@byline/admin 2.4.0 → 2.4.2

package/src/modules/auth/phc.ts

@@ -0,0 +1,121 @@
+/**
+ * This Source Code is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * Copyright (c) Infonomic Company Limited
+ */
+
+/**
+ * PHC (Password Hashing Competition) string format encode / decode for argon2id.
+ *
+ * Format:
+ *   $argon2id$v=<ver>$m=<mem>,t=<iter>,p=<para>$<saltB64>$<hashB64>
+ *
+ * Where `saltB64` and `hashB64` use the PHC "B64" alphabet — standard base64
+ * without trailing `=` padding. Matches the wire format produced by
+ * `@node-rs/argon2` and `argon2-cffi`, so existing password column rows keep
+ * verifying after the cutover.
+ *
+ * Implemented against the Web-standard `btoa` / `atob` (available in Node ≥ 16,
+ * browsers, Workers, Deno, Bun) so this module has no Node-specific surface.
+ */
+
+export type Argon2idPhc = {
+  /** Always `'argon2id'` for this codebase. */
+  algorithm: 'argon2id'
+  /** Argon2 version number — `0x13` (decimal 19) since RFC 9106. */
+  version: number
+  /** Memory cost in KiB. */
+  memoryCost: number
+  /** Iterations. */
+  timeCost: number
+  /** Parallelism (lanes). */
+  parallelism: number
+  /** Raw salt bytes. */
+  salt: Uint8Array
+  /** Raw derived-key bytes. */
+  hash: Uint8Array
+}
+
+function bytesToB64NoPad(bytes: Uint8Array): string {
+  let bin = ''
+  for (let i = 0; i < bytes.length; i++) bin += String.fromCharCode(bytes[i] as number)
+  return btoa(bin).replace(/=+$/, '')
+}
+
+function b64NoPadToBytes(b64: string): Uint8Array {
+  const padded = b64 + '='.repeat((4 - (b64.length % 4)) % 4)
+  const bin = atob(padded)
+  const out = new Uint8Array(bin.length)
+  for (let i = 0; i < bin.length; i++) out[i] = bin.charCodeAt(i)
+  return out
+}
+
+export function encodeArgon2idPhc(phc: Argon2idPhc): string {
+  return (
+    `$${phc.algorithm}` +
+    `$v=${phc.version}` +
+    `$m=${phc.memoryCost},t=${phc.timeCost},p=${phc.parallelism}` +
+    `$${bytesToB64NoPad(phc.salt)}` +
+    `$${bytesToB64NoPad(phc.hash)}`
+  )
+}
+
+export function decodeArgon2idPhc(s: string): Argon2idPhc {
+  // Leading `$` produces an empty first segment, so a valid argon2id PHC string
+  // splits into exactly 6 parts: ['', algo, 'v=…', 'm=…,t=…,p=…', salt, hash].
+  const parts = s.split('$') as (string | undefined)[]
+  if (parts.length !== 6 || parts[0] !== '') {
+    throw new Error('decodeArgon2idPhc: malformed PHC string')
+  }
+  const algorithm = parts[1] ?? ''
+  const versionField = parts[2] ?? ''
+  const paramsField = parts[3] ?? ''
+  const saltB64 = parts[4] ?? ''
+  const hashB64 = parts[5] ?? ''
+  if (algorithm !== 'argon2id') {
+    throw new Error(`decodeArgon2idPhc: unsupported algorithm "${algorithm}"`)
+  }
+  if (!versionField.startsWith('v=')) {
+    throw new Error('decodeArgon2idPhc: missing version field')
+  }
+  const version = Number.parseInt(versionField.slice(2), 10)
+  if (!Number.isInteger(version)) {
+    throw new Error(`decodeArgon2idPhc: invalid version "${versionField}"`)
+  }
+
+  const params: Partial<Record<'m' | 't' | 'p', number>> = {}
+  for (const kv of paramsField.split(',')) {
+    const eq = kv.indexOf('=')
+    if (eq <= 0) throw new Error(`decodeArgon2idPhc: malformed param "${kv}"`)
+    const k = kv.slice(0, eq)
+    const v = Number.parseInt(kv.slice(eq + 1), 10)
+    if (!Number.isInteger(v)) throw new Error(`decodeArgon2idPhc: malformed param value "${kv}"`)
+    if (k === 'm' || k === 't' || k === 'p') params[k] = v
+  }
+  if (params.m === undefined || params.t === undefined || params.p === undefined) {
+    throw new Error('decodeArgon2idPhc: missing required m/t/p params')
+  }
+
+  return {
+    algorithm: 'argon2id',
+    version,
+    memoryCost: params.m,
+    timeCost: params.t,
+    parallelism: params.p,
+    salt: b64NoPadToBytes(saltB64),
+    hash: b64NoPadToBytes(hashB64),
+  }
+}
+
+/**
+ * Constant-time byte comparison. Returns `true` only if both arrays have the
+ * same length and every byte matches. Intended for hash verification.
+ */
+export function timingSafeEqual(a: Uint8Array, b: Uint8Array): boolean {
+  if (a.length !== b.length) return false
+  let diff = 0
+  for (let i = 0; i < a.length; i++) diff |= (a[i] as number) ^ (b[i] as number)
+  return diff === 0
+}

