@viewportai/daemon 0.5.2 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/commands.d.ts +1 -0
- package/dist/cli/commands.d.ts.map +1 -1
- package/dist/cli/commands.js +1 -0
- package/dist/cli/commands.js.map +1 -1
- package/dist/cli/context-access-command.d.ts +0 -6
- package/dist/cli/context-access-command.d.ts.map +1 -1
- package/dist/cli/context-access-command.js +1 -71
- package/dist/cli/context-access-command.js.map +1 -1
- package/dist/cli/context-command.d.ts.map +1 -1
- package/dist/cli/context-command.js +593 -27
- package/dist/cli/context-command.js.map +1 -1
- package/dist/cli/context-sync-target.d.ts +2 -1
- package/dist/cli/context-sync-target.d.ts.map +1 -1
- package/dist/cli/context-sync-target.js +28 -0
- package/dist/cli/context-sync-target.js.map +1 -1
- package/dist/cli/context-vault-metadata-command.d.ts.map +1 -1
- package/dist/cli/context-vault-metadata-command.js +6 -1
- package/dist/cli/context-vault-metadata-command.js.map +1 -1
- package/dist/cli/lifecycle-commands.d.ts.map +1 -1
- package/dist/cli/lifecycle-commands.js +6 -6
- package/dist/cli/lifecycle-commands.js.map +1 -1
- package/dist/cli/unlock-command.d.ts +2 -0
- package/dist/cli/unlock-command.d.ts.map +1 -0
- package/dist/cli/unlock-command.js +35 -0
- package/dist/cli/unlock-command.js.map +1 -0
- package/dist/context/local-edge-store.d.ts +23 -1
- package/dist/context/local-edge-store.d.ts.map +1 -1
- package/dist/context/local-edge-store.js +51 -0
- package/dist/context/local-edge-store.js.map +1 -1
- package/dist/context/local-edge-sync.d.ts +63 -0
- package/dist/context/local-edge-sync.d.ts.map +1 -1
- package/dist/context/local-edge-sync.js +464 -4
- package/dist/context/local-edge-sync.js.map +1 -1
- package/dist/context/local-edge-types.d.ts +21 -0
- package/dist/context/local-edge-types.d.ts.map +1 -1
- package/dist/hooks/platform-plan-sync.d.ts +4 -1
- package/dist/hooks/platform-plan-sync.d.ts.map +1 -1
- package/dist/hooks/platform-plan-sync.js +20 -5
- package/dist/hooks/platform-plan-sync.js.map +1 -1
- package/dist/hooks/trusted-edge-plan-artifacts.d.ts +117 -0
- package/dist/hooks/trusted-edge-plan-artifacts.d.ts.map +1 -0
- package/dist/hooks/trusted-edge-plan-artifacts.js +371 -0
- package/dist/hooks/trusted-edge-plan-artifacts.js.map +1 -0
- package/dist/index.d.ts +1 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +3 -1
- package/dist/index.js.map +1 -1
- package/dist/relay/bridge-token-issuer.d.ts +1 -0
- package/dist/relay/bridge-token-issuer.d.ts.map +1 -1
- package/dist/relay/bridge-token-issuer.js +1 -1
- package/dist/relay/bridge-token-issuer.js.map +1 -1
- package/dist/security/epoch-enrollment.d.ts +48 -0
- package/dist/security/epoch-enrollment.d.ts.map +1 -0
- package/dist/security/epoch-enrollment.js +290 -0
- package/dist/security/epoch-enrollment.js.map +1 -0
- package/dist/security/epoch-protocol.d.ts +181 -0
- package/dist/security/epoch-protocol.d.ts.map +1 -0
- package/dist/security/epoch-protocol.js +285 -0
- package/dist/security/epoch-protocol.js.map +1 -0
- package/dist/security/epoch-public-pins.d.ts +19 -0
- package/dist/security/epoch-public-pins.d.ts.map +1 -0
- package/dist/security/epoch-public-pins.js +129 -0
- package/dist/security/epoch-public-pins.js.map +1 -0
- package/dist/security/epoch-recovery.d.ts +56 -0
- package/dist/security/epoch-recovery.d.ts.map +1 -0
- package/dist/security/epoch-recovery.js +314 -0
- package/dist/security/epoch-recovery.js.map +1 -0
- package/dist/security/epoch-store.d.ts +111 -0
- package/dist/security/epoch-store.d.ts.map +1 -0
- package/dist/security/epoch-store.js +224 -0
- package/dist/security/epoch-store.js.map +1 -0
- package/dist/security/epoch-sync.d.ts +47 -0
- package/dist/security/epoch-sync.d.ts.map +1 -0
- package/dist/security/epoch-sync.js +371 -0
- package/dist/security/epoch-sync.js.map +1 -0
- package/dist/security/team-epoch-grants.d.ts +28 -0
- package/dist/security/team-epoch-grants.d.ts.map +1 -0
- package/dist/security/team-epoch-grants.js +256 -0
- package/dist/security/team-epoch-grants.js.map +1 -0
- package/dist/server/context-preview-service.d.ts +26 -0
- package/dist/server/context-preview-service.d.ts.map +1 -0
- package/dist/server/context-preview-service.js +71 -0
- package/dist/server/context-preview-service.js.map +1 -0
- package/dist/server/http-context-routes.d.ts +2 -1
- package/dist/server/http-context-routes.d.ts.map +1 -1
- package/dist/server/http-context-routes.js +65 -30
- package/dist/server/http-context-routes.js.map +1 -1
- package/dist/server/http-server.js +1 -1
- package/dist/server/http-server.js.map +1 -1
- package/dist/server/rate-limiter.d.ts.map +1 -1
- package/dist/server/rate-limiter.js +6 -1
- package/dist/server/rate-limiter.js.map +1 -1
- package/dist/server/trusted-edge-command-capability.d.ts +14 -0
- package/dist/server/trusted-edge-command-capability.d.ts.map +1 -0
- package/dist/server/trusted-edge-command-capability.js +114 -0
- package/dist/server/trusted-edge-command-capability.js.map +1 -0
- package/dist/server/ws-command-handlers.d.ts.map +1 -1
- package/dist/server/ws-command-handlers.js +231 -27
- package/dist/server/ws-command-handlers.js.map +1 -1
- package/dist/server/ws-protocol.d.ts +419 -5
- package/dist/server/ws-protocol.d.ts.map +1 -1
- package/dist/server/ws-protocol.js +141 -4
- package/dist/server/ws-protocol.js.map +1 -1
- package/docs/protocol-matrix.json +93 -5
- package/node_modules/@viewportai/context-engine/src/repo/materializer.js +20 -5
- package/node_modules/@viewportai/context-engine/src/repo/membership.js +15 -0
- package/node_modules/@viewportai/context-engine/src/repo/sync.js +4 -4
- package/node_modules/@viewportai/context-engine/src/repo/vault.js +8 -3
- package/package.json +1 -1
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"epoch-sync.js","sourceRoot":"","sources":["../../src/security/epoch-sync.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAsB,MAAM,mBAAmB,CAAC;AACvE,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EACL,+BAA+B,EAC/B,+BAA+B,EAC/B,uBAAuB,EACvB,uBAAuB,EACvB,oBAAoB,EACpB,oBAAoB,GAGrB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,sBAAsB,EACtB,mBAAmB,EACnB,mCAAmC,EACnC,oCAAoC,GAGrC,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAC;AAWnE,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,OAI3C;IACC,MAAM,QAAQ,GAAG,MAAM,uBAAuB,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;IACzF,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAE9B,MAAM,QAAQ,GAAG,+BAA+B,CAAC;QAC/C,WAAW,EAAE,OAAO,CAAC,MAAM,CAAC,WAAW;QACvC,KAAK,EAAE,CAAC;KACT,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAC5B,OAAO,CAAC,SAAS,IAAI,cAAc,EACnC,GAAG,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,2BAA2B,kBAAkB,CAC1F,OAAO,CAAC,MAAM,CAAC,WAAW,CAC3B,qBAAqB,EACtB;QACE,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU;QACrC,KAAK,EAAE,CAAC;QACR,yBAAyB,EAAE,QAAQ,CAAC,UAAU,CAAC,sBAAsB;QACrE,sBAAsB,EAAE,QAAQ,CAAC,UAAU,CAAC,mBAAmB;KAChE,EACD,OAAO,CAAC,MAAM,CACf,CAAC;IACF,MAAM,IAAI,GAAG,WAAW,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAE1C,OAAO,oBAAoB,CACzB;QACE,WAAW,EAAE,WAAW,CAAC,IAAI,EAAE,cAAc,CAAC;QAC9C,MAAM,EAAE,MAAM,CAAC,mBAAmB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QACpD,eAAe,EAAE,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC;QACxC,KAAK,EAAE,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC;QACjC,MAAM,EAAE,+BAA+B;QACvC,MAAM,EAAE,QAAQ;QAChB,sBAAsB,EAAE,WAAW,CAAC,IAAI,EAAE,2BAA2B,CAAc;QACnF,uBAAuB,EAAE,QAAQ,CAAC,uBAAuB;QACzD,mBAAmB,EAAE,WAAW,CAAC,IAAI,EAAE,wBAAwB,CAAc;QAC7E,oBAAoB,EAAE,QAAQ,CAAC,oBAAoB;QACnD,WAAW,EAAE,WAAW,CAAC,IAAI,EAAE,aAAa,CAAC;QAC7C,wBAAwB,EACtB,OAAO,IAAI,CAAC,0BAA0B,KAAK,QAAQ;YACjD,CAAC,CAAC,IAAI,CAAC,0BAA0B;YACjC,CAAC,CAAC,IAAI;KACX,EACD,OAAO,CAAC,IAAI,IAAI,SAAS,EAAE,CAC5B,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,OAK3C;IACC,MAAM,QAAQ,GAAG,MAAM,uBAAuB,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;IACzF,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;IAC1F,CAAC;IAED,MAAM,QAAQ,GAAG,+BAA+B,CAAC;QAC/C,WAAW,EAAE,OAAO,CAAC,MAAM,CAAC,WAAW;QACvC,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,KAAK,EAAE,QAAQ,CAAC,KAAK,GAAG,CAAC;QACzB,wBAAwB,EAAE,QAAQ,CAAC,WAAW;KAC/C,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,MAAM,UAAU,GAAG,mBAAmB,CAAC;QACrC,OAAO,EAAE,sBAAsB,CAAC;YAC9B,IAAI,EAAE;gBACJ,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,WAAW,EAAE,QAAQ,CAAC,WAAW;gBACjC,WAAW,EAAE,MAAM;gBACnB,SAAS,EAAE,QAAQ,CAAC,MAAM;gBAC1B,KAAK,EAAE,QAAQ,CAAC,KAAK;gBACrB,sBAAsB,EAAE,QAAQ,CAAC,sBAAsB;gBACvD,mBAAmB,EAAE,QAAQ,CAAC,mBAAmB;gBACjD,wBAAwB,EAAE,QAAQ,CAAC,wBAAwB,IAAI,IAAI;gBACnE,SAAS,EAAE,QAAQ,CAAC,SAAS;aAC9B;YACD,EAAE,EAAE,QAAQ,CAAC,UAAU;YACvB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,SAAS;SACV,CAAC;QACF,oBAAoB,EAAE,QAAQ,CAAC,oBAAoB;QACnD,wBAAwB,EAAE,QAAQ,CAAC,WAAW;KAC/C,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAC5B,OAAO,CAAC,SAAS,IAAI,cAAc,EACnC,GAAG,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,2BAA2B,kBAAkB,CAC1F,OAAO,CAAC,MAAM,CAAC,WAAW,CAC3B,qBAAqB,EACtB;QACE,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU;QACrC,KAAK,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK;QAChC,yBAAyB,EAAE,QAAQ,CAAC,UAAU,CAAC,sBAAsB;QACrE,sBAAsB,EAAE,QAAQ,CAAC,UAAU,CAAC,mBAAmB;QAC/D,0BAA0B,EAAE,QAAQ,CAAC,WAAW;QAChD,UAAU,EAAE;YACV,OAAO,EAAE,UAAU,CAAC,OAAO;YAC3B,SAAS,EAAE,UAAU,CAAC,SAAS;YAC/B,2BAA2B,EAAE,UAAU,CAAC,wBAAwB;SACjE;KACF,EACD,OAAO,CAAC,MAAM,CACf,CAAC;IACF,MAAM,IAAI,GAAG,WAAW,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAE1C,OAAO,oBAAoB,CACzB;QACE,WAAW,EAAE,WAAW,CAAC,IAAI,EAAE,cAAc,CAAC;QAC9C,MAAM,EAAE,MAAM,CAAC,mBAAmB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QACpD,eAAe,EAAE,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC;QACxC,KAAK,EAAE,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC;QACjC,MAAM,EAAE,+BAA+B;QACvC,MAAM,EAAE,QAAQ;QAChB,sBAAsB,EAAE,WAAW,CAAC,IAAI,EAAE,2BAA2B,CAAc;QACnF,uBAAuB,EAAE,QAAQ,CAAC,uBAAuB;QACzD,mBAAmB,EAAE,WAAW,CAAC,IAAI,EAAE,wBAAwB,CAAc;QAC7E,oBAAoB,EAAE,QAAQ,CAAC,oBAAoB;QACnD,WAAW,EAAE,WAAW,CAAC,IAAI,EAAE,aAAa,CAAC;QAC7C,wBAAwB,EACtB,OAAO,IAAI,CAAC,0BAA0B,KAAK,QAAQ;YACjD,CAAC,CAAC,IAAI,CAAC,0BAA0B;YACjC,CAAC,CAAC,IAAI;KACX,EACD,OAAO,CAAC,IAAI,IAAI,SAAS,EAAE,CAC5B,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,OAK3C;IACC,MAAM,QAAQ,GAAG,MAAM,uBAAuB,CAC5C,OAAO,CAAC,MAAM,CAAC,WAAW,EAC1B,OAAO,CAAC,MAAM,EACd,OAAO,CAAC,IAAI,CACb,CAAC;IACF,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAE9B,MAAM,QAAQ,GAAG,+BAA+B,CAAC;QAC/C,WAAW,EAAE,OAAO,CAAC,MAAM,CAAC,WAAW;QACvC,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,KAAK,EAAE,CAAC;KACT,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAC5B,OAAO,CAAC,SAAS,IAAI,cAAc,EACnC,GAAG,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,2BAA2B,kBAAkB,CAC1F,OAAO,CAAC,MAAM,CAAC,WAAW,CAC3B,iBAAiB,kBAAkB,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,EAC7D;QACE,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU;QACrC,KAAK,EAAE,CAAC;QACR,yBAAyB,EAAE,QAAQ,CAAC,UAAU,CAAC,sBAAsB;QACrE,sBAAsB,EAAE,QAAQ,CAAC,UAAU,CAAC,mBAAmB;KAChE,EACD,OAAO,CAAC,MAAM,CACf,CAAC;IACF,MAAM,IAAI,GAAG,WAAW,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAE1C,OAAO,oBAAoB,CACzB;QACE,WAAW,EAAE,WAAW,CAAC,IAAI,EAAE,cAAc,CAAC;QAC9C,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,cAAc,EAAE,MAAM,CAAC,mBAAmB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAC5D,eAAe,EAAE,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC;QACxC,KAAK,EAAE,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC;QACjC,MAAM,EAAE,+BAA+B;QACvC,MAAM,EAAE,QAAQ;QAChB,sBAAsB,EAAE,WAAW,CAAC,IAAI,EAAE,2BAA2B,CAAc;QACnF,uBAAuB,EAAE,QAAQ,CAAC,uBAAuB;QACzD,mBAAmB,EAAE,WAAW,CAAC,IAAI,EAAE,wBAAwB,CAAc;QAC7E,oBAAoB,EAAE,QAAQ,CAAC,oBAAoB;QACnD,WAAW,EAAE,WAAW,CAAC,IAAI,EAAE,aAAa,CAAC;QAC7C,wBAAwB,EACtB,OAAO,IAAI,CAAC,0BAA0B,KAAK,QAAQ;YACjD,CAAC,CAAC,IAAI,CAAC,0BAA0B;YACjC,CAAC,CAAC,IAAI;KACX,EACD,OAAO,CAAC,IAAI,IAAI,SAAS,EAAE,CAC5B,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,OAM3C;IACC,MAAM,QAAQ,GAAG,MAAM,uBAAuB,CAC5C,OAAO,CAAC,MAAM,CAAC,WAAW,EAC1B,OAAO,CAAC,MAAM,EACd,OAAO,CAAC,IAAI,CACb,CAAC;IACF,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;IAC/F,CAAC;IAED,MAAM,QAAQ,GAAG,+BAA+B,CAAC;QAC/C,WAAW,EAAE,OAAO,CAAC,MAAM,CAAC,WAAW;QACvC,MAAM,EAAE,QAAQ,CAAC,cAAc,IAAI,QAAQ,CAAC,MAAM;QAClD,KAAK,EAAE,QAAQ,CAAC,KAAK,GAAG,CAAC;QACzB,wBAAwB,EAAE,QAAQ,CAAC,WAAW;KAC/C,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,MAAM,UAAU,GAAG,mBAAmB,CAAC;QACrC,OAAO,EAAE,sBAAsB,CAAC;YAC9B,IAAI,EAAE;gBACJ,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,WAAW,EAAE,QAAQ,CAAC,WAAW;gBACjC,WAAW,EAAE,MAAM;gBACnB,SAAS,EAAE,QAAQ,CAAC,cAAc,IAAI,QAAQ,CAAC,MAAM;gBACrD,KAAK,EAAE,QAAQ,CAAC,KAAK;gBACrB,sBAAsB,EAAE,QAAQ,CAAC,sBAAsB;gBACvD,mBAAmB,EAAE,QAAQ,CAAC,mBAAmB;gBACjD,wBAAwB,EAAE,QAAQ,CAAC,wBAAwB,IAAI,IAAI;gBACnE,SAAS,EAAE,QAAQ,CAAC,SAAS;aAC9B;YACD,EAAE,EAAE,QAAQ,CAAC,UAAU;YACvB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,SAAS;SACV,CAAC;QACF,oBAAoB,EAAE,QAAQ,CAAC,oBAAoB;QACnD,wBAAwB,EAAE,QAAQ,CAAC,WAAW;KAC/C,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAC5B,OAAO,CAAC,SAAS,IAAI,cAAc,EACnC,GAAG,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,2BAA2B,kBAAkB,CAC1F,OAAO,CAAC,MAAM,CAAC,WAAW,CAC3B,iBAAiB,kBAAkB,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,EAC7D;QACE,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU;QACrC,KAAK,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK;QAChC,yBAAyB,EAAE,QAAQ,CAAC,UAAU,CAAC,sBAAsB;QACrE,sBAAsB,EAAE,QAAQ,CAAC,UAAU,CAAC,mBAAmB;QAC/D,0BAA0B,EAAE,QAAQ,CAAC,WAAW;QAChD,UAAU,EAAE;YACV,OAAO,EAAE,UAAU,CAAC,OAAO;YAC3B,SAAS,EAAE,UAAU,CAAC,SAAS;YAC/B,2BAA2B,EAAE,UAAU,CAAC,wBAAwB;SACjE;KACF,EACD,OAAO,CAAC,MAAM,CACf,CAAC;IACF,MAAM,IAAI,GAAG,WAAW,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAE1C,OAAO,oBAAoB,CACzB;QACE,WAAW,EAAE,WAAW,CAAC,IAAI,EAAE,cAAc,CAAC;QAC9C,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,cAAc,EAAE,MAAM,CAAC,mBAAmB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAC5D,eAAe,EAAE,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC;QACxC,KAAK,EAAE,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC;QACjC,MAAM,EAAE,+BAA+B;QACvC,MAAM,EAAE,QAAQ;QAChB,sBAAsB,EAAE,WAAW,CAAC,IAAI,EAAE,2BAA2B,CAAc;QACnF,uBAAuB,EAAE,QAAQ,CAAC,uBAAuB;QACzD,mBAAmB,EAAE,WAAW,CAAC,IAAI,EAAE,wBAAwB,CAAc;QAC7E,oBAAoB,EAAE,QAAQ,CAAC,oBAAoB;QACnD,WAAW,EAAE,WAAW,CAAC,IAAI,EAAE,aAAa,CAAC;QAC7C,wBAAwB,EACtB,OAAO,IAAI,CAAC,0BAA0B,KAAK,QAAQ;YACjD,CAAC,CAAC,IAAI,CAAC,0BAA0B;YACjC,CAAC,CAAC,IAAI;KACX,EACD,OAAO,CAAC,IAAI,IAAI,SAAS,EAAE,CAC5B,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oCAAoC,CAAC,OAI1D;IAOC,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,cAAc,CAAC;IACtD,MAAM,QAAQ,GAAG,MAAM,OAAO,CAC5B,SAAS,EACT,GAAG,cAAc,CAAC,OAAO,CAAC,MAAM,CAAC,2BAA2B,EAC5D,OAAO,CAAC,MAAM,CACf,CAAC;IACF,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC;IAC1F,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,IAAI,gBAAgB,GAAG,CAAC,CAAC;IACzB,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,OAAO,CAAC,YAAY,KAAK,MAAM,EAAE,CAAC;YACpC,MAAM,qBAAqB,CAAC;gBAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,MAAM,EAAE,cAAc,CAAC,OAAO,CAAC,MAAM,CAAC;gBACtC,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,SAAS;aACV,CAAC,CAAC;YACH,aAAa,EAAE,CAAC;YAChB,SAAS;QACX,CAAC;QAED,IAAI,OAAO,CAAC,YAAY,KAAK,MAAM,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;YAC9D,MAAM,OAAO,GAAG,MAAM,qBAAqB,CAAC;gBAC1C,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,MAAM,EAAE,OAAO,CAAC,cAAc;gBAC9B,MAAM,EAAE,cAAc,CAAC,OAAO,CAAC,MAAM,CAAC;gBACtC,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,SAAS;aACV,CAAC,CAAC;YACH,aAAa,EAAE,CAAC;YAChB,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAC;gBAC7B,OAAO,EAAE,CAAC;gBACV,SAAS;YACX,CAAC;YACD,KAAK,MAAM,gBAAgB,IAAI,OAAO,CAAC,+BAA+B,EAAE,CAAC;gBACvE,MAAM,yBAAyB,CAAC;oBAC9B,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,iBAAiB,EAAE,OAAO,CAAC,eAAe;oBAC1C,0BAA0B,EAAE,gBAAgB;oBAC5C,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,SAAS;iBACV,CAAC,CAAC;gBACH,gBAAgB,EAAE,CAAC;YACrB,CAAC;YACD,SAAS;QACX,CAAC;QAED,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO;QACL,SAAS,EAAE,aAAa,GAAG,aAAa;QACxC,aAAa;QACb,aAAa;QACb,gBAAgB;QAChB,OAAO;KACR,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,MAA6B;IACnD,OAAO,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,2BAA2B,kBAAkB,CACzF,MAAM,CAAC,WAAW,CACnB,EAAE,CAAC;AACN,CAAC;AAED,KAAK,UAAU,OAAO,CACpB,SAAgC,EAChC,GAAW,EACX,gBAAuC;IAEvC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAChC,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,gBAAgB,CAAC,UAAU,CAAC,CAAC;IACvE,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,UAAU,CAAC,QAAQ,EAAE,EAAE;QACtD,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,wBAAwB,EAAE;QACnC,SAAS,EAAE,KAAK;QAChB,SAAS,EAAE,gBAAgB,CAAC,SAAS;QACrC,UAAU,EAAE,gBAAgB,CAAC,UAAU;QACvC,OAAO,EAAE,gBAAgB,CAAC,OAAO;KAClC,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IACxD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,OAAO,GACX,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,SAAS,IAAI,OAAO;YAC5D,CAAC,CAAC,MAAM,CAAE,OAAiC,CAAC,OAAO,CAAC;YACpD,CAAC,CAAC,GAAG,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CAAC,gCAAgC,OAAO,EAAE,CAAC,CAAC;IAC7D,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,sBAAsB,CAAC,KAAc;IAQ5C,MAAM,IAAI,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;IAChC,MAAM,WAAW,GAAG,WAAW,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IACtD,IAAI,WAAW,KAAK,MAAM,IAAI,WAAW,KAAK,MAAM,EAAE,CAAC;QACrD,MAAM,IAAI,KAAK,CAAC,wCAAwC,WAAW,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,MAAM,UAAU,GAAG,IAAI,CAAC,+BAA+B,CAAC;IACxD,OAAO;QACL,EAAE,EAAE,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC;QAC3B,YAAY,EAAE,WAAW;QACzB,UAAU,EAAE,WAAW,CAAC,IAAI,EAAE,YAAY,CAAC;QAC3C,cAAc,EAAE,OAAO,IAAI,CAAC,cAAc,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI;QACpF,MAAM,EAAE,WAAW,CAAC,IAAI,EAAE,QAAQ,CAAC;QACnC,+BAA+B,EAAE,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC;YACxD,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACxC,CAAC,CAAC,EAAE;KACP,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,KAAa;IACnC,IACE,KAAK,KAAK,gBAAgB;QAC1B,KAAK,KAAK,cAAc;QACxB,KAAK,KAAK,gBAAgB;QAC1B,KAAK,KAAK,iBAAiB;QAC3B,KAAK,KAAK,UAAU,EACpB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,iBAAiB,CAAC;AAC3B,CAAC;AAED,KAAK,UAAU,QAAQ,CACrB,SAAgC,EAChC,GAAW,EACX,IAA6B,EAC7B,mBAII,EAAE;IAEN,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE;QACpC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,wBAAwB,CAAC,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC;QACzE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;QAC1B,SAAS,EAAE,KAAK;QAChB,SAAS,EAAE,gBAAgB,CAAC,SAAS;QACrC,UAAU,EAAE,gBAAgB,CAAC,UAAU;QACvC,OAAO,EAAE,gBAAgB,CAAC,OAAO;KAClC,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IACxD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,OAAO,GACX,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,SAAS,IAAI,OAAO;YAC5D,CAAC,CAAC,MAAM,CAAE,OAAiC,CAAC,OAAO,CAAC;YACpD,CAAC,CAAC,GAAG,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CAAC,6BAA6B,OAAO,EAAE,CAAC,CAAC;IAC1D,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,wBAAwB,CAAC,QAAgC,EAAE;IAClE,OAAO;QACL,MAAM,EAAE,kBAAkB;QAC1B,CAAC,mCAAmC,CAAC,EAAE,oCAAoC;QAC3E,GAAG,KAAK;KACT,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,KAAc,EAAE,KAAa;IAChD,MAAM,MAAM,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;IAClC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC5B,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,yCAAyC,KAAK,EAAE,CAAC,CAAC;IACpE,CAAC;IACD,OAAO,KAAgC,CAAC;AAC1C,CAAC;AAED,SAAS,WAAW,CAAC,KAAc;IACjC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC/C,CAAC;IACD,OAAO,KAAgC,CAAC;AAC1C,CAAC;AAED,SAAS,UAAU,CAAC,KAAc,EAAE,KAAa;IAC/C,MAAM,MAAM,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;IAClC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC5B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,yCAAyC,KAAK,SAAS,CAAC,CAAC;IAC3E,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,WAAW,CAAC,KAA8B,EAAE,KAAa;IAChE,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC;IAC3B,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,yCAAyC,KAAK,EAAE,CAAC,CAAC;IACpE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,WAAW,CAAC,KAA8B,EAAE,KAAa;IAChE,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC;IAC3B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,iDAAiD,KAAK,EAAE,CAAC,CAAC;IAC5E,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,mBAAmB,CAAC,KAA8B,EAAE,KAAa;IACxE,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC;IAC3B,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,yCAAyC,KAAK,EAAE,CAAC,CAAC;IACpE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
import { transportFetch } from '../cli/network.js';
|
|
2
|
+
import { type LocalTeamCryptoEpoch } from './epoch-store.js';
|
|
3
|
+
import { type JsonValue, type WrappedKeyEnvelope } from './epoch-protocol.js';
|
|
4
|
+
import type { CryptoEpochSyncTarget } from './epoch-sync.js';
|
|
5
|
+
interface TeamMemberGrantPayload {
|
|
6
|
+
id: string;
|
|
7
|
+
team_crypto_epoch_id: string;
|
|
8
|
+
recipient_user_crypto_epoch_id: string;
|
|
9
|
+
aad: JsonValue;
|
|
10
|
+
encrypted_payload: WrappedKeyEnvelope;
|
|
11
|
+
}
|
|
12
|
+
export declare function grantTeamEpochToUserEpoch(options: {
|
|
13
|
+
target: CryptoEpochSyncTarget;
|
|
14
|
+
teamCryptoEpochId: string;
|
|
15
|
+
recipientUserCryptoEpochId: string;
|
|
16
|
+
home?: string;
|
|
17
|
+
fetchImpl?: typeof transportFetch;
|
|
18
|
+
}): Promise<TeamMemberGrantPayload>;
|
|
19
|
+
export declare function acceptTeamEpochMemberGrants(options: {
|
|
20
|
+
target: CryptoEpochSyncTarget;
|
|
21
|
+
home?: string;
|
|
22
|
+
fetchImpl?: typeof transportFetch;
|
|
23
|
+
}): Promise<{
|
|
24
|
+
accepted: number;
|
|
25
|
+
teamEpochs: LocalTeamCryptoEpoch[];
|
|
26
|
+
}>;
|
|
27
|
+
export {};
|
|
28
|
+
//# sourceMappingURL=team-epoch-grants.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"team-epoch-grants.d.ts","sourceRoot":"","sources":["../../src/security/team-epoch-grants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAsB,MAAM,mBAAmB,CAAC;AAEvE,OAAO,EAIL,KAAK,oBAAoB,EAC1B,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAOL,KAAK,SAAS,EACd,KAAK,kBAAkB,EACxB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAgB7D,UAAU,sBAAsB;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,oBAAoB,EAAE,MAAM,CAAC;IAC7B,8BAA8B,EAAE,MAAM,CAAC;IACvC,GAAG,EAAE,SAAS,CAAC;IACf,iBAAiB,EAAE,kBAAkB,CAAC;CACvC;AAED,wBAAsB,yBAAyB,CAAC,OAAO,EAAE;IACvD,MAAM,EAAE,qBAAqB,CAAC;IAC9B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,0BAA0B,EAAE,MAAM,CAAC;IACnC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,OAAO,cAAc,CAAC;CACnC,GAAG,OAAO,CAAC,sBAAsB,CAAC,CA4ClC;AAED,wBAAsB,2BAA2B,CAAC,OAAO,EAAE;IACzD,MAAM,EAAE,qBAAqB,CAAC;IAC9B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,OAAO,cAAc,CAAC;CACnC,GAAG,OAAO,CAAC;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,oBAAoB,EAAE,CAAA;CAAE,CAAC,CAgEpE"}
|
|
@@ -0,0 +1,256 @@
|
|
|
1
|
+
import { transportFetch } from '../cli/network.js';
|
|
2
|
+
import { configDir } from '../core/config.js';
|
|
3
|
+
