npm - @directive-run/core - Versions diffs - 1.9.0 → 1.11.0 - Mend

@directive-run/core 1.9.0 → 1.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (56) hide show

package/dist/adapter-utils.d.cts +1 -1
package/dist/adapter-utils.d.ts +1 -1
package/dist/audit-ledger-9IElAHH9.d.ts +205 -0
package/dist/audit-ledger-qMjEBqiP.d.cts +205 -0
package/dist/chunk-26Z5VNPZ.js +16 -0
package/dist/{chunk-FCOZCTLY.js.map → chunk-26Z5VNPZ.js.map} +1 -1
package/dist/chunk-4VZOZWXM.cjs +2 -0
package/dist/chunk-4VZOZWXM.cjs.map +1 -0
package/dist/chunk-7NMXRATK.cjs +3 -0
package/dist/chunk-7NMXRATK.cjs.map +1 -0
package/dist/chunk-7TSYQEN3.js +2 -0
package/dist/chunk-7TSYQEN3.js.map +1 -0
package/dist/{chunk-2OS4RCLV.cjs → chunk-EX3XG667.cjs} +3 -3
package/dist/{chunk-2OS4RCLV.cjs.map → chunk-EX3XG667.cjs.map} +1 -1
package/dist/chunk-TPOKS4RY.js +3 -0
package/dist/chunk-TPOKS4RY.js.map +1 -0
package/dist/{helpers-BwAThjnJ.d.ts → helpers-D2pfb6vT.d.ts} +1 -1
package/dist/{helpers-CG27mEGG.d.cts → helpers-hh6UanB1.d.cts} +1 -1
package/dist/index.cjs +4 -4
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +344 -4
package/dist/index.d.ts +344 -4
package/dist/index.js +4 -4
package/dist/index.js.map +1 -1
package/dist/internals.cjs +1 -1
package/dist/internals.d.cts +4 -4
package/dist/internals.d.ts +4 -4
package/dist/internals.js +1 -1
package/dist/plugins/index.cjs +2 -2
package/dist/plugins/index.cjs.map +1 -1
package/dist/plugins/index.d.cts +2 -1
package/dist/plugins/index.d.ts +2 -1
package/dist/plugins/index.js +2 -2
package/dist/plugins/index.js.map +1 -1
package/dist/{plugins-DvrsPhzx.d.cts → plugins-Ykl_sAPE.d.cts} +1 -1
package/dist/{plugins-DvrsPhzx.d.ts → plugins-Ykl_sAPE.d.ts} +1 -1
package/dist/system-GK3NSFQH.cjs +2 -0
package/dist/{system-DEMPYZHI.cjs.map → system-GK3NSFQH.cjs.map} +1 -1
package/dist/system-VZWB6WXX.js +2 -0
package/dist/{system-R4JL6U4S.js.map → system-VZWB6WXX.js.map} +1 -1
package/dist/testing.cjs +1 -1
package/dist/testing.d.cts +1 -1
package/dist/testing.d.ts +1 -1
package/dist/testing.js +1 -1
package/dist/worker.cjs +1 -1
package/dist/worker.d.cts +1 -1
package/dist/worker.d.ts +1 -1
package/dist/worker.js +1 -1
package/package.json +1 -1
package/dist/chunk-FCOZCTLY.js +0 -16
package/dist/chunk-WIZHZF4G.cjs +0 -3
package/dist/chunk-WIZHZF4G.cjs.map +0 -1
package/dist/chunk-ZE2RY5KP.js +0 -3
package/dist/chunk-ZE2RY5KP.js.map +0 -1
package/dist/system-DEMPYZHI.cjs +0 -2
package/dist/system-R4JL6U4S.js +0 -2

package/dist/adapter-utils.d.cts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { s as Requirement, p as Plugin, b as Facts, a8 as Schema, H as HistoryAPI, ac as SystemInspection, J as HistoryState } from './plugins-DvrsPhzx.cjs';
+import { t as Requirement, q as Plugin, c as Facts, a8 as Schema, I as HistoryAPI, ac as SystemInspection, K as HistoryState } from './plugins-Ykl_sAPE.cjs';
 export { s as shallowEqual } from './utils-BnQajqPu.cjs';
 /**

package/dist/adapter-utils.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { s as Requirement, p as Plugin, b as Facts, a8 as Schema, H as HistoryAPI, ac as SystemInspection, J as HistoryState } from './plugins-DvrsPhzx.js';
+import { t as Requirement, q as Plugin, c as Facts, a8 as Schema, I as HistoryAPI, ac as SystemInspection, K as HistoryState } from './plugins-Ykl_sAPE.js';
 export { s as shallowEqual } from './utils-BnQajqPu.js';
 /**

package/dist/audit-ledger-9IElAHH9.d.ts ADDED Viewed

@@ -0,0 +1,205 @@
+import { b as FactPredicate, C as ClauseResult, q as Plugin, M as ModuleSchema } from './plugins-Ykl_sAPE.js';
+/**
+ * createAuditLedger — append-only, queryable, cryptographically-chained
+ * audit of every state change. For compliance, forensics, "show me why
+ * this user got that decision."
+ *
+ * Captures (per observation event):
+ *
+ *   - `constraint.evaluate` → { whenSpec, whenExplain, active }
+ *   - `resolver.write.rejected` (rejection + summary kinds)
+ *   - `fact.change` → { key, prior, next }
+ *   - `resolver.complete` → { resolverId, requirementId, duration }
+ *   - `system.init` / `system.start` / `system.stop` / `system.destroy`
+ *
+ * Hash chain: each entry stores `prevHash` (the genesis entry's is null);
+ * `hash` is computed *lazily* at `verify()` / `toJSON()` time via
+ * `stableStringify` + SHA-256 (`crypto.subtle.digest`). Tampering with
+ * any entry's payload breaks the next entry's `prevHash` link — visible
+ * in `verify()`.
