@abloatai/ablo 0.3.0

package/dist/core/query-utils.js

@@ -0,0 +1,60 @@
+/**
+ * query-utils — Pure query helpers shared between QueryView (MobX) and
+ * AgentQueryView (headless). One source of truth for sort, filter, and
+ * binary insertion logic.
+ *
+ * No MobX, no ObjectPool, no Model — just arrays and values.
+ */
+/** Compare two values for sorting, null-safe. Returns -1 | 0 | 1. */
+export function compareValues(a, b, dir) {
+    if (a === b)
+        return 0;
+    if (a == null)
+        return 1;
+    if (b == null)
+        return -1;
+    return (a < b ? -1 : 1) * dir;
+}
+/**
+ * Binary search for the correct insertion index in a sorted array.
+ * Returns the index at which `item` should be inserted.
+ */
+export function binaryInsertionIndex(arr, item, sortKey, dir) {
+    let lo = 0;
+    let hi = arr.length;
+    const itemVal = item[sortKey];
+    while (lo < hi) {
+        const mid = (lo + hi) >>> 1;
+        const midVal = arr[mid][sortKey];
+        if (compareValues(midVal, itemVal, dir) <= 0) {
+            lo = mid + 1;
+        }
+        else {
+            hi = mid;
+        }
+    }
+    return lo;
+}
+/**
+ * Check whether an entity matches a declarative `where` clause.
+ * Every key in `where` must exactly match the entity's value.
+ */
+export function matchesWhere(entity, where) {
+    for (const [key, value] of Object.entries(where)) {
+        if (value === undefined)
+            continue;
+        if (entity[key] !== value)
+            return false;
+    }
+    return true;
+}
+/**
+ * Find the index of an entity by id in an array. Returns -1 if not found.
+ */
+export function findIndexById(arr, id) {
+    for (let i = 0; i < arr.length; i++) {
+        if (arr[i]['id'] === id)
+            return i;
+    }
+    return -1;
+}

package/dist/errors.d.ts

@@ -0,0 +1,235 @@
+/**
+ * Typed error hierarchy for `@ablo/sync-engine`.
+ *
+ * Inlined directly so the publishable dist is self-contained. The public
+ * package should never reference an unpublished internal package from emitted
+ * JS; strict bundlers surface that immediately.
+ *
+ * ### Two patterns for consumers
+ *
+ * ```ts
+ * // Stripe-style instanceof
+ * if (err instanceof AbloRateLimitError) backoff(err.retryAfterSeconds);
+ *
+ * // Discriminator-string (for cross-boundary cases where the class
+ * // identity gets lost, e.g. across a web worker postMessage)
+ * if (err.type === 'AbloRateLimitError') { ... }
+ * ```
+ *
+ * Both work on every subclass.
+ */
+/** Common shape for all errors thrown by this SDK. */
+export declare class AbloError extends Error {
+    /** Discriminator string — matches the class name. Lets consumers
+     *  switch on `e.type` without `instanceof` checks across package
+     *  boundaries (matches Stripe's `err.type` pattern). */
+    readonly type: string;
+    /** Stable short identifier for logs + metrics.
