@tinycloud/sdk-core 2.2.0-beta.6 → 2.2.0-beta.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.cjs +259 -7
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +93 -44
  4. package/dist/index.d.ts +93 -44
  5. package/dist/index.js +257 -8
  6. package/dist/index.js.map +1 -1
  7. package/package.json +2 -2
package/dist/index.d.cts CHANGED
@@ -1,6 +1,6 @@
1
1
  import { z } from 'zod';
2
2
  import { InvokeFunction, InvokeAnyFunction, ServiceError, Result as Result$1, ServiceSession, FetchFunction, ServiceConstructor, RetryPolicy, IServiceContext, IService, IKVService, ISQLService, IDuckDbService, IHooksService, IDataVaultService } from '@tinycloud/sdk-services';
3
- export { BatchOptions, BatchResponse, ColumnInfo, DataVaultConfig, DataVaultService, DatabaseHandle, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, ErrorCode, ErrorCodes, ExecuteOptions, ExecuteResponse, FetchFunction, HookEvent, HookServiceName, HookStreamEvent, HookSubscription, HookWebhookListOptions, HookWebhookRecord, HookWebhookRegistration, HookWebhookScope, HookWebhookUnregisterOptions, HooksService, HooksServiceConfig, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IHooksService, IKVService, IPrefixedKVService, ISQLService, IService, IServiceContext, InvokeAnyEntry, InvokeAnyFunction, InvokeFunction, KVDeleteOptions, KVGetOptions, KVHeadOptions, KVListOptions, KVListResponse, KVPutOptions, KVResponse, KVResponseHeaders, KVService, KVServiceConfig, PrefixedKVService, QueryOptions, QueryResponse, Result, RetryPolicy, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, ServiceContext, ServiceContextConfig, ServiceError, ServiceSession, SqlStatement, SqlValue, SubscribeOptions, TableInfo, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, ViewInfo, WasmVaultFunctions, createVaultCrypto, defaultRetryPolicy, err, ok, serviceError } from '@tinycloud/sdk-services';
3
+ export { BatchOptions, BatchResponse, ColumnInfo, DataVaultConfig, DataVaultService, DatabaseHandle, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, ErrorCode, ErrorCodes, ExecuteOptions, ExecuteResponse, FetchFunction, HookEvent, HookServiceName, HookStreamEvent, HookSubscription, HookWebhookListOptions, HookWebhookRecord, HookWebhookRegistration, HookWebhookScope, HookWebhookUnregisterOptions, HooksService, HooksServiceConfig, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IHooksService, IKVService, IPrefixedKVService, ISQLService, ISecretsService, IService, IServiceContext, InvokeAnyEntry, InvokeAnyFunction, InvokeFunction, KVDeleteOptions, KVGetOptions, KVHeadOptions, KVListOptions, KVListResponse, KVPutOptions, KVResponse, KVResponseHeaders, KVService, KVServiceConfig, PrefixedKVService, QueryOptions, QueryResponse, Result, RetryPolicy, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, SecretPayload, SecretsError, SecretsService, ServiceContext, ServiceContextConfig, ServiceError, ServiceSession, SqlStatement, SqlValue, SubscribeOptions, TableInfo, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, ViewInfo, WasmVaultFunctions, createVaultCrypto, defaultRetryPolicy, err, ok, serviceError } from '@tinycloud/sdk-services';
4
4
  export { SiweMessage } from 'siwe';
5
5
 
6
6
  /**
@@ -200,8 +200,9 @@ interface IENSResolver {
200
200
  * in their `manifest.json` and the shape we compare against when performing
201
201
  * the capability-subset derivability check in the delegation flow.
202
202
  *
203
- * `service` uses the long form (e.g. `"tinycloud.kv"`, `"tinycloud.sql"`)
204
- * which matches the ability-namespace half of the full action URN.
203
+ * `service` uses the long form (e.g. `"tinycloud.kv"`, `"tinycloud.sql"`).
204
+ * `"tinycloud.vault"` is an SDK-only shorthand that expands to the KV
205
+ * resources the vault service uses; it is never encoded as a recap service.
205
206
  */
206
207
  interface PermissionEntry {
207
208
  /** Service namespace, e.g. "tinycloud.kv", "tinycloud.sql", "tinycloud.duckdb", "tinycloud.capabilities". */
@@ -229,6 +230,11 @@ interface PermissionEntry {
229
230
  /** User/agent-facing context for why this permission is requested. */
230
231
  description?: string;
231
232
  }
233
+ type ManifestSecretActions = true | string | string[] | {
234
+ actions?: string | string[];
235
+ expiry?: string;
236
+ description?: string;
237
+ };
232
238
  /**
233
239
  * The valid values for `Manifest.defaults`.
234
240
  *
@@ -281,6 +287,11 @@ interface Manifest {
281
287
  * DuckDB (opt-in), or `skipPrefix: true` entries.
282
288
  */
283
289
  permissions?: PermissionEntry[];
290
+ /**
291
+ * Secret name shorthand. Entries resolve to encrypted vault KV resources in
292
+ * the `secrets` space.
