@dwk/microsub 0.1.0-beta.0

package/dist/safe-fetch.d.ts

@@ -0,0 +1,86 @@
+/**
+ * `@dwk/microsub` — SSRF-safe outbound fetch.
+ *
+ * A Microsub server fetches user- and feed-supplied URLs: a `follow` discovers
+ * a feed at a URL the user typed, polling re-fetches it, and `preview`/`search`
+ * fetch an arbitrary URL. Without guardrails any of these could be pointed at
+ * the Worker's own network — loopback, the link-local cloud metadata IP
+ * (`169.254.169.254`), or RFC 1918 ranges — to exfiltrate credentials or probe
+ * internal services. This module is the single choke point every outbound fetch
+ * in the package goes through. It:
+ *
+ * 1. rejects URLs whose host is a private, loopback, link-local, or otherwise
+ *    non-public address (or a name like `localhost` / `*.internal`),
+ * 2. follows redirects manually, re-validating the host on every `Location`
+ *    hop so a public-looking host cannot 302 to an internal one, and capping
+ *    the hop count, and
+ * 3. bounds the whole operation with a single timeout, so a slow-loris source
+ *    cannot pin a poll-queue invocation.
+ *
+ * Host validation is purely syntactic on the URL host — DNS rebinding (a name
+ * that resolves to a private IP) is out of scope here, as the Workers runtime
+ * does not expose name resolution to user code. See `spec/packages/microsub.md`
+ * and `spec/non-functional-requirements.md`.
+ *
+ * @packageDocumentation
+ */
+import { type Logger, type Metrics } from "@dwk/log";
+import type { FetchLike } from "./fetch";
+/** Default cap on redirect hops before a fetch is abandoned. */
+export declare const DEFAULT_MAX_REDIRECTS = 5;
+/** Default overall timeout (ms) bounding a fetch, redirects included. */
+export declare const DEFAULT_TIMEOUT_MS = 10000;
+/** Machine-readable cause of an {@link SsrfError}. */
+export type SsrfReason = "invalid_url" | "disallowed_scheme" | "blocked_host" | "too_many_redirects";
+/**
+ * Raised when a request is refused on SSRF grounds (blocked host, disallowed
+ * scheme, or too many redirects). Callers catch this exactly like a network
+ * failure — a blocked attempt looks the same as an unreachable host — but
+ * {@link safeFetch} logs it first (event `microsub.ssrf.blocked`) so the single
+ * most security-relevant event in the package still produces a signal.
+ */
+export declare class SsrfError extends Error {
+    readonly reason: SsrfReason;
+    readonly host?: string;
+    constructor(message: string, reason: SsrfReason, host?: string);
+}
+/**
+ * Decide whether a URL host is private, loopback, link-local, or otherwise
+ * not safe to fetch from inside the Worker's network. Accepts the raw
+ * `URL.hostname` form (IPv6 hosts may arrive wrapped in `[...]`).
+ */
+export declare function isPrivateOrReservedHost(hostname: string): boolean;
+/**
+ * Validate that `rawUrl` is a fetchable public `http(s)` URL, returning the
+ * parsed {@link URL}. Throws {@link SsrfError} for an unparseable URL, a
+ * non-`http(s)` scheme (e.g. `file:`, `javascript:`), or a private/reserved
+ * host.
+ */
+export declare function assertPublicUrl(rawUrl: string): URL;
+/** Tunables for {@link safeFetch}. */
+export interface SafeFetchOptions {
+    readonly maxRedirects?: number;
+    readonly timeoutMs?: number;
+    readonly logger?: Logger;
+    readonly metrics?: Metrics;
+}
+/** A completed {@link safeFetch}: the final response and the URL it came from. */
+export interface SafeFetchResult {
+    readonly response: Response;
+    readonly url: string;
+}
+/**
+ * Fetch `rawUrl` through `doFetch` with SSRF guardrails.
+ *
+ * The initial host and every redirect target are validated with
+ * {@link assertPublicUrl}; redirects are followed manually (`redirect:
+ * "manual"`) up to `maxRedirects` hops; and a single {@link AbortSignal.timeout}
+ * bounds the whole chain. Credential-bearing headers are stripped on a
+ * cross-origin redirect, matching what a browser's `fetch` does.
+ *
+ * @throws {SsrfError} when a host is blocked, a scheme is disallowed, or the
+ * redirect cap is exceeded. Other failures (network, timeout) propagate as the
+ * underlying fetch rejection. Callers treat any throw as "fetch failed".
