npm - @tinycloud/sdk-core - Versions diffs - 2.2.0-beta.1 → 2.2.0-beta.11 - Mend

@tinycloud/sdk-core 2.2.0-beta.1 → 2.2.0-beta.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.cts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { z } from 'zod';
 import { InvokeFunction, InvokeAnyFunction, ServiceError, Result as Result$1, ServiceSession, FetchFunction, ServiceConstructor, RetryPolicy, IServiceContext, IService, IKVService, ISQLService, IDuckDbService, IHooksService, IDataVaultService } from '@tinycloud/sdk-services';
-export { BatchOptions, BatchResponse, ColumnInfo, DataVaultConfig, DataVaultService, DatabaseHandle, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, ErrorCode, ErrorCodes, ExecuteOptions, ExecuteResponse, FetchFunction, HookEvent, HookServiceName, HookStreamEvent, HookSubscription, HookWebhookListOptions, HookWebhookRecord, HookWebhookRegistration, HookWebhookScope, HookWebhookUnregisterOptions, HooksService, HooksServiceConfig, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IHooksService, IKVService, IPrefixedKVService, ISQLService, IService, IServiceContext, InvokeAnyEntry, InvokeAnyFunction, InvokeFunction, KVDeleteOptions, KVGetOptions, KVHeadOptions, KVListOptions, KVListResponse, KVPutOptions, KVResponse, KVResponseHeaders, KVService, KVServiceConfig, PrefixedKVService, QueryOptions, QueryResponse, Result, RetryPolicy, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, ServiceContext, ServiceContextConfig, ServiceError, ServiceSession, SqlStatement, SqlValue, SubscribeOptions, TableInfo, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, ViewInfo, WasmVaultFunctions, createVaultCrypto, defaultRetryPolicy, err, ok, serviceError } from '@tinycloud/sdk-services';
+export { BatchOptions, BatchResponse, ColumnInfo, DataVaultConfig, DataVaultService, DatabaseHandle, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, ErrorCode, ErrorCodes, ExecuteOptions, ExecuteResponse, FetchFunction, HookEvent, HookServiceName, HookStreamEvent, HookSubscription, HookWebhookListOptions, HookWebhookRecord, HookWebhookRegistration, HookWebhookScope, HookWebhookUnregisterOptions, HooksService, HooksServiceConfig, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IHooksService, IKVService, IPrefixedKVService, ISQLService, ISecretsService, IService, IServiceContext, InvokeAnyEntry, InvokeAnyFunction, InvokeFunction, KVDeleteOptions, KVGetOptions, KVHeadOptions, KVListOptions, KVListResponse, KVPutOptions, KVResponse, KVResponseHeaders, KVService, KVServiceConfig, PrefixedKVService, QueryOptions, QueryResponse, ResolvedSecretPath, Result, RetryPolicy, SECRET_NAME_RE, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, SecretPayload, SecretScopeOptions, SecretsError, SecretsService, ServiceContext, ServiceContextConfig, ServiceError, ServiceSession, SqlStatement, SqlValue, SubscribeOptions, TableInfo, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, ViewInfo, WasmVaultFunctions, canonicalizeSecretScope, createVaultCrypto, defaultRetryPolicy, err, ok, resolveSecretPath, serviceError } from '@tinycloud/sdk-services';
 export { SiweMessage } from 'siwe';
 /**
@@ -200,8 +200,9 @@ interface IENSResolver {
  * in their `manifest.json` and the shape we compare against when performing
  * the capability-subset derivability check in the delegation flow.
  *
- * `service` uses the long form (e.g. `"tinycloud.kv"`, `"tinycloud.sql"`)
- * which matches the ability-namespace half of the full action URN.
+ * `service` uses the long form (e.g. `"tinycloud.kv"`, `"tinycloud.sql"`).
+ * `"tinycloud.vault"` is an SDK-only shorthand that expands to the KV
+ * resources the vault service uses; it is never encoded as a recap service.
  */
 interface PermissionEntry {
     /** Service namespace, e.g. "tinycloud.kv", "tinycloud.sql", "tinycloud.duckdb", "tinycloud.capabilities". */
@@ -229,12 +230,21 @@ interface PermissionEntry {
     /** User/agent-facing context for why this permission is requested. */
     description?: string;
 }
+type ManifestSecretActions = true | string | string[] | {
+    /** Actual vault secret name. Defaults to the manifest object key. */
+    name?: string;
+    /** Optional scoped secret namespace. Omit for global secrets. */
+    scope?: string;
+    actions?: string | string[];
+    expiry?: string;
+    description?: string;
+};
 /**
  * The valid values for `Manifest.defaults`.
