@abraca/dabra 2.0.9 → 2.3.0

package/dist/abracadabra-provider.cjs

@@ -2215,6 +2215,119 @@ function serializeTarget(t) {
 	}
 }
 
+//#endregion
+//#region packages/provider/src/QueryClient.ts
+/**
+* V2 query layer — live subscription client.
+*
+* Mirrors the server in `crates/abracadabra/src/query_stream.rs`. Frames
+* travel as `MSG_STATELESS` payloads with the literal `query:v1:` prefix
+* followed by a JSON envelope.
+*
+* Each call to `subscribeQuery(...)` opens a long-lived subscription:
+*   1. The client sends `req` with a fresh correlation id.
+*   2. The server replies `ack` with an initial snapshot
+*      (`DocumentMeta[]`).
+*   3. The server emits `delta` frames as the doc-tree projection
+*      drifts under the predicate.
+*   4. The client sends `cancel` to tear it down (or relies on the
+*      WebSocket close path to free server state).
+*
+* The shape of the `query` field mirrors the REST `POST /docs/query`
+* body — `type`, `parentId`, `labelContains`, `where`, `limit`.
+*/
+const QUERY_PREFIX = "query:v1:";
+var QueryError = class extends Error {
+	constructor(code, message) {
+		super(message);
+		this.name = "QueryError";
+		this.code = code;
+	}
+};
+var QueryClient = class extends EventEmitter {
+	constructor(transport) {
+		super();
+		this.subs = /* @__PURE__ */ new Map();
+		this.idCounter = 0;
+		this.transport = transport;
+		this.onStatelessBound = (data) => this.receive(data.payload);
+		this.transport.on("stateless", this.onStatelessBound);
+	}
+	destroy() {
+		for (const sub of this.subs.values()) if (!sub.cancelled) {
+			this.send({
+				kind: "cancel",
+				id: sub.id
+			});
+			sub.cancelled = true;
+		}
+		this.subs.clear();
+		this.transport.off("stateless", this.onStatelessBound);
+	}
+	subscribeQuery(spec, handlers = {}) {
+		const id = this.nextId();
+		const sub = {
+			id,
+			handlers,
+			cancelled: false
+		};
+		this.subs.set(id, sub);
+		this.send({
+			kind: "req",
+			id,
+			query: spec
+		});
+		const self = this;
+		return {
+			id,
+			cancel() {
+				if (sub.cancelled) return;
+				sub.cancelled = true;
+				self.subs.delete(id);
+				self.send({
+					kind: "cancel",
+					id
+				});
+			}
+		};
+	}
+	nextId() {
+		this.idCounter += 1;
+		return `q-${Date.now()}-${this.idCounter}`;
+	}
+	send(frame) {
+		this.transport.sendStateless(`${QUERY_PREFIX}${JSON.stringify(frame)}`);
+	}
+	receive(payload) {
+		if (!payload.startsWith(QUERY_PREFIX)) return;
+		const rest = payload.slice(9);
+		let frame;
+		try {
+			frame = JSON.parse(rest);
+		} catch {
+			return;
+		}
+		const sub = this.subs.get(frame.id);
+		if (!sub || sub.cancelled) return;
+		switch (frame.kind) {
+			case "ack":
+				sub.handlers.onSnapshot?.(frame.initial ?? []);
+				break;
+			case "delta":
+				sub.handlers.onDelta?.({
+					added: frame.added ?? [],
+					removed: frame.removed ?? []
+				});
+				break;
+			case "err":
+				if (frame.error) sub.handlers.onError?.(new QueryError(frame.error.code, frame.error.message));
+				this.subs.delete(frame.id);
+				break;
+			default: break;
+		}
+	}
+};
+
 //#endregion
 //#region packages/provider/src/OutgoingMessages/SyncStepOneMessage.ts
 var SyncStepOneMessage = class extends OutgoingMessage {
@@ -2265,6 +2378,18 @@ var AbracadabraBaseProvider = class extends EventEmitter {
 		if (!this._rpc) this._rpc = new RpcClient(this);
 		return this._rpc;
 	}
+	getQueryClient() {
+		if (!this._queryClient) this._queryClient = new QueryClient(this);
+		return this._queryClient;
+	}
+	/**
+	* Open a live query subscription. Mirrors the v1 REST shape
+	* (`POST /docs/query`) but pushes deltas as the server-side
+	* projection drifts under the predicate.