293
+ */
294
+ secrets?: Record<string, ManifestSecretActions>;
284
295
  }
285
296
  /**
286
297
  * A resolved permission entry with fully-expanded paths and action URNs.
@@ -384,6 +395,8 @@ declare const DEFAULT_MANIFEST_SPACE = "applications";
384
395
  declare const ACCOUNT_REGISTRY_SPACE = "account";
385
396
  /** Account-space KV prefix used for installed-application registry records. */
386
397
  declare const ACCOUNT_REGISTRY_PATH = "applications/";
398
+ /** SDK-only permission service for encrypted vault resources. */
399
+ declare const VAULT_PERMISSION_SERVICE = "tinycloud.vault";
387
400
  /**
388
401
  * Known services and their short-form (recap URI) names. The TinyCloud
389
402
  * node encodes the recap resource URI with the short service name, while
@@ -414,6 +427,22 @@ declare function parseExpiry(duration: string): number;
414
427
  * → `["tinycloud.kv/get"]` (passed through unchanged)
415
428
  */
416
429
  declare function expandActionShortNames(service: string, actions: readonly string[]): string[];
430
+ /**
431
+ * Expand SDK virtual permission services into concrete recap-capable services.
432
+ *
433
+ * Today this handles `"tinycloud.vault"`, which is backed by KV resources:
434
+ * - read/get: `keys/<path>` + `vault/<path>` with `tinycloud.kv/get`
435
+ * - write/put: `keys/<path>` + `vault/<path>` with `tinycloud.kv/put`
436
+ * - delete/del: `keys/<path>` + `vault/<path>` with `tinycloud.kv/del`
437
+ * - list: `vault/<path>` with `tinycloud.kv/list`
438
+ * - head: `vault/<path>` with `tinycloud.kv/get`
439
+ * - metadata: `vault/<path>` with `tinycloud.kv/metadata`
440
+ */
441
+ declare function expandPermissionEntry(entry: PermissionEntry): PermissionEntry[];
442
+ /**
443
+ * Expand a list of permission entries using {@link expandPermissionEntry}.
444
+ */
445
+ declare function expandPermissionEntries(entries: readonly PermissionEntry[]): PermissionEntry[];
417
446
  /**
418
447
  * Apply the manifest prefix to a permission path per the spec rules.
419
448
  *
@@ -1303,11 +1332,11 @@ declare const DelegationSchema: z.ZodObject<{
1303
1332
  authHeader: z.ZodOptional<z.ZodString>;
1304
1333
  }, "strip", z.ZodTypeAny, {
1305
1334
  path: string;
1335
+ actions: string[];
1306
1336
  expiry: Date;
1307
1337
  spaceId: string;
1308
1338
  cid: string;
1309
1339
  delegateDID: string;
1310
- actions: string[];
1311
1340
  isRevoked: boolean;
1312
1341
  createdAt?: Date | undefined;
1313
1342
  delegatorDID?: string | undefined;
@@ -1316,11 +1345,11 @@ declare const DelegationSchema: z.ZodObject<{
1316
1345
  authHeader?: string | undefined;
1317
1346
  }, {
1318
1347
  path: string;
1348
+ actions: string[];
1319
1349
  expiry: Date;
1320
1350
  spaceId: string;
1321
1351
  cid: string;
1322
1352
  delegateDID: string;
1323
- actions: string[];
1324
1353
  isRevoked: boolean;
1325
1354
  createdAt?: Date | undefined;
1326
1355
  delegatorDID?: string | undefined;
@@ -1461,11 +1490,11 @@ declare const CapabilityEntrySchema: z.ZodObject<{
1461
1490
  authHeader: z.ZodOptional<z.ZodString>;
1462
1491
  }, "strip", z.ZodTypeAny, {
1463
1492
  path: string;
1493
+ actions: string[];
1464
1494
  expiry: Date;
1465
1495
  spaceId: string;
1466
1496
  cid: string;
1467
1497
  delegateDID: string;
1468
- actions: string[];
1469
1498
  isRevoked: boolean;
1470
1499
  createdAt?: Date | undefined;
1471
1500
  delegatorDID?: string | undefined;
@@ -1474,11 +1503,11 @@ declare const CapabilityEntrySchema: z.ZodObject<{
1474
1503
  authHeader?: string | undefined;
1475
1504
  }, {
1476
1505
  path: string;
1506
+ actions: string[];
1477
1507
  expiry: Date;
1478
1508
  spaceId: string;
1479
1509
  cid: string;
1480
1510
  delegateDID: string;
1481
- actions: string[];
1482
1511
  isRevoked: boolean;
1483
1512
  createdAt?: Date | undefined;
1484
1513
  delegatorDID?: string | undefined;
@@ -1510,11 +1539,11 @@ declare const CapabilityEntrySchema: z.ZodObject<{
1510
1539
  }[];
1511
1540
  delegation: {
1512
1541
