@abraca/dabra 2.0.9 → 2.3.0

package/dist/abracadabra-provider.esm.js

@@ -2185,6 +2185,119 @@ function serializeTarget(t) {
 	}
 }
 
+//#endregion
+//#region packages/provider/src/QueryClient.ts
+/**
+* V2 query layer — live subscription client.
+*
+* Mirrors the server in `crates/abracadabra/src/query_stream.rs`. Frames
+* travel as `MSG_STATELESS` payloads with the literal `query:v1:` prefix
+* followed by a JSON envelope.
+*
+* Each call to `subscribeQuery(...)` opens a long-lived subscription:
+*   1. The client sends `req` with a fresh correlation id.
+*   2. The server replies `ack` with an initial snapshot
+*      (`DocumentMeta[]`).
+*   3. The server emits `delta` frames as the doc-tree projection
+*      drifts under the predicate.
+*   4. The client sends `cancel` to tear it down (or relies on the
+*      WebSocket close path to free server state).
+*
+* The shape of the `query` field mirrors the REST `POST /docs/query`
+* body — `type`, `parentId`, `labelContains`, `where`, `limit`.
+*/
+const QUERY_PREFIX = "query:v1:";
+var QueryError = class extends Error {
+	constructor(code, message) {
+		super(message);
+		this.name = "QueryError";
+		this.code = code;
+	}
+};
+var QueryClient = class extends EventEmitter {
+	constructor(transport) {
+		super();
+		this.subs = /* @__PURE__ */ new Map();
+		this.idCounter = 0;
+		this.transport = transport;
+		this.onStatelessBound = (data) => this.receive(data.payload);
+		this.transport.on("stateless", this.onStatelessBound);
+	}
+	destroy() {
+		for (const sub of this.subs.values()) if (!sub.cancelled) {
+			this.send({
+				kind: "cancel",
+				id: sub.id
+			});
+			sub.cancelled = true;
+		}
+		this.subs.clear();
+		this.transport.off("stateless", this.onStatelessBound);
+	}
+	subscribeQuery(spec, handlers = {}) {
+		const id = this.nextId();
+		const sub = {
+			id,
+			handlers,
+			cancelled: false
+		};
+		this.subs.set(id, sub);
+		this.send({
+			kind: "req",
+			id,
+			query: spec
+		});
+		const self = this;
+		return {
+			id,
+			cancel() {
+				if (sub.cancelled) return;
+				sub.cancelled = true;
+				self.subs.delete(id);
+				self.send({
+					kind: "cancel",
+					id
+				});
+			}
+		};
+	}
+	nextId() {
+		this.idCounter += 1;
+		return `q-${Date.now()}-${this.idCounter}`;
+	}
+	send(frame) {
+		this.transport.sendStateless(`${QUERY_PREFIX}${JSON.stringify(frame)}`);
+	}
+	receive(payload) {
+		if (!payload.startsWith(QUERY_PREFIX)) return;
+		const rest = payload.slice(9);
+		let frame;
+		try {
+			frame = JSON.parse(rest);
+		} catch {
+			return;
+		}
+		const sub = this.subs.get(frame.id);
+		if (!sub || sub.cancelled) return;
+		switch (frame.kind) {
+			case "ack":
+				sub.handlers.onSnapshot?.(frame.initial ?? []);
+				break;
+			case "delta":
+				sub.handlers.onDelta?.({
+					added: frame.added ?? [],
+					removed: frame.removed ?? []
+				});
+				break;
+			case "err":
+				if (frame.error) sub.handlers.onError?.(new QueryError(frame.error.code, frame.error.message));
+				this.subs.delete(frame.id);
+				break;
+			default: break;
+		}
+	}
+};
+
 //#endregion
 //#region packages/provider/src/OutgoingMessages/SyncStepOneMessage.ts
 var SyncStepOneMessage = class extends OutgoingMessage {
@@ -2235,6 +2348,18 @@ var AbracadabraBaseProvider = class extends EventEmitter {
 		if (!this._rpc) this._rpc = new RpcClient(this);
 		return this._rpc;
 	}
+	getQueryClient() {
+		if (!this._queryClient) this._queryClient = new QueryClient(this);
+		return this._queryClient;
+	}
+	/**
+	* Open a live query subscription. Mirrors the v1 REST shape
+	* (`POST /docs/query`) but pushes deltas as the server-side
+	* projection drifts under the predicate.
