feat: add explicit audit trail capability selection

audit-trail-rs/Cargo.toml

@@ -32,6 +32,7 @@ tokio = { workspace = true }
 
 [target.'cfg(target_arch = "wasm32")'.dependencies]
 iota_interaction_ts.workspace = true
+js-sys = "0.3"
 product_common = { workspace = true, default-features = false, features = ["bindings"] }
 tokio = { version = "1.46.1", default-features = false, features = ["sync"] }
 

audit-trail-rs/src/core/access/mod.rs

@@ -22,16 +22,27 @@ pub use transactions::{
 pub struct TrailAccess<'a, C> {
     pub(crate) client: &'a C,
     pub(crate) trail_id: ObjectID,
+    pub(crate) selected_capability_id: Option<ObjectID>,
 }
 
 impl<'a, C> TrailAccess<'a, C> {
-    pub(crate) fn new(client: &'a C, trail_id: ObjectID) -> Self {
-        Self { client, trail_id }
+    pub(crate) fn new(client: &'a C, trail_id: ObjectID, selected_capability_id: Option<ObjectID>) -> Self {
+        Self {
+            client,
+            trail_id,
+            selected_capability_id,
+        }
+    }
+
+    /// Uses the provided capability as the auth capability for subsequent write operations.
+    pub fn using_capability(mut self, capability_id: ObjectID) -> Self {
+        self.selected_capability_id = Some(capability_id);
+        self
     }
 
     /// Returns a handle bound to a specific role name.
     pub fn for_role(&self, name: impl Into<String>) -> RoleHandle<'a, C> {
-        RoleHandle::new(self.client, self.trail_id, name.into())
+        RoleHandle::new(self.client, self.trail_id, name.into(), self.selected_capability_id)
     }
 
     /// Revokes an issued capability.
@@ -53,6 +64,7 @@ impl<'a, C> TrailAccess<'a, C> {
             owner,
             capability_id,
             capability_valid_until,
+            self.selected_capability_id,
         ))
     }
 
@@ -63,7 +75,12 @@ impl<'a, C> TrailAccess<'a, C> {
         S: Signer<IotaKeySignature> + OptionalSync,
     {
         let owner = self.client.sender_address();
-        TransactionBuilder::new(DestroyCapability::new(self.trail_id, owner, capability_id))
+        TransactionBuilder::new(DestroyCapability::new(
+            self.trail_id,
+            owner,
+            capability_id,
+            self.selected_capability_id,
+        ))
     }
 
     /// Destroys an initial admin capability (self-service, no auth cap required).
@@ -97,6 +114,7 @@ impl<'a, C> TrailAccess<'a, C> {
             owner,
             capability_id,
             capability_valid_until,
+            self.selected_capability_id,
         ))
     }
 
@@ -107,7 +125,11 @@ impl<'a, C> TrailAccess<'a, C> {
         S: Signer<IotaKeySignature> + OptionalSync,
     {
         let owner = self.client.sender_address();
-        TransactionBuilder::new(CleanupRevokedCapabilities::new(self.trail_id, owner))
+        TransactionBuilder::new(CleanupRevokedCapabilities::new(
+            self.trail_id,
+            owner,
+            self.selected_capability_id,
+        ))
     }
 }
 
@@ -116,11 +138,28 @@ pub struct RoleHandle<'a, C> {
     pub(crate) client: &'a C,
     pub(crate) trail_id: ObjectID,
     pub(crate) name: String,
+    pub(crate) selected_capability_id: Option<ObjectID>,
 }
 
 impl<'a, C> RoleHandle<'a, C> {
-    pub(crate) fn new(client: &'a C, trail_id: ObjectID, name: String) -> Self {
-        Self { client, trail_id, name }
+    pub(crate) fn new(
+        client: &'a C,
+        trail_id: ObjectID,
+        name: String,
+        selected_capability_id: Option<ObjectID>,
+    ) -> Self {
+        Self {
+            client,
+            trail_id,
+            name,
+            selected_capability_id,
+        }
+    }
+
+    /// Uses the provided capability as the auth capability for subsequent write operations.
+    pub fn using_capability(mut self, capability_id: ObjectID) -> Self {
+        self.selected_capability_id = Some(capability_id);
+        self
     }
 
     pub fn name(&self) -> &str {
@@ -140,6 +179,7 @@ impl<'a, C> RoleHandle<'a, C> {
             self.name.clone(),
             permissions,
             role_tags,
+            self.selected_capability_id,
         ))
     }
 
@@ -150,7 +190,13 @@ impl<'a, C> RoleHandle<'a, C> {
         S: Signer<IotaKeySignature> + OptionalSync,
     {
         let owner = self.client.sender_address();
-        TransactionBuilder::new(IssueCapability::new(self.trail_id, owner, self.name.clone(), options))
+        TransactionBuilder::new(IssueCapability::new(
+            self.trail_id,
+            owner,
+            self.name.clone(),
+            options,
+            self.selected_capability_id,
+        ))
     }
 
     /// Updates permissions and role-tag access rules for this role.
@@ -170,6 +216,7 @@ impl<'a, C> RoleHandle<'a, C> {
             self.name.clone(),
             permissions,
             role_tags,
+            self.selected_capability_id,
         ))
     }
 