+ */
+export declare function safeFetch(doFetch: FetchLike, rawUrl: string, init: RequestInit, options?: SafeFetchOptions): Promise<SafeFetchResult>;
+//# sourceMappingURL=safe-fetch.d.ts.map

package/dist/safe-fetch.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"safe-fetch.d.ts","sourceRoot":"","sources":["../src/safe-fetch.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,EAA2B,KAAK,MAAM,EAAE,KAAK,OAAO,EAAE,MAAM,UAAU,CAAC;AAC9E,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAGzC,gEAAgE;AAChE,eAAO,MAAM,qBAAqB,IAAI,CAAC;AACvC,yEAAyE;AACzE,eAAO,MAAM,kBAAkB,QAAS,CAAC;AAKzC,sDAAsD;AACtD,MAAM,MAAM,UAAU,GAClB,aAAa,GACb,mBAAmB,GACnB,cAAc,GACd,oBAAoB,CAAC;AAEzB;;;;;;GAMG;AACH,qBAAa,SAAU,SAAQ,KAAK;IAClC,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC;IAC5B,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;gBACX,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,CAAC,EAAE,MAAM;CAM/D;AA0ID;;;;GAIG;AACH,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAajE;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,GAAG,CAsBnD;AAED,sCAAsC;AACtC,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED,kFAAkF;AAClF,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC;IAC5B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;CACtB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,SAAS,CAC7B,OAAO,EAAE,SAAS,EAClB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,WAAW,EACjB,OAAO,CAAC,EAAE,gBAAgB,GACzB,OAAO,CAAC,eAAe,CAAC,CA+D1B"}

package/dist/safe-fetch.js

@@ -0,0 +1,311 @@
+/**
+ * `@dwk/microsub` — SSRF-safe outbound fetch.
+ *
+ * A Microsub server fetches user- and feed-supplied URLs: a `follow` discovers
+ * a feed at a URL the user typed, polling re-fetches it, and `preview`/`search`
+ * fetch an arbitrary URL. Without guardrails any of these could be pointed at
+ * the Worker's own network — loopback, the link-local cloud metadata IP
+ * (`169.254.169.254`), or RFC 1918 ranges — to exfiltrate credentials or probe
+ * internal services. This module is the single choke point every outbound fetch
+ * in the package goes through. It:
+ *
+ * 1. rejects URLs whose host is a private, loopback, link-local, or otherwise
+ *    non-public address (or a name like `localhost` / `*.internal`),
+ * 2. follows redirects manually, re-validating the host on every `Location`
+ *    hop so a public-looking host cannot 302 to an internal one, and capping
+ *    the hop count, and
+ * 3. bounds the whole operation with a single timeout, so a slow-loris source
+ *    cannot pin a poll-queue invocation.
+ *
+ * Host validation is purely syntactic on the URL host — DNS rebinding (a name
+ * that resolves to a private IP) is out of scope here, as the Workers runtime
+ * does not expose name resolution to user code. See `spec/packages/microsub.md`
+ * and `spec/non-functional-requirements.md`.
+ *
+ * @packageDocumentation
+ */
+import { noopLogger, noopMetrics } from "@dwk/log";
+import { MicrosubLogEvent } from "./log";
+/** Default cap on redirect hops before a fetch is abandoned. */
+export const DEFAULT_MAX_REDIRECTS = 5;
+/** Default overall timeout (ms) bounding a fetch, redirects included. */
+export const DEFAULT_TIMEOUT_MS = 10_000;
+/** HTTP status codes that carry a `Location` we may follow. */
+const REDIRECT_STATUSES = new Set([301, 302, 303, 307, 308]);
+/**
+ * Raised when a request is refused on SSRF grounds (blocked host, disallowed
+ * scheme, or too many redirects). Callers catch this exactly like a network
+ * failure — a blocked attempt looks the same as an unreachable host — but
+ * {@link safeFetch} logs it first (event `microsub.ssrf.blocked`) so the single
+ * most security-relevant event in the package still produces a signal.
+ */
+export class SsrfError extends Error {
+    reason;
+    host;
+    constructor(message, reason, host) {
+        super(message);
+        this.name = "SsrfError";
+        this.reason = reason;
+        this.host = host;
+    }
+}
+/** Parse a canonical dotted-decimal IPv4 host into its four octets. */
+function parseIPv4(host) {
+    const match = /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/.exec(host);
+    if (match === null)
+        return null;
+    const octets = [];
+    for (let group = 1; group <= 4; group++) {
+        const part = match[group];
+        if (part === undefined)
+            return null;
+        const octet = Number.parseInt(part, 10);
+        if (octet > 255)
+            return null;
+        octets.push(octet);
+    }
+    return octets;
+}
+/**
+ * True when `octets` falls in a range that must never be fetched from inside
+ * the Worker's network: this-network, loopback, link-local (incl. the cloud
+ * metadata IP), the RFC 1918 private blocks, CGNAT, IETF protocol/benchmark
+ * assignments, and the multicast/reserved/broadcast space.