+	*/
+	subscribeQuery(spec, handlers = {}) {
+		return this.getQueryClient().subscribeQuery(spec, handlers);
+	}
 	constructor(configuration) {
 		super();
 		this.configuration = {
@@ -2750,7 +2875,7 @@ var SubdocMessage = class extends OutgoingMessage {
 //#endregion
 //#region packages/provider/src/AbracadabraProvider.ts
 /** Validate that a string is a UUID acceptable by the server's DocId parser. */
-function isValidDocId(id) {
+function isValidDocId$1(id) {
 	return /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(id);
 }
 /**
@@ -2959,7 +3084,7 @@ var AbracadabraProvider = class AbracadabraProvider extends AbracadabraBaseProvi
 	*/
 	handleYSubdocsChange({ added, removed }) {
 		for (const subdoc of added) {
-			if (!isValidDocId(subdoc.guid)) continue;
+			if (!isValidDocId$1(subdoc.guid)) continue;
 			this.registerSubdoc(subdoc);
 		}
 		for (const subdoc of removed) this.unloadChild(subdoc.guid);
@@ -3003,7 +3128,7 @@ var AbracadabraProvider = class AbracadabraProvider extends AbracadabraBaseProvi
 	* explicit `unloadChild(id)` once they're done.
 	*/
 	loadChild(childId, options = {}) {
-		if (!isValidDocId(childId)) return Promise.reject(/* @__PURE__ */ new Error(`loadChild: "${childId}" is not a valid document ID (must be a UUID). If this node was created with an older version of the app, delete it and recreate it.`));
+		if (!isValidDocId$1(childId)) return Promise.reject(/* @__PURE__ */ new Error(`loadChild: "${childId}" is not a valid document ID (must be a UUID). If this node was created with an older version of the app, delete it and recreate it.`));
 		if (childId === this.configuration.name) return Promise.resolve(this);
 		const evictable = options.evictable !== false;
 		if (this.childProviders.has(childId)) {
@@ -10265,7 +10390,8 @@ var AbracadabraClient = class {
 				deviceName: opts.deviceName,
 				displayName: opts.displayName,
 				email: opts.email,
-				inviteCode: opts.inviteCode
+				inviteCode: opts.inviteCode,
+				x25519Key: opts.x25519Key
 			},
 			auth: false
 		});
@@ -10584,6 +10710,27 @@ var AbracadabraClient = class {
 		return (await this.request("GET", `/docs/search?${params.toString()}`)).results;
 	}
 	/**
+	* Query for documents matching a structural predicate. v1 of the
+	* indexed-query layer described in
+	* `ARCHITECTURE/20-kickoff-phase3-queries.md`.
+	*
+	* The wire shape accepts a `where` field so v2 (meta-predicate
+	* filtering on top of the `doc_meta_index` projection) can light up
+	* without a compatibility break. Sending a non-empty `where` today
+	* returns a 400 — callers should leave it absent.
+	*
+	* Returns docs the requester can read at viewer-or-above, filtered
+	* through the cascading permission resolver server-side.
+	*/
+	async queryDocs(opts) {
+		const body = {};
+		if (opts.type != null) body.type = opts.type;
+		if (opts.parentId != null) body.parent_id = opts.parentId;
+		if (opts.labelContains != null) body.label_contains = opts.labelContains;
+		if (opts.limit != null) body.limit = opts.limit;
+		return (await this.request("POST", "/docs/query", { body })).documents;
+	}
+	/**
 	* List the direct children of a document, returning full metadata. Pass
 	* no argument to list the children of the server root — what the
 	* dashboard renders as the Spaces sidebar.
