@keyhive/keyhive 0.1.0-alpha.5 → 0.1.0-alpha.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -5,8 +5,56 @@ export class Access {
5
5
  private constructor();
6
6
  free(): void;
7
7
  [Symbol.dispose](): void;
8
+ /**
9
+ * The ability to revoke any members of a group, not just those that they have causal senority over.
10
+ */
11
+ static admin(): Access;
12
+ /**
13
+ * True if this level is at least as permissive as `other`.
14
+ */
15
+ atLeast(other: Access): boolean;
16
+ /**
17
+ * Standard comparator result: -1 if less permissive than `other`,
18
+ * 0 if equal, 1 if more permissive.
19
+ */
20
+ compareTo(other: Access): number;
21
+ /**
22
+ * The ability to edit (append ops to) the content of a document.
23
+ */
24
+ static edit(): Access;
25
+ equals(other: Access): boolean;
26
+ /**
27
+ * Parse an access level, throwing on invalid input.
28
+ * Accepts "relay", "read", "edit", or "admin" (case-insensitive).
29
+ */
30
+ static fromString(s: string): Access;
31
+ /**
32
+ * The ability to read (decrypt) the content of a document.
33
+ */
34
+ static read(): Access;
35
+ /**
36
+ * The ability to retrieve bytes over the network.
37
+ */
38
+ static relay(): Access;
8
39
  toString(): string;
40
+ /**
41
+ * Parse an access level, returning undefined on invalid input.
42
+ * Prefer `fromString`, which throws a descriptive error instead.
43
+ */
9
44
  static tryFromString(s: string): Access | undefined;
45
+ /**
46
+ * True for Edit access or higher.
47
+ */
48
+ readonly isEditor: boolean;
49
+ /**
50
+ * True for Read access or higher.
51
+ */
52
+ readonly isReader: boolean;
53
+ /**
54
+ * Numeric level for ordering: Relay = 0, Read = 1, Edit = 2, Admin = 3.
55
+ * Higher levels imply all lower levels.
56
+ */
57
+ readonly level: number;
10
58
  }
11
59
 
12
60
  export class Agent {
@@ -212,6 +260,7 @@ export class EncryptedKeyed {
212
260
  update_op(): SignedCgkaOperation | undefined;
213
261
  /**
214
262
  * The 32-byte application secret key used to encrypt this content.
263
+ * Treat as secret: do not log or persist unencrypted.
215
264
  */
216
265
  readonly applicationSecret: Uint8Array;
217
266
  }
@@ -314,6 +363,12 @@ export class Keyhive {
314
363
  * for membership, prekey, and CGKA ops.
315
364
  */
316
365
  allAgentEvents(): Promise<AllAgentEvents>;
366
+ /**
367
+ * The most permissive of `id`'s direct access and the document's
368
+ * public access. Returns undefined if neither grants access (or the
369
+ * document is unknown).
370
+ */
371
+ bestAccessForDoc(id: Identifier, doc_id: DocumentId): Promise<Access | undefined>;
317
372
  contactCard(): Promise<ContactCard>;
318
373
  docMemberCapabilities(doc_id: DocumentId): Promise<Membership[]>;
319
374
  /**
@@ -330,6 +385,7 @@ export class Keyhive {
330
385
  * Force a PCS key rotation and return the new leaf secret, serialized as a
331
386
  * one-entry `BTreeMap<ShareKey, ShareSecretKey>` (the exact format
332
387
  * `importPrekeySecrets` accepts).
388
+ * The returned bytes are secret key material: do not log or persist unencrypted.