+ */
+function isPrivateIPv4(octets) {
+    const [a, b, c] = octets;
+    if (a === 0)
+        return true; // 0.0.0.0/8 ("this network", incl. 0.0.0.0)
+    if (a === 10)
+        return true; // 10.0.0.0/8 private
+    if (a === 127)
+        return true; // 127.0.0.0/8 loopback
+    if (a === 100 && b >= 64 && b <= 127)
+        return true; // 100.64.0.0/10 CGNAT
+    if (a === 169 && b === 254)
+        return true; // 169.254.0.0/16 link-local (metadata)
+    if (a === 172 && b >= 16 && b <= 31)
+        return true; // 172.16.0.0/12 private
+    if (a === 192 && b === 0 && c === 0)
+        return true; // 192.0.0.0/24 IETF protocol
+    if (a === 192 && b === 0 && c === 2)
+        return true; // 192.0.2.0/24 TEST-NET-1
+    if (a === 192 && b === 168)
+        return true; // 192.168.0.0/16 private
+    if (a === 198 && b === 51 && c === 100)
+        return true; // 198.51.100.0/24 TEST-NET-2
+    if (a === 198 && (b === 18 || b === 19))
+        return true; // 198.18.0.0/15 benchmark
+    if (a === 203 && b === 0 && c === 113)
+        return true; // 203.0.113.0/24 TEST-NET-3
+    if (a >= 224)
+        return true; // 224.0.0.0/4 multicast + 240.0.0.0/4 reserved + broadcast
+    return false;
+}
+/**
+ * Parse an IPv6 host (brackets already stripped) into its eight 16-bit groups,
+ * expanding `::` compression and any trailing embedded IPv4 literal. Returns
+ * `null` when `host` is not a valid IPv6 address.
+ */
+function parseIPv6(host) {
+    if (!host.includes(":"))
+        return null;
+    let str = host;
+    const v4Match = /(?:^|:)((?:\d{1,3}\.){3}\d{1,3})$/.exec(str);
+    const v4Str = v4Match?.[1];
+    if (v4Str !== undefined) {
+        const v4 = parseIPv4(v4Str);
+        if (v4 === null)
+            return null;
+        const hi = ((v4[0] << 8) | v4[1]).toString(16);
+        const lo = ((v4[2] << 8) | v4[3]).toString(16);
+        str = `${str.slice(0, str.length - v4Str.length)}${hi}:${lo}`;
+    }
+    if (str.indexOf("::") !== str.lastIndexOf("::"))
+        return null;
+    const toGroups = (part) => {
+        if (part === "")
+            return [];
+        const groups = [];
+        for (const token of part.split(":")) {
+            if (!/^[0-9a-fA-F]{1,4}$/.test(token))
+                return null;
+            groups.push(Number.parseInt(token, 16));
+        }
+        return groups;
+    };
+    if (str.includes("::")) {
+        const parts = str.split("::");
+        const left = toGroups(parts[0] ?? "");
+        const right = toGroups(parts[1] ?? "");
+        if (left === null || right === null)
+            return null;
+        const missing = 8 - left.length - right.length;
+        if (missing < 1)
+            return null;
+        return [...left, ...new Array(missing).fill(0), ...right];
+    }
+    const all = toGroups(str);
+    if (all === null || all.length !== 8)
+        return null;
+    return all;
+}
+/**
+ * True when `groups` (eight 16-bit values) is an IPv6 address that must never
+ * be fetched: unspecified, loopback, link-local, site-local, unique-local,
+ * multicast, the documentation prefix, or an address that embeds a private
+ * IPv4.
+ */
+function isPrivateIPv6(groups) {
+    const first = groups[0] ?? 0;
+    const g6 = groups[6] ?? 0;
+    const g7 = groups[7] ?? 0;
+    if (groups.every((group) => group === 0))
+        return true; // :: unspecified
+    if (groups.slice(0, 7).every((group) => group === 0) && g7 === 1)
+        return true; // ::1 loopback
+    if ((first & 0xffc0) === 0xfe80)
+        return true; // fe80::/10 link-local
+    if ((first & 0xffc0) === 0xfec0)
+        return true; // fec0::/10 site-local (deprecated)
+    if ((first & 0xfe00) === 0xfc00)
+        return true; // fc00::/7 unique local
+    if ((first & 0xff00) === 0xff00)
+        return true; // ff00::/8 multicast
+    if (first === 0x2001 && groups[1] === 0x0db8)
+        return true; // 2001:db8::/32 documentation
+    const embeddedV4 = [
+        g6 >> 8,
+        g6 & 0xff,
+        g7 >> 8,
+        g7 & 0xff,
+    ];
+    if (groups.slice(0, 5).every((group) => group === 0) &&
+        (groups[5] === 0xffff || groups[5] === 0x0000)) {
+        return isPrivateIPv4(embeddedV4);
+    }
+    if (first === 0x0064 &&
+        groups[1] === 0xff9b &&
+        groups.slice(2, 6).every((group) => group === 0)) {
+        return isPrivateIPv4(embeddedV4);
+    }
+    return false;
+}
+/** Hostnames (non-IP) that are never public and must never be fetched. */
+function isBlockedHostname(host) {
+    const lower = host.toLowerCase();
+    return (lower === "localhost" ||
+        lower.endsWith(".localhost") ||
+        lower.endsWith(".local") ||
+        lower.endsWith(".internal"));
+}
+/**
+ * Decide whether a URL host is private, loopback, link-local, or otherwise
+ * not safe to fetch from inside the Worker's network. Accepts the raw
+ * `URL.hostname` form (IPv6 hosts may arrive wrapped in `[...]`).
