@tinycloud/sdk-services 2.3.0-beta.2 → 2.3.0-beta.6

package/dist/index.d.cts

@@ -1,8 +1,8 @@
-import { I as IServiceContext, a as InvokeFunction, b as InvokeAnyFunction, F as FetchFunction, S as ServiceSession, R as RetryPolicy, c as IService, d as ServiceError, e as Result, B as BaseService, f as StorageQuotaInfo } from './BaseService-C_iXlTeN.cjs';
-export { E as ErrorCode, g as ErrorCodes, h as EventHandler, i as FetchRequestInit, j as FetchResponse, k as InvocationFact, l as InvocationFacts, m as InvokeAnyEntry, n as ServiceErrorEvent, o as ServiceHeaders, p as ServiceRequestEvent, q as ServiceResponseEvent, r as ServiceRetryEvent, T as TelemetryEvents, s as defaultRetryPolicy, t as err, u as ok, v as serviceError } from './BaseService-C_iXlTeN.cjs';
+import { I as IServiceContext, a as InvokeFunction, b as InvokeAnyFunction, F as FetchFunction, S as ServiceSession, R as RetryPolicy, c as IService, d as ServiceError, e as Result, B as BaseService, f as StorageQuotaInfo } from './BaseService-DZ2hBJeD.cjs';
+export { E as ErrorCode, g as ErrorCodes, h as EventHandler, i as FetchRequestInit, j as FetchResponse, k as InvocationFact, l as InvocationFacts, m as InvokeAnyEntry, n as ServiceErrorEvent, o as ServiceHeaders, p as ServiceRequestEvent, q as ServiceResponseEvent, r as ServiceRetryEvent, T as TelemetryEvents, s as defaultRetryPolicy, t as err, u as ok, v as serviceError } from './BaseService-DZ2hBJeD.cjs';
 import { z } from 'zod';
 import { IKVService } from './kv/index.cjs';
-export { DEFAULT_SIGNED_READ_URL_EXPIRY_MS, IPrefixedKVService, KVAction, KVActionType, KVCreateSignedReadUrlOptions, KVDeleteOptions, KVGetOptions, KVHeadOptions, KVListOptions, KVListResponse, KVPutOptions, KVResponse, KVResponseHeaders, KVService, KVServiceConfig, KVSignedReadUrlResponse, PrefixedKVService } from './kv/index.cjs';
+export { DEFAULT_SIGNED_READ_URL_EXPIRY_MS, IPrefixedKVService, KVAction, KVActionType, KVBatchPutItem, KVBatchPutOptions, KVBatchPutResponse, KVCreateSignedReadUrlOptions, KVDeleteOptions, KVGetOptions, KVHeadOptions, KVListOptions, KVListResponse, KVPutOptions, KVResponse, KVResponseHeaders, KVService, KVServiceConfig, KVSignedReadUrlResponse, PrefixedKVService } from './kv/index.cjs';
 export { BatchOptions, BatchResponse, DatabaseHandle, ExecuteOptions, ExecuteResponse, IDatabaseHandle, ISQLService, QueryOptions, QueryResponse, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SqlStatement, SqlValue } from './sql/index.cjs';
 import { IEncryptionService, DecryptCapabilityProof } from './encryption/index.cjs';
 export { BuildCanonicalDecryptRequestInput, BuildDecryptFactsInput, BuildDecryptInvocationInput, BuiltDecryptInvocation, CanonicalDecryptRequest, CanonicalJson, DECRYPT_ACTION, DECRYPT_FACT_TYPE, DECRYPT_RESULT_TYPE, DEFAULT_ENCRYPTION_ALG, DEFAULT_KEY_VERSION, DecryptEnvelopeOptions, DecryptInvocationFact, DecryptInvocationSigner, DecryptRequestBody, DecryptResponseBody, DecryptTransport, DiscoverNetworkInput, DiscoveredNetwork, DiscoverySource, ENCRYPTION_NETWORK_URN_PREFIX, ENCRYPTION_SERVICE, ENCRYPTION_SERVICE_SHORT, ENVELOPE_VERSION, EncryptToNetworkInput, EncryptToNetworkOptions, EncryptToNetworkResult, EncryptionCrypto, EncryptionError, EncryptionErrorInput, EncryptionService, EncryptionServiceConfig, InlineEncryptedEnvelope, Json, NETWORK_NAME_PATTERN, NetworkDescriptor, NetworkIdError, NodeDescriptorFetcher, ParsedNetworkId, RandomReceiverKeyInput, ReceiverKeyPair, ReceiverKeySigner, SignedReceiverKeyInput, VerifyDecryptResponseInput, WellKnownDescriptorFetcher, base64Decode, base64Encode, buildCanonicalDecryptRequest, buildDecryptAttenuation, buildDecryptFacts, buildDecryptInvocation, buildNetworkId, canonicalHashHex, canonicalSignedResponse, canonicalize as canonicalizeEncryptionJson, checkDecryptInvocationInput, decryptEnvelopeWithKey, deriveSignedReceiverKey, discoverNetwork, encryptToNetwork, encryptionError, ensureNetworkUsableForDecrypt, generateRandomReceiverKey, hexDecode, hexEncode, isNetworkId, networkDiscoveryKey, openWrappedKey, parseNetworkId, utf8Decode, utf8Encode, validateEnvelope, verifyDecryptResponse } from './encryption/index.cjs';

package/dist/index.d.ts

@@ -1,8 +1,8 @@
-import { I as IServiceContext, a as InvokeFunction, b as InvokeAnyFunction, F as FetchFunction, S as ServiceSession, R as RetryPolicy, c as IService, d as ServiceError, e as Result, B as BaseService, f as StorageQuotaInfo } from './BaseService-C_iXlTeN.js';
-export { E as ErrorCode, g as ErrorCodes, h as EventHandler, i as FetchRequestInit, j as FetchResponse, k as InvocationFact, l as InvocationFacts, m as InvokeAnyEntry, n as ServiceErrorEvent, o as ServiceHeaders, p as ServiceRequestEvent, q as ServiceResponseEvent, r as ServiceRetryEvent, T as TelemetryEvents, s as defaultRetryPolicy, t as err, u as ok, v as serviceError } from './BaseService-C_iXlTeN.js';
+import { I as IServiceContext, a as InvokeFunction, b as InvokeAnyFunction, F as FetchFunction, S as ServiceSession, R as RetryPolicy, c as IService, d as ServiceError, e as Result, B as BaseService, f as StorageQuotaInfo } from './BaseService-DZ2hBJeD.js';
+export { E as ErrorCode, g as ErrorCodes, h as EventHandler, i as FetchRequestInit, j as FetchResponse, k as InvocationFact, l as InvocationFacts, m as InvokeAnyEntry, n as ServiceErrorEvent, o as ServiceHeaders, p as ServiceRequestEvent, q as ServiceResponseEvent, r as ServiceRetryEvent, T as TelemetryEvents, s as defaultRetryPolicy, t as err, u as ok, v as serviceError } from './BaseService-DZ2hBJeD.js';
 import { z } from 'zod';
 import { IKVService } from './kv/index.js';
-export { DEFAULT_SIGNED_READ_URL_EXPIRY_MS, IPrefixedKVService, KVAction, KVActionType, KVCreateSignedReadUrlOptions, KVDeleteOptions, KVGetOptions, KVHeadOptions, KVListOptions, KVListResponse, KVPutOptions, KVResponse, KVResponseHeaders, KVService, KVServiceConfig, KVSignedReadUrlResponse, PrefixedKVService } from './kv/index.js';