333
389
  */
334
390
  forcePcsUpdate(doc: Document): Promise<Uint8Array>;
335
391
  generateDocument(coparents: Peer[], initial_content_ref_head: ChangeId, more_initial_content_refs: ChangeId[]): Promise<Document>;
@@ -539,144 +595,6 @@ export type InitInput = RequestInfo | URL | Response | BufferSource | WebAssembl
539
595
 
540
596
  export interface InitOutput {
541
597
  readonly memory: WebAssembly.Memory;
542
- readonly __wbg_invocation_free: (a: number, b: number) => void;
543
- readonly __wbg_signedinvocation_free: (a: number, b: number) => void;
544
- readonly setPanicHook: () => void;
545
- readonly __wbg_signed_free: (a: number, b: number) => void;
546
- readonly __wbg_signedcgkaoperation_free: (a: number, b: number) => void;
547
- readonly signed_fromBytes: (a: number, b: number) => [number, number, number];
548
- readonly signed_payload: (a: number) => [number, number];
549
- readonly signed_signature: (a: number) => [number, number];
550
- readonly signed_toBytes: (a: number) => [number, number, number, number];
551
- readonly signed_verify: (a: number) => number;
552
- readonly signed_verifyingKey: (a: number) => [number, number];
553
- readonly signedcgkaoperation_delegation: (a: number) => number;
554
- readonly signedcgkaoperation_signature: (a: number) => [number, number];
555
- readonly signedcgkaoperation_verify: (a: number) => number;
556
- readonly signedcgkaoperation_verifyingKey: (a: number) => [number, number];
557
- readonly __wbg_allagentevents_free: (a: number, b: number) => void;
558
- readonly __wbg_changeid_free: (a: number, b: number) => void;
559
- readonly __wbg_ciphertextstore_free: (a: number, b: number) => void;
560
- readonly __wbg_decryptedkeyed_free: (a: number, b: number) => void;
561
- readonly __wbg_doccontentrefs_free: (a: number, b: number) => void;
562
- readonly __wbg_revocation_free: (a: number, b: number) => void;
563
- readonly __wbg_sharekey_free: (a: number, b: number) => void;
564
- readonly allagentevents_agentCgkaSources: (a: number) => any;
565
- readonly allagentevents_agentMembershipSources: (a: number) => any;
566
- readonly allagentevents_agentPrekeySources: (a: number) => any;
567
- readonly allagentevents_cgkaSources: (a: number) => any;
568
- readonly allagentevents_events: (a: number) => any;
569
- readonly allagentevents_membershipSources: (a: number) => any;
570
- readonly allagentevents_prekeySources: (a: number) => any;
571
- readonly changeid___wasm_refgen_toJsChangeId: (a: number) => number;
572
- readonly changeid_bytes: (a: number) => [number, number];
573
- readonly changeid_new: (a: number, b: number) => number;
574
- readonly ciphertextstore_newFromWebStorage: (a: any) => number;
575
- readonly ciphertextstore_newInMemory: () => number;
576
- readonly decryptedkeyed_applicationSecret: (a: number) => [number, number];
577
- readonly decryptedkeyed_plaintext: (a: number) => [number, number];
578
- readonly doccontentrefs_addChangeId: (a: number, b: number) => any;
579
- readonly doccontentrefs_change_hashes: (a: number) => any;
580
- readonly doccontentrefs_docId: (a: number) => number;
581
- readonly doccontentrefs_new: (a: number, b: number, c: number) => [number, number, number];
582
- readonly revocation_after: (a: number) => number;
583
- readonly revocation_proof: (a: number) => number;
584
- readonly revocation_revoked: (a: number) => number;
585
- readonly revocation_subject_id: (a: number) => number;
586
- readonly __wbg_access_free: (a: number, b: number) => void;
587
- readonly __wbg_cannotparseed25519signingkey_free: (a: number, b: number) => void;
588
- readonly __wbg_cgkaoperation_free: (a: number, b: number) => void;
589
- readonly __wbg_contactcard_free: (a: number, b: number) => void;
590
- readonly __wbg_documentid_free: (a: number, b: number) => void;
591
- readonly __wbg_encrypted_free: (a: number, b: number) => void;
592
- readonly __wbg_event_free: (a: number, b: number) => void;
593
- readonly __wbg_generatewebcryptoerror_free: (a: number, b: number) => void;
594