+     *  E.g. `'apikey_invalid'`, `'capability_scope_denied'`. */
+    readonly code?: string;
+    /** HTTP status code when the error originated from an HTTP response. */
+    readonly httpStatus?: number;
+    /** Correlation id for ops — present when the server sent one on
+     *  `x-request-id`. Include in support tickets. */
+    readonly requestId?: string;
+    constructor(message: string, options?: {
+        code?: string;
+        httpStatus?: number;
+        requestId?: string;
+        cause?: unknown;
+    });
+}
+/** 401 — invalid/missing/expired credentials. */
+export declare class AbloAuthenticationError extends AbloError {
+    readonly type: "AbloAuthenticationError";
+}
+/** 403 — credentials were valid but the action is forbidden (scope
+ *  denial, revoked capability, role not authorized). */
+export declare class AbloPermissionError extends AbloError {
+    readonly type: "AbloPermissionError";
+}
+/** 429 — rate limit exceeded. Consumers should back off before retry. */
+export declare class AbloRateLimitError extends AbloError {
+    readonly type: "AbloRateLimitError";
+    readonly retryAfterSeconds?: number;
+    constructor(message: string, options?: {
+        code?: string;
+        httpStatus?: number;
+        requestId?: string;
+        cause?: unknown;
+        retryAfterSeconds?: number;
+    });
+}
+/** 409 — same `Idempotency-Key` reused with a different request body. */
+export declare class AbloIdempotencyError extends AbloError {
+    readonly type: "AbloIdempotencyError";
+}
+/** Network / transport failure — TCP reset, DNS, timeout, abort. */
+export declare class AbloConnectionError extends AbloError {
+    readonly type: "AbloConnectionError";
+}
+/** 400 / 422 — request payload was invalid. */
+export declare class AbloValidationError extends AbloError {
+    readonly type: "AbloValidationError";
+}
+/** 5xx — server-side error. Usually retryable with backoff. */
+export declare class AbloServerError extends AbloError {
+    readonly type: "AbloServerError";
+}
+/**
+ * 409 — a write carried `readAt: N` but the target entity has received
+ * deltas since `N`. The caller's reasoning snapshot is stale; the safe
+ * response is to re-read (or re-capture a watermark) and regenerate.
+ *
+ * Carries `conflicts` so callers can inspect which specific (model, id)
+ * pairs moved during the generation window — useful for metrics
+ * ("72% of stale rejects were on slide titles") and for selective
+ * regeneration (only re-think the slides that changed, not the whole
+ * deck).
+ */
+export declare class AbloStaleContextError extends AbloError {
+    readonly type: "AbloStaleContextError";
+    /** Sync id at the caller's `readAt` when the write was attempted. */
+    readonly readAt?: number;
+    /** Entities that received deltas between `readAt` and the write. */
+    readonly conflicts?: ReadonlyArray<{
+        readonly model: string;
+        readonly id: string;
+        readonly observedSyncId: number;
+    }>;
+    constructor(message: string, options?: {
+        code?: string;
+        httpStatus?: number;
+        requestId?: string;
+        cause?: unknown;
+        readAt?: number;
+        conflicts?: ReadonlyArray<{
+            readonly model: string;
+            readonly id: string;
+            readonly observedSyncId: number;
+        }>;
+    });
+}
+/**
+ * The target entity currently has an active intent held by another
+ * participant and the caller asked the SDK not to return immediately.
+ *
+ * Use `ifBusy: 'wait'` to wait for the intent stream to clear, or
+ * `ifBusy: 'return'` to inspect the active intents yourself.
+ */
+export declare class AbloBusyError extends AbloError {
+    readonly type: "AbloBusyError";
+    readonly intents?: ReadonlyArray<unknown>;
+    constructor(message: string, options?: {
+        code?: string;
+        httpStatus?: number;
+        requestId?: string;
+        cause?: unknown;
+        intents?: ReadonlyArray<unknown>;
+    });
+}
+/**
+ * Structured description of the capability an agent would need to
+ * satisfy a denied request. Mirrors the x402 `paymentRequirements`
+ * shape: the server emits enough information for the client to
+ * attenuate (or request) a capability that would pass on retry.
+ */
+export interface RequiredCapability {
+    /** Operation or capability scope identifier (e.g. `"slide.update"`,
+     *  `"subscribe"`). */
+    readonly scope: string;
+    /** Concrete constraints the capability must satisfy. Keys map to
+     *  Datalog fact families — e.g. `{ syncGroup: ["org_abc"] }` for a
+     *  rejected subscription. Forward-compatible: ignore unknown keys. */
+    readonly constraints?: Readonly<Record<string, readonly string[] | string>>;
+    /** Issuer hint — public-key fingerprint or well-known URL fragment. */
+    readonly issuer?: string;
+    /** Server-suggested maximum TTL for the attenuated capability. */
+    readonly ttlSeconds?: number;
+    /** Single-use nonce to embed in the retry's capability facts; binds
+     *  retry → denial and prevents replay of a stale attenuation. */
+    readonly nonce?: string;
+}
+/**
+ * Canonical receipt returned by every successful or rejected commit,
+ * regardless of transport (WebSocket `mutation_result` payload, HTTP
+ * `/v1/commits` response body, or `AgentJob.result.receipt`). One
+ * shape across all three surfaces.