@@ -11119,6 +11266,234 @@ var AbracadabraClient = class {
 	}
 };
 
+//#endregion
+//#region packages/provider/src/TokenManager.ts
+const DEFAULT_STORAGE_KEY = "abracadabra:device-session";
+/** localStorage-backed storage; safe in SSR/Node (no-ops without localStorage). */
+var LocalStorageDeviceSessionStorage = class {
+	constructor(key = DEFAULT_STORAGE_KEY) {
+		this.key = key;
+	}
+	load() {
+		try {
+			const raw = localStorage.getItem(this.key);
+			if (!raw) return null;
+			const parsed = JSON.parse(raw);
+			if (typeof parsed?.sessionId === "string" && typeof parsed?.sessionToken === "string" && typeof parsed?.expiresAt === "number") return parsed;
+			return null;
+		} catch {
+			return null;
+		}
+	}
+	save(record) {
+		try {
+			localStorage.setItem(this.key, JSON.stringify(record));
+		} catch {}
+	}
+	clear() {
+		try {
+			localStorage.removeItem(this.key);
+		} catch {}
+	}
+};
+/**
+* Manages the lifetime of the short-lived JWT against a long-lived device
+* session token.
+*
+* Flow:
+*  - Bootstrap: if a stored device session exists, exchange it for a fresh
+*    JWT immediately (`bootstrap()`). Otherwise the consumer must run a
+*    full crypto-auth handshake and then call `attachSession(record)` once
+*    the server returns a device-session token.
+*  - Steady state: `getValidToken()` returns the JWT, refreshing if the
+*    JWT is within `refreshLeadMs` of expiry. Concurrent callers share one
+*    in-flight refresh.
+*  - Background: a proactive timer fires `refreshLeadMs` before `exp`.
+*    `visibilitychange` and `online` events trigger an opportunistic
+*    refresh in case the timer was suppressed (hidden tab, sleeping
+*    laptop). The combination is what restores the WS without a reload.
+*  - Failure: refresh errors with status 401/403 mean the device session
+*    itself is dead (revoked or 30 d expired). The record is cleared and
+*    `session-expired` fires so the consumer can prompt re-auth. Other
+*    errors (network) are transparent — the existing JWT is returned and
+*    the caller's normal retry loop covers it.
+*/
+var TokenManager = class extends EventEmitter {
+	constructor(options) {
+		super();
+		this.refreshing = null;
+		this.proactiveTimer = null;
+		this.resumeHandlersInstalled = false;
+		this.boundOnResume = null;
+		this.disposed = false;
+		this.client = options.client;
+		this.storage = options.storage ?? new LocalStorageDeviceSessionStorage();
+		this.refreshLeadMs = options.refreshLeadMs ?? 300 * 1e3;
+		this.session = this.storage.load();
+		if (options.installResumeHandlers !== false) this.installResumeHandlers();
+		this.scheduleProactiveRefresh();
+	}
+	get hasSession() {
+		return this.session !== null;
+	}
+	get currentSession() {
+		return this.session;
+	}
+	/**
+	* Persist a freshly-issued device session and exchange it immediately
+	* for a JWT. Call this once after a successful crypto-auth login when
+	* the server returns a device-session token.
+	*/
+	async attachSession(record) {
+		this.session = record;
+		this.storage.save(record);
+		return await this.runRefresh();
+	}
+	/**
+	* Drop the local device session (no server call). Use after a logout
+	* or when `session-expired` fires. To revoke server-side as well, call
+	* `client.revokeDeviceSession(sessionId)` first.
+	*/
+	clearSession() {
+		this.session = null;
+		this.storage.clear();
+		if (this.proactiveTimer) {
+			clearTimeout(this.proactiveTimer);
+			this.proactiveTimer = null;
+		}
+	}
+	/**
+	* Return a valid JWT, refreshing if it is missing or within
+	* `refreshLeadMs` of expiry. Safe to call concurrently — one
+	* refresh is in flight at a time.
