@dabble/patches 0.8.20 → 0.9.1

package/dist/net/PatchesSync.d.ts

@@ -84,6 +84,19 @@ declare class PatchesSync extends ReadonlyStoreClass<PatchesSyncState> {
      * Provides the pending changes that were discarded so the application can handle them.
      */
     readonly onRemoteDocDeleted: easy_signal.Signal<(docId: string, pendingChanges: Change[]) => void>;
+    /**
+     * Signal emitted when the server reports the caller is no longer authorised
+     * to read/write a tracked document (e.g. a co-author was revoked, removed
+     * from a shared collection, or never had access in the first place).
+     *
+     * Local cleanup mirrors `onRemoteDocDeleted` — untrack, drop the local
+     * cache, return any pending changes that were lost — but the doc itself
+     * still exists server-side. Consumers that maintain a workspace listing
+     * (e.g. a "Shared with Me" dashboard) should remove the doc from their
+     * own state when this fires; otherwise it would resurface on next start
+     * and immediately re-fail with the same 403.
+     */
+    readonly onRemoteDocAccessRevoked: easy_signal.Signal<(docId: string, pendingChanges: Change[]) => void>;
     /**
      * Signal emitted after pending branch metas have been synced to the server.
      * Consumers should use this to refresh in-memory branch state (e.g. call `loadCached()`
@@ -183,6 +196,21 @@ declare class PatchesSync extends ReadonlyStoreClass<PatchesSyncState> {
      * Cleans up local state and notifies the application with any pending changes that were lost.
      */
     protected _handleRemoteDocDeleted(docId: string): Promise<void>;
+    /**
+     * Sibling of `_handleRemoteDocDeleted` for the access-revoked path.
+     * Same local cleanup (close, untrack, drop cache, clear sync state) but
+     * the doc is not tombstoned server-side — it just isn't ours anymore.
+     * Emitted as a distinct signal so consumers can show different UX
+     * ("Your access was revoked" vs. "Project was deleted") without having
+     * to inspect error codes themselves.
+     */
+    protected _handleRemoteDocAccessRevoked(docId: string): Promise<void>;
+    /**
+     * Local cleanup shared by `_handleRemoteDocDeleted` and
+     * `_handleRemoteDocAccessRevoked`. Returns pending changes that were
+     * lost so the caller can include them in the application-facing signal.
+     */
+    protected _cleanupAfterAccessLoss(docId: string): Promise<Change[]>;
     /**
      * Adds, updates, or removes a doc state entry immutably and notifies via store.
      * - Pass a full DocSyncState to add a new entry or overwrite an existing one.
@@ -211,6 +239,14 @@ declare class PatchesSync extends ReadonlyStoreClass<PatchesSyncState> {
      * Helper to detect DOC_DELETED (410) errors from the server.
      */
     protected _isDocDeletedError(err: unknown): boolean;
+    /**
+     * Helper to detect ACCESS_REVOKED (403) errors from the server. Used by
+     * the sync/flush catch blocks to short-circuit straight into the
+     * `_handleRemoteDocAccessRevoked` cleanup path rather than latching the
+     * error onto `docStates[docId].syncError` (which would surface as a
+     * permanent "Unable to Sync" pill in the UI).
+     */
+    protected _isAccessRevokedError(err: unknown): boolean;
 }
 
 export { PatchesSync, type PatchesSyncOptions, type PatchesSyncState };

