@aigne/aos 0.2.0-beta

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (533) hide show
  1. package/CHANGELOG.md +49 -0
  2. package/LICENSE.md +26 -0
  3. package/dist/agent-dsl.cjs +116 -0
  4. package/dist/agent-dsl.d.cts +31 -0
  5. package/dist/agent-dsl.d.cts.map +1 -0
  6. package/dist/agent-dsl.d.mts +31 -0
  7. package/dist/agent-dsl.d.mts.map +1 -0
  8. package/dist/agent-dsl.mjs +115 -0
  9. package/dist/agent-dsl.mjs.map +1 -0
  10. package/dist/arc-compat.cjs +125 -0
  11. package/dist/arc-compat.d.cts +17 -0
  12. package/dist/arc-compat.d.cts.map +1 -0
  13. package/dist/arc-compat.d.mts +17 -0
  14. package/dist/arc-compat.d.mts.map +1 -0
  15. package/dist/arc-compat.mjs +123 -0
  16. package/dist/arc-compat.mjs.map +1 -0
  17. package/dist/auto-surface/compiler.cjs +36 -0
  18. package/dist/auto-surface/compiler.d.cts +7 -0
  19. package/dist/auto-surface/compiler.d.cts.map +1 -0
  20. package/dist/auto-surface/compiler.d.mts +7 -0
  21. package/dist/auto-surface/compiler.d.mts.map +1 -0
  22. package/dist/auto-surface/compiler.mjs +37 -0
  23. package/dist/auto-surface/compiler.mjs.map +1 -0
  24. package/dist/auto-surface/definition-dsl.cjs +333 -0
  25. package/dist/auto-surface/definition-dsl.d.cts +41 -0
  26. package/dist/auto-surface/definition-dsl.d.cts.map +1 -0
  27. package/dist/auto-surface/definition-dsl.d.mts +41 -0
  28. package/dist/auto-surface/definition-dsl.d.mts.map +1 -0
  29. package/dist/auto-surface/definition-dsl.mjs +332 -0
  30. package/dist/auto-surface/definition-dsl.mjs.map +1 -0
  31. package/dist/auto-surface/fragments.cjs +177 -0
  32. package/dist/auto-surface/fragments.d.cts +23 -0
  33. package/dist/auto-surface/fragments.d.cts.map +1 -0
  34. package/dist/auto-surface/fragments.d.mts +23 -0
  35. package/dist/auto-surface/fragments.d.mts.map +1 -0
  36. package/dist/auto-surface/fragments.mjs +175 -0
  37. package/dist/auto-surface/fragments.mjs.map +1 -0
  38. package/dist/auto-surface/index.d.mts +9 -0
  39. package/dist/auto-surface/layering.cjs +43 -0
  40. package/dist/auto-surface/layering.d.cts +7 -0
  41. package/dist/auto-surface/layering.d.cts.map +1 -0
  42. package/dist/auto-surface/layering.d.mts +7 -0
  43. package/dist/auto-surface/layering.d.mts.map +1 -0
  44. package/dist/auto-surface/layering.mjs +43 -0
  45. package/dist/auto-surface/layering.mjs.map +1 -0
  46. package/dist/auto-surface/projection.cjs +11 -0
  47. package/dist/auto-surface/projection.d.cts +11 -0
  48. package/dist/auto-surface/projection.d.cts.map +1 -0
  49. package/dist/auto-surface/projection.d.mts +11 -0
  50. package/dist/auto-surface/projection.d.mts.map +1 -0
  51. package/dist/auto-surface/projection.mjs +12 -0
  52. package/dist/auto-surface/projection.mjs.map +1 -0
  53. package/dist/auto-surface/projectors/settings-shell.cjs +114 -0
  54. package/dist/auto-surface/projectors/settings-shell.d.cts +10 -0
  55. package/dist/auto-surface/projectors/settings-shell.d.cts.map +1 -0
  56. package/dist/auto-surface/projectors/settings-shell.d.mts +10 -0
  57. package/dist/auto-surface/projectors/settings-shell.d.mts.map +1 -0
  58. package/dist/auto-surface/projectors/settings-shell.mjs +114 -0
  59. package/dist/auto-surface/projectors/settings-shell.mjs.map +1 -0
  60. package/dist/auto-surface/scenario.cjs +38 -0
  61. package/dist/auto-surface/scenario.d.cts +31 -0
  62. package/dist/auto-surface/scenario.d.cts.map +1 -0
  63. package/dist/auto-surface/scenario.d.mts +31 -0
  64. package/dist/auto-surface/scenario.d.mts.map +1 -0
  65. package/dist/auto-surface/scenario.mjs +37 -0
  66. package/dist/auto-surface/scenario.mjs.map +1 -0
  67. package/dist/auto-surface/types.cjs +9 -0
  68. package/dist/auto-surface/types.d.cts +153 -0
  69. package/dist/auto-surface/types.d.cts.map +1 -0
  70. package/dist/auto-surface/types.d.mts +153 -0
  71. package/dist/auto-surface/types.d.mts.map +1 -0
  72. package/dist/auto-surface/types.mjs +9 -0
  73. package/dist/auto-surface/types.mjs.map +1 -0
  74. package/dist/auto-surface/value-dsl.cjs +80 -0
  75. package/dist/auto-surface/value-dsl.d.cts +24 -0
  76. package/dist/auto-surface/value-dsl.d.cts.map +1 -0
  77. package/dist/auto-surface/value-dsl.d.mts +24 -0
  78. package/dist/auto-surface/value-dsl.d.mts.map +1 -0
  79. package/dist/auto-surface/value-dsl.mjs +79 -0
  80. package/dist/auto-surface/value-dsl.mjs.map +1 -0
  81. package/dist/blocklet/activation.cjs +94 -0
  82. package/dist/blocklet/activation.d.cts +30 -0
  83. package/dist/blocklet/activation.d.cts.map +1 -0
  84. package/dist/blocklet/activation.d.mts +30 -0
  85. package/dist/blocklet/activation.d.mts.map +1 -0
  86. package/dist/blocklet/activation.mjs +94 -0
  87. package/dist/blocklet/activation.mjs.map +1 -0
  88. package/dist/blocklet/did-space-registry.cjs +282 -0
  89. package/dist/blocklet/did-space-registry.d.cts +82 -0
  90. package/dist/blocklet/did-space-registry.d.cts.map +1 -0
  91. package/dist/blocklet/did-space-registry.d.mts +82 -0
  92. package/dist/blocklet/did-space-registry.d.mts.map +1 -0
  93. package/dist/blocklet/did-space-registry.mjs +281 -0
  94. package/dist/blocklet/did-space-registry.mjs.map +1 -0
  95. package/dist/blocklet/handlers.cjs +66 -0
  96. package/dist/blocklet/handlers.d.cts +16 -0
  97. package/dist/blocklet/handlers.d.cts.map +1 -0
  98. package/dist/blocklet/handlers.d.mts +16 -0
  99. package/dist/blocklet/handlers.d.mts.map +1 -0
  100. package/dist/blocklet/handlers.mjs +65 -0
  101. package/dist/blocklet/handlers.mjs.map +1 -0
  102. package/dist/blocklet/index.d.mts +7 -0
  103. package/dist/blocklet/manifest.d.cts +2 -0
  104. package/dist/blocklet/manifest.d.mts +2 -0
  105. package/dist/blocklet/manifest.mjs +3 -0
  106. package/dist/blocklet/registry.cjs +447 -0
  107. package/dist/blocklet/registry.d.cts +197 -0
  108. package/dist/blocklet/registry.d.cts.map +1 -0
  109. package/dist/blocklet/registry.d.mts +197 -0
  110. package/dist/blocklet/registry.d.mts.map +1 -0
  111. package/dist/blocklet/registry.mjs +441 -0
  112. package/dist/blocklet/registry.mjs.map +1 -0
  113. package/dist/blocklet/static-render.cjs +183 -0
  114. package/dist/blocklet/static-render.d.cts +55 -0
  115. package/dist/blocklet/static-render.d.cts.map +1 -0
  116. package/dist/blocklet/static-render.d.mts +55 -0
  117. package/dist/blocklet/static-render.d.mts.map +1 -0
  118. package/dist/blocklet/static-render.mjs +181 -0
  119. package/dist/blocklet/static-render.mjs.map +1 -0
  120. package/dist/blocklet/types.d.cts +70 -0
  121. package/dist/blocklet/types.d.cts.map +1 -0
  122. package/dist/blocklet/types.d.mts +70 -0
  123. package/dist/blocklet/types.d.mts.map +1 -0
  124. package/dist/devices/chain.cjs +127 -0
  125. package/dist/devices/chain.d.cts +48 -0
  126. package/dist/devices/chain.d.cts.map +1 -0
  127. package/dist/devices/chain.d.mts +48 -0
  128. package/dist/devices/chain.d.mts.map +1 -0
  129. package/dist/devices/chain.mjs +125 -0
  130. package/dist/devices/chain.mjs.map +1 -0
  131. package/dist/dsl-shared.cjs +290 -0
  132. package/dist/dsl-shared.d.cts +54 -0
  133. package/dist/dsl-shared.d.cts.map +1 -0
  134. package/dist/dsl-shared.d.mts +54 -0
  135. package/dist/dsl-shared.d.mts.map +1 -0
  136. package/dist/dsl-shared.mjs +287 -0
  137. package/dist/dsl-shared.mjs.map +1 -0
  138. package/dist/http/afs-mcp.cjs +85 -0
  139. package/dist/http/afs-mcp.d.cts +14 -0
  140. package/dist/http/afs-mcp.d.cts.map +1 -0
  141. package/dist/http/afs-mcp.d.mts +14 -0
  142. package/dist/http/afs-mcp.d.mts.map +1 -0
  143. package/dist/http/afs-mcp.mjs +86 -0
  144. package/dist/http/afs-mcp.mjs.map +1 -0
  145. package/dist/http/afs-raw.cjs +264 -0
  146. package/dist/http/afs-raw.d.cts +31 -0
  147. package/dist/http/afs-raw.d.cts.map +1 -0
  148. package/dist/http/afs-raw.d.mts +31 -0
  149. package/dist/http/afs-raw.d.mts.map +1 -0
  150. package/dist/http/afs-raw.mjs +264 -0
  151. package/dist/http/afs-raw.mjs.map +1 -0
  152. package/dist/http/afs-rest.cjs +30 -0
  153. package/dist/http/afs-rest.d.cts +21 -0
  154. package/dist/http/afs-rest.d.cts.map +1 -0
  155. package/dist/http/afs-rest.d.mts +21 -0
  156. package/dist/http/afs-rest.d.mts.map +1 -0
  157. package/dist/http/afs-rest.mjs +31 -0
  158. package/dist/http/afs-rest.mjs.map +1 -0
  159. package/dist/http/afs-rpc-wire.cjs +271 -0
  160. package/dist/http/afs-rpc-wire.d.cts +195 -0
  161. package/dist/http/afs-rpc-wire.d.cts.map +1 -0
  162. package/dist/http/afs-rpc-wire.d.mts +195 -0
  163. package/dist/http/afs-rpc-wire.d.mts.map +1 -0