import { getLocalTeamEpochByPlatformId, getLocalUserEpochByPlatformId, upsertLocalTeamEpoch, } from './epoch-store.js';
|
|
4
|
+
import { signTeamEpochMemberMaterialization, teamEpochMemberMaterializationPayload, TRUSTED_EDGE_CRYPTO_PROTOCOL_HEADER, TRUSTED_EDGE_CRYPTO_PROTOCOL_VERSION, unwrapJsonFromX25519Envelope, wrapJsonForX25519Recipient, } from './epoch-protocol.js';
|
|
5
|
+
import { validateAndPinPublicEpoch } from './epoch-public-pins.js';
|
|
6
|
+
export async function grantTeamEpochToUserEpoch(options) {
|
|
7
|
+
const teamEpoch = await getLocalTeamEpochByPlatformId(options.target.workspaceId, options.teamCryptoEpochId, options.home);
|
|
8
|
+
if (!teamEpoch?.platformEpochId) {
|
|
9
|
+
throw new Error('Active local team epoch with platform id is required before granting it.');
|
|
10
|
+
}
|
|
11
|
+
const recipient = await fetchPublicUserEpoch(options);
|
|
12
|
+
const aad = teamEpochMemberGrantAad({ teamEpoch, recipient });
|
|
13
|
+
const encryptedPayload = wrapJsonForX25519Recipient({
|
|
14
|
+
recipientPublicKeyJwk: recipient.encryption_public_key_jwk,
|
|
15
|
+
aad,
|
|
16
|
+
payload: {
|
|
17
|
+
schema: 'viewport.team_epoch_member_material/v1',
|
|
18
|
+
workspaceId: teamEpoch.workspaceId,
|
|
19
|
+
teamId: teamEpoch.teamId,
|
|
20
|
+
platformTeamId: teamEpoch.platformTeamId ?? null,
|
|
21
|
+
platformEpochId: teamEpoch.platformEpochId,
|
|
22
|
+
epoch: teamEpoch.epoch,
|
|
23
|
+
fingerprint: teamEpoch.fingerprint,
|
|
24
|
+
encryptionPublicKeyJwk: teamEpoch.encryptionPublicKeyJwk,
|
|
25
|
+
encryptionPrivateKeyJwk: teamEpoch.encryptionPrivateKeyJwk,
|
|
26
|
+
signingPublicKeyJwk: teamEpoch.signingPublicKeyJwk,
|
|
27
|
+
signingPrivateKeyJwk: teamEpoch.signingPrivateKeyJwk,
|
|
28
|
+
previousEpochFingerprint: teamEpoch.previousEpochFingerprint ?? null,
|
|
29
|
+
},
|
|
30
|
+
});
|
|
31
|
+
const response = await postJson(options.fetchImpl ?? transportFetch, `${runtimeBaseUrl(options.target)}/crypto/team-epochs/${encodeURIComponent(options.teamCryptoEpochId)}/member-grants`, {
|
|
32
|
+
credential: options.target.credential,
|
|
33
|
+
recipient_user_crypto_epoch_id: options.recipientUserCryptoEpochId,
|
|
34
|
+
aad,
|
|
35
|
+
encrypted_payload: encryptedPayload,
|
|
36
|
+
}, options.target);
|
|
37
|
+
return teamMemberGrantPayload(objectField(response, 'data'));
|
|
38
|
+
}
|
|
39
|
+
export async function acceptTeamEpochMemberGrants(options) {
|
|
40
|
+
const response = await getJson(options.fetchImpl ?? transportFetch, `${runtimeBaseUrl(options.target)}/crypto/team-epoch-member-grants`, options.target);
|
|
41
|
+
const grants = arrayField(response, 'data').map((item) => teamMemberGrantPayload(item));
|
|
42
|
+
const teamEpochs = [];
|
|
43
|
+
for (const grant of grants) {
|
|
44
|
+
const localUserEpoch = await getLocalUserEpochByPlatformId(options.target.workspaceId, grant.recipient_user_crypto_epoch_id, options.home);
|
|
45
|
+
if (!localUserEpoch)
|
|
46
|
+
continue;
|
|
47
|
+
const payload = unwrapJsonFromX25519Envelope({
|
|
48
|
+
recipientPrivateKeyJwk: localUserEpoch.encryptionPrivateKeyJwk,
|
|
49
|
+
envelope: grant.encrypted_payload,
|
|
50
|
+
aad: grant.aad,
|
|
51
|
+
});
|
|
52
|
+
const material = teamMaterialPayload(payload);
|
|
53
|
+
const teamEpoch = await upsertLocalTeamEpoch({
|
|
54
|
+
workspaceId: material.workspaceId,
|
|
55
|
+
teamId: material.teamId,
|
|
56
|
+
platformTeamId: material.platformTeamId,
|
|
57
|
+
platformEpochId: material.platformEpochId,
|
|
58
|
+
epoch: material.epoch,
|
|
59
|
+
schema: 'viewport.team_crypto_epoch/v1',
|
|
60
|
+
status: 'active',
|
|
61
|
+
encryptionPublicKeyJwk: material.encryptionPublicKeyJwk,
|
|
62
|
+
encryptionPrivateKeyJwk: material.encryptionPrivateKeyJwk,
|
|
63
|
+
signingPublicKeyJwk: material.signingPublicKeyJwk,
|
|
64
|
+
signingPrivateKeyJwk: material.signingPrivateKeyJwk,
|
|
65
|
+
fingerprint: material.fingerprint,
|
|
66
|
+
previousEpochFingerprint: material.previousEpochFingerprint,
|
|
67
|
+
}, options.home ?? configDir());
|
|
68
|
+
await postJson(options.fetchImpl ?? transportFetch, `${runtimeBaseUrl(options.target)}/crypto/team-epoch-member-grants/${encodeURIComponent(grant.id)}/materialized`, {
|
|
69
|
+
credential: options.target.credential,
|
|
70
|
+
receipt: signTeamEpochMemberMaterialization({
|
|
71
|
+
payload: teamEpochMemberMaterializationPayload({
|
|
72
|
+
workspaceId: material.workspaceId,
|
|
73
|
+
grantId: grant.id,
|
|
74
|
+
teamCryptoEpochId: material.platformEpochId,
|
|
75
|
+
teamEpochFingerprint: material.fingerprint,
|
|
76
|
+
recipientUserCryptoEpochId: grant.recipient_user_crypto_epoch_id,
|
|
77
|
+
recipientUserEpochFingerprint: localUserEpoch.fingerprint,
|
|
78
|
+
}),
|
|
79
|
+
signingPrivateKeyJwk: material.signingPrivateKeyJwk,
|
|
80
|
+
signedByTeamEpochFingerprint: material.fingerprint,
|
|
81
|
+
}),
|
|
82
|
+
}, options.target);
|
|
83
|
+
teamEpochs.push(teamEpoch);
|
|
84
|
+
}
|
|
85
|
+
return { accepted: teamEpochs.length, teamEpochs };
|
|
86
|
+
}
|
|
87
|
+
function teamEpochMemberGrantAad(input) {
|
|
88
|
+
return {
|
|
89
|
+
schema: 'viewport.team_epoch_member_grant_aad/v1',
|
|
90
|
+
workspaceId: input.teamEpoch.workspaceId,
|
|
91
|
+
platformTeamId: input.teamEpoch.platformTeamId ?? null,
|
|
92
|
+
teamEpochId: input.teamEpoch.platformEpochId ?? null,
|
|
93
|
+
teamEpochFingerprint: input.teamEpoch.fingerprint,
|
|
94
|
+
recipientUserEpochId: input.recipient.id,
|
|
95
|
+
recipientUserEpochFingerprint: input.recipient.fingerprint,
|
|
96
|
+
};
|
|
97
|
+
}
|
|
98
|
+
async function fetchPublicUserEpoch(options) {
|
|
99
|
+
const response = await getJson(options.fetchImpl ?? transportFetch, `${runtimeBaseUrl(options.target)}/crypto/epochs`, options.target);
|
|
100
|
+
const userEpochs = arrayField(objectField(response, 'data'), 'user_epochs').map((item) => publicUserEpochPayload(item));
|
|
101
|
+
const epoch = userEpochs.find((item) => item.id === options.recipientUserCryptoEpochId);
|
|
102
|
+
if (!epoch)
|
|
103
|
+
throw new Error('Recipient user epoch not found in workspace epoch feed.');
|
|
104
|
+
await validateAndPinPublicEpoch({
|
|
105
|
+
platformEpochId: epoch.id,
|
|
106
|
+
workspaceId: epoch.workspace_id,
|
|
107
|
+
subjectType: 'user',
|
|
108
|
+
subjectId: String(epoch.user_id),
|
|
109
|
+
epoch: epoch.epoch,
|
|
110
|
+
schema: 'viewport.user_crypto_epoch/v1',
|
|
111
|
+
fingerprint: epoch.fingerprint,
|
|
112
|
+
encryptionPublicKeyJwk: epoch.encryption_public_key_jwk,
|
|
113
|
+
signingPublicKeyJwk: epoch.signing_public_key_jwk,
|
|
114
|
+
previousEpochFingerprint: epoch.previous_epoch_fingerprint ?? null,
|
|
115
|
+
continuityPayload: epoch.continuity_payload ?? null,
|
|
116
|
+
continuitySignature: epoch.continuity_signature ?? null,
|
|
117
|
+
signedByEpochFingerprint: epoch.signed_by_epoch_fingerprint ?? null,
|
|
118
|
+
}, options.home);
|
|
119
|
+
return epoch;
|
|
120
|
+
}
|
|
121
|
+
function runtimeBaseUrl(target) {
|
|
122
|
+
return `${target.serverUrl.replace(/\/+$/, '')}/api/runtime/workspaces/${encodeURIComponent(target.workspaceId)}`;
|
|
123
|
+
}
|
|
124
|
+
async function postJson(fetchImpl, url, body, transportOptions = {}) {
|
|
125
|
+
const response = await fetchImpl(url, {
|
|
126
|
+
method: 'POST',
|
|
127
|
+
headers: trustedEdgeCryptoHeaders({ 'content-type': 'application/json' }),
|
|
128
|
+
body: JSON.stringify(body),
|
|
129
|
+
timeoutMs: 5_000,
|
|
130
|
+
tlsVerify: transportOptions.tlsVerify,
|
|
131
|
+
caCertPath: transportOptions.caCertPath,
|
|
132
|
+
tlsPins: transportOptions.tlsPins,
|
|
133
|
+
});
|
|
134
|
+
const payload = await response.json().catch(() => null);
|
|
135
|
+
if (!response.ok)
|
|
136
|
+
throw new Error(responseError(payload, response));
|
|
137
|
+