  *
  * - `false` → no auto-included permissions
  * - `true` → standard tier (KV + SQL read/write + capabilities:read)
- * - `"admin"` → standard + SQL ddl + capabilities:admin
+ * - `"admin"` → standard + SQL ddl
  * - `"all"` → everything the SDK supports (including DuckDB)
  *
  * Unknown string values silently fall back to `true`. Values are normalized
@@ -281,6 +291,11 @@ interface Manifest {
      * DuckDB (opt-in), or `skipPrefix: true` entries.
      */
     permissions?: PermissionEntry[];
+    /**
+     * Secret name shorthand. Entries resolve to encrypted vault KV resources in
+     * the `secrets` space.
+     */
+    secrets?: Record<string, ManifestSecretActions>;
 }
 /**
  * A resolved permission entry with fully-expanded paths and action URNs.
@@ -369,7 +384,12 @@ declare class ManifestValidationError extends Error {
 }
 /**
  * Default expiry when neither the manifest, delegation, nor permission
- * specifies one. Spec: 30 days.
+ * specifies one. APP tier — see `expiry.ts`. Spec: 30 days.
+ *
+ * Kept as an ms-format string because the manifest schema stores expiry
+ * as a string and the parser is shared between this default and
+ * caller-provided values; converting `EXPIRY.APP_MS` back to a string
+ * here would duplicate that same `30d` literal in another form.
  */
 declare const DEFAULT_EXPIRY = "30d";
 /**
@@ -384,6 +404,8 @@ declare const DEFAULT_MANIFEST_SPACE = "applications";
 declare const ACCOUNT_REGISTRY_SPACE = "account";
 /** Account-space KV prefix used for installed-application registry records. */
 declare const ACCOUNT_REGISTRY_PATH = "applications/";
+/** SDK-only permission service for encrypted vault resources. */
+declare const VAULT_PERMISSION_SERVICE = "tinycloud.vault";
 /**
  * Known services and their short-form (recap URI) names. The TinyCloud
  * node encodes the recap resource URI with the short service name, while
@@ -414,6 +436,22 @@ declare function parseExpiry(duration: string): number;
  *     → `["tinycloud.kv/get"]` (passed through unchanged)
  */
 declare function expandActionShortNames(service: string, actions: readonly string[]): string[];
+/**
+ * Expand SDK virtual permission services into concrete recap-capable services.
+ *
+ * Today this handles `"tinycloud.vault"`, which is backed by KV resources:
+ * - read/get: `keys/<path>` + `vault/<path>` with `tinycloud.kv/get`
+ * - write/put: `keys/<path>` + `vault/<path>` with `tinycloud.kv/put`
+ * - delete/del: `keys/<path>` + `vault/<path>` with `tinycloud.kv/del`
+ * - list: `vault/<path>` with `tinycloud.kv/list`
+ * - head: `vault/<path>` with `tinycloud.kv/get`
+ * - metadata: `vault/<path>` with `tinycloud.kv/metadata`
+ */
+declare function expandPermissionEntry(entry: PermissionEntry): PermissionEntry[];
+/**
+ * Expand a list of permission entries using {@link expandPermissionEntry}.
+ */
+declare function expandPermissionEntries(entries: readonly PermissionEntry[]): PermissionEntry[];
 /**
  * Apply the manifest prefix to a permission path per the spec rules.
