@tinycloud/node-sdk 2.4.1-beta.0 → 2.5.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.cts CHANGED
@@ -1,6 +1,6 @@
1
1
  import { ISigner, Bytes, IWasmBindings, ISessionManager } from '@tinycloud/sdk-core';
2
2
  export { ACCOUNT_REGISTRY_PATH, ACCOUNT_REGISTRY_SPACE, AccountApplication, AccountApplicationListOptions, AccountDelegation, AccountDelegationListOptions, AccountDelegationRevokeOptions, AccountIndexEnsureResult, AccountIndexRebuildResult, AccountIndexStatus, AccountIndexedReadOptions, AccountService, AccountServiceConfig, AccountSpace, AccountSpaceListOptions, AccountStatus, AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, BuildCanonicalDecryptRequestInput, BuildDecryptFactsInput, BuildDecryptInvocationInput, BuiltDecryptInvocation, CallbackStrategy, CanonicalAddress, CanonicalDecryptRequest, CanonicalJson, CanonicalParsedNetworkId, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, ComposeManifestOptions, ComposedManifestRequest, CreateDelegationParams, DECRYPT_ACTION, DECRYPT_FACT_TYPE, DECRYPT_RESULT_TYPE, DEFAULT_ENCRYPTION_ALG, DEFAULT_KEY_VERSION, DEFAULT_MANIFEST_SPACE, DEFAULT_MANIFEST_VERSION, DEFAULT_SIGNED_READ_URL_EXPIRY_MS, DataVaultConfig, DataVaultService, DatabaseHandle, DecryptCapabilityProof, DecryptEnvelopeOptions, DecryptInvocationFact, DecryptInvocationSigner, DecryptRequestBody, DecryptResponseBody, DecryptTransport, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DidCacheKeyOptions, DidEqualsOptions, DiscoverNetworkInput, DiscoveredNetwork, DiscoverySource, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, ENCRYPTION_NETWORK_URN_PREFIX, ENCRYPTION_SERVICE, ENCRYPTION_SERVICE_SHORT, ENVELOPE_VERSION, EncodedShareData, EncryptToNetworkInput, EncryptToNetworkOptions, EncryptToNetworkResult, EncryptionCrypto, EncryptionError, EncryptionErrorInput, EncryptionService, EncryptionServiceConfig, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, HookEvent, HookServiceName, HookStreamEvent, HookSubscription, HookWebhookListOptions, HookWebhookRecord, HookWebhookRegistration, HookWebhookScope, HookWebhookUnregisterOptions, HooksService, HooksServiceConfig, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IEncryptionService, IHooksService, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISecretsService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IdentityParseError, IngestOptions, InlineEncryptedEnvelope, InvokeFunction, JWK, KVCreateSignedReadUrlOptions, KVResponse, KVService, KVServiceConfig, KVSignedReadUrlResponse, KeyInfo, KeyProvider, KeyType, Manifest, ManifestDefaults, ManifestRegistryRecord, ManifestSecretActions, ManifestValidationError, NETWORK_NAME_PATTERN, NetworkDescriptor, NetworkIdError, NodeDescriptorFetcher, OpenKeyCallbackStrategy, OpenKeySigningRequestBody, OpenKeySigningResponseBody, OpenKeySigningStrategyOptions, ParsedNetworkId, PermissionEntry, PermissionNotInManifestError, PersistedSessionData, PkhDidParts, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, RandomReceiverKeyInput, ReceiveOptions, ReceiverKeyPair, ReceiverKeySigner, ResolvedCapabilities, ResolvedDelegate, ResolvedSecretPath, ResourceCapability, SECRET_NAME_RE, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, SecretPayload, SecretScopeOptions, SecretsError, SecretsService, ServiceContext, ServiceContextConfig, ServiceSession, SessionExpiredError, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignInOptions, SignRequest, SignResponse, SignedReceiverKeyInput, SilentNotificationHandler, Space, SpaceAbilitiesMap, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, SubscribeOptions, TableInfo, TelemetryConfig, TelemetryEventHandler, TinyCloud, TinyCloudConfig, TinyCloudDebugEnableOptions, TinyCloudDebugEvent, TinyCloudDebugLevel, TinyCloudDebugLogger, TinyCloudDebugTimer, TinyCloudSession, UnsupportedFeatureError, VAULT_PERMISSION_SERVICE, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VerifyDecryptResponseInput, VersionCheckError, ViewInfo, WasmVaultFunctions, WellKnownDescriptorFetcher, addressStorageKey, buildCanonicalDecryptRequest, buildDecryptAttenuation, buildDecryptFacts, buildDecryptInvocation, buildNetworkId, buildSpaceUri, canonicalHashHex, canonicalSignedResponse, canonicalizeAddress, canonicalizeDid, canonicalizeDidUrl, canonicalizeEncryptionJson, canonicalizeNetworkId, canonicalizeSecretScope, checkDecryptInvocationInput, checkNodeInfo, clearTinyCloudDebugLogs, composeManifestRequest, createCapabilityKeyRegistry, createOpenKeyCallbackSigningStrategy, createSharingService, createSpaceService, createVaultCrypto, decryptEnvelopeWithKey, defaultSpaceCreationHandler, deriveSignedReceiverKey, didCacheKey, didEquals, disableTinyCloudDebug, discoverNetwork, enableTinyCloudDebug, encryptToNetwork, encryptionBase64Decode, encryptionBase64Encode, encryptionError, encryptionUtf8Decode, encryptionUtf8Encode, ensureNetworkUsableForDecrypt, expandActionShortNames, expandPermissionEntries, expandPermissionEntry, generateRandomReceiverKey, getTinyCloudDebugLogs, hexDecode, hexEncode, installTinyCloudDebugGlobals, isCapabilitySubset, isEvmAddress, isNetworkId, loadManifest, makePkhSpaceId, makePublicSpaceId, networkDiscoveryKey, openWrappedKey, parseCanonicalNetworkId, parseExpiry, parseNetworkId, parsePkhDid, parseSpaceUri, pkhDid, principalDid, principalDidEquals, resolveManifest, resolveSecretListPrefix, resolveSecretPath, resourceCapabilitiesToSpaceAbilitiesMap, tinyCloudDebugLogger, validateEnvelope, validateManifest, verifyDecryptResponse } from '@tinycloud/sdk-core';
3
- export { A as AuthDelegationArtifact, a as AuthRequestArtifact, D as DelegateToOptions, b as DelegateToResult, c as DelegatedAccess, d as DelegationAuthority, F as FileSessionStorage, M as MemorySessionStorage, N as NodeEventEmitterStrategy, e as NodeUserAuthorization, f as NodeUserAuthorizationConfig, P as PortableDelegation, R as RestorableSession, g as RuntimePermissionGrantOptions, S as SignStrategy, T as TinyCloudNode, h as TinyCloudNodeConfig, W as WasmKeyProvider, i as WasmKeyProviderConfig, j as createWasmKeyProvider, k as defaultSignStrategy, l as deserializeDelegation, m as grantAuthRequest, s as serializeDelegation } from './core-D01sn2vf.cjs';
3
+ export { A as AuthDelegationArtifact, a as AuthRequestArtifact, D as DelegateToOptions, b as DelegateToResult, c as DelegatedAccess, d as DelegationAuthority, F as FileSessionStorage, M as MemorySessionStorage, N as NodeEventEmitterStrategy, e as NodeUserAuthorization, f as NodeUserAuthorizationConfig, P as PortableDelegation, R as RestorableSession, g as RuntimePermissionGrantOptions, S as SignStrategy, T as TinyCloudNode, h as TinyCloudNodeConfig, W as WasmKeyProvider, i as WasmKeyProviderConfig, j as createWasmKeyProvider, k as defaultSignStrategy, l as deserializeDelegation, m as grantAuthRequest, s as serializeDelegation } from './core-ojeY-wet.cjs';