return payload;
|
|
138
|
+
}
|
|
139
|
+
async function getJson(fetchImpl, url, transportOptions) {
|
|
140
|
+
const requestUrl = new URL(url);
|
|
141
|
+
requestUrl.searchParams.set('credential', transportOptions.credential);
|
|
142
|
+
const response = await fetchImpl(requestUrl.toString(), {
|
|
143
|
+
method: 'GET',
|
|
144
|
+
headers: trustedEdgeCryptoHeaders(),
|
|
145
|
+
timeoutMs: 5_000,
|
|
146
|
+
tlsVerify: transportOptions.tlsVerify,
|
|
147
|
+
caCertPath: transportOptions.caCertPath,
|
|
148
|
+
tlsPins: transportOptions.tlsPins,
|
|
149
|
+
});
|
|
150
|
+
const payload = await response.json().catch(() => null);
|
|
151
|
+
if (!response.ok)
|
|
152
|
+
throw new Error(responseError(payload, response));
|
|
153
|
+
return payload;
|
|
154
|
+
}
|
|
155
|
+
function trustedEdgeCryptoHeaders(extra = {}) {
|
|
156
|
+
return {
|
|
157
|
+
accept: 'application/json',
|
|
158
|
+
[TRUSTED_EDGE_CRYPTO_PROTOCOL_HEADER]: TRUSTED_EDGE_CRYPTO_PROTOCOL_VERSION,
|
|
159
|
+
...extra,
|
|
160
|
+
};
|
|
161
|
+
}
|
|
162
|
+
function responseError(payload, response) {
|
|
163
|
+
const message = payload && typeof payload === 'object' && 'message' in payload
|
|
164
|
+
? String(payload.message)
|
|
165
|
+
: `${response.status} ${response.statusText}`;
|
|
166
|
+
return `Team epoch grant sync failed: ${message}`;
|
|
167
|
+
}
|
|
168
|
+
function publicUserEpochPayload(value) {
|
|
169
|
+
const data = record(value, 'user epoch');
|
|
170
|
+
return {
|
|
171
|
+
id: stringField(data, 'id'),
|
|
172
|
+
workspace_id: stringField(data, 'workspace_id'),
|
|
173
|
+
user_id: numberOrStringField(data, 'user_id'),
|
|
174
|
+
epoch: numberField(data, 'epoch'),
|
|
175
|
+
fingerprint: stringField(data, 'fingerprint'),
|
|
176
|
+
encryption_public_key_jwk: objectField(data, 'encryption_public_key_jwk'),
|
|
177
|
+
signing_public_key_jwk: objectField(data, 'signing_public_key_jwk'),
|
|
178
|
+
previous_epoch_fingerprint: typeof data.previous_epoch_fingerprint === 'string' ? data.previous_epoch_fingerprint : null,
|
|
179
|
+
continuity_payload: data.continuity_payload && typeof data.continuity_payload === 'object'
|
|
180
|
+
? data.continuity_payload
|
|
181
|
+
: null,
|
|
182
|
+
continuity_signature: typeof data.continuity_signature === 'string' ? data.continuity_signature : null,
|
|
183
|
+
signed_by_epoch_fingerprint: typeof data.signed_by_epoch_fingerprint === 'string'
|
|
184
|
+
? data.signed_by_epoch_fingerprint
|
|
185
|
+
: null,
|
|
186
|
+
};
|
|
187
|
+
}
|
|
188
|
+
function teamMemberGrantPayload(value) {
|
|
189
|
+
const data = record(value, 'team member grant');
|
|
190
|
+
return {
|
|
191
|
+
id: stringField(data, 'id'),
|
|
192
|
+
team_crypto_epoch_id: stringField(data, 'team_crypto_epoch_id'),
|
|
193
|
+
recipient_user_crypto_epoch_id: stringField(data, 'recipient_user_crypto_epoch_id'),
|
|
194
|
+
aad: objectField(data, 'aad'),
|
|
195
|
+
encrypted_payload: objectField(data, 'encrypted_payload'),
|
|
196
|
+
};
|
|
197
|
+
}
|
|
198
|
+
function teamMaterialPayload(value) {
|
|
199
|
+
const data = record(value, 'team material');
|
|
200
|
+
return {
|
|
201
|
+
workspaceId: stringField(data, 'workspaceId'),
|
|
202
|
+
teamId: stringField(data, 'teamId'),
|
|
203
|
+
platformTeamId: typeof data.platformTeamId === 'string' ? data.platformTeamId : null,
|
|
204
|
+
platformEpochId: stringField(data, 'platformEpochId'),
|
|
205
|
+
epoch: numberField(data, 'epoch'),
|
|
206
|
+
fingerprint: stringField(data, 'fingerprint'),
|
|
207
|
+
encryptionPublicKeyJwk: objectField(data, 'encryptionPublicKeyJwk'),
|
|
208
|
+
encryptionPrivateKeyJwk: objectField(data, 'encryptionPrivateKeyJwk'),
|
|
209
|
+
signingPublicKeyJwk: objectField(data, 'signingPublicKeyJwk'),
|
|
210
|
+
signingPrivateKeyJwk: objectField(data, 'signingPrivateKeyJwk'),
|
|
211
|
+
previousEpochFingerprint: typeof data.previousEpochFingerprint === 'string' ? data.previousEpochFingerprint : null,
|
|
212
|
+
};
|
|
213
|
+
}
|
|
214
|
+
function arrayField(value, field) {
|
|
215
|
+
const data = record(value, 'response');
|
|
216
|
+
const child = data[field];
|
|
217
|
+
if (!Array.isArray(child))
|
|
218
|
+
throw new Error(`Response did not include ${field} array.`);
|
|
219
|
+
return child;
|
|
220
|
+
}
|
|
221
|
+
function objectField(value, field) {
|
|
222
|
+
const data = record(value, 'response');
|
|
223
|
+
const child = data[field];
|
|
224
|
+
if (!child || typeof child !== 'object' || Array.isArray(child)) {
|
|
225
|
+
throw new Error(`Response did not include ${field} object.`);
|
|
226
|
+
}
|
|
227
|
+
return child;
|
|
228
|
+
}
|
|
229
|
+
function record(value, label) {
|
|
230
|
+
if (!value || typeof value !== 'object' || Array.isArray(value)) {
|
|
231
|
+
throw new Error(`Expected ${label} object.`);
|
|
232
|
+
}
|
|
233
|
+
return value;
|
|
234
|
+
}
|
|
235
|
+
function stringField(value, field) {
|
|
236
|
+
const child = value[field];
|
|
237
|
+
if (typeof child !== 'string' || child.trim().length === 0) {
|
|
238
|
+
throw new Error(`Response did not include ${field}.`);
|
|
239
|
+
}
|
|
240
|
+
return child;
|
|
241
|
+
}
|
|
242
|
+
function numberField(value, field) {
|
|
243
|
+
const child = value[field];
|
|
244
|
+
if (typeof child !== 'number') {
|
|
245
|
+
throw new Error(`Response did not include numeric ${field}.`);
|
|
246
|
+
}
|
|
247
|
+
return child;
|
|
248
|
+
}
|
|
249
|
+
function numberOrStringField(value, field) {
|
|
250
|
+
const child = value[field];
|
|
251
|
+
if (typeof child !== 'number' && typeof child !== 'string') {
|
|
252
|
+
throw new Error(`Response did not include ${field}.`);
|
|
253
|
+
}
|
|
254
|
+
return child;
|
|
255
|
+
}
|
|
256
|
+
//# sourceMappingURL=team-epoch-grants.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"team-epoch-grants.js","sourceRoot":"","sources":["../../src/security/team-epoch-grants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAsB,MAAM,mBAAmB,CAAC;AACvE,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EACL,6BAA6B,EAC7B,6BAA6B,EAC7B,oBAAoB,GAErB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,kCAAkC,EAClC,qCAAqC,EACrC,mCAAmC,EACnC,oCAAoC,EACpC,4BAA4B,EAC5B,0BAA0B,GAG3B,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAC;AAyBnE,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAAC,OAM/C;IACC,MAAM,SAAS,GAAG,MAAM,6BAA6B,CACnD,OAAO,CAAC,MAAM,CAAC,WAAW,EAC1B,OAAO,CAAC,iBAAiB,EACzB,OAAO,CAAC,IAAI,CACb,CAAC;IACF,IAAI,CAAC,SAAS,EAAE,eAAe,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;IAC9F,CAAC;IACD,MAAM,SAAS,GAAG,MAAM,oBAAoB,CAAC,OAAO,CAAC,CAAC;IACtD,MAAM,GAAG,GAAG,uBAAuB,CAAC,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC;IAC9D,MAAM,gBAAgB,GAAG,0BAA0B,CAAC;QAClD,qBAAqB,EAAE,SAAS,CAAC,yBAAyB;QAC1D,GAAG;QACH,OAAO,EAAE;YACP,MAAM,EAAE,wCAAwC;YAChD,WAAW,EAAE,SAAS,CAAC,WAAW;YAClC,MAAM,EAAE,SAAS,CAAC,MAAM;YACxB,cAAc,EAAE,SAAS,CAAC,cAAc,IAAI,IAAI;YAChD,eAAe,EAAE,SAAS,CAAC,eAAe;YAC1C,KAAK,EAAE,SAAS,CAAC,KAAK;YACtB,WAAW,EAAE,SAAS,CAAC,WAAW;YAClC,sBAAsB,EAAE,SAAS,CAAC,sBAAsB;YACxD,uBAAuB,EAAE,SAAS,CAAC,uBAAuB;YAC1D,mBAAmB,EAAE,SAAS,CAAC,mBAAmB;YAClD,oBAAoB,EAAE,SAAS,CAAC,oBAAoB;YACpD,wBAAwB,EAAE,SAAS,CAAC,wBAAwB,IAAI,IAAI;SACrE;KACF,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAC7B,OAAO,CAAC,SAAS,IAAI,cAAc,EACnC,GAAG,cAAc,CAAC,OAAO,CAAC,MAAM,CAAC,uBAAuB,kBAAkB,CACxE,OAAO,CAAC,iBAAiB,CAC1B,gBAAgB,EACjB;QACE,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU;QACrC,8BAA8B,EAAE,OAAO,CAAC,0BAA0B;QAClE,GAAG;QACH,iBAAiB,EAAE,gBAAgB;KACpC,EACD,OAAO,CAAC,MAAM,CACf,CAAC;IACF,OAAO,sBAAsB,CAAC,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,OAIjD;IACC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAC5B,OAAO,CAAC,SAAS,IAAI,cAAc,EACnC,GAAG,cAAc,CAAC,OAAO,CAAC,MAAM,CAAC,kCAAkC,EACnE,OAAO,CAAC,MAAM,CACf,CAAC;IACF,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC;IACxF,MAAM,UAAU,GAA2B,EAAE,CAAC;IAC9C,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,cAAc,GAAG,MAAM,6BAA6B,CACxD,OAAO,CAAC,MAAM,CAAC,WAAW,EAC1B,KAAK,CAAC,8BAA8B,EACpC,OAAO,CAAC,IAAI,CACb,CAAC;QACF,IAAI,CAAC,cAAc;YAAE,SAAS;QAC9B,MAAM,OAAO,GAAG,4BAA4B,CAAC;YAC3C,sBAAsB,EAAE,cAAc,CAAC,uBAAuB;YAC9D,QAAQ,EAAE,KAAK,CAAC,iBAAiB;YACjC,GAAG,EAAE,KAAK,CAAC,GAAG;SACf,CAAC,CAAC;QACH,MAAM,QAAQ,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAC9C,MAAM,SAAS,GAAG,MAAM,oBAAoB,CAC1C;YACE,WAAW,EAAE,QAAQ,CAAC,WAAW;YACjC,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,cAAc,EAAE,QAAQ,CAAC,cAAc;YACvC,eAAe,EAAE,QAAQ,CAAC,eAAe;YACzC,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,MAAM,EAAE,+BAA+B;YACvC,MAAM,EAAE,QAAQ;YAChB,sBAAsB,EAAE,QAAQ,CAAC,sBAAsB;YACvD,uBAAuB,EAAE,QAAQ,CAAC,uBAAuB;YACzD,mBAAmB,EAAE,QAAQ,CAAC,mBAAmB;YACjD,oBAAoB,EAAE,QAAQ,CAAC,oBAAoB;YACnD,WAAW,EAAE,QAAQ,CAAC,WAAW;YACjC,wBAAwB,EAAE,QAAQ,CAAC,wBAAwB;SAC5D,EACD,OAAO,CAAC,IAAI,IAAI,SAAS,EAAE,CAC5B,CAAC;QACF,MAAM,QAAQ,CACZ,OAAO,CAAC,SAAS,IAAI,cAAc,EACnC,GAAG,cAAc,CAAC,OAAO,CAAC,MAAM,CAAC,oCAAoC,kBAAkB,CACrF,KAAK,CAAC,EAAE,CACT,eAAe,EAChB;YACE,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU;YACrC,OAAO,EAAE,kCAAkC,CAAC;gBAC1C,OAAO,EAAE,qCAAqC,CAAC;oBAC7C,WAAW,EAAE,QAAQ,CAAC,WAAW;oBACjC,OAAO,EAAE,KAAK,CAAC,EAAE;oBACjB,iBAAiB,EAAE,QAAQ,CAAC,eAAe;oBAC3C,oBAAoB,EAAE,QAAQ,CAAC,WAAW;oBAC1C,0BAA0B,EAAE,KAAK,CAAC,8BAA8B;oBAChE,6BAA6B,EAAE,cAAc,CAAC,WAAW;iBAC1D,CAAC;gBACF,oBAAoB,EAAE,QAAQ,CAAC,oBAAoB;gBACnD,4BAA4B,EAAE,QAAQ,CAAC,WAAW;aACnD,CAAC;SACH,EACD,OAAO,CAAC,MAAM,CACf,CAAC;QACF,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,EAAE,QAAQ,EAAE,UAAU,CAAC,MAAM,EAAE,UAAU,EAAE,CAAC;AACrD,CAAC;AAED,SAAS,uBAAuB,CAAC,KAGhC;IACC,OAAO;QACL,MAAM,EAAE,yCAAyC;QACjD,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,WAAW;QACxC,cAAc,EAAE,KAAK,CAAC,SAAS,CAAC,cAAc,IAAI,IAAI;QACtD,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,eAAe,IAAI,IAAI;QACpD,oBAAoB,EAAE,KAAK,CAAC,SAAS,CAAC,WAAW;QACjD,oBAAoB,EAAE,KAAK,CAAC,SAAS,CAAC,EAAE;QACxC,6BAA6B,EAAE,KAAK,CAAC,SAAS,CAAC,WAAW;KAC3D,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,OAKnC;IACC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAC5B,OAAO,CAAC,SAAS,IAAI,cAAc,EACnC,GAAG,cAAc,CAAC,OAAO,CAAC,MAAM,CAAC,gBAAgB,EACjD,OAAO,CAAC,MAAM,CACf,CAAC;IACF,MAAM,UAAU,GAAG,UAAU,CAAC,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CACvF,sBAAsB,CAAC,IAAI,CAAC,CAC7B,CAAC;IACF,MAAM,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,KAAK,OAAO,CAAC,0BAA0B,CAAC,CAAC;IACxF,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;IACvF,MAAM,yBAAyB,CAC7B;QACE,eAAe,EAAE,KAAK,CAAC,EAAE;QACzB,WAAW,EAAE,KAAK,CAAC,YAAY;QAC/B,WAAW,EAAE,MAAM;QACnB,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC;QAChC,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,MAAM,EAAE,+BAA+B;QACvC,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,sBAAsB,EAAE,KAAK,CAAC,yBAAyB;QACvD,mBAAmB,EAAE,KAAK,CAAC,sBAAsB;QACjD,wBAAwB,EAAE,KAAK,CAAC,0BAA0B,IAAI,IAAI;QAClE,iBAAiB,EAAE,KAAK,CAAC,kBAAkB,IAAI,IAAI;QACnD,mBAAmB,EAAE,KAAK,CAAC,oBAAoB,IAAI,IAAI;QACvD,wBAAwB,EAAE,KAAK,CAAC,2BAA2B,IAAI,IAAI;KACpE,EACD,OAAO,CAAC,IAAI,CACb,CAAC;IACF,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,cAAc,CAAC,MAA6B;IACnD,OAAO,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,2BAA2B,kBAAkB,CACzF,MAAM,CAAC,WAAW,CACnB,EAAE,CAAC;AACN,CAAC;AAED,KAAK,UAAU,QAAQ,CACrB,SAAgC,EAChC,GAAW,EACX,IAA6B,EAC7B,mBAII,EAAE;IAEN,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE;QACpC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,wBAAwB,CAAC,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC;QACzE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;QAC1B,SAAS,EAAE,KAAK;QAChB,SAAS,EAAE,gBAAgB,CAAC,SAAS;QACrC,UAAU,EAAE,gBAAgB,CAAC,UAAU;QACvC,OAAO,EAAE,gBAAgB,CAAC,OAAO;KAClC,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IACxD,IAAI,CAAC,QAAQ,CAAC,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,aAAa,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;IACpE,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,KAAK,UAAU,OAAO,CACpB,SAAgC,EAChC,GAAW,EACX,gBAAuC;IAEvC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAChC,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,gBAAgB,CAAC,UAAU,CAAC,CAAC;IACvE,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,UAAU,CAAC,QAAQ,EAAE,EAAE;QACtD,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,wBAAwB,EAAE;QACnC,SAAS,EAAE,KAAK;QAChB,SAAS,EAAE,gBAAgB,CAAC,SAAS;QACrC,UAAU,EAAE,gBAAgB,CAAC,UAAU;QACvC,OAAO,EAAE,gBAAgB,CAAC,OAAO;KAClC,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IACxD,IAAI,CAAC,QAAQ,CAAC,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,aAAa,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;IACpE,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,wBAAwB,CAAC,QAAgC,EAAE;IAClE,OAAO;QACL,MAAM,EAAE,kBAAkB;QAC1B,CAAC,mCAAmC,CAAC,EAAE,oCAAoC;QAC3E,GAAG,KAAK;KACT,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,OAAgB,EAAE,QAAkB;IACzD,MAAM,OAAO,GACX,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,SAAS,IAAI,OAAO;QAC5D,CAAC,CAAC,MAAM,CAAE,OAAiC,CAAC,OAAO,CAAC;QACpD,CAAC,CAAC,GAAG,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;IAClD,OAAO,iCAAiC,OAAO,EAAE,CAAC;AACpD,CAAC;AAED,SAAS,sBAAsB,CAAC,KAAc;IAC5C,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IACzC,OAAO;QACL,EAAE,EAAE,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC;QAC3B,YAAY,EAAE,WAAW,CAAC,IAAI,EAAE,cAAc,CAAC;QAC/C,OAAO,EAAE,mBAAmB,CAAC,IAAI,EAAE,SAAS,CAAC;QAC7C,KAAK,EAAE,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC;QACjC,WAAW,EAAE,WAAW,CAAC,IAAI,EAAE,aAAa,CAAC;QAC7C,yBAAyB,EAAE,WAAW,CAAC,IAAI,EAAE,2BAA2B,CAAc;QACtF,sBAAsB,EAAE,WAAW,CAAC,IAAI,EAAE,wBAAwB,CAAc;QAChF,0BAA0B,EACxB,OAAO,IAAI,CAAC,0BAA0B,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC,CAAC,IAAI;QAC9F,kBAAkB,EAChB,IAAI,CAAC,kBAAkB,IAAI,OAAO,IAAI,CAAC,kBAAkB,KAAK,QAAQ;YACpE,CAAC,CAAE,IAAI,CAAC,kBAAgC;YACxC,CAAC,CAAC,IAAI;QACV,oBAAoB,EAClB,OAAO,IAAI,CAAC,oBAAoB,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,IAAI;QAClF,2BAA2B,EACzB,OAAO,IAAI,CAAC,2BAA2B,KAAK,QAAQ;YAClD,CAAC,CAAC,IAAI,CAAC,2BAA2B;YAClC,CAAC,CAAC,IAAI;KACX,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB,CAAC,KAAc;IAC5C,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,EAAE,mBAAmB,CAAC,CAAC;IAChD,OAAO;QACL,EAAE,EAAE,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC;QAC3B,oBAAoB,EAAE,WAAW,CAAC,IAAI,EAAE,sBAAsB,CAAC;QAC/D,8BAA8B,EAAE,WAAW,CAAC,IAAI,EAAE,gCAAgC,CAAC;QACnF,GAAG,EAAE,WAAW,CAAC,IAAI,EAAE,KAAK,CAAc;QAC1C,iBAAiB,EAAE,WAAW,CAAC,IAAI,EAAE,mBAAmB,CAAkC;KAC3F,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAgB;IAa3C,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IAC5C,OAAO;QACL,WAAW,EAAE,WAAW,CAAC,IAAI,EAAE,aAAa,CAAC;QAC7C,MAAM,EAAE,WAAW,CAAC,IAAI,EAAE,QAAQ,CAAC;QACnC,cAAc,EAAE,OAAO,IAAI,CAAC,cAAc,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI;QACpF,eAAe,EAAE,WAAW,CAAC,IAAI,EAAE,iBAAiB,CAAC;QACrD,KAAK,EAAE,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC;QACjC,WAAW,EAAE,WAAW,CAAC,IAAI,EAAE,aAAa,CAAC;QAC7C,sBAAsB,EAAE,WAAW,CAAC,IAAI,EAAE,wBAAwB,CAAc;QAChF,uBAAuB,EAAE,WAAW,CAAC,IAAI,EAAE,yBAAyB,CAAc;QAClF,mBAAmB,EAAE,WAAW,CAAC,IAAI,EAAE,qBAAqB,CAAc;QAC1E,oBAAoB,EAAE,WAAW,CAAC,IAAI,EAAE,sBAAsB,CAAc;QAC5E,wBAAwB,EACtB,OAAO,IAAI,CAAC,wBAAwB,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC,IAAI;KAC3F,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,KAAc,EAAE,KAAa;IAC/C,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;IACvC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;IAC1B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,KAAK,SAAS,CAAC,CAAC;IACvF,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,WAAW,CAAC,KAAc,EAAE,KAAa;IAChD,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;IACvC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;IAC1B,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,4BAA4B,KAAK,UAAU,CAAC,CAAC;IAC/D,CAAC;IACD,OAAO,KAAgC,CAAC;AAC1C,CAAC;AAED,SAAS,MAAM,CAAC,KAAc,EAAE,KAAa;IAC3C,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,YAAY,KAAK,UAAU,CAAC,CAAC;IAC/C,CAAC;IACD,OAAO,KAAgC,CAAC;AAC1C,CAAC;AAED,SAAS,WAAW,CAAC,KAA8B,EAAE,KAAa;IAChE,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC;IAC3B,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,4BAA4B,KAAK,GAAG,CAAC,CAAC;IACxD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,WAAW,CAAC,KAA8B,EAAE,KAAa;IAChE,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC;IAC3B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,oCAAoC,KAAK,GAAG,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,mBAAmB,CAAC,KAA8B,EAAE,KAAa;IACxE,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC;IAC3B,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,4BAA4B,KAAK,GAAG,CAAC,CAAC;IACxD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
