npm - @tinycloud/sdk-core - Versions diffs - 2.2.0-beta.7 → 2.2.0 - Mend

@tinycloud/sdk-core 2.2.0-beta.7 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { z } from 'zod';
-import { InvokeFunction, InvokeAnyFunction, ServiceError, Result as Result$1, ServiceSession, FetchFunction, ServiceConstructor, RetryPolicy, IServiceContext, IService, IKVService, ISQLService, IDuckDbService, IHooksService, IDataVaultService } from '@tinycloud/sdk-services';
-export { BatchOptions, BatchResponse, ColumnInfo, DataVaultConfig, DataVaultService, DatabaseHandle, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, ErrorCode, ErrorCodes, ExecuteOptions, ExecuteResponse, FetchFunction, HookEvent, HookServiceName, HookStreamEvent, HookSubscription, HookWebhookListOptions, HookWebhookRecord, HookWebhookRegistration, HookWebhookScope, HookWebhookUnregisterOptions, HooksService, HooksServiceConfig, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IHooksService, IKVService, IPrefixedKVService, ISQLService, ISecretsService, IService, IServiceContext, InvokeAnyEntry, InvokeAnyFunction, InvokeFunction, KVDeleteOptions, KVGetOptions, KVHeadOptions, KVListOptions, KVListResponse, KVPutOptions, KVResponse, KVResponseHeaders, KVService, KVServiceConfig, PrefixedKVService, QueryOptions, QueryResponse, Result, RetryPolicy, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, SecretPayload, SecretsError, SecretsService, ServiceContext, ServiceContextConfig, ServiceError, ServiceSession, SqlStatement, SqlValue, SubscribeOptions, TableInfo, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, ViewInfo, WasmVaultFunctions, createVaultCrypto, defaultRetryPolicy, err, ok, serviceError } from '@tinycloud/sdk-services';
+import { InvokeFunction, InvokeAnyFunction, ServiceError, Result as Result$1, ServiceSession, FetchFunction, ServiceConstructor, RetryPolicy, IServiceContext, IService, IKVService, ISQLService, IDuckDbService, IHooksService, IDataVaultService, IEncryptionService } from '@tinycloud/sdk-services';
+export { BatchOptions, BatchResponse, BuildCanonicalDecryptRequestInput, BuildDecryptFactsInput, BuildDecryptInvocationInput, BuiltDecryptInvocation, CanonicalDecryptRequest, CanonicalJson, ColumnInfo, DECRYPT_ACTION, DECRYPT_FACT_TYPE, DECRYPT_RESULT_TYPE, DEFAULT_ENCRYPTION_ALG, DEFAULT_KEY_VERSION, DataVaultConfig, DataVaultService, DatabaseHandle, DecryptCapabilityProof, DecryptEnvelopeOptions, DecryptInvocationFact, DecryptInvocationSigner, DecryptRequestBody, DecryptResponseBody, DecryptTransport, DiscoverNetworkInput, DiscoveredNetwork, DiscoverySource, DuckDbAction, DuckDbActionType, DuckDbBatchOptions, DuckDbBatchResponse, DuckDbDatabaseHandle, DuckDbExecuteOptions, DuckDbExecuteResponse, DuckDbOptions, DuckDbQueryOptions, DuckDbQueryResponse, DuckDbService, DuckDbServiceConfig, DuckDbStatement, DuckDbValue, ENCRYPTION_NETWORK_URN_PREFIX, ENCRYPTION_SERVICE, ENCRYPTION_SERVICE_SHORT, ENVELOPE_VERSION, EncryptToNetworkInput, EncryptToNetworkOptions, EncryptToNetworkResult, EncryptionCrypto, EncryptionError, EncryptionErrorInput, EncryptionService, EncryptionServiceConfig, ErrorCode, ErrorCodes, ExecuteOptions, ExecuteResponse, FetchFunction, HookEvent, HookServiceName, HookStreamEvent, HookSubscription, HookWebhookListOptions, HookWebhookRecord, HookWebhookRegistration, HookWebhookScope, HookWebhookUnregisterOptions, HooksService, HooksServiceConfig, IDataVaultService