npm - @tinycloud/sdk-services - Versions diffs - 2.2.0-beta.13 → 2.2.0 - Mend

@tinycloud/sdk-services 2.2.0-beta.13 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/dist/{BaseService-BiS6HRwE.d.cts → BaseService-C_iXlTeN.d.cts} +6 -1
package/dist/{BaseService-BiS6HRwE.d.ts → BaseService-C_iXlTeN.d.ts} +6 -1
package/dist/encryption/index.cjs +1340 -0
package/dist/encryption/index.cjs.map +1 -0
package/dist/encryption/index.d.cts +802 -0
package/dist/encryption/index.d.ts +802 -0
package/dist/encryption/index.js +1274 -0
package/dist/encryption/index.js.map +1 -0
package/dist/index.cjs +1321 -4
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +26 -5
package/dist/index.d.ts +26 -5
package/dist/index.js +1280 -4
package/dist/index.js.map +1 -1
package/dist/kv/index.cjs.map +1 -1
package/dist/kv/index.d.cts +1 -1
package/dist/kv/index.d.ts +1 -1
package/dist/kv/index.js.map +1 -1
package/dist/sql/index.cjs.map +1 -1
package/dist/sql/index.d.cts +1 -1
package/dist/sql/index.d.ts +1 -1
package/dist/sql/index.js.map +1 -1
package/package.json +7 -2

package/dist/index.d.cts CHANGED Viewed

@@ -1,9 +1,11 @@
-import { I as IServiceContext, a as InvokeFunction, b as InvokeAnyFunction, F as FetchFunction, S as ServiceSession, R as RetryPolicy, c as IService, d as ServiceError, e as Result, B as BaseService, f as StorageQuotaInfo } from './BaseService-BiS6HRwE.cjs';
-export { E as ErrorCode, g as ErrorCodes, h as EventHandler, i as FetchRequestInit, j as FetchResponse, k as InvocationFact, l as InvocationFacts, m as InvokeAnyEntry, n as ServiceErrorEvent, o as ServiceHeaders, p as ServiceRequestEvent, q as ServiceResponseEvent, r as ServiceRetryEvent, T as TelemetryEvents, s as defaultRetryPolicy, t as err, u as ok, v as serviceError } from './BaseService-BiS6HRwE.cjs';
+import { I as IServiceContext, a as InvokeFunction, b as InvokeAnyFunction, F as FetchFunction, S as ServiceSession, R as RetryPolicy, c as IService, d as ServiceError, e as Result, B as BaseService, f as StorageQuotaInfo } from './BaseService-C_iXlTeN.cjs';
+export { E as ErrorCode, g as ErrorCodes, h as EventHandler, i as FetchRequestInit, j as FetchResponse, k as InvocationFact, l as InvocationFacts, m as InvokeAnyEntry, n as ServiceErrorEvent, o as ServiceHeaders, p as ServiceRequestEvent, q as ServiceResponseEvent, r as ServiceRetryEvent, T as TelemetryEvents, s as defaultRetryPolicy, t as err, u as ok, v as serviceError } from './BaseService-C_iXlTeN.cjs';
 import { z } from 'zod';
 import { IKVService } from './kv/index.cjs';
 export { DEFAULT_SIGNED_READ_URL_EXPIRY_MS, IPrefixedKVService, KVAction, KVActionType, KVCreateSignedReadUrlOptions, KVDeleteOptions, KVGetOptions, KVHeadOptions, KVListOptions, KVListResponse, KVPutOptions, KVResponse, KVResponseHeaders, KVService, KVServiceConfig, KVSignedReadUrlResponse, PrefixedKVService } from './kv/index.cjs';
 export { BatchOptions, BatchResponse, DatabaseHandle, ExecuteOptions, ExecuteResponse, IDatabaseHandle, ISQLService, QueryOptions, QueryResponse, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SqlStatement, SqlValue } from './sql/index.cjs';
+import { IEncryptionService, DecryptCapabilityProof } from './encryption/index.cjs';