+ */
+export function isPrivateOrReservedHost(hostname) {
+    if (hostname === "")
+        return true;
+    const host = (hostname.startsWith("[") && hostname.endsWith("]")
+        ? hostname.slice(1, -1)
+        : hostname).replace(/\.$/, "");
+    const v4 = parseIPv4(host);
+    if (v4 !== null)
+        return isPrivateIPv4(v4);
+    const v6 = parseIPv6(host);
+    if (v6 !== null)
+        return isPrivateIPv6(v6);
+    return isBlockedHostname(host);
+}
+/**
+ * Validate that `rawUrl` is a fetchable public `http(s)` URL, returning the
+ * parsed {@link URL}. Throws {@link SsrfError} for an unparseable URL, a
+ * non-`http(s)` scheme (e.g. `file:`, `javascript:`), or a private/reserved
+ * host.
+ */
+export function assertPublicUrl(rawUrl) {
+    let url;
+    try {
+        url = new URL(rawUrl);
+    }
+    catch {
+        throw new SsrfError(`invalid URL: ${rawUrl}`, "invalid_url");
+    }
+    if (url.protocol !== "http:" && url.protocol !== "https:") {
+        throw new SsrfError(`disallowed scheme: ${url.protocol}`, "disallowed_scheme", url.hostname);
+    }
+    if (isPrivateOrReservedHost(url.hostname)) {
+        throw new SsrfError(`blocked host: ${url.hostname}`, "blocked_host", url.hostname);
+    }
+    return url;
+}
+/**
+ * Fetch `rawUrl` through `doFetch` with SSRF guardrails.
+ *
+ * The initial host and every redirect target are validated with
+ * {@link assertPublicUrl}; redirects are followed manually (`redirect:
+ * "manual"`) up to `maxRedirects` hops; and a single {@link AbortSignal.timeout}
+ * bounds the whole chain. Credential-bearing headers are stripped on a
+ * cross-origin redirect, matching what a browser's `fetch` does.
+ *
+ * @throws {SsrfError} when a host is blocked, a scheme is disallowed, or the
+ * redirect cap is exceeded. Other failures (network, timeout) propagate as the
+ * underlying fetch rejection. Callers treat any throw as "fetch failed".
+ */
+export async function safeFetch(doFetch, rawUrl, init, options) {
+    const maxRedirects = options?.maxRedirects ?? DEFAULT_MAX_REDIRECTS;
+    const timeoutMs = options?.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+    const logger = options?.logger ?? noopLogger;
+    const metrics = options?.metrics ?? noopMetrics;
+    const timeoutSignal = AbortSignal.timeout(timeoutMs);
+    const signal = init.signal != null
+        ? AbortSignal.any([init.signal, timeoutSignal])
+        : timeoutSignal;
+    try {
+        let currentUrl = assertPublicUrl(rawUrl).toString();
+        let currentInit = { ...init };
+        for (let hop = 0;; hop++) {
+            const response = await doFetch(currentUrl, {
+                ...currentInit,
+                redirect: "manual",
+                signal,
+            });
+            if (!REDIRECT_STATUSES.has(response.status)) {
+                return { response, url: currentUrl };
+            }
+            const location = response.headers.get("location");
+            if (location === null || location === "") {
+                return { response, url: currentUrl };
+            }
+            if (hop >= maxRedirects) {
+                throw new SsrfError(`too many redirects (> ${maxRedirects})`, "too_many_redirects", new URL(currentUrl).host);
+            }
+            const next = assertPublicUrl(new URL(location, currentUrl).toString());
+            await response.body?.cancel().catch(() => undefined);
+            if (currentInit.headers && new URL(currentUrl).origin !== next.origin) {
+                const headers = new Headers(currentInit.headers);
+                for (const name of [
+                    "authorization",
+                    "cookie",
+                    "cookie2",
+                    "proxy-authorization",
+                    "set-cookie",
+                ]) {
+                    headers.delete(name);
+                }
+                currentInit = { ...currentInit, headers };
+            }
+            currentUrl = next.toString();
+        }
+    }
+    catch (err) {
+        if (err instanceof SsrfError) {
+            const fields = { reason: err.reason, host: err.host };
+            logger.warn(MicrosubLogEvent.SsrfBlocked, fields);
+            metrics.count(MicrosubLogEvent.SsrfBlocked, fields);
+        }
+        throw err;
+    }
+}
+//# sourceMappingURL=safe-fetch.js.map