, IDatabaseHandle, IDuckDbDatabaseHandle, IDuckDbService, IEncryptionService, IHooksService, IKVService, IPrefixedKVService, ISQLService, ISecretsService, IService, IServiceContext, InlineEncryptedEnvelope, InvokeAnyEntry, InvokeAnyFunction, InvokeFunction, KVCreateSignedReadUrlOptions, KVDeleteOptions, KVGetOptions, KVHeadOptions, KVListOptions, KVListResponse, KVPutOptions, KVResponse, KVResponseHeaders, KVService, KVServiceConfig, KVSignedReadUrlResponse, NETWORK_NAME_PATTERN, NetworkDescriptor, NetworkIdError, NodeDescriptorFetcher, ParsedNetworkId, PrefixedKVService, QueryOptions, QueryResponse, RandomReceiverKeyInput, ReceiverKeyPair, ReceiverKeySigner, ResolvedSecretPath, Result, RetryPolicy, SECRET_NAME_RE, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SchemaInfo, SecretPayload, SecretScopeOptions, SecretsError, SecretsService, ServiceContext, ServiceContextConfig, ServiceError, ServiceSession, SignedReceiverKeyInput, SqlStatement, SqlValue, SubscribeOptions, TableInfo, VaultCrypto, VaultEntry, VaultError, VaultGetOptions, VaultGrantOptions, VaultHeaders, VaultListOptions, VaultPublicSpaceKVActions, VaultPutOptions, VerifyDecryptResponseInput, ViewInfo, WasmVaultFunctions, WellKnownDescriptorFetcher, buildCanonicalDecryptRequest, buildDecryptAttenuation, buildDecryptFacts, buildDecryptInvocation, buildNetworkId, canonicalHashHex, canonicalSignedResponse, canonicalizeEncryptionJson, canonicalizeSecretScope, checkDecryptInvocationInput, createVaultCrypto, decryptEnvelopeWithKey, defaultRetryPolicy, deriveSignedReceiverKey, discoverNetwork, encryptToNetwork, base64Decode as encryptionBase64Decode, base64Encode as encryptionBase64Encode, encryptionError, utf8Decode as encryptionUtf8Decode, utf8Encode as encryptionUtf8Encode, ensureNetworkUsableForDecrypt, err, generateRandomReceiverKey, hexDecode, hexEncode, isNetworkId, networkDiscoveryKey, ok, openWrappedKey, parseNetworkId, resolveSecretListPrefix, resolveSecretPath, serviceError, validateEnvelope, verifyDecryptResponse } from '@tinycloud/sdk-services';
 export { SiweMessage } from 'siwe';
 /**
@@ -200,8 +200,9 @@ interface IENSResolver {
  * in their `manifest.json` and the shape we compare against when performing
  * the capability-subset derivability check in the delegation flow.
  *
- * `service` uses the long form (e.g. `"tinycloud.kv"`, `"tinycloud.sql"`)
- * which matches the ability-namespace half of the full action URN.
+ * `service` uses the long form (e.g. `"tinycloud.kv"`, `"tinycloud.sql"`).
+ * `"tinycloud.vault"` is an SDK-only shorthand that expands to the KV
+ * resources the vault service uses; it is never encoded as a recap service.
  */
 interface PermissionEntry {
     /** Service namespace, e.g. "tinycloud.kv", "tinycloud.sql", "tinycloud.duckdb", "tinycloud.capabilities". */
@@ -230,6 +231,10 @@ interface PermissionEntry {
     description?: string;
 }
 type ManifestSecretActions = true | string | string[] | {
+    /** Actual vault secret name. Defaults to the manifest object key. */
+    name?: string;
+    /** Optional scoped secret namespace. Omit for global secrets. */
+    scope?: string;
     actions?: string | string[];
     expiry?: string;
     description?: string;
@@ -379,7 +384,12 @@ declare class ManifestValidationError extends Error {
 }
 /**
  * Default expiry when neither the manifest, delegation, nor permission
- * specifies one. Spec: 30 days.