- readonly __wbg_groupid_free: (a: number, b: number) => void;
595
- readonly __wbg_signer_free: (a: number, b: number) => void;
596
- readonly access_toString: (a: number) => [number, number];
597
- readonly access_tryFromString: (a: number, b: number) => number;
598
- readonly cgkaoperation_variant: (a: number) => [number, number];
599
- readonly contactcard_fromJson: (a: number, b: number) => [number, number, number];
600
- readonly contactcard_id: (a: number) => number;
601
- readonly contactcard_individualId: (a: number) => number;
602
- readonly contactcard_op: (a: number) => number;
603
- readonly contactcard_shareKey: (a: number) => number;
604
- readonly contactcard_signature: (a: number) => [number, number];
605
- readonly contactcard_toJson: (a: number) => [number, number, number, number];
606
- readonly documentid_new: (a: number, b: number) => [number, number, number];
607
- readonly documentid_toBytes: (a: number) => [number, number];
608
- readonly documentid_toJsValue: (a: number) => any;
609
- readonly documentid_toString: (a: number) => [number, number];
610
- readonly encrypted_ciphertext: (a: number) => [number, number];
611
- readonly encrypted_content_ref: (a: number) => [number, number];
612
- readonly encrypted_decryptWithKey: (a: number, b: number, c: number) => [number, number, number, number];
613
- readonly encrypted_fromBytes: (a: number, b: number) => [number, number, number];
614
- readonly encrypted_nonce: (a: number) => [number, number];
615
- readonly encrypted_pcs_key_hash: (a: number) => [number, number];
616
- readonly encrypted_pred_refs: (a: number) => [number, number];
617
- readonly encrypted_serialize: (a: number) => [number, number, number, number];
618
- readonly event_isDelegated: (a: number) => number;
619
- readonly event_isRevoked: (a: number) => number;
620
- readonly event_toBytes: (a: number) => [number, number, number, number];
621
- readonly event_tryIntoSignedDelegation: (a: number) => number;
622
- readonly event_tryIntoSignedRevocation: (a: number) => number;
623
- readonly event_variant: (a: number) => [number, number];
624
- readonly generatewebcryptoerror_message: (a: number) => [number, number];
625
- readonly groupid_toString: (a: number) => [number, number];
626
- readonly signer_clone: (a: number) => number;
627
- readonly signer_generate: () => any;
628
- readonly signer_generateMemory: () => number;
629
- readonly signer_generateWebCrypto: () => any;
630
- readonly signer_memorySignerFromBytes: (a: number, b: number) => [number, number, number];
631
- readonly signer_trySign: (a: number, b: number, c: number) => any;
632
- readonly signer_variant: (a: number) => [number, number];
633
- readonly signer_verifyingKey: (a: number) => [number, number];
634
- readonly signer_webCryptoSigner: (a: any) => any;
635
- readonly symmetricDecrypt: (a: number, b: number, c: number, d: number) => [number, number, number, number];
636
- readonly symmetricEncrypt: (a: number, b: number, c: number, d: number, e: number, f: number) => [number, number, number, number];
637
- readonly encrypted_toBytes: (a: number) => [number, number];
638
- readonly __wbg_archive_free: (a: number, b: number) => void;
639
- readonly __wbg_capability_free: (a: number, b: number) => void;
640
- readonly __wbg_delegation_free: (a: number, b: number) => void;
641
- readonly __wbg_history_free: (a: number, b: number) => void;
642
- readonly __wbg_individualid_free: (a: number, b: number) => void;
643
- readonly __wbg_membered_free: (a: number, b: number) => void;
644
- readonly __wbg_membership_free: (a: number, b: number) => void;
645
- readonly __wbg_signeddelegation_free: (a: number, b: number) => void;
646
- readonly __wbg_signedrevocation_free: (a: number, b: number) => void;
647
- readonly __wbg_summary_free: (a: number, b: number) => void;
648
- readonly archive_toBytes: (a: number) => [number, number, number, number];
649
- readonly archive_tryToKeyhive: (a: number, b: number, c: number, d: any) => any;
650
- readonly archive_try_from_bytes: (a: number, b: number) => [number, number, number];