  164. package/dist/http/afs-rpc-wire.mjs +262 -0
  165. package/dist/http/afs-rpc-wire.mjs.map +1 -0
  166. package/dist/http/afs-rpc.cjs +729 -0
  167. package/dist/http/afs-rpc.d.cts +103 -0
  168. package/dist/http/afs-rpc.d.cts.map +1 -0
  169. package/dist/http/afs-rpc.d.mts +103 -0
  170. package/dist/http/afs-rpc.d.mts.map +1 -0
  171. package/dist/http/afs-rpc.mjs +729 -0
  172. package/dist/http/afs-rpc.mjs.map +1 -0
  173. package/dist/http/afs-upload.cjs +116 -0
  174. package/dist/http/afs-upload.d.cts +40 -0
  175. package/dist/http/afs-upload.d.cts.map +1 -0
  176. package/dist/http/afs-upload.d.mts +40 -0
  177. package/dist/http/afs-upload.d.mts.map +1 -0
  178. package/dist/http/afs-upload.mjs +116 -0
  179. package/dist/http/afs-upload.mjs.map +1 -0
  180. package/dist/http/aup-client.cjs +60 -0
  181. package/dist/http/aup-client.d.cts +22 -0
  182. package/dist/http/aup-client.d.cts.map +1 -0
  183. package/dist/http/aup-client.d.mts +22 -0
  184. package/dist/http/aup-client.d.mts.map +1 -0
  185. package/dist/http/aup-client.mjs +59 -0
  186. package/dist/http/aup-client.mjs.map +1 -0
  187. package/dist/http/aup-event.cjs +100 -0
  188. package/dist/http/aup-event.d.cts +38 -0
  189. package/dist/http/aup-event.d.cts.map +1 -0
  190. package/dist/http/aup-event.d.mts +38 -0
  191. package/dist/http/aup-event.d.mts.map +1 -0
  192. package/dist/http/aup-event.mjs +101 -0
  193. package/dist/http/aup-event.mjs.map +1 -0
  194. package/dist/http/auth-context.cjs +66 -0
  195. package/dist/http/auth-context.d.cts +64 -0
  196. package/dist/http/auth-context.d.cts.map +1 -0
  197. package/dist/http/auth-context.d.mts +64 -0
  198. package/dist/http/auth-context.d.mts.map +1 -0
  199. package/dist/http/auth-context.mjs +66 -0
  200. package/dist/http/auth-context.mjs.map +1 -0
  201. package/dist/http/csrf.cjs +50 -0
  202. package/dist/http/csrf.d.cts +8 -0
  203. package/dist/http/csrf.d.cts.map +1 -0
  204. package/dist/http/csrf.d.mts +8 -0
  205. package/dist/http/csrf.d.mts.map +1 -0
  206. package/dist/http/csrf.mjs +49 -0
  207. package/dist/http/csrf.mjs.map +1 -0
  208. package/dist/http/handlers.cjs +106 -0
  209. package/dist/http/handlers.d.cts +39 -0
  210. package/dist/http/handlers.d.cts.map +1 -0
  211. package/dist/http/handlers.d.mts +39 -0
  212. package/dist/http/handlers.d.mts.map +1 -0
  213. package/dist/http/handlers.mjs +104 -0
  214. package/dist/http/handlers.mjs.map +1 -0
  215. package/dist/http/index.d.mts +1 -0
  216. package/dist/http/ingest-facade.cjs +315 -0
  217. package/dist/http/ingest-facade.mjs +314 -0
  218. package/dist/http/ingest-facade.mjs.map +1 -0
  219. package/dist/http/raw-url.cjs +136 -0
  220. package/dist/http/raw-url.d.cts +54 -0
  221. package/dist/http/raw-url.d.cts.map +1 -0
  222. package/dist/http/raw-url.d.mts +54 -0
  223. package/dist/http/raw-url.d.mts.map +1 -0
  224. package/dist/http/raw-url.mjs +136 -0
  225. package/dist/http/raw-url.mjs.map +1 -0
  226. package/dist/http/request-context.cjs +178 -0
  227. package/dist/http/request-context.d.cts +76 -0
  228. package/dist/http/request-context.d.cts.map +1 -0
  229. package/dist/http/request-context.d.mts +76 -0
  230. package/dist/http/request-context.d.mts.map +1 -0
  231. package/dist/http/request-context.mjs +179 -0
  232. package/dist/http/request-context.mjs.map +1 -0
  233. package/dist/index.cjs +197 -0
  234. package/dist/index.d.cts +63 -0
  235. package/dist/index.d.mts +68 -0
  236. package/dist/index.mjs +61 -0
  237. package/dist/mcp/index.cjs +9 -0
  238. package/dist/mcp/index.d.cts +5 -0
  239. package/dist/mcp/index.d.mts +5 -0
  240. package/dist/mcp/index.mjs +6 -0
  241. package/dist/mcp/prompts.cjs +17 -0
  242. package/dist/mcp/prompts.d.cts +8 -0
  243. package/dist/mcp/prompts.d.cts.map +1 -0
  244. package/dist/mcp/prompts.d.mts +8 -0
  245. package/dist/mcp/prompts.d.mts.map +1 -0
  246. package/dist/mcp/prompts.mjs +17 -0
  247. package/dist/mcp/prompts.mjs.map +1 -0
  248. package/dist/mcp/resources.cjs +22 -0
  249. package/dist/mcp/resources.d.cts +8 -0
  250. package/dist/mcp/resources.d.cts.map +1 -0
  251. package/dist/mcp/resources.d.mts +8 -0
  252. package/dist/mcp/resources.d.mts.map +1 -0
  253. package/dist/mcp/resources.mjs +22 -0
  254. package/dist/mcp/resources.mjs.map +1 -0
  255. package/dist/mcp/server.cjs +51 -0
  256. package/dist/mcp/server.d.cts +20 -0
  257. package/dist/mcp/server.d.cts.map +1 -0
  258. package/dist/mcp/server.d.mts +20 -0
  259. package/dist/mcp/server.d.mts.map +1 -0
  260. package/dist/mcp/server.mjs +52 -0
  261. package/dist/mcp/server.mjs.map +1 -0
  262. package/dist/mcp/tools.cjs +218 -0
  263. package/dist/mcp/tools.d.cts +8 -0
  264. package/dist/mcp/tools.d.cts.map +1 -0
  265. package/dist/mcp/tools.d.mts +8 -0
  266. package/dist/mcp/tools.d.mts.map +1 -0
  267. package/dist/mcp/tools.mjs +219 -0
  268. package/dist/mcp/tools.mjs.map +1 -0
  269. package/dist/mcp/utils.cjs +75 -0
  270. package/dist/mcp/utils.mjs +69 -0
  271. package/dist/mcp/utils.mjs.map +1 -0
  272. package/dist/mount/index.cjs +4 -0
  273. package/dist/mount/index.d.cts +3 -0
  274. package/dist/mount/index.d.mts +3 -0
  275. package/dist/mount/index.mjs +3 -0
  276. package/dist/mount/materializer.cjs +167 -0
  277. package/dist/mount/materializer.d.cts +97 -0
  278. package/dist/mount/materializer.d.cts.map +1 -0
  279. package/dist/mount/materializer.d.mts +97 -0
  280. package/dist/mount/materializer.d.mts.map +1 -0
  281. package/dist/mount/materializer.mjs +167 -0
  282. package/dist/mount/materializer.mjs.map +1 -0
  283. package/dist/mount/types.d.cts +90 -0
  284. package/dist/mount/types.d.cts.map +1 -0
  285. package/dist/mount/types.d.mts +90 -0
  286. package/dist/mount/types.d.mts.map +1 -0
  287. package/dist/mount-config.cjs +61 -0
  288. package/dist/mount-config.d.cts +19 -0
  289. package/dist/mount-config.d.cts.map +1 -0
  290. package/dist/mount-config.d.mts +19 -0
  291. package/dist/mount-config.d.mts.map +1 -0
  292. package/dist/mount-config.mjs +61 -0
  293. package/dist/mount-config.mjs.map +1 -0
  294. package/dist/projectors/aup-projector.cjs +190 -0
  295. package/dist/projectors/aup-projector.d.cts +59 -0
  296. package/dist/projectors/aup-projector.d.cts.map +1 -0
  297. package/dist/projectors/aup-projector.d.mts +59 -0
  298. package/dist/projectors/aup-projector.d.mts.map +1 -0
  299. package/dist/projectors/aup-projector.mjs +188 -0
  300. package/dist/projectors/aup-projector.mjs.map +1 -0
  301. package/dist/projectors/index.cjs +6 -0
  302. package/dist/projectors/index.d.cts +2 -0
  303. package/dist/projectors/index.d.mts +2 -0
  304. package/dist/projectors/index.mjs +3 -0
  305. package/dist/scaffold/afs.cjs +195 -0
  306. package/dist/scaffold/afs.d.cts +16 -0
  307. package/dist/scaffold/afs.d.cts.map +1 -0
  308. package/dist/scaffold/afs.d.mts +16 -0
  309. package/dist/scaffold/afs.d.mts.map +1 -0
  310. package/dist/scaffold/afs.mjs +195 -0
  311. package/dist/scaffold/afs.mjs.map +1 -0
  312. package/dist/scaffold/composition.cjs +92 -0
  313. package/dist/scaffold/composition.d.cts +10 -0
  314. package/dist/scaffold/composition.d.cts.map +1 -0
  315. package/dist/scaffold/composition.d.mts +10 -0
  316. package/dist/scaffold/composition.d.mts.map +1 -0
  317. package/dist/scaffold/composition.mjs +92 -0
  318. package/dist/scaffold/composition.mjs.map +1 -0
  319. package/dist/scaffold/dsl-error.cjs +21 -0
  320. package/dist/scaffold/dsl-error.d.cts +11 -0
  321. package/dist/scaffold/dsl-error.d.cts.map +1 -0
  322. package/dist/scaffold/dsl-error.d.mts +11 -0
  323. package/dist/scaffold/dsl-error.d.mts.map +1 -0
  324. package/dist/scaffold/dsl-error.mjs +20 -0
  325. package/dist/scaffold/dsl-error.mjs.map +1 -0
  326. package/dist/scaffold/index.d.mts +12 -0
  327. package/dist/scaffold/manifest-dsl.cjs +188 -0
  328. package/dist/scaffold/manifest-dsl.d.cts +8 -0
  329. package/dist/scaffold/manifest-dsl.d.cts.map +1 -0
  330. package/dist/scaffold/manifest-dsl.d.mts +8 -0
  331. package/dist/scaffold/manifest-dsl.d.mts.map +1 -0
  332. package/dist/scaffold/manifest-dsl.mjs +188 -0
  333. package/dist/scaffold/manifest-dsl.mjs.map +1 -0
  334. package/dist/scaffold/module-dsl.cjs +284 -0
  335. package/dist/scaffold/module-dsl.d.cts +8 -0
  336. package/dist/scaffold/module-dsl.d.cts.map +1 -0
  337. package/dist/scaffold/module-dsl.d.mts +8 -0
  338. package/dist/scaffold/module-dsl.d.mts.map +1 -0
  339. package/dist/scaffold/module-dsl.mjs +284 -0