+export { BuildCanonicalDecryptRequestInput, BuildDecryptFactsInput, BuildDecryptInvocationInput, BuiltDecryptInvocation, CanonicalDecryptRequest, CanonicalJson, DECRYPT_ACTION, DECRYPT_FACT_TYPE, DECRYPT_RESULT_TYPE, DEFAULT_ENCRYPTION_ALG, DEFAULT_KEY_VERSION, DecryptEnvelopeOptions, DecryptInvocationFact, DecryptInvocationSigner, DecryptRequestBody, DecryptResponseBody, DecryptTransport, DiscoverNetworkInput, DiscoveredNetwork, DiscoverySource, ENCRYPTION_NETWORK_URN_PREFIX, ENCRYPTION_SERVICE, ENCRYPTION_SERVICE_SHORT, ENVELOPE_VERSION, EncryptToNetworkInput, EncryptToNetworkOptions, EncryptToNetworkResult, EncryptionCrypto, EncryptionError, EncryptionErrorInput, EncryptionService, EncryptionServiceConfig, InlineEncryptedEnvelope, Json, NETWORK_NAME_PATTERN, NetworkDescriptor, NetworkIdError, NodeDescriptorFetcher, ParsedNetworkId, RandomReceiverKeyInput, ReceiverKeyPair, ReceiverKeySigner, SignedReceiverKeyInput, VerifyDecryptResponseInput, WellKnownDescriptorFetcher, base64Decode, base64Encode, buildCanonicalDecryptRequest, buildDecryptAttenuation, buildDecryptFacts, buildDecryptInvocation, buildNetworkId, canonicalHashHex, canonicalSignedResponse, canonicalize as canonicalizeEncryptionJson, checkDecryptInvocationInput, decryptEnvelopeWithKey, deriveSignedReceiverKey, discoverNetwork, encryptToNetwork, encryptionError, ensureNetworkUsableForDecrypt, generateRandomReceiverKey, hexDecode, hexEncode, isNetworkId, networkDiscoveryKey, openWrappedKey, parseNetworkId, utf8Decode, utf8Encode, validateEnvelope, verifyDecryptResponse } from './encryption/index.cjs';
 /**
  * Zod schemas for SDK Services API response types.
@@ -1375,6 +1377,15 @@ declare class TinyCloudQuota {
  *
  * Type definitions for the Data Vault (encrypted KV) service operations.
  */
+interface VaultNetworkEncryptionConfig {
+    /** Default encryption network used for inline vault envelopes. */
+    networkId: string;
+    /** TinyCloud encryption module used for local encrypt and node-mediated decrypt. */
+    service: IEncryptionService;
+    /** Proof material presented to the encryption module for decrypt requests. */
+    decryptCapabilityProof?: DecryptCapabilityProof | (() => DecryptCapabilityProof | Promise<DecryptCapabilityProof>);
+}
 /**
  * Configuration for DataVaultService.
  */
@@ -1383,6 +1394,8 @@ interface DataVaultConfig {
     spaceId: string;
     /** Key rotation policy */
     keyRotation?: "per-write" | "per-key";
+    /** Network-envelope encryption mode. When set, vault.unlock/key grants are not used. */
+    encryption?: VaultNetworkEncryptionConfig;
 }
 /**
  * Options for vault put operations.
@@ -1775,10 +1788,15 @@ declare class DataVaultService extends BaseService implements IDataVaultService
      * Convenience accessor for TinyCloud instance.
      */
     private get tc();
+    private get networkEncryption();
+    private get usesNetworkEncryption();
     /**
      * Get the host URL.
      */
     private get host();
+    private decryptCapabilityProof;
+    private serializeValue;
+    private deserializeValue;
     /**
      * Unlock the vault. Derives keys from two wallet signatures:
      * 1. Master signature (per-space) — used to derive the master encryption key
@@ -1808,6 +1826,9 @@ declare class DataVaultService extends BaseService implements IDataVaultService
      * Called when SDK signs out. Locks the vault and aborts operations.
      */
     onSignOut(): void;
+    private putNetworkEncrypted;
+    private getNetworkEncrypted;
+    private headNetworkEncrypted;
     /**
      * Encrypt and store a value at the given key.