+ *
+ * Linear-style correlation receipt — no cryptographic signature
+ * (single-tenant trust boundary). A Hub signature is a forward-
+ * compatible extension when cross-org agent crossings arrive.
+ */
+export interface CommitReceipt {
+    readonly object: 'commit_receipt';
+    /** Client-issued idempotency handle. Echoed verbatim. */
+    readonly clientTxId: string;
+    /** Server-issued opaque commit id — typically `String(lastSyncId)`. */
+    readonly serverTxId: string;
+    /** Convenience boolean. `status === 'confirmed'`. */
+    readonly success: boolean;
+    /** `'confirmed'` on apply, `'rejected'` on any failure. */
+    readonly status: 'confirmed' | 'rejected';
+    /** Last syncId visible after this commit (or high-water mark on
+     *  rejection). */
+    readonly lastSyncId?: number;
+    /** Number of operations metered. Reported on both success and
+     *  rejection so quota systems see attempted work. */
+    readonly ops?: number;
+    /** Populated on rejection. `requiredCapability` (when present)
+     *  carries the x402-style structured retry hint. */
+    readonly error?: {
+        readonly code: string;
+        readonly message: string;
+        readonly field?: string;
+        readonly requiredCapability?: RequiredCapability;
+    };
+}
+/**
+ * Biscuit capability token failed verification — either it's
+ * malformed / unknown / revoked (`capability_invalid`), or its
+ * caveats deny the attempted action (`capability_scope_denied`).
+ *
+ * Extends `AbloPermissionError` so existing `instanceof CapabilityError`
+ * checks keep working AND broader `instanceof AbloPermissionError`
+ * matches for consumers who don't care about the Biscuit specifics.
+ *
+ * `requiredCapability` (when present) describes what an attenuated
+ * capability must satisfy for the request to succeed on retry.
+ */
+export declare class CapabilityError extends AbloPermissionError {
+    readonly requiredCapability?: RequiredCapability;
+    constructor(code: 'capability_scope_denied' | 'capability_invalid', message: string, requiredCapability?: RequiredCapability);
+}
+/**
+ * SyncSessionError — Thrown when authentication/session is invalid or expired.
+ * Signals that the user should be redirected to sign in
+ * rather than showing a generic retry option.
+ *
+ * Extends `AbloAuthenticationError` so existing
+ * `SyncSessionError.isSessionError(...)` duck-type callers keep
+ * working, AND downstream code that only catches the typed hierarchy
+ * (`instanceof AbloAuthenticationError` / `e.type === 'AbloAuthenticationError'`)
+ * now sees session failures too.
+ */
+export declare class SyncSessionError extends AbloAuthenticationError {
+    readonly isSessionError = true;
+    readonly statusCode: number;
+    constructor(message: string, statusCode?: number);
+    /**
+     * Check if an error is a session error (duck-type check)
+     */
+    static isSessionError(error: unknown): error is SyncSessionError;
+    /**
+     * Check if an HTTP response status indicates a session error
+     */
+    static isSessionErrorResponse(status: number, body?: string): boolean;
+}
+/**
+ * Translate an HTTP response into the appropriate typed error.
+ *
+ * Single source of truth for status-code → class mapping — every SDK
+ * fetch path that sees a non-2xx response should route through here
+ * so the customer-visible error is always the right subclass.
+ */
+export declare function translateHttpError(status: number, body: unknown, requestId?: string): AbloError;

package/dist/errors.js

@@ -0,0 +1,243 @@
+/**
+ * Typed error hierarchy for `@ablo/sync-engine`.
+ *
+ * Inlined directly so the publishable dist is self-contained. The public
+ * package should never reference an unpublished internal package from emitted
+ * JS; strict bundlers surface that immediately.
+ *
+ * ### Two patterns for consumers
+ *
+ * ```ts
+ * // Stripe-style instanceof
+ * if (err instanceof AbloRateLimitError) backoff(err.retryAfterSeconds);
+ *
+ * // Discriminator-string (for cross-boundary cases where the class
+ * // identity gets lost, e.g. across a web worker postMessage)
+ * if (err.type === 'AbloRateLimitError') { ... }
+ * ```
+ *
+ * Both work on every subclass.
