ?? (_a[path] = []);
|
|
18690
|
+
abilities[shortService][path].push(action);
|
|
18691
|
+
}
|
|
18692
|
+
return Object.keys(abilities).length > 0 ? abilities : void 0;
|
|
18693
|
+
}
|
|
18655
18694
|
function base64UrlEncode(bytes) {
|
|
18656
18695
|
const alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
|
|
18657
18696
|
let output = "";
|
|
@@ -18764,7 +18803,24 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18764
18803
|
this.auth = null;
|
|
18765
18804
|
this.tc = null;
|
|
18766
18805
|
this._chainId = 1;
|
|
18806
|
+
this._baseSecrets = /* @__PURE__ */ new Map();
|
|
18807
|
+
this._secrets = /* @__PURE__ */ new Map();
|
|
18767
18808
|
this.runtimePermissionGrants = [];
|
|
18809
|
+
/**
|
|
18810
|
+
* True when the last signIn() detected an interactive signer and skipped
|
|
18811
|
+
* client-side bootstrap. Apps can read this to know whether bootstrap was
|
|
18812
|
+
* deferred to the server (OpenKey) or requires a separate user action.
|
|
18813
|
+
*/
|
|
18814
|
+
this._bootstrapSkipped = false;
|
|
18815
|
+
/**
|
|
18816
|
+
* Outcome of the last signIn()'s account-bootstrap attempt. `skipped` is
|
|
18817
|
+
* true when bootstrap did not complete (interactive signer, auto-sign
|
|
18818
|
+
* denied, or a bootstrap step failed); `reason` carries the cause so apps
|
|
18819
|
+
* can surface a "finish account setup" call-to-action.
|
|
18820
|
+
*/
|
|
18821
|
+
this._bootstrapStatus = {
|
|
18822
|
+
skipped: false
|
|
18823
|
+
};
|
|
18768
18824
|
this.invokeWithRuntimePermissions = (session, service, path, action, facts) => {
|
|
18769
18825
|
return this.wasmBindings.invoke(
|
|
18770
18826
|
this.selectInvocationSession(session, service, path, action),
|
|
@@ -18857,6 +18913,15 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
18857
18913
|
static registerNodeDefaults(defaults) {
|
|
18858
18914
|
_TinyCloudNode.nodeDefaults = defaults;
|
|
18859
18915
|
}
|
|
18916
|
+
/** Whether the last signIn() skipped client-side bootstrap because the
|
|
18917
|
+
* signer is interactive (browser wallet / EIP-1193 provider). */
|
|
18918
|
+
get bootstrapSkipped() {
|
|
18919
|
+
return this._bootstrapSkipped;
|
|
18920
|
+
}
|
|
18921
|
+
/** Outcome of the last signIn()'s account-bootstrap attempt. */
|
|
18922
|
+
get bootstrapStatus() {
|
|
18923
|
+
return this._bootstrapStatus;
|
|
18924
|
+
}
|
|
18860
18925
|
get nodeFeatures() {
|
|
18861
18926
|
return this.auth?.nodeFeatures ?? [];
|
|
18862
18927
|
}
|
|
@@ -19026,6 +19091,13 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19026
19091
|
get session() {
|
|
19027
19092
|
return this.auth?.tinyCloudSession;
|
|
19028
19093
|
}
|
|
19094
|
+
/**
|
|
19095
|
+
* Get the currently active session in the shape callers can persist and later
|
|
19096
|
+
* pass back to {@link restoreSession}.
|
|
19097
|
+
*/
|
|
19098
|
+
get restorableSession() {
|
|
19099
|
+
return this.currentTinyCloudSession();
|
|
19100
|
+
}
|
|
19029
19101
|
/**
|
|
19030
19102
|
* Sign in and create a new session.
|
|
19031
19103
|
* This creates the user's space if it doesn't exist.