+export { DEFAULT_SIGNED_READ_URL_EXPIRY_MS, IPrefixedKVService, KVAction, KVActionType, KVBatchPutItem, KVBatchPutOptions, KVBatchPutResponse, KVCreateSignedReadUrlOptions, KVDeleteOptions, KVGetOptions, KVHeadOptions, KVListOptions, KVListResponse, KVPutOptions, KVResponse, KVResponseHeaders, KVService, KVServiceConfig, KVSignedReadUrlResponse, PrefixedKVService } from './kv/index.js';
 export { BatchOptions, BatchResponse, DatabaseHandle, ExecuteOptions, ExecuteResponse, IDatabaseHandle, ISQLService, QueryOptions, QueryResponse, SQLAction, SQLActionType, SQLService, SQLServiceConfig, SqlStatement, SqlValue } from './sql/index.js';
 import { IEncryptionService, DecryptCapabilityProof } from './encryption/index.js';
 export { BuildCanonicalDecryptRequestInput, BuildDecryptFactsInput, BuildDecryptInvocationInput, BuiltDecryptInvocation, CanonicalDecryptRequest, CanonicalJson, DECRYPT_ACTION, DECRYPT_FACT_TYPE, DECRYPT_RESULT_TYPE, DEFAULT_ENCRYPTION_ALG, DEFAULT_KEY_VERSION, DecryptEnvelopeOptions, DecryptInvocationFact, DecryptInvocationSigner, DecryptRequestBody, DecryptResponseBody, DecryptTransport, DiscoverNetworkInput, DiscoveredNetwork, DiscoverySource, ENCRYPTION_NETWORK_URN_PREFIX, ENCRYPTION_SERVICE, ENCRYPTION_SERVICE_SHORT, ENVELOPE_VERSION, EncryptToNetworkInput, EncryptToNetworkOptions, EncryptToNetworkResult, EncryptionCrypto, EncryptionError, EncryptionErrorInput, EncryptionService, EncryptionServiceConfig, InlineEncryptedEnvelope, Json, NETWORK_NAME_PATTERN, NetworkDescriptor, NetworkIdError, NodeDescriptorFetcher, ParsedNetworkId, RandomReceiverKeyInput, ReceiverKeyPair, ReceiverKeySigner, SignedReceiverKeyInput, VerifyDecryptResponseInput, WellKnownDescriptorFetcher, base64Decode, base64Encode, buildCanonicalDecryptRequest, buildDecryptAttenuation, buildDecryptFacts, buildDecryptInvocation, buildNetworkId, canonicalHashHex, canonicalSignedResponse, canonicalize as canonicalizeEncryptionJson, checkDecryptInvocationInput, decryptEnvelopeWithKey, deriveSignedReceiverKey, discoverNetwork, encryptToNetwork, encryptionError, ensureNetworkUsableForDecrypt, generateRandomReceiverKey, hexDecode, hexEncode, isNetworkId, networkDiscoveryKey, openWrappedKey, parseNetworkId, utf8Decode, utf8Encode, validateEnvelope, verifyDecryptResponse } from './encryption/index.js';

package/dist/index.js

@@ -793,6 +793,18 @@ var PrefixedKVService = class _PrefixedKVService {
     const fullKey = this.getFullKey(key);
     return this._kv.put(fullKey, value, { ...options, prefix: "" });
   }
+  /**
+   * Store multiple values within this prefix in one TinyCloud KV invocation.
+   */
+  async batchPut(items, options) {
+    return this._kv.batchPut(
+      items.map((item) => ({
+        ...item,
+        key: this.getFullKey(item.key)
+      })),
+      { ...options, prefix: "" }
+    );
+  }
   /**
    * List keys within this prefix.
    */
@@ -846,6 +858,12 @@ var KVAction = {
 };
 
 // src/kv/KVService.ts
+function encodeKvBatchPartName(path) {
+  return encodeURIComponent(path).replace(
+    /[!'()*]/g,
+    (char) => `%${char.charCodeAt(0).toString(16).toUpperCase()}`
+  );
+}
 var KVService = class extends BaseService {
   /**
    * Create a new KVService instance.