651
- readonly capability_can: (a: number) => number;
652
- readonly capability_proof: (a: number) => number;
653
- readonly capability_who: (a: number) => number;
654
- readonly delegation_after: (a: number) => number;
655
- readonly delegation_can: (a: number) => number;
656
- readonly delegation_delegate: (a: number) => number;
657
- readonly delegation_proof: (a: number) => number;
658
- readonly history_contentRefs: (a: number) => [number, number];
659
- readonly history_delegations: (a: number) => [number, number];
660
- readonly history_revocations: (a: number) => [number, number];
661
- readonly individualid_bytes: (a: number) => [number, number];
662
- readonly membership_can: (a: number) => number;
663
- readonly membership_who: (a: number) => number;
664
- readonly signeddelegation_delegation: (a: number) => number;
665
- readonly signeddelegation_signature: (a: number) => [number, number];
666
- readonly signeddelegation_subjectId: (a: number) => number;
667
- readonly signeddelegation_verify: (a: number) => number;
668
- readonly signeddelegation_verifyingKey: (a: number) => [number, number];
669
- readonly signedrevocation_delegation: (a: number) => number;
670
- readonly signedrevocation_signature: (a: number) => [number, number];
671
- readonly signedrevocation_verify: (a: number) => number;
672
- readonly signedrevocation_verifyingKey: (a: number) => [number, number];
673
- readonly summary_access: (a: number) => number;
674
- readonly summary_doc: (a: number) => number;
675
- readonly __wbg_cannotparseidentifier_free: (a: number, b: number) => void;
676
- readonly __wbg_identifier_free: (a: number, b: number) => void;
677
- readonly identifier_new: (a: number, b: number) => [number, number, number];
678
- readonly identifier_publicId: () => number;
679
- readonly identifier_toBytes: (a: number) => [number, number];
680
598
  readonly __wbg_agent_free: (a: number, b: number) => void;
681
599
  readonly __wbg_document_free: (a: number, b: number) => void;
682
600
  readonly __wbg_encryptedcontentwithupdate_free: (a: number, b: number) => void;
@@ -685,7 +603,6 @@ export interface InitOutput {
685
603
  readonly __wbg_individual_free: (a: number, b: number) => void;
686
604
  readonly __wbg_keyhive_free: (a: number, b: number) => void;
687
605
  readonly __wbg_peer_free: (a: number, b: number) => void;
688
- readonly __wbg_stats_free: (a: number, b: number) => void;
689
606
  readonly agent_id: (a: number) => number;
690
607
  readonly agent_isDocument: (a: number) => number;
691
608
  readonly agent_isGroup: (a: number) => number;
@@ -717,6 +634,7 @@ export interface InitOutput {
717
634
  readonly keyhive_accessForDoc: (a: number, b: number, c: number) => any;
718
635
  readonly keyhive_addMember: (a: number, b: number, c: number, d: number, e: number, f: number) => any;
719
636
  readonly keyhive_allAgentEvents: (a: number) => any;
637
+ readonly keyhive_bestAccessForDoc: (a: number, b: number, c: number) => any;
720
638
  readonly keyhive_contactCard: (a: number) => any;
721
639
  readonly keyhive_docMemberCapabilities: (a: number, b: number) => any;
722
640
  readonly keyhive_eventHashesForAgent: (a: number, b: number) => any;
@@ -761,6 +679,57 @@ export interface InitOutput {
761
679
  readonly peer_isGroup: (a: number) => number;
762
680
  readonly peer_isIndividual: (a: number) => number;
763
681
  readonly peer_toString: (a: number) => [number, number];
682
+ readonly setPanicHook: () => void;
683
+ readonly group_groupId: (a: number) => number;
684
+ readonly group_id: (a: number) => number;
685
+ readonly individual_id: (a: number) => number;
686
+ readonly peer_id: (a: number) => number;
687
+ readonly __wbg_signed_free: (a: number, b: number) => void;
688
+ readonly __wbg_signedcgkaoperation_free: (a: number, b: number) => void;
689
+ readonly signed_fromBytes: (a: number, b: number) => [number, number, number];
690
+ readonly signed_payload: (a: number) => [number, number];
691