  340. package/dist/scaffold/module-dsl.mjs.map +1 -0
  341. package/dist/scaffold/resolver.cjs +156 -0
  342. package/dist/scaffold/resolver.d.cts +7 -0
  343. package/dist/scaffold/resolver.d.cts.map +1 -0
  344. package/dist/scaffold/resolver.d.mts +7 -0
  345. package/dist/scaffold/resolver.d.mts.map +1 -0
  346. package/dist/scaffold/resolver.mjs +156 -0
  347. package/dist/scaffold/resolver.mjs.map +1 -0
  348. package/dist/scaffold/runtime.cjs +24 -0
  349. package/dist/scaffold/runtime.d.cts +19 -0
  350. package/dist/scaffold/runtime.d.cts.map +1 -0
  351. package/dist/scaffold/runtime.d.mts +19 -0
  352. package/dist/scaffold/runtime.d.mts.map +1 -0
  353. package/dist/scaffold/runtime.mjs +25 -0
  354. package/dist/scaffold/runtime.mjs.map +1 -0
  355. package/dist/scaffold/shell-dsl.cjs +279 -0
  356. package/dist/scaffold/shell-dsl.d.cts +8 -0
  357. package/dist/scaffold/shell-dsl.d.cts.map +1 -0
  358. package/dist/scaffold/shell-dsl.d.mts +8 -0
  359. package/dist/scaffold/shell-dsl.d.mts.map +1 -0
  360. package/dist/scaffold/shell-dsl.mjs +279 -0
  361. package/dist/scaffold/shell-dsl.mjs.map +1 -0
  362. package/dist/scaffold/surface-dsl.cjs +182 -0
  363. package/dist/scaffold/surface-dsl.d.cts +8 -0
  364. package/dist/scaffold/surface-dsl.d.cts.map +1 -0
  365. package/dist/scaffold/surface-dsl.d.mts +8 -0
  366. package/dist/scaffold/surface-dsl.d.mts.map +1 -0
  367. package/dist/scaffold/surface-dsl.mjs +182 -0
  368. package/dist/scaffold/surface-dsl.mjs.map +1 -0
  369. package/dist/scaffold/surfaces.cjs +84 -0
  370. package/dist/scaffold/surfaces.d.cts +23 -0
  371. package/dist/scaffold/surfaces.d.cts.map +1 -0
  372. package/dist/scaffold/surfaces.d.mts +24 -0
  373. package/dist/scaffold/surfaces.d.mts.map +1 -0
  374. package/dist/scaffold/surfaces.mjs +84 -0
  375. package/dist/scaffold/surfaces.mjs.map +1 -0
  376. package/dist/scaffold/types.d.cts +264 -0
  377. package/dist/scaffold/types.d.cts.map +1 -0
  378. package/dist/scaffold/types.d.mts +265 -0
  379. package/dist/scaffold/types.d.mts.map +1 -0
  380. package/dist/scaffold/workspace-dsl.cjs +339 -0
  381. package/dist/scaffold/workspace-dsl.d.cts +49 -0
  382. package/dist/scaffold/workspace-dsl.d.cts.map +1 -0
  383. package/dist/scaffold/workspace-dsl.d.mts +49 -0
  384. package/dist/scaffold/workspace-dsl.d.mts.map +1 -0
  385. package/dist/scaffold/workspace-dsl.mjs +337 -0
  386. package/dist/scaffold/workspace-dsl.mjs.map +1 -0
  387. package/dist/scope/index.d.mts +3 -0
  388. package/dist/scope/read-blocklet-scope.cjs +29 -0
  389. package/dist/scope/read-blocklet-scope.d.cts +8 -0
  390. package/dist/scope/read-blocklet-scope.d.cts.map +1 -0
  391. package/dist/scope/read-blocklet-scope.d.mts +8 -0
  392. package/dist/scope/read-blocklet-scope.d.mts.map +1 -0
  393. package/dist/scope/read-blocklet-scope.mjs +30 -0
  394. package/dist/scope/read-blocklet-scope.mjs.map +1 -0
  395. package/dist/scope/resolve-scoped-afs.cjs +87 -0
  396. package/dist/scope/resolve-scoped-afs.d.cts +7 -0
  397. package/dist/scope/resolve-scoped-afs.d.cts.map +1 -0
  398. package/dist/scope/resolve-scoped-afs.d.mts +7 -0
  399. package/dist/scope/resolve-scoped-afs.d.mts.map +1 -0
  400. package/dist/scope/resolve-scoped-afs.mjs +88 -0
  401. package/dist/scope/resolve-scoped-afs.mjs.map +1 -0
  402. package/dist/scope/types.d.cts +25 -0
  403. package/dist/scope/types.d.cts.map +1 -0
  404. package/dist/scope/types.d.mts +25 -0
  405. package/dist/scope/types.d.mts.map +1 -0
  406. package/dist/session/backends.cjs +90 -0
  407. package/dist/session/backends.d.cts +35 -0
  408. package/dist/session/backends.d.cts.map +1 -0
  409. package/dist/session/backends.d.mts +35 -0
  410. package/dist/session/backends.d.mts.map +1 -0
  411. package/dist/session/backends.mjs +89 -0
  412. package/dist/session/backends.mjs.map +1 -0
  413. package/dist/session/replication-resolver.cjs +323 -0
  414. package/dist/session/replication-resolver.d.cts +71 -0
  415. package/dist/session/replication-resolver.d.cts.map +1 -0
  416. package/dist/session/replication-resolver.d.mts +71 -0
  417. package/dist/session/replication-resolver.d.mts.map +1 -0
  418. package/dist/session/replication-resolver.mjs +323 -0
  419. package/dist/session/replication-resolver.mjs.map +1 -0
  420. package/dist/session/role-level.cjs +36 -0
  421. package/dist/session/role-level.d.cts +24 -0
  422. package/dist/session/role-level.d.cts.map +1 -0
  423. package/dist/session/role-level.d.mts +24 -0
  424. package/dist/session/role-level.d.mts.map +1 -0
  425. package/dist/session/role-level.mjs +35 -0
  426. package/dist/session/role-level.mjs.map +1 -0
  427. package/dist/session/session-dir-providers.cjs +254 -0
  428. package/dist/session/session-dir-providers.d.cts +32 -0
  429. package/dist/session/session-dir-providers.d.cts.map +1 -0
  430. package/dist/session/session-dir-providers.d.mts +32 -0
  431. package/dist/session/session-dir-providers.d.mts.map +1 -0
  432. package/dist/session/session-dir-providers.mjs +252 -0
  433. package/dist/session/session-dir-providers.mjs.map +1 -0
  434. package/dist/session/session-id.cjs +20 -0
  435. package/dist/session/session-id.d.cts +15 -0
  436. package/dist/session/session-id.d.cts.map +1 -0
  437. package/dist/session/session-id.d.mts +15 -0
  438. package/dist/session/session-id.d.mts.map +1 -0
  439. package/dist/session/session-id.mjs +20 -0
  440. package/dist/session/session-id.mjs.map +1 -0
  441. package/dist/session/session-user-afs.cjs +899 -0
  442. package/dist/session/session-user-afs.d.cts +296 -0
  443. package/dist/session/session-user-afs.d.cts.map +1 -0
  444. package/dist/session/session-user-afs.d.mts +296 -0
  445. package/dist/session/session-user-afs.d.mts.map +1 -0
  446. package/dist/session/session-user-afs.mjs +896 -0
  447. package/dist/session/session-user-afs.mjs.map +1 -0
  448. package/dist/session/settings-cascade.cjs +69 -0
  449. package/dist/session/settings-cascade.d.cts +81 -0
  450. package/dist/session/settings-cascade.d.cts.map +1 -0
  451. package/dist/session/settings-cascade.d.mts +81 -0
  452. package/dist/session/settings-cascade.d.mts.map +1 -0
  453. package/dist/session/settings-cascade.mjs +69 -0
  454. package/dist/session/settings-cascade.mjs.map +1 -0
  455. package/dist/session/settings-resolver.cjs +770 -0
  456. package/dist/session/settings-resolver.d.cts +177 -0
  457. package/dist/session/settings-resolver.d.cts.map +1 -0
  458. package/dist/session/settings-resolver.d.mts +177 -0
  459. package/dist/session/settings-resolver.d.mts.map +1 -0
  460. package/dist/session/settings-resolver.mjs +771 -0
  461. package/dist/session/settings-resolver.mjs.map +1 -0
  462. package/dist/session/settings-schema-store.cjs +0 -0
  463. package/dist/session/settings-schema-store.d.cts +72 -0
  464. package/dist/session/settings-schema-store.d.cts.map +1 -0
  465. package/dist/session/settings-schema-store.d.mts +72 -0
  466. package/dist/session/settings-schema-store.d.mts.map +1 -0
  467. package/dist/session/settings-schema-store.mjs +0 -0
  468. package/dist/session/settings-schema-store.mjs.map +1 -0
  469. package/dist/system-mounts/index.cjs +14 -0
  470. package/dist/system-mounts/index.d.cts +6 -0
  471. package/dist/system-mounts/index.d.mts +6 -0
  472. package/dist/system-mounts/index.mjs +6 -0
  473. package/dist/system-mounts/install.cjs +101 -0
  474. package/dist/system-mounts/install.d.cts +36 -0
  475. package/dist/system-mounts/install.d.cts.map +1 -0
  476. package/dist/system-mounts/install.d.mts +37 -0
  477. package/dist/system-mounts/install.d.mts.map +1 -0
  478. package/dist/system-mounts/install.mjs +102 -0
  479. package/dist/system-mounts/install.mjs.map +1 -0
  480. package/dist/system-mounts/installers.cjs +247 -0
  481. package/dist/system-mounts/installers.d.cts +13 -0
  482. package/dist/system-mounts/installers.d.cts.map +1 -0
  483. package/dist/system-mounts/installers.d.mts +14 -0
  484. package/dist/system-mounts/installers.d.mts.map +1 -0
  485. package/dist/system-mounts/installers.mjs +244 -0
  486. package/dist/system-mounts/installers.mjs.map +1 -0
  487. package/dist/system-mounts/lists.cjs +122 -0
  488. package/dist/system-mounts/lists.d.cts +34 -0
  489. package/dist/system-mounts/lists.d.cts.map +1 -0
  490. package/dist/system-mounts/lists.d.mts +34 -0
  491. package/dist/system-mounts/lists.d.mts.map +1 -0
  492. package/dist/system-mounts/lists.mjs +122 -0
  493. package/dist/system-mounts/lists.mjs.map +1 -0
  494. package/dist/system-mounts/types.d.cts +124 -0
