npm - @tinycloud/sdk-core - Versions diffs - 2.2.0-beta.3 → 2.2.0-beta.6 - Mend

@tinycloud/sdk-core 2.2.0-beta.3 → 2.2.0-beta.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.cjs CHANGED Viewed

@@ -41,6 +41,8 @@ __export(index_exports, {
   DEFAULT_EXPIRY: () => DEFAULT_EXPIRY,
   DEFAULT_MANIFEST_SPACE: () => DEFAULT_MANIFEST_SPACE,
   DEFAULT_MANIFEST_VERSION: () => DEFAULT_MANIFEST_VERSION,
+  DEFAULT_TINYCLOUD_FALLBACK_HOST: () => DEFAULT_TINYCLOUD_FALLBACK_HOST,
+  DEFAULT_TINYCLOUD_LOCATION_REGISTRY_URL: () => DEFAULT_TINYCLOUD_LOCATION_REGISTRY_URL,
   DataVaultService: () => import_sdk_services4.DataVaultService,
   DatabaseHandle: () => import_sdk_services4.DatabaseHandle,
   DelegationErrorCodes: () => DelegationErrorCodes,
@@ -106,6 +108,7 @@ __export(index_exports, {
   parseSpaceUri: () => parseSpaceUri,
   resolveCloudLocation: () => resolveCloudLocation,
   resolveManifest: () => resolveManifest,
+  resolveTinyCloudHosts: () => resolveTinyCloudHosts,
   resourceCapabilitiesToAbilitiesMap: () => resourceCapabilitiesToAbilitiesMap,
   resourceCapabilitiesToSpaceAbilitiesMap: () => resourceCapabilitiesToSpaceAbilitiesMap,
   serviceError: () => import_sdk_services4.serviceError,
@@ -2786,12 +2789,6 @@ var DEFAULT_STANDARD_ENTRIES = [
     space: DEFAULT_MANIFEST_SPACE,
     path: "/",
     actions: ["read", "write"]
-  },
-  {
-    service: "tinycloud.capabilities",
-    space: DEFAULT_MANIFEST_SPACE,
-    path: "/",
-    actions: ["read"]
   }
 ];
 var DEFAULT_ADMIN_ENTRIES = [
@@ -2806,12 +2803,6 @@ var DEFAULT_ADMIN_ENTRIES = [
     space: DEFAULT_MANIFEST_SPACE,
     path: "/",
     actions: ["read", "write", "ddl"]
-  },
-  {
-    service: "tinycloud.capabilities",
-    space: DEFAULT_MANIFEST_SPACE,
-    path: "/",
-    actions: ["read", "admin"]
   }
 ];
 var DEFAULT_ALL_ENTRIES = [
@@ -2832,12 +2823,6 @@ var DEFAULT_ALL_ENTRIES = [
     space: DEFAULT_MANIFEST_SPACE,
     path: "/",
     actions: ["read", "write"]
-  },
-  {
-    service: "tinycloud.capabilities",
-    space: DEFAULT_MANIFEST_SPACE,
-    path: "/",
-    actions: ["read", "admin"]
   }
 ];
 function parseExpiry(duration) {
@@ -2987,7 +2972,8 @@ function defaultEntriesForTier(tier) {
     service: e.service,
     space: e.space,
     path: e.path,
-    actions: [...e.actions]
+    actions: [...e.actions],
+    ...e.skipPrefix !== void 0 ? { skipPrefix: e.skipPrefix } : {}
   }));
 }
 function resolveManifest(input) {
@@ -3000,8 +2986,8 @@ function resolveManifest(input) {
   const defaultEntries = defaultEntriesForTier(tier);
   const explicitEntries = manifest.permissions ?? [];
   const allEntries = [...defaultEntries, ...explicitEntries];
-  const resources = allEntries.map(
-    (entry) => resolveEntry(entry, prefix, expiryMs, space)
+  const resources = withCapabilitiesReadForSpaces(
+    allEntries.map((entry) => resolveEntry(entry, prefix, expiryMs, space))
   );
   const additionalDelegates = manifest.did === void 0 ? [] : [
     {
@@ -3084,6 +3070,24 @@ function dedupeResources(resources) {
   }
   return [...byKey.values()];
 }
+function capabilitiesReadPermission(space) {
+  return {
+    service: "tinycloud.capabilities",
+    space,
+    path: "",
+    actions: ["tinycloud.capabilities/read"]
+  };
+}
+function withCapabilitiesReadForSpaces(resources) {
+  if (resources.length === 0) {
+    return [];
+  }
+  const spaces = new Set(resources.map((resource) => resource.space));
+  return dedupeResources([
+    ...resources,
+    ...[...spaces].map(capabilitiesReadPermission)
+  ]);
+}
 function accountRegistryPermission() {
   return {
     service: "tinycloud.kv",
@@ -3111,6 +3115,7 @@ function composeManifestRequest(inputs, options = {}) {
   if (includeAccountRegistryPermissions) {
     resources.push(accountRegistryPermission());
   }
+  const resourcesWithImplicitCapabilities = withCapabilitiesReadForSpaces(resources);
   const manifestsByAppId = /* @__PURE__ */ new Map();
   for (const manifest of manifests) {
     const current = manifestsByAppId.get(manifest.app_id);
