@bounded-sh/core 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.mjs CHANGED
@@ -75,7 +75,7 @@ function getWebhookKeysUrl() {
75
75
  /**
76
76
  * True when init() configured a Bounded network (the Cloudflare-native stack).
77
77
  * Synchronous + non-blocking. Used to route reads/writes that behave differently
78
- * on Bounded vs the legacy Tarobase backend (e.g. `count`/`aggregate`, which on
78
+ * on Bounded vs the legacy backend (e.g. `count`/`aggregate`, which on
79
79
  * Bounded must use the deterministic server aggregation, not the legacy AI query).
80
80
  */
81
81
  function isBoundedNetwork() {
@@ -2930,7 +2930,7 @@ class WebSessionManager {
2930
2930
  // the RIGHT /session/refresh. Email overrides with humanAuthApiUrl; all
2931
2931
  // wallet/guest/signature flows default to authApiUrl (the bounded-auth issuer).
2932
2932
  const sessionIssuer = (issuer || config.authApiUrl || "").replace(/\/$/, "");
2933
- localStorage.setItem(this.TAROBASE_SESSION_STORAGE_KEY, JSON.stringify(Object.assign({ address,
2933
+ localStorage.setItem(this.BOUNDED_SESSION_STORAGE_KEY, JSON.stringify(Object.assign({ address,
2934
2934
  accessToken,
2935
2935
  idToken,
2936
2936
  refreshToken, appId: currentAppId }, (sessionIssuer ? { issuer: sessionIssuer } : {}))));
@@ -2941,7 +2941,7 @@ class WebSessionManager {
2941
2941
  static async getSession() {
2942
2942
  if (typeof window === "undefined")
2943
2943
  return null;
2944
- const session = localStorage.getItem(this.TAROBASE_SESSION_STORAGE_KEY);
2944
+ const session = localStorage.getItem(this.BOUNDED_SESSION_STORAGE_KEY);
2945
2945
  if (!session)
2946
2946
  return null;
2947
2947
  const sessionObj = JSON.parse(session);
@@ -2965,7 +2965,7 @@ class WebSessionManager {
2965
2965
  // Persist the ROTATED refresh token — the old one is now
2966
2966
  // single-use spent; reusing it would revoke the family.
2967
2967
  refreshed.refreshToken);
2968
- const newSession = localStorage.getItem(this.TAROBASE_SESSION_STORAGE_KEY);
2968
+ const newSession = localStorage.getItem(this.BOUNDED_SESSION_STORAGE_KEY);
2969
2969
  if (!newSession)
2970
2970
  return null;
2971
2971
  const newObj = JSON.parse(newSession);
@@ -2989,14 +2989,14 @@ class WebSessionManager {
2989
2989
  static clearSession() {
2990
2990
  if (typeof window === "undefined")
2991
2991
  return;
2992
- localStorage.removeItem(this.TAROBASE_SESSION_STORAGE_KEY);
2992
+ localStorage.removeItem(this.BOUNDED_SESSION_STORAGE_KEY);
2993
2993
  }
2994
2994
  /* ------------------------------------------------------------------ */
2995
2995
  /* IS-AUTH */
2996
2996
  /* ------------------------------------------------------------------ */
2997
2997
  static isAuthenticated() {
2998
2998
  // NOTE: this remains synchronous to stay backward compatible
2999
- return !!localStorage.getItem(this.TAROBASE_SESSION_STORAGE_KEY);
2999
+ return !!localStorage.getItem(this.BOUNDED_SESSION_STORAGE_KEY);
3000
3000
  }
3001
3001
  /* ------------------------------------------------------------------ */
3002
3002
  /* TOKEN HELPERS */
@@ -3004,13 +3004,13 @@ class WebSessionManager {
3004
3004
  static getIdToken() {
3005
3005
  if (typeof window === "undefined")
3006
3006
  return null;
3007
- const session = localStorage.getItem(this.TAROBASE_SESSION_STORAGE_KEY);
3007
+ const session = localStorage.getItem(this.BOUNDED_SESSION_STORAGE_KEY);
3008
3008
  return session ? JSON.parse(session).idToken : null;
3009
3009
  }
3010
3010
  static getRefreshToken() {
3011
3011
  if (typeof window === "undefined")
3012
3012
  return null;
3013
- const session = localStorage.getItem(this.TAROBASE_SESSION_STORAGE_KEY);
3013
+ const session = localStorage.getItem(this.BOUNDED_SESSION_STORAGE_KEY);
3014
3014