  495. package/dist/system-mounts/types.d.cts.map +1 -0
  496. package/dist/system-mounts/types.d.mts +125 -0
  497. package/dist/system-mounts/types.d.mts.map +1 -0
  498. package/dist/system-mounts/validate.cjs +56 -0
  499. package/dist/system-mounts/validate.d.cts +34 -0
  500. package/dist/system-mounts/validate.d.cts.map +1 -0
  501. package/dist/system-mounts/validate.d.mts +34 -0
  502. package/dist/system-mounts/validate.d.mts.map +1 -0
  503. package/dist/system-mounts/validate.mjs +56 -0
  504. package/dist/system-mounts/validate.mjs.map +1 -0
  505. package/dist/terminal-llm.cjs +90 -0
  506. package/dist/terminal-llm.d.cts +50 -0
  507. package/dist/terminal-llm.d.cts.map +1 -0
  508. package/dist/terminal-llm.d.mts +50 -0
  509. package/dist/terminal-llm.d.mts.map +1 -0
  510. package/dist/terminal-llm.mjs +90 -0
  511. package/dist/terminal-llm.mjs.map +1 -0
  512. package/dist/terminal-repl.cjs +371 -0
  513. package/dist/terminal-repl.d.cts +69 -0
  514. package/dist/terminal-repl.d.cts.map +1 -0
  515. package/dist/terminal-repl.d.mts +69 -0
  516. package/dist/terminal-repl.d.mts.map +1 -0
  517. package/dist/terminal-repl.mjs +370 -0
  518. package/dist/terminal-repl.mjs.map +1 -0
  519. package/dist/transport/idle-timer.cjs +136 -0
  520. package/dist/transport/idle-timer.d.cts +92 -0
  521. package/dist/transport/idle-timer.d.cts.map +1 -0
  522. package/dist/transport/idle-timer.d.mts +92 -0
  523. package/dist/transport/idle-timer.d.mts.map +1 -0
  524. package/dist/transport/idle-timer.mjs +132 -0
  525. package/dist/transport/idle-timer.mjs.map +1 -0
  526. package/dist/web-component-dsl.cjs +153 -0
  527. package/dist/web-component-dsl.d.cts +27 -0
  528. package/dist/web-component-dsl.d.cts.map +1 -0
  529. package/dist/web-component-dsl.d.mts +27 -0
  530. package/dist/web-component-dsl.d.mts.map +1 -0
  531. package/dist/web-component-dsl.mjs +152 -0
  532. package/dist/web-component-dsl.mjs.map +1 -0
  533. package/package.json +81 -0
@@ -0,0 +1,296 @@
1
+ import { SettingsSchemaHandle } from "./settings-schema-store.cjs";
2
+ import * as _aigne_afs0 from "@aigne/afs";
3
+ import { AFSBatchDeleteEntry, AFSBatchDeleteResult, AFSBatchReadEntry, AFSBatchReadResult, AFSBatchWriteEntry, AFSBatchWriteResult, AFSCollectionQueryResult, AFSCollectionQuerySpec, AFSDeleteOptions, AFSDeleteResult, AFSEventCallback, AFSEventFilter, AFSExecOptions, AFSExecResult, AFSExplainOptions, AFSExplainResult, AFSListOptions, AFSListResult, AFSModule, AFSQueryOptions, AFSReadOptions, AFSReadResult, AFSRoot, AFSSearchOptions, AFSSearchResult, AFSStatOptions, AFSStatResult, AFSUnsubscribe, AFSWriteEntryPayload, AFSWriteOptions, AFSWriteResult, MountInfo } from "@aigne/afs";
4
+
5
+ //#region src/session/session-user-afs.d.ts
6
+ /**
7
+ * STATIC full set of overlay prefixes a SessionUserAFS may mount — the
8
+ * anonymous-bearer denylist for signed raw URLs (afs-preview design §3).
9
+ *
10
+ * Deliberately NOT derived from an instance's `overlays` array: `/space` and
11
+ * `/instance/settings` are conditionally mounted, so per-instance derivation
12
+ * would drift with wiring. Fail-closed: an anonymous raw URL is refused for
13
+ * these prefixes even when the issuing session didn't mount them.
14
+ *
15
+ * KEEP IN SYNC with the constructor below — the unit test enumerates this
16
+ * set against the constructor's possible mounts, table-driven.
17
+ */
18
+ declare const SESSION_OVERLAY_PREFIXES: readonly ["/user/index", "/user", "/tmp", "/space", "/instance/settings"];
19
+ /**
20
+ * Whether a (sanitized) path falls under any session-private overlay prefix.
21
+ * Used by the raw-URL primitives to refuse anonymous bearer URLs for
22
+ * session-private content (issue-side denial + verify-side second defense).
23
+ */
24
+ declare function isSessionPrivatePath(path: string): boolean;
25
+ /**
26
+ * Guard the first-match-by-prefix invariant: no overlay may be preceded by
27
+ * another whose prefix is a proper prefix of it (which would swallow its
28
+ * paths). `/instance/settings` MUST come before any future `/instance` or `/`
29
+ * overlay. Extracted + exported so the ordering contract is unit-testable
30
+ * without reaching into the class. Throws on violation (a wiring bug).
31
+ */
32
+ declare function assertOverlayOrder(prefixes: string[]): void;
33
+ declare class SessionUserAFS implements AFSRoot {
34
+ private readonly base;
35
+ /**
36
+ * True when the blocklet manifest declares `index:` and `/user` search is
37
+ * expected to be served by `/user/index`. Kept separate from the
38
+ * `/user/index` overlay itself because runtimes reserve that path with a
39
+ * null provider even for no-index blocklets to make direct `/user/index`
40
+ * access fail closed.
41
+ */
42
+ private readonly indexSearchRequired;
43
+ readonly name: string;
44
+ readonly accessMode: AFSRoot["accessMode"];
45
+ private readonly overlays;
46
+ /**
47
+ * Named reference to the settings resolver overlay (the overlay table only
48
+ * stores it anonymously) so `beginRender`/`endRender` can proxy to it —
49
+ * settings-layering §2.B render boundary.
50
+ */
51
+ private readonly settingsResolver;
52
+ constructor(base: AFSRoot, /** The caller's per-user provider (userDataBackend output), or null for anonymous. */
53
+
54
+ userProvider: AFSModule | null, /** The session's `/tmp` provider (joinSession's sessionTmpBackend output), or null. */
55
+
56
+ tmpProvider: AFSModule | null, sessionId: string,
57
+ /**
58
+ * The per-session SettingsResolver intercepting `/instance/settings/**`
59
+ * (instance+user settings cascade), or null when settings aren't wired.
60
+ */
61
+
62
+ settingsResolver?: AFSModule | null,
63
+ /**
64
+ * The caller's whole DID Space root provider. Omit to leave `/space`
65
+ * untouched; pass null to explicitly reserve `/space` and fail closed.
66
+ */
67
+ spaceProvider?: AFSModule | null,
68
+ /**
69
+ * The caller's per-user semantic index (`@aigne/afs-index`) at `/user/index`.
70
+ * Omit to leave `/user/index` untouched (falls through to the `/user`
71
+ * provider); pass null to reserve it and fail closed. Mounted BEFORE `/user`
72
+ * so child-first routing sends `/user/index/**` here, mirroring how
73
+ * `/instance/settings` precedes `/instance`.
74
+ */
75
+ indexProvider?: AFSModule | null,
76
+ /**
77
+ * Replicated-collection overlays built by createSessionView when the blocklet
78
+ * manifest declares `replicated` collections. Each entry is mounted at its
79
+ * `prefix` (e.g. `/instance`) AFTER the `/instance/settings` interceptor so
80
+ * child-first routing sends `/instance/settings/**` to the SettingsResolver
81
+ * and everything else in the prefix to the ReplicationResolver.
82
+ */
83
+ replicationOverlays?: Array<{
84
+ prefix: string;
85
+ id: string;
86
+ provider: AFSModule | null;
87
+ }>,
88
+ /**
89
+ * True when the blocklet manifest declares `index:` and `/user` search is
90
+ * expected to be served by `/user/index`. Kept separate from the
91
+ * `/user/index` overlay itself because runtimes reserve that path with a
92
+ * null provider even for no-index blocklets to make direct `/user/index`
93
+ * access fail closed.
94
+ */
95
+ indexSearchRequired?: boolean);
96
+ /** Match a path against the overlay table. Returns the overlay + sub-path. */
97
+ private matchOverlay;
98
+ /** Overlays that are actually backed (provider present). */
99
+ private get activeOverlays();
100
+ /** Backed AND root-level overlays — the ones surfaced at `/` / in getMounts. */
101
+ private get rootOverlays();
102
+ private rejectMissing;
103
+ /**
104
+ * Whether a write context originates from an untrusted network client.
105
+ * `callerOrigin` is a host-stamped, unforgeable marker (strip + trusted reset,
106
+ * see FORGEABLE_CONTEXT_FIELDS); internal code (seeding / cron / agent /
107
+ * operator CLI) carries no `callerOrigin`. Mirrors the reflexive effect gate's
108
+ * network check (`exec-effect-gate.ts`).
109
+ */
110
+ private isNetworkOrigin;
111
+ /**
112
+ * Caller-origin base-write gate (instance-write-authz §5.1). A network client
113
+ * may never bare-write a BASE-fallthrough path — any path NOT matched by an
114
+ * overlay (`/instance/<non-mediated>`, `/packages`, `/dev`, `/registry`, `/`).
115
+ * Authorized `/instance` writes must go through a resolver overlay
116
+ * (`/instance/settings` → SettingsResolver, future `/instance/app` →
117
+ * ReplicationResolver — each carries its own role/minRole gate) or internal
118
+ * trusted code (`callerOrigin: undefined`).
