@aigne/aos 0.2.0-beta
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +49 -0
- package/LICENSE.md +26 -0
- package/dist/agent-dsl.cjs +116 -0
- package/dist/agent-dsl.d.cts +31 -0
- package/dist/agent-dsl.d.cts.map +1 -0
- package/dist/agent-dsl.d.mts +31 -0
- package/dist/agent-dsl.d.mts.map +1 -0
- package/dist/agent-dsl.mjs +115 -0
- package/dist/agent-dsl.mjs.map +1 -0
- package/dist/arc-compat.cjs +125 -0
- package/dist/arc-compat.d.cts +17 -0
- package/dist/arc-compat.d.cts.map +1 -0
- package/dist/arc-compat.d.mts +17 -0
- package/dist/arc-compat.d.mts.map +1 -0
- package/dist/arc-compat.mjs +123 -0
- package/dist/arc-compat.mjs.map +1 -0
- package/dist/auto-surface/compiler.cjs +36 -0
- package/dist/auto-surface/compiler.d.cts +7 -0
- package/dist/auto-surface/compiler.d.cts.map +1 -0
- package/dist/auto-surface/compiler.d.mts +7 -0
- package/dist/auto-surface/compiler.d.mts.map +1 -0
- package/dist/auto-surface/compiler.mjs +37 -0
- package/dist/auto-surface/compiler.mjs.map +1 -0
- package/dist/auto-surface/definition-dsl.cjs +333 -0
- package/dist/auto-surface/definition-dsl.d.cts +41 -0
- package/dist/auto-surface/definition-dsl.d.cts.map +1 -0
- package/dist/auto-surface/definition-dsl.d.mts +41 -0
- package/dist/auto-surface/definition-dsl.d.mts.map +1 -0
- package/dist/auto-surface/definition-dsl.mjs +332 -0
- package/dist/auto-surface/definition-dsl.mjs.map +1 -0
- package/dist/auto-surface/fragments.cjs +177 -0
- package/dist/auto-surface/fragments.d.cts +23 -0
- package/dist/auto-surface/fragments.d.cts.map +1 -0
- package/dist/auto-surface/fragments.d.mts +23 -0
- package/dist/auto-surface/fragments.d.mts.map +1 -0
- package/dist/auto-surface/fragments.mjs +175 -0
- package/dist/auto-surface/fragments.mjs.map +1 -0
- package/dist/auto-surface/index.d.mts +9 -0
- package/dist/auto-surface/layering.cjs +43 -0
- package/dist/auto-surface/layering.d.cts +7 -0
- package/dist/auto-surface/layering.d.cts.map +1 -0
- package/dist/auto-surface/layering.d.mts +7 -0
- package/dist/auto-surface/layering.d.mts.map +1 -0
- package/dist/auto-surface/layering.mjs +43 -0
- package/dist/auto-surface/layering.mjs.map +1 -0
- package/dist/auto-surface/projection.cjs +11 -0
- package/dist/auto-surface/projection.d.cts +11 -0
- package/dist/auto-surface/projection.d.cts.map +1 -0
- package/dist/auto-surface/projection.d.mts +11 -0
- package/dist/auto-surface/projection.d.mts.map +1 -0
- package/dist/auto-surface/projection.mjs +12 -0
- package/dist/auto-surface/projection.mjs.map +1 -0
- package/dist/auto-surface/projectors/settings-shell.cjs +114 -0
- package/dist/auto-surface/projectors/settings-shell.d.cts +10 -0
- package/dist/auto-surface/projectors/settings-shell.d.cts.map +1 -0
- package/dist/auto-surface/projectors/settings-shell.d.mts +10 -0
- package/dist/auto-surface/projectors/settings-shell.d.mts.map +1 -0
- package/dist/auto-surface/projectors/settings-shell.mjs +114 -0
- package/dist/auto-surface/projectors/settings-shell.mjs.map +1 -0
- package/dist/auto-surface/scenario.cjs +38 -0
- package/dist/auto-surface/scenario.d.cts +31 -0
- package/dist/auto-surface/scenario.d.cts.map +1 -0
- package/dist/auto-surface/scenario.d.mts +31 -0
- package/dist/auto-surface/scenario.d.mts.map +1 -0
- package/dist/auto-surface/scenario.mjs +37 -0
- package/dist/auto-surface/scenario.mjs.map +1 -0
- package/dist/auto-surface/types.cjs +9 -0
- package/dist/auto-surface/types.d.cts +153 -0
- package/dist/auto-surface/types.d.cts.map +1 -0
- package/dist/auto-surface/types.d.mts +153 -0
- package/dist/auto-surface/types.d.mts.map +1 -0
- package/dist/auto-surface/types.mjs +9 -0
- package/dist/auto-surface/types.mjs.map +1 -0
- package/dist/auto-surface/value-dsl.cjs +80 -0
- package/dist/auto-surface/value-dsl.d.cts +24 -0
- package/dist/auto-surface/value-dsl.d.cts.map +1 -0
- package/dist/auto-surface/value-dsl.d.mts +24 -0
- package/dist/auto-surface/value-dsl.d.mts.map +1 -0
- package/dist/auto-surface/value-dsl.mjs +79 -0
- package/dist/auto-surface/value-dsl.mjs.map +1 -0
- package/dist/blocklet/activation.cjs +94 -0
- package/dist/blocklet/activation.d.cts +30 -0
- package/dist/blocklet/activation.d.cts.map +1 -0
- package/dist/blocklet/activation.d.mts +30 -0
- package/dist/blocklet/activation.d.mts.map +1 -0
- package/dist/blocklet/activation.mjs +94 -0
- package/dist/blocklet/activation.mjs.map +1 -0
- package/dist/blocklet/did-space-registry.cjs +282 -0
- package/dist/blocklet/did-space-registry.d.cts +82 -0
- package/dist/blocklet/did-space-registry.d.cts.map +1 -0
- package/dist/blocklet/did-space-registry.d.mts +82 -0
- package/dist/blocklet/did-space-registry.d.mts.map +1 -0
- package/dist/blocklet/did-space-registry.mjs +281 -0
- package/dist/blocklet/did-space-registry.mjs.map +1 -0
- package/dist/blocklet/handlers.cjs +66 -0
- package/dist/blocklet/handlers.d.cts +16 -0
- package/dist/blocklet/handlers.d.cts.map +1 -0
- package/dist/blocklet/handlers.d.mts +16 -0
- package/dist/blocklet/handlers.d.mts.map +1 -0
- package/dist/blocklet/handlers.mjs +65 -0
- package/dist/blocklet/handlers.mjs.map +1 -0
- package/dist/blocklet/index.d.mts +7 -0
- package/dist/blocklet/manifest.d.cts +2 -0
- package/dist/blocklet/manifest.d.mts +2 -0
- package/dist/blocklet/manifest.mjs +3 -0
- package/dist/blocklet/registry.cjs +447 -0
- package/dist/blocklet/registry.d.cts +197 -0
- package/dist/blocklet/registry.d.cts.map +1 -0
- package/dist/blocklet/registry.d.mts +197 -0
- package/dist/blocklet/registry.d.mts.map +1 -0
- package/dist/blocklet/registry.mjs +441 -0
- package/dist/blocklet/registry.mjs.map +1 -0
- package/dist/blocklet/static-render.cjs +183 -0
- package/dist/blocklet/static-render.d.cts +55 -0
- package/dist/blocklet/static-render.d.cts.map +1 -0
- package/dist/blocklet/static-render.d.mts +55 -0
- package/dist/blocklet/static-render.d.mts.map +1 -0
- package/dist/blocklet/static-render.mjs +181 -0
- package/dist/blocklet/static-render.mjs.map +1 -0
- package/dist/blocklet/types.d.cts +70 -0
- package/dist/blocklet/types.d.cts.map +1 -0
- package/dist/blocklet/types.d.mts +70 -0
- package/dist/blocklet/types.d.mts.map +1 -0
- package/dist/devices/chain.cjs +127 -0
- package/dist/devices/chain.d.cts +48 -0
- package/dist/devices/chain.d.cts.map +1 -0
- package/dist/devices/chain.d.mts +48 -0
- package/dist/devices/chain.d.mts.map +1 -0
- package/dist/devices/chain.mjs +125 -0
- package/dist/devices/chain.mjs.map +1 -0
- package/dist/dsl-shared.cjs +290 -0
- package/dist/dsl-shared.d.cts +54 -0
- package/dist/dsl-shared.d.cts.map +1 -0
- package/dist/dsl-shared.d.mts +54 -0
- package/dist/dsl-shared.d.mts.map +1 -0
- package/dist/dsl-shared.mjs +287 -0
- package/dist/dsl-shared.mjs.map +1 -0
- package/dist/http/afs-mcp.cjs +85 -0
- package/dist/http/afs-mcp.d.cts +14 -0
- package/dist/http/afs-mcp.d.cts.map +1 -0
- package/dist/http/afs-mcp.d.mts +14 -0
- package/dist/http/afs-mcp.d.mts.map +1 -0
- package/dist/http/afs-mcp.mjs +86 -0
- package/dist/http/afs-mcp.mjs.map +1 -0
- package/dist/http/afs-raw.cjs +264 -0
- package/dist/http/afs-raw.d.cts +31 -0
- package/dist/http/afs-raw.d.cts.map +1 -0
- package/dist/http/afs-raw.d.mts +31 -0
- package/dist/http/afs-raw.d.mts.map +1 -0
- package/dist/http/afs-raw.mjs +264 -0
- package/dist/http/afs-raw.mjs.map +1 -0
- package/dist/http/afs-rest.cjs +30 -0
- package/dist/http/afs-rest.d.cts +21 -0
- package/dist/http/afs-rest.d.cts.map +1 -0
- package/dist/http/afs-rest.d.mts +21 -0
- package/dist/http/afs-rest.d.mts.map +1 -0
- package/dist/http/afs-rest.mjs +31 -0
- package/dist/http/afs-rest.mjs.map +1 -0
- package/dist/http/afs-rpc-wire.cjs +271 -0
- package/dist/http/afs-rpc-wire.d.cts +195 -0
- package/dist/http/afs-rpc-wire.d.cts.map +1 -0
- package/dist/http/afs-rpc-wire.d.mts +195 -0
- package/dist/http/afs-rpc-wire.d.mts.map +1 -0
- package/dist/http/afs-rpc-wire.mjs +262 -0
- package/dist/http/afs-rpc-wire.mjs.map +1 -0
- package/dist/http/afs-rpc.cjs +729 -0
- package/dist/http/afs-rpc.d.cts +103 -0
- package/dist/http/afs-rpc.d.cts.map +1 -0
- package/dist/http/afs-rpc.d.mts +103 -0
- package/dist/http/afs-rpc.d.mts.map +1 -0
- package/dist/http/afs-rpc.mjs +729 -0
- package/dist/http/afs-rpc.mjs.map +1 -0
- package/dist/http/afs-upload.cjs +116 -0
- package/dist/http/afs-upload.d.cts +40 -0
- package/dist/http/afs-upload.d.cts.map +1 -0
- package/dist/http/afs-upload.d.mts +40 -0
- package/dist/http/afs-upload.d.mts.map +1 -0
- package/dist/http/afs-upload.mjs +116 -0
- package/dist/http/afs-upload.mjs.map +1 -0
- package/dist/http/aup-client.cjs +60 -0
- package/dist/http/aup-client.d.cts +22 -0
- package/dist/http/aup-client.d.cts.map +1 -0
- package/dist/http/aup-client.d.mts +22 -0