      *
@@ -1950,14 +1971,14 @@ interface ResolvedSecretPath {
     scope?: string;
     /** Key passed to the data vault service. */
     vaultKey: string;
-    /** KV permission paths that back the encrypted vault entry. */
+    /** KV permission path that backs the encrypted vault entry. */
     permissionPaths: {
-        keys: string;
         vault: string;
     };
 }
 declare function canonicalizeSecretScope(scope: string | undefined): string | undefined;
 declare function resolveSecretPath(name: string, options?: SecretScopeOptions): ResolvedSecretPath;
+declare function resolveSecretListPrefix(options?: SecretScopeOptions): string;
 interface SecretPayload {
     value: string;
@@ -1989,4 +2010,4 @@ declare class SecretsService implements ISecretsService {
     list(options?: SecretScopeOptions): Promise<Result<string[], SecretsError>>;
 }
-export { BaseService, type BaseServiceOptions, type ColumnInfo, type DataVaultConfig, DataVaultService, DuckDbAction, type DuckDbActionType, type DuckDbBatchOptions, type BatchResponse as DuckDbBatchResponse, DuckDbDatabaseHandle, type DuckDbExecuteOptions, type ExecuteResponse as DuckDbExecuteResponse, type DuckDbOptions, type DuckDbQueryOptions, type QueryResponse as DuckDbQueryResponse, DuckDbService, type DuckDbServiceConfig, type DuckDbStatement, type DuckDbValue, FetchFunction, GenericKVResponseSchema, type GenericKVResponseType, GenericResultSchema, type HookEvent, type HookServiceName, type HookStreamEvent, type HookSubscription, type HookWebhookListOptions, type HookWebhookRecord, type HookWebhookRegistration, type HookWebhookScope, type HookWebhookUnregisterOptions, HooksService, type HooksServiceConfig, type IDataVaultService, type IDuckDbDatabaseHandle, type IDuckDbService, type IHooksService, IKVService, type ISecretsService, IService, IServiceContext, InvokeAnyFunction, InvokeFunction, KVListResponseSchema, type KVListResponseType, KVListResultSchema, type KVListResultType, KVResponseHeadersSchema, type KVResponseHeadersType, type QuotaConfig, type QuotaStatus, type ResolvedSecretPath, Result, RetryPolicy, RetryPolicySchema, type RetryPolicyType, SECRET_NAME_RE, type SchemaInfo, type SecretPayload, type SecretScopeOptions, type SecretsError, SecretsService, type ServiceConstructor, ServiceContext, type ServiceContextConfig, ServiceError, ServiceErrorEventSchema, type ServiceErrorEventType, ServiceErrorSchema, type ServiceErrorType, type ServiceRegistration, ServiceRequestEventSchema, type ServiceRequestEventType, ServiceResponseEventSchema, type ServiceResponseEventType, ServiceRetryEventSchema, type ServiceRetryEventType, ServiceSession, ServiceSessionSchema, type ServiceSessionType, StorageQuotaInfo, type SubscribeOptions, type TableInfo, TinyCloudQuota, type ValidationError, type VaultCrypto, type VaultEntry, type VaultError, type VaultGetOptions, type VaultGrantOptions, VaultHeaders, type VaultListOptions, VaultPublicSpaceKVActions, type VaultPutOptions, type ViewInfo, type WasmVaultFunctions, abortedError, authExpiredError, authRequiredError, authUnauthorizedError, canonicalizeSecretScope, createKVResponseSchema, createResultSchema, createVaultCrypto, errorResult, networkError, notFoundError, parseAuthError, permissionDeniedError, resolveSecretPath, storageLimitReachedError, storageQuotaExceededError, timeoutError, validateKVListResponse, validateKVResponseHeaders, validateRetryPolicy, validateServiceError, validateServiceRequestEvent, validateServiceResponseEvent, validateServiceSession, wrapError };