  *
@@ -2033,15 +2071,15 @@ declare const SpaceInfoSchema: z.ZodObject<{
     type: "owned" | "delegated";
     id: string;
     owner: string;
-    expiresAt?: Date | undefined;
     name?: string | undefined;
+    expiresAt?: Date | undefined;
     permissions?: string[] | undefined;
 }, {
     type: "owned" | "delegated";
     id: string;
     owner: string;
-    expiresAt?: Date | undefined;
     name?: string | undefined;
+    expiresAt?: Date | undefined;
     permissions?: string[] | undefined;
 }>;
 type SpaceInfo = z.infer<typeof SpaceInfoSchema>;
@@ -2318,14 +2356,14 @@ declare const DelegatedResourceSchema: z.ZodObject<{
     actions: z.ZodArray<z.ZodString, "many">;
 }, "strip", z.ZodTypeAny, {
     path: string;
-    service: string;
-    space: string;
     actions: string[];
+    space: string;
+    service: string;
 }, {
     path: string;
-    service: string;
-    space: string;
     actions: string[];
+    space: string;
+    service: string;
 }>;
 type DelegatedResource = z.infer<typeof DelegatedResourceSchema>;
 /**
@@ -2416,21 +2454,21 @@ declare const CreateDelegationWasmResultSchema: z.ZodObject<{
         actions: z.ZodArray<z.ZodString, "many">;
     }, "strip", z.ZodTypeAny, {
         path: string;
-        service: string;
-        space: string;
         actions: string[];
+        space: string;
+        service: string;
     }, {
         path: string;
-        service: string;
-        space: string;
         actions: string[];
+        space: string;
+        service: string;
     }>, "many">;
 }, "strip", z.ZodTypeAny, {
     resources: {
         path: string;
-        service: string;
-        space: string;
         actions: string[];
+        space: string;
+        service: string;
     }[];
     expiry: Date;
     delegation: string;
@@ -2439,9 +2477,9 @@ declare const CreateDelegationWasmResultSchema: z.ZodObject<{
 }, {
     resources: {
         path: string;
-        service: string;
-        space: string;
         actions: string[];
+        space: string;
+        service: string;
     }[];
     expiry: Date;
     delegation: string;
@@ -4013,6 +4051,10 @@ interface ISpace {
      * KV operations scoped to this space.
      */
     readonly kv: IKVService;
+    /**
+     * Data Vault operations scoped to this space.
+     */
+    readonly vault: IDataVaultService;
     /**
      * Delegation operations scoped to this space.
      */
@@ -4042,6 +4084,10 @@ interface SpaceConfig {
      * Factory function to create a space-scoped KV service.
      */
     createKV: (spaceId: string) => IKVService;
+    /**
+     * Factory function to create a space-scoped Data Vault service.
+     */
+    createVault: (spaceId: string) => IDataVaultService;
     /**
      * Factory function to create space-scoped delegations.
      */
@@ -4081,6 +4127,7 @@ declare class Space implements ISpace {
     private readonly _id;
     private readonly _name;
     private readonly _kv;
+    private readonly _vault;
     private readonly _delegations;
     private readonly _sharing;
     private readonly _getInfo;
@@ -4102,6 +4149,10 @@ declare class Space implements ISpace {
      * KV operations scoped to this space.
      */
     get kv(): IKVService;
+    /**
+     * Data Vault operations scoped to this space.
+     */
+    get vault(): IDataVaultService;
     /**
      * Delegation operations scoped to this space.
      */
@@ -4177,6 +4228,8 @@ interface SpaceServiceConfig {
     capabilityRegistry?: ICapabilityKeyRegistry;
     /** Factory function to create a space-scoped KV service */
     createKVService?: (spaceId: string) => IKVService;
+    /** Factory function to create a space-scoped Data Vault service */
+    createVaultService?: (spaceId: string) => IDataVaultService;
     /** User's PKH DID (derived from address or provided explicitly) */
     userDid?: string;
     /** Optional SharingService for v2 sharing links (client-side) */
@@ -4303,6 +4356,7 @@ declare class SpaceService implements ISpaceService {
     private fetchFn;
     private capabilityRegistry?;
     private createKVServiceFn?;
+    private createVaultServiceFn?;
     private _userDid?;
     private sharingService?;
     private createDelegationFn?;
@@ -4385,6 +4439,10 @@ declare class SpaceService implements ISpaceService {
      * Create a space-scoped KV service.
      */
     private createSpaceScopedKV;
+    /**
+     * Create a space-scoped Data Vault service.
+     */
+    private createSpaceScopedVault;
     /**
      * Create space-scoped delegation operations.