|
|
@@ -19048,8 +19120,8 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19048
19120
|
this._hooks = void 0;
|
|
19049
19121
|
this._vault = void 0;
|
|
19050
19122
|
this._encryption = void 0;
|
|
19051
|
-
this._baseSecrets
|
|
19052
|
-
this._secrets
|
|
19123
|
+
this._baseSecrets.clear();
|
|
19124
|
+
this._secrets.clear();
|
|
19053
19125
|
this._spaceService = void 0;
|
|
19054
19126
|
this._serviceContext = void 0;
|
|
19055
19127
|
this.runtimePermissionGrants = [];
|
|
@@ -19073,17 +19145,38 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19073
19145
|
return this.wasmBindings.makeSpaceId(this._address, this._chainId, name);
|
|
19074
19146
|
}
|
|
19075
19147
|
async bootstrapAccountIfNeeded() {
|
|
19148
|
+
this._bootstrapSkipped = false;
|
|
19149
|
+
this._bootstrapStatus = { skipped: false };
|
|
19076
19150
|
if (this.config.autoBootstrapAccount === false) {
|
|
19077
19151
|
return false;
|
|
19078
19152
|
}
|
|
19079
19153
|
if (!this.auth || !this._address) {
|
|
19080
19154
|
return false;
|
|
19081
19155
|
}
|
|
19156
|
+
if (isInteractiveSigner(this.config)) {
|
|
19157
|
+
console.debug(
|
|
19158
|
+
"[TinyCloudNode] bootstrap skipped: interactive signer detected. Server-side bootstrap (OpenKey) is expected to have provisioned the account."
|
|
19159
|
+
);
|
|
19160
|
+
this._bootstrapSkipped = true;
|
|
19161
|
+
this._bootstrapStatus = { skipped: true, reason: "interactive-signer" };
|
|
19162
|
+
return false;
|
|
19163
|
+
}
|
|
19082
19164
|
const steps = bootstrapSteps(this._address, this._chainId);
|
|
19083
19165
|
if (!await this.isFreshBootstrapAccount(steps)) {
|
|
19084
19166
|
return false;
|
|
19085
19167
|
}
|
|
19086
|
-
|
|
19168
|
+
try {
|
|
19169
|
+
await this.runAccountBootstrap(steps);
|
|
19170
|
+
} catch (err) {
|
|
19171
|
+
const reason = err instanceof Error ? err.message : String(err);
|
|
19172
|
+
this._bootstrapSkipped = true;
|
|
19173
|
+
this._bootstrapStatus = { skipped: true, reason };
|
|
19174
|
+
this.notificationHandler.warning(
|
|
19175
|
+
`Account bootstrap did not complete: ${reason}`
|
|
19176
|
+
);
|
|
19177
|
+
console.warn(`[TinyCloudNode] account bootstrap failed: ${reason}`);
|
|
19178
|
+
return false;
|
|
19179
|
+
}
|
|
19087
19180
|
return true;
|
|
19088
19181
|
}
|
|
19089
19182
|
async isFreshBootstrapAccount(steps) {
|
|
@@ -19135,16 +19228,23 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19135
19228
|
if (rawAbilities) {
|
|
19136
19229
|
rawAbilitiesBySpace.set(step.space, rawAbilities);
|
|
19137
19230
|
}
|
|
19138
|
-
|
|
19139
|
-
|
|
19140
|
-
|
|
19141
|
-
|
|
19142
|
-
|
|
19231
|
+
let session;
|
|
19232
|
+
try {
|
|
19233
|
+
session = await auth.createBootstrapSession({
|
|
19234
|
+
spaceId: step.spaceId,
|
|
19235
|
+
capabilityRequest: step.request ?? BOOTSTRAP_SESSION_REQUESTS[step.space],
|
|
19236
|
+
rawAbilities
|
|
19237
|
+
});
|
|
19238
|
+
} catch (err) {
|
|
19239
|
+
throw new Error(
|
|
19240
|
+
`Account bootstrap aborted: signature rejected for space "${step.space}". Cause: ${err instanceof Error ? err.message : String(err)}`
|
|
19241
|
+
);
|
|
19242
|
+
}
|
|
19143
19243
|
sessions.set(step.space, session);
|
|
19144
19244
|
}
|
|
19145
19245
|
for (const step of steps) {
|
|
19146
19246
|
if (step.kind !== "host") continue;
|
|
19147
|
-
const hosted = await auth.hostOwnedSpace(step.spaceId);
|
|
19247
|
+
const hosted = await auth.hostOwnedSpace(step.spaceId, "bootstrap-host");
|
|
19148
19248
|
if (!hosted) {
|
|
19149
19249
|
throw new Error(`Failed to host bootstrap space: ${step.spaceId}`);
|
|
19150
19250