+ *
+ * PII redaction: by default, fact keys whose meta carries the `pii`
+ * tag (via `system.meta.byTag("pii")`) have their values replaced with
+ * `"[redacted]"` in `whenExplain.actual`, `fact.change.prior`, and
+ * `fact.change.next`. Opt out with `capturePII: true`.
+ */
+type AuditEntryKind = "constraint.evaluate" | "resolver.write.rejected" | "fact.change" | "resolver.complete" | "resolver.error" | "system.init" | "system.start" | "system.stop" | "system.destroy";
+interface AuditEntryBase {
+    /** Monotonic sequence number, starting at 0. */
+    readonly seq: number;
+    /** Wall-clock timestamp (ms epoch). */
+    readonly ts: number;
+    /** Discriminator. */
+    readonly kind: AuditEntryKind;
+    /** Hash of the previous entry's full payload. null on the genesis entry. */
+    readonly prevHash: string | null;
+}
+type AuditEntry = (AuditEntryBase & {
+    kind: "constraint.evaluate";
+    constraintId: string;
+    active: boolean;
+    /** Cached at ledger start from `system.inspect().constraints[].whenSpec`. May be undefined for function-form constraints. */
+    whenSpec?: FactPredicate<unknown>;
+    whenExplain?: readonly ClauseResult[];
+}) | (AuditEntryBase & {
+    kind: "resolver.write.rejected";
+    rejection: "rejection" | "summary";
+    resolverId: string;
+    requirementId: string;
+    reason: string;
+    fact?: string;
+    expected?: unknown;
+    actual?: unknown;
+    dropped?: number;
+}) | (AuditEntryBase & {
+    kind: "fact.change";
+    key: string;
+    prior: unknown;
+    next: unknown;
+}) | (AuditEntryBase & {
+    kind: "resolver.complete";
+    resolverId: string;
+    requirementId: string;
+    duration: number;
+}) | (AuditEntryBase & {
+    kind: "resolver.error";
+    resolverId: string;
+    requirementId: string;
+    error: string;
+}) | (AuditEntryBase & {
+    kind: "system.init" | "system.start" | "system.stop" | "system.destroy";
+});
+interface QueryFilter {
+    /** Exact-match fact path. */
+    factPath?: string;
+    /** Filter by constraint id. */
+    constraintId?: string;
+    /** Filter by entry kind. */
+    kind?: AuditEntryKind | readonly AuditEntryKind[];
+    /** Time range as `[startMs, endMs]`, ISO strings, or epoch numbers. */
+    changedBetween?: [string | number | Date, string | number | Date];
+    /** Maximum entries returned. Default 1000. */
+    limit?: number;
+}
+/** Verify result — chain valid OR a break with full context for tamper visualization. */
+type VerifyResult = {
+    valid: true;
+    entryCount: number;
+} | {
+    valid: false;
+    brokenAt: number;
+    expectedHash: string;
+    actualHash: string;
+    entry: AuditEntry;
+};
+interface AuditLedgerSink {
+    write(entry: AuditEntry): void;
+    query(filter: QueryFilter): readonly AuditEntry[];
+    recent(n: number): readonly AuditEntry[];
+    forFact(path: string, opts?: {
+        limit?: number;
+    }): readonly AuditEntry[];
+    forConstraint(id: string, opts?: {
+        limit?: number;
+    }): readonly AuditEntry[];
+    toJSON(): {
+        entries: readonly AuditEntry[];
+        capturedAt: number;
+    };
+    clear(): void;
+    destroy(): void;
+}
+/**
+ * In-memory bounded ring-buffer sink. Drops oldest entries past
+ * `capacity` (default 10,000). Use this as the default sink for dev,
+ * tests, and StackBlitz demos.
+ */
+declare function memorySink(opts?: {
+    capacity?: number;
+}): AuditLedgerSink;
+interface AuditLedgerOptions {
+    /** Sink to write entries to. Default: in-memory ring buffer (capacity 10k). */
+    sink?: AuditLedgerSink;
+    /**
+     * Whether to capture raw fact values (`prior`/`next` on fact.change,
+     * `actual` in whenExplain). Default `false` — PII-tagged facts are
+     * redacted by default. Set `true` to opt out of redaction.
+     */
+    capturePII?: boolean;
+    /**
+     * Optional caller-supplied redactor. Runs AFTER the default
+     * pii-tag-based redaction. Useful for additional sanitization.
+     */
+    redact?: (entry: AuditEntry) => AuditEntry;
+}
+interface AuditLedger {
+    /** The plugin to pass to `createSystem({ plugins: [...] })`. */
+    readonly plugin: Plugin<ModuleSchema>;
+    /** Query entries matching the filter. */
+    query(filter?: QueryFilter): readonly AuditEntry[];
+    /** Most recent N entries (chronological). */
+    recent(n: number): readonly AuditEntry[];
+    /** All entries that touch this fact path (exact match). */
+    forFact(path: string, opts?: {
+        limit?: number;
+    }): readonly AuditEntry[];
+    /** All entries for this constraint id. */
+    forConstraint(id: string, opts?: {
+        limit?: number;
+    }): readonly AuditEntry[];
+    /** Full ledger snapshot for export / serialization. */
+    toJSON(): {
+        entries: readonly AuditEntry[];
+        capturedAt: number;
+    };
+    /**
+     * Walk the hash chain genesis → tip. Returns `{ valid: true }` iff
+     * every entry's `prevHash` matches the (sync, djb2-based) hash of
+     * the previous entry. On break, returns the index of the first
+     * broken link plus the expected vs actual hashes — feed into a
+     * "TAMPERED" visualization.
+     *
+     * Sync by default (djb2 chain). For compliance-grade collision
+     * resistance, pass `{ strong: true }` — verify walks the chain a
+     * second time with SHA-256 and returns a Promise. Callers must
+     * `await` the result when `strong: true` is passed.