4
4
  import { invoke, invokeAny, computeCid, prepareSession, completeSessionSetup, ensureEip55, makeSpaceId, createDelegation, parseRecapFromSiwe, generateHostSIWEMessage, siweToDelegationHeaders, protocolVersion, vault_encrypt, vault_decrypt, vault_derive_key, vault_x25519_from_seed, vault_x25519_dh, vault_random_bytes, vault_sha256 } from '@tinycloud/node-sdk-wasm';
5
5
  import 'events';
6
6
  import '@tinycloud/sdk-services';
package/dist/index.d.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  import { ISigner, Bytes, IWasmBindings, ISessionManager } from '@tinycloud/sdk-core';
2
2
  export { ACCOUNT_REGISTRY_PATH, ACCOUNT_REGISTRY_SPACE, AccountApplication, AccountApplicationListOptions, AccountDelegation, AccountDelegationListOptions, AccountDelegationRevokeOptions, AccountIndexEnsureResult, AccountIndexRebuildResult, AccountIndexStatus, AccountIndexedReadOptions, AccountService, AccountServiceConfig, AccountSpace, AccountSpaceListOptions, AccountStatus, AutoApproveSpaceCreationHandler, AutoRejectStrategy, AutoSignStrategy, BatchOptions, BatchResponse, BuildCanonicalDecryptRequestInput, BuildDecryptFactsInput, BuildDecryptInvocationInput, BuiltDecryptInvocation, CallbackStrategy, CanonicalAddress, CanonicalDecryptRequest, CanonicalJson, CanonicalParsedNetworkId, CapabilityEntry, CapabilityKeyRegistry, CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, ClientSession, ColumnInfo, ComposeManifestOptions, ComposedManifestRequest, CreateDelegationParams, DECRYPT_ACTION, DECRYPT_FACT_TYPE, DECRYPT_RESULT_TYPE, DEFAULT_ENCRYPTION_ALG, DEFAULT_KEY_VERSION, DEFAULT_MANIFEST_SPACE, DEFAULT_MANIFEST_VERSION, DEFAULT_SIGNED_READ_URL_EXPIRY_MS, DataVaultConfig, DataVaultService, DatabaseHandle, DecryptCapabilityProof, DecryptEnvelopeOptions, DecryptInvocationFact, DecryptInvocationSigner, DecryptRequestBody, DecryptResponseBody, DecryptTransport, Delegation, DelegationChain, DelegationChainV2, DelegationDirection, DelegationError, DelegationErrorCode, DelegationErrorCodes, DelegationFilters, DelegationManager, DelegationManagerConfig, DelegationRecord, DelegationResult, DidCacheKeyOptions, DidEqualsOptions, DiscoverNetworkInput, DiscoveredNetwork, DiscoverySource, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, ENCRYPTION_NETWORK_URN_PREFIX, ENCRYPTION_SERVICE, ENCRYPTION_SERVICE_SHORT, ENVELOPE_VERSION, EncodedShareData, EncryptToNetworkInput, EncryptToNetworkOptions, EncryptToNetworkResult, EncryptionCrypto, EncryptionError, EncryptionErrorInput, EncryptionService, EncryptionServiceConfig, ExecuteOptions, ExecuteResponse, Extension, FetchFunction, GenerateShareParams, HookEvent, HookServiceName, HookStreamEvent, HookSubscription, HookWebhookListOptions, HookWebhookRecord, HookWebhookRegistration, HookWebhookScope, HookWebhookUnregisterOptions, HooksService, HooksServiceConfig, ICapabilityKeyRegistry, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IENSResolver, IEncryptionService, IHooksService, IKVService, INotificationHandler, IPrefixedKVService, ISQLService, ISecretsService, ISessionManager, ISessionStorage, ISharingService, ISigner, ISpace, ISpaceCreationHandler, ISpaceScopedDelegations