+	*/
+	subscribeQuery(spec, handlers = {}) {
+		return this.getQueryClient().subscribeQuery(spec, handlers);
+	}
 	constructor(configuration) {
 		super();
 		this.configuration = {
@@ -2780,7 +2905,7 @@ var SubdocMessage = class extends OutgoingMessage {
 //#endregion
 //#region packages/provider/src/AbracadabraProvider.ts
 /** Validate that a string is a UUID acceptable by the server's DocId parser. */
-function isValidDocId(id) {
+function isValidDocId$1(id) {
 	return /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(id);
 }
 /**
@@ -2989,7 +3114,7 @@ var AbracadabraProvider = class AbracadabraProvider extends AbracadabraBaseProvi
 	*/
 	handleYSubdocsChange({ added, removed }) {
 		for (const subdoc of added) {
-			if (!isValidDocId(subdoc.guid)) continue;
+			if (!isValidDocId$1(subdoc.guid)) continue;
 			this.registerSubdoc(subdoc);
 		}
 		for (const subdoc of removed) this.unloadChild(subdoc.guid);
@@ -3033,7 +3158,7 @@ var AbracadabraProvider = class AbracadabraProvider extends AbracadabraBaseProvi
 	* explicit `unloadChild(id)` once they're done.
 	*/
 	loadChild(childId, options = {}) {
-		if (!isValidDocId(childId)) return Promise.reject(/* @__PURE__ */ new Error(`loadChild: "${childId}" is not a valid document ID (must be a UUID). If this node was created with an older version of the app, delete it and recreate it.`));
+		if (!isValidDocId$1(childId)) return Promise.reject(/* @__PURE__ */ new Error(`loadChild: "${childId}" is not a valid document ID (must be a UUID). If this node was created with an older version of the app, delete it and recreate it.`));
 		if (childId === this.configuration.name) return Promise.resolve(this);
 		const evictable = options.evictable !== false;
 		if (this.childProviders.has(childId)) {
@@ -10295,7 +10420,8 @@ var AbracadabraClient = class {
 				deviceName: opts.deviceName,
 				displayName: opts.displayName,
 				email: opts.email,
-				inviteCode: opts.inviteCode
+				inviteCode: opts.inviteCode,
+				x25519Key: opts.x25519Key
 			},
 			auth: false
 		});
@@ -10614,6 +10740,27 @@ var AbracadabraClient = class {
 		return (await this.request("GET", `/docs/search?${params.toString()}`)).results;
 	}
 	/**
+	* Query for documents matching a structural predicate. v1 of the
+	* indexed-query layer described in
+	* `ARCHITECTURE/20-kickoff-phase3-queries.md`.
+	*
+	* The wire shape accepts a `where` field so v2 (meta-predicate
+	* filtering on top of the `doc_meta_index` projection) can light up
+	* without a compatibility break. Sending a non-empty `where` today
+	* returns a 400 — callers should leave it absent.
+	*
+	* Returns docs the requester can read at viewer-or-above, filtered
+	* through the cascading permission resolver server-side.
+	*/
+	async queryDocs(opts) {
+		const body = {};
+		if (opts.type != null) body.type = opts.type;
+		if (opts.parentId != null) body.parent_id = opts.parentId;
+		if (opts.labelContains != null) body.label_contains = opts.labelContains;
+		if (opts.limit != null) body.limit = opts.limit;
+		return (await this.request("POST", "/docs/query", { body })).documents;
+	}
+	/**
 	* List the direct children of a document, returning full metadata. Pass
 	* no argument to list the children of the server root — what the
 	* dashboard renders as the Spaces sidebar.