+	*
+	* Transient refresh errors (network) fall back to the cached JWT so
+	* the WS auth attempt can still proceed; the server will reject and
+	* the next reconnect tries again. Only 401/403 from the refresh
+	* endpoint surfaces as a thrown error here, since those mean the
+	* device session itself is dead.
+	*/
+	async getValidToken() {
+		if (this.refreshing) return this.refreshing;
+		const current = this.client.token;
+		if (current && this.tokenIsFresh(current)) return current;
+		if (!this.session) return current ?? "";
+		try {
+			return await this.runRefresh();
+		} catch (err) {
+			const status = err?.status;
+			if (status === 401 || status === 403) throw err;
+			return current ?? "";
+		}
+	}
+	/**
+	* If a stored device session exists, exchange it for a fresh JWT now.
+	* Returns the JWT (or null if there is no session to bootstrap from).
+	* Throws on 401/403 — the stored session is invalid and the caller
+	* should fall through to a full crypto-auth flow.
+	*/
+	async bootstrap() {
+		if (!this.session) return null;
+		try {
+			return await this.runRefresh();
+		} catch (err) {
+			const status = err?.status;
+			if (status === 401 || status === 403) throw err;
+			return null;
+		}
+	}
+	dispose() {
+		if (this.disposed) return;
+		this.disposed = true;
+		if (this.proactiveTimer) {
+			clearTimeout(this.proactiveTimer);
+			this.proactiveTimer = null;
+		}
+		if (this.boundOnResume) {
+			try {
+				if (typeof document !== "undefined") document.removeEventListener("visibilitychange", this.boundOnResume);
+				if (typeof window !== "undefined") window.removeEventListener("online", this.boundOnResume);
+			} catch {}
+			this.boundOnResume = null;
+		}
+		this.removeAllListeners();
+	}
+	runRefresh() {
+		if (this.refreshing) return this.refreshing;
+		if (!this.session) return Promise.reject(/* @__PURE__ */ new Error("No device session"));
+		const sessionToken = this.session.sessionToken;
+		this.refreshing = (async () => {
+			try {
+				const jwt = await this.client.refreshWithDeviceSession(sessionToken);
+				this.scheduleProactiveRefresh();
+				this.emit("refresh", jwt);
+				return jwt;
+			} catch (err) {
+				const status = err?.status;
+				if (status === 401 || status === 403) {
+					const message = err?.message ?? "device session rejected";
+					this.clearSession();
+					this.emit("session-expired", {
+						status,
+						message
+					});
+				}
+				throw err;
+			} finally {
+				this.refreshing = null;
+			}
+		})();
+		return this.refreshing;
+	}
+	tokenIsFresh(jwt) {
+		const exp = this.parseExp(jwt);
+		if (exp == null) return false;
+		return exp * 1e3 - Date.now() > this.refreshLeadMs;
+	}
+	parseExp(jwt) {
+		try {
+			const [, payload] = jwt.split(".");
+			if (!payload) return null;
+			const { exp } = JSON.parse(atob(payload));
+			return typeof exp === "number" ? exp : null;
+		} catch {
+			return null;
+		}
+	}
+	scheduleProactiveRefresh() {
+		if (this.proactiveTimer) {
+			clearTimeout(this.proactiveTimer);
+			this.proactiveTimer = null;
+		}
+		if (!this.session || this.disposed) return;
+		const jwt = this.client.token;
+		const exp = jwt ? this.parseExp(jwt) : null;
+		if (exp == null) return;
+		const delay = Math.max(3e4, exp * 1e3 - Date.now() - this.refreshLeadMs);
+		this.proactiveTimer = setTimeout(() => {
+			this.runRefresh().catch(() => {});
+		}, delay);
+	}
+	installResumeHandlers() {
+		if (this.resumeHandlersInstalled) return;
+		if (typeof document === "undefined" && typeof window === "undefined") return;
+		const onResume = () => {
+			if (this.disposed) return;
+			if (typeof document !== "undefined" && document.visibilityState === "hidden") return;
+			if (!this.session) return;
+			const jwt = this.client.token;
+			if (jwt && this.tokenIsFresh(jwt)) return;
+			this.runRefresh().catch(() => {});
+		};
+		this.boundOnResume = onResume;
+		try {
+			if (typeof document !== "undefined") document.addEventListener("visibilitychange", onResume);
+			if (typeof window !== "undefined") window.addEventListener("online", onResume);
+			this.resumeHandlersInstalled = true;
+		} catch {}
+	}
+};
+
 //#endregion
 //#region packages/provider/src/CloseEvents.ts
 /**
@@ -15244,10 +15619,22 @@ var Semaphore = class {
 		else this.slots++;
 	}
 };
+/**
+* Server-accepted doc-id format. The Rust server's `DocId::from_string`
+* is a strict UUID parse; any other string returns 422. Stale entries in
+* the doc-tree map (legacy slug ids from earlier demos, manual experiments)
+* would otherwise emit one 422 per `syncAll()` forever — see the warn
+* below in `_buildQueue`.