, ISpaceScopedSharing, ISpaceService, IUserAuthorization, IWasmBindings, IdentityParseError, IngestOptions, InlineEncryptedEnvelope, InvokeFunction, JWK, KVCreateSignedReadUrlOptions, KVResponse, KVService, KVServiceConfig, KVSignedReadUrlResponse, KeyInfo, KeyProvider, KeyType, Manifest, ManifestDefaults, ManifestRegistryRecord, ManifestSecretActions, ManifestValidationError, NETWORK_NAME_PATTERN, NetworkDescriptor, NetworkIdError, NodeDescriptorFetcher, OpenKeyCallbackStrategy, OpenKeySigningRequestBody, OpenKeySigningResponseBody, OpenKeySigningStrategyOptions, ParsedNetworkId, PermissionEntry, PermissionNotInManifestError, PersistedSessionData, PkhDidParts, PrefixedKVService, ProtocolMismatchError, QueryOptions, QueryResponse, RandomReceiverKeyInput, ReceiveOptions, ReceiverKeyPair, ReceiverKeySigner, ResolvedCapabilities, ResolvedDelegate, ResolvedSecretPath, ResourceCapability, SECRET_NAME_RE, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, SecretPayload, SecretScopeOptions, SecretsError, SecretsService, ServiceContext, ServiceContextConfig, ServiceSession, SessionExpiredError, ShareAccess, ShareLink, ShareLinkData, ShareSchema, SharingService, SharingServiceConfig, SignCallback, SignInOptions, SignRequest, SignResponse, SignedReceiverKeyInput, SilentNotificationHandler, Space, SpaceAbilitiesMap, SpaceConfig, SpaceCreationContext, SpaceErrorCode, SpaceErrorCodes, SpaceInfo, SpaceOwnership, SpaceService, SpaceServiceConfig, SqlStatement, SqlValue, StoredDelegationChain, SubscribeOptions, TableInfo, TelemetryConfig, TelemetryEventHandler, TinyCloud, TinyCloudConfig, TinyCloudDebugEnableOptions, TinyCloudDebugEvent, TinyCloudDebugLevel, TinyCloudDebugLogger, TinyCloudDebugTimer, TinyCloudSession, UnsupportedFeatureError, VAULT_PERMISSION_SERVICE, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VerifyDecryptResponseInput, VersionCheckError, ViewInfo, WasmVaultFunctions, WellKnownDescriptorFetcher, addressStorageKey, buildCanonicalDecryptRequest, buildDecryptAttenuation, buildDecryptFacts, buildDecryptInvocation, buildNetworkId, buildSpaceUri, canonicalHashHex, canonicalSignedResponse, canonicalizeAddress, canonicalizeDid, canonicalizeDidUrl, canonicalizeEncryptionJson, canonicalizeNetworkId, canonicalizeSecretScope, checkDecryptInvocationInput, checkNodeInfo, clearTinyCloudDebugLogs, composeManifestRequest, createCapabilityKeyRegistry, createOpenKeyCallbackSigningStrategy, createSharingService, createSpaceService, createVaultCrypto, decryptEnvelopeWithKey, defaultSpaceCreationHandler, deriveSignedReceiverKey, didCacheKey, didEquals, disableTinyCloudDebug, discoverNetwork, enableTinyCloudDebug, encryptToNetwork, encryptionBase64Decode, encryptionBase64Encode, encryptionError, encryptionUtf8Decode, encryptionUtf8Encode, ensureNetworkUsableForDecrypt, expandActionShortNames, expandPermissionEntries, expandPermissionEntry, generateRandomReceiverKey, getTinyCloudDebugLogs, hexDecode, hexEncode, installTinyCloudDebugGlobals, isCapabilitySubset, isEvmAddress, isNetworkId, loadManifest, makePkhSpaceId, makePublicSpaceId, networkDiscoveryKey, openWrappedKey, parseCanonicalNetworkId, parseExpiry, parseNetworkId, parsePkhDid, parseSpaceUri, pkhDid, principalDid, principalDidEquals, resolveManifest, resolveSecretListPrefix, resolveSecretPath, resourceCapabilitiesToSpaceAbilitiesMap, tinyCloudDebugLogger, validateEnvelope, validateManifest, verifyDecryptResponse } from '@tinycloud/sdk-core';