+ * specifies one. APP tier — see `expiry.ts`. Spec: 30 days.
+ *
+ * Kept as an ms-format string because the manifest schema stores expiry
+ * as a string and the parser is shared between this default and
+ * caller-provided values; converting `EXPIRY.APP_MS` back to a string
+ * here would duplicate that same `30d` literal in another form.
  */
 declare const DEFAULT_EXPIRY = "30d";
 /**
@@ -394,6 +404,8 @@ declare const DEFAULT_MANIFEST_SPACE = "applications";
 declare const ACCOUNT_REGISTRY_SPACE = "account";
 /** Account-space KV prefix used for installed-application registry records. */
 declare const ACCOUNT_REGISTRY_PATH = "applications/";
+/** SDK-only permission service for encrypted vault resources. */
+declare const VAULT_PERMISSION_SERVICE = "tinycloud.vault";
 /**
  * Known services and their short-form (recap URI) names. The TinyCloud
  * node encodes the recap resource URI with the short service name, while
@@ -401,6 +413,22 @@ declare const ACCOUNT_REGISTRY_PATH = "applications/";
  * This table is the canonical bridge between the two.
  */
 declare const SERVICE_SHORT_TO_LONG: Readonly<Record<string, string>>;
+/**
+ * Manifest service identifier for TinyCloud encryption network grants.
+ *
+ * Encryption permissions live on a network id URN
+ * (`urn:tinycloud:encryption:<principal>:<network>`), not on a space.
+ * The `path` field is the literal networkId; `actions` are
+ * `["decrypt"]` (expanded to `["tinycloud.encryption/decrypt"]`).
+ *
+ * Apps should omit `space` for encryption permissions. The SDK may emit
+ * an internal `"encryption"` compatibility label after expansion so the
+ * older `PermissionEntry`/`ResourceCapability` shape can still carry the
+ * raw network URN through subset checks.
+ */
+declare const ENCRYPTION_PERMISSION_SERVICE = "tinycloud.encryption";
+/** Synthetic space label used by encryption manifest entries. */
+declare const ENCRYPTION_MANIFEST_SPACE = "encryption";
 /**
  * Inverse of {@link SERVICE_SHORT_TO_LONG}.
  */
@@ -424,6 +452,23 @@ declare function parseExpiry(duration: string): number;
  *     → `["tinycloud.kv/get"]` (passed through unchanged)
  */
 declare function expandActionShortNames(service: string, actions: readonly string[]): string[];
+/**
+ * Expand SDK virtual permission services into concrete recap-capable services.
+ *
+ * Today this handles `"tinycloud.vault"`, which is backed by inline
+ * network-encrypted KV records:
+ * - read/get: `vault/<path>` with `tinycloud.kv/get`
+ * - write/put: `vault/<path>` with `tinycloud.kv/put`
+ * - delete/del: `vault/<path>` with `tinycloud.kv/del`
+ * - list: `vault/<path>` with `tinycloud.kv/list`
+ * - head: `vault/<path>` with `tinycloud.kv/get`
+ * - metadata: `vault/<path>` with `tinycloud.kv/metadata`
+ */
+declare function expandPermissionEntry(entry: PermissionEntry): PermissionEntry[];
+/**
+ * Expand a list of permission entries using {@link expandPermissionEntry}.
+ */
+declare function expandPermissionEntries(entries: readonly PermissionEntry[]): PermissionEntry[];
 /**
  * Apply the manifest prefix to a permission path per the spec rules.