- package/dist/http/aup-client.d.mts.map +1 -0
- package/dist/http/aup-client.mjs +59 -0
- package/dist/http/aup-client.mjs.map +1 -0
- package/dist/http/aup-event.cjs +100 -0
- package/dist/http/aup-event.d.cts +38 -0
- package/dist/http/aup-event.d.cts.map +1 -0
- package/dist/http/aup-event.d.mts +38 -0
- package/dist/http/aup-event.d.mts.map +1 -0
- package/dist/http/aup-event.mjs +101 -0
- package/dist/http/aup-event.mjs.map +1 -0
- package/dist/http/auth-context.cjs +66 -0
- package/dist/http/auth-context.d.cts +64 -0
- package/dist/http/auth-context.d.cts.map +1 -0
- package/dist/http/auth-context.d.mts +64 -0
- package/dist/http/auth-context.d.mts.map +1 -0
- package/dist/http/auth-context.mjs +66 -0
- package/dist/http/auth-context.mjs.map +1 -0
- package/dist/http/csrf.cjs +50 -0
- package/dist/http/csrf.d.cts +8 -0
- package/dist/http/csrf.d.cts.map +1 -0
- package/dist/http/csrf.d.mts +8 -0
- package/dist/http/csrf.d.mts.map +1 -0
- package/dist/http/csrf.mjs +49 -0
- package/dist/http/csrf.mjs.map +1 -0
- package/dist/http/handlers.cjs +106 -0
- package/dist/http/handlers.d.cts +39 -0
- package/dist/http/handlers.d.cts.map +1 -0
- package/dist/http/handlers.d.mts +39 -0
- package/dist/http/handlers.d.mts.map +1 -0
- package/dist/http/handlers.mjs +104 -0
- package/dist/http/handlers.mjs.map +1 -0
- package/dist/http/index.d.mts +1 -0
- package/dist/http/ingest-facade.cjs +315 -0
- package/dist/http/ingest-facade.mjs +314 -0
- package/dist/http/ingest-facade.mjs.map +1 -0
- package/dist/http/raw-url.cjs +136 -0
- package/dist/http/raw-url.d.cts +54 -0
- package/dist/http/raw-url.d.cts.map +1 -0
- package/dist/http/raw-url.d.mts +54 -0
- package/dist/http/raw-url.d.mts.map +1 -0
- package/dist/http/raw-url.mjs +136 -0
- package/dist/http/raw-url.mjs.map +1 -0
- package/dist/http/request-context.cjs +178 -0
- package/dist/http/request-context.d.cts +76 -0
- package/dist/http/request-context.d.cts.map +1 -0
- package/dist/http/request-context.d.mts +76 -0
- package/dist/http/request-context.d.mts.map +1 -0
- package/dist/http/request-context.mjs +179 -0
- package/dist/http/request-context.mjs.map +1 -0
- package/dist/index.cjs +197 -0
- package/dist/index.d.cts +63 -0
- package/dist/index.d.mts +68 -0
- package/dist/index.mjs +61 -0
- package/dist/mcp/index.cjs +9 -0
- package/dist/mcp/index.d.cts +5 -0
- package/dist/mcp/index.d.mts +5 -0
- package/dist/mcp/index.mjs +6 -0
- package/dist/mcp/prompts.cjs +17 -0
- package/dist/mcp/prompts.d.cts +8 -0
- package/dist/mcp/prompts.d.cts.map +1 -0
- package/dist/mcp/prompts.d.mts +8 -0
- package/dist/mcp/prompts.d.mts.map +1 -0
- package/dist/mcp/prompts.mjs +17 -0
- package/dist/mcp/prompts.mjs.map +1 -0
- package/dist/mcp/resources.cjs +22 -0
- package/dist/mcp/resources.d.cts +8 -0
- package/dist/mcp/resources.d.cts.map +1 -0
- package/dist/mcp/resources.d.mts +8 -0
- package/dist/mcp/resources.d.mts.map +1 -0
- package/dist/mcp/resources.mjs +22 -0
- package/dist/mcp/resources.mjs.map +1 -0
- package/dist/mcp/server.cjs +51 -0
- package/dist/mcp/server.d.cts +20 -0
- package/dist/mcp/server.d.cts.map +1 -0
- package/dist/mcp/server.d.mts +20 -0
- package/dist/mcp/server.d.mts.map +1 -0
- package/dist/mcp/server.mjs +52 -0
- package/dist/mcp/server.mjs.map +1 -0
- package/dist/mcp/tools.cjs +218 -0
- package/dist/mcp/tools.d.cts +8 -0
- package/dist/mcp/tools.d.cts.map +1 -0
- package/dist/mcp/tools.d.mts +8 -0
- package/dist/mcp/tools.d.mts.map +1 -0
- package/dist/mcp/tools.mjs +219 -0
- package/dist/mcp/tools.mjs.map +1 -0
- package/dist/mcp/utils.cjs +75 -0
- package/dist/mcp/utils.mjs +69 -0
- package/dist/mcp/utils.mjs.map +1 -0
- package/dist/mount/index.cjs +4 -0
- package/dist/mount/index.d.cts +3 -0
- package/dist/mount/index.d.mts +3 -0
- package/dist/mount/index.mjs +3 -0
- package/dist/mount/materializer.cjs +167 -0
- package/dist/mount/materializer.d.cts +97 -0
- package/dist/mount/materializer.d.cts.map +1 -0
- package/dist/mount/materializer.d.mts +97 -0
- package/dist/mount/materializer.d.mts.map +1 -0
- package/dist/mount/materializer.mjs +167 -0
- package/dist/mount/materializer.mjs.map +1 -0
- package/dist/mount/types.d.cts +90 -0
- package/dist/mount/types.d.cts.map +1 -0
- package/dist/mount/types.d.mts +90 -0
- package/dist/mount/types.d.mts.map +1 -0
- package/dist/mount-config.cjs +61 -0
- package/dist/mount-config.d.cts +19 -0
- package/dist/mount-config.d.cts.map +1 -0
- package/dist/mount-config.d.mts +19 -0
- package/dist/mount-config.d.mts.map +1 -0
- package/dist/mount-config.mjs +61 -0
- package/dist/mount-config.mjs.map +1 -0
- package/dist/projectors/aup-projector.cjs +190 -0
- package/dist/projectors/aup-projector.d.cts +59 -0
- package/dist/projectors/aup-projector.d.cts.map +1 -0
- package/dist/projectors/aup-projector.d.mts +59 -0
- package/dist/projectors/aup-projector.d.mts.map +1 -0
- package/dist/projectors/aup-projector.mjs +188 -0
- package/dist/projectors/aup-projector.mjs.map +1 -0
- package/dist/projectors/index.cjs +6 -0
- package/dist/projectors/index.d.cts +2 -0
- package/dist/projectors/index.d.mts +2 -0
- package/dist/projectors/index.mjs +3 -0
- package/dist/scaffold/afs.cjs +195 -0
- package/dist/scaffold/afs.d.cts +16 -0
- package/dist/scaffold/afs.d.cts.map +1 -0
- package/dist/scaffold/afs.d.mts +16 -0
- package/dist/scaffold/afs.d.mts.map +1 -0
- package/dist/scaffold/afs.mjs +195 -0
- package/dist/scaffold/afs.mjs.map +1 -0
- package/dist/scaffold/composition.cjs +92 -0
- package/dist/scaffold/composition.d.cts +10 -0
- package/dist/scaffold/composition.d.cts.map +1 -0
- package/dist/scaffold/composition.d.mts +10 -0
- package/dist/scaffold/composition.d.mts.map +1 -0
- package/dist/scaffold/composition.mjs +92 -0
- package/dist/scaffold/composition.mjs.map +1 -0
- package/dist/scaffold/dsl-error.cjs +21 -0
- package/dist/scaffold/dsl-error.d.cts +11 -0
- package/dist/scaffold/dsl-error.d.cts.map +1 -0
- package/dist/scaffold/dsl-error.d.mts +11 -0
- package/dist/scaffold/dsl-error.d.mts.map +1 -0
- package/dist/scaffold/dsl-error.mjs +20 -0
- package/dist/scaffold/dsl-error.mjs.map +1 -0
- package/dist/scaffold/index.d.mts +12 -0
- package/dist/scaffold/manifest-dsl.cjs +188 -0
- package/dist/scaffold/manifest-dsl.d.cts +8 -0
- package/dist/scaffold/manifest-dsl.d.cts.map +1 -0
- package/dist/scaffold/manifest-dsl.d.mts +8 -0
- package/dist/scaffold/manifest-dsl.d.mts.map +1 -0
- package/dist/scaffold/manifest-dsl.mjs +188 -0
- package/dist/scaffold/manifest-dsl.mjs.map +1 -0
- package/dist/scaffold/module-dsl.cjs +284 -0
- package/dist/scaffold/module-dsl.d.cts +8 -0
- package/dist/scaffold/module-dsl.d.cts.map +1 -0
- package/dist/scaffold/module-dsl.d.mts +8 -0
- package/dist/scaffold/module-dsl.d.mts.map +1 -0
- package/dist/scaffold/module-dsl.mjs +284 -0
- package/dist/scaffold/module-dsl.mjs.map +1 -0
- package/dist/scaffold/resolver.cjs +156 -0
- package/dist/scaffold/resolver.d.cts +7 -0
- package/dist/scaffold/resolver.d.cts.map +1 -0
- package/dist/scaffold/resolver.d.mts +7 -0
- package/dist/scaffold/resolver.d.mts.map +1 -0
- package/dist/scaffold/resolver.mjs +156 -0
- package/dist/scaffold/resolver.mjs.map +1 -0
- package/dist/scaffold/runtime.cjs +24 -0
- package/dist/scaffold/runtime.d.cts +19 -0
- package/dist/scaffold/runtime.d.cts.map +1 -0
- package/dist/scaffold/runtime.d.mts +19 -0
- package/dist/scaffold/runtime.d.mts.map +1 -0
- package/dist/scaffold/runtime.mjs +25 -0
- package/dist/scaffold/runtime.mjs.map +1 -0
- package/dist/scaffold/shell-dsl.cjs +279 -0
- package/dist/scaffold/shell-dsl.d.cts +8 -0
- package/dist/scaffold/shell-dsl.d.cts.map +1 -0
- package/dist/scaffold/shell-dsl.d.mts +8 -0
- package/dist/scaffold/shell-dsl.d.mts.map +1 -0
- package/dist/scaffold/shell-dsl.mjs +279 -0
- package/dist/scaffold/shell-dsl.mjs.map +1 -0
- package/dist/scaffold/surface-dsl.cjs +182 -0
- package/dist/scaffold/surface-dsl.d.cts +8 -0
- package/dist/scaffold/surface-dsl.d.cts.map +1 -0
- package/dist/scaffold/surface-dsl.d.mts +8 -0
- package/dist/scaffold/surface-dsl.d.mts.map +1 -0
- package/dist/scaffold/surface-dsl.mjs +182 -0
- package/dist/scaffold/surface-dsl.mjs.map +1 -0
- package/dist/scaffold/surfaces.cjs +84 -0
- package/dist/scaffold/surfaces.d.cts +23 -0
- package/dist/scaffold/surfaces.d.cts.map +1 -0
- package/dist/scaffold/surfaces.d.mts +24 -0
- package/dist/scaffold/surfaces.d.mts.map +1 -0
- package/dist/scaffold/surfaces.mjs +84 -0
- package/dist/scaffold/surfaces.mjs.map +1 -0
- package/dist/scaffold/types.d.cts +264 -0
- package/dist/scaffold/types.d.cts.map +1 -0
- package/dist/scaffold/types.d.mts +265 -0
- package/dist/scaffold/types.d.mts.map +1 -0
- package/dist/scaffold/workspace-dsl.cjs +339 -0