119
+ *
120
+ * Called ONLY on the base-fallthrough branch (overlay-matched paths never
121
+ * reach here). STRICTER than the effect gate: it rejects AUTHENTICATED network
122
+ * callers too (the effect gate lets `caller.did` through) — that authed-but-
123
+ * network reflexive base write is exactly Finding 1's live path.
124
+ */
125
+ private forbiddenBaseWrite;
126
+ private enforceBaseWriteGate;
127
+ /** Re-prefix a provider-relative path back into the overlay namespace. */
128
+ private reprefix;
129
+ list(path: string, options?: AFSListOptions): Promise<AFSListResult>;
130
+ read(path: string, options?: AFSReadOptions): Promise<AFSReadResult>;
131
+ /**
132
+ * Overlay-dispatch for `presignRead` (preview-r2-direct §5a.2 / T1.2). Same
133
+ * routing as `read`: a matched overlay whose provider implements `presignRead`
134
+ * gets the sub-path; a base-fallthrough path (or an overlay provider without
135
+ * the capability) → `null` (fail-soft → the raw handler serves bytes itself).
136
+ *
137
+ * The meta-only ACL and the `null`-on-everything fail-soft live DEEPER (the
138
+ * `/user` overlay provider is a `ProjectionProvider` → core `AFS` (globalAFS),
139
+ * where the authoritative meta guard runs — §5a.2 "routing to the root
140
+ * computation"); this layer only forwards.
141
+ *
142
+ * This is the HANDLER-FACING surface (`scoped.afs`), so it owns the §5a.5
143
+ * "NEVER throws to the handler" guarantee end-to-end: a deeper layer that
144
+ * throws (e.g. a read-disabled `ProjectionProvider.checkOp("read")` →
145
+ * `AFSAccessModeError`) is caught here → `null` → the raw handler serves bytes
146
+ * itself (and the worker-serve read then re-applies that same gate). No URL
147
+ * can leak past a read-disabled / failing projection.
148
+ */
149
+ presignRead(path: string, opts?: {
150
+ responseContentType?: string;
151
+ }): Promise<{
152
+ url: string;
153
+ expiresAt: string;
154
+ } | null>;
155
+ write(path: string, content: AFSWriteEntryPayload, options?: AFSWriteOptions): Promise<AFSWriteResult>;
156
+ delete(path: string, options?: AFSDeleteOptions): Promise<AFSDeleteResult>;
157
+ /** Plan contiguous runs of entry indices by overlay identity (null = base). */
158
+ private planOverlayRuns;
159
+ batchWrite(entries: AFSBatchWriteEntry[], options?: _aigne_afs0.AFSOperationOptions): Promise<AFSBatchWriteResult>;
160
+ batchDelete(entries: AFSBatchDeleteEntry[], options?: _aigne_afs0.AFSOperationOptions): Promise<AFSBatchDeleteResult>;
161
+ batchRead(entries: AFSBatchReadEntry[], options?: _aigne_afs0.AFSOperationOptions): Promise<AFSBatchReadResult>;
162
+ query(path: string, spec: AFSCollectionQuerySpec, options?: AFSQueryOptions): Promise<AFSCollectionQueryResult>;
163
+ stat(path: string, options?: AFSStatOptions): Promise<AFSStatResult>;
164
+ explain(path: string, options?: AFSExplainOptions): Promise<AFSExplainResult>;
165
+ /**
166
+ * Find the `/user/index` overlay's backing provider, or undefined when
167
+ * unmounted (no `index:` manifest section) OR reserved-null (blocklet
168
+ * declares `index:` but this caller has no DID / no callerDid — see
169
+ * `createSessionView`'s `indexProvider` doc).
170
+ */
171
+ private findIndexOverlay;
172
+ private isAfsValidationError;
173
+ private isAfsDependencyError;
174
+ private searchDiagnostics;
175
+ private rejectIndexSearchFallback;
176
+ /**
177
+ * Parse a `read()`-returned raw content string as JSON, matching the exact
178
+ * fail-soft convention `IndexFollower.indexEntry` uses when hydrating
179
+ * changelog rows (`providers/basic/index/src/follower.ts`): non-string
180
+ * content is passed through untouched; a string that isn't valid JSON is
181
+ * kept as the raw string rather than dropped. afs-list's `performSearch`
182
+ * (P5 forward contract) expects a resolved `content` object for JSON
183
+ * entries — this is what makes that true without a second copy of the
184
+ * parse-or-passthrough logic living in the hydration loop below.
185
+ */
186
+ private parseEntryContent;
187
+ /**
188
+ * Hydrate index-query hits (`{ entryPath, score, matchType }` — path only,
189
+ * no content) into full `AFSEntry` objects by reading each `entryPath`
190
+ * through THIS session view (so the caller's own `/user` overlay + its
191
+ * per-caller isolation applies a second time, on top of the index query's
192
+ * own `boundDomains` isolation — belt-and-suspenders, not redundant: see
193
+ * design.md P5 section). A stale entry (index has it, storage doesn't —
194
+ * e.g. a delete that hasn't reached the follower yet) fails the `read()`
195
+ * and is skipped rather than surfaced as a broken result.
196
+ */
197
+ private hydrateSearchEntries;
198
+ /**
199
+ * Search-verb forward contract (P5, design.md "search verb forwarding"):
200
+ * a `/user/**` search first tries the caller's semantic `/user/index`
201
+ * (when mounted with a real provider), scoping hits to the requested
202
+ * subtree and hydrating them with real content via `read()`. For blocklets
203
+ * whose manifest declares `index:`, the index is authoritative: failures are
204
+ * surfaced and DID Space native search is refused because it is an O(N)
205
+ * content scan. Legacy/no-index blocklets keep the old direct overlay search
206
+ * behavior. A successful empty index result is authoritative and returns an
207
+ * empty array. Index results and fallback results are never unioned. Any other
208
+ * overlay (`/user/index` addressed directly, `/tmp`, `/space`,
209
+ * `/instance/settings`, replication overlays) keeps its pre-existing
210
+ * single-overlay-search behavior unchanged.
211
+ */
212
+ search(path: string, query: string, options?: AFSSearchOptions): Promise<AFSSearchResult>;
213
+ exec(path: string, args: Record<string, unknown>, options: AFSExecOptions): Promise<AFSExecResult>;
214
+ /**
215
+ * Inject `context.afs = this` so downstream provider handlers that call
216
+ * back into AFS (`ctx.context.afs.read`/`.write`/`.exec`/...) hit this
217
+ * overlaid session view — not the bare runtime root the provider was
218
+ * mounted into. Without this, the `/user` overlay (and any other per-
219
+ * caller overlay) is invisible to handler-internal AFS calls, so writes
220
+ * silently land on the global `/user` fs mount instead of the caller's
221
+ * DID-Space-projected `/user`.
222
+ */
223
+ private withSelfContext;
224
+ subscribe(filter: AFSEventFilter, callback: AFSEventCallback): AFSUnsubscribe;
225
+ /**
226
+ * Subscribe one overlay's backing provider, re-prefixing bridged event paths
227
+ * back into the overlay namespace. No-op when the overlay is unbacked
228
+ * (anonymous `/user`) or its provider lacks `subscribe`.
229
+ */
230
+ private subscribeOverlay;
231
+ beginRender(renderId: string): Promise<void>;
232
+ endRender(renderId: string): void;
233
+ getMounts(namespace?: string | null): MountInfo[];
234
+ initializePhysicalPath(...args: Parameters<AFSRoot["initializePhysicalPath"]>): Promise<string>;
235
+ cleanupPhysicalPath(...args: Parameters<AFSRoot["cleanupPhysicalPath"]>): Promise<void>;
236
+ setEventSink(...args: Parameters<NonNullable<AFSModule["setEventSink"]>>): void;
237
+ setSecretCapability(...args: Parameters<NonNullable<AFSModule["setSecretCapability"]>>): void;
238
+ }
239
+ /**
240
+ * Assemble a caller's per-session view: a SettingsResolver (instance+user
241
+ * settings cascade, role-aware) wrapped by a SessionUserAFS (`/user` +
242
+ * optional `/space` + `/tmp` + `/instance/settings`). This is the construction the daemon's
243
+ * `buildSessionView` chokepoint delegates to — extracted so the role→resolver
244
+ * wiring is unit-testable in isolation (the daemon's only remaining job is to
245
+ * RESOLVE `role` from the verified session before calling this).
246
+ *
247
+ * The resolver always exists (even for anonymous / no role) so
248
+ * `/instance/settings` carries correct capability hints + enforcement for every
249
+ * caller — there is no bypass path.
250
+ */
251
+ declare function createSessionView(opts: {
252
+ base: AFSRoot;
253
+ userProvider: AFSModule | null;
254
+ tmpProvider: AFSModule | null;
255
+ /**
256
+ * Omitted → no `/space` overlay. null → `/space` reserved and NotFound
257
+ * (fail-closed). Provider → mounted caller DID Space root.
258
+ */
259
+ spaceProvider?: AFSModule | null; /** Caller role from the verified session; undefined → non-admin (fail-closed). */
260
+ role: string | undefined;
261
+ sessionId: string;
262
+ /**
263
+ * Derived package-schema handle for this blocklet (settings-layering
264
+ * Phase 1c), pre-bound to identity + base by the runtime. Optional — absent
265
+ * means no derived index (legacy resolution; existing call sites/tests
266
+ * unchanged).
267
+ */
268
+ settingsSchema?: SettingsSchemaHandle | null;
269
+ /**
270
+ * Caller's per-user semantic index provider mounted at `/user/index`.
271
+ * Omitted → no overlay (path falls through to `/user`); null → reserved.
272
+ */
273
+ indexProvider?: AFSModule | null;
274
+ /**
275
+ * Whether `/user` search must be served by `/user/index` because the
276
+ * blocklet manifest declares `index:`. Kept distinct from `indexProvider`
277
+ * because runtimes may reserve `/user/index` with null for no-index
278
+ * blocklets while direct path access still fails closed.
279
+ */
280
+ indexSearchRequired?: boolean;
281
+ /**
282
+ * Verified caller DID (from the session, never client-supplied). Forwarded
283
+ * to ReplicationResolver for authorship tagging and ownItem delete gate.
284
+ * null/undefined → anonymous (no copy-side writes).
285
+ */
286
+ callerDid?: string | null;
287
+ /**
288
+ * Replicated-collection declarations parsed from the blocklet manifest.
289
+ * When non-empty, a ReplicationResolver is built and mounted at the computed
290
+ * common ancestor prefix (e.g. "/instance"). null/omitted → no overlay.