package/src/modules/auth/refresh-tokens-repository.ts

@@ -0,0 +1,74 @@
+/**
+ * This Source Code is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * Copyright (c) Infonomic Company Limited
+ */
+
+/**
+ * `RefreshTokensRepository` — the persistence contract for the
+ * `byline_admin_refresh_tokens` table.
+ *
+ * Lives under `modules/auth` rather than at the package root because this
+ * table exists to serve the built-in JWT session provider — a third-party
+ * session provider (Lucia, WorkOS, Clerk) would not use it. `token_hash`
+ * stores the SHA-256 of the plaintext refresh token; the plaintext leaves
+ * the server exactly once, when it is issued to the caller.
+ */
+
+export interface RefreshTokenRow {
+  id: string
+  admin_user_id: string
+  token_hash: string
+  issued_at: Date
+  expires_at: Date
+  revoked_at: Date | null
+  rotated_to_id: string | null
+  last_used_at: Date | null
+  user_agent: string | null
+  ip: string | null
+}
+
+export interface IssueRefreshTokenInput {
+  id: string
+  admin_user_id: string
+  token_hash: string
+  expires_at: Date
+  user_agent?: string | null
+  ip?: string | null
+}
+
+export interface RefreshTokensRepository {
+  /** Insert a new refresh-token row. `id` is supplied by the caller (UUIDv7). */
+  issue(input: IssueRefreshTokenInput): Promise<RefreshTokenRow>
+  findByHash(tokenHash: string): Promise<RefreshTokenRow | null>
+  findById(id: string): Promise<RefreshTokenRow | null>
+  /** Stamp `last_used_at` for observability. */
+  touch(id: string, at?: Date): Promise<void>
+  /**
+   * Atomically revoke `oldId` and set its `rotated_to_id` to `newId`.
+   * Caller is responsible for inserting the new row (via `issue`) before
+   * calling this — ordering is a contract.
+   */
+  markRotated(oldId: string, newId: string, at?: Date): Promise<void>
+  /** Revoke a single token. Idempotent. */
+  revoke(id: string, at?: Date): Promise<void>
+  /**
+   * Walk the rotation chain starting at `startId` and revoke every token
+   * in it. Called when a rotated token is replayed — indicates the chain
+   * has been compromised and every descendant is suspect. Returns the
+   * number of rows touched.
+   */
+  revokeChain(startId: string, at?: Date): Promise<number>
+  /** Revoke every non-revoked token for a user. Used on password change / sign-out everywhere. */
+  revokeAllForUser(adminUserId: string, at?: Date): Promise<number>
+  /** Remove rows whose `expires_at` is in the past. Housekeeping. */
+  purgeExpired(now?: Date): Promise<number>
+  /** All non-revoked tokens for a user. Primarily for tests. */
+  listActiveForUser(adminUserId: string): Promise<RefreshTokenRow[]>
+  /** All tokens (including revoked) for a user. Primarily for tests and debugging. */
+  listAllForUser(adminUserId: string): Promise<RefreshTokenRow[]>
+  /** All tokens descended from `startId` via the rotation chain. Utility for tests. */
+  listRotationChain(startId: string): Promise<RefreshTokenRow[]>
+}

