import { type Operation } from "effection"; import { Cipher, type Decrypter, type Encrypter, Prefixer, type Tier } from "../../../cesr/mod.js"; import { GroupMemberTuple, RawRecord } from "../core/records.js"; import { LMDBerOptions } from "./core/lmdber.js"; import { Komer } from "./koming.js"; import { CatCesrIoSetSuber, CesrSuber, CryptSignerSuber, Suber } from "./subing.js"; /** Options for opening a keeper LMDB environment and its named subdb surface. */ export interface KeeperOptions extends LMDBerOptions { compat?: boolean; } /** * One rotation-slot public-key set plus its replay metadata. * * KERIpy correspondence: * - mirrors the `PubLot` record shape used by keeper state records */ export interface PubLotShape { /** Ordered fully qualified public keys for one establishment-event key set. */ pubs: string[]; /** Rotation index of the establishment event that uses this key set. */ ridx: number; /** Zeroth key index of this set in the full managed key sequence. */ kidx: number; /** ISO8601 datetime when this public-key set was first created. */ dt: string; } /** * Concrete keeper record for one establishment-event public-key lot. * * Responsibility: * - normalize one old/current/next key-set snapshot into the durable * `RawRecord` shape used by keeper situation records * * Defaulting rule: * - constructors must tolerate partial replay rows so reopen/hydration paths * can materialize an empty lot before the manager fills real key metadata */ export declare class PubLot extends RawRecord implements PubLotShape { pubs: string[]; ridx: number; kidx: number; dt: string; constructor(data?: Partial); } /** * Keeper situation record for one prefix. * * KERIpy correspondence: * - mirrors `PreSit` * * Captures the old/current/next public-key lots used by the manager for local * replay and stateful key progression. */ export interface PreSitShape { /** Historical previously current lot retained for replay/erase progression. */ old: PubLotShape; /** Current active lot used for present signing state. */ new: PubLotShape; /** Next future lot that becomes current on the next rotation/replay advance. */ nxt: PubLotShape; } /** * Concrete keeper situation record for one managed prefix. * * Responsibility: * - keep the old/current/next `PubLot` progression together as one typed * durable value so replay and rotation code can reason about slot ownership * without re-wrapping nested records manually */ export declare class PreSit extends RawRecord implements PreSitShape { old: PubLot; new: PubLot; nxt: PubLot; constructor(data?: Partial<{ old: PubLot | Partial; new: PubLot | Partial; nxt: PubLot | Partial; }>); } /** * Keeper root-parameter record for one prefix. * * KERIpy correspondence: * - mirrors `PrePrm` * * Stores the deterministic key-derivation parameters needed to rehydrate local * key material for a managed identifier prefix. */ export interface PrePrmShape { /** Prefix index for this managed key sequence within keeper-global policy. */ pidx: number; /** Creator algorithm used to derive or replay later key lots for this prefix. */ algo: string; /** Per-prefix derivation salt, plaintext or encrypted according to AEID policy. */ salt: string; /** Deterministic path stem used by salty creator families. */ stem: string; /** Stretch tier used when recreating deterministic signer material. */ tier: Tier | ""; } /** * Concrete keeper root-parameter record for one managed prefix. * * Responsibility: * - persist the deterministic derivation policy that lets `Manager` recreate * signer material for an identifier prefix across reopen cycles * * Maintainer warning: * - `salt` here is policy/state, not a transient constructor input; it may be * plaintext or encrypted depending on keeper AEID policy */ export declare class PrePrm extends RawRecord implements PrePrmShape { pidx: number; algo: string; salt: string; stem: string; tier: Tier | ""; constructor(data?: Partial); } /** Ordered public-key set stored for one `(prefix, ridx)` replay key. */ export interface PubSetShape { /** Ordered public keys for the addressed `(prefix, ridx)` replay slot. */ pubs: string[]; } /** * Concrete replay record for one `(prefix, ridx)` public-key set. * * Responsibility: * - store the exact ordered public keys associated with a replay lookup slot * without carrying the broader `PubLot` metadata used by current-state * progression records */ export declare class PubSet extends RawRecord implements PubSetShape { pubs: string[]; constructor(data?: Partial); } /** * Keystore databaser for root parameters, per-prefix state, and secret-material * storage seams. * * Responsibilities: * - own the LMDB environment for keeper data * - bind typed wrappers for keeper globals, prefix metadata, and key material * - provide the storage substrate consumed by `Manager` * * Current `keri-ts` differences: * - active stores now open through `Suber`/`Komer` wrappers instead of raw * named handles * - compatibility mode supports KERIpy `.keri/ks` layout visibility */ export declare class Keeper { private lmdber; private readonly logger; /** Keeper-global parameters shared across all managed prefixes. */ gbls: Suber; /** Public-key to private-key secret store. */ pris: CryptSignerSuber; /** Group signing member tuples for one