291
+ */
292
+ replicated?: Record<string, _aigne_afs0.ReplicatedCollection> | null;
293
+ }): SessionUserAFS;
294
+ //#endregion
295
+ export { SESSION_OVERLAY_PREFIXES, SessionUserAFS, assertOverlayOrder, createSessionView, isSessionPrivatePath };
296
+ //# sourceMappingURL=session-user-afs.d.cts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"session-user-afs.d.cts","names":[],"sources":["../../src/session/session-user-afs.ts"],"mappings":";;;;;;;;;;;;;;;;;cAgLa,wBAAA;;;;;;iBAaG,oBAAA,CAAqB,IAAA;;;;;;;;iBAWrB,kBAAA,CAAmB,QAAA;AAAA,cAgDtB,cAAA,YAA0B,OAAA;EAAA,iBAclB,IAAA;EA2iCoD;;;;;;;EAAA,iBApgCpD,mBAAA;EAAA,SApDV,IAAA;EAAA,SACA,UAAA,EAAY,OAAA;EAAA,iBAEJ,QAAA;EAUE;;;;;EAAA,iBAHF,gBAAA;cAGE,IAAA,EAAM,OAAA;;EAEvB,YAAA,EAAc,SAAA,SAFG;;EAIjB,WAAA,EAAa,SAAA,SACb,SAAA;EAHA;;;;;EAQA,gBAAA,GAAkB,SAAA;EAAlB;;;;EAKA,aAAA,GAAgB,SAAA;EAgBM;;;;;;;EARtB,aAAA,GAAgB,SAAA;EA6EN;;;;;;;EArEV,mBAAA,GAAsB,KAAA;IAAQ,MAAA;IAAgB,EAAA;IAAY,QAAA,EAAU,SAAA;EAAA;EA2HV;;;;;;;EAnHzC,mBAAA;EAgLjB;EAAA,QA9HM,YAAA;EA+HN;EAAA,YApHU,cAAA,CAAA;EAqHC;EAAA,YAhHD,YAAA,CAAA;EAAA,QAIJ,aAAA;EA4HN;;;;;;;EAAA,QAjHM,eAAA;EAkIK;;;;;;;;;;;;;;EAAA,QAhHL,kBAAA;EAAA,QAOA,oBAAA;EAqOwB;EAAA,QAhOxB,QAAA;EAIF,IAAA,CAAK,IAAA,UAAc,OAAA,GAAU,cAAA,GAAiB,OAAA,CAAQ,aAAA;EA+BtD,IAAA,CAAK,IAAA,UAAc,OAAA,GAAU,cAAA,GAAiB,OAAA,CAAQ,aAAA;EAkQtD;;;;;;;;;;;;;;;;;;EArOA,WAAA,CACJ,IAAA,UACA,IAAA;IAAS,mBAAA;EAAA,IACR,OAAA;IAAU,GAAA;IAAa,SAAA;EAAA;EAepB,KAAA,CACJ,IAAA,UACA,OAAA,EAAS,oBAAA,EACT,OAAA,GAAU,eAAA,GACT,OAAA,CAAQ,cAAA;EAcL,MAAA,CAAO,IAAA,UAAc,OAAA,GAAU,gBAAA,GAAmB,OAAA,CAAQ,eAAA;EA4QE;EAAA,QAlP1D,eAAA;EAWF,UAAA,CACJ,OAAA,EAAS,kBAAA,IACT,OAAA,GAD2B,WAAA,CACI,mBAAA,GAC9B,OAAA,CAAQ,mBAAA;EAmFL,WAAA,CACJ,OAAA,EAAS,mBAAA,IACT,OAAA,GAD4B,WAAA,CACG,mBAAA,GAC9B,OAAA,CAAQ,oBAAA;EAmEL,SAAA,CACJ,OAAA,EAAS,iBAAA,IACT,OAAA,GAD0B,WAAA,CACK,mBAAA,GAC9B,OAAA,CAAQ,kBAAA;EAoBL,KAAA,CACJ,IAAA,UACA,IAAA,EAAM,sBAAA,EACN,OAAA,GAAU,eAAA,GACT,OAAA,CAAQ,wBAAA;EA+BL,IAAA,CAAK,IAAA,UAAc,OAAA,GAAU,cAAA,GAAiB,OAAA,CAAQ,aAAA;EAiBtD,OAAA,CAAQ,IAAA,UAAc,OAAA,GAAU,iBAAA,GAAoB,OAAA,CAAQ,gBAAA;EA0M5D;;;;;;EAAA,QAtLE,gBAAA;EAAA,QAIA,oBAAA;EAAA,QAKA,oBAAA;EAAA,QAKA,iBAAA;EAAA,QA4BA,yBAAA;EA2SG;;;;;;;;;;EAAA,QA9QH,iBAAA;EA0ZA;;;;;;;;;;EAAA,QAvYM,oBAAA;EAmbkB;;;;;;;;;;;;;;EAvV1B,MAAA,CAAO,IAAA,UAAc,KAAA,UAAe,OAAA,GAAU,gBAAA,GAAmB,OAAA,CAAQ,eAAA;EA4JzE,IAAA,CACJ,IAAA,UACA,IAAA,EAAM,MAAA,mBACN,OAAA,EAAS,cAAA,GACR,OAAA,CAAQ,aAAA;EAmM6B;;;;AAiB1C;;;;;EAjB0C,QApHhC,eAAA;EAeR,SAAA,CAAU,MAAA,EAAQ,cAAA,EAAgB,QAAA,EAAU,gBAAA,GAAmB,cAAA;EA8HtC;;;;;EAAA,QAjFjB,gBAAA;EAiBF,WAAA,CAAY,QAAA,WAAmB,OAAA;EAIrC,SAAA,CAAU,QAAA;EAIV,SAAA,CAAU,SAAA,mBAA4B,SAAA;EAmBtC,sBAAA,CAAA,GAA0B,IAAA,EAAM,UAAA,CAAW,OAAA,8BAAkC,OAAA;EAI7E,mBAAA,CAAA,GAAuB,IAAA,EAAM,UAAA,CAAW,OAAA,2BAA+B,OAAA;EAIvE,YAAA,CAAA,GAAgB,IAAA,EAAM,UAAA,CAAW,WAAA,CAAY,SAAA;EAI7C,mBAAA,CAAA,GAAuB,IAAA,EAAM,UAAA,CAAW,WAAA,CAAY,SAAA;AAAA;;;;;;;;;;;;;iBAiBtC,iBAAA,CAAkB,IAAA;EAChC,IAAA,EAAM,OAAA;EACN,YAAA,EAAc,SAAA;EACd,WAAA,EAAa,SAAA;;;;;EAKb,aAAA,GAAgB,SAAA;EAEhB,IAAA;EACA,SAAA;;;;;;;EAOA,cAAA,GAVyB,oBAAA;;;;;EAezB,aAAA,GAAgB,SAAA;;;;;;;EAOhB,mBAAA;;;;;;EAMA,SAAA;;;;;;EAMA,UAAA,GAAa,MAAA,SAnBY,WAAA,CAmBwB,oBAAA;AAAA,IAC/C,cAAA"}
@@ -0,0 +1,296 @@
1
+ import { SettingsSchemaHandle } from "./settings-schema-store.mjs";
2
+ import * as _aigne_afs0 from "@aigne/afs";
3
+ import { AFSBatchDeleteEntry, AFSBatchDeleteResult, AFSBatchReadEntry, AFSBatchReadResult, AFSBatchWriteEntry, AFSBatchWriteResult, AFSCollectionQueryResult, AFSCollectionQuerySpec, AFSDeleteOptions, AFSDeleteResult, AFSEventCallback, AFSEventFilter, AFSExecOptions, AFSExecResult, AFSExplainOptions, AFSExplainResult, AFSListOptions, AFSListResult, AFSModule, AFSQueryOptions, AFSReadOptions, AFSReadResult, AFSRoot, AFSSearchOptions, AFSSearchResult, AFSStatOptions, AFSStatResult, AFSUnsubscribe, AFSWriteEntryPayload, AFSWriteOptions, AFSWriteResult, MountInfo } from "@aigne/afs";
4
+
5
+ //#region src/session/session-user-afs.d.ts
6
+ /**
7
+ * STATIC full set of overlay prefixes a SessionUserAFS may mount — the
8
+ * anonymous-bearer denylist for signed raw URLs (afs-preview design §3).
9
+ *
10
+ * Deliberately NOT derived from an instance's `overlays` array: `/space` and
11
+ * `/instance/settings` are conditionally mounted, so per-instance derivation
12
+ * would drift with wiring. Fail-closed: an anonymous raw URL is refused for
13
+ * these prefixes even when the issuing session didn't mount them.
14
+ *
15
+ * KEEP IN SYNC with the constructor below — the unit test enumerates this
16
+ * set against the constructor's possible mounts, table-driven.
17
+ */
18
+ declare const SESSION_OVERLAY_PREFIXES: readonly ["/user/index", "/user", "/tmp", "/space", "/instance/settings"];
19
+ /**
20
+ * Whether a (sanitized) path falls under any session-private overlay prefix.
21
+ * Used by the raw-URL primitives to refuse anonymous bearer URLs for
22
+ * session-private content (issue-side denial + verify-side second defense).
23
+ */
24
+ declare function isSessionPrivatePath(path: string): boolean;
25
+ /**
26
+ * Guard the first-match-by-prefix invariant: no overlay may be preceded by
27
+ * another whose prefix is a proper prefix of it (which would swallow its
28
+ * paths). `/instance/settings` MUST come before any future `/instance` or `/`
29
+ * overlay. Extracted + exported so the ordering contract is unit-testable
30
+ * without reaching into the class. Throws on violation (a wiring bug).
31
+ */
32
+ declare function assertOverlayOrder(prefixes: string[]): void;
33
+ declare class SessionUserAFS implements AFSRoot {
34
+ private readonly base;
35
+ /**
36
+ * True when the blocklet manifest declares `index:` and `/user` search is
37
+ * expected to be served by `/user/index`. Kept separate from the
38
+ * `/user/index` overlay itself because runtimes reserve that path with a
39
+ * null provider even for no-index blocklets to make direct `/user/index`
40
+ * access fail closed.
41
+ */
42
+ private readonly indexSearchRequired;
43
+ readonly name: string;
44
+ readonly accessMode: AFSRoot["accessMode"];
45
+ private readonly overlays;
46
+ /**
47
+ * Named reference to the settings resolver overlay (the overlay table only
48
+ * stores it anonymously) so `beginRender`/`endRender` can proxy to it —
49
+ * settings-layering §2.B render boundary.