  *
@@ -667,6 +712,8 @@ interface IWasmBindings {
     invoke: InvokeFunction;
     /** Invoke multiple TinyCloud capabilities in one authorization header */
     invokeAny?: InvokeAnyFunction;
+    /** Compute a CID for signed invocation bytes. */
+    computeCid?: (data: Uint8Array, codec: bigint) => string;
     /** Prepare a session (generate session key, build SIWE message) */
     prepareSession: (params: any) => any;
     /** Complete session setup (create delegation) */
@@ -1313,8 +1360,8 @@ declare const DelegationSchema: z.ZodObject<{
     authHeader: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
     path: string;
-    actions: string[];
     expiry: Date;
+    actions: string[];
     spaceId: string;
     cid: string;
     delegateDID: string;
@@ -1326,8 +1373,8 @@ declare const DelegationSchema: z.ZodObject<{
     authHeader?: string | undefined;
 }, {
     path: string;
-    actions: string[];
     expiry: Date;
+    actions: string[];
     spaceId: string;
     cid: string;
     delegateDID: string;
@@ -1471,8 +1518,8 @@ declare const CapabilityEntrySchema: z.ZodObject<{
         authHeader: z.ZodOptional<z.ZodString>;
     }, "strip", z.ZodTypeAny, {
         path: string;
-        actions: string[];
         expiry: Date;
+        actions: string[];
         spaceId: string;
         cid: string;
         delegateDID: string;
@@ -1484,8 +1531,8 @@ declare const CapabilityEntrySchema: z.ZodObject<{
         authHeader?: string | undefined;
     }, {
         path: string;
-        actions: string[];
         expiry: Date;
+        actions: string[];
         spaceId: string;
         cid: string;
         delegateDID: string;
@@ -1520,8 +1567,8 @@ declare const CapabilityEntrySchema: z.ZodObject<{
     }[];
     delegation: {
         path: string;
-        actions: string[];
         expiry: Date;
+        actions: string[];
         spaceId: string;
         cid: string;
         delegateDID: string;
@@ -1557,8 +1604,8 @@ declare const CapabilityEntrySchema: z.ZodObject<{
     }[];
     delegation: {
         path: string;
-        actions: string[];
         expiry: Date;
+        actions: string[];
         spaceId: string;
         cid: string;
         delegateDID: string;
@@ -1692,8 +1739,8 @@ declare const DelegationChainSchema: z.ZodArray<z.ZodObject<{
     authHeader: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
     path: string;
-    actions: string[];
     expiry: Date;
+    actions: string[];
     spaceId: string;
     cid: string;
     delegateDID: string;
@@ -1705,8 +1752,8 @@ declare const DelegationChainSchema: z.ZodArray<z.ZodObject<{
     authHeader?: string | undefined;
 }, {
     path: string;
-    actions: string[];
     expiry: Date;
+    actions: string[];
     spaceId: string;
     cid: string;
     delegateDID: string;
@@ -1750,8 +1797,8 @@ declare const DelegationChainV2Schema: z.ZodObject<{
         authHeader: z.ZodOptional<z.ZodString>;
     }, "strip", z.ZodTypeAny, {
         path: string;
-        actions: string[];
         expiry: Date;
+        actions: string[];
         spaceId: string;
         cid: string;
         delegateDID: string;
@@ -1763,8 +1810,8 @@ declare const DelegationChainV2Schema: z.ZodObject<{
         authHeader?: string | undefined;
     }, {
         path: string;
-        actions: string[];
         expiry: Date;
+        actions: string[];
         spaceId: string;
         cid: string;
         delegateDID: string;
@@ -1803,8 +1850,8 @@ declare const DelegationChainV2Schema: z.ZodObject<{
         authHeader: z.ZodOptional<z.ZodString>;
     }, "strip", z.ZodTypeAny, {
         path: string;
-        actions: string[];
         expiry: Date;
+        actions: string[];
         spaceId: string;
         cid: string;
         delegateDID: string;
@@ -1816,8 +1863,8 @@ declare const DelegationChainV2Schema: z.ZodObject<{
         authHeader?: string | undefined;
     }, {
         path: string;
-        actions: string[];
         expiry: Date;
+        actions: string[];
         spaceId: string;
         cid: string;
         delegateDID: string;
@@ -1856,8 +1903,8 @@ declare const DelegationChainV2Schema: z.ZodObject<{
         authHeader: z.ZodOptional<z.ZodString>;
     }, "strip", z.ZodTypeAny, {