@@ -954,6 +972,53 @@ var KVService = class extends BaseService {
       signal: this.combineSignals(signal)
     });
   }
+  serializeBatchPutValue(item) {
+    const contentType = item.contentType;
+    if (item.value instanceof Blob) {
+      if (!contentType || item.value.type === contentType) {
+        return item.value;
+      }
+      return new Blob([item.value], { type: contentType });
+    }
+    if (item.value instanceof ArrayBuffer) {
+      return new Blob([item.value], {
+        type: contentType ?? "application/octet-stream"
+      });
+    }
+    if (ArrayBuffer.isView(item.value)) {
+      const value = item.value;
+      const bytes = new Uint8Array(value.byteLength);
+      bytes.set(new Uint8Array(value.buffer, value.byteOffset, value.byteLength));
+      return new Blob([bytes], {
+        type: contentType ?? "application/octet-stream"
+      });
+    }
+    if (typeof item.value === "string") {
+      return new Blob([item.value], {
+        type: contentType ?? "text/plain;charset=UTF-8"
+      });
+    }
+    const json = JSON.stringify(item.value);
+    if (json === void 0) {
+      throw new Error(`Cannot JSON serialize KV batch value for key "${item.key}"`);
+    }
+    return new Blob([json], {
+      type: contentType ?? "application/json"
+    });
+  }
+  normalizeBatchPutResponse(data) {
+    if (!data || typeof data !== "object") {
+      return void 0;
+    }
+    const response = data;
+    if (!Array.isArray(response.written) || !response.written.every((key) => typeof key === "string") || typeof response.count !== "number") {
+      return void 0;
+    }
+    return {
+      written: response.written,
+      count: response.count
+    };
+  }
   /**
    * Create KVResponseHeaders from fetch response headers.
    *
@@ -1155,6 +1220,107 @@ var KVService = class extends BaseService {
       }
     });
   }
+  /**
+   * Store multiple values in one TinyCloud KV invocation.
+   */
+  async batchPut(items, options) {
+    return this.withTelemetry("batchPut", String(items.length), async () => {
+      if (!this.requireAuth()) {
+        return err(authRequiredError("kv"));
+      }
+      if (items.length === 0) {
+        return ok({ written: [], count: 0 });
+      }
+      if (!this.context.invokeAny) {
+        return err(
+          serviceError(
+            ErrorCodes.INVALID_INPUT,
+            "KV batchPut requires SDK runtime support for multi-resource invocations",
+            "kv"
+          )
+        );
+      }
+      const session = this.context.session;
+      const paths = items.map((item) => this.getFullPath(item.key, options?.prefix));
+      const seen = /* @__PURE__ */ new Set();
+      for (const path of paths) {
+        if (seen.has(path)) {
+          return err(
+            serviceError(
+              ErrorCodes.INVALID_INPUT,
+              `KV batchPut received duplicate key after prefix resolution: ${path}`,
+              "kv"
+            )
+          );
+        }
+        seen.add(path);
+      }
+      try {
+        const body = new FormData();
+        for (let index = 0; index < items.length; index++) {
+          body.append(
+            encodeKvBatchPartName(paths[index]),
+            this.serializeBatchPutValue(items[index])
+          );
+        }
+        const headers = this.context.invokeAny(
+          session,
+          paths.map((path) => ({
+            spaceId: session.spaceId,
+            service: "kv",
+            path,
+            action: KVAction.PUT
+          }))
+        );
+        const response = await this.context.fetch(`${this.host}/invoke`, {
+          method: "POST",
+          headers,
+          body,
+          signal: this.combineSignals(options?.signal)
+        });
+        if (!response.ok) {
+          const errorText = await response.text();
+          if (response.status === 401 || response.status === 403) {
+            const { resource, action } = parseAuthError(errorText);
+            return err(authUnauthorizedError("kv", errorText, {
+              status: response.status,
+              ...action && { requiredAction: action },
+              ...resource && { resource }
+            }));
+          }
+          const quotaError = this.handleQuotaErrorResponse(
+            response,
+            errorText,
+            "batch"
+          );
+          if (quotaError) {
+            return quotaError;
+          }
+          return err(
+            serviceError(
+              ErrorCodes.KV_WRITE_FAILED,
+              `Failed to batch put ${items.length} key(s): ${response.status} - ${errorText}`,
+              "kv",
+              { meta: { status: response.status, statusText: response.statusText } }
+            )
+          );
+        }
+        const batchResponse = this.normalizeBatchPutResponse(await response.json());
+        if (!batchResponse || batchResponse.count !== batchResponse.written.length) {
+          return err(
+            serviceError(
+              ErrorCodes.NETWORK_ERROR,
+              "KV batchPut response did not include matching written keys and count",
+              "kv"
+            )
+          );
+        }
+        return ok(batchResponse);
+      } catch (error) {
+        return err(wrapError("kv", error));
+      }
+    });
+  }
   /**
    * List keys with optional prefix filtering.