+     */
+    verify(opts?: {
+        strong?: boolean;
+    }): VerifyResult | Promise<VerifyResult>;
+    /** Empty the sink. */
+    clear(): void;
+    /** Unsubscribe + drop the sink. */
+    destroy(): void;
+}
+/**
+ * Create an audit ledger that subscribes to the given system's
+ * observation stream. Returns a `Plugin` to install + a query/verify
+ * API for the ledger.
+ *
+ * @example
+ * ```ts
+ * import { createAuditLedger } from "@directive-run/core/plugins";
+ *
+ * const ledger = createAuditLedger();
+ * const system = createSystem({ module, plugins: [ledger.plugin] });
+ * system.start();
+ *
+ * // Six months later — auditor asks "what changed cart-total in March?"
+ * ledger.query({
+ *   factPath: "cartTotal",
+ *   changedBetween: ["2026-03-01", "2026-04-01"],
+ * });
+ *
+ * // Verify nobody tampered with the ledger
+ * const verdict = await ledger.verify();
+ * if (!verdict.valid) {
+ *   console.error("Tamper at entry", verdict.brokenAt);
+ * }
+ * ```
+ */
+declare function createAuditLedger(opts?: AuditLedgerOptions): AuditLedger;
+export { type AuditEntry as A, type QueryFilter as Q, type AuditEntryKind as a, type AuditLedger as b, type AuditLedgerOptions as c, type AuditLedgerSink as d, createAuditLedger as e, memorySink as m };

package/dist/audit-ledger-qMjEBqiP.d.cts ADDED Viewed

@@ -0,0 +1,205 @@
+import { b as FactPredicate, C as ClauseResult, q as Plugin, M as ModuleSchema } from './plugins-Ykl_sAPE.cjs';
+/**
+ * createAuditLedger — append-only, queryable, cryptographically-chained
+ * audit of every state change. For compliance, forensics, "show me why
+ * this user got that decision."
+ *
+ * Captures (per observation event):
+ *
+ *   - `constraint.evaluate` → { whenSpec, whenExplain, active }
+ *   - `resolver.write.rejected` (rejection + summary kinds)
+ *   - `fact.change` → { key, prior, next }
+ *   - `resolver.complete` → { resolverId, requirementId, duration }
+ *   - `system.init` / `system.start` / `system.stop` / `system.destroy`
+ *
+ * Hash chain: each entry stores `prevHash` (the genesis entry's is null);
+ * `hash` is computed *lazily* at `verify()` / `toJSON()` time via
+ * `stableStringify` + SHA-256 (`crypto.subtle.digest`). Tampering with
+ * any entry's payload breaks the next entry's `prevHash` link — visible
+ * in `verify()`.
+ *
+ * PII redaction: by default, fact keys whose meta carries the `pii`
+ * tag (via `system.meta.byTag("pii")`) have their values replaced with
+ * `"[redacted]"` in `whenExplain.actual`, `fact.change.prior`, and
+ * `fact.change.next`. Opt out with `capturePII: true`.
+ */
+type AuditEntryKind = "constraint.evaluate" | "resolver.write.rejected" | "fact.change" | "resolver.complete" | "resolver.error" | "system.init" | "system.start" | "system.stop" | "system.destroy";
+interface AuditEntryBase {
+    /** Monotonic sequence number, starting at 0. */
+    readonly seq: number;
+    /** Wall-clock timestamp (ms epoch). */
+    readonly ts: number;
+    /** Discriminator. */
+    readonly kind: AuditEntryKind;
+    /** Hash of the previous entry's full payload. null on the genesis entry. */
+    readonly prevHash: string | null;
+}
+type AuditEntry = (AuditEntryBase & {
+    kind: "constraint.evaluate";
+    constraintId: string;
+    active: boolean;
+    /** Cached at ledger start from `system.inspect().constraints[].whenSpec`. May be undefined for function-form constraints. */
+    whenSpec?: FactPredicate<unknown>;
+    whenExplain?: readonly ClauseResult[];
+}) | (AuditEntryBase & {
+    kind: "resolver.write.rejected";
+    rejection: "rejection" | "summary";
+    resolverId: string;
+    requirementId: string;
+    reason: string;
+    fact?: string;
+    expected?: unknown;
+    actual?: unknown;
+    dropped?: number;
+}) | (AuditEntryBase & {
+    kind: "fact.change";
+    key: string;
+    prior: unknown;
+    next: unknown;
+}) | (AuditEntryBase & {
+    kind: "resolver.complete";
+    resolverId: string;
+    requirementId: string;
+    duration: number;
+}) | (AuditEntryBase & {
+    kind: "resolver.error";
+    resolverId: string;
+    requirementId: string;
+    error: string;
+}) | (AuditEntryBase & {
+    kind: "system.init" | "system.start" | "system.stop" | "system.destroy";
+});
+interface QueryFilter {
+    /** Exact-match fact path. */
+    factPath?: string;
+    /** Filter by constraint id. */
+    constraintId?: string;
+    /** Filter by entry kind. */
+    kind?: AuditEntryKind | readonly AuditEntryKind[];
+    /** Time range as `[startMs, endMs]`, ISO strings, or epoch numbers. */
+    changedBetween?: [string | number | Date, string | number | Date];
+    /** Maximum entries returned. Default 1000. */
+    limit?: number;
+}
+/** Verify result — chain valid OR a break with full context for tamper visualization. */
+type VerifyResult = {
+    valid: true;
+    entryCount: number;
+} | {
+    valid: false;
+    brokenAt: number;
+    expectedHash: string;
+    actualHash: string;
+    entry: AuditEntry;
+};
+interface AuditLedgerSink {
+    write(entry: AuditEntry): void;
+    query(filter: QueryFilter): readonly AuditEntry[];
+    recent(n: number): readonly AuditEntry[];
+    forFact(path: string, opts?: {
+        limit?: number;
+    }): readonly AuditEntry[];
+    forConstraint(id: string, opts?: {
+        limit?: number;
+    }): readonly AuditEntry[];
+    toJSON(): {
+        entries: readonly AuditEntry[];
+        capturedAt: number;
+    };
+    clear(): void;
+    destroy(): void;
+}
+/**
+ * In-memory bounded ring-buffer sink. Drops oldest entries past
+ * `capacity` (default 10,000). Use this as the default sink for dev,
+ * tests, and StackBlitz demos.