package/src/modules/auth/resolve-actor.ts

@@ -0,0 +1,42 @@
+/**
+ * This Source Code is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * Copyright (c) Infonomic Company Limited
+ */
+
+import { AdminAuth } from '@byline/auth'
+
+import type { AdminStore } from '../../store.js'
+
+/**
+ * Build an `AdminAuth` from a user id by reading the admin-users row and
+ * collecting the distinct abilities granted through every role the user
+ * holds.
+ *
+ * Returns `null` when the user does not exist or is not enabled — callers
+ * interpret a null result as "no actor, sign-in refused". The enablement
+ * check lives here (rather than in the session provider) so that any code
+ * path resolving an actor from a stored user id — sign-in, token refresh,
+ * seeded super-admin context — applies the same gate.
+ *
+ * Consumes the admin-users and admin-permissions repositories through the
+ * `AdminStore` bundle; adapter-agnostic.
+ */
+export async function resolveActor(
+  store: AdminStore,
+  adminUserId: string
+): Promise<AdminAuth | null> {
+  const user = await store.adminUsers.getById(adminUserId)
+  if (!user) return null
+  if (!user.is_enabled) return null
+
+  const abilities = await store.adminPermissions.listAbilitiesForUser(adminUserId)
+
+  return new AdminAuth({
+    id: user.id,
+    abilities,
+    isSuperAdmin: user.is_super_admin,
+  })
+}

package/src/services/admin-services-context.tsx

@@ -0,0 +1,52 @@
+/**
+ * This Source Code is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * Copyright (c) Infonomic Company Limited
+ */
+
+import { createContext, type ReactNode, useContext } from 'react'
+
+import type { BylineAdminServices } from './admin-services-types.js'
+
+export type {
+  AdminServiceCall,
+  BylineAdminServices,
+  ChangeAccountPasswordInput,
+  CreateAdminRoleInput,
+  CreateAdminUserInput,
+  SetAdminUserPasswordInput,
+  SetRoleAbilitiesInput,
+  SetUserRolesInput,
+  SignInInput,
+  SignInResult,
+  UpdateAccountInput,
+  UpdateAdminRoleInput,
+  UpdateAdminUserInput,
+  WhoHasAbilityInput,
+} from './admin-services-types.js'
+
+const AdminServicesContext = createContext<BylineAdminServices | null>(null)
+
+interface BylineAdminServicesProviderProps {
+  services: BylineAdminServices
+  children: ReactNode
+}
+
+export const BylineAdminServicesProvider = ({
+  services,
+  children,
+}: BylineAdminServicesProviderProps) => (
+  <AdminServicesContext.Provider value={services}>{children}</AdminServicesContext.Provider>
+)
+
+export const useBylineAdminServices = (): BylineAdminServices => {
+  const ctx = useContext(AdminServicesContext)
+  if (!ctx) {
+    throw new Error(
+      '@byline/admin: BylineAdminServicesProvider missing. Wrap your admin tree with <BylineAdminServicesProvider services={…} />.'
+    )
+  }
+  return ctx
+}