package/dist/safe-fetch.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"safe-fetch.js","sourceRoot":"","sources":["../src/safe-fetch.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,EAAE,UAAU,EAAE,WAAW,EAA6B,MAAM,UAAU,CAAC;AAE9E,OAAO,EAAE,gBAAgB,EAAE,MAAM,OAAO,CAAC;AAEzC,gEAAgE;AAChE,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC;AACvC,yEAAyE;AACzE,MAAM,CAAC,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAEzC,+DAA+D;AAC/D,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;AAS7D;;;;;;GAMG;AACH,MAAM,OAAO,SAAU,SAAQ,KAAK;IACzB,MAAM,CAAa;IACnB,IAAI,CAAU;IACvB,YAAY,OAAe,EAAE,MAAkB,EAAE,IAAa;QAC5D,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;QACxB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;CACF;AAED,uEAAuE;AACvE,SAAS,SAAS,CAAC,IAAY;IAC7B,MAAM,KAAK,GAAG,8CAA8C,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxE,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAChC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,CAAC;QACxC,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC;QAC1B,IAAI,IAAI,KAAK,SAAS;YAAE,OAAO,IAAI,CAAC;QACpC,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACxC,IAAI,KAAK,GAAG,GAAG;YAAE,OAAO,IAAI,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACrB,CAAC;IACD,OAAO,MAA0C,CAAC;AACpD,CAAC;AAED;;;;;GAKG;AACH,SAAS,aAAa,CAAC,MAAwC;IAC7D,MAAM,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC;IACzB,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC,CAAC,4CAA4C;IACtE,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,IAAI,CAAC,CAAC,qBAAqB;IAChD,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC,CAAC,uBAAuB;IACnD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,GAAG;QAAE,OAAO,IAAI,CAAC,CAAC,sBAAsB;IACzE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC,CAAC,uCAAuC;IAChF,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,IAAI,CAAC,CAAC,wBAAwB;IAC1E,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC,CAAC,6BAA6B;IAC/E,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC,CAAC,0BAA0B;IAC5E,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC,CAAC,yBAAyB;IAClE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC,CAAC,6BAA6B;IAClF,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC;QAAE,OAAO,IAAI,CAAC,CAAC,0BAA0B;IAChF,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC,CAAC,4BAA4B;IAChF,IAAI,CAAC,IAAI,GAAG;QAAE,OAAO,IAAI,CAAC,CAAC,2DAA2D;IACtF,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,SAAS,SAAS,CAAC,IAAY;IAC7B,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACrC,IAAI,GAAG,GAAG,IAAI,CAAC;IAEf,MAAM,OAAO,GAAG,mCAAmC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC9D,MAAM,KAAK,GAAG,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IAC3B,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,MAAM,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;QAC5B,IAAI,EAAE,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC;QAC7B,MAAM,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QAC/C,MAAM,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QAC/C,GAAG,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC;IAChE,CAAC;IAED,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAE7D,MAAM,QAAQ,GAAG,CAAC,IAAY,EAAmB,EAAE;QACjD,IAAI,IAAI,KAAK,EAAE;YAAE,OAAO,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;YACpC,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,KAAK,CAAC;gBAAE,OAAO,IAAI,CAAC;YACnD,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC;QAC1C,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;IAEF,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC9B,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QACtC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QACvC,IAAI,IAAI,KAAK,IAAI,IAAI,KAAK,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC;QACjD,MAAM,OAAO,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;QAC/C,IAAI,OAAO,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QAC7B,OAAO,CAAC,GAAG,IAAI,EAAE,GAAG,IAAI,KAAK,CAAS,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,KAAK,CAAC,CAAC;IACpE,CAAC;IAED,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC1B,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAClD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;GAKG;AACH,SAAS,aAAa,CAAC,MAAgB;IACrC,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAC7B,MAAM,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAC1B,MAAM,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAC1B,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC,CAAC,iBAAiB;IACxE,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC,CAAC,eAAe;IAC9F,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC,CAAC,uBAAuB;IACrE,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC,CAAC,oCAAoC;IAClF,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC,CAAC,wBAAwB;IACtE,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC,CAAC,qBAAqB;IACnE,IAAI,KAAK,KAAK,MAAM,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC,CAAC,8BAA8B;IAEzF,MAAM,UAAU,GAAqC;QACnD,EAAE,IAAI,CAAC;QACP,EAAE,GAAG,IAAI;QACT,EAAE,IAAI,CAAC;QACP,EAAE,GAAG,IAAI;KACV,CAAC;IACF,IACE,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,CAAC,CAAC;QAChD,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,MAAM,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,EAC9C,CAAC;QACD,OAAO,aAAa,CAAC,UAAU,CAAC,CAAC;IACnC,CAAC;IACD,IACE,KAAK,KAAK,MAAM;QAChB,MAAM,CAAC,CAAC,CAAC,KAAK,MAAM;QACpB,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,CAAC,CAAC,EAChD,CAAC;QACD,OAAO,aAAa,CAAC,UAAU,CAAC,CAAC;IACnC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,0EAA0E;AAC1E,SAAS,iBAAiB,CAAC,IAAY;IACrC,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACjC,OAAO,CACL,KAAK,KAAK,WAAW;QACrB,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC;QAC5B,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACxB,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,CAC5B,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CAAC,QAAgB;IACtD,IAAI,QAAQ,KAAK,EAAE;QAAE,OAAO,IAAI,CAAC;IACjC,MAAM,IAAI,GAAG,CACX,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC;QAChD,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACvB,CAAC,CAAC,QAAQ,CACb,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAErB,MAAM,EAAE,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IAC3B,IAAI,EAAE,KAAK,IAAI;QAAE,OAAO,aAAa,CAAC,EAAE,CAAC,CAAC;IAC1C,MAAM,EAAE,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IAC3B,IAAI,EAAE,KAAK,IAAI;QAAE,OAAO,aAAa,CAAC,EAAE,CAAC,CAAC;IAC1C,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC;AACjC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,MAAc;IAC5C,IAAI,GAAQ,CAAC;IACb,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,SAAS,CAAC,gBAAgB,MAAM,EAAE,EAAE,aAAa,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1D,MAAM,IAAI,SAAS,CACjB,sBAAsB,GAAG,CAAC,QAAQ,EAAE,EACpC,mBAAmB,EACnB,GAAG,CAAC,QAAQ,CACb,CAAC;IACJ,CAAC;IACD,IAAI,uBAAuB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,SAAS,CACjB,iBAAiB,GAAG,CAAC,QAAQ,EAAE,EAC/B,cAAc,EACd,GAAG,CAAC,QAAQ,CACb,CAAC;IACJ,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAgBD;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,OAAkB,EAClB,MAAc,EACd,IAAiB,EACjB,OAA0B;IAE1B,MAAM,YAAY,GAAG,OAAO,EAAE,YAAY,IAAI,qBAAqB,CAAC;IACpE,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,IAAI,kBAAkB,CAAC;IAC3D,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,UAAU,CAAC;IAC7C,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,IAAI,WAAW,CAAC;IAChD,MAAM,aAAa,GAAG,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACrD,MAAM,MAAM,GACV,IAAI,CAAC,MAAM,IAAI,IAAI;QACjB,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QAC/C,CAAC,CAAC,aAAa,CAAC;IAEpB,IAAI,CAAC;QACH,IAAI,UAAU,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;QACpD,IAAI,WAAW,GAAgB,EAAE,GAAG,IAAI,EAAE,CAAC;QAC3C,KAAK,IAAI,GAAG,GAAG,CAAC,GAAI,GAAG,EAAE,EAAE,CAAC;YAC1B,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,UAAU,EAAE;gBACzC,GAAG,WAAW;gBACd,QAAQ,EAAE,QAAQ;gBAClB,MAAM;aACP,CAAC,CAAC;YAEH,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC5C,OAAO,EAAE,QAAQ,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC;YACvC,CAAC;YAED,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAClD,IAAI,QAAQ,KAAK,IAAI,IAAI,QAAQ,KAAK,EAAE,EAAE,CAAC;gBACzC,OAAO,EAAE,QAAQ,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC;YACvC,CAAC;YACD,IAAI,GAAG,IAAI,YAAY,EAAE,CAAC;gBACxB,MAAM,IAAI,SAAS,CACjB,yBAAyB,YAAY,GAAG,EACxC,oBAAoB,EACpB,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC,IAAI,CACzB,CAAC;YACJ,CAAC;YAED,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;YACvE,MAAM,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;YAErD,IAAI,WAAW,CAAC,OAAO,IAAI,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;gBACtE,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,WAAW,CAAC,OAAsB,CAAC,CAAC;gBAChE,KAAK,MAAM,IAAI,IAAI;oBACjB,eAAe;oBACf,QAAQ;oBACR,SAAS;oBACT,qBAAqB;oBACrB,YAAY;iBACb,EAAE,CAAC;oBACF,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBACvB,CAAC;gBACD,WAAW,GAAG,EAAE,GAAG,WAAW,EAAE,OAAO,EAAE,CAAC;YAC5C,CAAC;YACD,UAAU,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC/B,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,SAAS,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC;YACtD,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YAClD,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QACtD,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC"}

package/dist/store.d.ts

@@ -0,0 +1,131 @@
+/**
+ * `@dwk/microsub` — D1-backed authoritative state.