+ */
+declare function memorySink(opts?: {
+    capacity?: number;
+}): AuditLedgerSink;
+interface AuditLedgerOptions {
+    /** Sink to write entries to. Default: in-memory ring buffer (capacity 10k). */
+    sink?: AuditLedgerSink;
+    /**
+     * Whether to capture raw fact values (`prior`/`next` on fact.change,
+     * `actual` in whenExplain). Default `false` — PII-tagged facts are
+     * redacted by default. Set `true` to opt out of redaction.
+     */
+    capturePII?: boolean;
+    /**
+     * Optional caller-supplied redactor. Runs AFTER the default
+     * pii-tag-based redaction. Useful for additional sanitization.
+     */
+    redact?: (entry: AuditEntry) => AuditEntry;
+}
+interface AuditLedger {
+    /** The plugin to pass to `createSystem({ plugins: [...] })`. */
+    readonly plugin: Plugin<ModuleSchema>;
+    /** Query entries matching the filter. */
+    query(filter?: QueryFilter): readonly AuditEntry[];
+    /** Most recent N entries (chronological). */
+    recent(n: number): readonly AuditEntry[];
+    /** All entries that touch this fact path (exact match). */
+    forFact(path: string, opts?: {
+        limit?: number;
+    }): readonly AuditEntry[];
+    /** All entries for this constraint id. */
+    forConstraint(id: string, opts?: {
+        limit?: number;
+    }): readonly AuditEntry[];
+    /** Full ledger snapshot for export / serialization. */
+    toJSON(): {
+        entries: readonly AuditEntry[];
+        capturedAt: number;
+    };
+    /**
+     * Walk the hash chain genesis → tip. Returns `{ valid: true }` iff
+     * every entry's `prevHash` matches the (sync, djb2-based) hash of
+     * the previous entry. On break, returns the index of the first
+     * broken link plus the expected vs actual hashes — feed into a
+     * "TAMPERED" visualization.
+     *
+     * Sync by default (djb2 chain). For compliance-grade collision
+     * resistance, pass `{ strong: true }` — verify walks the chain a
+     * second time with SHA-256 and returns a Promise. Callers must
+     * `await` the result when `strong: true` is passed.
+     */
+    verify(opts?: {
+        strong?: boolean;
+    }): VerifyResult | Promise<VerifyResult>;
+    /** Empty the sink. */
+    clear(): void;
+    /** Unsubscribe + drop the sink. */
+    destroy(): void;
+}
+/**
+ * Create an audit ledger that subscribes to the given system's
+ * observation stream. Returns a `Plugin` to install + a query/verify
+ * API for the ledger.
+ *
+ * @example
+ * ```ts
+ * import { createAuditLedger } from "@directive-run/core/plugins";
+ *
+ * const ledger = createAuditLedger();
+ * const system = createSystem({ module, plugins: [ledger.plugin] });
+ * system.start();
+ *
+ * // Six months later — auditor asks "what changed cart-total in March?"
+ * ledger.query({
+ *   factPath: "cartTotal",
+ *   changedBetween: ["2026-03-01", "2026-04-01"],
+ * });
+ *
+ * // Verify nobody tampered with the ledger
+ * const verdict = await ledger.verify();
+ * if (!verdict.valid) {
+ *   console.error("Tamper at entry", verdict.brokenAt);
+ * }
+ * ```
+ */
+declare function createAuditLedger(opts?: AuditLedgerOptions): AuditLedger;
+export { type AuditEntry as A, type QueryFilter as Q, type AuditEntryKind as a, type AuditLedger as b, type AuditLedgerOptions as c, type AuditLedgerSink as d, createAuditLedger as e, memorySink as m };

package/dist/chunk-26Z5VNPZ.js ADDED Viewed

@@ -0,0 +1,16 @@