  path: string;
1542
+ actions: string[];
1513
1543
  expiry: Date;
1514
1544
  spaceId: string;
1515
1545
  cid: string;
1516
1546
  delegateDID: string;
1517
- actions: string[];
1518
1547
  isRevoked: boolean;
1519
1548
  createdAt?: Date | undefined;
1520
1549
  delegatorDID?: string | undefined;
@@ -1547,11 +1576,11 @@ declare const CapabilityEntrySchema: z.ZodObject<{
1547
1576
  }[];
1548
1577
  delegation: {
1549
1578
  path: string;
1579
+ actions: string[];
1550
1580
  expiry: Date;
1551
1581
  spaceId: string;
1552
1582
  cid: string;
1553
1583
  delegateDID: string;
1554
- actions: string[];
1555
1584
  isRevoked: boolean;
1556
1585
  createdAt?: Date | undefined;
1557
1586
  delegatorDID?: string | undefined;
@@ -1594,10 +1623,10 @@ declare const DelegationRecordSchema: z.ZodObject<{
1594
1623
  parentCid: z.ZodOptional<z.ZodString>;
1595
1624
  }, "strip", z.ZodTypeAny, {
1596
1625
  path: string;
1626
+ actions: string[];
1597
1627
  spaceId: string;
1598
1628
  createdAt: Date;
1599
1629
  cid: string;
1600
- actions: string[];
1601
1630
  isRevoked: boolean;
1602
1631
  delegator: string;
1603
1632
  delegatee: string;
@@ -1607,10 +1636,10 @@ declare const DelegationRecordSchema: z.ZodObject<{
1607
1636
  keyId?: string | undefined;
1608
1637
  }, {
1609
1638
  path: string;
1639
+ actions: string[];
1610
1640
  spaceId: string;
1611
1641
  createdAt: Date;
1612
1642
  cid: string;
1613
- actions: string[];
1614
1643
  isRevoked: boolean;
1615
1644
  delegator: string;
1616
1645
  delegatee: string;
@@ -1638,15 +1667,15 @@ declare const CreateDelegationParamsSchema: z.ZodObject<{
1638
1667
  statement: z.ZodOptional<z.ZodString>;
1639
1668
  }, "strip", z.ZodTypeAny, {
1640
1669
  path: string;
1641
- delegateDID: string;
1642
1670
  actions: string[];
1671
+ delegateDID: string;
1643
1672
  statement?: string | undefined;
1644
1673
  expiry?: Date | undefined;
1645
1674
  disableSubDelegation?: boolean | undefined;
1646
1675
  }, {
1647
1676
  path: string;
1648
- delegateDID: string;
1649
1677
  actions: string[];
1678
+ delegateDID: string;
1650
1679
  statement?: string | undefined;
1651
1680
  expiry?: Date | undefined;
1652
1681
  disableSubDelegation?: boolean | undefined;
@@ -1682,11 +1711,11 @@ declare const DelegationChainSchema: z.ZodArray<z.ZodObject<{
1682
1711
  authHeader: z.ZodOptional<z.ZodString>;
1683
1712
  }, "strip", z.ZodTypeAny, {
1684
1713
  path: string;
1714
+ actions: string[];
1685
1715
  expiry: Date;
1686
1716
  spaceId: string;
1687
1717
  cid: string;
1688
1718
  delegateDID: string;
1689
- actions: string[];
1690
1719
  isRevoked: boolean;
1691
1720
  createdAt?: Date | undefined;
1692
1721
  delegatorDID?: string | undefined;
@@ -1695,11 +1724,11 @@ declare const DelegationChainSchema: z.ZodArray<z.ZodObject<{
1695
1724
  authHeader?: string | undefined;
1696
1725
  }, {
1697
1726
  path: string;
1727
+ actions: string[];
1698
1728
  expiry: Date;
1699
1729
  spaceId: string;
1700
1730
  cid: string;
1701
1731
  delegateDID: string;
1702
- actions: string[];
1703
1732
  isRevoked: boolean;
1704
1733
  createdAt?: Date | undefined;
1705
1734
  delegatorDID?: string | undefined;
@@ -1740,11 +1769,11 @@ declare const DelegationChainV2Schema: z.ZodObject<{
1740
1769
  authHeader: z.ZodOptional<z.ZodString>;
1741
1770
  }, "strip", z.ZodTypeAny, {
1742
1771
  path: string;
1772
+ actions: string[];
1743
1773
  expiry: Date;
1744
1774
  spaceId: string;
1745
1775
  cid: string;
1746
1776
  delegateDID: string;
1747
- actions: string[];
1748
1777
  isRevoked: boolean;
1749
1778
  createdAt?: Date | undefined;
1750
1779
  delegatorDID?: string | undefined;
@@ -1753,11 +1782,11 @@ declare const DelegationChainV2Schema: z.ZodObject<{
1753
1782
  authHeader?: string | undefined;
1754
1783
  }, {
1755
1784
  path: string;
1785
+ actions: string[];
1756
1786
  expiry: Date;
1757
1787
  spaceId: string;
1758
1788
  cid: string;
1759
1789
  delegateDID: string;
1760
- actions: string[];
1761
1790