3
- export { A as AuthDelegationArtifact, a as AuthRequestArtifact, D as DelegateToOptions, b as DelegateToResult, c as DelegatedAccess, d as DelegationAuthority, F as FileSessionStorage, M as MemorySessionStorage, N as NodeEventEmitterStrategy, e as NodeUserAuthorization, f as NodeUserAuthorizationConfig, P as PortableDelegation, R as RestorableSession, g as RuntimePermissionGrantOptions, S as SignStrategy, T as TinyCloudNode, h as TinyCloudNodeConfig, W as WasmKeyProvider, i as WasmKeyProviderConfig, j as createWasmKeyProvider, k as defaultSignStrategy, l as deserializeDelegation, m as grantAuthRequest, s as serializeDelegation } from './core-D01sn2vf.js';
3
+ export { A as AuthDelegationArtifact, a as AuthRequestArtifact, D as DelegateToOptions, b as DelegateToResult, c as DelegatedAccess, d as DelegationAuthority, F as FileSessionStorage, M as MemorySessionStorage, N as NodeEventEmitterStrategy, e as NodeUserAuthorization, f as NodeUserAuthorizationConfig, P as PortableDelegation, R as RestorableSession, g as RuntimePermissionGrantOptions, S as SignStrategy, T as TinyCloudNode, h as TinyCloudNodeConfig, W as WasmKeyProvider, i as WasmKeyProviderConfig, j as createWasmKeyProvider, k as defaultSignStrategy, l as deserializeDelegation, m as grantAuthRequest, s as serializeDelegation } from './core-ojeY-wet.js';
4
4
  import { invoke, invokeAny, computeCid, prepareSession, completeSessionSetup, ensureEip55, makeSpaceId, createDelegation, parseRecapFromSiwe, generateHostSIWEMessage, siweToDelegationHeaders, protocolVersion, vault_encrypt, vault_decrypt, vault_derive_key, vault_x25519_from_seed, vault_x25519_dh, vault_random_bytes, vault_sha256 } from '@tinycloud/node-sdk-wasm';
5
5
  import 'events';
6
6
  import '@tinycloud/sdk-services';
package/dist/index.js CHANGED
@@ -17668,7 +17668,7 @@ var NodeUserAuthorization = class {
17668
17668
  * Create the space on the TinyCloud server (host delegation).
17669
17669
  * This registers the user as the owner of the space.
17670
17670
  */
17671
- async hostSpace(targetSpaceId) {
17671
+ async hostSpace(targetSpaceId, purpose) {
17672
17672
  if (!this._tinyCloudSession || !this._address || !this._chainId) {
17673
17673
  throw new Error("Must be signed in to host space");
17674
17674
  }
@@ -17684,7 +17684,7 @@ var NodeUserAuthorization = class {
17684
17684
  spaceId,
17685
17685
  peerId
17686
17686
  });
17687
- const signature2 = await this.signMessage(siwe);
17687
+ const signature2 = await this.signMessage(siwe, purpose);
17688
17688
  const headers = this.wasm.siweToDelegationHeaders({ siwe, signature: signature2 });
17689
17689
  const result = await submitHostDelegation(host, headers);
17690
17690
  return result.success;
@@ -17700,8 +17700,8 @@ var NodeUserAuthorization = class {
17700
17700
  * Create a specific owned space on the server via host delegation.
17701
17701
  * Used by manifest registry setup for the account space.
17702
17702
  */
17703
- async hostOwnedSpace(spaceId) {
17704
- return this.hostSpace(spaceId);
17703
+ async hostOwnedSpace(spaceId, purpose) {
17704
+ return this.hostSpace(spaceId, purpose);
17705
17705
  }
17706
17706
  /**
17707
17707
  * Ensure the user's space exists on the TinyCloud server.