import { previewContextCandidate } from '../context/local-edge-candidates.js';
|
|
2
|
+
export interface ContextCandidatePreviewInput {
|
|
3
|
+
contextResourceId: string;
|
|
4
|
+
workspaceId?: string;
|
|
5
|
+
actorName: string;
|
|
6
|
+
candidateEventId?: string;
|
|
7
|
+
payloadDigest?: string;
|
|
8
|
+
passphrase?: string;
|
|
9
|
+
recoveryCode?: string;
|
|
10
|
+
}
|
|
11
|
+
export type ContextCandidatePreviewProof = {
|
|
12
|
+
ok: true;
|
|
13
|
+
previewProofId: string;
|
|
14
|
+
expiresAt: string | null;
|
|
15
|
+
workspaceId: string;
|
|
16
|
+
} | {
|
|
17
|
+
ok: false;
|
|
18
|
+
error: string;
|
|
19
|
+
};
|
|
20
|
+
export declare function previewContextCandidateForTrustedEdge(input: ContextCandidatePreviewInput): Promise<{
|
|
21
|
+
candidate: Awaited<ReturnType<typeof previewContextCandidate>> & {
|
|
22
|
+
previewProof: ContextCandidatePreviewProof;
|
|
23
|
+
};
|
|
24
|
+
previewProof: ContextCandidatePreviewProof;
|
|
25
|
+
}>;
|
|
26
|
+
//# sourceMappingURL=context-preview-service.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"context-preview-service.d.ts","sourceRoot":"","sources":["../../src/server/context-preview-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,uBAAuB,EAAE,MAAM,qCAAqC,CAAC;AAI9E,MAAM,WAAW,4BAA4B;IAC3C,iBAAiB,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,MAAM,4BAA4B,GACpC;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,cAAc,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,GACnF;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC;AAEjC,wBAAsB,qCAAqC,CACzD,KAAK,EAAE,4BAA4B,GAClC,OAAO,CAAC;IACT,SAAS,EAAE,OAAO,CAAC,UAAU,CAAC,OAAO,uBAAuB,CAAC,CAAC,GAAG;QAC/D,YAAY,EAAE,4BAA4B,CAAC;KAC5C,CAAC;IACF,YAAY,EAAE,4BAA4B,CAAC;CAC5C,CAAC,CA2BD"}
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
import { resolveConfiguredContextSyncTarget } from '../cli/context-sync-target.js';
|
|
2
|
+
import { previewContextCandidate } from '../context/local-edge-candidates.js';
|
|
3
|
+
import { recordContextCandidatePreviewProof } from '../context/local-edge-sync.js';
|
|
4
|
+
import { ConfigManager } from '../core/config.js';
|
|
5
|
+
export async function previewContextCandidateForTrustedEdge(input) {
|
|
6
|
+
if (!input.candidateEventId && !input.payloadDigest) {
|
|
7
|
+
throw new Error('candidateEventId or payloadDigest is required');
|
|
8
|
+
}
|
|
9
|
+
const candidate = await previewContextCandidate({
|
|
10
|
+
contextResourceId: input.contextResourceId,
|
|
11
|
+
actorName: input.actorName,
|
|
12
|
+
candidateEventId: input.candidateEventId,
|
|
13
|
+
payloadDigest: input.payloadDigest,
|
|
14
|
+
credentials: {
|
|
15
|
+
passphrase: input.passphrase ?? '',
|
|
16
|
+
recoveryCode: input.recoveryCode ?? '',
|
|
17
|
+
},
|
|
18
|
+
});
|
|
19
|
+
const previewProof = await createPreviewProof({
|
|
20
|
+
contextResourceId: input.contextResourceId,
|
|
21
|
+
workspaceId: input.workspaceId,
|
|
22
|
+
candidateEventId: candidate.proposalEventId,
|
|
23
|
+
payloadDigest: candidate.payloadDigest,
|
|
24
|
+
});
|
|
25
|
+
return {
|
|
26
|
+
candidate: { ...candidate, previewProof },
|
|
27
|
+
previewProof,
|
|
28
|
+
};
|
|
29
|
+
}
|
|
30
|
+
async function createPreviewProof(input) {
|
|
31
|
+
try {
|
|
32
|
+
const target = await resolveSavedSyncTarget(input.contextResourceId, input.workspaceId);
|
|
33
|
+
if (!target) {
|
|
34
|
+
return {
|
|
35
|
+
ok: false,
|
|
36
|
+
error: input.workspaceId
|
|
37
|
+
? `No saved remote credentials are available for workspace ${input.workspaceId}.`
|
|
38
|
+
: 'Preview proof requires an explicit workspace when this daemon has multiple remote bindings.',
|
|
39
|
+
};
|
|
40
|
+
}
|
|
41
|
+
const proof = await recordContextCandidatePreviewProof({
|
|
42
|
+
workspaceId: target.workspaceId,
|
|
43
|
+
serverUrl: target.serverUrl,
|
|
44
|
+
credential: target.credential,
|
|
45
|
+
contextResourceId: input.contextResourceId,
|
|
46
|
+
candidateEventId: input.candidateEventId,
|
|
47
|
+
payloadDigest: input.payloadDigest,
|
|
48
|
+
previewDigest: input.payloadDigest,
|
|
49
|
+
tlsVerify: target.tlsVerify,
|
|
50
|
+
caCertPath: target.caCertPath,
|
|
51
|
+
tlsPins: target.tlsPins,
|
|
52
|
+
});
|
|
53
|
+
return { ok: true, workspaceId: target.workspaceId, ...proof };
|
|
54
|
+
}
|
|
55
|
+
catch (error) {
|
|
56
|
+
return {
|
|
57
|
+
ok: false,
|
|
58
|
+
error: error instanceof Error ? error.message : 'Context preview proof failed',
|
|
59
|
+
};
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
async function resolveSavedSyncTarget(contextResourceId, workspaceId) {
|
|
63
|
+
const manager = new ConfigManager();
|
|
64
|
+
await manager.load();
|
|
65
|
+
const daemon = manager.getDaemonConfig() ?? {};
|
|
66
|
+
return resolveConfiguredContextSyncTarget(daemon, {
|
|
67
|
+
contextResourceId,
|
|
68
|
+
requestedWorkspaceId: workspaceId,
|
|
69
|
+
});
|
|
70
|
+
}
|
|
71
|
+
//# sourceMappingURL=context-preview-service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"context-preview-service.js","sourceRoot":"","sources":["../../src/server/context-preview-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kCAAkC,EAAE,MAAM,+BAA+B,CAAC;AACnF,OAAO,EAAE,uBAAuB,EAAE,MAAM,qCAAqC,CAAC;AAC9E,OAAO,EAAE,kCAAkC,EAAE,MAAM,+BAA+B,CAAC;AACnF,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAgBlD,MAAM,CAAC,KAAK,UAAU,qCAAqC,CACzD,KAAmC;IAOnC,IAAI,CAAC,KAAK,CAAC,gBAAgB,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,uBAAuB,CAAC;QAC9C,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;QAC1C,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;QACxC,aAAa,EAAE,KAAK,CAAC,aAAa;QAClC,WAAW,EAAE;YACX,UAAU,EAAE,KAAK,CAAC,UAAU,IAAI,EAAE;YAClC,YAAY,EAAE,KAAK,CAAC,YAAY,IAAI,EAAE;SACvC;KACF,CAAC,CAAC;IAEH,MAAM,YAAY,GAAG,MAAM,kBAAkB,CAAC;QAC5C,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;QAC1C,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,gBAAgB,EAAE,SAAS,CAAC,eAAe;QAC3C,aAAa,EAAE,SAAS,CAAC,aAAa;KACvC,CAAC,CAAC;IAEH,OAAO;QACL,SAAS,EAAE,EAAE,GAAG,SAAS,EAAE,YAAY,EAAE;QACzC,YAAY;KACb,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,KAKjC;IACC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,sBAAsB,CAAC,KAAK,CAAC,iBAAiB,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;QACxF,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,KAAK,CAAC,WAAW;oBACtB,CAAC,CAAC,2DAA2D,KAAK,CAAC,WAAW,GAAG;oBACjF,CAAC,CAAC,6FAA6F;aAClG,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,kCAAkC,CAAC;YACrD,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;YAC1C,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;YACxC,aAAa,EAAE,KAAK,CAAC,aAAa;YAClC,aAAa,EAAE,KAAK,CAAC,aAAa;YAClC,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,OAAO,EAAE,MAAM,CAAC,OAAO;SACxB,CAAC,CAAC;QACH,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE,GAAG,KAAK,EAAE,CAAC;IACjE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,8BAA8B;SAC/E,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,sBAAsB,CACnC,iBAAyB,EACzB,WAAoB;IASpB,MAAM,OAAO,GAAG,IAAI,aAAa,EAAE,CAAC;IACpC,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;IACrB,MAAM,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,IAAI,EAAE,CAAC;IAC/C,OAAO,kCAAkC,CAAC,MAAM,EAAE;QAChD,iBAAiB;QACjB,oBAAoB,EAAE,WAAW;KAClC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