package/src/services/admin-services-types.ts

@@ -0,0 +1,177 @@
+/**
+ * This Source Code is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * Copyright (c) Infonomic Company Limited
+ */
+
+/**
+ * Framework-neutral function contracts that admin UI components in
+ * `@byline/ui` need from the host application. The host wires concrete
+ * implementations via `BylineAdminServicesProvider` — typically thin
+ * adapters around TanStack Start server functions, Next.js server
+ * actions, or any other RPC-style transport.
+ *
+ * The call shape `(args: { data: TInput }) => Promise<TOutput>` mirrors
+ * TanStack Start's `createServerFn().handler()` calling convention so a
+ * webapp host can pass its server fns through as-is. Other transports
+ * just need a tiny adapter.
+ *
+ * Scope: Phase 2.1 covers the framework-neutral admin UI components
+ * only — the 15 forms, modals, and inner widgets that don't touch
+ * TanStack Router. Page containers (list/edit/delete pages) keep using
+ * server fns directly today and move into `@byline/host-tanstack-start`
+ * in Phase 3 along with the route factories.
+ */
+
+import type {
+  AccountResponse,
+  ChangeAccountPasswordRequest,
+  UpdateAccountRequest,
+} from '../modules/admin-account/index.js'
+import type {
+  SetRoleAbilitiesResponse,
+  WhoHasAbilityResponse,
+} from '../modules/admin-permissions/index.js'
+import type { AdminRoleResponse, UserRolesResponse } from '../modules/admin-roles/index.js'
+import type { AdminUserResponse } from '../modules/admin-users/index.js'
+
+/**
+ * The TanStack Start `createServerFn(...).handler(...)` calling shape:
+ * `fn({ data: input }) → Promise<output>`. Hosts using a different
+ * transport supply small adapters that match this shape.
+ */
+export type AdminServiceCall<TInput, TOutput> = (args: { data: TInput }) => Promise<TOutput>
+
+// --- Auth -----------------------------------------------------------------
+
+export interface SignInInput {
+  email: string
+  password: string
+}
+
+/**
+ * The admin UI's sign-in form does not consume the `SignInResult`
+ * payload directly — on success it navigates via `window.location`. The
+ * shape is left as `unknown` here so each host's session provider can
+ * supply whatever envelope it produces without forcing a public type.
+ */
+export type SignInResult = unknown
+
+// --- Account self-service -------------------------------------------------
+
+/** Same shape as `UpdateAccountRequest` from `@byline/admin/admin-account`. */
+export type UpdateAccountInput = UpdateAccountRequest
+
+/** Same shape as `ChangeAccountPasswordRequest` from `@byline/admin/admin-account`. */
+export type ChangeAccountPasswordInput = ChangeAccountPasswordRequest
+
+// --- Admin users ----------------------------------------------------------
+
+export interface CreateAdminUserInput {
+  email: string
+  password: string
+  given_name?: string | null
+  family_name?: string | null
+  username?: string | null
+  is_super_admin: boolean
+  is_enabled: boolean
+  is_email_verified: boolean
+}
+
+export interface UpdateAdminUserInput {
+  id: string
+  vid: number
+  patch: {
+    email?: string
+    given_name?: string | null
+    family_name?: string | null
+    username?: string | null
+    is_super_admin?: boolean
+    is_enabled?: boolean
+    is_email_verified?: boolean
+  }
+}
+
+export interface SetAdminUserPasswordInput {
+  id: string
+  vid: number
+  password: string
+}
+
+export interface SetUserRolesInput {
+  userId: string
+  roleIds: string[]
+}
+
+// --- Admin roles ----------------------------------------------------------
+
+export interface CreateAdminRoleInput {
+  name: string
+  machine_name: string
+  description: string | null
+}
+
+export interface UpdateAdminRoleInput {
+  id: string
+  vid: number
+  patch: {
+    name?: string
+    description?: string | null
+  }
+}
+
+// --- Permissions ----------------------------------------------------------
+
+export interface SetRoleAbilitiesInput {
+  id: string
+  abilities: string[]
+}
+
+export interface WhoHasAbilityInput {
+  ability: string
+}
+
+// --- Service contract -----------------------------------------------------
+
+export interface BylineAdminServices {
+  // Auth
+  adminSignIn: AdminServiceCall<SignInInput, SignInResult>
+
+  // Account self-service
+  updateAccount: AdminServiceCall<UpdateAccountInput, AccountResponse>
+  changeAccountPassword: AdminServiceCall<ChangeAccountPasswordInput, AccountResponse>
+
+  // Admin user writes (page-container reads stay in the host for now)
+  createAdminUser: AdminServiceCall<CreateAdminUserInput, AdminUserResponse>
+  updateAdminUser: AdminServiceCall<UpdateAdminUserInput, AdminUserResponse>
+  setAdminUserPassword: AdminServiceCall<SetAdminUserPasswordInput, AdminUserResponse>
+  setUserRoles: AdminServiceCall<SetUserRolesInput, UserRolesResponse>
+
+  // Admin role writes
+  createAdminRole: AdminServiceCall<CreateAdminRoleInput, AdminRoleResponse>
+  updateAdminRole: AdminServiceCall<UpdateAdminRoleInput, AdminRoleResponse>
+
+  // Permissions
+  setRoleAbilities: AdminServiceCall<SetRoleAbilitiesInput, SetRoleAbilitiesResponse>
+  whoHasAbility: AdminServiceCall<WhoHasAbilityInput, WhoHasAbilityResponse>
+
+  /**
+   * Diff helper. Loads a specific historical version of a document so
+   * the diff modal can compare it against the current version. Returns
+   * the same shape as the regular document loader — the diff modal
+   * consumes only `doc.fields` (or strips known meta keys when an
+   * older flat-shape doc is encountered).
+   *
+   * Positional-args shape rather than `{ data }` because this helper
+   * predates the contract and is consumed only by `DiffModal`. Hosts
+   * adapt their server fn into this call signature.
+   */
+  getCollectionDocumentVersion: (
+    collection: string,
+    documentId: string,
+    versionId: string,
+    locale: string | undefined
+  ) => Promise<Record<string, unknown>>
+}