- package/dist/scaffold/workspace-dsl.d.cts +49 -0
- package/dist/scaffold/workspace-dsl.d.cts.map +1 -0
- package/dist/scaffold/workspace-dsl.d.mts +49 -0
- package/dist/scaffold/workspace-dsl.d.mts.map +1 -0
- package/dist/scaffold/workspace-dsl.mjs +337 -0
- package/dist/scaffold/workspace-dsl.mjs.map +1 -0
- package/dist/scope/index.d.mts +3 -0
- package/dist/scope/read-blocklet-scope.cjs +29 -0
- package/dist/scope/read-blocklet-scope.d.cts +8 -0
- package/dist/scope/read-blocklet-scope.d.cts.map +1 -0
- package/dist/scope/read-blocklet-scope.d.mts +8 -0
- package/dist/scope/read-blocklet-scope.d.mts.map +1 -0
- package/dist/scope/read-blocklet-scope.mjs +30 -0
- package/dist/scope/read-blocklet-scope.mjs.map +1 -0
- package/dist/scope/resolve-scoped-afs.cjs +87 -0
- package/dist/scope/resolve-scoped-afs.d.cts +7 -0
- package/dist/scope/resolve-scoped-afs.d.cts.map +1 -0
- package/dist/scope/resolve-scoped-afs.d.mts +7 -0
- package/dist/scope/resolve-scoped-afs.d.mts.map +1 -0
- package/dist/scope/resolve-scoped-afs.mjs +88 -0
- package/dist/scope/resolve-scoped-afs.mjs.map +1 -0
- package/dist/scope/types.d.cts +25 -0
- package/dist/scope/types.d.cts.map +1 -0
- package/dist/scope/types.d.mts +25 -0
- package/dist/scope/types.d.mts.map +1 -0
- package/dist/session/backends.cjs +90 -0
- package/dist/session/backends.d.cts +35 -0
- package/dist/session/backends.d.cts.map +1 -0
- package/dist/session/backends.d.mts +35 -0
- package/dist/session/backends.d.mts.map +1 -0
- package/dist/session/backends.mjs +89 -0
- package/dist/session/backends.mjs.map +1 -0
- package/dist/session/replication-resolver.cjs +323 -0
- package/dist/session/replication-resolver.d.cts +71 -0
- package/dist/session/replication-resolver.d.cts.map +1 -0
- package/dist/session/replication-resolver.d.mts +71 -0
- package/dist/session/replication-resolver.d.mts.map +1 -0
- package/dist/session/replication-resolver.mjs +323 -0
- package/dist/session/replication-resolver.mjs.map +1 -0
- package/dist/session/role-level.cjs +36 -0
- package/dist/session/role-level.d.cts +24 -0
- package/dist/session/role-level.d.cts.map +1 -0
- package/dist/session/role-level.d.mts +24 -0
- package/dist/session/role-level.d.mts.map +1 -0
- package/dist/session/role-level.mjs +35 -0
- package/dist/session/role-level.mjs.map +1 -0
- package/dist/session/session-dir-providers.cjs +254 -0
- package/dist/session/session-dir-providers.d.cts +32 -0
- package/dist/session/session-dir-providers.d.cts.map +1 -0
- package/dist/session/session-dir-providers.d.mts +32 -0
- package/dist/session/session-dir-providers.d.mts.map +1 -0
- package/dist/session/session-dir-providers.mjs +252 -0
- package/dist/session/session-dir-providers.mjs.map +1 -0
- package/dist/session/session-id.cjs +20 -0
- package/dist/session/session-id.d.cts +15 -0
- package/dist/session/session-id.d.cts.map +1 -0
- package/dist/session/session-id.d.mts +15 -0
- package/dist/session/session-id.d.mts.map +1 -0
- package/dist/session/session-id.mjs +20 -0
- package/dist/session/session-id.mjs.map +1 -0
- package/dist/session/session-user-afs.cjs +899 -0
- package/dist/session/session-user-afs.d.cts +296 -0
- package/dist/session/session-user-afs.d.cts.map +1 -0
- package/dist/session/session-user-afs.d.mts +296 -0
- package/dist/session/session-user-afs.d.mts.map +1 -0
- package/dist/session/session-user-afs.mjs +896 -0
- package/dist/session/session-user-afs.mjs.map +1 -0
- package/dist/session/settings-cascade.cjs +69 -0
- package/dist/session/settings-cascade.d.cts +81 -0
- package/dist/session/settings-cascade.d.cts.map +1 -0
- package/dist/session/settings-cascade.d.mts +81 -0
- package/dist/session/settings-cascade.d.mts.map +1 -0
- package/dist/session/settings-cascade.mjs +69 -0
- package/dist/session/settings-cascade.mjs.map +1 -0
- package/dist/session/settings-resolver.cjs +770 -0
- package/dist/session/settings-resolver.d.cts +177 -0
- package/dist/session/settings-resolver.d.cts.map +1 -0
- package/dist/session/settings-resolver.d.mts +177 -0
- package/dist/session/settings-resolver.d.mts.map +1 -0
- package/dist/session/settings-resolver.mjs +771 -0
- package/dist/session/settings-resolver.mjs.map +1 -0
- package/dist/session/settings-schema-store.cjs +0 -0
- package/dist/session/settings-schema-store.d.cts +72 -0
- package/dist/session/settings-schema-store.d.cts.map +1 -0
- package/dist/session/settings-schema-store.d.mts +72 -0
- package/dist/session/settings-schema-store.d.mts.map +1 -0
- package/dist/session/settings-schema-store.mjs +0 -0
- package/dist/session/settings-schema-store.mjs.map +1 -0
- package/dist/system-mounts/index.cjs +14 -0
- package/dist/system-mounts/index.d.cts +6 -0
- package/dist/system-mounts/index.d.mts +6 -0
- package/dist/system-mounts/index.mjs +6 -0
- package/dist/system-mounts/install.cjs +101 -0
- package/dist/system-mounts/install.d.cts +36 -0
- package/dist/system-mounts/install.d.cts.map +1 -0
- package/dist/system-mounts/install.d.mts +37 -0
- package/dist/system-mounts/install.d.mts.map +1 -0
- package/dist/system-mounts/install.mjs +102 -0
- package/dist/system-mounts/install.mjs.map +1 -0
- package/dist/system-mounts/installers.cjs +247 -0
- package/dist/system-mounts/installers.d.cts +13 -0
- package/dist/system-mounts/installers.d.cts.map +1 -0
- package/dist/system-mounts/installers.d.mts +14 -0
- package/dist/system-mounts/installers.d.mts.map +1 -0
- package/dist/system-mounts/installers.mjs +244 -0
- package/dist/system-mounts/installers.mjs.map +1 -0
- package/dist/system-mounts/lists.cjs +122 -0
- package/dist/system-mounts/lists.d.cts +34 -0
- package/dist/system-mounts/lists.d.cts.map +1 -0
- package/dist/system-mounts/lists.d.mts +34 -0
- package/dist/system-mounts/lists.d.mts.map +1 -0
- package/dist/system-mounts/lists.mjs +122 -0
- package/dist/system-mounts/lists.mjs.map +1 -0
- package/dist/system-mounts/types.d.cts +124 -0
- package/dist/system-mounts/types.d.cts.map +1 -0
- package/dist/system-mounts/types.d.mts +125 -0
- package/dist/system-mounts/types.d.mts.map +1 -0
- package/dist/system-mounts/validate.cjs +56 -0
- package/dist/system-mounts/validate.d.cts +34 -0
- package/dist/system-mounts/validate.d.cts.map +1 -0
- package/dist/system-mounts/validate.d.mts +34 -0
- package/dist/system-mounts/validate.d.mts.map +1 -0
- package/dist/system-mounts/validate.mjs +56 -0
- package/dist/system-mounts/validate.mjs.map +1 -0
- package/dist/terminal-llm.cjs +90 -0
- package/dist/terminal-llm.d.cts +50 -0
- package/dist/terminal-llm.d.cts.map +1 -0
- package/dist/terminal-llm.d.mts +50 -0
- package/dist/terminal-llm.d.mts.map +1 -0
- package/dist/terminal-llm.mjs +90 -0
- package/dist/terminal-llm.mjs.map +1 -0
- package/dist/terminal-repl.cjs +371 -0
- package/dist/terminal-repl.d.cts +69 -0
- package/dist/terminal-repl.d.cts.map +1 -0
- package/dist/terminal-repl.d.mts +69 -0
- package/dist/terminal-repl.d.mts.map +1 -0
- package/dist/terminal-repl.mjs +370 -0
- package/dist/terminal-repl.mjs.map +1 -0
- package/dist/transport/idle-timer.cjs +136 -0
- package/dist/transport/idle-timer.d.cts +92 -0
- package/dist/transport/idle-timer.d.cts.map +1 -0
- package/dist/transport/idle-timer.d.mts +92 -0
- package/dist/transport/idle-timer.d.mts.map +1 -0
- package/dist/transport/idle-timer.mjs +132 -0
- package/dist/transport/idle-timer.mjs.map +1 -0
- package/dist/web-component-dsl.cjs +153 -0
- package/dist/web-component-dsl.d.cts +27 -0
- package/dist/web-component-dsl.d.cts.map +1 -0
- package/dist/web-component-dsl.d.mts +27 -0
- package/dist/web-component-dsl.d.mts.map +1 -0
- package/dist/web-component-dsl.mjs +152 -0
- package/dist/web-component-dsl.mjs.map +1 -0
- package/package.json +81 -0
|
@@ -0,0 +1,296 @@
|
|
|
1
|
+
import { SettingsSchemaHandle } from "./settings-schema-store.cjs";
|
|
2
|
+
import * as _aigne_afs0 from "@aigne/afs";
|
|
3
|
+
import { AFSBatchDeleteEntry, AFSBatchDeleteResult, AFSBatchReadEntry, AFSBatchReadResult, AFSBatchWriteEntry, AFSBatchWriteResult, AFSCollectionQueryResult, AFSCollectionQuerySpec, AFSDeleteOptions, AFSDeleteResult, AFSEventCallback, AFSEventFilter, AFSExecOptions, AFSExecResult, AFSExplainOptions, AFSExplainResult, AFSListOptions, AFSListResult, AFSModule, AFSQueryOptions, AFSReadOptions, AFSReadResult, AFSRoot, AFSSearchOptions, AFSSearchResult, AFSStatOptions, AFSStatResult, AFSUnsubscribe, AFSWriteEntryPayload, AFSWriteOptions, AFSWriteResult, MountInfo } from "@aigne/afs";
|
|
4
|
+
|
|
5
|
+
//#region src/session/session-user-afs.d.ts
|
|
6
|
+
/**
|
|
7
|
+
* STATIC full set of overlay prefixes a SessionUserAFS may mount — the
|
|
8
|
+
* anonymous-bearer denylist for signed raw URLs (afs-preview design §3).