package/dist/net/PatchesSync.js

@@ -52,6 +52,19 @@ class PatchesSync extends (_a = ReadonlyStoreClass, _syncDoc_dec = [serialGate],
      * Provides the pending changes that were discarded so the application can handle them.
      */
     __publicField(this, "onRemoteDocDeleted", signal());
+    /**
+     * Signal emitted when the server reports the caller is no longer authorised
+     * to read/write a tracked document (e.g. a co-author was revoked, removed
+     * from a shared collection, or never had access in the first place).
+     *
+     * Local cleanup mirrors `onRemoteDocDeleted` — untrack, drop the local
+     * cache, return any pending changes that were lost — but the doc itself
+     * still exists server-side. Consumers that maintain a workspace listing
+     * (e.g. a "Shared with Me" dashboard) should remove the doc from their
+     * own state when this fires; otherwise it would resurface on next start
+     * and immediately re-fail with the same 403.
+     */
+    __publicField(this, "onRemoteDocAccessRevoked", signal());
     /**
      * Signal emitted after pending branch metas have been synced to the server.
      * Consumers should use this to refresh in-memory branch state (e.g. call `loadCached()`
@@ -360,6 +373,10 @@ class PatchesSync extends (_a = ReadonlyStoreClass, _syncDoc_dec = [serialGate],
         await this._handleRemoteDocDeleted(docId);
         return;
       }
+      if (this._isAccessRevokedError(err)) {
+        await this._handleRemoteDocAccessRevoked(docId);
+        return;
+      }
       const syncError = err instanceof Error ? err : new Error(String(err));
       this._updateDocSyncState(docId, { syncStatus: "error", syncError });
       console.error(`Error syncing doc ${docId}:`, err);
@@ -421,6 +438,10 @@ class PatchesSync extends (_a = ReadonlyStoreClass, _syncDoc_dec = [serialGate],
         await this._handleRemoteDocDeleted(docId);
         return;
       }
+      if (this._isAccessRevokedError(err)) {
+        await this._handleRemoteDocAccessRevoked(docId);
+        return;
+      }
       const flushError = err instanceof Error ? err : new Error(String(err));
       this._updateDocSyncState(docId, { syncStatus: "error", syncError: flushError });
       console.error(`Flush failed for doc ${docId}:`, err);
@@ -562,6 +583,27 @@ class PatchesSync extends (_a = ReadonlyStoreClass, _syncDoc_dec = [serialGate],
    * Cleans up local state and notifies the application with any pending changes that were lost.
    */
   async _handleRemoteDocDeleted(docId) {
+    const pendingChanges = await this._cleanupAfterAccessLoss(docId);
+    await this.onRemoteDocDeleted.emit(docId, pendingChanges);
+  }
+  /**
+   * Sibling of `_handleRemoteDocDeleted` for the access-revoked path.
+   * Same local cleanup (close, untrack, drop cache, clear sync state) but
+   * the doc is not tombstoned server-side — it just isn't ours anymore.
+   * Emitted as a distinct signal so consumers can show different UX
+   * ("Your access was revoked" vs. "Project was deleted") without having
+   * to inspect error codes themselves.
+   */
+  async _handleRemoteDocAccessRevoked(docId) {
+    const pendingChanges = await this._cleanupAfterAccessLoss(docId);
+    await this.onRemoteDocAccessRevoked.emit(docId, pendingChanges);
+  }
+  /**
+   * Local cleanup shared by `_handleRemoteDocDeleted` and
+   * `_handleRemoteDocAccessRevoked`. Returns pending changes that were
+   * lost so the caller can include them in the application-facing signal.
+   */
+  async _cleanupAfterAccessLoss(docId) {
     const algorithm = this._getAlgorithm(docId);
     const pendingChanges = await algorithm.getPendingToSend(docId) ?? [];
     const doc = this.patches.getOpenDoc(docId);
@@ -571,7 +613,7 @@ class PatchesSync extends (_a = ReadonlyStoreClass, _syncDoc_dec = [serialGate],
     this.trackedDocs.delete(docId);
     this._updateDocSyncState(docId, void 0);
     await algorithm.confirmDeleteDoc(docId);
-    await this.onRemoteDocDeleted.emit(docId, pendingChanges);
+    return pendingChanges;
   }
   /**
    * Adds, updates, or removes a doc state entry immutably and notifies via store.
@@ -634,6 +676,16 @@ class PatchesSync extends (_a = ReadonlyStoreClass, _syncDoc_dec = [serialGate],
   _isDocDeletedError(err) {
     return err instanceof StatusError && err.code === ErrorCodes.DOC_DELETED;
   }
+  /**
+   * Helper to detect ACCESS_REVOKED (403) errors from the server. Used by
+   * the sync/flush catch blocks to short-circuit straight into the
+   * `_handleRemoteDocAccessRevoked` cleanup path rather than latching the
+   * error onto `docStates[docId].syncError` (which would surface as a
+   * permanent "Unable to Sync" pill in the UI).
+   */
+  _isAccessRevokedError(err) {
+    return err instanceof StatusError && err.code === ErrorCodes.ACCESS_REVOKED;
+  }
 }
 _init = __decoratorStart(_a);
 __decorateElement(_init, 1, "syncDoc", _syncDoc_dec, PatchesSync);