|
}
|
|
@@ -19535,8 +19635,8 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19535
19635
|
this._hooks = void 0;
|
|
19536
19636
|
this._vault = void 0;
|
|
19537
19637
|
this._encryption = void 0;
|
|
19538
|
-
this._baseSecrets
|
|
19539
|
-
this._secrets
|
|
19638
|
+
this._baseSecrets.clear();
|
|
19639
|
+
this._secrets.clear();
|
|
19540
19640
|
this._spaceService = void 0;
|
|
19541
19641
|
this._serviceContext = void 0;
|
|
19542
19642
|
this.runtimePermissionGrants = [];
|
|
@@ -19826,6 +19926,20 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
19826
19926
|
getDefaultEncryptionNetworkId(name = DEFAULT_ENCRYPTION_NETWORK_NAME) {
|
|
19827
19927
|
return `urn:tinycloud:encryption:${this.did}:${name}`;
|
|
19828
19928
|
}
|
|
19929
|
+
getEncryptionNetworkIdForSpace(spaceId, name = DEFAULT_ENCRYPTION_NETWORK_NAME) {
|
|
19930
|
+
const ownerDid = this.ownerDidFromSpaceId(spaceId) ?? this.did;
|
|
19931
|
+
return `urn:tinycloud:encryption:${ownerDid}:${name}`;
|
|
19932
|
+
}
|
|
19933
|
+
ownerDidFromSpaceId(spaceId) {
|
|
19934
|
+
if (!spaceId.startsWith("tinycloud:")) return void 0;
|
|
19935
|
+
const body = spaceId.slice("tinycloud:".length);
|
|
19936
|
+
const lastSeparator = body.lastIndexOf(":");
|
|
19937
|
+
if (lastSeparator <= 0) return void 0;
|
|
19938
|
+
const owner = body.slice(0, lastSeparator);
|
|
19939
|
+
if (owner.startsWith("did:")) return owner;
|
|
19940
|
+
if (!owner.includes(":")) return void 0;
|
|
19941
|
+
return `did:${owner}`;
|
|
19942
|
+
}
|
|
19829
19943
|
requireServiceSession() {
|
|
19830
19944
|
const session = this._serviceContext?.session;
|
|
19831
19945
|
if (!session) {
|
|
@@ -20013,7 +20127,7 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
20013
20127
|
spaceId,
|
|
20014
20128
|
crypto: vaultCrypto,
|
|
20015
20129
|
encryption: {
|
|
20016
|
-
networkId: this.
|
|
20130
|
+
networkId: this.getEncryptionNetworkIdForSpace(spaceId),
|
|
20017
20131
|
service: this.getEncryptionService(),
|
|
20018
20132
|
decryptCapabilityProof: () => ({
|
|
20019
20133
|
proofs: [this.requireServiceSession().delegationCid]
|
|
@@ -20144,6 +20258,9 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
20144
20258
|
}
|
|
20145
20259
|
return vaultService;
|
|
20146
20260
|
},
|
|
20261
|
+
createSecretsService: (spaceId) => {
|
|
20262
|
+
return this.secretsForSpace(spaceId);
|
|
20263
|
+
},
|
|
20147
20264
|
// Enable space.delegations.create() via SIWE-based delegation
|
|
20148
20265
|
createDelegation: async (params) => {
|
|
20149
20266
|
try {
|
|
@@ -20266,11 +20383,10 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
20266
20383
|
try {
|
|
20267
20384
|
const host = this.config.host;
|
|
20268
20385
|
const now = /* @__PURE__ */ new Date();
|
|
20269
|
-
const abilities =
|
|
20270
|
-
|
|
20271
|
-
|
|
20272
|
-
|
|
20273
|
-
};
|
|
20386
|
+
const abilities = sharingActionsToAbilities(params.path, params.actions);
|
|
20387
|
+
if (!abilities) {
|
|
20388
|
+
return void 0;
|
|
20389
|
+
}
|
|
20274
20390
|
const prepared = this.wasmBindings.prepareSession({
|
|
20275
20391
|
abilities,
|
|
20276
20392
|
address: this.wasmBindings.ensureEip55(session.address),
|
|
@@ -20526,27 +20642,49 @@ var _TinyCloudNode = class _TinyCloudNode {
|
|
|
20526
20642
|
if (!this._spaceService) {
|
|
20527
20643
|
throw new Error("Not signed in. Call signIn() first.");
|
|
20528
20644
|
}
|
|
20529
|
-
|
|
20530
|
-
|
|
20531
|
-
|
|
20645
|
+
return this.secretsForSpace("secrets");
|
|
20646
|
+
}
|
|
20647
|
+
/**
|
|
20648
|
+
* App-facing secrets API backed by the requested space's vault.