|
|
9
|
+
*
|
|
10
|
+
* Deliberately NOT derived from an instance's `overlays` array: `/space` and
|
|
11
|
+
* `/instance/settings` are conditionally mounted, so per-instance derivation
|
|
12
|
+
* would drift with wiring. Fail-closed: an anonymous raw URL is refused for
|
|
13
|
+
* these prefixes even when the issuing session didn't mount them.
|
|
14
|
+
*
|
|
15
|
+
* KEEP IN SYNC with the constructor below — the unit test enumerates this
|
|
16
|
+
* set against the constructor's possible mounts, table-driven.
|
|
17
|
+
*/
|
|
18
|
+
declare const SESSION_OVERLAY_PREFIXES: readonly ["/user/index", "/user", "/tmp", "/space", "/instance/settings"];
|
|
19
|
+
/**
|
|
20
|
+
* Whether a (sanitized) path falls under any session-private overlay prefix.
|
|
21
|
+
* Used by the raw-URL primitives to refuse anonymous bearer URLs for
|
|
22
|
+
* session-private content (issue-side denial + verify-side second defense).
|
|
23
|
+
*/
|
|
24
|
+
declare function isSessionPrivatePath(path: string): boolean;
|
|
25
|
+
/**
|
|
26
|
+
* Guard the first-match-by-prefix invariant: no overlay may be preceded by
|
|
27
|
+
* another whose prefix is a proper prefix of it (which would swallow its
|
|
28
|
+
* paths). `/instance/settings` MUST come before any future `/instance` or `/`
|
|
29
|
+
* overlay. Extracted + exported so the ordering contract is unit-testable
|
|
30
|
+
* without reaching into the class. Throws on violation (a wiring bug).
|
|
31
|
+
*/
|
|
32
|
+
declare function assertOverlayOrder(prefixes: string[]): void;
|
|
33
|
+
declare class SessionUserAFS implements AFSRoot {
|
|
34
|
+
private readonly base;
|
|
35
|
+
/**
|
|
36
|
+
* True when the blocklet manifest declares `index:` and `/user` search is
|
|
37
|
+
* expected to be served by `/user/index`. Kept separate from the
|
|
38
|
+
* `/user/index` overlay itself because runtimes reserve that path with a
|
|
39
|
+
* null provider even for no-index blocklets to make direct `/user/index`
|
|
40
|
+
* access fail closed.
|
|
41
|
+
*/
|
|
42
|
+
private readonly indexSearchRequired;
|
|
43
|
+
readonly name: string;
|
|
44
|
+
readonly accessMode: AFSRoot["accessMode"];
|
|
45
|
+
private readonly overlays;
|
|
46
|
+
/**
|
|
47
|
+
* Named reference to the settings resolver overlay (the overlay table only
|
|
48
|
+
* stores it anonymously) so `beginRender`/`endRender` can proxy to it —
|
|
49
|
+
* settings-layering §2.B render boundary.
|
|
50
|
+
*/
|
|
51
|
+
private readonly settingsResolver;
|
|
52
|
+
constructor(base: AFSRoot, /** The caller's per-user provider (userDataBackend output), or null for anonymous. */
|
|
53
|
+
|
|
54
|
+
userProvider: AFSModule | null, /** The session's `/tmp` provider (joinSession's sessionTmpBackend output), or null. */
|
|
55
|
+
|
|
56
|
+
tmpProvider: AFSModule | null, sessionId: string,
|
|
57
|
+
/**
|
|
58
|
+
* The per-session SettingsResolver intercepting `/instance/settings/**`
|
|
59
|
+
* (instance+user settings cascade), or null when settings aren't wired.
|
|
60
|
+
*/
|
|
61
|
+
|
|
62
|
+
settingsResolver?: AFSModule | null,
|
|
63
|
+
/**
|
|
64
|
+
* The caller's whole DID Space root provider. Omit to leave `/space`
|
|
65
|
+
* untouched; pass null to explicitly reserve `/space` and fail closed.
|
|
66
|
+
*/
|
|
67
|
+
spaceProvider?: AFSModule | null,
|
|
68
|
+
/**
|
|
69
|
+
* The caller's per-user semantic index (`@aigne/afs-index`) at `/user/index`.
|
|
70
|
+
* Omit to leave `/user/index` untouched (falls through to the `/user`
|
|
71
|
+
* provider); pass null to reserve it and fail closed. Mounted BEFORE `/user`
|
|
72
|
+
* so child-first routing sends `/user/index/**` here, mirroring how
|
|
73
|
+
* `/instance/settings` precedes `/instance`.
|
|
74
|
+
*/
|
|
75
|
+
indexProvider?: AFSModule | null,
|
|
76
|
+
/**
|
|
77
|
+
* Replicated-collection overlays built by createSessionView when the blocklet
|
|
78
|
+
* manifest declares `replicated` collections. Each entry is mounted at its
|
|
79
|
+
* `prefix` (e.g. `/instance`) AFTER the `/instance/settings` interceptor so
|
|
80
|
+
* child-first routing sends `/instance/settings/**` to the SettingsResolver
|
|
81
|
+
* and everything else in the prefix to the ReplicationResolver.
|
|
82
|
+
*/
|
|
83
|
+
replicationOverlays?: Array<{
|
|
84
|
+
prefix: string;
|
|
85
|
+
id: string;
|
|
86
|
+
provider: AFSModule | null;
|
|
87
|
+
}>,
|
|
88
|
+
/**
|
|
89
|
+
* True when the blocklet manifest declares `index:` and `/user` search is
|
|
90
|
+
* expected to be served by `/user/index`. Kept separate from the
|
|
91
|
+
* `/user/index` overlay itself because runtimes reserve that path with a
|
|
92
|
+
* null provider even for no-index blocklets to make direct `/user/index`
|
|
93
|
+
* access fail closed.
|
|
94
|
+
*/
|
|
95
|
+
indexSearchRequired?: boolean);
|
|
96
|
+
/** Match a path against the overlay table. Returns the overlay + sub-path. */
|
|
97
|
+
private matchOverlay;
|
|
98
|
+
/** Overlays that are actually backed (provider present). */
|
|
99
|
+
private get activeOverlays();
|
|
100
|
+
/** Backed AND root-level overlays — the ones surfaced at `/` / in getMounts. */
|
|
101
|
+
private get rootOverlays();
|
|
102
|
+
private rejectMissing;
|
|
103
|
+
/**
|
|
104
|
+
* Whether a write context originates from an untrusted network client.
|
|
105
|
+
* `callerOrigin` is a host-stamped, unforgeable marker (strip + trusted reset,
|
|
106
|
+
* see FORGEABLE_CONTEXT_FIELDS); internal code (seeding / cron / agent /
|
|
107
|
+
* operator CLI) carries no `callerOrigin`. Mirrors the reflexive effect gate's
|
|
108
|
+
* network check (`exec-effect-gate.ts`).
|
|
109
|
+
*/
|
|
110
|
+
private isNetworkOrigin;
|
|
111
|
+
/**
|
|
112
|
+
* Caller-origin base-write gate (instance-write-authz §5.1). A network client
|
|
113
|
+
* may never bare-write a BASE-fallthrough path — any path NOT matched by an
|
|
114
|
+
* overlay (`/instance/<non-mediated>`, `/packages`, `/dev`, `/registry`, `/`).
|
|
115
|
+
* Authorized `/instance` writes must go through a resolver overlay
|
|
116
|
+
* (`/instance/settings` → SettingsResolver, future `/instance/app` →
|
|
117
|
+
* ReplicationResolver — each carries its own role/minRole gate) or internal
|
|
118
|
+
* trusted code (`callerOrigin: undefined`).
|
|
119
|
+
*
|
|
120
|
+
* Called ONLY on the base-fallthrough branch (overlay-matched paths never
|
|
121
|
+
* reach here). STRICTER than the effect gate: it rejects AUTHENTICATED network
|
|
122
|
+
* callers too (the effect gate lets `caller.did` through) — that authed-but-
|
|
123
|
+
* network reflexive base write is exactly Finding 1's live path.
|
|
124
|
+
*/
|
|
125
|
+
private forbiddenBaseWrite;
|
|
126
|
+
private enforceBaseWriteGate;
|
|
127
|
+
/** Re-prefix a provider-relative path back into the overlay namespace. */
|
|
128
|
+
private reprefix;
|
|
129
|
+
list(path: string, options?: AFSListOptions): Promise<AFSListResult>;
|
|
130
|
+
read(path: string, options?: AFSReadOptions): Promise<AFSReadResult>;
|
|
131
|
+
/**
|
|
132
|
+
* Overlay-dispatch for `presignRead` (preview-r2-direct §5a.2 / T1.2). Same
|
|
133
|
+
* routing as `read`: a matched overlay whose provider implements `presignRead`
|
|
134
|
+
* gets the sub-path; a base-fallthrough path (or an overlay provider without
|
|
135
|
+
* the capability) → `null` (fail-soft → the raw handler serves bytes itself).
|
|
136
|
+
*
|
|
137
|
+
* The meta-only ACL and the `null`-on-everything fail-soft live DEEPER (the
|
|
138
|
+
* `/user` overlay provider is a `ProjectionProvider` → core `AFS` (globalAFS),
|
|
139
|
+
* where the authoritative meta guard runs — §5a.2 "routing to the root
|
|
140
|
+
* computation"); this layer only forwards.
|
|
141
|
+
*
|
|
142
|
+
* This is the HANDLER-FACING surface (`scoped.afs`), so it owns the §5a.5
|
|
143
|
+
* "NEVER throws to the handler" guarantee end-to-end: a deeper layer that
|
|
144
|
+
* throws (e.g. a read-disabled `ProjectionProvider.checkOp("read")` →
|
|
145
|
+
* `AFSAccessModeError`) is caught here → `null` → the raw handler serves bytes
|
|
146
|
+
* itself (and the worker-serve read then re-applies that same gate). No URL
|
|
147
|
+
* can leak past a read-disabled / failing projection.
|
|
148
|
+
*/
|
|
149
|
+
presignRead(path: string, opts?: {
|
|
150
|
+
responseContentType?: string;
|
|
151
|
+
}): Promise<{
|
|
152
|
+
url: string;
|
|
153
|
+
expiresAt: string;
|
|
154
|
+
} | null>;
|
|
155
|
+
write(path: string, content: AFSWriteEntryPayload, options?: AFSWriteOptions): Promise<AFSWriteResult>;
|
|
156
|
+
delete(path: string, options?: AFSDeleteOptions): Promise<AFSDeleteResult>;
|
|
157
|
+
/** Plan contiguous runs of entry indices by overlay identity (null = base). */
|
|
158
|
+
private planOverlayRuns;
|
|
159
|
+
batchWrite(entries: AFSBatchWriteEntry[], options?: _aigne_afs0.AFSOperationOptions): Promise<AFSBatchWriteResult>;
|
|
160
|
+
batchDelete(entries: AFSBatchDeleteEntry[], options?: _aigne_afs0.AFSOperationOptions): Promise<AFSBatchDeleteResult>;
|
|
161
|
+
batchRead(entries: AFSBatchReadEntry[], options?: _aigne_afs0.AFSOperationOptions): Promise<AFSBatchReadResult>;
|
|
162
|
+
query(path: string, spec: AFSCollectionQuerySpec, options?: AFSQueryOptions): Promise<AFSCollectionQueryResult>;
|
|
163
|
+
stat(path: string, options?: AFSStatOptions): Promise<AFSStatResult>;
|
|
164
|
+
explain(path: string, options?: AFSExplainOptions): Promise<AFSExplainResult>;
|
|
165
|
+
/**
|
|
166
|
+
* Find the `/user/index` overlay's backing provider, or undefined when
|
|
167
|
+
* unmounted (no `index:` manifest section) OR reserved-null (blocklet
|
|
168
|
+
* declares `index:` but this caller has no DID / no callerDid — see
|
|
169
|
+
* `createSessionView`'s `indexProvider` doc).