         path: string;
-        actions: string[];
         expiry: Date;
+        actions: string[];
         spaceId: string;
         cid: string;
         delegateDID: string;
@@ -1869,8 +1916,8 @@ declare const DelegationChainV2Schema: z.ZodObject<{
         authHeader?: string | undefined;
     }, {
         path: string;
-        actions: string[];
         expiry: Date;
+        actions: string[];
         spaceId: string;
         cid: string;
         delegateDID: string;
@@ -1884,8 +1931,8 @@ declare const DelegationChainV2Schema: z.ZodObject<{
 }, "strip", z.ZodTypeAny, {
     root: {
         path: string;
-        actions: string[];
         expiry: Date;
+        actions: string[];
         spaceId: string;
         cid: string;
         delegateDID: string;
@@ -1898,8 +1945,8 @@ declare const DelegationChainV2Schema: z.ZodObject<{
     };
     chain: {
         path: string;
-        actions: string[];
         expiry: Date;
+        actions: string[];
         spaceId: string;
         cid: string;
         delegateDID: string;
@@ -1912,8 +1959,8 @@ declare const DelegationChainV2Schema: z.ZodObject<{
     }[];
     leaf: {
         path: string;
-        actions: string[];
         expiry: Date;
+        actions: string[];
         spaceId: string;
         cid: string;
         delegateDID: string;
@@ -1927,8 +1974,8 @@ declare const DelegationChainV2Schema: z.ZodObject<{
 }, {
     root: {
         path: string;
-        actions: string[];
         expiry: Date;
+        actions: string[];
         spaceId: string;
         cid: string;
         delegateDID: string;
@@ -1941,8 +1988,8 @@ declare const DelegationChainV2Schema: z.ZodObject<{
     };
     chain: {
         path: string;
-        actions: string[];
         expiry: Date;
+        actions: string[];
         spaceId: string;
         cid: string;
         delegateDID: string;
@@ -1955,8 +2002,8 @@ declare const DelegationChainV2Schema: z.ZodObject<{
     }[];
     leaf: {
         path: string;
-        actions: string[];
         expiry: Date;
+        actions: string[];
         spaceId: string;
         cid: string;
         delegateDID: string;
@@ -2096,8 +2143,8 @@ declare const ShareLinkSchema: z.ZodObject<{
         authHeader: z.ZodOptional<z.ZodString>;
     }, "strip", z.ZodTypeAny, {
         path: string;
-        actions: string[];
         expiry: Date;
+        actions: string[];
         spaceId: string;
         cid: string;
         delegateDID: string;
@@ -2109,8 +2156,8 @@ declare const ShareLinkSchema: z.ZodObject<{
         authHeader?: string | undefined;
     }, {
         path: string;
-        actions: string[];
         expiry: Date;
+        actions: string[];
         spaceId: string;
         cid: string;
         delegateDID: string;
@@ -2131,8 +2178,8 @@ declare const ShareLinkSchema: z.ZodObject<{
     url: string;
     delegation: {
         path: string;
-        actions: string[];
         expiry: Date;
+        actions: string[];
         spaceId: string;
         cid: string;
         delegateDID: string;
@@ -2151,8 +2198,8 @@ declare const ShareLinkSchema: z.ZodObject<{
     url: string;
     delegation: {
         path: string;
-        actions: string[];
         expiry: Date;
+        actions: string[];
         spaceId: string;
         cid: string;
         delegateDID: string;
@@ -2221,16 +2268,16 @@ declare const GenerateShareParamsSchema: z.ZodObject<{
     baseUrl: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
     path: string;
-    actions?: string[] | undefined;
     expiry?: Date | undefined;
     description?: string | undefined;
+    actions?: string[] | undefined;
     schema?: "base64" | "compact" | "ipfs" | undefined;
     baseUrl?: string | undefined;
 }, {
     path: string;
-    actions?: string[] | undefined;
     expiry?: Date | undefined;
     description?: string | undefined;
+    actions?: string[] | undefined;
     schema?: "base64" | "compact" | "ipfs" | undefined;
     baseUrl?: string | undefined;
 }>;
@@ -3293,6 +3340,11 @@ declare class TinyCloud {
      * @throws Error if services are not initialized or vault service is not registered
      */
     get vault(): IDataVaultService;
+    /**
+     * Get the Encryption service.