+ *
+ * Channels, the feeds each channel follows, the normalised JF2 timeline items,
+ * their per-item read flags, and a small per-feed poll cache (`ETag` /
+ * `Last-Modified`) all live here. This is correctness-sensitive state — a lost
+ * subscription or a dropped read flag is a bug, not a stale cache — so it lives
+ * in D1, a strongly-consistent store, and **never** KV (see
+ * `spec/non-functional-requirements.md`). The schema is created lazily on first
+ * use.
+ *
+ * Timeline paging uses a monotonic `seq` (an autoincrement rowid): the opaque
+ * `before` / `after` cursors a Microsub client round-trips are just `seq`
+ * values, so paging is stable under concurrent inserts and deletes.
+ *
+ * @packageDocumentation
+ */
+import type { D1Database } from "@cloudflare/workers-types";
+import type { Jf2Entry } from "./jf2";
+/** The reserved channel that always exists and cannot be deleted or renamed. */
+export declare const NOTIFICATIONS_CHANNEL = "notifications";
+/** Cloudflare binding required by the Microsub store. */
+export interface MicrosubStoreEnv {
+    /** D1 database holding channels, follows, items, and the poll cache. */
+    readonly MICROSUB_DB: D1Database;
+}
+/** A channel: its stable uid, display name, and sort position. */
+export interface ChannelRecord {
+    readonly uid: string;
+    readonly name: string;
+    readonly position: number;
+    readonly createdAt: number;
+}
+/** A subscription within a channel. */
+export interface FollowRecord {
+    /** The resolved feed URL polled by the server. */
+    readonly feedUrl: string;
+    /** The page URL the user originally followed (feed discovered from it). */
+    readonly pageUrl: string;
+    readonly createdAt: number;
+}
+/** A stored timeline item: the JF2 entry plus its bookkeeping. */
+export interface StoredItem {
+    readonly seq: number;
+    readonly channel: string;
+    readonly entryId: string;
+    readonly feedUrl: string;
+    readonly isRead: boolean;
+    readonly entry: Jf2Entry;
+}
+/** A page of timeline items with the opaque cursors to fetch adjacent pages. */
+export interface ItemPage {
+    readonly items: readonly StoredItem[];
+    readonly before?: string;
+    readonly after?: string;
+}
+/** A cached conditional-request validator for a feed. */
+export interface FeedCache {
+    readonly etag: string | null;
+    readonly lastModified: string | null;
+}
+/** Options for {@link MicrosubStore.listItems}. */
+export interface ListOptions {
+    readonly before?: string;
+    readonly after?: string;
+    readonly limit: number;
+}
+/** Storage interface over the Microsub state. */
+export interface MicrosubStore {
+    /** Create the schema if absent. Idempotent. */
+    init(): Promise<void>;
+    /** List channels in sort order, the reserved `notifications` channel first. */
+    listChannels(): Promise<ChannelRecord[]>;
+    /** Whether a channel with this uid exists. */
+    channelExists(uid: string): Promise<boolean>;
+    /** Create a channel with a freshly generated uid. */
+    createChannel(name: string, now: number): Promise<ChannelRecord>;
+    /** Rename a channel; returns the updated record, or `null` if unknown. */
+    renameChannel(uid: string, name: string): Promise<ChannelRecord | null>;
+    /**
+     * Delete a channel and everything it owns (follows + items). Returns `false`
+     * if the uid is unknown or names the reserved channel.
+     */
+    deleteChannel(uid: string): Promise<boolean>;
+    /** Apply a new sort order; uids absent from `order` keep their relative order after. */
+    reorderChannels(order: readonly string[]): Promise<void>;
+    /** List a channel's subscriptions. */
+    listFollows(channel: string): Promise<FollowRecord[]>;
+    /** Add (or refresh) a subscription. */
+    addFollow(channel: string, feedUrl: string, pageUrl: string, now: number): Promise<void>;
+    /**
+     * Remove a subscription, matching `url` against either the resolved feed URL
+     * or the page URL the user originally followed (a client unfollows with the
+     * URL it was given back, which is the page URL). Returns `false` if it was not
+     * present.