@@ -11149,6 +11296,234 @@ var AbracadabraClient = class {
 	}
 };
 
+//#endregion
+//#region packages/provider/src/TokenManager.ts
+const DEFAULT_STORAGE_KEY = "abracadabra:device-session";
+/** localStorage-backed storage; safe in SSR/Node (no-ops without localStorage). */
+var LocalStorageDeviceSessionStorage = class {
+	constructor(key = DEFAULT_STORAGE_KEY) {
+		this.key = key;
+	}
+	load() {
+		try {
+			const raw = localStorage.getItem(this.key);
+			if (!raw) return null;
+			const parsed = JSON.parse(raw);
+			if (typeof parsed?.sessionId === "string" && typeof parsed?.sessionToken === "string" && typeof parsed?.expiresAt === "number") return parsed;
+			return null;
+		} catch {
+			return null;
+		}
+	}
+	save(record) {
+		try {
+			localStorage.setItem(this.key, JSON.stringify(record));
+		} catch {}
+	}
+	clear() {
+		try {
+			localStorage.removeItem(this.key);
+		} catch {}
+	}
+};
+/**
+* Manages the lifetime of the short-lived JWT against a long-lived device
+* session token.
+*
+* Flow:
+*  - Bootstrap: if a stored device session exists, exchange it for a fresh
+*    JWT immediately (`bootstrap()`). Otherwise the consumer must run a
+*    full crypto-auth handshake and then call `attachSession(record)` once
+*    the server returns a device-session token.
+*  - Steady state: `getValidToken()` returns the JWT, refreshing if the
+*    JWT is within `refreshLeadMs` of expiry. Concurrent callers share one
+*    in-flight refresh.
+*  - Background: a proactive timer fires `refreshLeadMs` before `exp`.
+*    `visibilitychange` and `online` events trigger an opportunistic
+*    refresh in case the timer was suppressed (hidden tab, sleeping
+*    laptop). The combination is what restores the WS without a reload.
+*  - Failure: refresh errors with status 401/403 mean the device session
+*    itself is dead (revoked or 30 d expired). The record is cleared and
+*    `session-expired` fires so the consumer can prompt re-auth. Other
+*    errors (network) are transparent — the existing JWT is returned and
+*    the caller's normal retry loop covers it.
+*/
+var TokenManager = class extends EventEmitter {
+	constructor(options) {
+		super();
+		this.refreshing = null;
+		this.proactiveTimer = null;
+		this.resumeHandlersInstalled = false;
+		this.boundOnResume = null;
+		this.disposed = false;
+		this.client = options.client;
+		this.storage = options.storage ?? new LocalStorageDeviceSessionStorage();
+		this.refreshLeadMs = options.refreshLeadMs ?? 300 * 1e3;
+		this.session = this.storage.load();
+		if (options.installResumeHandlers !== false) this.installResumeHandlers();
+		this.scheduleProactiveRefresh();
+	}
+	get hasSession() {
+		return this.session !== null;
+	}
+	get currentSession() {
+		return this.session;
+	}
+	/**
+	* Persist a freshly-issued device session and exchange it immediately
+	* for a JWT. Call this once after a successful crypto-auth login when
+	* the server returns a device-session token.
+	*/
+	async attachSession(record) {
+		this.session = record;
+		this.storage.save(record);
+		return await this.runRefresh();
+	}
+	/**
+	* Drop the local device session (no server call). Use after a logout
+	* or when `session-expired` fires. To revoke server-side as well, call
+	* `client.revokeDeviceSession(sessionId)` first.
+	*/
+	clearSession() {
+		this.session = null;
+		this.storage.clear();
+		if (this.proactiveTimer) {
+			clearTimeout(this.proactiveTimer);
+			this.proactiveTimer = null;
+		}
+	}
+	/**
+	* Return a valid JWT, refreshing if it is missing or within
+	* `refreshLeadMs` of expiry. Safe to call concurrently — one
+	* refresh is in flight at a time.