|
|
170
|
+
*/
|
|
171
|
+
private findIndexOverlay;
|
|
172
|
+
private isAfsValidationError;
|
|
173
|
+
private isAfsDependencyError;
|
|
174
|
+
private searchDiagnostics;
|
|
175
|
+
private rejectIndexSearchFallback;
|
|
176
|
+
/**
|
|
177
|
+
* Parse a `read()`-returned raw content string as JSON, matching the exact
|
|
178
|
+
* fail-soft convention `IndexFollower.indexEntry` uses when hydrating
|
|
179
|
+
* changelog rows (`providers/basic/index/src/follower.ts`): non-string
|
|
180
|
+
* content is passed through untouched; a string that isn't valid JSON is
|
|
181
|
+
* kept as the raw string rather than dropped. afs-list's `performSearch`
|
|
182
|
+
* (P5 forward contract) expects a resolved `content` object for JSON
|
|
183
|
+
* entries — this is what makes that true without a second copy of the
|
|
184
|
+
* parse-or-passthrough logic living in the hydration loop below.
|
|
185
|
+
*/
|
|
186
|
+
private parseEntryContent;
|
|
187
|
+
/**
|
|
188
|
+
* Hydrate index-query hits (`{ entryPath, score, matchType }` — path only,
|
|
189
|
+
* no content) into full `AFSEntry` objects by reading each `entryPath`
|
|
190
|
+
* through THIS session view (so the caller's own `/user` overlay + its
|
|
191
|
+
* per-caller isolation applies a second time, on top of the index query's
|
|
192
|
+
* own `boundDomains` isolation — belt-and-suspenders, not redundant: see
|
|
193
|
+
* design.md P5 section). A stale entry (index has it, storage doesn't —
|
|
194
|
+
* e.g. a delete that hasn't reached the follower yet) fails the `read()`
|
|
195
|
+
* and is skipped rather than surfaced as a broken result.
|
|
196
|
+
*/
|
|
197
|
+
private hydrateSearchEntries;
|
|
198
|
+
/**
|
|
199
|
+
* Search-verb forward contract (P5, design.md "search verb forwarding"):
|
|
200
|
+
* a `/user/**` search first tries the caller's semantic `/user/index`
|
|
201
|
+
* (when mounted with a real provider), scoping hits to the requested
|
|
202
|
+
* subtree and hydrating them with real content via `read()`. For blocklets
|
|
203
|
+
* whose manifest declares `index:`, the index is authoritative: failures are
|
|
204
|
+
* surfaced and DID Space native search is refused because it is an O(N)
|
|
205
|
+
* content scan. Legacy/no-index blocklets keep the old direct overlay search
|
|
206
|
+
* behavior. A successful empty index result is authoritative and returns an
|
|
207
|
+
* empty array. Index results and fallback results are never unioned. Any other
|
|
208
|
+
* overlay (`/user/index` addressed directly, `/tmp`, `/space`,
|
|
209
|
+
* `/instance/settings`, replication overlays) keeps its pre-existing
|
|
210
|
+
* single-overlay-search behavior unchanged.
|
|
211
|
+
*/
|
|
212
|
+
search(path: string, query: string, options?: AFSSearchOptions): Promise<AFSSearchResult>;
|
|
213
|
+
exec(path: string, args: Record<string, unknown>, options: AFSExecOptions): Promise<AFSExecResult>;
|
|
214
|
+
/**
|
|
215
|
+
* Inject `context.afs = this` so downstream provider handlers that call
|
|
216
|
+
* back into AFS (`ctx.context.afs.read`/`.write`/`.exec`/...) hit this
|
|
217
|
+
* overlaid session view — not the bare runtime root the provider was
|
|
218
|
+
* mounted into. Without this, the `/user` overlay (and any other per-
|
|
219
|
+
* caller overlay) is invisible to handler-internal AFS calls, so writes
|
|
220
|
+
* silently land on the global `/user` fs mount instead of the caller's
|
|
221
|
+
* DID-Space-projected `/user`.
|
|
222
|
+
*/
|
|
223
|
+
private withSelfContext;
|
|
224
|
+
subscribe(filter: AFSEventFilter, callback: AFSEventCallback): AFSUnsubscribe;
|
|
225
|
+
/**
|
|
226
|
+
* Subscribe one overlay's backing provider, re-prefixing bridged event paths
|
|
227
|
+
* back into the overlay namespace. No-op when the overlay is unbacked
|
|
228
|
+
* (anonymous `/user`) or its provider lacks `subscribe`.
|
|
229
|
+
*/
|
|
230
|
+
private subscribeOverlay;
|
|
231
|
+
beginRender(renderId: string): Promise<void>;
|
|
232
|
+
endRender(renderId: string): void;
|
|
233
|
+
getMounts(namespace?: string | null): MountInfo[];
|
|
234
|
+
initializePhysicalPath(...args: Parameters<AFSRoot["initializePhysicalPath"]>): Promise<string>;
|
|
235
|
+
cleanupPhysicalPath(...args: Parameters<AFSRoot["cleanupPhysicalPath"]>): Promise<void>;
|
|
236
|
+
setEventSink(...args: Parameters<NonNullable<AFSModule["setEventSink"]>>): void;
|
|
237
|
+
setSecretCapability(...args: Parameters<NonNullable<AFSModule["setSecretCapability"]>>): void;
|
|
238
|
+
}
|
|
239
|
+
/**
|
|
240
|
+
* Assemble a caller's per-session view: a SettingsResolver (instance+user
|
|
241
|
+
* settings cascade, role-aware) wrapped by a SessionUserAFS (`/user` +
|
|
242
|
+
* optional `/space` + `/tmp` + `/instance/settings`). This is the construction the daemon's
|
|
243
|
+
* `buildSessionView` chokepoint delegates to — extracted so the role→resolver
|
|
244
|
+
* wiring is unit-testable in isolation (the daemon's only remaining job is to
|
|
245
|
+
* RESOLVE `role` from the verified session before calling this).
|
|
246
|
+
*
|
|
247
|
+
* The resolver always exists (even for anonymous / no role) so
|
|
248
|
+
* `/instance/settings` carries correct capability hints + enforcement for every
|
|
249
|
+
* caller — there is no bypass path.
|
|
250
|
+
*/
|
|
251
|
+
declare function createSessionView(opts: {
|
|
252
|
+
base: AFSRoot;
|
|
253
|
+
userProvider: AFSModule | null;
|
|
254
|
+
tmpProvider: AFSModule | null;
|
|
255
|
+
/**
|
|
256
|
+
* Omitted → no `/space` overlay. null → `/space` reserved and NotFound
|
|
257
|
+
* (fail-closed). Provider → mounted caller DID Space root.
|
|
258
|
+
*/
|
|
259
|
+
spaceProvider?: AFSModule | null; /** Caller role from the verified session; undefined → non-admin (fail-closed). */
|
|
260
|
+
role: string | undefined;
|
|
261
|
+
sessionId: string;
|
|
262
|
+
/**
|
|
263
|
+
* Derived package-schema handle for this blocklet (settings-layering
|
|
264
|
+
* Phase 1c), pre-bound to identity + base by the runtime. Optional — absent
|
|
265
|
+
* means no derived index (legacy resolution; existing call sites/tests
|
|
266
|
+
* unchanged).
|
|
267
|
+
*/
|
|
268
|
+
settingsSchema?: SettingsSchemaHandle | null;
|
|
269
|
+
/**
|
|
270
|
+
* Caller's per-user semantic index provider mounted at `/user/index`.
|
|
271
|
+
* Omitted → no overlay (path falls through to `/user`); null → reserved.
|
|
272
|
+
*/
|
|
273
|
+
indexProvider?: AFSModule | null;
|
|
274
|
+
/**
|
|
275
|
+
* Whether `/user` search must be served by `/user/index` because the
|
|
276
|
+
* blocklet manifest declares `index:`. Kept distinct from `indexProvider`
|
|
277
|
+
* because runtimes may reserve `/user/index` with null for no-index
|
|
278
|
+
* blocklets while direct path access still fails closed.
|
|
279
|
+
*/
|
|
280
|
+
indexSearchRequired?: boolean;
|
|
281
|
+
/**
|
|
282
|
+
* Verified caller DID (from the session, never client-supplied). Forwarded
|
|
283
|
+
* to ReplicationResolver for authorship tagging and ownItem delete gate.
|
|
284
|
+
* null/undefined → anonymous (no copy-side writes).
|
|
285
|
+
*/
|
|
286
|
+
callerDid?: string | null;
|
|
287
|
+
/**
|
|
288
|
+
* Replicated-collection declarations parsed from the blocklet manifest.
|
|
289
|
+
* When non-empty, a ReplicationResolver is built and mounted at the computed
|
|
290
|
+
* common ancestor prefix (e.g. "/instance"). null/omitted → no overlay.