+     */
+    removeFollow(channel: string, url: string): Promise<boolean>;
+    /** Every distinct feed URL across all channels (for the poller). */
+    distinctFeedUrls(): Promise<string[]>;
+    /** Channels that follow a given feed URL (for the consumer). */
+    channelsForFeed(feedUrl: string): Promise<string[]>;
+    /**
+     * Append entries to a channel, deduped by entry id. Returns the count newly
+     * inserted. Entries should be passed newest-last so the newest gets the
+     * highest `seq`. Reaps beyond `maxItems` oldest items afterwards.
+     */
+    insertItems(channel: string, feedUrl: string, entries: readonly Jf2Entry[], now: number, maxItems: number): Promise<number>;
+    /** A page of a channel's timeline. */
+    listItems(channel: string, options: ListOptions): Promise<ItemPage>;
+    /** Count of unread items in a channel. */
+    unreadCount(channel: string): Promise<number>;
+    /** Mark specific items read/unread. */
+    markRead(channel: string, entryIds: readonly string[], read: boolean): Promise<void>;
+    /** Mark every item up to and including `entryId` (by `seq`) as read. */
+    markReadThrough(channel: string, entryId: string): Promise<void>;
+    /** Remove an item from a channel. Returns `false` if it was not present. */
+    removeItem(channel: string, entryId: string): Promise<boolean>;
+    /** Substring search over a channel's items (name + content). */
+    searchItems(channel: string, query: string, limit: number): Promise<StoredItem[]>;
+    /** The cached validators for a feed, or `null`. */
+    getFeedCache(feedUrl: string): Promise<FeedCache | null>;
+    /** Record the validators returned by a feed fetch. */
+    setFeedCache(feedUrl: string, etag: string | null, lastModified: string | null, now: number): Promise<void>;
+}
+/**
+ * Create the D1-backed {@link MicrosubStore}. Fails loudly if the required
+ * `MICROSUB_DB` binding is missing — no silent degradation (composition
+ * contract).
+ */
+export declare function createMicrosubStore(env: MicrosubStoreEnv): MicrosubStore;
+//# sourceMappingURL=store.d.ts.map

package/dist/store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../src/store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAE5D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AAEtC,gFAAgF;AAChF,eAAO,MAAM,qBAAqB,kBAAkB,CAAC;AAErD,yDAAyD;AACzD,MAAM,WAAW,gBAAgB;IAC/B,wEAAwE;IACxE,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC;CAClC;AAED,kEAAkE;AAClE,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED,uCAAuC;AACvC,MAAM,WAAW,YAAY;IAC3B,kDAAkD;IAClD,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,2EAA2E;IAC3E,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED,kEAAkE;AAClE,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;IACzB,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC;CAC1B;AAED,gFAAgF;AAChF,MAAM,WAAW,QAAQ;IACvB,QAAQ,CAAC,KAAK,EAAE,SAAS,UAAU,EAAE,CAAC;IACtC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,yDAAyD;AACzD,MAAM,WAAW,SAAS;IACxB,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,QAAQ,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;CACtC;AAED,mDAAmD;AACnD,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;CACxB;AAED,iDAAiD;AACjD,MAAM,WAAW,aAAa;IAC5B,+CAA+C;IAC/C,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAGtB,+EAA+E;IAC/E,YAAY,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;IACzC,8CAA8C;IAC9C,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC7C,qDAAqD;IACrD,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IACjE,0EAA0E;IAC1E,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC;IACxE;;;OAGG;IACH,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC7C,wFAAwF;IACxF,eAAe,CAAC,KAAK,EAAE,SAAS,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAGzD,sCAAsC;IACtC,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;IACtD,uCAAuC;IACvC,SAAS,CACP,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,IAAI,CAAC,CAAC;IACjB;;;;;OAKG;IACH,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC7D,oEAAoE;IACpE,gBAAgB,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IACtC,gEAAgE;IAChE,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAGpD;;;;OAIG;IACH,WAAW,CACT,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,SAAS,QAAQ,EAAE,EAC5B,GAAG,EAAE,MAAM,EACX,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,MAAM,CAAC,CAAC;IACnB,sCAAsC;IACtC,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IACpE,0CAA0C;IAC1C,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC9C,uCAAuC;IACvC,QAAQ,CACN,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,SAAS,MAAM,EAAE,EAC3B,IAAI,EAAE,OAAO,GACZ,OAAO,CAAC,IAAI,CAAC,CAAC;IACjB,wEAAwE;IACxE,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACjE,4EAA4E;IAC5E,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC/D,gEAAgE;IAChE,WAAW,CACT,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IAGzB,mDAAmD;IACnD,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IACzD,sDAAsD;IACtD,YAAY,CACV,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,GAAG,IAAI,EACnB,YAAY,EAAE,MAAM,GAAG,IAAI,EAC3B,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,IAAI,CAAC,CAAC;CAClB;AAgGD;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,gBAAgB,GAAG,aAAa,CAwXxE"}