+ */
+// ── AbloError hierarchy — the typed error surface ────────────────────
+/** Common shape for all errors thrown by this SDK. */
+export class AbloError extends Error {
+    /** Discriminator string — matches the class name. Lets consumers
+     *  switch on `e.type` without `instanceof` checks across package
+     *  boundaries (matches Stripe's `err.type` pattern). */
+    type = 'AbloError';
+    /** Stable short identifier for logs + metrics.
+     *  E.g. `'apikey_invalid'`, `'capability_scope_denied'`. */
+    code;
+    /** HTTP status code when the error originated from an HTTP response. */
+    httpStatus;
+    /** Correlation id for ops — present when the server sent one on
+     *  `x-request-id`. Include in support tickets. */
+    requestId;
+    constructor(message, options) {
+        super(message);
+        this.name = this.constructor.name;
+        if (options?.code !== undefined)
+            this.code = options.code;
+        if (options?.httpStatus !== undefined)
+            this.httpStatus = options.httpStatus;
+        if (options?.requestId !== undefined)
+            this.requestId = options.requestId;
+        if (options?.cause !== undefined) {
+            Object.defineProperty(this, 'cause', { value: options.cause, enumerable: false });
+        }
+    }
+}
+/** 401 — invalid/missing/expired credentials. */
+export class AbloAuthenticationError extends AbloError {
+    type = 'AbloAuthenticationError';
+}
+/** 403 — credentials were valid but the action is forbidden (scope
+ *  denial, revoked capability, role not authorized). */
+export class AbloPermissionError extends AbloError {
+    type = 'AbloPermissionError';
+}
+/** 429 — rate limit exceeded. Consumers should back off before retry. */
+export class AbloRateLimitError extends AbloError {
+    type = 'AbloRateLimitError';
+    retryAfterSeconds;
+    constructor(message, options) {
+        super(message, options);
+        if (options?.retryAfterSeconds !== undefined) {
+            this.retryAfterSeconds = options.retryAfterSeconds;
+        }
+    }
+}
+/** 409 — same `Idempotency-Key` reused with a different request body. */
+export class AbloIdempotencyError extends AbloError {
+    type = 'AbloIdempotencyError';
+}
+/** Network / transport failure — TCP reset, DNS, timeout, abort. */
+export class AbloConnectionError extends AbloError {
+    type = 'AbloConnectionError';
+}
+/** 400 / 422 — request payload was invalid. */
+export class AbloValidationError extends AbloError {
+    type = 'AbloValidationError';
+}
+/** 5xx — server-side error. Usually retryable with backoff. */
+export class AbloServerError extends AbloError {
+    type = 'AbloServerError';
+}
+/**
+ * 409 — a write carried `readAt: N` but the target entity has received
+ * deltas since `N`. The caller's reasoning snapshot is stale; the safe
+ * response is to re-read (or re-capture a watermark) and regenerate.
+ *
+ * Carries `conflicts` so callers can inspect which specific (model, id)
+ * pairs moved during the generation window — useful for metrics
+ * ("72% of stale rejects were on slide titles") and for selective
+ * regeneration (only re-think the slides that changed, not the whole
+ * deck).
+ */
+export class AbloStaleContextError extends AbloError {
+    type = 'AbloStaleContextError';
+    /** Sync id at the caller's `readAt` when the write was attempted. */
+    readAt;
+    /** Entities that received deltas between `readAt` and the write. */
+    conflicts;
+    constructor(message, options) {
+        super(message, options);
+        if (options?.readAt !== undefined)
+            this.readAt = options.readAt;
+        if (options?.conflicts !== undefined)
+            this.conflicts = options.conflicts;
+    }
+}
+/**
+ * The target entity currently has an active intent held by another
+ * participant and the caller asked the SDK not to return immediately.
+ *
+ * Use `ifBusy: 'wait'` to wait for the intent stream to clear, or
+ * `ifBusy: 'return'` to inspect the active intents yourself.