@@ -180,6 +227,11 @@ impl<'a, C> RoleHandle<'a, C> {
         S: Signer<IotaKeySignature> + OptionalSync,
     {
         let owner = self.client.sender_address();
-        TransactionBuilder::new(DeleteRole::new(self.trail_id, owner, self.name.clone()))
+        TransactionBuilder::new(DeleteRole::new(
+            self.trail_id,
+            owner,
+            self.name.clone(),
+            self.selected_capability_id,
+        ))
     }
 }

audit-trail-rs/src/core/access/operations.rs

@@ -20,6 +20,7 @@ impl AccessOps {
         name: String,
         permissions: PermissionSet,
         role_tags: Option<RoleTags>,
+        selected_capability_id: Option<ObjectID>,
     ) -> Result<ProgrammableTransaction, Error>
     where
         C: CoreClientReadOnly + OptionalSync,
@@ -31,6 +32,7 @@ impl AccessOps {
             trail_id,
             owner,
             Permission::AddRoles,
+            selected_capability_id,
             "create_role",
             |ptb, _| {
                 let role = tx::ptb_pure(ptb, "role", name)?;
@@ -67,6 +69,7 @@ impl AccessOps {
         name: String,
         permissions: PermissionSet,
         role_tags: Option<RoleTags>,
+        selected_capability_id: Option<ObjectID>,
     ) -> Result<ProgrammableTransaction, Error>
     where
         C: CoreClientReadOnly + OptionalSync,
@@ -78,6 +81,7 @@ impl AccessOps {
             trail_id,
             owner,
             Permission::UpdateRoles,
+            selected_capability_id,
             "update_role_permissions",
             |ptb, _| {
                 let role = tx::ptb_pure(ptb, "role", name)?;
@@ -113,6 +117,7 @@ impl AccessOps {
         trail_id: ObjectID,
         owner: IotaAddress,
         name: String,
+        selected_capability_id: Option<ObjectID>,
     ) -> Result<ProgrammableTransaction, Error>
     where
         C: CoreClientReadOnly + OptionalSync,
@@ -122,6 +127,7 @@ impl AccessOps {
             trail_id,
             owner,
             Permission::DeleteRoles,
+            selected_capability_id,
             "delete_role",
             |ptb, _| {
                 let role = tx::ptb_pure(ptb, "role", name)?;
@@ -139,6 +145,7 @@ impl AccessOps {
         owner: IotaAddress,
         role_name: String,
         options: CapabilityIssueOptions,
+        selected_capability_id: Option<ObjectID>,
     ) -> Result<ProgrammableTransaction, Error>
     where
         C: CoreClientReadOnly + OptionalSync,
@@ -148,6 +155,7 @@ impl AccessOps {
             trail_id,
             owner,
             Permission::AddCapabilities,
+            selected_capability_id,
             "new_capability",
             |ptb, _| {
                 let role = tx::ptb_pure(ptb, "role", role_name)?;
@@ -168,6 +176,7 @@ impl AccessOps {
         owner: IotaAddress,
         capability_id: ObjectID,
         capability_valid_until: Option<u64>,
+        selected_capability_id: Option<ObjectID>,
     ) -> Result<ProgrammableTransaction, Error>
     where
         C: CoreClientReadOnly + OptionalSync,
@@ -177,6 +186,7 @@ impl AccessOps {
             trail_id,
             owner,
             Permission::RevokeCapabilities,
+            selected_capability_id,
             "revoke_capability",
             |ptb, _| {
                 let cap = tx::ptb_pure(ptb, "capability_id", capability_id)?;
@@ -194,6 +204,7 @@ impl AccessOps {
         trail_id: ObjectID,
         owner: IotaAddress,
         capability_id: ObjectID,
+        selected_capability_id: Option<ObjectID>,
     ) -> Result<ProgrammableTransaction, Error>
     where
         C: CoreClientReadOnly + OptionalSync,
@@ -205,6 +216,7 @@ impl AccessOps {
             trail_id,
             owner,
             Permission::RevokeCapabilities,
+            selected_capability_id,
             "destroy_capability",
             |ptb, _| {
                 let cap_to_destroy = ptb
@@ -243,6 +255,7 @@ impl AccessOps {
         owner: IotaAddress,
         capability_id: ObjectID,
         capability_valid_until: Option<u64>,
+        selected_capability_id: Option<ObjectID>,
     ) -> Result<ProgrammableTransaction, Error>
     where
         C: CoreClientReadOnly + OptionalSync,
@@ -252,6 +265,7 @@ impl AccessOps {
             trail_id,
             owner,
             Permission::RevokeCapabilities,
+            selected_capability_id,
             "revoke_initial_admin_capability",
             |ptb, _| {
                 let cap = tx::ptb_pure(ptb, "capability_id", capability_id)?;
@@ -268,6 +282,7 @@ impl AccessOps {
         client: &C,
         trail_id: ObjectID,
         owner: IotaAddress,
+        selected_capability_id: Option<ObjectID>,
     ) -> Result<ProgrammableTransaction, Error>
     where
         C: CoreClientReadOnly + OptionalSync,
@@ -277,6 +292,7 @@ impl AccessOps {
             trail_id,
             owner,
             Permission::RevokeCapabilities,
+            selected_capability_id,
             "cleanup_revoked_capabilities",
             |ptb, _| {
                 let clock = tx::get_clock_ref(ptb);