+	*
+	* Transient refresh errors (network) fall back to the cached JWT so
+	* the WS auth attempt can still proceed; the server will reject and
+	* the next reconnect tries again. Only 401/403 from the refresh
+	* endpoint surfaces as a thrown error here, since those mean the
+	* device session itself is dead.
+	*/
+	async getValidToken() {
+		if (this.refreshing) return this.refreshing;
+		const current = this.client.token;
+		if (current && this.tokenIsFresh(current)) return current;
+		if (!this.session) return current ?? "";
+		try {
+			return await this.runRefresh();
+		} catch (err) {
+			const status = err?.status;
+			if (status === 401 || status === 403) throw err;
+			return current ?? "";
+		}
+	}
+	/**
+	* If a stored device session exists, exchange it for a fresh JWT now.
+	* Returns the JWT (or null if there is no session to bootstrap from).
+	* Throws on 401/403 — the stored session is invalid and the caller
+	* should fall through to a full crypto-auth flow.
+	*/
+	async bootstrap() {
+		if (!this.session) return null;
+		try {
+			return await this.runRefresh();
+		} catch (err) {
+			const status = err?.status;
+			if (status === 401 || status === 403) throw err;
+			return null;
+		}
+	}
+	dispose() {
+		if (this.disposed) return;
+		this.disposed = true;
+		if (this.proactiveTimer) {
+			clearTimeout(this.proactiveTimer);
+			this.proactiveTimer = null;
+		}
+		if (this.boundOnResume) {
+			try {
+				if (typeof document !== "undefined") document.removeEventListener("visibilitychange", this.boundOnResume);
+				if (typeof window !== "undefined") window.removeEventListener("online", this.boundOnResume);
+			} catch {}
+			this.boundOnResume = null;
+		}
+		this.removeAllListeners();
+	}
+	runRefresh() {
+		if (this.refreshing) return this.refreshing;
+		if (!this.session) return Promise.reject(/* @__PURE__ */ new Error("No device session"));
+		const sessionToken = this.session.sessionToken;
+		this.refreshing = (async () => {
+			try {
+				const jwt = await this.client.refreshWithDeviceSession(sessionToken);
+				this.scheduleProactiveRefresh();
+				this.emit("refresh", jwt);
+				return jwt;
+			} catch (err) {
+				const status = err?.status;
+				if (status === 401 || status === 403) {
+					const message = err?.message ?? "device session rejected";
+					this.clearSession();
+					this.emit("session-expired", {
+						status,
+						message
+					});
+				}
+				throw err;
+			} finally {
+				this.refreshing = null;
+			}
+		})();
+		return this.refreshing;
+	}
+	tokenIsFresh(jwt) {
+		const exp = this.parseExp(jwt);
+		if (exp == null) return false;
+		return exp * 1e3 - Date.now() > this.refreshLeadMs;
+	}
+	parseExp(jwt) {
+		try {
+			const [, payload] = jwt.split(".");
+			if (!payload) return null;
+			const { exp } = JSON.parse(atob(payload));
+			return typeof exp === "number" ? exp : null;
+		} catch {
+			return null;
+		}
+	}
+	scheduleProactiveRefresh() {
+		if (this.proactiveTimer) {
+			clearTimeout(this.proactiveTimer);
+			this.proactiveTimer = null;
+		}
+		if (!this.session || this.disposed) return;
+		const jwt = this.client.token;
+		const exp = jwt ? this.parseExp(jwt) : null;
+		if (exp == null) return;
+		const delay = Math.max(3e4, exp * 1e3 - Date.now() - this.refreshLeadMs);
+		this.proactiveTimer = setTimeout(() => {
+			this.runRefresh().catch(() => {});
+		}, delay);
+	}
+	installResumeHandlers() {
+		if (this.resumeHandlersInstalled) return;
+		if (typeof document === "undefined" && typeof window === "undefined") return;
+		const onResume = () => {
+			if (this.disposed) return;
+			if (typeof document !== "undefined" && document.visibilityState === "hidden") return;
+			if (!this.session) return;
+			const jwt = this.client.token;
+			if (jwt && this.tokenIsFresh(jwt)) return;
+			this.runRefresh().catch(() => {});
+		};
+		this.boundOnResume = onResume;
+		try {
+			if (typeof document !== "undefined") document.addEventListener("visibilitychange", onResume);
+			if (typeof window !== "undefined") window.addEventListener("online", onResume);
+			this.resumeHandlersInstalled = true;
+		} catch {}
+	}
+};
+
 //#endregion
 //#region packages/provider/src/CloseEvents.ts
 /**
@@ -15283,10 +15658,22 @@ var Semaphore = class {
 		else this.slots++;
 	}
 };
+/**
+* Server-accepted doc-id format. The Rust server's `DocId::from_string`
+* is a strict UUID parse; any other string returns 422. Stale entries in
+* the doc-tree map (legacy slug ids from earlier demos, manual experiments)
+* would otherwise emit one 422 per `syncAll()` forever — see the warn
+* below in `_buildQueue`.