+     * @throws Error if services are not initialized or encryption service is not registered
+     */
+    get encryption(): IEncryptionService;
     /**
      * Notify services of session change.
      * Called internally after sign-in and sign-out.
@@ -4463,6 +4515,7 @@ declare class UnsupportedFeatureError extends Error {
 }
 interface NodeInfo {
     features: string[];
+    nodeId?: string;
     quotaUrl?: string;
 }
 declare function checkNodeInfo(host: string, sdkProtocol: number, fetchFn?: typeof globalThis.fetch): Promise<NodeInfo>;
@@ -4565,5 +4618,35 @@ declare function resolveCloudLocation(subject: string, options?: ResolveCloudLoc
 declare function resolveTinyCloudHosts(subject: string, options?: ResolveTinyCloudHostsOptions): Promise<ResolvedTinyCloudHosts>;
 declare function multiaddrToHttpUrl(input: string): string;
 declare function httpUrlToMultiaddr(input: string): string;
+declare function verifyDidKeyEd25519Signature(did: string, payload: Uint8Array, signature: Uint8Array): boolean;
+/**
+ * Default lifetimes for the various delegation shapes the SDK mints.
+ *
+ * The SDK has many delegation flows (session sign-in, runtime grants,
+ * share links, manifest installs, public-space sub-delegations, …) and
+ * each one used to pick its own number freehand. That made it hard to
+ * tell whether a chosen value was deliberate or copy-pasted, and made
+ * silent inconsistencies easy to ship.
+ *
+ * Every default below answers two questions:
+ *  - Who recovers if the delegation leaks? (re-auth, revocation, no one)
+ *  - Who is the principal at use time? (issuer, third party)
+ *
+ * The five tiers fall out of those answers. Pick a tier, not a number,
+ * when introducing a new delegation surface.
+ *
+ * @packageDocumentation
+ */
+declare const EXPIRY: {
+    readonly EPHEMERAL_MS: number;
+    readonly SIGNED_READ_URL_MS: number;
+    readonly SESSION_MS: number;
+    readonly SHARE_MS: number;
+    readonly APP_MS: number;
+    readonly MAX_MS: number;
+};
+declare const DEFAULT_SIGNED_READ_URL_EXPIRY_MS: number;
+type ExpiryTier = keyof typeof EXPIRY;
-export { ACCOUNT_REGISTRY_PATH, ACCOUNT_REGISTRY_SPACE, type AbilitiesMap, AutoApproveSpaceCreationHandler, type AutoRejectStrategy, type AutoSignStrategy, type Bytes, type CallbackStrategy, type CapabilityEntry, CapabilityKeyRegistry, type CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, type ClientSession, ClientSessionSchema, CloudLocationResolutionError, type ComposeManifestOptions, type ComposedManifestRequest, type CreateDelegationFunction, type CreateDelegationParams, type CreateDelegationWasmParams, type CreateDelegationWasmResult, DEFAULT_DEFAULTS, DEFAULT_EXPIRY, DEFAULT_MANIFEST_SPACE, DEFAULT_MANIFEST_VERSION, DEFAULT_TINYCLOUD_FALLBACK_HOST, DEFAULT_TINYCLOUD_LOCATION_REGISTRY_URL, type DelegatedResource, type Delegation, type DelegationApiResponse, type DelegationChain, type DelegationChainV2, type DelegationDirection, type DelegationError, type DelegationErrorCode, DelegationErrorCodes, type DelegationFilters, DelegationManager, type DelegationManagerConfig, type DelegationRecord, type Result as DelegationResult, type EncodedShareData, type EnsData, EnsDataSchema, type EventEmitterStrategy, type Extension, type GenerateShareParams, type ICapabilityKeyRegistry, type IENSResolver, type INotificationHandler, type ISessionManager, type ISessionStorage, type ISharingService, type