+*/
+const UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+function isValidDocId(id) {
+	return UUID_RE.test(id);
+}
 var BackgroundSyncManager = class extends EventEmitter {
 	constructor(rootProvider, client, fileBlobStore, opts) {
 		super();
 		this.syncStates = /* @__PURE__ */ new Map();
+		this._warnedInvalidIds = /* @__PURE__ */ new Set();
 		this._destroyed = false;
 		this._initPromise = null;
 		this.rootProvider = rootProvider;
@@ -15389,7 +15776,19 @@ var BackgroundSyncManager = class extends EventEmitter {
 	*  3. Errored docs last
 	*/
 	_buildQueue(entries) {
-		const items = entries.map(([docId, v]) => {
+		const filtered = [];
+		for (const entry of entries) {
+			const [docId] = entry;
+			if (isValidDocId(docId)) {
+				filtered.push(entry);
+				continue;
+			}
+			if (!this._warnedInvalidIds.has(docId)) {
+				this._warnedInvalidIds.add(docId);
+				console.warn(`[BackgroundSyncManager] skipping non-UUID doc id "${docId}" in doc-tree — server would reject it (422). Likely a stale entry from an earlier seeder; remove it from the tree to silence this.`);
+			}
+		}
+		const items = filtered.map(([docId, v]) => {
 			const state = this.syncStates.get(docId);
 			const updatedAt = v?.updatedAt ?? v?.createdAt ?? 0;
 			let priority;
@@ -17772,6 +18171,42 @@ function toPlain(val) {
 	return val instanceof Y.Map ? val.toJSON() : val;
 }
 
+//#endregion
+//#region packages/provider/src/SchemaTypes.ts
+/**
+* Thrown by typed write methods on `TypedDocsClient` when the stored
+* entry's `type` doesn't match the caller's `expectedType`. Distinct from
+* `MetaValidationError` (which signals schema-content mismatches).
+*/
+var TypedDocTypeMismatchError = class extends Error {
+	constructor(docId, expectedType, actualType) {
+		super(`Typed write on document ${docId} expected type "${expectedType}" but stored type is ${actualType === void 0 ? "(none)" : `"${actualType}"`}`);
+		this.name = "TypedDocTypeMismatchError";
+		this.docId = docId;
+		this.expectedType = expectedType;
+		this.actualType = actualType;
+	}
+};
+/**
+* Project a raw `TreeEntry` to a `TypedTreeEntry<TMap, N>` if its `type`
+* matches; otherwise return `null`. Used by both `TreeManager.getTyped`
+* and `TypedDocsClient.{get,narrow}` to keep semantics consistent.