  isRevoked: boolean;
1762
1791
  createdAt?: Date | undefined;
1763
1792
  delegatorDID?: string | undefined;
@@ -1793,11 +1822,11 @@ declare const DelegationChainV2Schema: z.ZodObject<{
1793
1822
  authHeader: z.ZodOptional<z.ZodString>;
1794
1823
  }, "strip", z.ZodTypeAny, {
1795
1824
  path: string;
1825
+ actions: string[];
1796
1826
  expiry: Date;
1797
1827
  spaceId: string;
1798
1828
  cid: string;
1799
1829
  delegateDID: string;
1800
- actions: string[];
1801
1830
  isRevoked: boolean;
1802
1831
  createdAt?: Date | undefined;
1803
1832
  delegatorDID?: string | undefined;
@@ -1806,11 +1835,11 @@ declare const DelegationChainV2Schema: z.ZodObject<{
1806
1835
  authHeader?: string | undefined;
1807
1836
  }, {
1808
1837
  path: string;
1838
+ actions: string[];
1809
1839
  expiry: Date;
1810
1840
  spaceId: string;
1811
1841
  cid: string;
1812
1842
  delegateDID: string;
1813
- actions: string[];
1814
1843
  isRevoked: boolean;
1815
1844
  createdAt?: Date | undefined;
1816
1845
  delegatorDID?: string | undefined;
@@ -1846,11 +1875,11 @@ declare const DelegationChainV2Schema: z.ZodObject<{
1846
1875
  authHeader: z.ZodOptional<z.ZodString>;
1847
1876
  }, "strip", z.ZodTypeAny, {
1848
1877
  path: string;
1878
+ actions: string[];
1849
1879
  expiry: Date;
1850
1880
  spaceId: string;
1851
1881
  cid: string;
1852
1882
  delegateDID: string;
1853
- actions: string[];
1854
1883
  isRevoked: boolean;
1855
1884
  createdAt?: Date | undefined;
1856
1885
  delegatorDID?: string | undefined;
@@ -1859,11 +1888,11 @@ declare const DelegationChainV2Schema: z.ZodObject<{
1859
1888
  authHeader?: string | undefined;
1860
1889
  }, {
1861
1890
  path: string;
1891
+ actions: string[];
1862
1892
  expiry: Date;
1863
1893
  spaceId: string;
1864
1894
  cid: string;
1865
1895
  delegateDID: string;
1866
- actions: string[];
1867
1896
  isRevoked: boolean;
1868
1897
  createdAt?: Date | undefined;
1869
1898
  delegatorDID?: string | undefined;
@@ -1874,11 +1903,11 @@ declare const DelegationChainV2Schema: z.ZodObject<{
1874
1903
  }, "strip", z.ZodTypeAny, {
1875
1904
  root: {
1876
1905
  path: string;
1906
+ actions: string[];
1877
1907
  expiry: Date;
1878
1908
  spaceId: string;
1879
1909
  cid: string;
1880
1910
  delegateDID: string;
1881
- actions: string[];
1882
1911
  isRevoked: boolean;
1883
1912
  createdAt?: Date | undefined;
1884
1913
  delegatorDID?: string | undefined;
@@ -1888,11 +1917,11 @@ declare const DelegationChainV2Schema: z.ZodObject<{
1888
1917
  };
1889
1918
  chain: {
1890
1919
  path: string;
1920
+ actions: string[];
1891
1921
  expiry: Date;
1892
1922
  spaceId: string;
1893
1923
  cid: string;
1894
1924
  delegateDID: string;
1895
- actions: string[];
1896
1925
  isRevoked: boolean;
1897
1926
  createdAt?: Date | undefined;
1898
1927
  delegatorDID?: string | undefined;
@@ -1902,11 +1931,11 @@ declare const DelegationChainV2Schema: z.ZodObject<{
1902
1931
  }[];
1903
1932
  leaf: {
1904
1933
  path: string;
1934
+ actions: string[];
1905
1935
  expiry: Date;
1906
1936
  spaceId: string;
1907
1937
  cid: string;
1908
1938
  delegateDID: string;
1909
- actions: string[];
1910
1939
  isRevoked: boolean;
1911
1940
  createdAt?: Date | undefined;
1912
1941
  delegatorDID?: string | undefined;
@@ -1917,11 +1946,11 @@ declare const DelegationChainV2Schema: z.ZodObject<{
1917
1946
  }, {
1918
1947
  root: {
1919
1948
  path: string;
1949
+ actions: string[];
1920
1950
  expiry: Date;
1921
1951
  spaceId: string;
1922
1952
  cid: string;
1923
1953
  delegateDID: string;
1924
- actions: string[];
1925
1954
  isRevoked: boolean;
1926
1955
  createdAt?: Date | undefined;
1927
1956
  delegatorDID?: string | undefined;
@@ -1931,11 +1960,11 @@ declare const DelegationChainV2Schema: z.ZodObject<{
1931
1960
  };
1932
1961
  chain: {
1933
1962
  path: string;
1963
+ actions: string[];
1934
1964
  expiry: Date;
1935
1965
  spaceId: string;
1936
1966
  cid: string;
1937
1967
  delegateDID: string;
1938
- actions: string[];