+ readonly signed_signature: (a: number) => [number, number];
692
+ readonly signed_toBytes: (a: number) => [number, number, number, number];
693
+ readonly signed_verify: (a: number) => number;
694
+ readonly signed_verifyingKey: (a: number) => [number, number];
695
+ readonly signedcgkaoperation_delegation: (a: number) => number;
696
+ readonly signedcgkaoperation_signature: (a: number) => [number, number];
697
+ readonly signedcgkaoperation_verify: (a: number) => number;
698
+ readonly signedcgkaoperation_verifyingKey: (a: number) => [number, number];
699
+ readonly __wbg_archive_free: (a: number, b: number) => void;
700
+ readonly __wbg_capability_free: (a: number, b: number) => void;
701
+ readonly __wbg_delegation_free: (a: number, b: number) => void;
702
+ readonly __wbg_history_free: (a: number, b: number) => void;
703
+ readonly __wbg_membered_free: (a: number, b: number) => void;
704
+ readonly __wbg_membership_free: (a: number, b: number) => void;
705
+ readonly __wbg_signeddelegation_free: (a: number, b: number) => void;
706
+ readonly __wbg_signedrevocation_free: (a: number, b: number) => void;
707
+ readonly __wbg_stats_free: (a: number, b: number) => void;
708
+ readonly __wbg_summary_free: (a: number, b: number) => void;
709
+ readonly archive_toBytes: (a: number) => [number, number, number, number];
710
+ readonly archive_tryToKeyhive: (a: number, b: number, c: number, d: any) => any;
711
+ readonly archive_try_from_bytes: (a: number, b: number) => [number, number, number];
712
+ readonly capability_can: (a: number) => number;
713
+ readonly capability_proof: (a: number) => number;
714
+ readonly capability_who: (a: number) => number;
715
+ readonly delegation_after: (a: number) => number;
716
+ readonly delegation_can: (a: number) => number;
717
+ readonly delegation_delegate: (a: number) => number;
718
+ readonly delegation_proof: (a: number) => number;
719
+ readonly history_contentRefs: (a: number) => [number, number];
720
+ readonly history_delegations: (a: number) => [number, number];
721
+ readonly history_revocations: (a: number) => [number, number];
722
+ readonly membership_can: (a: number) => number;
723
+ readonly membership_who: (a: number) => number;
724
+ readonly signeddelegation_delegation: (a: number) => number;
725
+ readonly signeddelegation_signature: (a: number) => [number, number];
726
+ readonly signeddelegation_subjectId: (a: number) => number;
727
+ readonly signeddelegation_verify: (a: number) => number;
728
+ readonly signeddelegation_verifyingKey: (a: number) => [number, number];
729
+ readonly signedrevocation_delegation: (a: number) => number;
730
+ readonly signedrevocation_signature: (a: number) => [number, number];
731
+ readonly signedrevocation_verify: (a: number) => number;
732
+ readonly signedrevocation_verifyingKey: (a: number) => [number, number];
764
733
  readonly stats_activePrekeyCount: (a: number) => bigint;
765
734
  readonly stats_cgkaOperations: (a: number) => bigint;
766
735
  readonly stats_delegations: (a: number) => bigint;
@@ -782,12 +751,111 @@ export interface InitOutput {
782
751
  readonly stats_revocations: (a: number) => bigint;
783
752
  readonly stats_totalOps: (a: number) => bigint;
784
753
  readonly stats_totalPendingOps: (a: number) => bigint;
785
- readonly group_groupId: (a: number) => number;
786
- readonly group_id: (a: number) => number;
787
- readonly individual_id: (a: number) => number;
788
- readonly peer_id: (a: number) => number;
789
- readonly wasm_bindgen__convert__closures_____invoke__h9887d5ab72723f8a: (a: number, b: number, c: any) => [number, number];
790
- readonly wasm_bindgen__convert__closures_____invoke__h58982df154245cbc: (a: number, b: number, c: any, d: any) => void;
754
+ readonly summary_access: (a: number) => number;
755
+ readonly summary_doc: (a: number) => number;
756
+ readonly __wbg_access_free: (a: number, b: number) => void;
757
+ readonly __wbg_cannotparseed25519signingkey_free: (a: number, b: number) => void;
758
+ readonly __wbg_cgkaoperation_free: (a: number, b: number) => void;
759