      */
@@ -4437,4 +4495,130 @@ interface NodeInfo {
 }
 declare function checkNodeInfo(host: string, sdkProtocol: number, fetchFn?: typeof globalThis.fetch): Promise<NodeInfo>;
-export { ACCOUNT_REGISTRY_PATH, ACCOUNT_REGISTRY_SPACE, type AbilitiesMap, AutoApproveSpaceCreationHandler, type AutoRejectStrategy, type AutoSignStrategy, type Bytes, type CallbackStrategy, type CapabilityEntry, CapabilityKeyRegistry, type CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, type ClientSession, ClientSessionSchema, type ComposeManifestOptions, type ComposedManifestRequest, type CreateDelegationFunction, type CreateDelegationParams, type CreateDelegationWasmParams, type CreateDelegationWasmResult, DEFAULT_DEFAULTS, DEFAULT_EXPIRY, DEFAULT_MANIFEST_SPACE, DEFAULT_MANIFEST_VERSION, type DelegatedResource, type Delegation, type DelegationApiResponse, type DelegationChain, type DelegationChainV2, type DelegationDirection, type DelegationError, type DelegationErrorCode, DelegationErrorCodes, type DelegationFilters, DelegationManager, type DelegationManagerConfig, type DelegationRecord, type Result as DelegationResult, type EncodedShareData, type EnsData, EnsDataSchema, type EventEmitterStrategy, type Extension, type GenerateShareParams, type ICapabilityKeyRegistry, type IENSResolver, type INotificationHandler, type ISessionManager, type ISessionStorage, type ISharingService, type ISigner, type ISpace, type ISpaceCreationHandler, type ISpaceScopedDelegations, type ISpaceScopedSharing, type ISpaceService, type IUserAuthorization, type IWasmBindings, type IngestOptions, type JWK, type KeyInfo, type KeyProvider, type KeyType, type Manifest, type ManifestDefaults, type ManifestRegistryRecord, ManifestValidationError, type NodeInfo, type ParseRecapFromSiwe, type PartialSiweMessage, type PermissionEntry, PermissionNotInManifestError, type PersistedSessionData, type PersistedTinyCloudSession, ProtocolMismatchError, type ReceiveOptions, type ResolvedCapabilities, type ResolvedDelegate, type ResourceCapability, SERVICE_LONG_TO_SHORT, SERVICE_SHORT_TO_LONG, type ServerHost, SessionExpiredError, type ShareAccess, type ShareLink, type ShareLinkData, type ShareSchema, SharingService, type SharingServiceConfig, type SignCallback, type SignInOptions, type SignRequest, type SignResponse, type SignStrategy, SilentNotificationHandler, type SiweConfig, SiweConfigSchema, Space, type SpaceAbilitiesMap, type SpaceConfig, type SpaceCreationContext, type SpaceDelegationParams, type SpaceErrorCode, SpaceErrorCodes, type SpaceHostResult, type SpaceInfo, type SpaceOwnership, SpaceService, type SpaceServiceConfig, type StoredDelegationChain, type SubsetCheckResult, TinyCloud, type TinyCloudConfig, type TinyCloudSession, UnsupportedFeatureError, type UserAuthorizationConfig, type ValidationError, VersionCheckError, type WasmRecapEntry, activateSessionWithHost, applyPrefix, buildSpaceUri, checkNodeInfo, composeManifestRequest, createCapabilityKeyRegistry, createSharingService, createSpaceService, defaultSignStrategy, defaultSpaceCreationHandler, expandActionShortNames, fetchPeerId, isCapabilitySubset, loadManifest, makePublicSpaceId, manifestAbilitiesUnion, normalizeDefaults, parseExpiry, parseRecapCapabilities, parseSpaceUri, resolveManifest, resourceCapabilitiesToAbilitiesMap, resourceCapabilitiesToSpaceAbilitiesMap, submitHostDelegation, validateClientSession, validateManifest, validatePersistedSessionData };
+/**
+ * TinyCloud location registry helpers.
+ *
+ * The registry maps a DID to one or more multiaddrs. Registry records are
+ * signed by the DID subject; centralized storage is only a discovery cache.