  return session ? JSON.parse(session).refreshToken : null;
3015
3015
  }
3016
3016
  /** The issuer base that minted this session (for routing silent refresh). */
@@ -3018,7 +3018,7 @@ class WebSessionManager {
3018
3018
  var _a;
3019
3019
  if (typeof window === "undefined")
3020
3020
  return null;
3021
- const session = localStorage.getItem(this.TAROBASE_SESSION_STORAGE_KEY);
3021
+ const session = localStorage.getItem(this.BOUNDED_SESSION_STORAGE_KEY);
3022
3022
  return session ? ((_a = JSON.parse(session).issuer) !== null && _a !== void 0 ? _a : null) : null;
3023
3023
  }
3024
3024
  /* ------------------------------------------------------------------ */
@@ -3028,7 +3028,7 @@ class WebSessionManager {
3028
3028
  var _a;
3029
3029
  if (typeof window === "undefined")
3030
3030
  return;
3031
- const session = localStorage.getItem(this.TAROBASE_SESSION_STORAGE_KEY);
3031
+ const session = localStorage.getItem(this.BOUNDED_SESSION_STORAGE_KEY);
3032
3032
  if (!session)
3033
3033
  return;
3034
3034
  const sessionObj = JSON.parse(session);
@@ -3045,10 +3045,10 @@ class WebSessionManager {
3045
3045
  sessionObj.refreshToken = refreshToken;
3046
3046
  }
3047
3047
  (_a = sessionObj.appId) !== null && _a !== void 0 ? _a : (sessionObj.appId = config.appId);
3048
- localStorage.setItem(this.TAROBASE_SESSION_STORAGE_KEY, JSON.stringify(sessionObj));
3048
+ localStorage.setItem(this.BOUNDED_SESSION_STORAGE_KEY, JSON.stringify(sessionObj));
3049
3049
  }
3050
3050
  }
3051
- WebSessionManager.TAROBASE_SESSION_STORAGE_KEY = "tarobase_session_storage";
3051
+ WebSessionManager.BOUNDED_SESSION_STORAGE_KEY = "bounded_session_storage";
3052
3052
 
3053
3053
  let _config = null;
3054
3054
  class ReactNativeSessionManager {
@@ -3141,7 +3141,7 @@ class ReactNativeSessionManager {
3141
3141
  // Issuer base for silent refresh (email overrides w/ humanAuthApiUrl; wallet/
3142
3142
  // guest default to authApiUrl). See WebSessionManager for the rationale.
3143
3143
  const sessionIssuer = (issuer || config.authApiUrl || "").replace(/\/$/, "");
3144
- this.getStorage().setItem(this.TAROBASE_SESSION_STORAGE_KEY, JSON.stringify(Object.assign({ address,
3144
+ this.getStorage().setItem(this.BOUNDED_SESSION_STORAGE_KEY, JSON.stringify(Object.assign({ address,
3145
3145
  accessToken,
3146
3146
  idToken,
3147
3147
  refreshToken, appId: currentAppId }, (sessionIssuer ? { issuer: sessionIssuer } : {}))));
@@ -3150,7 +3150,7 @@ class ReactNativeSessionManager {
3150
3150
  /* GET */
3151
3151
  /* ------------------------------------------------------------------ */
3152
3152
  static async getSession() {
3153
- const session = this.getStorage().getItem(this.TAROBASE_SESSION_STORAGE_KEY);
3153
+ const session = this.getStorage().getItem(this.BOUNDED_SESSION_STORAGE_KEY);
3154
3154
  if (!session)
3155
3155
  return null;
3156
3156
  const sessionObj = JSON.parse(session);
@@ -3171,7 +3171,7 @@ class ReactNativeSessionManager {
3171
3171
  const refreshed = await refreshSession(refreshToken, sessionObj.issuer);
3172
3172
  if ((refreshed === null || refreshed === void 0 ? void 0 : refreshed.idToken) && (refreshed === null || refreshed === void 0 ? void 0 : refreshed.accessToken)) {
3173
3173
  await this.updateIdTokenAndAccessToken(refreshed.idToken, refreshed.accessToken, refreshed.refreshToken);
3174
- const newSession = this.getStorage().getItem(this.TAROBASE_SESSION_STORAGE_KEY);
3174
+ const newSession = this.getStorage().getItem(this.BOUNDED_SESSION_STORAGE_KEY);
3175
3175
  if (!newSession)
3176
3176
  return null;
3177
3177
  const newObj = JSON.parse(newSession);
@@ -3193,20 +3193,20 @@ class ReactNativeSessionManager {
3193
3193
  /* CLEAR */
3194
3194
  /* ------------------------------------------------------------------ */