|
|
291
|
+
*/
|
|
292
|
+
replicated?: Record<string, _aigne_afs0.ReplicatedCollection> | null;
|
|
293
|
+
}): SessionUserAFS;
|
|
294
|
+
//#endregion
|
|
295
|
+
export { SESSION_OVERLAY_PREFIXES, SessionUserAFS, assertOverlayOrder, createSessionView, isSessionPrivatePath };
|
|
296
|
+
//# sourceMappingURL=session-user-afs.d.cts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"session-user-afs.d.cts","names":[],"sources":["../../src/session/session-user-afs.ts"],"mappings":";;;;;;;;;;;;;;;;;cAgLa,wBAAA;;;;;;iBAaG,oBAAA,CAAqB,IAAA;;;;;;;;iBAWrB,kBAAA,CAAmB,QAAA;AAAA,cAgDtB,cAAA,YAA0B,OAAA;EAAA,iBAclB,IAAA;EA2iCoD;;;;;;;EAAA,iBApgCpD,mBAAA;EAAA,SApDV,IAAA;EAAA,SACA,UAAA,EAAY,OAAA;EAAA,iBAEJ,QAAA;EAUE;;;;;EAAA,iBAHF,gBAAA;cAGE,IAAA,EAAM,OAAA;;EAEvB,YAAA,EAAc,SAAA,SAFG;;EAIjB,WAAA,EAAa,SAAA,SACb,SAAA;EAHA;;;;;EAQA,gBAAA,GAAkB,SAAA;EAAlB;;;;EAKA,aAAA,GAAgB,SAAA;EAgBM;;;;;;;EARtB,aAAA,GAAgB,SAAA;EA6EN;;;;;;;EArEV,mBAAA,GAAsB,KAAA;IAAQ,MAAA;IAAgB,EAAA;IAAY,QAAA,EAAU,SAAA;EAAA;EA2HV;;;;;;;EAnHzC,mBAAA;EAgLjB;EAAA,QA9HM,YAAA;EA+HN;EAAA,YApHU,cAAA,CAAA;EAqHC;EAAA,YAhHD,YAAA,CAAA;EAAA,QAIJ,aAAA;EA4HN;;;;;;;EAAA,QAjHM,eAAA;EAkIK;;;;;;;;;;;;;;EAAA,QAhHL,kBAAA;EAAA,QAOA,oBAAA;EAqOwB;EAAA,QAhOxB,QAAA;EAIF,IAAA,CAAK,IAAA,UAAc,OAAA,GAAU,cAAA,GAAiB,OAAA,CAAQ,aAAA;EA+BtD,IAAA,CAAK,IAAA,UAAc,OAAA,GAAU,cAAA,GAAiB,OAAA,CAAQ,aAAA;EAkQtD;;;;;;;;;;;;;;;;;;EArOA,WAAA,CACJ,IAAA,UACA,IAAA;IAAS,mBAAA;EAAA,IACR,OAAA;IAAU,GAAA;IAAa,SAAA;EAAA;EAepB,KAAA,CACJ,IAAA,UACA,OAAA,EAAS,oBAAA,EACT,OAAA,GAAU,eAAA,GACT,OAAA,CAAQ,cAAA;EAcL,MAAA,CAAO,IAAA,UAAc,OAAA,GAAU,gBAAA,GAAmB,OAAA,CAAQ,eAAA;EA4QE;EAAA,QAlP1D,eAAA;EAWF,UAAA,CACJ,OAAA,EAAS,kBAAA,IACT,OAAA,GAD2B,WAAA,CACI,mBAAA,GAC9B,OAAA,CAAQ,mBAAA;EAmFL,WAAA,CACJ,OAAA,EAAS,mBAAA,IACT,OAAA,GAD4B,WAAA,CACG,mBAAA,GAC9B,OAAA,CAAQ,oBAAA;EAmEL,SAAA,CACJ,OAAA,EAAS,iBAAA,IACT,OAAA,GAD0B,WAAA,CACK,mBAAA,GAC9B,OAAA,CAAQ,kBAAA;EAoBL,KAAA,CACJ,IAAA,UACA,IAAA,EAAM,sBAAA,EACN,OAAA,GAAU,eAAA,GACT,OAAA,CAAQ,wBAAA;EA+BL,IAAA,CAAK,IAAA,UAAc,OAAA,GAAU,cAAA,GAAiB,OAAA,CAAQ,aAAA;EAiBtD,OAAA,CAAQ,IAAA,UAAc,OAAA,GAAU,iBAAA,GAAoB,OAAA,CAAQ,gBAAA;EA0M5D;;;;;;EAAA,QAtLE,gBAAA;EAAA,QAIA,oBAAA;EAAA,QAKA,oBAAA;EAAA,QAKA,iBAAA;EAAA,QA4BA,yBAAA;EA2SG;;;;;;;;;;EAAA,QA9QH,iBAAA;EA0ZA;;;;;;;;;;EAAA,QAvYM,oBAAA;EAmbkB;;;;;;;;;;;;;;EAvV1B,MAAA,CAAO,IAAA,UAAc,KAAA,UAAe,OAAA,GAAU,gBAAA,GAAmB,OAAA,CAAQ,eAAA;EA4JzE,IAAA,CACJ,IAAA,UACA,IAAA,EAAM,MAAA,mBACN,OAAA,EAAS,cAAA,GACR,OAAA,CAAQ,aAAA;EAmM6B;;;;AAiB1C;;;;;EAjB0C,QApHhC,eAAA;EAeR,SAAA,CAAU,MAAA,EAAQ,cAAA,EAAgB,QAAA,EAAU,gBAAA,GAAmB,cAAA;EA8HtC;;;;;EAAA,QAjFjB,gBAAA;EAiBF,WAAA,CAAY,QAAA,WAAmB,OAAA;EAIrC,SAAA,CAAU,QAAA;EAIV,SAAA,CAAU,SAAA,mBAA4B,SAAA;EAmBtC,sBAAA,CAAA,GAA0B,IAAA,EAAM,UAAA,CAAW,OAAA,8BAAkC,OAAA;EAI7E,mBAAA,CAAA,GAAuB,IAAA,EAAM,UAAA,CAAW,OAAA,2BAA+B,OAAA;EAIvE,YAAA,CAAA,GAAgB,IAAA,EAAM,UAAA,CAAW,WAAA,CAAY,SAAA;EAI7C,mBAAA,CAAA,GAAuB,IAAA,EAAM,UAAA,CAAW,WAAA,CAAY,SAAA;AAAA;;;;;;;;;;;;;iBAiBtC,iBAAA,CAAkB,IAAA;EAChC,IAAA,EAAM,OAAA;EACN,YAAA,EAAc,SAAA;EACd,WAAA,EAAa,SAAA;;;;;EAKb,aAAA,GAAgB,SAAA;EAEhB,IAAA;EACA,SAAA;;;;;;;EAOA,cAAA,GAVyB,oBAAA;;;;;EAezB,aAAA,GAAgB,SAAA;;;;;;;EAOhB,mBAAA;;;;;;EAMA,SAAA;;;;;;EAMA,UAAA,GAAa,MAAA,SAnBY,WAAA,CAmBwB,oBAAA;AAAA,IAC/C,cAAA"}
|
|
@@ -0,0 +1,296 @@
|
|
|
1
|
+
import { SettingsSchemaHandle } from "./settings-schema-store.mjs";
|
|
2
|
+
import * as _aigne_afs0 from "@aigne/afs";
|
|
3
|
+
import { AFSBatchDeleteEntry, AFSBatchDeleteResult, AFSBatchReadEntry, AFSBatchReadResult, AFSBatchWriteEntry, AFSBatchWriteResult, AFSCollectionQueryResult, AFSCollectionQuerySpec, AFSDeleteOptions, AFSDeleteResult, AFSEventCallback, AFSEventFilter, AFSExecOptions, AFSExecResult, AFSExplainOptions, AFSExplainResult, AFSListOptions, AFSListResult, AFSModule, AFSQueryOptions, AFSReadOptions, AFSReadResult, AFSRoot, AFSSearchOptions, AFSSearchResult, AFSStatOptions, AFSStatResult, AFSUnsubscribe, AFSWriteEntryPayload, AFSWriteOptions, AFSWriteResult, MountInfo } from "@aigne/afs";
|
|
4
|
+
|
|
5
|
+
//#region src/session/session-user-afs.d.ts
|
|
6
|
+
/**
|
|
7
|
+
* STATIC full set of overlay prefixes a SessionUserAFS may mount — the
|
|
8
|
+
* anonymous-bearer denylist for signed raw URLs (afs-preview design §3).
|
|
9
|
+
*
|
|
10
|
+
* Deliberately NOT derived from an instance's `overlays` array: `/space` and
|
|
11
|
+
* `/instance/settings` are conditionally mounted, so per-instance derivation
|
|
12
|
+
* would drift with wiring. Fail-closed: an anonymous raw URL is refused for
|
|
13
|
+
* these prefixes even when the issuing session didn't mount them.
|
|
14
|
+
*
|
|
15
|
+
* KEEP IN SYNC with the constructor below — the unit test enumerates this
|
|
16
|
+
* set against the constructor's possible mounts, table-driven.
|
|
17
|
+
*/
|
|
18
|
+
declare const SESSION_OVERLAY_PREFIXES: readonly ["/user/index", "/user", "/tmp", "/space", "/instance/settings"];
|
|
19
|
+
/**
|
|
20
|
+
* Whether a (sanitized) path falls under any session-private overlay prefix.
|
|
21
|
+
* Used by the raw-URL primitives to refuse anonymous bearer URLs for
|
|
22
|
+
* session-private content (issue-side denial + verify-side second defense).
|
|
23
|
+
*/
|
|
24
|
+
declare function isSessionPrivatePath(path: string): boolean;
|
|
25
|
+
/**
|
|
26
|
+
* Guard the first-match-by-prefix invariant: no overlay may be preceded by
|
|
27
|
+
* another whose prefix is a proper prefix of it (which would swallow its
|
|
28
|
+
* paths). `/instance/settings` MUST come before any future `/instance` or `/`
|
|
29
|
+
* overlay. Extracted + exported so the ordering contract is unit-testable
|
|
30
|
+
* without reaching into the class. Throws on violation (a wiring bug).
|
|
31
|
+
*/
|
|
32
|
+
declare function assertOverlayOrder(prefixes: string[]): void;
|
|
33
|
+
declare class SessionUserAFS implements AFSRoot {
|
|
34
|
+
private readonly base;
|
|
35
|
+
/**
|
|
36
|
+
* True when the blocklet manifest declares `index:` and `/user` search is
|
|
37
|
+
* expected to be served by `/user/index`. Kept separate from the
|
|
38
|
+
* `/user/index` overlay itself because runtimes reserve that path with a
|
|
39
|
+
* null provider even for no-index blocklets to make direct `/user/index`
|
|
40
|
+
* access fail closed.
|
|
41
|
+
*/
|
|
42
|
+
private readonly indexSearchRequired;
|
|
43
|
+
readonly name: string;
|
|
44
|
+
readonly accessMode: AFSRoot["accessMode"];
|
|
45
|
+
private readonly overlays;
|
|
46
|
+
/**
|
|
47
|
+
* Named reference to the settings resolver overlay (the overlay table only
|
|
48
|
+
* stores it anonymously) so `beginRender`/`endRender` can proxy to it —
|
|
49
|
+
* settings-layering §2.B render boundary.
|
|
50
|
+
*/
|
|
51
|
+
private readonly settingsResolver;
|
|
52
|
+
constructor(base: AFSRoot, /** The caller's per-user provider (userDataBackend output), or null for anonymous. */
|
|
53
|
+
|
|
54
|
+
userProvider: AFSModule | null, /** The session's `/tmp` provider (joinSession's sessionTmpBackend output), or null. */
|
|
55
|
+
|
|
56
|
+
tmpProvider: AFSModule | null, sessionId: string,
|
|
57
|
+
/**
|
|
58
|
+
* The per-session SettingsResolver intercepting `/instance/settings/**`
|
|
59
|
+
* (instance+user settings cascade), or null when settings aren't wired.
|
|
60
|
+
*/
|
|
61
|
+
|
|
62
|
+
settingsResolver?: AFSModule | null,
|
|
63
|
+
/**
|
|
64
|
+
* The caller's whole DID Space root provider. Omit to leave `/space`
|
|
65
|
+
* untouched; pass null to explicitly reserve `/space` and fail closed.
|
|
66
|
+
*/
|
|
67
|
+
spaceProvider?: AFSModule | null,
|
|
68
|
+
/**
|
|
69
|
+
* The caller's per-user semantic index (`@aigne/afs-index`) at `/user/index`.
|
|
70
|
+
* Omit to leave `/user/index` untouched (falls through to the `/user`
|
|
71
|
+
* provider); pass null to reserve it and fail closed. Mounted BEFORE `/user`
|
|
72
|
+
* so child-first routing sends `/user/index/**` here, mirroring how
|
|
73
|
+
* `/instance/settings` precedes `/instance`.
|
|
74
|
+
*/
|
|
75
|
+
indexProvider?: AFSModule | null,
|
|
76
|
+
/**
|
|
77
|
+
* Replicated-collection overlays built by createSessionView when the blocklet
|
|
78
|
+
* manifest declares `replicated` collections. Each entry is mounted at its
|
|
79
|
+
* `prefix` (e.g. `/instance`) AFTER the `/instance/settings` interceptor so
|
|
80
|
+
* child-first routing sends `/instance/settings/**` to the SettingsResolver
|
|
81
|
+
* and everything else in the prefix to the ReplicationResolver.