@@ -17851,7 +17851,8 @@ var NodeUserAuthorization = class {
17851
17851
  address,
17852
17852
  chainId,
17853
17853
  message: prepared.siwe,
17854
- type: "siwe"
17854
+ type: "siwe",
17855
+ purpose: "bootstrap-session"
17855
17856
  });
17856
17857
  const session = this.wasm.completeSessionSetup({
17857
17858
  ...prepared,
@@ -17915,7 +17916,8 @@ var NodeUserAuthorization = class {
17915
17916
  address,
17916
17917
  chainId,
17917
17918
  message: prepared.siwe,
17918
- type: "siwe"
17919
+ type: "siwe",
17920
+ purpose: "sign-in"
17919
17921
  });
17920
17922
  const session = this.wasm.completeSessionSetup({
17921
17923
  ...prepared,
@@ -18003,7 +18005,7 @@ var NodeUserAuthorization = class {
18003
18005
  /**
18004
18006
  * Sign a message with the connected signer.
18005
18007
  */
18006
- async signMessage(message) {
18008
+ async signMessage(message, purpose) {
18007
18009
  if (!this._address) {
18008
18010
  this._address = canonicalizeAddress(await this.signer.getAddress());
18009
18011
  }
@@ -18014,7 +18016,8 @@ var NodeUserAuthorization = class {
18014
18016
  address: this._address,
18015
18017
  chainId: this._chainId,
18016
18018
  message,
18017
- type: "message"
18019
+ type: "message",
18020
+ ...purpose ? { purpose } : {}
18018
18021
  });
18019
18022
  }
18020
18023
  /**
@@ -18658,6 +18661,15 @@ var DEFAULT_SESSION_EXPIRATION_MS = EXPIRY3.SESSION_MS;
18658
18661
  function isOpenKeyAutoSignStrategy(strategy) {
18659
18662
  return strategy?.openKeyAutoSign === true;
18660
18663
  }
18664
+ function isInteractiveSigner(config) {
18665
+ if (config.privateKey) {
18666
+ return false;
18667
+ }
18668
+ if (isOpenKeyAutoSignStrategy(config.signStrategy)) {
18669
+ return false;
18670
+ }
18671
+ return config.signer !== void 0;
18672
+ }
18661
18673
  function didPrincipalMatches2(actual, expected) {
18662
18674
  try {
18663
18675
  return principalDidEquals2(actual, expected);
@@ -18794,6 +18806,21 @@ var _TinyCloudNode = class _TinyCloudNode {
18794
18806
  this._baseSecrets = /* @__PURE__ */ new Map();
18795
18807
  this._secrets = /* @__PURE__ */ new Map();
18796
18808
  this.runtimePermissionGrants = [];
18809
+ /**
18810
+ * True when the last signIn() detected an interactive signer and skipped
18811
+ * client-side bootstrap. Apps can read this to know whether bootstrap was
18812
+ * deferred to the server (OpenKey) or requires a separate user action.
18813
+ */
18814
+ this._bootstrapSkipped = false;
18815
+ /**
18816
+ * Outcome of the last signIn()'s account-bootstrap attempt. `skipped` is
18817
+ * true when bootstrap did not complete (interactive signer, auto-sign
18818
+ * denied, or a bootstrap step failed); `reason` carries the cause so apps
18819
+ * can surface a "finish account setup" call-to-action.