3195
3195
  static clearSession() {
3196
- this.getStorage().removeItem(this.TAROBASE_SESSION_STORAGE_KEY);
3196
+ this.getStorage().removeItem(this.BOUNDED_SESSION_STORAGE_KEY);
3197
3197
  }
3198
3198
  /* ------------------------------------------------------------------ */
3199
3199
  /* IS-AUTH */
3200
3200
  /* ------------------------------------------------------------------ */
3201
3201
  static isAuthenticated() {
3202
- return !!this.getStorage().getItem(this.TAROBASE_SESSION_STORAGE_KEY);
3202
+ return !!this.getStorage().getItem(this.BOUNDED_SESSION_STORAGE_KEY);
3203
3203
  }
3204
3204
  /* ------------------------------------------------------------------ */
3205
3205
  /* TOKEN HELPERS */
3206
3206
  /* ------------------------------------------------------------------ */
3207
3207
  static getIdToken() {
3208
3208
  try {
3209
- const session = this.getStorage().getItem(this.TAROBASE_SESSION_STORAGE_KEY);
3209
+ const session = this.getStorage().getItem(this.BOUNDED_SESSION_STORAGE_KEY);
3210
3210
  return session ? JSON.parse(session).idToken : null;
3211
3211
  }
3212
3212
  catch (_a) {
@@ -3217,7 +3217,7 @@ class ReactNativeSessionManager {
3217
3217
  static getIssuer() {
3218
3218
  var _a;
3219
3219
  try {
3220
- const session = this.getStorage().getItem(this.TAROBASE_SESSION_STORAGE_KEY);
3220
+ const session = this.getStorage().getItem(this.BOUNDED_SESSION_STORAGE_KEY);
3221
3221
  return session ? ((_a = JSON.parse(session).issuer) !== null && _a !== void 0 ? _a : null) : null;
3222
3222
  }
3223
3223
  catch (_b) {
@@ -3226,7 +3226,7 @@ class ReactNativeSessionManager {
3226
3226
  }
3227
3227
  static getRefreshToken() {
3228
3228
  try {
3229
- const session = this.getStorage().getItem(this.TAROBASE_SESSION_STORAGE_KEY);
3229
+ const session = this.getStorage().getItem(this.BOUNDED_SESSION_STORAGE_KEY);
3230
3230
  return session ? JSON.parse(session).refreshToken : null;
3231
3231
  }
3232
3232
  catch (_a) {
@@ -3238,7 +3238,7 @@ class ReactNativeSessionManager {
3238
3238
  /* ------------------------------------------------------------------ */
3239
3239
  static async updateIdTokenAndAccessToken(idToken, accessToken, refreshToken) {
3240
3240
  var _a;
3241
- const session = this.getStorage().getItem(this.TAROBASE_SESSION_STORAGE_KEY);
3241
+ const session = this.getStorage().getItem(this.BOUNDED_SESSION_STORAGE_KEY);
3242
3242
  if (!session)
3243
3243
  return;
3244
3244
  const sessionObj = JSON.parse(session);
@@ -3254,10 +3254,10 @@ class ReactNativeSessionManager {
3254
3254
  sessionObj.refreshToken = refreshToken;
3255
3255
  }
3256
3256
  (_a = sessionObj.appId) !== null && _a !== void 0 ? _a : (sessionObj.appId = config.appId);
3257
- this.getStorage().setItem(this.TAROBASE_SESSION_STORAGE_KEY, JSON.stringify(sessionObj));
3257
+ this.getStorage().setItem(this.BOUNDED_SESSION_STORAGE_KEY, JSON.stringify(sessionObj));
3258
3258
  }
3259
3259
  }
3260
- ReactNativeSessionManager.TAROBASE_SESSION_STORAGE_KEY = "tarobase_session_storage";
3260
+ ReactNativeSessionManager.BOUNDED_SESSION_STORAGE_KEY = "bounded_session_storage";
3261
3261
 
3262
3262
  /**
3263
3263
  * Return the active CLIENT session manager for the current runtime.
@@ -3778,9 +3778,9 @@ async function buildSetDocumentsTransaction(connection, idl, anchorProvider, pay
3778
3778
  /* ENV helpers */
3779
3779
  /* ------------------------------------------------------------------ */
3780
3780
  // Canonical `BOUNDED_PRIVATE_KEY` (matches the CLI); legacy
3781
- // `TAROBASE_SOLANA_KEYPAIR` still honored. Only consulted when no explicit
3781
+ // `BOUNDED_SOLANA_KEYPAIR` still honored. Only consulted when no explicit
3782
3782
  // keypair was provided (createWalletClient passes one).