+*/
+const UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+function isValidDocId(id) {
+	return UUID_RE.test(id);
+}
 var BackgroundSyncManager = class extends EventEmitter {
 	constructor(rootProvider, client, fileBlobStore, opts) {
 		super();
 		this.syncStates = /* @__PURE__ */ new Map();
+		this._warnedInvalidIds = /* @__PURE__ */ new Set();
 		this._destroyed = false;
 		this._initPromise = null;
 		this.rootProvider = rootProvider;
@@ -15428,7 +15815,19 @@ var BackgroundSyncManager = class extends EventEmitter {
 	*  3. Errored docs last
 	*/
 	_buildQueue(entries) {
-		const items = entries.map(([docId, v]) => {
+		const filtered = [];
+		for (const entry of entries) {
+			const [docId] = entry;
+			if (isValidDocId(docId)) {
+				filtered.push(entry);
+				continue;
+			}
+			if (!this._warnedInvalidIds.has(docId)) {
+				this._warnedInvalidIds.add(docId);
+				console.warn(`[BackgroundSyncManager] skipping non-UUID doc id "${docId}" in doc-tree — server would reject it (422). Likely a stale entry from an earlier seeder; remove it from the tree to silence this.`);
+			}
+		}
+		const items = filtered.map(([docId, v]) => {
 			const state = this.syncStates.get(docId);
 			const updatedAt = v?.updatedAt ?? v?.createdAt ?? 0;
 			let priority;
@@ -17811,6 +18210,42 @@ function toPlain(val) {
 	return val instanceof yjs.Map ? val.toJSON() : val;
 }
 
+//#endregion
+//#region packages/provider/src/SchemaTypes.ts
+/**
+* Thrown by typed write methods on `TypedDocsClient` when the stored
+* entry's `type` doesn't match the caller's `expectedType`. Distinct from
+* `MetaValidationError` (which signals schema-content mismatches).
+*/
+var TypedDocTypeMismatchError = class extends Error {
+	constructor(docId, expectedType, actualType) {
+		super(`Typed write on document ${docId} expected type "${expectedType}" but stored type is ${actualType === void 0 ? "(none)" : `"${actualType}"`}`);
+		this.name = "TypedDocTypeMismatchError";
+		this.docId = docId;
+		this.expectedType = expectedType;
+		this.actualType = actualType;
+	}
+};
+/**
+* Project a raw `TreeEntry` to a `TypedTreeEntry<TMap, N>` if its `type`
+* matches; otherwise return `null`. Used by both `TreeManager.getTyped`
+* and `TypedDocsClient.{get,narrow}` to keep semantics consistent.