18820
+ */
18821
+ this._bootstrapStatus = {
18822
+ skipped: false
18823
+ };
18797
18824
  this.invokeWithRuntimePermissions = (session, service, path, action, facts) => {
18798
18825
  return this.wasmBindings.invoke(
18799
18826
  this.selectInvocationSession(session, service, path, action),
@@ -18886,6 +18913,15 @@ var _TinyCloudNode = class _TinyCloudNode {
18886
18913
  static registerNodeDefaults(defaults) {
18887
18914
  _TinyCloudNode.nodeDefaults = defaults;
18888
18915
  }
18916
+ /** Whether the last signIn() skipped client-side bootstrap because the
18917
+ * signer is interactive (browser wallet / EIP-1193 provider). */
18918
+ get bootstrapSkipped() {
18919
+ return this._bootstrapSkipped;
18920
+ }
18921
+ /** Outcome of the last signIn()'s account-bootstrap attempt. */
18922
+ get bootstrapStatus() {
18923
+ return this._bootstrapStatus;
18924
+ }
18889
18925
  get nodeFeatures() {
18890
18926
  return this.auth?.nodeFeatures ?? [];
18891
18927
  }
@@ -19109,17 +19145,38 @@ var _TinyCloudNode = class _TinyCloudNode {
19109
19145
  return this.wasmBindings.makeSpaceId(this._address, this._chainId, name);
19110
19146
  }
19111
19147
  async bootstrapAccountIfNeeded() {
19148
+ this._bootstrapSkipped = false;
19149
+ this._bootstrapStatus = { skipped: false };
19112
19150
  if (this.config.autoBootstrapAccount === false) {
19113
19151
  return false;
19114
19152
  }
19115
19153
  if (!this.auth || !this._address) {
19116
19154
  return false;
19117
19155
  }
19156
+ if (isInteractiveSigner(this.config)) {
19157
+ console.debug(
19158
+ "[TinyCloudNode] bootstrap skipped: interactive signer detected. Server-side bootstrap (OpenKey) is expected to have provisioned the account."
19159
+ );
19160
+ this._bootstrapSkipped = true;
19161
+ this._bootstrapStatus = { skipped: true, reason: "interactive-signer" };
19162
+ return false;
19163
+ }
19118
19164
  const steps = bootstrapSteps(this._address, this._chainId);
19119
19165
  if (!await this.isFreshBootstrapAccount(steps)) {
19120
19166
  return false;
19121
19167
  }
19122
- await this.runAccountBootstrap(steps);
19168
+ try {
19169
+ await this.runAccountBootstrap(steps);
19170
+ } catch (err) {
19171
+ const reason = err instanceof Error ? err.message : String(err);
19172
+ this._bootstrapSkipped = true;
19173
+ this._bootstrapStatus = { skipped: true, reason };
19174
+ this.notificationHandler.warning(
19175
+ `Account bootstrap did not complete: ${reason}`
19176
+ );
19177
+ console.warn(`[TinyCloudNode] account bootstrap failed: ${reason}`);
19178
+ return false;
19179
+ }
19123
19180
  return true;
19124
19181
  }
19125
19182
  async isFreshBootstrapAccount(steps) {
@@ -19171,16 +19228,23 @@ var _TinyCloudNode = class _TinyCloudNode {
19171
19228
  if (rawAbilities) {
19172
19229
  rawAbilitiesBySpace.set(step.space, rawAbilities);
19173
19230
  }
19174
- const session = await auth.createBootstrapSession({
19175
- spaceId: step.spaceId,
19176
- capabilityRequest: step.request ?? BOOTSTRAP_SESSION_REQUESTS[step.space],
19177
- rawAbilities
19178
- });
19231
+ let session;
19232
+ try {
19233
+ session = await auth.createBootstrapSession({
19234
+ spaceId: step.spaceId,
19235
+ capabilityRequest: step.request ?? BOOTSTRAP_SESSION_REQUESTS[step.space],
19236
+ rawAbilities
19237
+ });
19238
+ } catch (err) {
19239
+ throw new Error(
19240
+ `Account bootstrap aborted: signature rejected for space "${step.space}". Cause: ${err instanceof Error ? err.message : String(err)}`
19241
+ );
19242
+ }
19179
19243
  sessions.set(step.space, session);
19180
19244
  }
19181
19245
  for (const step of steps) {
19182
19246
  if (step.kind !== "host") continue;
19183
- const hosted = await auth.hostOwnedSpace(step.spaceId);
19247
+ const hosted = await auth.hostOwnedSpace(step.spaceId, "bootstrap-host");
19184
19248
  if (!hosted) {
19185
19249
  throw new Error(`Failed to host bootstrap space: ${step.spaceId}`);
19186
19250
  }