package/src/store.ts

@@ -0,0 +1,32 @@
+/**
+ * This Source Code is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * Copyright (c) Infonomic Company Limited
+ */
+
+import type { AdminPermissionsRepository } from './modules/admin-permissions/repository.js'
+import type { AdminRolesRepository } from './modules/admin-roles/repository.js'
+import type { AdminUsersRepository } from './modules/admin-users/repository.js'
+import type { RefreshTokensRepository } from './modules/auth/refresh-tokens-repository.js'
+
+/**
+ * The bundle of repositories that `@byline/admin` needs from the DB
+ * adapter. A DB adapter package (`@byline/db-postgres`, a future
+ * `@byline/db-mysql`) is expected to expose a factory — conventionally
+ * `createAdminStore(db)` — that returns an `AdminStore` wired against
+ * its concrete schema. The bundle is passed to the built-in
+ * `JwtSessionProvider`, to `seedSuperAdmin`, and (later) to admin-user
+ * and admin-role commands.
+ *
+ * Keeping the four repositories together as a single argument avoids
+ * exploding constructor signatures and makes "needs admin DB access" a
+ * single, recognisable type.
+ */
+export interface AdminStore {
+  adminUsers: AdminUsersRepository
+  adminRoles: AdminRolesRepository
+  adminPermissions: AdminPermissionsRepository
+  refreshTokens: RefreshTokensRepository
+}

package/src/vendor/noble-argon2/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2022 Paul Miller (https://paulmillr.com)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

package/src/vendor/noble-argon2/README.md

@@ -0,0 +1,87 @@
+# noble-argon2 (vendored)
+
+Vendored subset of [`@noble/hashes`](https://github.com/paulmillr/noble-hashes)
+sufficient to compute argon2id password hashes. Vendored — rather than depended
+on via npm — to remove the npm install-time supply-chain risk for the password
+hashing path.
+
+The MIT license under which we received this code is included verbatim as
+`./LICENSE`.
+
+## Why vendored
+
+`@byline/admin` previously depended on `@node-rs/argon2`, a Rust binding that
+requires a per-platform native binary. That blocks deployment to non-Node
+runtimes (Workers, Deno, Bun without Node-API shims) and adds a transitive
+install-time supply-chain surface. `@noble/hashes` is pure JS, runs in any
+runtime with WebAssembly-free standard JS, and is explicitly designed by its
+author to be auditable and vendorable.
+
+We copy only the modules required for argon2id, in full, with attribution.
+Other parts of `@noble/hashes` (sha2, sha3, scrypt, …) are not pulled in.
+
+## Provenance
+
+| Field                    | Value                                                       |
+| ------------------------ | ----------------------------------------------------------- |
+| Upstream repo            | https://github.com/paulmillr/noble-hashes                   |
+| Upstream release tag     | `2.2.0`                                                     |
+| Upstream commit          | `81983c2fffac48aa69dabc260b4192ad597d2734`                  |
+| Upstream tag date        | 2026-04-11                                                  |
+| Upstream license         | MIT (see `./LICENSE`)                                       |
+| Files copied             | `argon2.ts`, `blake2.ts`, `_blake.ts`, `_u64.ts`, `_md.ts`, `utils.ts` |
+
+The files were fetched from
+`https://raw.githubusercontent.com/paulmillr/noble-hashes/<commit>/src/<file>`.
+
+## Local modifications
+
+Only two mechanical edits are applied to the upstream sources:
+
+1. **Import-extension rewrite.** Relative import specifiers are rewritten from
+   `'./<name>.ts'` to `'./<name>.js'`. Required by `@byline/admin`'s
+   `module: NodeNext` TypeScript configuration, which emits ES modules and
+   resolves imports against the emitted `.js` paths.
+2. **`// @ts-nocheck` header.** A single-line `// @ts-nocheck — vendored from
+   noble-hashes; see ./README.md` is prepended to every vendored `.ts` file.
+   Required because this project enables `noUncheckedIndexedAccess` and a few
+   other strict-mode flags that noble-hashes does not. The vendored algorithm
+   code is exercised by the upstream test suite at noble's tsconfig settings,
+   and additionally by `tests/noble-argon2-vectors.test.node.ts` against
+   published RFC 9106 / P-H-C reference vectors, so suppressing project lint
+   inside the vendored copy does not weaken the assurance we have over the
+   correctness of these files.
+
+No algorithm code, no constants, and no exported APIs have been changed.
+
+To re-verify, fetch each file at the commit pinned above and run
+`diff <upstream> <vendored>` — every diff line should be one of:
+
+- A single-line `// @ts-nocheck` header at the top of the file
+- `./_blake.ts` → `./_blake.js`
+- `./_md.ts` → `./_md.js`
+- `./_u64.ts` → `./_u64.js`
+- `./blake2.ts` → `./blake2.js`
+- `./utils.ts` → `./utils.js`
+
+## Surface area used
+
+`packages/admin/src/modules/auth/password.ts` consumes only `argon2id` and
+`argon2idAsync` from `./argon2.js`. The other exports (`argon2d`, `argon2i`,
+their async variants, the BLAKE2s class, miscellaneous utility helpers) are
+present because they live in the same source files; bundlers eliminate them as
+dead code.
+
+The fidelity of this vendored copy is checked by
+`packages/admin/tests/noble-argon2-vectors.test.node.ts`, which runs published
+RFC 9106 / noble-hashes argon2id test vectors against this code.
+
+## Re-syncing to a newer upstream commit
+
+1. Pick the new release tag and resolve it to a commit SHA.
+2. For each file in this directory, replace its contents with the upstream
+   file at that commit.
+3. Re-apply the `.ts` → `.js` import-extension change (a single sed pass:
+   `sed -i '' "s|from '\\./\\([_a-z0-9]*\\)\\.ts'|from './\\1.js'|g" *.ts`).
+4. Update the commit, tag, and date in the table above.
+5. Run `pnpm test` in `packages/admin/` to confirm the test vectors still pass.