+ */
+interface LocationRecordPayload {
+    version: 1;
+    subject: string;
+    multiaddrs: string[];
+    updated_at: string;
+    sequence: number;
+}
+interface LocationRecord extends LocationRecordPayload {
+    signature: string;
+}
+type LocationSource = "explicit" | "blockchain" | "centralized" | "fallback";
+declare const DEFAULT_TINYCLOUD_LOCATION_REGISTRY_URL = "https://registry.tinycloud.xyz";
+declare const DEFAULT_TINYCLOUD_FALLBACK_HOST = "https://node.tinycloud.xyz";
+interface LocationCandidate {
+    source: LocationSource;
+    multiaddrs: string[];
+    record?: LocationRecord;
+}
+interface LocationResolutionAttempt {
+    source: LocationSource;
+    candidate?: LocationCandidate;
+    error?: Error;
+}
+interface ResolvedCloudLocation {
+    subject: string;
+    source: LocationSource;
+    multiaddrs: string[];
+    record?: LocationRecord;
+    attempts: LocationResolutionAttempt[];
+    resolvedAt: string;
+}
+interface ResolveCloudLocationOptions {
+    /** Highest-priority location supplied directly by the caller. */
+    explicitMultiaddrs?: string[];
+    /** Optional blockchain resolver adapter. */
+    blockchain?: (subject: string) => Promise<LocationCandidateInput | null | undefined>;
+    /** Centralized location registry base URL, e.g. https://registry.tinycloud.xyz. */
+    centralizedRegistryUrl?: string;
+    /** Lowest-priority fallback location. */
+    fallbackMultiaddrs?: string[];
+    /** Custom fetch implementation. Defaults to globalThis.fetch. */
+    fetch?: typeof fetch;
+    /** Verify centralized/blockchain record signatures. Default true. */
+    verifyRecords?: boolean;
+}
+interface ResolvedTinyCloudHosts {
+    hosts: string[];
+    location: ResolvedCloudLocation;
+}
+interface ResolveTinyCloudHostsOptions {
+    /** Highest-priority TinyCloud HTTP host URLs or multiaddrs supplied directly. */
+    explicitHosts?: string[];
+    /** Optional blockchain resolver adapter. */
+    blockchain?: ResolveCloudLocationOptions["blockchain"];
+    /** Centralized location registry URL. Default https://registry.tinycloud.xyz. */
+    registryUrl?: string | null;
+    /** Lowest-priority fallback HTTP host URLs or multiaddrs. Default hosted TinyCloud node. */
+    fallbackHosts?: string[] | null;
+    /** Custom fetch implementation. Defaults to globalThis.fetch. */
+    fetch?: typeof fetch;
+    /** Verify centralized/blockchain record signatures. Default true. */
+    verifyRecords?: boolean;
+}
+type LocationCandidateInput = string[] | LocationRecord | {
+    multiaddrs: string[];
+    record?: LocationRecord;
+};
+type LocationRecordSigner = {
+    type: "did:pkh";
+    signMessage(message: string): Promise<string>;
+} | {
+    type: "did:key";
+    signBytes(bytes: Uint8Array): Promise<Uint8Array>;
+};
+declare class LocationRecordValidationError extends Error {
+    constructor(message: string);
+}
+declare class CloudLocationResolutionError extends Error {
+    readonly attempts: LocationResolutionAttempt[];
+    constructor(subject: string, attempts: LocationResolutionAttempt[]);
+}
+declare function locationPayloadForRecord(record: LocationRecord): LocationRecordPayload;
+declare function canonicalLocationPayload(payload: LocationRecordPayload): string;
+declare function signLocationRecord(payload: LocationRecordPayload, signer: LocationRecordSigner): Promise<LocationRecord>;
+declare function validateLocationRecordPayload(input: unknown): LocationRecordPayload;
+declare function validateLocationRecord(input: unknown): LocationRecord;
+declare function verifyLocationRecord(input: LocationRecord): Promise<boolean>;
+declare function fetchLocationRecord(registryUrl: string, subject: string, fetchFn?: typeof fetch): Promise<LocationRecord | null>;
+declare function resolveCloudLocation(subject: string, options?: ResolveCloudLocationOptions): Promise<ResolvedCloudLocation>;
+declare function resolveTinyCloudHosts(subject: string, options?: ResolveTinyCloudHostsOptions): Promise<ResolvedTinyCloudHosts>;
+declare function multiaddrToHttpUrl(input: string): string;
+declare function httpUrlToMultiaddr(input: string): string;
+/**
+ * Default lifetimes for the various delegation shapes the SDK mints.
+ *
+ * The SDK has many delegation flows (session sign-in, runtime grants,
+ * share links, manifest installs, public-space sub-delegations, …) and
+ * each one used to pick its own number freehand. That made it hard to
+ * tell whether a chosen value was deliberate or copy-pasted, and made
+ * silent inconsistencies easy to ship.
+ *
+ * Every default below answers two questions:
+ *  - Who recovers if the delegation leaks? (re-auth, revocation, no one)
+ *  - Who is the principal at use time? (issuer, third party)
+ *
+ * The five tiers fall out of those answers. Pick a tier, not a number,
+ * when introducing a new delegation surface.