+import {T,j,h,o,u,q,t}from'./chunk-TPOKS4RY.js';import {a,l,m as m$1,n}from'./chunk-TZHC4E6S.js';import {e,a as a$1}from'./chunk-T6IJUWYR.js';var m="::",he=Symbol.for("nodejs.util.inspect.custom");function we(e){if(!e.ownKeys)return {};let n={};for(let t of e.ownKeys())n[t]=e.get(t);return n}function D(e){return new Proxy({},{get(n,t){if(typeof t=="symbol")return t===he?()=>we(e):void 0;if(!l.has(t))return e.get(t)},set(n,t,s){return typeof t=="symbol"||l.has(t)?false:e.set?e.set(t,s):false},has(n,t){return typeof t=="symbol"||l.has(t)?false:e.has?e.has(t):false},deleteProperty(n,t){return typeof t=="symbol"||l.has(t)?false:e.delete?e.delete(t):false},ownKeys(){return e.ownKeys?e.ownKeys():[]},getOwnPropertyDescriptor(n,t){if(typeof t!="symbol"&&e.has&&typeof t=="string"&&e.has(t))return {configurable:true,enumerable:true}},defineProperty(){return  false},getPrototypeOf(){return null},setPrototypeOf(){return  false}})}var Z=new WeakMap,Q=new WeakMap,X=new WeakMap,ee=new WeakMap,ne=new WeakMap,te=new WeakMap;function $(e,n$1){let t=Z.get(e);if(t){let r=t.get(n$1);if(r)return r}else t=new Map,Z.set(e,t);let s=D({get:r=>r==="$store"||r==="$snapshot"?e[r]:e[`${n$1}${m}${r}`],set:(r,u)=>{if(a){let i=m$1(u);i&&n(`${n$1}.${r}`,i);}return e[`${n$1}${m}${r}`]=u,true},has:r=>`${n$1}${m}${r}`in e,delete:r=>(delete e[`${n$1}${m}${r}`],true)});return t.set(n$1,s),s}function re(e,n,t){let s=Q.get(e);if(s)return s;let r=D({get:u=>{if(Object.hasOwn(n,u))return $(e,u)},has:u=>Object.hasOwn(n,u),ownKeys:()=>t()});return Q.set(e,r),r}function oe(e,n,t){let s=`${n}|${t.join(",")}`,r=ne.get(e);if(r){let o=r.get(s);if(o)return o}else r=new Map,ne.set(e,r);let u=new Set(t),i=["self",...t],c=D({get:o=>{if(o==="self")return $(e,n);if(u.has(o))return $(e,o);a&&console.warn(`[Directive] Module "${n}" accessed undeclared cross-module property "${o}". Add it to crossModuleDeps or use "facts.self.${o}" for own module facts.`);},has:o=>o==="self"||u.has(o),ownKeys:()=>i});return r.set(s,c),c}function B(e,n){let t=ee.get(e);if(t){let r=t.get(n);if(r)return r}else t=new Map,ee.set(e,t);let s=D({get:r=>e[`${n}${m}${r}`],has:r=>`${n}${m}${r}`in e});return t.set(n,s),s}function se(e,n,t){let s=X.get(e);if(s)return s;let r=D({get:u=>{if(Object.hasOwn(n,u))return B(e,u)},has:u=>Object.hasOwn(n,u),ownKeys:()=>t()});return X.set(e,r),r}function ie(e,n,t){let s=te.get(e);return s||(s=new Map,te.set(e,s)),D({get:r=>{if(!Object.hasOwn(n,r))return;let u=s.get(r);if(u)return u;let i=D({get:c=>o=>{e.dispatch({type:`${r}${m}${c}`,...o});}});return s.set(r,i),i},has:r=>Object.hasOwn(n,r),ownKeys:()=>t()})}function R(e){if(e.includes(".")){let[n,...t]=e.split(".");return `${n}${m}${t.join(m)}`}return e}function H(e){let n={};for(let[t,s]of Object.entries(e)){let r=t.indexOf(m);if(r>0){let u=t.slice(0,r),i=t.slice(r+m.length);n[u]||(n[u]={}),n[u][i]=s;}else n._root||(n._root={}),n._root[t]=s;}return n}function P(e,n,t,s){return t?oe(e,n,s):$(e,n)}function b(e,n){return `${e}${m}${n}`}function ae(e){return e.includes(m)}function E(e,n,t){if(Array.isArray(e)){let i=e.map(c=>{if(c&&typeof c=="object"&&typeof c.fact=="string"){let o=c.fact;return ae(o)?c:{...c,fact:b(n,o)}}return c});return a$1(i),i}if(!e||typeof e!="object")return e;let s=e;if("$all"in s||"$any"in s){let i="$all"in s?"$all":"$any",c=s[i],o={[i]:c.map(f=>E(f,n,t))};return a$1(o),o}if("$not"in s){let i={$not:E(s.$not,n,t)};return a$1(i),i}function r(i,c){return E(i,c,ce)}let u={};for(let i of Object.keys(s)){if(i.startsWith("$")||ae(i)){u[i]=s[i];continue}if(i==="self"){let c=s[i];if(c&&typeof c=="object"){let o=r(c,n);if(o&&typeof o=="object"&&!Array.isArray(o)){for(let[f,l]of Object.entries(o))u[f]=l;continue}}}if(t.has(i)){let c=s[i];if(c&&typeof c=="object"){let o=r(c,i);if(o&&typeof o=="object"&&!Array.isArray(o)){for(let[f,l]of Object.entries(o))u[f]=l;continue}}}u[b(n,i)]=s[i];}return a$1(u),u}var ce=new Set;function me(e,n){let t$1=e.crossModuleDeps?new Set(Object.keys(e.crossModuleDeps)):ce,s=e.constraints;if(s){let c=false,o={};for(let[f,l]of Object.entries(s)){let d=l;if(d.when!==void 0&&typeof d.when!="function"){o[f]={...d,when:E(d.when,n,t$1)},c=true;continue}o[f]=l;}c&&(s=o);}let r=e.derive;if(r){let c=false,o$1={};for(let[f,l]of Object.entries(r)){let d=l&&typeof l=="object"&&Object.hasOwn(l,"compute")?l:null;if(!d){o$1[f]=l;continue}let g=d.compute;if(typeof g=="function"){o$1[f]=l;continue}if(j(g)){a$1(g);let k=w=>q(g,w);o$1[f]=d.meta?{compute:k,meta:d.meta}:k,c=true;continue}if(h(g)){a$1(g);let k=o(g),w=j=>k(j);o$1[f]=d.meta?