1939
1968
  isRevoked: boolean;
1940
1969
  createdAt?: Date | undefined;
1941
1970
  delegatorDID?: string | undefined;
@@ -1945,11 +1974,11 @@ declare const DelegationChainV2Schema: z.ZodObject<{
1945
1974
  }[];
1946
1975
  leaf: {
1947
1976
  path: string;
1977
+ actions: string[];
1948
1978
  expiry: Date;
1949
1979
  spaceId: string;
1950
1980
  cid: string;
1951
1981
  delegateDID: string;
1952
- actions: string[];
1953
1982
  isRevoked: boolean;
1954
1983
  createdAt?: Date | undefined;
1955
1984
  delegatorDID?: string | undefined;
@@ -2033,15 +2062,15 @@ declare const SpaceInfoSchema: z.ZodObject<{
2033
2062
  type: "owned" | "delegated";
2034
2063
  id: string;
2035
2064
  owner: string;
2036
- expiresAt?: Date | undefined;
2037
2065
  name?: string | undefined;
2066
+ expiresAt?: Date | undefined;
2038
2067
  permissions?: string[] | undefined;
2039
2068
  }, {
2040
2069
  type: "owned" | "delegated";
2041
2070
  id: string;
2042
2071
  owner: string;
2043
- expiresAt?: Date | undefined;
2044
2072
  name?: string | undefined;
2073
+ expiresAt?: Date | undefined;
2045
2074
  permissions?: string[] | undefined;
2046
2075
  }>;
2047
2076
  type SpaceInfo = z.infer<typeof SpaceInfoSchema>;
@@ -2086,11 +2115,11 @@ declare const ShareLinkSchema: z.ZodObject<{
2086
2115
  authHeader: z.ZodOptional<z.ZodString>;
2087
2116
  }, "strip", z.ZodTypeAny, {
2088
2117
  path: string;
2118
+ actions: string[];
2089
2119
  expiry: Date;
2090
2120
  spaceId: string;
2091
2121
  cid: string;
2092
2122
  delegateDID: string;
2093
- actions: string[];
2094
2123
  isRevoked: boolean;
2095
2124
  createdAt?: Date | undefined;
2096
2125
  delegatorDID?: string | undefined;
@@ -2099,11 +2128,11 @@ declare const ShareLinkSchema: z.ZodObject<{
2099
2128
  authHeader?: string | undefined;
2100
2129
  }, {
2101
2130
  path: string;
2131
+ actions: string[];
2102
2132
  expiry: Date;
2103
2133
  spaceId: string;
2104
2134
  cid: string;
2105
2135
  delegateDID: string;
2106
- actions: string[];
2107
2136
  isRevoked: boolean;
2108
2137
  createdAt?: Date | undefined;
2109
2138
  delegatorDID?: string | undefined;
@@ -2121,11 +2150,11 @@ declare const ShareLinkSchema: z.ZodObject<{
2121
2150
  url: string;
2122
2151
  delegation: {
2123
2152
  path: string;
2153
+ actions: string[];
2124
2154
  expiry: Date;
2125
2155
  spaceId: string;
2126
2156
  cid: string;
2127
2157
  delegateDID: string;
2128
- actions: string[];
2129
2158
  isRevoked: boolean;
2130
2159
  createdAt?: Date | undefined;
2131
2160
  delegatorDID?: string | undefined;
@@ -2141,11 +2170,11 @@ declare const ShareLinkSchema: z.ZodObject<{
2141
2170
  url: string;
2142
2171
  delegation: {
2143
2172
  path: string;
2173
+ actions: string[];
2144
2174
  expiry: Date;
2145
2175
  spaceId: string;
2146
2176
  cid: string;
2147
2177
  delegateDID: string;
2148
- actions: string[];
2149
2178
  isRevoked: boolean;
2150
2179
  createdAt?: Date | undefined;
2151
2180
  delegatorDID?: string | undefined;
@@ -2211,16 +2240,16 @@ declare const GenerateShareParamsSchema: z.ZodObject<{
2211
2240
  baseUrl: z.ZodOptional<z.ZodString>;
2212
2241
  }, "strip", z.ZodTypeAny, {
2213
2242
  path: string;
2214
- description?: string | undefined;
2215
- expiry?: Date | undefined;
2216
2243
  actions?: string[] | undefined;
2244
+ expiry?: Date | undefined;
2245
+ description?: string | undefined;
2217
2246
  schema?: "base64" | "compact" | "ipfs" | undefined;
2218
2247
  baseUrl?: string | undefined;
2219
2248
  }, {
2220
2249
  path: string;
2221
- description?: string | undefined;
2222
- expiry?: Date | undefined;
2223
2250
  actions?: string[] | undefined;
2251
+ expiry?: Date | undefined;
2252
+ description?: string | undefined;
2224
2253
  schema?: "base64" | "compact" | "ipfs" | undefined;
2225
2254
  baseUrl?: string | undefined;
2226
2255
  }>;
@@ -2318,14 +2347,14 @@ declare const DelegatedResourceSchema: z.ZodObject<{
2318
2347
  actions: z.ZodArray<z.ZodString, "many">;
2319
2348
  }, "strip", z.ZodTypeAny, {