@@ -3130,7 +3135,7 @@ function composeManifestRequest(inputs, options = {}) {
   })) : [];
   return {
     manifests,
-    resources: dedupeResources(resources),
+    resources: resourcesWithImplicitCapabilities,
     delegationTargets,
     registryRecords,
     expiryMs: Math.max(...resolved.map((entry) => entry.expiryMs)),
@@ -4349,6 +4354,8 @@ var import_uri_to_multiaddr = require("@multiformats/uri-to-multiaddr");
 var import_ed25519 = require("@noble/curves/ed25519");
 var import_basics = require("multiformats/basics");
 var import_viem = require("viem");
+var DEFAULT_TINYCLOUD_LOCATION_REGISTRY_URL = "https://registry.tinycloud.xyz";
+var DEFAULT_TINYCLOUD_FALLBACK_HOST = "https://node.tinycloud.xyz";
 var LocationRecordValidationError = class extends Error {
   constructor(message) {
     super(`Location record validation failed: ${message}`);
@@ -4383,7 +4390,9 @@ function canonicalLocationPayload(payload) {
 async function signLocationRecord(payload, signer) {
   validateLocationRecordPayload(payload);
   const message = canonicalLocationPayload(payload);
-  const signature = signer.type === "did:pkh" ? await signer.signMessage(message) : base64UrlEncode2(await signer.signBytes(new TextEncoder().encode(message)));
+  const signature = signer.type === "did:pkh" ? await signer.signMessage(message) : base64UrlEncode2(
+    await signer.signBytes(new TextEncoder().encode(message))
+  );
   return { ...payload, signature };
 }
 function validateLocationRecordPayload(input) {
@@ -4397,7 +4406,9 @@ function validateLocationRecordPayload(input) {
   validateSubject(payload.subject);
   validateMultiaddrs(payload.multiaddrs);
   if (typeof payload.updated_at !== "string" || Number.isNaN(Date.parse(payload.updated_at))) {
-    throw new LocationRecordValidationError("updated_at must be an ISO timestamp");
+    throw new LocationRecordValidationError(
+      "updated_at must be an ISO timestamp"
+    );
   }
   if (typeof payload.sequence !== "number" || !Number.isSafeInteger(payload.sequence) || payload.sequence < 0) {
     throw new LocationRecordValidationError(
@@ -4416,7 +4427,9 @@ function validateLocationRecord(input) {
   const payload = validateLocationRecordPayload(input);
   const signature = input.signature;
   if (typeof signature !== "string" || signature.length === 0) {
-    throw new LocationRecordValidationError("signature must be a non-empty string");
+    throw new LocationRecordValidationError(
+      "signature must be a non-empty string"
+    );
   }
   return { ...payload, signature };
 }
@@ -4468,6 +4481,22 @@ async function resolveCloudLocation(subject, options = {}) {
     resolvedAt: (/* @__PURE__ */ new Date()).toISOString()
   };
 }
+async function resolveTinyCloudHosts(subject, options = {}) {
+  const location = await resolveCloudLocation(subject, {
+    explicitMultiaddrs: hostsToMultiaddrs(options.explicitHosts),
+    blockchain: options.blockchain,
+    centralizedRegistryUrl: options.registryUrl === null ? void 0 : options.registryUrl ?? DEFAULT_TINYCLOUD_LOCATION_REGISTRY_URL,
+    fallbackMultiaddrs: hostsToMultiaddrs(
+      options.fallbackHosts === null ? void 0 : options.fallbackHosts ?? [DEFAULT_TINYCLOUD_FALLBACK_HOST]
+    ),
+    fetch: options.fetch,
+    verifyRecords: options.verifyRecords
+  });
+  return {
+    hosts: location.multiaddrs.map((addr) => multiaddrToHttpUrl(addr)),
+    location
+  };
+}
 function multiaddrToHttpUrl(input) {
   const uri = (0, import_multiaddr_to_uri.multiaddrToUri)((0, import_multiaddr.multiaddr)(input));
   if (!uri.startsWith("http://") && !uri.startsWith("https://")) {
@@ -4484,6 +4513,14 @@ function httpUrlToMultiaddr(input) {
   }
   return (0, import_uri_to_multiaddr.uriToMultiaddr)(url.toString()).toString();
 }
+function hostsToMultiaddrs(hosts) {
+  if (hosts === void 0 || hosts.length === 0) {
+    return void 0;
+  }
+  return hosts.map(
+    (host) => host.startsWith("/") ? host : httpUrlToMultiaddr(host)
+  );
+}
 async function resolveExplicit(subject, multiaddrs) {
   return resolveAttempt("explicit", async () => {