ISigner, type ISpace, type ISpaceCreationHandler, type ISpaceScopedDelegations, type ISpaceScopedSharing, type ISpaceService, type IUserAuthorization, type IWasmBindings, type IngestOptions, type JWK, type KeyInfo, type KeyProvider, type KeyType, type LocationCandidate, type LocationCandidateInput, type LocationRecord, type LocationRecordPayload, type LocationRecordSigner, LocationRecordValidationError, type LocationResolutionAttempt, type LocationSource, type Manifest, type ManifestDefaults, type ManifestRegistryRecord, type ManifestSecretActions, ManifestValidationError, type NodeInfo, type ParseRecapFromSiwe, type PartialSiweMessage, type PermissionEntry, PermissionNotInManifestError, type PersistedSessionData, type PersistedTinyCloudSession, ProtocolMismatchError, type ReceiveOptions, type ResolveCloudLocationOptions, type ResolveTinyCloudHostsOptions, type ResolvedCapabilities, type ResolvedCloudLocation, type ResolvedDelegate, type ResolvedTinyCloudHosts, type ResourceCapability, SERVICE_LONG_TO_SHORT, SERVICE_SHORT_TO_LONG, type ServerHost, SessionExpiredError, type ShareAccess, type ShareLink, type ShareLinkData, type ShareSchema, SharingService, type SharingServiceConfig, type SignCallback, type SignInOptions, type SignRequest, type SignResponse, type SignStrategy, SilentNotificationHandler, type SiweConfig, SiweConfigSchema, Space, type SpaceAbilitiesMap, type SpaceConfig, type SpaceCreationContext, type SpaceDelegationParams, type SpaceErrorCode, SpaceErrorCodes, type SpaceHostResult, type SpaceInfo, type SpaceOwnership, SpaceService, type SpaceServiceConfig, type StoredDelegationChain, type SubsetCheckResult, TinyCloud, type TinyCloudConfig, type TinyCloudSession, UnsupportedFeatureError, type UserAuthorizationConfig, type ValidationError, VersionCheckError, type WasmRecapEntry, activateSessionWithHost, applyPrefix, buildSpaceUri, canonicalLocationPayload, checkNodeInfo, composeManifestRequest, createCapabilityKeyRegistry, createSharingService, createSpaceService, defaultSignStrategy, defaultSpaceCreationHandler, expandActionShortNames, fetchLocationRecord, fetchPeerId, httpUrlToMultiaddr, isCapabilitySubset, loadManifest, locationPayloadForRecord, makePublicSpaceId, manifestAbilitiesUnion, multiaddrToHttpUrl, normalizeDefaults, parseExpiry, parseRecapCapabilities, parseSpaceUri, resolveCloudLocation, resolveManifest, resolveTinyCloudHosts, resourceCapabilitiesToAbilitiesMap, resourceCapabilitiesToSpaceAbilitiesMap, signLocationRecord, submitHostDelegation, validateClientSession, validateLocationRecord, validateLocationRecordPayload, validateManifest, validatePersistedSessionData, verifyLocationRecord };
+export { ACCOUNT_REGISTRY_PATH, ACCOUNT_REGISTRY_SPACE, type AbilitiesMap, AutoApproveSpaceCreationHandler, type AutoRejectStrategy, type AutoSignStrategy, type Bytes, type CallbackStrategy, type CapabilityEntry, CapabilityKeyRegistry, type CapabilityKeyRegistryErrorCode, CapabilityKeyRegistryErrorCodes, type ClientSession, ClientSessionSchema, CloudLocationResolutionError, type ComposeManifestOptions, type ComposedManifestRequest, type CreateDelegationFunction, type CreateDelegationParams, type CreateDelegationWasmParams, type CreateDelegationWasmResult, DEFAULT_DEFAULTS, DEFAULT_EXPIRY, DEFAULT_MANIFEST_SPACE, DEFAULT_MANIFEST_VERSION, DEFAULT_SIGNED_READ_URL_EXPIRY_MS, DEFAULT_TINYCLOUD_FALLBACK_HOST, DEFAULT_TINYCLOUD_LOCATION_REGISTRY_URL, type DelegatedResource, type