2320
2349
  path: string;
2350
+ actions: string[];
2321
2351
  space: string;
2322
2352
  service: string;
2323
- actions: string[];
2324
2353
  }, {
2325
2354
  path: string;
2355
+ actions: string[];
2326
2356
  space: string;
2327
2357
  service: string;
2328
- actions: string[];
2329
2358
  }>;
2330
2359
  type DelegatedResource = z.infer<typeof DelegatedResourceSchema>;
2331
2360
  /**
@@ -2416,21 +2445,21 @@ declare const CreateDelegationWasmResultSchema: z.ZodObject<{
2416
2445
  actions: z.ZodArray<z.ZodString, "many">;
2417
2446
  }, "strip", z.ZodTypeAny, {
2418
2447
  path: string;
2448
+ actions: string[];
2419
2449
  space: string;
2420
2450
  service: string;
2421
- actions: string[];
2422
2451
  }, {
2423
2452
  path: string;
2453
+ actions: string[];
2424
2454
  space: string;
2425
2455
  service: string;
2426
- actions: string[];
2427
2456
  }>, "many">;
2428
2457
  }, "strip", z.ZodTypeAny, {
2429
2458
  resources: {
2430
2459
  path: string;
2460
+ actions: string[];
2431
2461
  space: string;
2432
2462
  service: string;
2433
- actions: string[];
2434
2463
  }[];
2435
2464
  expiry: Date;
2436
2465
  delegation: string;
@@ -2439,9 +2468,9 @@ declare const CreateDelegationWasmResultSchema: z.ZodObject<{
2439
2468
  }, {
2440
2469
  resources: {
2441
2470
  path: string;
2471
+ actions: string[];
2442
2472
  space: string;
2443
2473
  service: string;
2444
- actions: string[];
2445
2474
  }[];
2446
2475
  expiry: Date;
2447
2476
  delegation: string;
@@ -4013,6 +4042,10 @@ interface ISpace {
4013
4042
  * KV operations scoped to this space.
4014
4043
  */
4015
4044
  readonly kv: IKVService;
4045
+ /**
4046
+ * Data Vault operations scoped to this space.
4047
+ */
4048
+ readonly vault: IDataVaultService;
4016
4049
  /**
4017
4050
  * Delegation operations scoped to this space.
4018
4051
  */
@@ -4042,6 +4075,10 @@ interface SpaceConfig {
4042
4075
  * Factory function to create a space-scoped KV service.
4043
4076
  */
4044
4077
  createKV: (spaceId: string) => IKVService;
4078
+ /**
4079
+ * Factory function to create a space-scoped Data Vault service.
4080
+ */
4081
+ createVault: (spaceId: string) => IDataVaultService;
4045
4082
  /**
4046
4083
  * Factory function to create space-scoped delegations.
4047
4084
  */
@@ -4081,6 +4118,7 @@ declare class Space implements ISpace {
4081
4118
  private readonly _id;
4082
4119
  private readonly _name;
4083
4120
  private readonly _kv;
4121
+ private readonly _vault;
4084
4122
  private readonly _delegations;
4085
4123
  private readonly _sharing;
4086
4124
  private readonly _getInfo;
@@ -4102,6 +4140,10 @@ declare class Space implements ISpace {
4102
4140
  * KV operations scoped to this space.
4103
4141
  */
4104
4142
  get kv(): IKVService;
4143
+ /**
4144
+ * Data Vault operations scoped to this space.
4145
+ */
4146
+ get vault(): IDataVaultService;
4105
4147
  /**
4106
4148
  * Delegation operations scoped to this space.
4107
4149
  */
@@ -4177,6 +4219,8 @@ interface SpaceServiceConfig {
4177
4219
  capabilityRegistry?: ICapabilityKeyRegistry;
4178
4220
  /** Factory function to create a space-scoped KV service */
4179
4221
  createKVService?: (spaceId: string) => IKVService;
4222
+ /** Factory function to create a space-scoped Data Vault service */
4223
+ createVaultService?: (spaceId: string) => IDataVaultService;
4180
4224
  /** User's PKH DID (derived from address or provided explicitly) */
4181
4225
  userDid?: string;
4182
4226
  /** Optional SharingService for v2 sharing links (client-side) */
@@ -4303,6 +4347,7 @@ declare class SpaceService implements ISpaceService {
4303
4347
  private fetchFn;
4304
4348
  private capabilityRegistry?;
4305
4349
  private createKVServiceFn?;
4350
+ private createVaultServiceFn?;
4306
4351
  private _userDid?;
4307
4352
  private sharingService?;
4308
4353
  private createDelegationFn?;
@@ -4385,6 +4430,10 @@ declare class SpaceService implements ISpaceService {
4385
4430
  * Create a space-scoped KV service.