     if (multiaddrs === void 0 || multiaddrs.length === 0) {
@@ -4497,7 +4534,12 @@ async function resolveBlockchain(subject, resolver, verifyRecords) {
     if (!resolver) {
       return null;
     }
-    return toCandidate(subject, "blockchain", await resolver(subject), verifyRecords);
+    return toCandidate(
+      subject,
+      "blockchain",
+      await resolver(subject),
+      verifyRecords
+    );
   });
 }
 async function resolveCentralized(subject, options, verifyRecords) {
@@ -4549,13 +4591,17 @@ async function toCandidate(subject, source, input, verifyRecord) {
       );
     }
     if (verifyRecord && !await verifyLocationRecord(record)) {
-      throw new LocationRecordValidationError("location record signature is invalid");
+      throw new LocationRecordValidationError(
+        "location record signature is invalid"
+      );
     }
     return { source, multiaddrs: [...record.multiaddrs], record };
   }
   const candidateInput = input;
   if (!Array.isArray(candidateInput.multiaddrs)) {
-    throw new LocationRecordValidationError("candidate multiaddrs must be an array");
+    throw new LocationRecordValidationError(
+      "candidate multiaddrs must be an array"
+    );
   }
   validateMultiaddrs(candidateInput.multiaddrs);
   if (candidateInput.record !== void 0) {
@@ -4566,7 +4612,9 @@ async function toCandidate(subject, source, input, verifyRecord) {
       );
     }
     if (verifyRecord && !await verifyLocationRecord(record)) {
-      throw new LocationRecordValidationError("location record signature is invalid");
+      throw new LocationRecordValidationError(
+        "location record signature is invalid"
+      );
     }
     return { source, multiaddrs: [...candidateInput.multiaddrs], record };
   }
@@ -4574,10 +4622,14 @@ async function toCandidate(subject, source, input, verifyRecord) {
 }
 function validateSubject(subject) {
   if (typeof subject !== "string" || subject.length === 0) {
-    throw new LocationRecordValidationError("subject must be a non-empty string");
+    throw new LocationRecordValidationError(
+      "subject must be a non-empty string"
+    );
   }
   if (!subject.startsWith("did:pkh:") && !subject.startsWith("did:key:")) {
-    throw new LocationRecordValidationError("subject must be did:pkh or did:key");
+    throw new LocationRecordValidationError(
+      "subject must be did:pkh or did:key"
+    );
   }
 }
 function validateMultiaddrs(input) {
@@ -4621,16 +4673,24 @@ function verifyDidKeySignature(did, payload, signature) {
       "did:key signature must be a base64url Ed25519 signature"
     );
   }
-  return import_ed25519.ed25519.verify(signatureBytes, new TextEncoder().encode(payload), publicKey);
+  return import_ed25519.ed25519.verify(
+    signatureBytes,
+    new TextEncoder().encode(payload),
+    publicKey
+  );
 }
 function ed25519PublicKeyFromDidKey(did) {
   const identifier = did.slice("did:key:".length);
   if (!identifier.startsWith("z")) {
-    throw new LocationRecordValidationError("did:key must use base58btc multibase");
+    throw new LocationRecordValidationError(
+      "did:key must use base58btc multibase"
+    );
   }
   const bytes = import_basics.bases.base58btc.decode(identifier);
   if (bytes.length !== 34 || bytes[0] !== 237 || bytes[1] !== 1) {
-    throw new LocationRecordValidationError("did:key must be an Ed25519 public key");
+    throw new LocationRecordValidationError(
+      "did:key must be an Ed25519 public key"
+    );
   }
   return bytes.slice(2);
 }
@@ -4801,6 +4861,8 @@ function parseRecapCapabilities(parseWasm, siwe) {
   DEFAULT_EXPIRY,
   DEFAULT_MANIFEST_SPACE,
   DEFAULT_MANIFEST_VERSION,
+  DEFAULT_TINYCLOUD_FALLBACK_HOST,
+  DEFAULT_TINYCLOUD_LOCATION_REGISTRY_URL,
   DataVaultService,
   DatabaseHandle,
   DelegationErrorCodes,
@@ -4866,6 +4928,7 @@ function parseRecapCapabilities(parseWasm, siwe) {
   parseSpaceUri,
   resolveCloudLocation,
   resolveManifest,
+  resolveTinyCloudHosts,
   resourceCapabilitiesToAbilitiesMap,
   resourceCapabilitiesToSpaceAbilitiesMap,
   serviceError,