+export { BaseService, type BaseServiceOptions, type ColumnInfo, type DataVaultConfig, DataVaultService, DecryptCapabilityProof, DuckDbAction, type DuckDbActionType, type DuckDbBatchOptions, type BatchResponse as DuckDbBatchResponse, DuckDbDatabaseHandle, type DuckDbExecuteOptions, type ExecuteResponse as DuckDbExecuteResponse, type DuckDbOptions, type DuckDbQueryOptions, type QueryResponse as DuckDbQueryResponse, DuckDbService, type DuckDbServiceConfig, type DuckDbStatement, type DuckDbValue, FetchFunction, GenericKVResponseSchema, type GenericKVResponseType, GenericResultSchema, type HookEvent, type HookServiceName, type HookStreamEvent, type HookSubscription, type HookWebhookListOptions, type HookWebhookRecord, type HookWebhookRegistration, type HookWebhookScope, type HookWebhookUnregisterOptions, HooksService, type HooksServiceConfig, type IDataVaultService, type IDuckDbDatabaseHandle, type IDuckDbService, IEncryptionService, type IHooksService, IKVService, type ISecretsService, IService, IServiceContext, InvokeAnyFunction, InvokeFunction, KVListResponseSchema, type KVListResponseType, KVListResultSchema, type KVListResultType, KVResponseHeadersSchema, type KVResponseHeadersType, type QuotaConfig, type QuotaStatus, type ResolvedSecretPath, Result, RetryPolicy, RetryPolicySchema, type RetryPolicyType, SECRET_NAME_RE, type SchemaInfo, type SecretPayload, type SecretScopeOptions, type SecretsError, SecretsService, type ServiceConstructor, ServiceContext, type ServiceContextConfig, ServiceError, ServiceErrorEventSchema, type ServiceErrorEventType, ServiceErrorSchema, type ServiceErrorType, type ServiceRegistration, ServiceRequestEventSchema, type ServiceRequestEventType, ServiceResponseEventSchema, type ServiceResponseEventType, ServiceRetryEventSchema, type ServiceRetryEventType, ServiceSession, ServiceSessionSchema, type ServiceSessionType, StorageQuotaInfo, type SubscribeOptions, type TableInfo, TinyCloudQuota, type ValidationError, type VaultCrypto, type VaultEntry, type VaultError, type VaultGetOptions, type VaultGrantOptions, VaultHeaders, type VaultListOptions, VaultPublicSpaceKVActions, type VaultPutOptions, type ViewInfo, type WasmVaultFunctions, abortedError, authExpiredError, authRequiredError, authUnauthorizedError, canonicalizeSecretScope, createKVResponseSchema, createResultSchema, createVaultCrypto, errorResult, networkError, notFoundError, parseAuthError, permissionDeniedError, resolveSecretListPrefix, resolveSecretPath, storageLimitReachedError, storageQuotaExceededError, timeoutError, validateKVListResponse, validateKVResponseHeaders, validateRetryPolicy, validateServiceError, validateServiceRequestEvent, validateServiceResponseEvent, validateServiceSession, wrapError };

package/dist/index.d.ts CHANGED Viewed

@@ -1,9 +1,11 @@
-import { I as IServiceContext, a as InvokeFunction, b as InvokeAnyFunction, F as FetchFunction, S as ServiceSession, R as RetryPolicy, c as IService, d as ServiceError, e as Result, B as BaseService, f as StorageQuotaInfo } from './BaseService-BiS6HRwE.js';
-export { E as ErrorCode, g as ErrorCodes, h as EventHandler, i as FetchRequestInit, j as FetchResponse, k as InvocationFact, l as InvocationFacts, m as InvokeAnyEntry, n as ServiceErrorEvent, o as ServiceHeaders, p as ServiceRequestEvent, q as ServiceResponseEvent, r as ServiceRetryEvent, T as TelemetryEvents, s as defaultRetryPolicy, t as err, u as ok, v as serviceError } from './BaseService-BiS6HRwE.js';
+import { I as IServiceContext, a as InvokeFunction, b as InvokeAnyFunction, F as FetchFunction, S as ServiceSession, R as RetryPolicy, c as IService, d as ServiceError, e as Result, B as BaseService, f as StorageQuotaInfo } from './BaseService-C_iXlTeN.js';