package/dist/net/error.d.ts

@@ -11,6 +11,15 @@ declare const ErrorCodes: {
     readonly DOC_DELETED: 410;
     /** Document not found (never existed). */
     readonly DOC_NOT_FOUND: 404;
+    /**
+     * Caller is no longer authorized to read/write the document.
+     * Distinct from DOC_DELETED — the doc still exists, the caller just lost
+     * membership (revoked, or removed from a shared collection). The sync
+     * loop treats it like a soft delete: untrack, drop local cache, emit
+     * `onRemoteDocAccessRevoked` so the application can remove the doc from
+     * its own workspace state.
+     */
+    readonly ACCESS_REVOKED: 403;
 };
 /**
  * Error thrown when the JSON-RPC client receives a message that cannot be parsed as JSON.

package/dist/net/error.js

@@ -10,7 +10,16 @@ const ErrorCodes = {
   /** Document was deleted (tombstone exists). */
   DOC_DELETED: 410,
   /** Document not found (never existed). */
-  DOC_NOT_FOUND: 404
+  DOC_NOT_FOUND: 404,
+  /**
+   * Caller is no longer authorized to read/write the document.
+   * Distinct from DOC_DELETED — the doc still exists, the caller just lost
+   * membership (revoked, or removed from a shared collection). The sync
+   * loop treats it like a soft delete: untrack, drop local cache, emit
+   * `onRemoteDocAccessRevoked` so the application can remove the doc from
+   * its own workspace state.
+   */
+  ACCESS_REVOKED: 403
 };
 class JSONRPCParseError extends Error {
   rawMessage;

package/dist/net/index.d.ts

@@ -1,3 +1,4 @@
+export { Invite, InviteProjectBookMeta, InviteProjectMetaSnapshot, InviteRole, InviteTo } from './invite.js';
 export { FetchTransport } from './http/FetchTransport.js';
 export { PatchesClient } from './PatchesClient.js';
 export { PatchesConnection } from './PatchesConnection.js';

package/dist/net/index.js

@@ -1,4 +1,5 @@
 import "../chunk-IZ2YBCUP.js";
+export * from "./invite.js";
 export * from "./http/FetchTransport.js";
 export * from "./PatchesClient.js";
 export * from "./PatchesConnection.js";