|
|
82
|
+
*/
|
|
83
|
+
replicationOverlays?: Array<{
|
|
84
|
+
prefix: string;
|
|
85
|
+
id: string;
|
|
86
|
+
provider: AFSModule | null;
|
|
87
|
+
}>,
|
|
88
|
+
/**
|
|
89
|
+
* True when the blocklet manifest declares `index:` and `/user` search is
|
|
90
|
+
* expected to be served by `/user/index`. Kept separate from the
|
|
91
|
+
* `/user/index` overlay itself because runtimes reserve that path with a
|
|
92
|
+
* null provider even for no-index blocklets to make direct `/user/index`
|
|
93
|
+
* access fail closed.
|
|
94
|
+
*/
|
|
95
|
+
indexSearchRequired?: boolean);
|
|
96
|
+
/** Match a path against the overlay table. Returns the overlay + sub-path. */
|
|
97
|
+
private matchOverlay;
|
|
98
|
+
/** Overlays that are actually backed (provider present). */
|
|
99
|
+
private get activeOverlays();
|
|
100
|
+
/** Backed AND root-level overlays — the ones surfaced at `/` / in getMounts. */
|
|
101
|
+
private get rootOverlays();
|
|
102
|
+
private rejectMissing;
|
|
103
|
+
/**
|
|
104
|
+
* Whether a write context originates from an untrusted network client.
|
|
105
|
+
* `callerOrigin` is a host-stamped, unforgeable marker (strip + trusted reset,
|
|
106
|
+
* see FORGEABLE_CONTEXT_FIELDS); internal code (seeding / cron / agent /
|
|
107
|
+
* operator CLI) carries no `callerOrigin`. Mirrors the reflexive effect gate's
|
|
108
|
+
* network check (`exec-effect-gate.ts`).
|
|
109
|
+
*/
|
|
110
|
+
private isNetworkOrigin;
|
|
111
|
+
/**
|
|
112
|
+
* Caller-origin base-write gate (instance-write-authz §5.1). A network client
|
|
113
|
+
* may never bare-write a BASE-fallthrough path — any path NOT matched by an
|
|
114
|
+
* overlay (`/instance/<non-mediated>`, `/packages`, `/dev`, `/registry`, `/`).
|
|
115
|
+
* Authorized `/instance` writes must go through a resolver overlay
|
|
116
|
+
* (`/instance/settings` → SettingsResolver, future `/instance/app` →
|
|
117
|
+
* ReplicationResolver — each carries its own role/minRole gate) or internal
|
|
118
|
+
* trusted code (`callerOrigin: undefined`).
|
|
119
|
+
*
|
|
120
|
+
* Called ONLY on the base-fallthrough branch (overlay-matched paths never
|
|
121
|
+
* reach here). STRICTER than the effect gate: it rejects AUTHENTICATED network
|
|
122
|
+
* callers too (the effect gate lets `caller.did` through) — that authed-but-
|
|
123
|
+
* network reflexive base write is exactly Finding 1's live path.
|
|
124
|
+
*/
|
|
125
|
+
private forbiddenBaseWrite;
|
|
126
|
+
private enforceBaseWriteGate;
|
|
127
|
+
/** Re-prefix a provider-relative path back into the overlay namespace. */
|
|
128
|
+
private reprefix;
|
|
129
|
+
list(path: string, options?: AFSListOptions): Promise<AFSListResult>;
|
|
130
|
+
read(path: string, options?: AFSReadOptions): Promise<AFSReadResult>;
|
|
131
|
+
/**
|
|
132
|
+
* Overlay-dispatch for `presignRead` (preview-r2-direct §5a.2 / T1.2). Same
|
|
133
|
+
* routing as `read`: a matched overlay whose provider implements `presignRead`
|
|
134
|
+
* gets the sub-path; a base-fallthrough path (or an overlay provider without
|
|
135
|
+
* the capability) → `null` (fail-soft → the raw handler serves bytes itself).
|
|
136
|
+
*
|
|
137
|
+
* The meta-only ACL and the `null`-on-everything fail-soft live DEEPER (the
|
|
138
|
+
* `/user` overlay provider is a `ProjectionProvider` → core `AFS` (globalAFS),
|
|
139
|
+
* where the authoritative meta guard runs — §5a.2 "routing to the root
|
|
140
|
+
* computation"); this layer only forwards.
|
|
141
|
+
*
|
|
142
|
+
* This is the HANDLER-FACING surface (`scoped.afs`), so it owns the §5a.5
|
|
143
|
+
* "NEVER throws to the handler" guarantee end-to-end: a deeper layer that
|
|
144
|
+
* throws (e.g. a read-disabled `ProjectionProvider.checkOp("read")` →
|
|
145
|
+
* `AFSAccessModeError`) is caught here → `null` → the raw handler serves bytes
|
|
146
|
+
* itself (and the worker-serve read then re-applies that same gate). No URL
|
|
147
|
+
* can leak past a read-disabled / failing projection.
|
|
148
|
+
*/
|
|
149
|
+
presignRead(path: string, opts?: {
|
|
150
|
+
responseContentType?: string;
|
|
151
|
+
}): Promise<{
|
|
152
|
+
url: string;
|
|
153
|
+
expiresAt: string;
|
|
154
|
+
} | null>;
|
|
155
|
+
write(path: string, content: AFSWriteEntryPayload, options?: AFSWriteOptions): Promise<AFSWriteResult>;
|
|
156
|
+
delete(path: string, options?: AFSDeleteOptions): Promise<AFSDeleteResult>;
|
|
157
|
+
/** Plan contiguous runs of entry indices by overlay identity (null = base). */
|
|
158
|
+
private planOverlayRuns;
|
|
159
|
+
batchWrite(entries: AFSBatchWriteEntry[], options?: _aigne_afs0.AFSOperationOptions): Promise<AFSBatchWriteResult>;
|
|
160
|
+
batchDelete(entries: AFSBatchDeleteEntry[], options?: _aigne_afs0.AFSOperationOptions): Promise<AFSBatchDeleteResult>;
|
|
161
|
+
batchRead(entries: AFSBatchReadEntry[], options?: _aigne_afs0.AFSOperationOptions): Promise<AFSBatchReadResult>;
|
|
162
|
+
query(path: string, spec: AFSCollectionQuerySpec, options?: AFSQueryOptions): Promise<AFSCollectionQueryResult>;
|
|
163
|
+
stat(path: string, options?: AFSStatOptions): Promise<AFSStatResult>;
|
|
164
|
+
explain(path: string, options?: AFSExplainOptions): Promise<AFSExplainResult>;
|
|
165
|
+
/**
|
|
166
|
+
* Find the `/user/index` overlay's backing provider, or undefined when
|
|
167
|
+
* unmounted (no `index:` manifest section) OR reserved-null (blocklet
|
|
168
|
+
* declares `index:` but this caller has no DID / no callerDid — see
|
|
169
|
+
* `createSessionView`'s `indexProvider` doc).
|
|
170
|
+
*/
|
|
171
|
+
private findIndexOverlay;
|
|
172
|
+
private isAfsValidationError;
|
|
173
|
+
private isAfsDependencyError;
|
|
174
|
+
private searchDiagnostics;
|
|
175
|
+
private rejectIndexSearchFallback;
|
|
176
|
+
/**
|
|
177
|
+
* Parse a `read()`-returned raw content string as JSON, matching the exact
|
|
178
|
+
* fail-soft convention `IndexFollower.indexEntry` uses when hydrating
|
|
179
|
+
* changelog rows (`providers/basic/index/src/follower.ts`): non-string
|
|
180
|
+
* content is passed through untouched; a string that isn't valid JSON is
|
|
181
|
+
* kept as the raw string rather than dropped. afs-list's `performSearch`
|
|
182
|
+
* (P5 forward contract) expects a resolved `content` object for JSON
|
|
183
|
+
* entries — this is what makes that true without a second copy of the
|
|
184
|
+
* parse-or-passthrough logic living in the hydration loop below.
|
|
185
|
+
*/
|
|
186
|
+
private parseEntryContent;
|
|
187
|
+
/**
|
|
188
|
+
* Hydrate index-query hits (`{ entryPath, score, matchType }` — path only,
|
|
189
|
+
* no content) into full `AFSEntry` objects by reading each `entryPath`
|
|
190
|
+
* through THIS session view (so the caller's own `/user` overlay + its
|
|
191
|
+
* per-caller isolation applies a second time, on top of the index query's
|
|
192
|
+
* own `boundDomains` isolation — belt-and-suspenders, not redundant: see
|
|
193
|
+
* design.md P5 section). A stale entry (index has it, storage doesn't —
|
|
194
|
+
* e.g. a delete that hasn't reached the follower yet) fails the `read()`
|
|
195
|
+
* and is skipped rather than surfaced as a broken result.
|
|
196
|
+
*/
|
|
197
|
+
private hydrateSearchEntries;
|
|
198
|
+
/**
|
|
199
|
+
* Search-verb forward contract (P5, design.md "search verb forwarding"):
|
|
200
|
+
* a `/user/**` search first tries the caller's semantic `/user/index`
|
|
201
|
+
* (when mounted with a real provider), scoping hits to the requested
|
|
202
|
+
* subtree and hydrating them with real content via `read()`. For blocklets
|
|
203
|
+
* whose manifest declares `index:`, the index is authoritative: failures are
|
|
204
|
+
* surfaced and DID Space native search is refused because it is an O(N)
|
|
205
|
+
* content scan. Legacy/no-index blocklets keep the old direct overlay search
|
|
206
|
+
* behavior. A successful empty index result is authoritative and returns an
|
|
207
|
+
* empty array. Index results and fallback results are never unioned. Any other
|
|
208
|
+
* overlay (`/user/index` addressed directly, `/tmp`, `/space`,
|
|
209
|
+
* `/instance/settings`, replication overlays) keeps its pre-existing
|
|
210
|
+
* single-overlay-search behavior unchanged.
|
|
211
|
+
*/
|
|
212
|
+
search(path: string, query: string, options?: AFSSearchOptions): Promise<AFSSearchResult>;
|
|
213
|
+
exec(path: string, args: Record<string, unknown>, options: AFSExecOptions): Promise<AFSExecResult>;
|
|
214
|
+
/**
|
|
215
|
+
* Inject `context.afs = this` so downstream provider handlers that call
|
|
216
|
+
* back into AFS (`ctx.context.afs.read`/`.write`/`.exec`/...) hit this
|
|
217
|
+
* overlaid session view — not the bare runtime root the provider was
|
|
218
|
+
* mounted into. Without this, the `/user` overlay (and any other per-
|
|
219
|
+
* caller overlay) is invisible to handler-internal AFS calls, so writes
|
|
220
|
+
* silently land on the global `/user` fs mount instead of the caller's
|
|
221
|
+
* DID-Space-projected `/user`.
|
|
222
|
+
*/
|
|
223
|
+
private withSelfContext;
|
|
224
|
+
subscribe(filter: AFSEventFilter, callback: AFSEventCallback): AFSUnsubscribe;
|
|
225
|
+
/**
|
|
226
|
+
* Subscribe one overlay's backing provider, re-prefixing bridged event paths
|
|
227
|
+
* back into the overlay namespace. No-op when the overlay is unbacked
|
|
228
|
+
* (anonymous `/user`) or its provider lacks `subscribe`.