+export { E as ErrorCode, g as ErrorCodes, h as EventHandler, i as FetchRequestInit, j as FetchResponse, k as InvocationFact, l as InvocationFacts, m as InvokeAnyEntry, n as ServiceErrorEvent, o as ServiceHeaders, p as ServiceRequestEvent, q as ServiceResponseEvent, r as ServiceRetryEvent, T as TelemetryEvents, s as defaultRetryPolicy, t as err, u as ok, v as serviceError } from './BaseService-C_iXlTeN.js';
 import { z } from 'zod';
 import { IKVService } from './kv/index.js';
 export { DEFAULT_SIGNED_READ_URL_EXPIRY_MS, IPrefixedKVService, KVAction, KVActionType, KVCreateSignedReadUrlOptions, KVDeleteOptions, KVGetOptions, KVHeadOptions, KVListOptions, KVListResponse, KVPutOptions, KVResponse, KVResponseHeaders, KVService, KVServiceConfig, KVSignedReadUrlResponse, PrefixedKVService } from './kv/index.js';
 export { BatchOptions, BatchResponse, DatabaseHandle, ExecuteOptions, ExecuteResponse, IDatabaseHandle, ISQLService, QueryOptions, QueryResponse, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SqlStatement, SqlValue } from './sql/index.js';
+import { IEncryptionService, DecryptCapabilityProof } from './encryption/index.js';
+export { BuildCanonicalDecryptRequestInput, BuildDecryptFactsInput, BuildDecryptInvocationInput, BuiltDecryptInvocation, CanonicalDecryptRequest, CanonicalJson, DECRYPT_ACTION, DECRYPT_FACT_TYPE, DECRYPT_RESULT_TYPE, DEFAULT_ENCRYPTION_ALG, DEFAULT_KEY_VERSION, DecryptEnvelopeOptions, DecryptInvocationFact, DecryptInvocationSigner, DecryptRequestBody, DecryptResponseBody, DecryptTransport, DiscoverNetworkInput, DiscoveredNetwork, DiscoverySource, ENCRYPTION_NETWORK_URN_PREFIX, ENCRYPTION_SERVICE, ENCRYPTION_SERVICE_SHORT, ENVELOPE_VERSION, EncryptToNetworkInput, EncryptToNetworkOptions, EncryptToNetworkResult, EncryptionCrypto, EncryptionError, EncryptionErrorInput, EncryptionService, EncryptionServiceConfig, InlineEncryptedEnvelope, Json, NETWORK_NAME_PATTERN, NetworkDescriptor, NetworkIdError, NodeDescriptorFetcher, ParsedNetworkId, RandomReceiverKeyInput, ReceiverKeyPair, ReceiverKeySigner, SignedReceiverKeyInput, VerifyDecryptResponseInput, WellKnownDescriptorFetcher, base64Decode, base64Encode, buildCanonicalDecryptRequest, buildDecryptAttenuation, buildDecryptFacts, buildDecryptInvocation, buildNetworkId, canonicalHashHex, canonicalSignedResponse, canonicalize as canonicalizeEncryptionJson, checkDecryptInvocationInput, decryptEnvelopeWithKey, deriveSignedReceiverKey, discoverNetwork, encryptToNetwork, encryptionError, ensureNetworkUsableForDecrypt, generateRandomReceiverKey, hexDecode, hexEncode, isNetworkId, networkDiscoveryKey, openWrappedKey, parseNetworkId, utf8Decode, utf8Encode, validateEnvelope, verifyDecryptResponse } from './encryption/index.js';
 /**
  * Zod schemas for SDK Services API response types.
@@ -1375,6 +1377,15 @@ declare class TinyCloudQuota {
  *
  * Type definitions for the Data Vault (encrypted KV) service operations.
  */
+interface VaultNetworkEncryptionConfig {
+    /** Default encryption network used for inline vault envelopes. */
+    networkId: string;
+    /** TinyCloud encryption module used for local encrypt and node-mediated decrypt. */
+    service: IEncryptionService;
+    /** Proof material presented to the encryption module for decrypt requests. */
+    decryptCapabilityProof?: DecryptCapabilityProof | (() => DecryptCapabilityProof | Promise<DecryptCapabilityProof>);
+}
 /**
  * Configuration for DataVaultService.