package/dist/net/invite.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Shapes returned by pup's invite endpoints (`GET /docs/:docId/_invites/:inviteId`)
+ * and embedded in roles documents. Kept in sync with pup's `Invite` / `UserAccess`
+ * surface so clients deserialize with correct field names.
+ */
+type InviteRole = 'owner' | 'write' | 'edit' | 'comment' | 'view';
+/** Invite addressee payload (`invite.to`). */
+interface InviteTo {
+    role: InviteRole;
+    private?: boolean;
+    doc?: string;
+    /** Optional client-side id echoed from legacy creation paths; stripped on accept server-side. */
+    id?: string;
+    name?: string;
+    email: string;
+}
+/**
+ * Minimal book-row shape stored on invites for dashboard-style previews.
+ * Mirrors writer `NovelBookMeta` / pup-embedded JSON (extra keys are ignored).
+ */
+interface InviteProjectBookMeta {
+    id?: string;
+    title?: string;
+    subtitle?: string;
+    author?: string;
+    coverArt?: string;
+    coverArtRatio?: unknown;
+    pattern?: number;
+    backgroundColor?: unknown;
+}
+/** Novel project meta snapshot on an invite (writer `InviteProjectMetaSnapshot`). */
+interface InviteProjectMetaSnapshot {
+    title?: string;
+    modifiedAt?: string;
+    books: InviteProjectBookMeta[];
+    isTemplate?: boolean;
+    templateCount?: number;
+    type?: string;
+}
+interface Invite {
+    from: string;
+    to: InviteTo;
+    createdAt: number;
+    expiresAt: number;
+    /** Cached project title at invite creation (writer/pup roles doc). */
+    projectName?: string;
+    /** @deprecated Prefer `projectMetaSnapshot.books`. */
+    projectBooks?: InviteProjectBookMeta[];
+    /** @deprecated Prefer `projectMetaSnapshot.modifiedAt`. */
+    projectModifiedAt?: string;
+    /** Full project meta snapshot for accept-modal preview. */
+    projectMetaSnapshot?: InviteProjectMetaSnapshot;
+}
+
+export type { Invite, InviteProjectBookMeta, InviteProjectMetaSnapshot, InviteRole, InviteTo };

package/dist/net/rest/PatchesREST.d.ts

@@ -2,6 +2,7 @@ import * as easy_signal from 'easy-signal';
 import { Change, CommitChangesOptions, PatchesState, ChangeInput, DeleteDocOptions, EditableVersionMetadata, ListVersionsOptions, VersionMetadata, PatchesSnapshot, Branch, CreateBranchMetadata, EditableBranchMetadata } from '../../types.js';
 import { PatchesConnection } from '../PatchesConnection.js';
 import { ConnectionState } from '../protocol/types.js';
+import { Invite } from '../invite.js';
 import '../../json-patch/JSONPatch.js';
 import '@dabble/delta';
 import '../../json-patch/types.js';
@@ -68,6 +69,28 @@ declare class PatchesREST implements PatchesConnection {
     updateBranch(docId: string, branchId: string, metadata: EditableBranchMetadata): Promise<void>;
     deleteBranch(docId: string, branchId: string): Promise<void>;
     mergeBranch(docId: string, branchId: string): Promise<void>;
+    /**
+     * Fetch a single invite addressed to the authenticated user.
+     * `GET /docs/:docId/_invites/:inviteId`
+     */
+    getInvite(docId: string, inviteId: string): Promise<Invite>;
+    /**
+     * Accept or decline an invite. Returns whether the server applied a role
+     * change (`ok` from `{ ok: boolean }`).
+     * `POST /docs/:docId/_invites/:inviteId` body `{ accept: boolean }`
+     */
+    acceptInvite(docId: string, inviteId: string, accept: boolean): Promise<boolean>;
+    /**
+     * Remove the authenticated user from `roles.users` (non-owners only).
+     * `POST /docs/:docId/_self/leave`
+     */
+    leaveProject(docId: string): Promise<boolean>;
+    /**
+     * Owner/co-author revokes another member. `targetUid` is removed from
+     * `roles.users` and tombstoned under `roles.formerUsers.revokedAt`.
+     * `POST /docs/:docId/_members/:uid/revoke`
+     */
+    revokeMember(docId: string, targetUid: string): Promise<boolean>;
     private _setState;
     private _getHeaders;
     private _fetch;