|
|
229
|
+
*/
|
|
230
|
+
private subscribeOverlay;
|
|
231
|
+
beginRender(renderId: string): Promise<void>;
|
|
232
|
+
endRender(renderId: string): void;
|
|
233
|
+
getMounts(namespace?: string | null): MountInfo[];
|
|
234
|
+
initializePhysicalPath(...args: Parameters<AFSRoot["initializePhysicalPath"]>): Promise<string>;
|
|
235
|
+
cleanupPhysicalPath(...args: Parameters<AFSRoot["cleanupPhysicalPath"]>): Promise<void>;
|
|
236
|
+
setEventSink(...args: Parameters<NonNullable<AFSModule["setEventSink"]>>): void;
|
|
237
|
+
setSecretCapability(...args: Parameters<NonNullable<AFSModule["setSecretCapability"]>>): void;
|
|
238
|
+
}
|
|
239
|
+
/**
|
|
240
|
+
* Assemble a caller's per-session view: a SettingsResolver (instance+user
|
|
241
|
+
* settings cascade, role-aware) wrapped by a SessionUserAFS (`/user` +
|
|
242
|
+
* optional `/space` + `/tmp` + `/instance/settings`). This is the construction the daemon's
|
|
243
|
+
* `buildSessionView` chokepoint delegates to — extracted so the role→resolver
|
|
244
|
+
* wiring is unit-testable in isolation (the daemon's only remaining job is to
|
|
245
|
+
* RESOLVE `role` from the verified session before calling this).
|
|
246
|
+
*
|
|
247
|
+
* The resolver always exists (even for anonymous / no role) so
|
|
248
|
+
* `/instance/settings` carries correct capability hints + enforcement for every
|
|
249
|
+
* caller — there is no bypass path.
|
|
250
|
+
*/
|
|
251
|
+
declare function createSessionView(opts: {
|
|
252
|
+
base: AFSRoot;
|
|
253
|
+
userProvider: AFSModule | null;
|
|
254
|
+
tmpProvider: AFSModule | null;
|
|
255
|
+
/**
|
|
256
|
+
* Omitted → no `/space` overlay. null → `/space` reserved and NotFound
|
|
257
|
+
* (fail-closed). Provider → mounted caller DID Space root.
|
|
258
|
+
*/
|
|
259
|
+
spaceProvider?: AFSModule | null; /** Caller role from the verified session; undefined → non-admin (fail-closed). */
|
|
260
|
+
role: string | undefined;
|
|
261
|
+
sessionId: string;
|
|
262
|
+
/**
|
|
263
|
+
* Derived package-schema handle for this blocklet (settings-layering
|
|
264
|
+
* Phase 1c), pre-bound to identity + base by the runtime. Optional — absent
|
|
265
|
+
* means no derived index (legacy resolution; existing call sites/tests
|
|
266
|
+
* unchanged).
|
|
267
|
+
*/
|
|
268
|
+
settingsSchema?: SettingsSchemaHandle | null;
|
|
269
|
+
/**
|
|
270
|
+
* Caller's per-user semantic index provider mounted at `/user/index`.
|
|
271
|
+
* Omitted → no overlay (path falls through to `/user`); null → reserved.
|
|
272
|
+
*/
|
|
273
|
+
indexProvider?: AFSModule | null;
|
|
274
|
+
/**
|
|
275
|
+
* Whether `/user` search must be served by `/user/index` because the
|
|
276
|
+
* blocklet manifest declares `index:`. Kept distinct from `indexProvider`
|
|
277
|
+
* because runtimes may reserve `/user/index` with null for no-index
|
|
278
|
+
* blocklets while direct path access still fails closed.
|
|
279
|
+
*/
|
|
280
|
+
indexSearchRequired?: boolean;
|
|
281
|
+
/**
|
|
282
|
+
* Verified caller DID (from the session, never client-supplied). Forwarded
|
|
283
|
+
* to ReplicationResolver for authorship tagging and ownItem delete gate.
|
|
284
|
+
* null/undefined → anonymous (no copy-side writes).
|
|
285
|
+
*/
|
|
286
|
+
callerDid?: string | null;
|
|
287
|
+
/**
|
|
288
|
+
* Replicated-collection declarations parsed from the blocklet manifest.
|
|
289
|
+
* When non-empty, a ReplicationResolver is built and mounted at the computed
|
|
290
|
+
* common ancestor prefix (e.g. "/instance"). null/omitted → no overlay.
|
|
291
|
+
*/
|
|
292
|
+
replicated?: Record<string, _aigne_afs0.ReplicatedCollection> | null;
|
|
293
|
+
}): SessionUserAFS;
|
|
294
|
+
//#endregion
|
|
295
|
+
export { SESSION_OVERLAY_PREFIXES, SessionUserAFS, assertOverlayOrder, createSessionView, isSessionPrivatePath };
|
|
296
|
+
//# sourceMappingURL=session-user-afs.d.mts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"session-user-afs.d.mts","names":[],"sources":["../../src/session/session-user-afs.ts"],"mappings":";;;;;;;;;;;;;;;;;cAgLa,wBAAA;;;;;;iBAaG,oBAAA,CAAqB,IAAA;;;;;;;;iBAWrB,kBAAA,CAAmB,QAAA;AAAA,cAgDtB,cAAA,YAA0B,OAAA;EAAA,iBAclB,IAAA;EA2iCoD;;;;;;;EAAA,iBApgCpD,mBAAA;EAAA,SApDV,IAAA;EAAA,SACA,UAAA,EAAY,OAAA;EAAA,iBAEJ,QAAA;EAUE;;;;;EAAA,iBAHF,gBAAA;cAGE,IAAA,EAAM,OAAA;;EAEvB,YAAA,EAAc,SAAA,SAFG;;EAIjB,WAAA,EAAa,SAAA,SACb,SAAA;EAHA;;;;;EAQA,gBAAA,GAAkB,SAAA;EAAlB;;;;EAKA,aAAA,GAAgB,SAAA;EAgBM;;;;;;;EARtB,aAAA,GAAgB,SAAA;EA6EN;;;;;;;EArEV,mBAAA,GAAsB,KAAA;IAAQ,MAAA;IAAgB,EAAA;IAAY,QAAA,EAAU,SAAA;EAAA;EA2HV;;;;;;;EAnHzC,mBAAA;EAgLjB;EAAA,QA9HM,YAAA;EA+HN;EAAA,YApHU,cAAA,CAAA;EAqHC;EAAA,YAhHD,YAAA,CAAA;EAAA,QAIJ,aAAA;EA4HN;;;;;;;EAAA,QAjHM,eAAA;EAkIK;;;;;;;;;;;;;;EAAA,QAhHL,kBAAA;EAAA,QAOA,oBAAA;EAqOwB;EAAA,QAhOxB,QAAA;EAIF,IAAA,CAAK,IAAA,UAAc,OAAA,GAAU,cAAA,GAAiB,OAAA,CAAQ,aAAA;EA+BtD,IAAA,CAAK,IAAA,UAAc,OAAA,GAAU,cAAA,GAAiB,OAAA,CAAQ,aAAA;EAkQtD;;;;;;;;;;;;;;;;;;EArOA,WAAA,CACJ,IAAA,UACA,IAAA;IAAS,mBAAA;EAAA,IACR,OAAA;IAAU,GAAA;IAAa,SAAA;EAAA;EAepB,KAAA,CACJ,IAAA,UACA,OAAA,EAAS,oBAAA,EACT,OAAA,GAAU,eAAA,GACT,OAAA,CAAQ,cAAA;EAcL,MAAA,CAAO,IAAA,UAAc,OAAA,GAAU,gBAAA,GAAmB,OAAA,CAAQ,eAAA;EA4QE;EAAA,QAlP1D,eAAA;EAWF,UAAA,CACJ,OAAA,EAAS,kBAAA,IACT,OAAA,GAD2B,WAAA,CACI,mBAAA,GAC9B,OAAA,CAAQ,mBAAA;EAmFL,WAAA,CACJ,OAAA,EAAS,mBAAA,IACT,OAAA,GAD4B,WAAA,CACG,mBAAA,GAC9B,OAAA,CAAQ,oBAAA;EAmEL,SAAA,CACJ,OAAA,EAAS,iBAAA,IACT,OAAA,GAD0B,WAAA,CACK,mBAAA,GAC9B,OAAA,CAAQ,kBAAA;EAoBL,KAAA,CACJ,IAAA,UACA,IAAA,EAAM,sBAAA,EACN,OAAA,GAAU,eAAA,GACT,OAAA,CAAQ,wBAAA;EA+BL,IAAA,CAAK,IAAA,UAAc,OAAA,GAAU,cAAA,GAAiB,OAAA,CAAQ,aAAA;EAiBtD,OAAA,CAAQ,IAAA,UAAc,OAAA,GAAU,iBAAA,GAAoB,OAAA,CAAQ,gBAAA;EA0M5D;;;;;;EAAA,QAtLE,gBAAA;EAAA,QAIA,oBAAA;EAAA,QAKA,oBAAA;EAAA,QAKA,iBAAA;EAAA,QA4BA,yBAAA;EA2SG;;;;;;;;;;EAAA,QA9QH,iBAAA;EA0ZA;;;;;;;;;;EAAA,QAvYM,oBAAA;EAmbkB;;;;;;;;;;;;;;EAvV1B,MAAA,CAAO,IAAA,UAAc,KAAA,UAAe,OAAA,GAAU,gBAAA,GAAmB,OAAA,CAAQ,eAAA;EA4JzE,IAAA,CACJ,IAAA,UACA,IAAA,EAAM,MAAA,mBACN,OAAA,EAAS,cAAA,GACR,OAAA,CAAQ,aAAA;EAmM6B;;;;AAiB1C;;;;;EAjB0C,QApHhC,eAAA;EAeR,SAAA,CAAU,MAAA,EAAQ,cAAA,EAAgB,QAAA,EAAU,gBAAA,GAAmB,cAAA;EA8HtC;;;;;EAAA,QAjFjB,gBAAA;EAiBF,WAAA,CAAY,QAAA,WAAmB,OAAA;EAIrC,SAAA,CAAU,QAAA;EAIV,SAAA,CAAU,SAAA,mBAA4B,SAAA;EAmBtC,sBAAA,CAAA,GAA0B,IAAA,EAAM,UAAA,CAAW,OAAA,8BAAkC,OAAA;EAI7E,mBAAA,CAAA,GAAuB,IAAA,EAAM,UAAA,CAAW,OAAA,2BAA+B,OAAA;EAIvE,YAAA,CAAA,GAAgB,IAAA,EAAM,UAAA,CAAW,WAAA,CAAY,SAAA;EAI7C,mBAAA,CAAA,GAAuB,IAAA,EAAM,UAAA,CAAW,WAAA,CAAY,SAAA;AAAA;;;;;;;;;;;;;iBAiBtC,iBAAA,CAAkB,IAAA;EAChC,IAAA,EAAM,OAAA;EACN,YAAA,EAAc,SAAA;EACd,WAAA,EAAa,SAAA;;;;;EAKb,aAAA,GAAgB,SAAA;EAEhB,IAAA;EACA,SAAA;;;;;;;EAOA,cAAA,GAVyB,oBAAA;;;;;EAezB,aAAA,GAAgB,SAAA;;;;;;;EAOhB,mBAAA;;;;;;EAMA,SAAA;;;;;;EAMA,UAAA,GAAa,MAAA,SAnBY,WAAA,CAmBwB,oBAAA;AAAA,IAC/C,cAAA"}
|