{compute:w,meta:d.meta}:w,c=true;continue}o$1[f]=l;}c&&(r=o$1);}let u=e.events;if(u){let c=false,o={};for(let[f,l]of Object.entries(u)){if(l&&typeof l=="object"){let d=Object.hasOwn(l,"handler"),g=Object.hasOwn(l,"patch");if(d&&g&&a&&console.warn(`[Directive] event "${f}": both \`handler\` and \`patch\` provided \u2014 using \`handler\` (patch is ignored).`),g&&!d){let k=l;a$1(k.patch);let w=(j,O)=>t(k.patch,j,O??{});o[f]=k.meta?{handler:w,meta:k.meta}:w,c=true;continue}}o[f]=l;}c&&(u=o);}let i=e.effects;if(i){let c=false,o={};for(let[f,l]of Object.entries(i)){let d=l;if(d.on!==void 0&&h(d.on)){o[f]={...d,on:E(d.on,n,t$1)},c=true;continue}o[f]=l;}c&&(i=o);}return s===e.constraints&&r===e.derive&&u===e.events&&i===e.effects?e:{...e,constraints:s,derive:r,events:u,effects:i}}function C(e){return Object.keys(e).length>0?e:void 0}function ke(e,n){let t={};for(let[s,r]of Object.entries(e.schema.facts))t[b(n,s)]=r;return t}function pe(e,n){if(e.init)return t=>{let s=$(t,n);e.init(s);}}function ve(e,n,t,s){if(!e.derive)return;let r={};for(let[u$1,i]of Object.entries(e.derive)){let c=u(i),o=c?i.compute:i,f=c?i.meta:void 0,l=(d,g)=>{let k=P(d,n,t,s),w=B(g,n);return o(k,w)};r[b(n,u$1)]=f?{compute:l,meta:f}:l;}return C(r)}function be(e,n){if(!e.events)return;let t={};for(let[s,r]of Object.entries(e.events)){let u=typeof r=="object"&&r!==null&&Object.hasOwn(r,"handler"),i=u?r.handler:r,c=u?r.meta:void 0,o=(f,l)=>{let d=$(f,n);i(d,l);};t[b(n,s)]=c?{handler:o,meta:c}:o;}return C(t)}function Me(e,n,t,s){if(!e.constraints)return;let r={};for(let[u,i]of Object.entries(e.constraints)){let c=i,o=typeof c.when=="function";r[b(n,u)]={...c,deps:c.deps?.map(f=>b(n,f)),after:c.after?.map(f=>f.includes(m)?f:b(n,f)),owns:c.owns?.map(f=>f.includes(m)?f:b(n,f)),when:o?f=>{let l=P(f,n,t,s);return c.when(l)}:c.when,require:typeof c.require=="function"?f=>{let l=P(f,n,t,s);return c.require(l)}:c.require};}return C(r)}function Re(e,n,t,s){if(!e.resolvers)return;let r={};for(let[i,c]of Object.entries(e.resolvers)){let f=function(l){return {facts:P(l.facts,n,t,s),signal:l.signal}};let o=c;r[b(n,i)]={...o,...o.resolve&&{resolve:async(l,d)=>{await o.resolve(l,f(d));}},...o.resolveBatch&&{resolveBatch:async(l,d)=>{await o.resolveBatch(l,f(d));}},...o.resolveBatchWithResults&&{resolveBatchWithResults:async(l,d)=>o.resolveBatchWithResults(l,f(d))}};}return C(r)}function Se(e,n,t,s){if(!e.effects)return;let r={};for(let[u,i]of Object.entries(e.effects)){let c=i;r[b(n,u)]={...c,run:(o,f)=>{let l=P(o,n,t,s),d=f?P(f,n,t,s):void 0;return c.run(l,d)},deps:c.deps?.map(o=>b(n,o))};}return C(r)}function Oe(e,n,t){return {snapshotEvents:t&&!t.has(n)?[]:e.history?.snapshotEvents?.map(s=>b(n,s))}}function I(e){let{mod:n,namespace:t,snapshotModulesSet:s}=e,r=me(n,t),u=!!(r.crossModuleDeps&&Object.keys(r.crossModuleDeps).length>0),i=u?Object.keys(r.crossModuleDeps):[];return {id:r.id,schema:ke(r,t),requirements:r.schema.requirements??{},init:pe(r,t),derive:ve(r,t,u,i),events:be(r,t),effects:Se(r,t,u,i),constraints:Me(r,t,u,i),resolvers:Re(r,t,u,i),hooks:r.hooks,meta:r.meta,history:Oe(r,t,s)}}function xe(e){let n=Object.keys(e),t=new Set(n),s=new Set,r=new Set,u=[],i=[];function c(o){if(s.has(o))return;if(r.has(o)){let l=i.indexOf(o),d=[...i.slice(l),o].join(" \u2192 ");throw new Error(`[Directive] Circular dependency detected: ${d}. Modules cannot have circular crossModuleDeps. Break the cycle by removing one of the cross-module references.`)}r.add(o),i.push(o);let f=e[o];if(f?.crossModuleDeps)for(let l of Object.keys(f.crossModuleDeps))t.has(l)&&c(l);i.pop(),r.delete(o),s.add(o),u.push(o);}for(let o of n)c(o);return u}function ue(e,n){let t=[];for(let s of Object.keys(n.schema.facts))t.push(`${e}${m}${s}`);if(n.schema.derivations)for(let s of Object.keys(n.schema.derivations))t.push(`${e}${m}${s}`);return t}function ze(e){if("module"in e){if(!e.module)throw new Error("[Directive] createSystem requires a module. Got: "+typeof e.module);return $e(e)}let n=e;if(Array.isArray(n.modules))throw new Error(`[Directive] createSystem expects modules as an object, not an array.