1
|
import type { FastifyInstance } from 'fastify';
|
|
2
|
-
|
|
2
|
+
import type { Daemon } from '../core/daemon.js';
|
|
3
|
+
export declare function registerContextRoutes(app: FastifyInstance, daemon: Daemon): void;
|
|
3
4
|
//# sourceMappingURL=http-context-routes.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"http-context-routes.d.ts","sourceRoot":"","sources":["../../src/server/http-context-routes.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"http-context-routes.d.ts","sourceRoot":"","sources":["../../src/server/http-context-routes.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAY/C,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAoEhD,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAuMhF"}
|
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
import { z } from 'zod';
|
|
2
2
|
import { addContextEntry, initContextResource, readContextStatus, resolveContextBundle, } from '../context/local-edge-store.js';
|
|
3
|
-
import {
|
|
3
|
+
import { proposeContextEntry } from '../context/local-edge-candidates.js';
|
|
4
4
|
import { pushContextEvents } from '../context/local-edge-sync.js';
|
|
5
|
-
import { ConfigManager } from '../core/config.js';
|
|
6
5
|
import { resolveConfiguredContextSyncTarget } from '../cli/context-sync-target.js';
|
|
6
|
+
import { ConfigManager } from '../core/config.js';
|
|
7
|
+
import { previewContextCandidateForTrustedEdge } from './context-preview-service.js';
|
|
8
|
+
import { verifyTrustedEdgeCommandCapability } from './trusted-edge-command-capability.js';
|
|
7
9
|
const CredentialsSchema = z.object({
|
|
8
10
|
passphrase: z.string().min(1),
|
|
9
11
|
recoveryCode: z.string().min(1),
|
|
@@ -24,6 +26,7 @@ const AddBodySchema = CredentialsSchema.extend({
|
|
|
24
26
|
});
|
|
25
27
|
const ResolveBodySchema = z.object({
|
|
26
28
|
contextResourceId: z.string().min(1).optional(),
|
|
29
|
+
workspaceId: z.string().min(1).optional(),
|
|
27
30
|
actorName: z.string().min(1),
|
|
28
31
|
query: z.string().default(''),
|
|
29
32
|
maxItems: z.number().int().min(1).max(500).optional(),
|
|
@@ -37,12 +40,15 @@ const ResolveBodySchema = z.object({
|
|
|
37
40
|
.optional(),
|
|
38
41
|
passphrase: z.string().optional(),
|
|
39
42
|
recoveryCode: z.string().optional(),
|
|
43
|
+
capabilityToken: z.string().min(1).optional(),
|
|
40
44
|
});
|
|
41
45
|
const CandidatePreviewBodySchema = z.object({
|
|
42
46
|
contextResourceId: z.string().min(1).optional(),
|
|
47
|
+
workspaceId: z.string().min(1).optional(),
|
|
43
48
|
actorName: z.string().min(1),
|
|
44
49
|
candidateEventId: z.string().min(1).optional(),
|
|
45
50
|
payloadDigest: z.string().min(1).optional(),
|
|
51
|
+
capabilityToken: z.string().min(1).optional(),
|
|
46
52
|
passphrase: z.string().optional(),
|
|
47
53
|
recoveryCode: z.string().optional(),
|
|
48
54
|
});
|
|
@@ -58,7 +64,7 @@ const CandidateProposeBodySchema = z.object({
|
|
|
58
64
|
recoveryCode: z.string().optional(),
|
|
59
65
|
sync: z.boolean().optional(),
|
|
60
66
|
});
|
|
61
|
-
export function registerContextRoutes(app) {
|
|
67
|
+
export function registerContextRoutes(app, daemon) {
|
|
62
68
|
app.get('/api/context/status', async (request) => {
|
|
63
69
|
return readContextStatus({
|
|
64
70
|
contextResourceId: request.query.context,
|
|
@@ -123,20 +129,36 @@ export function registerContextRoutes(app) {
|
|
|
123
129
|
if (!contextResourceId) {
|
|
124
130
|
return reply.status(400).send({ error: 'contextResourceId is required' });
|
|
125
131
|
}
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
132
|
+
if (!parsed.data.workspaceId) {
|
|
133
|
+
return reply.status(400).send({ error: 'workspaceId is required for trusted-edge resolve' });
|
|
134
|
+
}
|
|
135
|
+
try {
|
|
136
|
+
await verifyTrustedEdgeCommandCapability(daemon, {
|
|
137
|
+
token: parsed.data.capabilityToken,
|
|
138
|
+
workspaceId: parsed.data.workspaceId,
|
|
139
|
+
purpose: 'context-resolve',
|
|
140
|
+
contextResourceId,
|
|
141
|
+
});
|
|
142
|
+
const bundle = await resolveContextBundle({
|
|
143
|
+
contextResourceId,
|
|
144
|
+
actorName: parsed.data.actorName,
|
|
145
|
+
query: parsed.data.query,
|
|
146
|
+
maxItems: parsed.data.maxItems,
|
|
147
|
+
includePrivate: parsed.data.includePrivate,
|
|
148
|
+
profile: parsed.data.profile,
|
|
149
|
+
profilePin: parsed.data.profilePin,
|
|
150
|
+
credentials: {
|
|
151
|
+
passphrase: parsed.data.passphrase ?? '',
|
|
152
|
+
recoveryCode: parsed.data.recoveryCode ?? '',
|
|
153
|
+
},
|
|
154
|
+
});
|
|
155
|
+
return { bundle };
|
|
156
|
+
}
|
|
157
|
+
catch (error) {
|
|
158
|
+
return reply
|
|
159
|
+
.status(400)
|
|
160
|
+
.send({ error: error instanceof Error ? error.message : 'Context resolve failed' });
|
|
161
|
+
}
|
|
140
162
|
});
|
|
141
163
|
app.post('/api/context/candidates/preview', async (request, reply) => {
|
|
142
164
|
const parsed = CandidatePreviewBodySchema.safeParse(request.body);
|
|
@@ -149,20 +171,33 @@ export function registerContextRoutes(app) {
|
|
|
149
171
|
if (!contextResourceId) {
|
|
150
172
|
return reply.status(400).send({ error: 'contextResourceId is required' });
|
|
151
173
|
}
|
|
152
|
-
if (!parsed.data.
|
|
153
|
-
return reply.status(400).send({ error: '
|
|
174
|
+
if (!parsed.data.workspaceId) {
|
|
175
|
+
return reply.status(400).send({ error: 'workspaceId is required for trusted-edge preview' });
|
|
176
|
+
}
|
|
177
|
+
try {
|
|
178
|
+
await verifyTrustedEdgeCommandCapability(daemon, {
|
|
179
|
+
token: parsed.data.capabilityToken,
|
|
180
|
+
workspaceId: parsed.data.workspaceId,
|
|
181
|
+
purpose: 'context-candidate-preview',
|
|
182
|
+
contextResourceId,
|
|
183
|
+
candidateEventId: parsed.data.candidateEventId,
|
|
184
|
+
payloadDigest: parsed.data.payloadDigest,
|
|
185
|
+
});
|
|
186
|
+
return await previewContextCandidateForTrustedEdge({
|
|
187
|
+
contextResourceId,
|
|
188
|
+
workspaceId: parsed.data.workspaceId,
|
|
189
|
+
actorName: parsed.data.actorName,
|
|
190
|
+
candidateEventId: parsed.data.candidateEventId,
|
|
191
|
+
payloadDigest: parsed.data.payloadDigest,
|
|
192
|
+
passphrase: parsed.data.passphrase,
|
|
193
|
+
recoveryCode: parsed.data.recoveryCode,
|
|
194
|
+
});
|
|
195
|
+
}
|
|
196
|
+
catch (error) {
|
|
197
|
+
return reply
|
|
198
|
+
.status(400)
|
|
199
|
+
.send({ error: error instanceof Error ? error.message : 'Context preview failed' });
|
|
154
200
|
}
|
|
155
|
-
const candidate = await previewContextCandidate({
|
|
156
|
-
contextResourceId,
|
|
157
|
-
actorName: parsed.data.actorName,
|
|
158
|
-
candidateEventId: parsed.data.candidateEventId,
|
|
159
|
-
payloadDigest: parsed.data.payloadDigest,
|
|
160
|
-
credentials: {
|
|
161
|
-
passphrase: parsed.data.passphrase ?? '',
|
|
162
|
-
recoveryCode: parsed.data.recoveryCode ?? '',
|
|
163
|
-
},
|
|
164
|
-
});
|
|
165
|
-
return { candidate };
|
|
166
201
|
});
|
|
167
202
|
app.post('/api/context/candidates', async (request, reply) => {
|
|
168
203
|
const parsed = CandidateProposeBodySchema.safeParse(request.body);
|