+ */
+export class AbloBusyError extends AbloError {
+    type = 'AbloBusyError';
+    intents;
+    constructor(message, options) {
+        super(message, options);
+        if (options?.intents !== undefined)
+            this.intents = options.intents;
+    }
+}
+/**
+ * Biscuit capability token failed verification — either it's
+ * malformed / unknown / revoked (`capability_invalid`), or its
+ * caveats deny the attempted action (`capability_scope_denied`).
+ *
+ * Extends `AbloPermissionError` so existing `instanceof CapabilityError`
+ * checks keep working AND broader `instanceof AbloPermissionError`
+ * matches for consumers who don't care about the Biscuit specifics.
+ *
+ * `requiredCapability` (when present) describes what an attenuated
+ * capability must satisfy for the request to succeed on retry.
+ */
+export class CapabilityError extends AbloPermissionError {
+    requiredCapability;
+    constructor(code, message, requiredCapability) {
+        super(`${code}: ${message}`, { code });
+        this.name = 'CapabilityError';
+        if (requiredCapability !== undefined) {
+            this.requiredCapability = requiredCapability;
+        }
+    }
+}
+// ── Legacy session error (now part of the typed hierarchy) ───────────
+/**
+ * SyncSessionError — Thrown when authentication/session is invalid or expired.
+ * Signals that the user should be redirected to sign in
+ * rather than showing a generic retry option.
+ *
+ * Extends `AbloAuthenticationError` so existing
+ * `SyncSessionError.isSessionError(...)` duck-type callers keep
+ * working, AND downstream code that only catches the typed hierarchy
+ * (`instanceof AbloAuthenticationError` / `e.type === 'AbloAuthenticationError'`)
+ * now sees session failures too.
+ */
+export class SyncSessionError extends AbloAuthenticationError {
+    isSessionError = true;
+    statusCode;
+    constructor(message, statusCode = 401) {
+        super(message, { httpStatus: statusCode, code: 'session_expired' });
+        this.name = 'SyncSessionError';
+        this.statusCode = statusCode;
+        if (Error.captureStackTrace) {
+            Error.captureStackTrace(this, SyncSessionError);
+        }
+    }
+    /**
+     * Check if an error is a session error (duck-type check)
+     */
+    static isSessionError(error) {
+        if (error instanceof SyncSessionError) {
+            return true;
+        }
+        if (error && typeof error === 'object' && 'isSessionError' in error) {
+            return error.isSessionError === true;
+        }
+        return false;
+    }
+    /**
+     * Check if an HTTP response status indicates a session error
+     */
+    static isSessionErrorResponse(status, body) {
+        if (status === 401)
+            return true;
+        if (status === 403) {
+            if (body) {
+                const lowerBody = body.toLowerCase();
+                if (lowerBody.includes('session') ||
+                    lowerBody.includes('unauthorized') ||
+                    lowerBody.includes('not authenticated') ||
+                    lowerBody.includes('token')) {
+                    return true;
+                }
+            }
+            return true;
+        }
+        return false;
+    }
+}
+/**
+ * Translate an HTTP response into the appropriate typed error.
+ *
+ * Single source of truth for status-code → class mapping — every SDK
+ * fetch path that sees a non-2xx response should route through here
+ * so the customer-visible error is always the right subclass.
+ */
+export function translateHttpError(status, body, requestId) {
+    const parsed = typeof body === 'object' && body !== null ? body : {};
+    const nested = parsed.error != null && typeof parsed.error === 'object'
+        ? parsed.error
+        : undefined;
+    const flatError = typeof parsed.error === 'string' ? parsed.error : undefined;
+    const code = parsed.code ?? nested?.code ?? flatError;
+    const message = nested?.message ??
+        parsed.reason ??
+        parsed.message ??
+        flatError ??