+*/
+function projectTreeEntry(entry, expectedType) {
+	if (!entry) return null;
+	if (entry.type !== expectedType) return null;
+	return {
+		id: entry.id,
+		type: expectedType,
+		label: entry.label,
+		parentId: entry.parentId,
+		order: entry.order,
+		meta: entry.meta,
+		createdAt: entry.createdAt,
+		updatedAt: entry.updatedAt
+	};
+}
+
 //#endregion
 //#region packages/provider/src/TreeManager.ts
 var TreeManager = class {
@@ -17842,6 +18277,20 @@ var TreeManager = class {
 			};
 		});
 	}
+	/**
+	* Schema-typed lookup. Returns a `TypedTreeEntry<TMap, N>` when the
+	* entry's `type` matches `expectedType`, else `null`. Pure projection
+	* over the existing untyped tree — no schema validation is performed
+	* here (the entry's data is whatever was last synced; meta correctness
+	* is the writer's responsibility, optionally enforced via
+	* `MetaManager.setSchema`).
+	*
+	* Rule 4 alignment: when the entry's type doesn't match, returns null
+	* rather than throwing — callers branch on the result.
+	*/
+	getTyped(_schema, expectedType, docId) {
+		return projectTreeEntry(this.get(docId), expectedType);
+	}
 	/** Find a single entry by ID. */
 	get(docId) {
 		const treeMap = this.dm.getTreeMap();
@@ -19567,9 +20016,29 @@ var ContentManager = class {
 
 //#endregion
 //#region packages/provider/src/MetaManager.ts
+var MetaValidationError = class extends Error {
+	constructor(docId, docType, errors) {
+		const detail = errors.map((e) => `${e.path.join(".") || "(root)"}: ${e.message}`).join("; ");
+		super(`Meta validation failed for document ${docId} of type "${docType}": ${detail}`);
+		this.name = "MetaValidationError";
+		this.docId = docId;
+		this.docType = docType;
+		this.errors = errors;
+	}
+};
 var MetaManager = class {
 	constructor(dm) {
 		this.dm = dm;
+		this.schema = null;
+	}
+	/**
+	* Attach (or detach with `null`) a schema validator. When set, every
+	* `update` / `set` validates the post-write meta against the entry's
+	* declared `type` before writing to the doc-tree. Entries without a
+	* `type` field pass through unconditionally.
+	*/
+	setSchema(schema) {
+		this.schema = schema;
 	}
 	/** Read metadata for a document. Returns null if not found. */
 	get(docId) {
@@ -19588,6 +20057,9 @@ var MetaManager = class {
 	/**
 	* Merge fields into a document's metadata.
 	* Existing keys not in the update are preserved.
+	*
+	* @throws {MetaValidationError} when a schema is attached and the
+	*   merged meta fails validation for the entry's declared type.
 	*/
 	update(docId, meta) {
 		const treeMap = this.dm.getTreeMap();
@@ -19595,18 +20067,23 @@ var MetaManager = class {
 		const raw = treeMap.get(docId);
 		if (!raw) throw new Error(`Document ${docId} not found`);
 		const entry = toPlain(raw);
+		const mergedMeta = {
+			...entry.meta ?? {},
+			...meta
+		};
+		this.validateOrThrow(docId, entry, mergedMeta);
 		treeMap.set(docId, {
 			...entry,
-			meta: {
-				...entry.meta ?? {},
-				...meta
-			},
+			meta: mergedMeta,
 			updatedAt: Date.now()
 		});
 	}
 	/**
 	* Replace all metadata on a document.
 	* This overwrites the entire meta object.
+	*
+	* @throws {MetaValidationError} when a schema is attached and the
+	*   replacement meta fails validation for the entry's declared type.