50
+ */
51
+ private readonly settingsResolver;
52
+ constructor(base: AFSRoot, /** The caller's per-user provider (userDataBackend output), or null for anonymous. */
53
+
54
+ userProvider: AFSModule | null, /** The session's `/tmp` provider (joinSession's sessionTmpBackend output), or null. */
55
+
56
+ tmpProvider: AFSModule | null, sessionId: string,
57
+ /**
58
+ * The per-session SettingsResolver intercepting `/instance/settings/**`
59
+ * (instance+user settings cascade), or null when settings aren't wired.
60
+ */
61
+
62
+ settingsResolver?: AFSModule | null,
63
+ /**
64
+ * The caller's whole DID Space root provider. Omit to leave `/space`
65
+ * untouched; pass null to explicitly reserve `/space` and fail closed.
66
+ */
67
+ spaceProvider?: AFSModule | null,
68
+ /**
69
+ * The caller's per-user semantic index (`@aigne/afs-index`) at `/user/index`.
70
+ * Omit to leave `/user/index` untouched (falls through to the `/user`
71
+ * provider); pass null to reserve it and fail closed. Mounted BEFORE `/user`
72
+ * so child-first routing sends `/user/index/**` here, mirroring how
73
+ * `/instance/settings` precedes `/instance`.
74
+ */
75
+ indexProvider?: AFSModule | null,
76
+ /**
77
+ * Replicated-collection overlays built by createSessionView when the blocklet
78
+ * manifest declares `replicated` collections. Each entry is mounted at its
79
+ * `prefix` (e.g. `/instance`) AFTER the `/instance/settings` interceptor so
80
+ * child-first routing sends `/instance/settings/**` to the SettingsResolver
81
+ * and everything else in the prefix to the ReplicationResolver.
82
+ */
83
+ replicationOverlays?: Array<{
84
+ prefix: string;
85
+ id: string;
86
+ provider: AFSModule | null;
87
+ }>,
88
+ /**
89
+ * True when the blocklet manifest declares `index:` and `/user` search is
90
+ * expected to be served by `/user/index`. Kept separate from the
91
+ * `/user/index` overlay itself because runtimes reserve that path with a
92
+ * null provider even for no-index blocklets to make direct `/user/index`
93
+ * access fail closed.
94
+ */
95
+ indexSearchRequired?: boolean);
96
+ /** Match a path against the overlay table. Returns the overlay + sub-path. */
97
+ private matchOverlay;
98
+ /** Overlays that are actually backed (provider present). */
99
+ private get activeOverlays();
100
+ /** Backed AND root-level overlays — the ones surfaced at `/` / in getMounts. */
101
+ private get rootOverlays();
102
+ private rejectMissing;
103
+ /**
104
+ * Whether a write context originates from an untrusted network client.
105
+ * `callerOrigin` is a host-stamped, unforgeable marker (strip + trusted reset,
106
+ * see FORGEABLE_CONTEXT_FIELDS); internal code (seeding / cron / agent /
107
+ * operator CLI) carries no `callerOrigin`. Mirrors the reflexive effect gate's
108
+ * network check (`exec-effect-gate.ts`).
109
+ */
110
+ private isNetworkOrigin;
111
+ /**
112
+ * Caller-origin base-write gate (instance-write-authz §5.1). A network client
113
+ * may never bare-write a BASE-fallthrough path — any path NOT matched by an
114
+ * overlay (`/instance/<non-mediated>`, `/packages`, `/dev`, `/registry`, `/`).
115
+ * Authorized `/instance` writes must go through a resolver overlay
116
+ * (`/instance/settings` → SettingsResolver, future `/instance/app` →
117
+ * ReplicationResolver — each carries its own role/minRole gate) or internal
118
+ * trusted code (`callerOrigin: undefined`).
119
+ *
120
+ * Called ONLY on the base-fallthrough branch (overlay-matched paths never
121
+ * reach here). STRICTER than the effect gate: it rejects AUTHENTICATED network
122
+ * callers too (the effect gate lets `caller.did` through) — that authed-but-
123
+ * network reflexive base write is exactly Finding 1's live path.
124
+ */
125
+ private forbiddenBaseWrite;
126
+ private enforceBaseWriteGate;
127
+ /** Re-prefix a provider-relative path back into the overlay namespace. */
128
+ private reprefix;
129
+ list(path: string, options?: AFSListOptions): Promise<AFSListResult>;
130
+ read(path: string, options?: AFSReadOptions): Promise<AFSReadResult>;
131
+ /**
132
+ * Overlay-dispatch for `presignRead` (preview-r2-direct §5a.2 / T1.2). Same
133
+ * routing as `read`: a matched overlay whose provider implements `presignRead`
134
+ * gets the sub-path; a base-fallthrough path (or an overlay provider without
135
+ * the capability) → `null` (fail-soft → the raw handler serves bytes itself).
136
+ *
137
+ * The meta-only ACL and the `null`-on-everything fail-soft live DEEPER (the
138
+ * `/user` overlay provider is a `ProjectionProvider` → core `AFS` (globalAFS),
139
+ * where the authoritative meta guard runs — §5a.2 "routing to the root
140
+ * computation"); this layer only forwards.
141
+ *
142
+ * This is the HANDLER-FACING surface (`scoped.afs`), so it owns the §5a.5
143
+ * "NEVER throws to the handler" guarantee end-to-end: a deeper layer that
144
+ * throws (e.g. a read-disabled `ProjectionProvider.checkOp("read")` →
145
+ * `AFSAccessModeError`) is caught here → `null` → the raw handler serves bytes
146
+ * itself (and the worker-serve read then re-applies that same gate). No URL
147
+ * can leak past a read-disabled / failing projection.
148
+ */
149
+ presignRead(path: string, opts?: {
150
+ responseContentType?: string;
151
+ }): Promise<{
152
+ url: string;
153
+ expiresAt: string;
154
+ } | null>;
155
+ write(path: string, content: AFSWriteEntryPayload, options?: AFSWriteOptions): Promise<AFSWriteResult>;
156
+ delete(path: string, options?: AFSDeleteOptions): Promise<AFSDeleteResult>;
157
+ /** Plan contiguous runs of entry indices by overlay identity (null = base). */
158
+ private planOverlayRuns;
159
+ batchWrite(entries: AFSBatchWriteEntry[], options?: _aigne_afs0.AFSOperationOptions): Promise<AFSBatchWriteResult>;
160
+ batchDelete(entries: AFSBatchDeleteEntry[], options?: _aigne_afs0.AFSOperationOptions): Promise<AFSBatchDeleteResult>;
161
+ batchRead(entries: AFSBatchReadEntry[], options?: _aigne_afs0.AFSOperationOptions): Promise<AFSBatchReadResult>;
162
+ query(path: string, spec: AFSCollectionQuerySpec, options?: AFSQueryOptions): Promise<AFSCollectionQueryResult>;
163
+ stat(path: string, options?: AFSStatOptions): Promise<AFSStatResult>;
164
+ explain(path: string, options?: AFSExplainOptions): Promise<AFSExplainResult>;
165
+ /**
166
+ * Find the `/user/index` overlay's backing provider, or undefined when
167
+ * unmounted (no `index:` manifest section) OR reserved-null (blocklet
168
+ * declares `index:` but this caller has no DID / no callerDid — see
169
+ * `createSessionView`'s `indexProvider` doc).
170
+ */
171
+ private findIndexOverlay;
172
+ private isAfsValidationError;
173
+ private isAfsDependencyError;
174
+ private searchDiagnostics;
175
+ private rejectIndexSearchFallback;
176
+ /**
177
+ * Parse a `read()`-returned raw content string as JSON, matching the exact
178
+ * fail-soft convention `IndexFollower.indexEntry` uses when hydrating
179
+ * changelog rows (`providers/basic/index/src/follower.ts`): non-string
180
+ * content is passed through untouched; a string that isn't valid JSON is
181
+ * kept as the raw string rather than dropped. afs-list's `performSearch`
182
+ * (P5 forward contract) expects a resolved `content` object for JSON
183
+ * entries — this is what makes that true without a second copy of the
184
+ * parse-or-passthrough logic living in the hydration loop below.
185
+ */
186
+ private parseEntryContent;
187
+ /**
188
+ * Hydrate index-query hits (`{ entryPath, score, matchType }` — path only,
189
+ * no content) into full `AFSEntry` objects by reading each `entryPath`
190
+ * through THIS session view (so the caller's own `/user` overlay + its
191
+ * per-caller isolation applies a second time, on top of the index query's
192
+ * own `boundDomains` isolation — belt-and-suspenders, not redundant: see
193
+ * design.md P5 section). A stale entry (index has it, storage doesn't —
194
+ * e.g. a delete that hasn't reached the follower yet) fails the `read()`
195
+ * and is skipped rather than surfaced as a broken result.
196
+ */
197
+ private hydrateSearchEntries;
198
+ /**
199
+ * Search-verb forward contract (P5, design.md "search verb forwarding"):
200
+ * a `/user/**` search first tries the caller's semantic `/user/index`
201
+ * (when mounted with a real provider), scoping hits to the requested
202
+ * subtree and hydrating them with real content via `read()`. For blocklets
203
+ * whose manifest declares `index:`, the index is authoritative: failures are
204
+ * surfaced and DID Space native search is refused because it is an O(N)
205
+ * content scan. Legacy/no-index blocklets keep the old direct overlay search
206
+ * behavior. A successful empty index result is authoritative and returns an
207
+ * empty array. Index results and fallback results are never unioned. Any other
208
+ * overlay (`/user/index` addressed directly, `/tmp`, `/space`,
209
+ * `/instance/settings`, replication overlays) keeps its pre-existing
210
+ * single-overlay-search behavior unchanged.
211
+ */
212
+ search(path: string, query: string, options?: AFSSearchOptions): Promise<AFSSearchResult>;
213
+ exec(path: string, args: Record<string, unknown>, options: AFSExecOptions): Promise<AFSExecResult>;
214
+ /**
215
+ * Inject `context.afs = this` so downstream provider handlers that call
216
+ * back into AFS (`ctx.context.afs.read`/`.write`/`.exec`/...) hit this
217
+ * overlaid session view — not the bare runtime root the provider was
218
+ * mounted into. Without this, the `/user` overlay (and any other per-
219
+ * caller overlay) is invisible to handler-internal AFS calls, so writes
220
+ * silently land on the global `/user` fs mount instead of the caller's
221
+ * DID-Space-projected `/user`.
222
+ */
223
+ private withSelfContext;
224
+ subscribe(filter: AFSEventFilter, callback: AFSEventCallback): AFSUnsubscribe;
225
+ /**
226
+ * Subscribe one overlay's backing provider, re-prefixing bridged event paths
227
+ * back into the overlay namespace. No-op when the overlay is unbacked
228
+ * (anonymous `/user`) or its provider lacks `subscribe`.