    */
@@ -4410,6 +4576,7 @@ function canonicalHashHex(sha256, value) {
 // src/encryption/networkId.ts
 var URN_PREFIX = "urn:tinycloud:encryption:";
 var NETWORK_NAME_RE = /^[a-z0-9][a-z0-9-]*$/;
+var PKH_EIP155_DID_RE = /^did:pkh:eip155:(\d+):(0x[a-fA-F0-9]{40})$/;
 var NetworkIdError = class extends Error {
   constructor(message) {
     super(message);
@@ -4476,6 +4643,22 @@ function isNetworkId(networkId) {
     return false;
   }
 }
+function parsePkhOwnerDid(ownerDid) {
+  const match = ownerDid.match(PKH_EIP155_DID_RE);
+  if (!match) return null;
+  return {
+    chainId: match[1],
+    address: match[2].toLowerCase()
+  };
+}
+function ownerDidMatches(a, b) {
+  const aPkh = parsePkhOwnerDid(a);
+  const bPkh = parsePkhOwnerDid(b);
+  if (aPkh && bPkh) {
+    return aPkh.chainId === bPkh.chainId && aPkh.address === bPkh.address;
+  }
+  return a === b;
+}
 function networkDiscoveryKey(name) {
   if (!NETWORK_NAME_RE.test(name)) {
     throw new NetworkIdError(
@@ -4611,7 +4794,19 @@ async function discoverNetwork(input) {
   };
 }
 function validateDescriptor(descriptor, networkId, ownerDid, name) {
-  if (descriptor.networkId !== networkId) {
+  let descriptorNetwork;
+  try {
+    descriptorNetwork = parseNetworkId(descriptor.networkId);
+  } catch (err3) {
+    return {
+      ok: false,
+      error: encryptionError({
+        code: "INVALID_NETWORK_ID",
+        message: `descriptor networkId is malformed: ${err3 instanceof Error ? err3.message : String(err3)}`
+      })
+    };
+  }
+  if (descriptorNetwork.name !== name || !ownerDidMatches(descriptorNetwork.ownerDid, ownerDid)) {
     return {
       ok: false,
       error: encryptionError({
@@ -4620,7 +4815,8 @@ function validateDescriptor(descriptor, networkId, ownerDid, name) {
       })
     };
   }
-  if (descriptor.ownerDid !== ownerDid) {
+  const descriptorOwnerDid = descriptorOwner(descriptor);
+  if (descriptorOwnerDid === void 0 || !ownerDidMatches(descriptorOwnerDid, ownerDid) || !ownerDidMatches(descriptorOwnerDid, descriptorNetwork.ownerDid)) {
     return {
       ok: false,
       error: encryptionError({
@@ -4647,7 +4843,20 @@ function validateDescriptor(descriptor, networkId, ownerDid, name) {
       })
     };
   }
-  return { ok: true, data: descriptor };
+  return {
+    ok: true,
+    data: {
+      ...descriptor,
+      ownerDid: descriptorOwnerDid
+    }
+  };
+}
+function descriptorOwner(descriptor) {
+  if (typeof descriptor.ownerDid === "string" && descriptor.ownerDid.length > 0) {
+    return descriptor.ownerDid;
+  }
+  const legacyDescriptor = descriptor;
+  return typeof legacyDescriptor.principal === "string" && legacyDescriptor.principal.length > 0 ? legacyDescriptor.principal : void 0;
 }
 function ensureNetworkUsableForDecrypt(descriptor) {
   if (descriptor.state === "active" || descriptor.state === "rotating") {