+Instead of:
+  createSystem({ modules: [authModule, dataModule] })
+Use:
+  createSystem({ modules: { auth: authModule, data: dataModule } })
+Or for a single module:
+  createSystem({ module: counterModule })`);let t=n.modules;if(t&&typeof t=="object"&&"id"in t&&"schema"in t)throw new Error(`[Directive] A single module was passed to \`modules:\`. For a single module, use \`module:\` instead:
+  createSystem({ module: myModule })
+For multiple modules, wrap in an object:
+  createSystem({ modules: { myName: myModule } })`);return De(n)}function De(e$1){let n=e$1.modules,t=new Set(Object.keys(n)),s=typeof e$1.history=="object"?e$1.history:null,r=s?.snapshotModules?new Set(s.snapshotModules):null;if(e$1.tickMs!==void 0&&e$1.tickMs<=0)throw new Error("[Directive] tickMs must be a positive number");if(a){for(let[a,y]of Object.entries(n))if(y.crossModuleDeps)for(let h of Object.keys(y.crossModuleDeps))h===a?console.warn(`[Directive] Module "${a}" references itself in crossModuleDeps. Use "facts.self" to access own module's facts instead.`):t.has(h)||console.warn(`[Directive] Module "${a}" declares crossModuleDeps.${h}, but no module with namespace "${h}" exists in the system. Available modules: ${[...t].join(", ")}`);}if(a&&s?.snapshotModules)for(let a of s.snapshotModules)t.has(a)||console.warn(`[Directive] history.snapshotModules entry "${a}" doesn't match any module. Available modules: ${[...t].join(", ")}`);let u,i=e$1.initOrder??"auto";if(Array.isArray(i)){let a=i,y=Object.keys(n).filter(h=>!a.includes(h));if(y.length>0)throw new Error(`[Directive] initOrder is missing modules: ${y.join(", ")}. All modules must be included in the explicit order.`);u=a;}else i==="declaration"?u=Object.keys(n):u=xe(n);let{history:c,trace:o,errorBoundary:f}=de(e$1);for(let a of Object.keys(n)){if(a.includes(m))throw new Error(`[Directive] Module name "${a}" contains the reserved separator "${m}". Module names cannot contain "${m}".`);let y=n[a];if(y){for(let h of Object.keys(y.schema.facts))if(h.includes(m))throw new Error(`[Directive] Schema key "${h}" in module "${a}" contains the reserved separator "${m}". Schema keys cannot contain "${m}".`)}}let l$1={names:null};function d(){return l$1.names===null&&(l$1.names=Object.keys(n)),l$1.names}let g=u.map(a=>{let y=n[a];return y?I({mod:y,namespace:a,snapshotModulesSet:r}):null}).filter(a=>a!==null);a&&e$1.tickMs&&e$1.tickMs>0&&(g.some(y=>y.events&&Object.keys(y.events).some(h=>h.endsWith(`${m}tick`)))||console.warn(`[Directive] tickMs is set to ${e$1.tickMs}ms but no module defines a "tick" event handler.`));let k=null,w=null;function j(a$1){for(let[y,h]of Object.entries(a$1)){if(l.has(y)){a&&console.warn(`[Directive] initialFacts/hydrate contains blocked namespace "${y}". Skipping.`);continue}if(!t.has(y)){a&&console.warn(`[Directive] initialFacts/hydrate contains unknown namespace "${y}". Available modules: ${[...t].join(", ")}`);continue}if(h&&typeof h=="object"&&!e(h))throw new Error(`[Directive] initialFacts/hydrate for namespace "${y}" contains potentially dangerous keys (__proto__, constructor, or prototype). This may indicate a prototype pollution attack.`);for(let[M,x]of Object.entries(h))l.has(M)||(w.facts[`${y}${m}${M}`]=x);}}w=T({modules:g,plugins:e$1.plugins,history:c,trace:o,errorBoundary:f,tickMs:e$1.tickMs,cloud:e$1.cloud,onAfterModuleInit:()=>{e$1.initialFacts&&j(e$1.initialFacts),k&&(j(k),k=null);}});let O=new Map;for(let a of Object.keys(n)){let y=n[a];y&&O.set(a,ue(a,y));}let q=re(w.facts,n,d),ye=se(w.derive,n,d),ge=ie(w,n,d),A=null,F=e$1.tickMs,_={_mode:"namespaced",facts:q,history:w.history,derive:ye,events:ge,constraints:w.constraints,effects:w.effects,resolvers:w.resolvers,async hydrate(a){if(w.isRunning)throw new Error("[Directive] hydrate() must be called before start(). The system is already running.");let y=await a();y&&typeof y=="object"&&(k=y);},initialize(){w.initialize();},start(){if(w.start(),F&&F>0){let a;for(let y of g)if(y?.events&&(a=Object.keys(y.events).find(h=>h.endsWith(`${m}tick`)),a))break;if(a){let y=a;A=setInterval(()=>{w.dispatch({type:y});},F);}}},stop(){A&&(clearInterval(A),A=null),w.stop();},destroy(){this.stop(),w.destroy();},dispatch(a){w.dispatch(a);},read(a){return w.read(R(a))},subscribe(a$1,y){let h=[];for(let M of a$1)if(M.endsWith(".*")){let x=M.slice(0,-2),W=O.get(x);W?h.push(...W):a&&console.warn(`[Directive] subscribe wildcard "${M}" \u2014 namespace "${x}" not found.`);}else h.push(R(M));return w.subscribe(h,y)},subscribeModule(a$1,y){let h=O.get(a$1);return !h||h.length===0?(a&&console.warn(`[Directive] subscribeModule("${a$1}") \u2014 namespace not found. Available: ${[...O.keys()].join(", ")}`),()=>{}):w.subscribe(h,y)},watch(a,y,h){return w.watch(R(a),y,h)},when(a,y){return w.when(()=>a(q),y)},getDistributableSnapshot(a){let y={...a,includeDerivations:a?.includeDerivations?.map(R),excludeDerivations:a?.excludeDerivations?.map(R),includeFacts:a?.includeFacts?.map(R)},h=w.getDistributableSnapshot(y);return {...h,data:H(h.data)}},watchDistributableSnapshot(a,y){let h={...a,includeDerivations:a?.includeDerivations?.map(R),excludeDerivations:a?.excludeDerivations?.map(R),includeFacts:a?.includeFacts?.map(R)};return w.watchDistributableSnapshot(h,M=>{y({...M,data:H(M.data)});})},registerModule(a,y){if(t.has(a))throw new Error(`[Directive] Module namespace "${a}" already exists. Cannot register a duplicate namespace.