+        (typeof body === 'string' ? body : `HTTP ${status}`);
+    const requiredCapability = nested?.requiredCapability ?? parsed.requiredCapability;
+    const baseOpts = { code, httpStatus: status, requestId };
+    if (status === 401)
+        return new AbloAuthenticationError(message, baseOpts);
+    if (status === 403 || code === 'capability_scope_denied' || code === 'capability_invalid') {
+        if (code === 'capability_scope_denied' || code === 'capability_invalid') {
+            return new CapabilityError(code, message, requiredCapability);
+        }
+        return new AbloPermissionError(message, baseOpts);
+    }
+    if (status === 409)
+        return new AbloIdempotencyError(message, baseOpts);
+    if (status === 422 || status === 400)
+        return new AbloValidationError(message, baseOpts);
+    if (status === 429)
+        return new AbloRateLimitError(message, baseOpts);
+    if (status >= 500)
+        return new AbloServerError(message, baseOpts);
+    return new AbloError(message, baseOpts);
+}

package/dist/index.d.ts

@@ -0,0 +1,41 @@
+/**
+ * @ablo/sync-engine — The Collaboration Layer for AI and Humans
+ *
+ * ```ts
+ * import Ablo from '@ablo/sync-engine';
+ *
+ * const ablo = Ablo({ schema, apiKey: process.env.ABLO_API_KEY });
+ * await ablo.tasks.load({ where: { id: 'task_123' } });
+ * await ablo.tasks.update('task_123', { title: 'Fix bug' });
+ *
+ * type Entry = Ablo.Peer;
+ * ```
+ *
+ * `Ablo({ schema, apiKey })` gives typed model resources. `Ablo({ apiKey })`
+ * gives the lower-level Resource / Intent / Commit client for agents,
+ * MCP routes, and custom runtimes.
+ *
+ * Stripe / Anthropic / OpenAI all do this: one import, resources
+ * reached via dot-access on the engine, types via namespace dots.
+ *
+ * Public subpaths:
+ *   @ablo/sync-engine/schema   — defineSchema, model, z (Zod)
+ *   @ablo/sync-engine/react    — <AbloProvider>, useQuery, useMutate
+ *   @ablo/sync-engine/testing  — test harnesses + mocks
+ *
+ * Consumer code should converge on `ablo.<model>.load(...)`, which routes
+ * through the engine's `HydrationCoordinator` and dedupes single-flight
+ * hydrations.
+ */
+export { Ablo } from './client/Ablo.js';
+export type { AbloOptions, ModelCountOptions, ModelListOptions, ModelListScope, ModelLoadOptions, ModelEditHandle, ModelEditOptions, ModelOperations, } from './client/Ablo.js';
+export type { AbloPersistence } from './client/persistence.js';
+export { session, agent } from './principal.js';
+import { Ablo } from './client/Ablo.js';
+export default Ablo;
+export { dataSource, abloSource, signAbloSourceRequest, verifyAbloSourceRequest, } from './source/index.js';
+export { defaultPolicy } from './policy/index.js';
+export { SyncSessionError, AbloError, AbloAuthenticationError, AbloPermissionError, AbloRateLimitError, AbloIdempotencyError, AbloConnectionError, AbloValidationError, AbloServerError, AbloStaleContextError, AbloBusyError, CapabilityError, translateHttpError, } from './errors.js';
+export type { CommitReceipt, RequiredCapability } from './errors.js';
+export { defineMutators } from './mutators/defineMutators.js';
+export { createTransaction, type Transaction } from './mutators/Transaction.js';

package/dist/index.js

@@ -0,0 +1,82 @@
+/**
+ * @ablo/sync-engine — The Collaboration Layer for AI and Humans
+ *
+ * ```ts
+ * import Ablo from '@ablo/sync-engine';
+ *
+ * const ablo = Ablo({ schema, apiKey: process.env.ABLO_API_KEY });
+ * await ablo.tasks.load({ where: { id: 'task_123' } });
+ * await ablo.tasks.update('task_123', { title: 'Fix bug' });
+ *
+ * type Entry = Ablo.Peer;
+ * ```
+ *
+ * `Ablo({ schema, apiKey })` gives typed model resources. `Ablo({ apiKey })`
+ * gives the lower-level Resource / Intent / Commit client for agents,
+ * MCP routes, and custom runtimes.
+ *
+ * Stripe / Anthropic / OpenAI all do this: one import, resources
+ * reached via dot-access on the engine, types via namespace dots.