Delegation, type DelegationApiResponse, type DelegationChain, type DelegationChainV2, type DelegationDirection, type DelegationError, type DelegationErrorCode, DelegationErrorCodes, type DelegationFilters, DelegationManager, type DelegationManagerConfig, type DelegationRecord, type Result as DelegationResult, ENCRYPTION_MANIFEST_SPACE, ENCRYPTION_PERMISSION_SERVICE, EXPIRY, type EncodedShareData, type EnsData, EnsDataSchema, type EventEmitterStrategy, type ExpiryTier, type Extension, type GenerateShareParams, type ICapabilityKeyRegistry, type IENSResolver, type INotificationHandler, type ISessionManager, type ISessionStorage, type ISharingService, type ISigner, type ISpace, type ISpaceCreationHandler, type ISpaceScopedDelegations, type ISpaceScopedSharing, type ISpaceService, type IUserAuthorization, type IWasmBindings, type IngestOptions, type JWK, type KeyInfo, type KeyProvider, type KeyType, type LocationCandidate, type LocationCandidateInput, type LocationRecord, type LocationRecordPayload, type LocationRecordSigner, LocationRecordValidationError, type LocationResolutionAttempt, type LocationSource, type Manifest, type ManifestDefaults, type ManifestRegistryRecord, type ManifestSecretActions, ManifestValidationError, type NodeInfo, type ParseRecapFromSiwe, type PartialSiweMessage, type PermissionEntry, PermissionNotInManifestError, type PersistedSessionData, type PersistedTinyCloudSession, ProtocolMismatchError, type ReceiveOptions, type ResolveCloudLocationOptions, type ResolveTinyCloudHostsOptions, type ResolvedCapabilities, type ResolvedCloudLocation, type ResolvedDelegate, type ResolvedTinyCloudHosts, type ResourceCapability, SERVICE_LONG_TO_SHORT, SERVICE_SHORT_TO_LONG, type ServerHost, SessionExpiredError, type ShareAccess, type ShareLink, type ShareLinkData, type ShareSchema, SharingService, type SharingServiceConfig, type SignCallback, type SignInOptions, type SignRequest, type SignResponse, type SignStrategy, SilentNotificationHandler, type SiweConfig, SiweConfigSchema, Space, type SpaceAbilitiesMap, type SpaceConfig, type SpaceCreationContext, type SpaceDelegationParams, type SpaceErrorCode, SpaceErrorCodes, type SpaceHostResult, type SpaceInfo, type SpaceOwnership, SpaceService, type SpaceServiceConfig, type StoredDelegationChain, type SubsetCheckResult, TinyCloud, type TinyCloudConfig, type TinyCloudSession, UnsupportedFeatureError, type UserAuthorizationConfig, VAULT_PERMISSION_SERVICE, type ValidationError, VersionCheckError, type WasmRecapEntry, activateSessionWithHost, applyPrefix, buildSpaceUri, canonicalLocationPayload, checkNodeInfo, composeManifestRequest, createCapabilityKeyRegistry, createSharingService, createSpaceService, defaultSignStrategy, defaultSpaceCreationHandler, expandActionShortNames, expandPermissionEntries, expandPermissionEntry, fetchLocationRecord, fetchPeerId, httpUrlToMultiaddr, isCapabilitySubset, loadManifest, locationPayloadForRecord, makePublicSpaceId, manifestAbilitiesUnion, multiaddrToHttpUrl, normalizeDefaults, parseExpiry, parseRecapCapabilities, parseSpaceUri, resolveCloudLocation, resolveManifest, resolveTinyCloudHosts, resourceCapabilitiesToAbilitiesMap, resourceCapabilitiesToSpaceAbilitiesMap, signLocationRecord, submitHostDelegation, validateClientSession, validateLocationRecord, validateLocationRecordPayload, validateManifest, validatePersistedSessionData, verifyDidKeyEd25519Signature, verifyLocationRecord };