+*/
+function projectTreeEntry(entry, expectedType) {
+	if (!entry) return null;
+	if (entry.type !== expectedType) return null;
+	return {
+		id: entry.id,
+		type: expectedType,
+		label: entry.label,
+		parentId: entry.parentId,
+		order: entry.order,
+		meta: entry.meta,
+		createdAt: entry.createdAt,
+		updatedAt: entry.updatedAt
+	};
+}
+
 //#endregion
 //#region packages/provider/src/TreeManager.ts
 /**
@@ -17888,6 +18323,20 @@ var TreeManager = class {
 			};
 		});
 	}
+	/**
+	* Schema-typed lookup. Returns a `TypedTreeEntry<TMap, N>` when the
+	* entry's `type` matches `expectedType`, else `null`. Pure projection
+	* over the existing untyped tree — no schema validation is performed
+	* here (the entry's data is whatever was last synced; meta correctness
+	* is the writer's responsibility, optionally enforced via
+	* `MetaManager.setSchema`).
+	*
+	* Rule 4 alignment: when the entry's type doesn't match, returns null
+	* rather than throwing — callers branch on the result.
+	*/
+	getTyped(_schema, expectedType, docId) {
+		return projectTreeEntry(this.get(docId), expectedType);
+	}
 	/** Find a single entry by ID. */
 	get(docId) {
 		const treeMap = this.dm.getTreeMap();
@@ -19618,9 +20067,29 @@ var ContentManager = class {
 
 //#endregion
 //#region packages/provider/src/MetaManager.ts
+var MetaValidationError = class extends Error {
+	constructor(docId, docType, errors) {
+		const detail = errors.map((e) => `${e.path.join(".") || "(root)"}: ${e.message}`).join("; ");
+		super(`Meta validation failed for document ${docId} of type "${docType}": ${detail}`);
+		this.name = "MetaValidationError";
+		this.docId = docId;
+		this.docType = docType;
+		this.errors = errors;
+	}
+};
 var MetaManager = class {
 	constructor(dm) {
 		this.dm = dm;
+		this.schema = null;
+	}
+	/**
+	* Attach (or detach with `null`) a schema validator. When set, every
+	* `update` / `set` validates the post-write meta against the entry's
+	* declared `type` before writing to the doc-tree. Entries without a
+	* `type` field pass through unconditionally.
+	*/
+	setSchema(schema) {
+		this.schema = schema;
 	}
 	/** Read metadata for a document. Returns null if not found. */
 	get(docId) {
@@ -19639,6 +20108,9 @@ var MetaManager = class {
 	/**
 	* Merge fields into a document's metadata.
 	* Existing keys not in the update are preserved.
+	*
+	* @throws {MetaValidationError} when a schema is attached and the
+	*   merged meta fails validation for the entry's declared type.
 	*/
 	update(docId, meta) {
 		const treeMap = this.dm.getTreeMap();
@@ -19646,18 +20118,23 @@ var MetaManager = class {
 		const raw = treeMap.get(docId);
 		if (!raw) throw new Error(`Document ${docId} not found`);
 		const entry = toPlain(raw);
+		const mergedMeta = {
+			...entry.meta ?? {},
+			...meta
+		};
+		this.validateOrThrow(docId, entry, mergedMeta);
 		treeMap.set(docId, {
 			...entry,
-			meta: {
-				...entry.meta ?? {},
-				...meta
-			},
+			meta: mergedMeta,
 			updatedAt: Date.now()
 		});
 	}
 	/**
 	* Replace all metadata on a document.
 	* This overwrites the entire meta object.
+	*
+	* @throws {MetaValidationError} when a schema is attached and the
+	*   replacement meta fails validation for the entry's declared type.