 	*/
 	set(docId, meta) {
 		const treeMap = this.dm.getTreeMap();
@@ -19614,6 +20091,7 @@ var MetaManager = class {
 		const raw = treeMap.get(docId);
 		if (!raw) throw new Error(`Document ${docId} not found`);
 		const entry = toPlain(raw);
+		this.validateOrThrow(docId, entry, meta);
 		treeMap.set(docId, {
 			...entry,
 			meta,
@@ -19631,12 +20109,20 @@ var MetaManager = class {
 		const entry = toPlain(raw);
 		const updated = { ...entry.meta ?? {} };
 		for (const key of keys) delete updated[key];
+		this.validateOrThrow(docId, entry, updated);
 		treeMap.set(docId, {
 			...entry,
 			meta: updated,
 			updatedAt: Date.now()
 		});
 	}
+	validateOrThrow(docId, entry, meta) {
+		if (!this.schema) return;
+		const docType = entry.type;
+		if (!docType) return;
+		const result = this.schema.validateMeta(docType, meta);
+		if (!result.ok) throw new MetaValidationError(docId, docType, result.errors);
+	}
 };
 
 //#endregion
@@ -19682,6 +20168,44 @@ var DocumentManager = class {
 		this.content = new ContentManager(this);
 		this.meta = new MetaManager(this);
 	}
+	/**
+	* Bind a schema registry to a typed accessor surface. The returned
+	* client offers `.get(type, id)` with the registry's meta types
+	* inferred at the call site, removing the need to pass `schema`
+	* to every lookup. The provider remains schema-free at runtime —
+	* `schema` is only used to drive type inference (see
+	* `SchemaRegistryLike` for the structural witness).
+	*
+	* @example
+	*   const docs = dm.docs(kanbanSchema);
+	*   const board = docs.get("kanban", id);
+	*   if (board) console.log(board.meta.kanbanColumnWidth); // typed
+	*/
+	docs(_schema) {
+		const tree = this.tree;
+		const meta = this.meta;
+		const expectType = (expected, id) => {
+			const actual = tree.get(id)?.type;
+			if (actual !== expected) throw new TypedDocTypeMismatchError(id, expected, actual);
+		};
+		return {
+			get: (expectedType, id) => projectTreeEntry(tree.get(id), expectedType),
+			getEntry: (id) => tree.get(id),
+			narrow: (expectedType, entry) => projectTreeEntry(entry ?? null, expectedType),
+			update: (expectedType, id, patch) => {
+				expectType(expectedType, id);
+				meta.update(id, patch);
+			},
+			set: (expectedType, id, value) => {
+				expectType(expectedType, id);
+				meta.set(id, value);
+			},
+			clear: (expectedType, id, keys) => {
+				expectType(expectedType, id);
+				meta.clear(id, keys);
+			}
+		};
+	}
 	get displayName() {
 		return this._config.name || "DocumentManager";
 	}
@@ -19823,5 +20347,5 @@ var DocumentManager = class {
 };
 
 //#endregion
-export { AbracadabraBaseProvider, AbracadabraClient, AbracadabraProvider, AbracadabraWS, AbracadabraWebRTC, AuthMessageType, AwarenessError, BackgroundSyncManager, BackgroundSyncPersistence, BroadcastChannelSync, CHANNEL_NAMES, ChannelKeyResolver, ChatClient, ConnectionTimeout, ContentManager, CryptoIdentityKeystore, DEFAULT_FILE_CHUNK_SIZE, DEFAULT_ICE_SERVERS, DataChannelRouter, DevicePairingChannel, DeviceRegistrationService, DocKeyManager, DocumentCache, DocumentManager, E2EAbracadabraProvider, E2EEChannel, E2EOfflineStore, EncryptedChatClient, EncryptedYMap, EncryptedYText, FileBlobStore, FileTransferChannel, FileTransferHandle, Forbidden, GEO_TYPE_META_SCHEMAS, HocuspocusProvider, HocuspocusProviderWebsocket, IdentityDocProvider, KEY_EXCHANGE_CHANNEL, Kind, ManualSignaling, MessageTooBig, MessageType, MetaManager, NotificationsClient, OfflineStore, PAGE_TYPES, PeerConnection, RPC_PREFIX, ResetConnection, RpcClient, RpcError, SERVER_ROOT_ID, SearchIndex, SignalingSocket, SubdocMessage, TYPE_ALIASES, TreeManager, Unauthorized, WebSocketStatus, WsReadyStates, YjsDataChannel, attachUpdatedAtObserver, awarenessStatesToArray, wordlist