+ *
+ * @packageDocumentation
+ */
+declare const EXPIRY: {
+    readonly EPHEMERAL_MS: number;
+    readonly SESSION_MS: number;
+    readonly SHARE_MS: number;
+    readonly APP_MS: number;
+    readonly MAX_MS: number;
+};
+type ExpiryTier = keyof typeof EXPIRY;
+export { ACCOUNT_REGISTRY_PATH, ACCOUNT_REGISTRY_SPACE, type AbilitiesMap, AutoApproveSpaceCreationHandler, type AutoRejectStrategy, type AutoSignStrategy, type Bytes, type CallbackStrategy, type CapabilityEntry, CapabilityKeyRegistry, type CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, type ClientSession, ClientSessionSchema, CloudLocationResolutionError, type ComposeManifestOptions, type ComposedManifestRequest, type CreateDelegationFunction, type CreateDelegationParams, type CreateDelegationWasmParams, type CreateDelegationWasmResult, DEFAULT_DEFAULTS, DEFAULT_EXPIRY, DEFAULT_MANIFEST_SPACE, DEFAULT_MANIFEST_VERSION, DEFAULT_TINYCLOUD_FALLBACK_HOST, DEFAULT_TINYCLOUD_LOCATION_REGISTRY_URL, type DelegatedResource, type Delegation, type DelegationApiResponse, type DelegationChain, type DelegationChainV2, type DelegationDirection, type DelegationError, type DelegationErrorCode, DelegationErrorCodes, type DelegationFilters, DelegationManager, type DelegationManagerConfig, type DelegationRecord, type Result as DelegationResult, EXPIRY, type EncodedShareData, type EnsData, EnsDataSchema, type EventEmitterStrategy, type ExpiryTier, type Extension, type GenerateShareParams, type ICapabilityKeyRegistry, type IENSResolver, type INotificationHandler, type ISessionManager, type ISessionStorage, type ISharingService, type ISigner, type ISpace, type ISpaceCreationHandler, type ISpaceScopedDelegations, type ISpaceScopedSharing, type ISpaceService, type IUserAuthorization, type IWasmBindings, type IngestOptions, type JWK, type KeyInfo, type KeyProvider, type KeyType, type LocationCandidate, type LocationCandidateInput, type LocationRecord, type LocationRecordPayload, type LocationRecordSigner, LocationRecordValidationError, type LocationResolutionAttempt, type LocationSource, type Manifest, type ManifestDefaults, type ManifestRegistryRecord, type ManifestSecretActions, ManifestValidationError, type NodeInfo, type ParseRecapFromSiwe, type PartialSiweMessage, type PermissionEntry, PermissionNotInManifestError, type PersistedSessionData, type PersistedTinyCloudSession, ProtocolMismatchError, type ReceiveOptions, type ResolveCloudLocationOptions, type ResolveTinyCloudHostsOptions, type ResolvedCapabilities, type ResolvedCloudLocation, type ResolvedDelegate, type ResolvedTinyCloudHosts, type ResourceCapability, SERVICE_LONG_TO_SHORT, SERVICE_SHORT_TO_LONG, type ServerHost, SessionExpiredError, type ShareAccess, type ShareLink, type ShareLinkData, type ShareSchema, SharingService, type SharingServiceConfig, type SignCallback, type SignInOptions, type SignRequest, type SignResponse, type SignStrategy, SilentNotificationHandler, type SiweConfig, SiweConfigSchema, Space, type SpaceAbilitiesMap, type SpaceConfig, type SpaceCreationContext, type SpaceDelegationParams, type SpaceErrorCode, SpaceErrorCodes, type SpaceHostResult, type SpaceInfo, type SpaceOwnership, SpaceService, type SpaceServiceConfig, type StoredDelegationChain, type SubsetCheckResult, TinyCloud, type TinyCloudConfig, type TinyCloudSession, UnsupportedFeatureError, type UserAuthorizationConfig, VAULT_PERMISSION_SERVICE, type ValidationError, VersionCheckError, type WasmRecapEntry, activateSessionWithHost, applyPrefix, buildSpaceUri, canonicalLocationPayload, checkNodeInfo, composeManifestRequest, createCapabilityKeyRegistry, createSharingService, createSpaceService, defaultSignStrategy, defaultSpaceCreationHandler, expandActionShortNames, expandPermissionEntries, expandPermissionEntry, fetchLocationRecord, fetchPeerId, httpUrlToMultiaddr, isCapabilitySubset, loadManifest, locationPayloadForRecord, makePublicSpaceId, manifestAbilitiesUnion, multiaddrToHttpUrl, normalizeDefaults, parseExpiry, parseRecapCapabilities, parseSpaceUri, resolveCloudLocation, resolveManifest, resolveTinyCloudHosts, resourceCapabilitiesToAbilitiesMap, resourceCapabilitiesToSpaceAbilitiesMap, signLocationRecord, submitHostDelegation, validateClientSession, validateLocationRecord, validateLocationRecordPayload, validateManifest, validatePersistedSessionData, verifyLocationRecord };