`);if(a.includes(m))throw new Error(`[Directive] Module name "${a}" contains the reserved separator "${m}".`);if(l.has(a))throw new Error(`[Directive] Module name "${a}" is a blocked property.`);for(let x of Object.keys(y.schema.facts))if(x.includes(m))throw new Error(`[Directive] Schema key "${x}" in module "${a}" contains the reserved separator "${m}".`);let h=y,M=I({mod:h,namespace:a,snapshotModulesSet:r});t.add(a),n[a]=h,l$1.names=null,O.set(a,ue(a,h)),w.registerModule(M);}};return le(_,w),fe(_),_}function de(e){let n=e.history,t=e.trace,s=e.errorBoundary;return e.zeroConfig&&(n=n??a,s={onConstraintError:"skip",onResolverError:"skip",onEffectError:"skip",onDerivationError:"skip",...e.errorBoundary}),{history:n,trace:t,errorBoundary:s}}function le(e,n){Object.defineProperties(e,{trace:{get(){return n.trace},enumerable:true,configurable:true},meta:{value:n.meta,enumerable:true,configurable:true},isRunning:{get(){return n.isRunning},enumerable:true,configurable:true},isSettled:{get(){return n.isSettled},enumerable:true,configurable:true},isInitialized:{get(){return n.isInitialized},enumerable:true,configurable:true},isReady:{get(){return n.isReady},enumerable:true,configurable:true}}),e.whenReady=n.whenReady.bind(n),e.batch=n.batch.bind(n),e.onSettledChange=n.onSettledChange.bind(n),e.onHistoryChange=n.onHistoryChange.bind(n),e.inspect=n.inspect.bind(n),e.settle=n.settle.bind(n),e.explain=n.explain.bind(n),e.getSnapshot=n.getSnapshot.bind(n),e.restore=n.restore.bind(n),e.observe=n.observe.bind(n);let t=["dispatch","read","subscribe","watch","when","getDistributableSnapshot","watchDistributableSnapshot"];for(let s of t)s in e||(e[s]=n[s].bind(n));}function fe(e){a&&(typeof process>"u"||process.env?.NODE_ENV!=="test")&&setTimeout(()=>{!e.isRunning&&!e.isInitialized&&console.warn("[Directive] System created but start() was never called. Constraints, resolvers, and effects will not run until you call system.start().");},0);}function $e(e$1){let n=e$1.module;if(!n)throw new Error("[Directive] createSystem requires a module. Got: "+typeof n);if(e$1.tickMs!==void 0&&e$1.tickMs<=0)throw new Error("[Directive] tickMs must be a positive number");if(e$1.initialFacts&&!e(e$1.initialFacts))throw new Error("[Directive] initialFacts contains potentially dangerous keys (__proto__, constructor, or prototype). This may indicate a prototype pollution attack.");a&&(n.crossModuleDeps&&Object.keys(n.crossModuleDeps).length>0&&console.warn("[Directive] Single module mode ignores crossModuleDeps. Use multiple modules if cross-module access is needed: createSystem({ modules: { ... } })"),e$1.tickMs&&e$1.tickMs>0&&(n.events&&"tick"in n.events||console.warn(`[Directive] tickMs is set to ${e$1.tickMs}ms but module has no "tick" event handler.`)),(typeof e$1.history=="object"?e$1.history:null)?.snapshotModules&&console.warn("[Directive] history.snapshotModules has no effect in single-module mode. Use history.snapshotEvents on the module definition instead, or switch to createSystem({ modules: { ... } }) for multi-module filtering."));let{history:t,trace:s,errorBoundary:r}=de(e$1),u=null,i=null;i=T({modules:[{id:n.id,schema:n.schema.facts,requirements:n.schema.requirements,init:n.init,derive:n.derive,events:n.events,effects:n.effects,constraints:n.constraints,resolvers:n.resolvers,hooks:n.hooks,meta:n.meta,history:n.history}],plugins:e$1.plugins,history:t,trace:s,errorBoundary:r,tickMs:e$1.tickMs,cloud:e$1.cloud,onAfterModuleInit:()=>{if(e$1.initialFacts)for(let[d,g]of Object.entries(e$1.initialFacts))l.has(d)||(i.facts[d]=g);if(u){if(!e(u))a&&console.warn("[Directive] hydrate() data contains potentially dangerous keys. Skipping.");else for(let[d,g]of Object.entries(u))l.has(d)||(i.facts[d]=g);u=null;}}});let c=new Proxy({},{get(d,g){if(typeof g!="symbol"&&!l.has(g))return k=>{i.dispatch({type:g,...k});}},has(d,g){return typeof g=="symbol"||l.has(g)?false:n.events?g in n.events:false},ownKeys(){return n.events?Object.keys(n.events):[]},getOwnPropertyDescriptor(d,g){if(typeof g!="symbol"&&!l.has(g)&&n.events&&g in n.events)return {configurable:true,enumerable:true}},set(){return  false},deleteProperty(){return  false},defineProperty(){return  false},getPrototypeOf(){return null},setPrototypeOf(){return  false}}),o=null,f=e$1.tickMs,l$1={_mode:"single",facts:i.facts,history:i.history,derive:i.derive,events:c,constraints:i.constraints,effects:i.effects,resolvers:i.resolvers,async hydrate(d){if(i.isRunning)throw new Error("[Directive] hydrate() must be called before start(). The system is already running.");let g=await d();g&&typeof g=="object"&&(u=g);},initialize(){i.initialize();},start(){i.start(),f&&f>0&&n.events&&"tick"in n.events&&(o=setInterval(()=>{i.dispatch({type:"tick"});},f));},stop(){o&&(clearInterval(o),o=null),i.stop();},destroy(){this.stop(),i.destroy();},registerModule(d){i.registerModule({id:d.id,schema:d.schema.facts,requirements:d.schema.requirements,init:d.init,derive:d.derive,events:d.events,effects:d.effects,constraints:d.constraints,resolvers:d.resolvers,hooks:d.hooks,history:d.history});}};return le(l$1,i),fe(l$1),l$1}export{ze as a};//# sourceMappingURL=chunk-26Z5VNPZ.js.map
+//# sourceMappingURL=chunk-26Z5VNPZ.js.map