@flowsta/auth-tauri
Desktop identity SDK for Tauri v2 applications using Flowsta Vault.
@flowsta/auth-tauri communicates with the Flowsta Vault Rust backend through Tauri's IPC invoke system. All cryptographic operations happen in the Rust backend - this SDK provides the TypeScript interface.
Installation
npm install @flowsta/auth-tauriVersion: 0.1.0
Peer dependency: @tauri-apps/api >= 2.0.0
Quick Start
import { FlowstaVaultAuth } from '@flowsta/auth-tauri';
const vault = new FlowstaVaultAuth();
// Check vault status
const status = await vault.getStatus();
if (!status.initialized) {
// First time - set up vault with recovery phrase and password
const result = await vault.setup(mnemonic, password);
console.log('Vault created, DID:', result.did);
} else if (!status.unlocked) {
// Vault exists but locked
const result = await vault.unlock(password);
console.log('Unlocked, agent:', result.agentPubKey);
}
// Get full identity info
const identity = await vault.getIdentity();
console.log('DID:', identity.did);
console.log('Agent key:', identity.agentPubKey);Configuration
const vault = new FlowstaVaultAuth({
apiUrl: 'https://auth-api.flowsta.com', // Optional, this is the default
});The constructor accepts an optional apiUrl for the Flowsta API, used for web account linking.
Methods
getStatus()
Check the current vault status.
const status = await vault.getStatus();
// {
// initialized: boolean, // Whether a vault file exists on disk
// unlocked: boolean, // Whether the vault is decrypted in memory
// version: string, // Flowsta Vault version
// agentPubKey?: string, // Agent public key (if unlocked)
// did?: string, // DID (if unlocked)
// }setup(mnemonic, password)
Set up a new vault from a BIP39 recovery phrase and master password. The mnemonic is used to derive keys and is never stored.
const result = await vault.setup('abandon abandon abandon ...', 'my-password');
// { agentPubKey: 'uhCAk...', did: 'did:flowsta:uhCAk...' }unlock(password)
Unlock an existing vault with the master password.
const result = await vault.unlock('my-password');
// { agentPubKey: 'uhCAk...', did: 'did:flowsta:uhCAk...' }lock()
Lock the vault (clears decrypted data from memory).
await vault.lock();getIdentity()
Get full identity info. Requires an unlocked vault.
const identity = await vault.getIdentity();
// {
// agentPubKey: string, // uhCAk... format
// did: string, // did:flowsta:uhCAk...
// installedAppIds: string[], // Installed hApp IDs on local conductor
// createdAt: number, // Unix timestamp
// }validateRecoveryPhrase(mnemonic)
Validate a BIP39 recovery phrase without storing it.
const isValid = await vault.validateRecoveryPhrase('abandon abandon ...');linkWebAccount()
Link this desktop identity with the user's web account. Uses the stored recovery lookup hash to find the web agent, signs the agent pair payload locally, and submits to the DHT via the API.
const result = await vault.linkWebAccount();
// {
// success: boolean,
// webAgentKey?: string, // The web agent's public key (if linked)
// message: string, // Descriptive message
// }getLinkedAgents(jwt)
Get agents linked to this desktop identity. Requires a JWT from web authentication.
const agents = await vault.getLinkedAgents(accessToken);
// string[] - Array of linked agent public keysNext Steps
- Tauri App Authentication - Full integration guide
- Vault Overview - How Flowsta Vault works
- IPC Endpoints - Raw IPC API