3783
- const ENV_KEYPAIRS = ["BOUNDED_PRIVATE_KEY", "TAROBASE_SOLANA_KEYPAIR"];
3783
+ const ENV_KEYPAIRS = ["BOUNDED_PRIVATE_KEY", "BOUNDED_SOLANA_KEYPAIR"];
3784
3784
  function loadKeypairFromEnv() {
3785
3785
  let secret;
3786
3786
  let found;
@@ -3903,7 +3903,7 @@ var serverSessionManager = /*#__PURE__*/Object.freeze({
3903
3903
  });
3904
3904
 
3905
3905
  /**
3906
- * Safe base64 helpers for tarobase-core.
3906
+ * Safe base64 helpers for bounded-core.
3907
3907
  *
3908
3908
  * Uses the global atob/btoa when available (browser, RN with polyfill),
3909
3909
  * falls back to the 'buffer' package (Node.js / SSR / RN without polyfill).
@@ -4083,7 +4083,7 @@ axiosRetry(apiClient, {
4083
4083
  shouldResetTimeout: true,
4084
4084
  onRetry: (retryCount, error, requestConfig) => {
4085
4085
  var _a;
4086
- console.warn(`[tarobase-sdk] retry ${retryCount} for ${(_a = requestConfig.method) === null || _a === void 0 ? void 0 : _a.toUpperCase()} ${requestConfig.url} — ${error.code || error.message}`);
4086
+ console.warn(`[bounded-sdk] retry ${retryCount} for ${(_a = requestConfig.method) === null || _a === void 0 ? void 0 : _a.toUpperCase()} ${requestConfig.url} — ${error.code || error.message}`);
4087
4087
  },
4088
4088
  });
4089
4089
  const refreshInFlight = new Map();
@@ -4142,8 +4142,8 @@ async function makeApiRequest(method, urlPath, data, _overrides) {
4142
4142
  : await createAuthHeader(config.isServer);
4143
4143
  const headers = Object.assign({ "Content-Type": "application/json", "X-Public-App-Id": config.appId, "X-App-Id": config.appId }, authHeader);
4144
4144
  if (typeof window !== "undefined" &&
4145
- window.CUSTOM_TAROBASE_APP_ID_HEADER) {
4146
- const customAppId = window.CUSTOM_TAROBASE_APP_ID_HEADER;
4145
+ window.CUSTOM_BOUNDED_APP_ID_HEADER) {
4146
+ const customAppId = window.CUSTOM_BOUNDED_APP_ID_HEADER;
4147
4147
  if (customAppId) {
4148
4148
  headers["X-App-Id"] = customAppId;
4149
4149
  }
@@ -4402,7 +4402,7 @@ function parseAggregateValue(result) {
4402
4402
  * Count items in a collection path. Returns a numeric result.
4403
4403
  *
4404
4404
  * This uses the AI query engine with a count-specific prompt prefix,
4405
- * so TaroBase will generate a $count aggregation pipeline and return
4405
+ * so Bounded will generate a $count aggregation pipeline and return
4406
4406
  * just the count rather than full documents.
4407
4407
  *
4408
4408
  * IMPORTANT: This only works for collections where the read policy is "true".
@@ -4927,10 +4927,10 @@ async function setMany(many, options) {
4927
4927
  let documents = [];
4928
4928
  const pathsToInvalidate = new Set();
4929
4929
  for (const { path, document: documentWithReservedFields } of many) {
4930
- // for setting, we should remove any pieces of the document that start with 'tarobase_' as they are internal and shouldn't be updated. The API would block it if it is one of the reserved ones
4930
+ // for setting, we should remove any pieces of the document that start with '_' as they are internal and shouldn't be updated. The API would block it if it is one of the reserved ones
4931
4931
  let document = documentWithReservedFields;
4932
4932
  if (documentWithReservedFields) {
4933
- document = Object.fromEntries(Object.entries(documentWithReservedFields).filter(([key]) => !key.startsWith('tarobase_')));
4933
+ document = Object.fromEntries(Object.entries(documentWithReservedFields).filter(([key]) => !key.startsWith('_')));
4934
4934
  }
4935
4935
  const normalizedPath = path.startsWith("/") ? path.slice(1) : path;
4936
4936
  pathsToInvalidate.add(normalizedPath);
@@ -5054,7 +5054,7 @@ async function setMany(many, options) {
5054
5054
  var _a, _b, _c, _d, _e;
5055
5055