package/dist/net/rest/PatchesREST.js

@@ -4,6 +4,8 @@ import { StatusError } from "../error.js";
 import { onlineState } from "../websocket/onlineState.js";
 import { normalizeIds } from "./utils.js";
 const SESSION_STORAGE_KEY = "patches-clientId";
+const REQUEST_TIMEOUT_MS = 3e4;
+const CONNECT_TIMEOUT_MS = 3e4;
 class PatchesREST {
   /** The client ID used for SSE connection and subscription management. */
   clientId;
@@ -49,16 +51,26 @@ class PatchesREST {
       const es = new EventSource(`${this._url}/events/${this.clientId}`);
       this.eventSource = es;
       let settled = false;
+      const timer = globalThis.setTimeout(() => {
+        if (settled) return;
+        settled = true;
+        es.close();
+        if (this.eventSource === es) this.eventSource = null;
+        this._setState("error");
+        reject(new Error("SSE connection timed out"));
+      }, CONNECT_TIMEOUT_MS);
       es.onopen = () => {
         this._setState("connected");
         if (!settled) {
           settled = true;
+          globalThis.clearTimeout(timer);
           resolve();
         }
       };
       es.onerror = () => {
         if (!settled) {
           settled = true;
+          globalThis.clearTimeout(timer);
           this._setState("error");
           reject(new Error("SSE connection failed"));
           return;
@@ -177,6 +189,52 @@ class PatchesREST {
   async mergeBranch(docId, branchId) {
     await this._fetch(`/docs/${docId}/_branches/${encodeURIComponent(branchId)}/_merge`, { method: "POST" });
   }
+  // --- Invites & membership (pup REST) ---
+  /**
+   * Fetch a single invite addressed to the authenticated user.
+   * `GET /docs/:docId/_invites/:inviteId`
+   */
+  async getInvite(docId, inviteId) {
+    return this._fetch(`/docs/${docId}/_invites/${encodeURIComponent(inviteId)}`);
+  }
+  /**
+   * Accept or decline an invite. Returns whether the server applied a role
+   * change (`ok` from `{ ok: boolean }`).
+   * `POST /docs/:docId/_invites/:inviteId` body `{ accept: boolean }`
+   */
+  async acceptInvite(docId, inviteId, accept) {
+    const result = await this._fetch(`/docs/${docId}/_invites/${encodeURIComponent(inviteId)}`, {
+      method: "POST",
+      body: { accept }
+    });
+    return Boolean(result?.ok);
+  }
+  /**
+   * Remove the authenticated user from `roles.users` (non-owners only).
+   * `POST /docs/:docId/_self/leave`
+   */
+  async leaveProject(docId) {
+    const result = await this._fetch(`/docs/${docId}/_self/leave`, {
+      method: "POST",
+      body: {}
+    });
+    return Boolean(result?.ok);
+  }
+  /**
+   * Owner/co-author revokes another member. `targetUid` is removed from
+   * `roles.users` and tombstoned under `roles.formerUsers.revokedAt`.
+   * `POST /docs/:docId/_members/:uid/revoke`
+   */
+  async revokeMember(docId, targetUid) {
+    const result = await this._fetch(
+      `/docs/${docId}/_members/${encodeURIComponent(targetUid)}/revoke`,
+      {
+        method: "POST",
+        body: {}
+      }
+    );
+    return Boolean(result?.ok);
+  }
   // --- Private Helpers ---
   _setState(state) {
     if (state === this._state) return;
@@ -202,7 +260,8 @@ class PatchesREST {
         ...hasBody ? { "Content-Type": "application/json" } : {},
         ...headers
       },
-      body: hasBody ? JSON.stringify(init.body) : void 0
+      body: hasBody ? JSON.stringify(init.body) : void 0,
+      signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS)
     });
     if (!response.ok) {
       let message = response.statusText;

package/dist/net/rest/index.d.ts

@@ -8,5 +8,6 @@ import '@dabble/delta';
 import '../../json-patch/types.js';
 import '../PatchesConnection.js';
 import '../protocol/types.js';
+import '../invite.js';
 import '../websocket/AuthorizationProvider.js';
 import '../../server/types.js';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dabble/patches",
-  "version": "0.8.20",
+  "version": "0.9.1",
   "description": "Immutable JSON Patch implementation based on RFC 6902 supporting operational transformation and last-writer-wins",
   "author": "Jacob Wright <jacwright@gmail.com>",
   "bugs": {