|
|
20649
|
+
*/
|
|
20650
|
+
secretsForSpace(spaceId) {
|
|
20651
|
+
if (!this._spaceService) {
|
|
20652
|
+
throw new Error("Not signed in. Call signIn() first.");
|
|
20653
|
+
}
|
|
20654
|
+
const resolvedSpace = spaceId.startsWith("tinycloud:") ? spaceId : this.ownedSpaceId(spaceId);
|
|
20655
|
+
let secrets = this._secrets.get(resolvedSpace);
|
|
20656
|
+
if (!secrets) {
|
|
20657
|
+
secrets = new NodeSecretsService({
|
|
20658
|
+
getService: () => this.getBaseSecrets(resolvedSpace),
|
|
20659
|
+
space: resolvedSpace,
|
|
20532
20660
|
getManifest: () => this.manifest,
|
|
20533
20661
|
hasPermissions: (permissions) => this.hasRuntimePermissions(permissions),
|
|
20534
20662
|
grantPermissions: (additional) => this.grantRuntimePermissions(additional),
|
|
20535
20663
|
canEscalate: () => this.signer !== void 0 && this.tc !== void 0,
|
|
20536
|
-
getEncryptionNetworkId: () => this.
|
|
20664
|
+
getEncryptionNetworkId: () => this.getEncryptionNetworkIdForSpace(resolvedSpace),
|
|
20665
|
+
resolveSpace: (space) => space.startsWith("tinycloud:") ? space : this.ownedSpaceId(space),
|
|
20537
20666
|
getUnlockSigner: () => this.signer ?? void 0
|
|
20538
20667
|
});
|
|
20668
|
+
this._secrets.set(resolvedSpace, secrets);
|
|
20539
20669
|
}
|
|
20540
|
-
return
|
|
20670
|
+
return secrets;
|
|
20541
20671
|
}
|
|
20542
|
-
getBaseSecrets() {
|
|
20672
|
+
getBaseSecrets(spaceId) {
|
|
20543
20673
|
if (!this._spaceService) {
|
|
20544
20674
|
throw new Error("Not signed in. Call signIn() first.");
|
|
20545
20675
|
}
|
|
20546
|
-
|
|
20547
|
-
|
|
20676
|
+
const resolvedSpace = spaceId.startsWith("tinycloud:") ? spaceId : this.ownedSpaceId(spaceId);
|
|
20677
|
+
let secrets = this._baseSecrets.get(resolvedSpace);
|
|
20678
|
+
if (!secrets) {
|
|
20679
|
+
const kvService = this.createSpaceScopedKVService(resolvedSpace);
|
|
20680
|
+
const vaultService = this.createVaultService(resolvedSpace, kvService);
|
|
20681
|
+
if (this._serviceContext) {
|
|
20682
|
+
vaultService.initialize(this._serviceContext);
|
|
20683
|
+
}
|
|
20684
|
+
secrets = new SecretsService(() => vaultService);
|
|
20685
|
+
this._baseSecrets.set(resolvedSpace, secrets);
|
|
20548
20686
|
}
|
|
20549
|
-
return
|
|
20687
|
+
return secrets;
|
|
20550
20688
|
}
|
|
20551
20689
|
/**
|
|
20552
20690
|
* Hooks write stream subscription API.
|