  // NOTE (backwards-compat revert): a program-allowlist on server-supplied
5056
5056
  // `preInstructions` was tried here for the audit-8 SOL-drain concern, but it
5057
- // broke legitimate onchain DeFi flows — tarobase routes Phoenix, Jupiter/swap,
5057
+ // broke legitimate onchain DeFi flows — bounded routes Phoenix, Jupiter/swap,
5058
5058
  // SPL-Token and ATA-creation instructions through standard-path preInstructions
5059
5059
  // (see sol-helper remaining-accounts-extractor). A correct audit-8 fix must be
5060
5060
  // DeFi-aware (e.g. block ONLY a raw System Transfer/TransferWithSeed, never a
@@ -5138,10 +5138,10 @@ async function setMany(many, options) {
5138
5138
  const transaction = VersionedTransaction.deserialize(txBytes);
5139
5139
  // Validate the transaction before signing: ensure only allowed programs
5140
5140
  // and no unauthorized System program instructions (e.g., SOL transfers)
5141
- const TAROBASE_PROGRAM = 'poof4b5pk1L9tmThvBmaABjcyjfhFGbMbQP5BXk2QZp';
5141
+ const BOUNDED_PROGRAM = 'poof4b5pk1L9tmThvBmaABjcyjfhFGbMbQP5BXk2QZp';
5142
5142
  const COMPUTE_BUDGET = 'ComputeBudget111111111111111111111111111111';
5143
5143
  const SYSTEM_PROGRAM = '11111111111111111111111111111111';
5144
- const ALLOWED_PROGRAMS = new Set([TAROBASE_PROGRAM, COMPUTE_BUDGET, SYSTEM_PROGRAM]);
5144
+ const ALLOWED_PROGRAMS = new Set([BOUNDED_PROGRAM, COMPUTE_BUDGET, SYSTEM_PROGRAM]);
5145
5145
  // System program instruction discriminators (first 4 bytes, little-endian u32)
5146
5146
  const SYSTEM_TRANSFER = 2; // Transfer instruction index
5147
5147
  const SYSTEM_TRANSFER_WITH_SEED = 11;
@@ -5735,8 +5735,8 @@ async function getOrCreateConnection(appId, isServer, routePath, authTokenProvid
5735
5735
  if (appId && appId !== config.appId) {
5736
5736
  wsUrl.searchParams.append('appId', appId);
5737
5737
  }
5738
- else if (typeof window !== 'undefined' && window.CUSTOM_TAROBASE_APP_ID_HEADER) {
5739
- wsUrl.searchParams.append('appId', window.CUSTOM_TAROBASE_APP_ID_HEADER);
5738
+ else if (typeof window !== 'undefined' && window.CUSTOM_BOUNDED_APP_ID_HEADER) {
5739
+ wsUrl.searchParams.append('appId', window.CUSTOM_BOUNDED_APP_ID_HEADER);
5740
5740
  }
5741
5741
  else {
5742
5742
  wsUrl.searchParams.append('appId', config.appId);
@@ -6596,7 +6596,7 @@ function serverTimestamp() {
6596
6596
  // ---------------------------------------------------------------------------
6597
6597
  // IDB helpers (lazy-loaded, non-blocking)
6598
6598
  // ---------------------------------------------------------------------------
6599
- const IDB_NAME = 'tarobase-realtime';
6599
+ const IDB_NAME = 'bounded-realtime';
6600
6600
  const IDB_STORE = 'subscriptions';
6601
6601
  const IDB_VERSION = 1;
6602
6602
  let idbPromise = null;
@@ -7034,10 +7034,10 @@ class RealtimeStore {
7034
7034
  const normalizedPath = path.startsWith('/') ? path.slice(1) : path;
7035
7035
  const collectionPath = this.getCollectionPath(normalizedPath);
7036
7036
  const optimisticDoc = Object.assign(Object.assign({ _id: normalizedPath, pathId: normalizedPath }, resolvedDoc), {
7037
- // System timestamp field name differs by stack: the Bounded worker stamps
7038
- // the neutral `_updatedAt`; legacy Tarobase stamps `tarobase_updated_at`.
7037
+ // System timestamp field name: the Bounded worker stamps the neutral
7038
+ // `_updatedAt`; the underscore-prefixed `_updated_at` metadata mirror.
7039
7039
  // Match it so the optimistic doc lines up with the server's confirmation.
7040
- [isBoundedNetwork() ? '_updatedAt' : 'tarobase_updated_at']: Date.now() });
7040
+ [isBoundedNetwork() ? '_updatedAt' : '_updated_at']: Date.now() });
7041
7041
  const sub = this.findSubscriptionByPath(collectionPath);
7042
7042
  let prevDoc = null;
7043
7043
  if (sub) {