multisig prefix. */ smids: CatCesrIoSetSuber; /** Group rotating member tuples for one multisig prefix. */ rmids: CatCesrIoSetSuber; /** First-public-key to identifier-prefix index. */ pres: CesrSuber; /** Root derivation parameters for one managed identifier prefix. */ prms: Komer; /** Old/current/next key situation for one managed identifier prefix. */ sits: Komer; /** Replayable public-key sets keyed by `(prefix, ridx)`. */ pubs: Komer; /** Encrypted next private keys used by group-signify keeper flows. */ prxs: CesrSuber; /** Encrypted next-key commitments used by group-signify keeper flows. */ nxts: CesrSuber; static readonly TailDirPath = "keri/ks"; static readonly AltTailDirPath = ".tufa/ks"; static readonly CompatAltTailDirPath = ".keri/ks"; static readonly TempPrefix = "keri_ks_"; static readonly MaxNamedDBs = 24; constructor(options?: KeeperOptions); /** Expose the resolved keeper database name delegated from the root LMDBer. */ get name(): string; /** Expose the resolved keeper base prefix delegated from the root LMDBer. */ get base(): string; /** Report whether the keeper LMDB environment and named subdb surface are open. */ get opened(): boolean; /** Report whether the keeper environment is opened in read-only mode. */ get readonly(): boolean; /** Report whether this keeper uses a temporary backing directory. */ get temp(): boolean; /** Expose the resolved filesystem path for the keeper environment, when open. */ get path(): string | null; /** * Reopen the keeper environment and bind the KERIpy-style named subdbs. * * Runtime-active stores today include globals, private/public key material, * prefix parameters/situations, and the group-member tuple stores. The rest * of the keeper surface remains parity-bound even where higher-level runtime * flows have not yet exercised it deeply. */ reopen(options?: Partial): Operation; /** Close the underlying keeper LMDB environment. */ close(clear?: boolean): Operation; /** * Read one keeper-global string value from `gbls.`. * * Manager-owned keys currently include `aeid`, `pidx`, `algo`, `salt`, and * `tier`. */ getGbls(key: string): string | null; /** Upsert one keeper-global string value in `gbls.` under the same manager-owned key contract. */ pinGbls(key: string, value: string): boolean; /** Insert the first public-key to prefix mapping in `pres.` if absent. */ putPres(pre: string, val: string): boolean; /** Upsert the first public-key to prefix mapping in `pres.`. */ pinPres(pre: string, val: string): boolean; /** Read the stored prefixer projection from `pres.` as qb64 text. */ getPres(pre: string): string | null; /** * Insert a signer seed in `pris.` keyed by its public key if absent. * * Gate D behavior: * - plaintext when no encrypter is provided * - sealed-box ciphertext when an encrypter is provided */ putPris(pub: string, secret: string, encrypter?: Encrypter): boolean; /** Upsert a signer seed in `pris.` under the same plaintext/cipher rules as `putPris()`. */ pinPris(pub: string, secret: string, encrypter?: Encrypter): boolean; /** * Read a signer seed from `pris.` as qb64 text. * * Caller contract: * - without a decrypter, this only succeeds for plaintext stores * - with a decrypter, encrypted Gate D stores are rehydrated transparently */ getPris(pub: string, decrypter?: Decrypter): string | null; /** Insert one prefix-parameter record in `prms.` if absent. */ putPrms(pre: string, val: PrePrmShape | PrePrm): boolean; /** Upsert one prefix-parameter record in `prms.`. */ pinPrms(pre: string, val: PrePrmShape | PrePrm): boolean; /** Read one prefix-parameter record from `prms.`. */ getPrms(pre: string): PrePrm | null; /** Insert one prefix-situation record in `sits.` if absent. */ putSits(pre: string, val: PreSitShape | PreSit): boolean; /** Upsert one prefix-situation record in `sits.`. */ pinSits(pre: string, val: PreSitShape | PreSit): boolean; /** Read one prefix-situation record from `sits.`. */ getSits(pre: string): PreSit | null; /** Insert one replayable public-key set in `pubs.` if absent. */ putPubs(key: string, val: PubSetShape | PubSet): boolean; /** Upsert one replayable public-key set in `pubs.`. */ pinPubs(key: string, val: PubSetShape | PubSet): boolean; /** Read one replayable public-key set from `pubs.`. */ getPubs(key: string): PubSet | null; /** * Insert group-signing member tuples in `smids.` if absent. * * Each tuple is the narrow KERIpy shape `[Prefixer, NumberPrimitive]`, not a * widened `Matter` family placeholder. */ putSmids(pre: string, vals: GroupMemberTuple[]): boolean; /** Upsert group-signing member tuples in `smids.`. */ pinSmids(pre: string, vals: GroupMemberTuple[]): boolean; /** Read group-signing member tuples from `smids.`. */ getSmids(pre: string): GroupMemberTuple[]; /** Insert group-rotating member tuples in `rmids.` if absent. */ putRmids(pre: string, vals: GroupMemberTuple[]): boolean; /** Upsert group-rotating member tuples in `rmids.`. */ pinRmids(pre: string, vals: GroupMemberTuple[]): boolean; /** Read group-rotating member tuples from `rmids.`. */ getRmids(pre: string): GroupMemberTuple[]; } /** Constructor-safe async factory for a fully reopened `Keeper`. */ export declare function createKeeper(options?: KeeperOptions): Operation; //# sourceMappingURL=keeping.d.ts.map