package/src/vendor/noble-argon2/_blake.ts

@@ -0,0 +1,58 @@
+// @ts-nocheck — vendored from noble-hashes; see ./README.md
+/**
+ * Internal helpers for blake hash.
+ * @module
+ */
+import { rotr, type TRet } from './utils.js';
+
+/**
+ * Internal blake permutation table.
+ * Rows `0..9` serve BLAKE2s, rows `0..11` serve BLAKE2b with `10..11 = 0..1`, and Blake1 also
+ * reuses the later rows shown below. Blake1 expands rounds `10..15` as `SIGMA[i % 10]`, so rows
+ * `10..15` intentionally repeat rows `0..5` for the 14-round (256) and 16-round (512) variants.
+ */
+// prettier-ignore
+export const BSIGMA: TRet<Uint8Array> = /* @__PURE__ */ Uint8Array.from([
+  0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
+  14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3,
+  11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4,
+  7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8,
+  9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13,
+  2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9,
+  12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11,
+  13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10,
+  6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5,
+  10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0,
+  0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
+  14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3,
+  // Blake1, unused in others
+  11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4,
+  7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8,
+  9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13,
+  2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9,
+]);
+
+// prettier-ignore
+export type Num4 = { a: number; b: number; c: number; d: number; };
+
+// 32-bit / BLAKE2s first half of G, with the fixed `(16, 12)` rotation pair.
+// Parameter `x` is the RFC 7693 first-half message word, or Blake1's pre-mixed
+// `m[sigma[r][2i]] ^ u[sigma[r][2i+1]]` addend in the 32-bit path.
+export function G1s(a: number, b: number, c: number, d: number, x: number): Num4 {
+  a = (a + b + x) | 0;
+  d = rotr(d ^ a, 16);
+  c = (c + d) | 0;
+  b = rotr(b ^ c, 12);
+  return { a, b, c, d };
+}
+
+// 32-bit / BLAKE2s second half of G.
+// Parameter `x` is the RFC 7693 second-half (`y`) message word, or Blake1's pre-mixed
+// `m[sigma[r][2i + 1]] ^ u[sigma[r][2i]]` addend in the 32-bit path.
+export function G2s(a: number, b: number, c: number, d: number, x: number): Num4 {
+  a = (a + b + x) | 0;
+  d = rotr(d ^ a, 8);
+  c = (c + d) | 0;
+  b = rotr(b ^ c, 7);
+  return { a, b, c, d };
+}