 	*/
 	set(docId, meta) {
 		const treeMap = this.dm.getTreeMap();
@@ -19665,6 +20142,7 @@ var MetaManager = class {
 		const raw = treeMap.get(docId);
 		if (!raw) throw new Error(`Document ${docId} not found`);
 		const entry = toPlain(raw);
+		this.validateOrThrow(docId, entry, meta);
 		treeMap.set(docId, {
 			...entry,
 			meta,
@@ -19682,12 +20160,20 @@ var MetaManager = class {
 		const entry = toPlain(raw);
 		const updated = { ...entry.meta ?? {} };
 		for (const key of keys) delete updated[key];
+		this.validateOrThrow(docId, entry, updated);
 		treeMap.set(docId, {
 			...entry,
 			meta: updated,
 			updatedAt: Date.now()
 		});
 	}
+	validateOrThrow(docId, entry, meta) {
+		if (!this.schema) return;
+		const docType = entry.type;
+		if (!docType) return;
+		const result = this.schema.validateMeta(docType, meta);
+		if (!result.ok) throw new MetaValidationError(docId, docType, result.errors);
+	}
 };
 
 //#endregion
@@ -19733,6 +20219,44 @@ var DocumentManager = class {
 		this.content = new ContentManager(this);
 		this.meta = new MetaManager(this);
 	}
+	/**
+	* Bind a schema registry to a typed accessor surface. The returned
+	* client offers `.get(type, id)` with the registry's meta types
+	* inferred at the call site, removing the need to pass `schema`
+	* to every lookup. The provider remains schema-free at runtime —
+	* `schema` is only used to drive type inference (see
+	* `SchemaRegistryLike` for the structural witness).
+	*
+	* @example
+	*   const docs = dm.docs(kanbanSchema);
+	*   const board = docs.get("kanban", id);
+	*   if (board) console.log(board.meta.kanbanColumnWidth); // typed
+	*/
+	docs(_schema) {
+		const tree = this.tree;
+		const meta = this.meta;
+		const expectType = (expected, id) => {
+			const actual = tree.get(id)?.type;
+			if (actual !== expected) throw new TypedDocTypeMismatchError(id, expected, actual);
+		};
+		return {
+			get: (expectedType, id) => projectTreeEntry(tree.get(id), expectedType),
+			getEntry: (id) => tree.get(id),
+			narrow: (expectedType, entry) => projectTreeEntry(entry ?? null, expectedType),
+			update: (expectedType, id, patch) => {
+				expectType(expectedType, id);
+				meta.update(id, patch);
+			},
+			set: (expectedType, id, value) => {
+				expectType(expectedType, id);
+				meta.set(id, value);
+			},
+			clear: (expectedType, id, keys) => {
+				expectType(expectedType, id);
+				meta.clear(id, keys);
+			}
+		};
+	}
 	get displayName() {
 		return this._config.name || "DocumentManager";
 	}
@@ -19914,14 +20438,19 @@ exports.HocuspocusProviderWebsocket = HocuspocusProviderWebsocket;
 exports.IdentityDocProvider = IdentityDocProvider;
 exports.KEY_EXCHANGE_CHANNEL = KEY_EXCHANGE_CHANNEL;
 exports.Kind = Kind;
+exports.LocalStorageDeviceSessionStorage = LocalStorageDeviceSessionStorage;
 exports.ManualSignaling = ManualSignaling;
 exports.MessageTooBig = MessageTooBig;
 exports.MessageType = MessageType;
 exports.MetaManager = MetaManager;
+exports.MetaValidationError = MetaValidationError;
 exports.NotificationsClient = NotificationsClient;
 exports.OfflineStore = OfflineStore;
 exports.PAGE_TYPES = PAGE_TYPES;
 exports.PeerConnection = PeerConnection;
+exports.QUERY_PREFIX = QUERY_PREFIX;
+exports.QueryClient = QueryClient;
+exports.QueryError = QueryError;
 exports.RPC_PREFIX = RPC_PREFIX;
 exports.ResetConnection = ResetConnection;
 exports.RpcClient = RpcClient;
@@ -19931,7 +20460,9 @@ exports.SearchIndex = SearchIndex;
 exports.SignalingSocket = SignalingSocket;
 exports.SubdocMessage = SubdocMessage;
 exports.TYPE_ALIASES = TYPE_ALIASES;
+exports.TokenManager = TokenManager;
 exports.TreeManager = TreeManager;
+exports.TypedDocTypeMismatchError = TypedDocTypeMismatchError;
 exports.Unauthorized = Unauthorized;
 exports.WebSocketStatus = WebSocketStatus;
 exports.WsReadyStates = WsReadyStates;