  */
@@ -1383,6 +1394,8 @@ interface DataVaultConfig {
     spaceId: string;
     /** Key rotation policy */
     keyRotation?: "per-write" | "per-key";
+    /** Network-envelope encryption mode. When set, vault.unlock/key grants are not used. */
+    encryption?: VaultNetworkEncryptionConfig;
 }
 /**
  * Options for vault put operations.
@@ -1775,10 +1788,15 @@ declare class DataVaultService extends BaseService implements IDataVaultService
      * Convenience accessor for TinyCloud instance.
      */
     private get tc();
+    private get networkEncryption();
+    private get usesNetworkEncryption();
     /**
      * Get the host URL.
      */
     private get host();
+    private decryptCapabilityProof;
+    private serializeValue;
+    private deserializeValue;
     /**
      * Unlock the vault. Derives keys from two wallet signatures:
      * 1. Master signature (per-space) — used to derive the master encryption key
@@ -1808,6 +1826,9 @@ declare class DataVaultService extends BaseService implements IDataVaultService
      * Called when SDK signs out. Locks the vault and aborts operations.
      */
     onSignOut(): void;
+    private putNetworkEncrypted;
+    private getNetworkEncrypted;
+    private headNetworkEncrypted;
     /**
      * Encrypt and store a value at the given key.
      *
@@ -1950,14 +1971,14 @@ interface ResolvedSecretPath {
     scope?: string;
     /** Key passed to the data vault service. */
     vaultKey: string;
-    /** KV permission paths that back the encrypted vault entry. */
+    /** KV permission path that backs the encrypted vault entry. */
     permissionPaths: {
-        keys: string;
         vault: string;
     };
 }
 declare function canonicalizeSecretScope(scope: string | undefined): string | undefined;
 declare function resolveSecretPath(name: string, options?: SecretScopeOptions): ResolvedSecretPath;
+declare function resolveSecretListPrefix(options?: SecretScopeOptions): string;
 interface SecretPayload {
     value: string;
@@ -1989,4 +2010,4 @@ declare class SecretsService implements ISecretsService {
     list(options?: SecretScopeOptions): Promise<Result<string[], SecretsError>>;
 }
-export { BaseService, type BaseServiceOptions, type ColumnInfo, type DataVaultConfig, DataVaultService, DuckDbAction, type DuckDbActionType, type DuckDbBatchOptions, type BatchResponse as DuckDbBatchResponse, DuckDbDatabaseHandle, type DuckDbExecuteOptions, type ExecuteResponse as DuckDbExecuteResponse, type DuckDbOptions, type DuckDbQueryOptions, type QueryResponse as DuckDbQueryResponse, DuckDbService, type DuckDbServiceConfig, type DuckDbStatement, type DuckDbValue, FetchFunction, GenericKVResponseSchema, type GenericKVResponseType, GenericResultSchema, type HookEvent, type HookServiceName, type HookStreamEvent, type HookSubscription, type HookWebhookListOptions, type HookWebhookRecord, type HookWebhookRegistration, type HookWebhookScope, type HookWebhookUnregisterOptions, HooksService, type HooksServiceConfig, type IDataVaultService, type IDuckDbDatabaseHandle, type IDuckDbService, type IHooksService, IKVService, type ISecretsService, IService, IServiceContext, InvokeAnyFunction, InvokeFunction, KVListResponseSchema, type KVListResponseType, KVListResultSchema, type KVListResultType, KVResponseHeadersSchema, type KVResponseHeadersType, type QuotaConfig, type QuotaStatus, type ResolvedSecretPath, Result, RetryPolicy, RetryPolicySchema, type RetryPolicyType, SECRET_NAME_RE, type SchemaInfo, type SecretPayload, type SecretScopeOptions, type SecretsError, SecretsService, type ServiceConstructor, ServiceContext, type ServiceContextConfig, ServiceError, ServiceErrorEventSchema, type ServiceErrorEventType, ServiceErrorSchema, type ServiceErrorType, type ServiceRegistration, ServiceRequestEventSchema, type