229
+ */
230
+ private subscribeOverlay;
231
+ beginRender(renderId: string): Promise<void>;
232
+ endRender(renderId: string): void;
233
+ getMounts(namespace?: string | null): MountInfo[];
234
+ initializePhysicalPath(...args: Parameters<AFSRoot["initializePhysicalPath"]>): Promise<string>;
235
+ cleanupPhysicalPath(...args: Parameters<AFSRoot["cleanupPhysicalPath"]>): Promise<void>;
236
+ setEventSink(...args: Parameters<NonNullable<AFSModule["setEventSink"]>>): void;
237
+ setSecretCapability(...args: Parameters<NonNullable<AFSModule["setSecretCapability"]>>): void;
238
+ }
239
+ /**
240
+ * Assemble a caller's per-session view: a SettingsResolver (instance+user
241
+ * settings cascade, role-aware) wrapped by a SessionUserAFS (`/user` +
242
+ * optional `/space` + `/tmp` + `/instance/settings`). This is the construction the daemon's
243
+ * `buildSessionView` chokepoint delegates to — extracted so the role→resolver
244
+ * wiring is unit-testable in isolation (the daemon's only remaining job is to
245
+ * RESOLVE `role` from the verified session before calling this).
246
+ *
247
+ * The resolver always exists (even for anonymous / no role) so
248
+ * `/instance/settings` carries correct capability hints + enforcement for every
249
+ * caller — there is no bypass path.
250
+ */
251
+ declare function createSessionView(opts: {
252
+ base: AFSRoot;
253
+ userProvider: AFSModule | null;
254
+ tmpProvider: AFSModule | null;
255
+ /**
256
+ * Omitted → no `/space` overlay. null → `/space` reserved and NotFound
257
+ * (fail-closed). Provider → mounted caller DID Space root.
258
+ */
259
+ spaceProvider?: AFSModule | null; /** Caller role from the verified session; undefined → non-admin (fail-closed). */
260
+ role: string | undefined;
261
+ sessionId: string;
262
+ /**
263
+ * Derived package-schema handle for this blocklet (settings-layering
264
+ * Phase 1c), pre-bound to identity + base by the runtime. Optional — absent
265
+ * means no derived index (legacy resolution; existing call sites/tests
266
+ * unchanged).
267
+ */
268
+ settingsSchema?: SettingsSchemaHandle | null;
269
+ /**
270
+ * Caller's per-user semantic index provider mounted at `/user/index`.
271
+ * Omitted → no overlay (path falls through to `/user`); null → reserved.
272
+ */
273
+ indexProvider?: AFSModule | null;
274
+ /**
275
+ * Whether `/user` search must be served by `/user/index` because the
276
+ * blocklet manifest declares `index:`. Kept distinct from `indexProvider`
277
+ * because runtimes may reserve `/user/index` with null for no-index
278
+ * blocklets while direct path access still fails closed.
279
+ */
280
+ indexSearchRequired?: boolean;
281
+ /**
282
+ * Verified caller DID (from the session, never client-supplied). Forwarded
283
+ * to ReplicationResolver for authorship tagging and ownItem delete gate.
284
+ * null/undefined → anonymous (no copy-side writes).
285
+ */
286
+ callerDid?: string | null;
287
+ /**
288
+ * Replicated-collection declarations parsed from the blocklet manifest.
289
+ * When non-empty, a ReplicationResolver is built and mounted at the computed
290
+ * common ancestor prefix (e.g. "/instance"). null/omitted → no overlay.
291
+ */
292
+ replicated?: Record<string, _aigne_afs0.ReplicatedCollection> | null;
293
+ }): SessionUserAFS;
294
+ //#endregion
295
+ export { SESSION_OVERLAY_PREFIXES, SessionUserAFS, assertOverlayOrder, createSessionView, isSessionPrivatePath };
296
+ //# sourceMappingURL=session-user-afs.d.mts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"session-user-afs.d.mts","names":[],"sources":["../../src/session/session-user-afs.ts"],"mappings":";;;;;;;;;;;;;;;;;cAgLa,wBAAA;;;;;;iBAaG,oBAAA,CAAqB,IAAA;;;;;;;;iBAWrB,kBAAA,CAAmB,QAAA;AAAA,cAgDtB,cAAA,YAA0B,OAAA;EAAA,iBAclB,IAAA;EA2iCoD;;;;;;;EAAA,iBApgCpD,mBAAA;EAAA,SApDV,IAAA;EAAA,SACA,UAAA,EAAY,OAAA;EAAA,iBAEJ,QAAA;EAUE;;;;;EAAA,iBAHF,gBAAA;cAGE,IAAA,EAAM,OAAA;;EAEvB,YAAA,EAAc,SAAA,SAFG;;EAIjB,WAAA,EAAa,SAAA,SACb,SAAA;EAHA;;;;;EAQA,gBAAA,GAAkB,SAAA;EAAlB;;;;EAKA,aAAA,GAAgB,SAAA;EAgBM;;;;;;;EARtB,aAAA,GAAgB,SAAA;EA6EN;;;;;;;EArEV,mBAAA,GAAsB,KAAA;IAAQ,MAAA;IAAgB,EAAA;IAAY,QAAA,EAAU,SAAA;EAAA;EA2HV;;;;;;;EAnHzC,mBAAA;EAgLjB;EAAA,QA9HM,YAAA;EA+HN;EAAA,YApHU,cAAA,CAAA;EAqHC;EAAA,YAhHD,YAAA,CAAA;EAAA,QAIJ,aAAA;EA4HN;;;;;;;EAAA,QAjHM,eAAA;EAkIK;;;;;;;;;;;;;;EAAA,QAhHL,kBAAA;EAAA,QAOA,oBAAA;EAqOwB;EAAA,QAhOxB,QAAA;EAIF,IAAA,CAAK,IAAA,UAAc,OAAA,GAAU,cAAA,GAAiB,OAAA,CAAQ,aAAA;EA+BtD,IAAA,CAAK,IAAA,UAAc,OAAA,GAAU,cAAA,GAAiB,OAAA,CAAQ,aAAA;EAkQtD;;;;;;;;;;;;;;;;;;EArOA,WAAA,CACJ,IAAA,UACA,IAAA;IAAS,mBAAA;EAAA,IACR,OAAA;IAAU,GAAA;IAAa,SAAA;EAAA;EAepB,KAAA,CACJ,IAAA,UACA,OAAA,EAAS,oBAAA,EACT,OAAA,GAAU,eAAA,GACT,OAAA,CAAQ,cAAA;EAcL,MAAA,CAAO,IAAA,UAAc,OAAA,GAAU,gBAAA,GAAmB,OAAA,CAAQ,eAAA;EA4QE;EAAA,QAlP1D,eAAA;EAWF,UAAA,CACJ,OAAA,EAAS,kBAAA,IACT,OAAA,GAD2B,WAAA,CACI,mBAAA,GAC9B,OAAA,CAAQ,mBAAA;EAmFL,WAAA,CACJ,OAAA,EAAS,mBAAA,IACT,OAAA,GAD4B,WAAA,CACG,mBAAA,GAC9B,OAAA,CAAQ,oBAAA;EAmEL,SAAA,CACJ,OAAA,EAAS,iBAAA,IACT,OAAA,GAD0B,WAAA,CACK,mBAAA,GAC9B,OAAA,CAAQ,kBAAA;EAoBL,KAAA,CACJ,IAAA,UACA,IAAA,EAAM,sBAAA,EACN,OAAA,GAAU,eAAA,GACT,OAAA,CAAQ,wBAAA;EA+BL,IAAA,CAAK,IAAA,UAAc,OAAA,GAAU,cAAA,GAAiB,OAAA,CAAQ,aAAA;EAiBtD,OAAA,CAAQ,IAAA,UAAc,OAAA,GAAU,iBAAA,GAAoB,OAAA,CAAQ,gBAAA;EA0M5D;;;;;;EAAA,QAtLE,gBAAA;EAAA,QAIA,oBAAA;EAAA,QAKA,oBAAA;EAAA,QAKA,iBAAA;EAAA,QA4BA,yBAAA;EA2SG;;;;;;;;;;EAAA,QA9QH,iBAAA;EA0ZA;;;;;;;;;;EAAA,QAvYM,oBAAA;EAmbkB;;;;;;;;;;;;;;EAvV1B,MAAA,CAAO,IAAA,UAAc,KAAA,UAAe,OAAA,GAAU,gBAAA,GAAmB,OAAA,CAAQ,eAAA;EA4JzE,IAAA,CACJ,IAAA,UACA,IAAA,EAAM,MAAA,mBACN,OAAA,EAAS,cAAA,GACR,OAAA,CAAQ,aAAA;EAmM6B;;;;AAiB1C;;;;;EAjB0C,QApHhC,eAAA;EAeR,SAAA,CAAU,MAAA,EAAQ,cAAA,EAAgB,QAAA,EAAU,gBAAA,GAAmB,cAAA;EA8HtC;;;;;EAAA,QAjFjB,gBAAA;EAiBF,WAAA,CAAY,QAAA,WAAmB,OAAA;EAIrC,SAAA,CAAU,QAAA;EAIV,SAAA,CAAU,SAAA,mBAA4B,SAAA;EAmBtC,sBAAA,CAAA,GAA0B,IAAA,EAAM,UAAA,CAAW,OAAA,8BAAkC,OAAA;EAI7E,mBAAA,CAAA,GAAuB,IAAA,EAAM,UAAA,CAAW,OAAA,2BAA+B,OAAA;EAIvE,YAAA,CAAA,GAAgB,IAAA,EAAM,UAAA,CAAW,WAAA,CAAY,SAAA;EAI7C,mBAAA,CAAA,GAAuB,IAAA,EAAM,UAAA,CAAW,WAAA,CAAY,SAAA;AAAA;;;;;;;;;;;;;iBAiBtC,iBAAA,CAAkB,IAAA;EAChC,IAAA,EAAM,OAAA;EACN,YAAA,EAAc,SAAA;EACd,WAAA,EAAa,SAAA;;;;;EAKb,aAAA,GAAgB,SAAA;EAEhB,IAAA;EACA,SAAA;;;;;;;EAOA,cAAA,GAVyB,oBAAA;;;;;EAezB,aAAA,GAAgB,SAAA;;;;;;;EAOhB,mBAAA;;;;;;EAMA,SAAA;;;;;;EAMA,UAAA,GAAa,MAAA,SAnBY,WAAA,CAmBwB,oBAAA;AAAA,IAC/C,cAAA"}