4386
4431
  */
4387
4432
  private createSpaceScopedKV;
4433
+ /**
4434
+ * Create a space-scoped Data Vault service.
4435
+ */
4436
+ private createSpaceScopedVault;
4388
4437
  /**
4389
4438
  * Create space-scoped delegation operations.
4390
4439
  */
@@ -4536,4 +4585,4 @@ declare function resolveTinyCloudHosts(subject: string, options?: ResolveTinyClo
4536
4585
  declare function multiaddrToHttpUrl(input: string): string;
4537
4586
  declare function httpUrlToMultiaddr(input: string): string;
4538
4587
 
4539
- export { ACCOUNT_REGISTRY_PATH, ACCOUNT_REGISTRY_SPACE, type AbilitiesMap, AutoApproveSpaceCreationHandler, type AutoRejectStrategy, type AutoSignStrategy, type Bytes, type CallbackStrategy, type CapabilityEntry, CapabilityKeyRegistry, type CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, type ClientSession, ClientSessionSchema, CloudLocationResolutionError, type ComposeManifestOptions, type ComposedManifestRequest, type CreateDelegationFunction, type CreateDelegationParams, type CreateDelegationWasmParams, type CreateDelegationWasmResult, DEFAULT_DEFAULTS, DEFAULT_EXPIRY, DEFAULT_MANIFEST_SPACE, DEFAULT_MANIFEST_VERSION, DEFAULT_TINYCLOUD_FALLBACK_HOST, DEFAULT_TINYCLOUD_LOCATION_REGISTRY_URL, type DelegatedResource, type Delegation, type DelegationApiResponse, type DelegationChain, type DelegationChainV2, type DelegationDirection, type DelegationError, type DelegationErrorCode, DelegationErrorCodes, type DelegationFilters, DelegationManager, type DelegationManagerConfig, type DelegationRecord, type Result as DelegationResult, type EncodedShareData, type EnsData, EnsDataSchema, type EventEmitterStrategy, type Extension, type GenerateShareParams, type ICapabilityKeyRegistry, type IENSResolver, type INotificationHandler, type ISessionManager, type ISessionStorage, type ISharingService, type ISigner, type ISpace, type ISpaceCreationHandler, type ISpaceScopedDelegations, type ISpaceScopedSharing, type ISpaceService, type IUserAuthorization, type IWasmBindings, type IngestOptions, type JWK, type KeyInfo, type KeyProvider, type KeyType, type LocationCandidate, type LocationCandidateInput, type LocationRecord, type LocationRecordPayload, type LocationRecordSigner, LocationRecordValidationError, type LocationResolutionAttempt, type LocationSource, type Manifest, type ManifestDefaults, type ManifestRegistryRecord, ManifestValidationError, type NodeInfo, type ParseRecapFromSiwe, type PartialSiweMessage, type PermissionEntry, PermissionNotInManifestError, type PersistedSessionData, type PersistedTinyCloudSession, ProtocolMismatchError, type ReceiveOptions, type ResolveCloudLocationOptions, type ResolveTinyCloudHostsOptions, type ResolvedCapabilities, type ResolvedCloudLocation, type ResolvedDelegate, type ResolvedTinyCloudHosts, type ResourceCapability, SERVICE_LONG_TO_SHORT, SERVICE_SHORT_TO_LONG, type ServerHost, SessionExpiredError, type ShareAccess, type ShareLink, type ShareLinkData, type ShareSchema, SharingService, type SharingServiceConfig, type SignCallback, type SignInOptions, type SignRequest, type SignResponse, type SignStrategy, SilentNotificationHandler, type SiweConfig, SiweConfigSchema, Space, type SpaceAbilitiesMap, type SpaceConfig, type SpaceCreationContext, type SpaceDelegationParams, type SpaceErrorCode, SpaceErrorCodes, type SpaceHostResult, type SpaceInfo, type SpaceOwnership, SpaceService, type SpaceServiceConfig, type StoredDelegationChain, type SubsetCheckResult, TinyCloud, type TinyCloudConfig, type TinyCloudSession, UnsupportedFeatureError, type UserAuthorizationConfig, type ValidationError, VersionCheckError, type WasmRecapEntry, activateSessionWithHost, applyPrefix, buildSpaceUri, canonicalLocationPayload, checkNodeInfo, composeManifestRequest, createCapabilityKeyRegistry, createSharingService, createSpaceService, defaultSignStrategy, defaultSpaceCreationHandler, expandActionShortNames, fetchLocationRecord, fetchPeerId, httpUrlToMultiaddr, isCapabilitySubset, loadManifest, locationPayloadForRecord, makePublicSpaceId, manifestAbilitiesUnion, multiaddrToHttpUrl, normalizeDefaults, parseExpiry, parseRecapCapabilities, parseSpaceUri, resolveCloudLocation, resolveManifest, resolveTinyCloudHosts, resourceCapabilitiesToAbilitiesMap, resourceCapabilitiesToSpaceAbilitiesMap, signLocationRecord, submitHostDelegation, validateClientSession, validateLocationRecord, validateLocationRecordPayload, validateManifest, validatePersistedSessionData, verifyLocationRecord };