ServiceRequestEventType, ServiceResponseEventSchema, type ServiceResponseEventType, ServiceRetryEventSchema, type ServiceRetryEventType, ServiceSession, ServiceSessionSchema, type ServiceSessionType, StorageQuotaInfo, type SubscribeOptions, type TableInfo, TinyCloudQuota, type ValidationError, type VaultCrypto, type VaultEntry, type VaultError, type VaultGetOptions, type VaultGrantOptions, VaultHeaders, type VaultListOptions, VaultPublicSpaceKVActions, type VaultPutOptions, type ViewInfo, type WasmVaultFunctions, abortedError, authExpiredError, authRequiredError, authUnauthorizedError, canonicalizeSecretScope, createKVResponseSchema, createResultSchema, createVaultCrypto, errorResult, networkError, notFoundError, parseAuthError, permissionDeniedError, resolveSecretPath, storageLimitReachedError, storageQuotaExceededError, timeoutError, validateKVListResponse, validateKVResponseHeaders, validateRetryPolicy, validateServiceError, validateServiceRequestEvent, validateServiceResponseEvent, validateServiceSession, wrapError };
+export { BaseService, type BaseServiceOptions, type ColumnInfo, type DataVaultConfig, DataVaultService, DecryptCapabilityProof, DuckDbAction, type DuckDbActionType, type DuckDbBatchOptions, type BatchResponse as DuckDbBatchResponse, DuckDbDatabaseHandle, type DuckDbExecuteOptions, type ExecuteResponse as DuckDbExecuteResponse, type DuckDbOptions, type DuckDbQueryOptions, type QueryResponse as DuckDbQueryResponse, DuckDbService, type DuckDbServiceConfig, type DuckDbStatement, type DuckDbValue, FetchFunction, GenericKVResponseSchema, type GenericKVResponseType, GenericResultSchema, type HookEvent, type HookServiceName, type HookStreamEvent, type HookSubscription, type HookWebhookListOptions, type HookWebhookRecord, type HookWebhookRegistration, type HookWebhookScope, type HookWebhookUnregisterOptions, HooksService, type HooksServiceConfig, type IDataVaultService, type IDuckDbDatabaseHandle, type IDuckDbService, IEncryptionService, type IHooksService, IKVService, type ISecretsService, IService, IServiceContext, InvokeAnyFunction, InvokeFunction, KVListResponseSchema, type KVListResponseType, KVListResultSchema, type KVListResultType, KVResponseHeadersSchema, type KVResponseHeadersType, type QuotaConfig, type QuotaStatus, type ResolvedSecretPath, Result, RetryPolicy, RetryPolicySchema, type RetryPolicyType, SECRET_NAME_RE, type SchemaInfo, type SecretPayload, type SecretScopeOptions, type SecretsError, SecretsService, type ServiceConstructor, ServiceContext, type ServiceContextConfig, ServiceError, ServiceErrorEventSchema, type ServiceErrorEventType, ServiceErrorSchema, type ServiceErrorType, type ServiceRegistration, ServiceRequestEventSchema, type ServiceRequestEventType, ServiceResponseEventSchema, type ServiceResponseEventType, ServiceRetryEventSchema, type ServiceRetryEventType, ServiceSession, ServiceSessionSchema, type ServiceSessionType, StorageQuotaInfo, type SubscribeOptions, type TableInfo, TinyCloudQuota, type ValidationError, type VaultCrypto, type VaultEntry, type VaultError, type VaultGetOptions, type VaultGrantOptions, VaultHeaders, type VaultListOptions, VaultPublicSpaceKVActions, type VaultPutOptions, type ViewInfo, type WasmVaultFunctions, abortedError, authExpiredError, authRequiredError, authUnauthorizedError, canonicalizeSecretScope, createKVResponseSchema, createResultSchema, createVaultCrypto, errorResult, networkError, notFoundError, parseAuthError, permissionDeniedError, resolveSecretListPrefix, resolveSecretPath, storageLimitReachedError, storageQuotaExceededError, timeoutError, validateKVListResponse, validateKVResponseHeaders, validateRetryPolicy, validateServiceError, validateServiceRequestEvent, validateServiceResponseEvent, validateServiceSession, wrapError };