+ *
+ * Public subpaths:
+ *   @ablo/sync-engine/schema   — defineSchema, model, z (Zod)
+ *   @ablo/sync-engine/react    — <AbloProvider>, useQuery, useMutate
+ *   @ablo/sync-engine/testing  — test harnesses + mocks
+ *
+ * Consumer code should converge on `ablo.<model>.load(...)`, which routes
+ * through the engine's `HydrationCoordinator` and dedupes single-flight
+ * hydrations.
+ */
+// ── Consumer API ──────────────────────────────────────────────────────────
+// These are the only symbols external consumers should need from this path.
+// Everything else is in a subpath.
+// The canonical surface — `Ablo` is a function, type, and namespace under
+// one name. Matches `Stripe`, `OpenAI`, `Anthropic`. Default export so
+// `import Ablo from '@ablo/sync-engine'` works; named export so
+// `import { Ablo }` also compiles.
+export { Ablo } from './client/Ablo.js';
+// Participant types live under `Ablo.Participant.*` —
+// `Ablo.Participant.Joined`, `Ablo.Participant.Manager`,
+// `Ablo.Participant.JoinOptions`, etc. Same dot-access shape as
+// `Ablo.Peer`, `Ablo.Claim`, `Ablo.Turn`. No flat re-exports.
+// Principal constructors — explicit factories for delegation paths
+// (`Ablo({ kind: 'agent', as: session({...}) })`). Function exports
+// because they're constructors, not types.
+export { session, agent } from './principal.js';
+import { Ablo } from './client/Ablo.js';
+export default Ablo;
+// Customer-owned storage adapter. Used only when Ablo Cloud coordinates
+// state while canonical rows remain in the customer's database. Runtime
+// helpers ship flat; type counterparts live under `Ablo.Source.*`
+// (`Ablo.Source.Operation`, `Ablo.Source.Commit.Params`, etc.).
+export { dataSource, abloSource, signAbloSourceRequest, verifyAbloSourceRequest, } from './source/index.js';
+// Schema DSL is intentionally published from `@ablo/sync-engine/schema`.
+// Keeping it out of the root import preserves one clean runtime surface:
+// `import Ablo from '@ablo/sync-engine'`.
+// Conflict policy — `defaultPolicy` (the rejecting default) is a value
+// callers reference if they want to compose. The type counterparts
+// (`Conflict`, `ConflictPolicy`, etc.) live under `Ablo.Conflict`,
+// `Ablo.Conflict.Policy` on the namespace.
+export { defaultPolicy } from './policy/index.js';
+// Typed error hierarchy — Stripe-style. One import gets every class
+// consumers need to discriminate failures (`e instanceof AbloX` or
+// `e.type === 'AbloX'`) plus the HTTP-response translator.
+export { SyncSessionError, AbloError, AbloAuthenticationError, AbloPermissionError, AbloRateLimitError, AbloIdempotencyError, AbloConnectionError, AbloValidationError, AbloServerError, AbloStaleContextError, AbloBusyError, CapabilityError, translateHttpError, } from './errors.js';
+// Typed-global augmentation point. Consumers declare their Schema/Presence/
+// Intents/UserMeta once in a `.d.ts` via `declare global { interface AbloSync
+// { ... } }`. Resolver types live under the `Ablo` namespace —
+// `Ablo.ResolveSchema`, `Ablo.ResolvePresence`, etc. — pure type-level.
+// Custom mutators — runtime entry point only.
+// Type counterparts moved to the `Ablo` namespace:
+//   Ablo.Mutator.Fn, Ablo.Transaction
+//   Ablo.Mutator.UndoEntry, Ablo.Mutator.InverseOp
+//   Ablo.Query, Ablo.QueryBatch, Ablo.QueryBatchResult
+export { defineMutators } from './mutators/defineMutators.js';
+// `createTransaction` is exposed so non-React callers (the sandbox AI
+// executor, server-side workers) can invoke `defineMutators`-style
+// custom mutators without going through `useMutators`. Construct a tx
+// against `ablo.schema` + `ablo._store` + `ablo.organizationId` and
+// pass it as `{ tx, args }` to the mutator function.
+export { createTransaction } from './mutators/Transaction.js';
+// Undo runtime is intentionally not part of the public root surface. App code
+// uses `useUndoScope` from `@ablo/sync-engine/react`.