4588
+ export { ACCOUNT_REGISTRY_PATH, ACCOUNT_REGISTRY_SPACE, type AbilitiesMap, AutoApproveSpaceCreationHandler, type AutoRejectStrategy, type AutoSignStrategy, type Bytes, type CallbackStrategy, type CapabilityEntry, CapabilityKeyRegistry, type CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, type ClientSession, ClientSessionSchema, CloudLocationResolutionError, type ComposeManifestOptions, type ComposedManifestRequest, type CreateDelegationFunction, type CreateDelegationParams, type CreateDelegationWasmParams, type CreateDelegationWasmResult, DEFAULT_DEFAULTS, DEFAULT_EXPIRY, DEFAULT_MANIFEST_SPACE, DEFAULT_MANIFEST_VERSION, DEFAULT_TINYCLOUD_FALLBACK_HOST, DEFAULT_TINYCLOUD_LOCATION_REGISTRY_URL, type DelegatedResource, type Delegation, type DelegationApiResponse, type DelegationChain, type DelegationChainV2, type DelegationDirection, type DelegationError, type DelegationErrorCode, DelegationErrorCodes, type DelegationFilters, DelegationManager, type DelegationManagerConfig, type DelegationRecord, type Result as DelegationResult, type EncodedShareData, type EnsData, EnsDataSchema, type EventEmitterStrategy, type Extension, type GenerateShareParams, type ICapabilityKeyRegistry, type IENSResolver, type INotificationHandler, type ISessionManager, type ISessionStorage, type ISharingService, type ISigner, type ISpace, type ISpaceCreationHandler, type ISpaceScopedDelegations, type ISpaceScopedSharing, type ISpaceService, type IUserAuthorization, type IWasmBindings, type IngestOptions, type JWK, type KeyInfo, type KeyProvider, type KeyType, type LocationCandidate, type LocationCandidateInput, type LocationRecord, type LocationRecordPayload, type LocationRecordSigner, LocationRecordValidationError, type LocationResolutionAttempt, type LocationSource, type Manifest, type ManifestDefaults, type ManifestRegistryRecord, type ManifestSecretActions, ManifestValidationError, type NodeInfo, type ParseRecapFromSiwe, type PartialSiweMessage, type PermissionEntry, PermissionNotInManifestError, type PersistedSessionData, type PersistedTinyCloudSession, ProtocolMismatchError, type ReceiveOptions, type ResolveCloudLocationOptions, type ResolveTinyCloudHostsOptions, type ResolvedCapabilities, type ResolvedCloudLocation, type ResolvedDelegate, type ResolvedTinyCloudHosts, type ResourceCapability, SERVICE_LONG_TO_SHORT, SERVICE_SHORT_TO_LONG, type ServerHost, SessionExpiredError, type ShareAccess, type ShareLink, type ShareLinkData, type ShareSchema, SharingService, type SharingServiceConfig, type SignCallback, type SignInOptions, type SignRequest, type SignResponse, type SignStrategy, SilentNotificationHandler, type SiweConfig, SiweConfigSchema, Space, type SpaceAbilitiesMap, type SpaceConfig, type SpaceCreationContext, type SpaceDelegationParams, type SpaceErrorCode, SpaceErrorCodes, type SpaceHostResult, type SpaceInfo, type SpaceOwnership, SpaceService, type SpaceServiceConfig, type StoredDelegationChain, type SubsetCheckResult, TinyCloud, type TinyCloudConfig, type TinyCloudSession, UnsupportedFeatureError, type UserAuthorizationConfig, VAULT_PERMISSION_SERVICE, type ValidationError, VersionCheckError, type WasmRecapEntry, activateSessionWithHost, applyPrefix, buildSpaceUri, canonicalLocationPayload, checkNodeInfo, composeManifestRequest, createCapabilityKeyRegistry, createSharingService, createSpaceService, defaultSignStrategy, defaultSpaceCreationHandler, expandActionShortNames, expandPermissionEntries, expandPermissionEntry, fetchLocationRecord, fetchPeerId, httpUrlToMultiaddr, isCapabilitySubset, loadManifest, locationPayloadForRecord, makePublicSpaceId, manifestAbilitiesUnion, multiaddrToHttpUrl, normalizeDefaults, parseExpiry, parseRecapCapabilities, parseSpaceUri, resolveCloudLocation, resolveManifest, resolveTinyCloudHosts, resourceCapabilitiesToAbilitiesMap, resourceCapabilitiesToSpaceAbilitiesMap, signLocationRecord, submitHostDelegation, validateClientSession, validateLocationRecord, validateLocationRecordPayload, validateManifest, validatePersistedSessionData, verifyLocationRecord };