as bip39Wordlist, buildBlockquoteElement, buildBlocksFromMarkdown, buildBulletListElement, buildCodeBlockElement, buildHeadingElement, buildHorizontalRuleElement, buildOrderedListElement, buildParagraphElement, buildTaskListElement, decryptChatContent, decryptField, deriveIdentityDocId, deriveSeedWrappingKey, encryptChatContent, encryptField, filenameToLabel, foldRecords, generateMnemonic, isEncryptedContent, makeEncryptedYMap, makeEncryptedYText, mnemonicToEd25519Seed, mnemonicToKeyPair, normalizeRootId, parseFrontmatter, populateYDocFromMarkdown, readAuthMessage, readBlocksFromFragment, recordFromYAny, resolvePageType, toPlain, unwrapSeed, validateMnemonic, waitForSync, withTimeout, wrapSeed, writeAuthenticated, writeAuthentication, writePermissionDenied, writeTokenSyncRequest, yjsToMarkdown };
+export { AbracadabraBaseProvider, AbracadabraClient, AbracadabraProvider, AbracadabraWS, AbracadabraWebRTC, AuthMessageType, AwarenessError, BackgroundSyncManager, BackgroundSyncPersistence, BroadcastChannelSync, CHANNEL_NAMES, ChannelKeyResolver, ChatClient, ConnectionTimeout, ContentManager, CryptoIdentityKeystore, DEFAULT_FILE_CHUNK_SIZE, DEFAULT_ICE_SERVERS, DataChannelRouter, DevicePairingChannel, DeviceRegistrationService, DocKeyManager, DocumentCache, DocumentManager, E2EAbracadabraProvider, E2EEChannel, E2EOfflineStore, EncryptedChatClient, EncryptedYMap, EncryptedYText, FileBlobStore, FileTransferChannel, FileTransferHandle, Forbidden, GEO_TYPE_META_SCHEMAS, HocuspocusProvider, HocuspocusProviderWebsocket, IdentityDocProvider, KEY_EXCHANGE_CHANNEL, Kind, LocalStorageDeviceSessionStorage, ManualSignaling, MessageTooBig, MessageType, MetaManager, MetaValidationError, NotificationsClient, OfflineStore, PAGE_TYPES, PeerConnection, QUERY_PREFIX, QueryClient, QueryError, RPC_PREFIX, ResetConnection, RpcClient, RpcError, SERVER_ROOT_ID, SearchIndex, SignalingSocket, SubdocMessage, TYPE_ALIASES, TokenManager, TreeManager, TypedDocTypeMismatchError, Unauthorized, WebSocketStatus, WsReadyStates, YjsDataChannel, attachUpdatedAtObserver, awarenessStatesToArray, wordlist as bip39Wordlist, buildBlockquoteElement, buildBlocksFromMarkdown, buildBulletListElement, buildCodeBlockElement, buildHeadingElement, buildHorizontalRuleElement, buildOrderedListElement, buildParagraphElement, buildTaskListElement, decryptChatContent, decryptField, deriveIdentityDocId, deriveSeedWrappingKey, encryptChatContent, encryptField, filenameToLabel, foldRecords, generateMnemonic, isEncryptedContent, makeEncryptedYMap, makeEncryptedYText, mnemonicToEd25519Seed, mnemonicToKeyPair, normalizeRootId, parseFrontmatter, populateYDocFromMarkdown, readAuthMessage, readBlocksFromFragment, recordFromYAny, resolvePageType, toPlain, unwrapSeed, validateMnemonic, waitForSync, withTimeout, wrapSeed, writeAuthenticated, writeAuthentication, writePermissionDenied, writeTokenSyncRequest, yjsToMarkdown };
 //# sourceMappingURL=abracadabra-provider.esm.js.map