+ readonly __wbg_contactcard_free: (a: number, b: number) => void;
760
+ readonly __wbg_documentid_free: (a: number, b: number) => void;
761
+ readonly __wbg_encrypted_free: (a: number, b: number) => void;
762
+ readonly __wbg_event_free: (a: number, b: number) => void;
763
+ readonly __wbg_generatewebcryptoerror_free: (a: number, b: number) => void;
764
+ readonly __wbg_groupid_free: (a: number, b: number) => void;
765
+ readonly __wbg_sharekey_free: (a: number, b: number) => void;
766
+ readonly __wbg_signer_free: (a: number, b: number) => void;
767
+ readonly access_admin: () => number;
768
+ readonly access_atLeast: (a: number, b: number) => number;
769
+ readonly access_compareTo: (a: number, b: number) => number;
770
+ readonly access_edit: () => number;
771
+ readonly access_equals: (a: number, b: number) => number;
772
+ readonly access_fromString: (a: number, b: number) => [number, number, number];
773
+ readonly access_isEditor: (a: number) => number;
774
+ readonly access_isReader: (a: number) => number;
775
+ readonly access_level: (a: number) => number;
776
+ readonly access_read: () => number;
777
+ readonly access_relay: () => number;
778
+ readonly access_toString: (a: number) => [number, number];
779
+ readonly access_tryFromString: (a: number, b: number) => number;
780
+ readonly cgkaoperation_variant: (a: number) => [number, number];
781
+ readonly contactcard_fromJson: (a: number, b: number) => [number, number, number];
782
+ readonly contactcard_id: (a: number) => number;
783
+ readonly contactcard_individualId: (a: number) => number;
784
+ readonly contactcard_op: (a: number) => number;
785
+ readonly contactcard_shareKey: (a: number) => number;
786
+ readonly contactcard_signature: (a: number) => [number, number];
787
+ readonly contactcard_toJson: (a: number) => [number, number, number, number];
788
+ readonly documentid_new: (a: number, b: number) => [number, number, number];
789
+ readonly documentid_toBytes: (a: number) => [number, number];
790
+ readonly documentid_toJsValue: (a: number) => any;
791
+ readonly documentid_toString: (a: number) => [number, number];
792
+ readonly encrypted_ciphertext: (a: number) => [number, number];
793
+ readonly encrypted_content_ref: (a: number) => [number, number];
794
+ readonly encrypted_decryptWithKey: (a: number, b: number, c: number) => [number, number, number, number];
795
+ readonly encrypted_fromBytes: (a: number, b: number) => [number, number, number];
796
+ readonly encrypted_nonce: (a: number) => [number, number];
797
+ readonly encrypted_pcs_key_hash: (a: number) => [number, number];
798
+ readonly encrypted_pred_refs: (a: number) => [number, number];
799
+ readonly encrypted_serialize: (a: number) => [number, number, number, number];
800
+ readonly event_isDelegated: (a: number) => number;
801
+ readonly event_isRevoked: (a: number) => number;
802
+ readonly event_toBytes: (a: number) => [number, number, number, number];
803
+ readonly event_tryIntoSignedDelegation: (a: number) => number;
804
+ readonly event_tryIntoSignedRevocation: (a: number) => number;
805
+ readonly event_variant: (a: number) => [number, number];
806
+ readonly generatewebcryptoerror_message: (a: number) => [number, number];
807
+ readonly groupid_toString: (a: number) => [number, number];
808
+ readonly signer_clone: (a: number) => number;
809
+ readonly signer_generate: () => any;
810
+ readonly signer_generateMemory: () => number;
811
+ readonly signer_generateWebCrypto: () => any;
812
+ readonly signer_memorySignerFromBytes: (a: number, b: number) => [number, number, number];
813
+ readonly signer_trySign: (a: number, b: number, c: number) => any;
814
+ readonly signer_variant: (a: number) => [number, number];
815
+ readonly signer_verifyingKey: (a: number) => [number, number];
816
+ readonly signer_webCryptoSigner: (a: any) => any;
817
+ readonly symmetricDecrypt: (a: number, b: number, c: number, d: number) => [number, number, number, number];
818
+ readonly symmetricEncrypt: (a: number, b: number, c: number, d: number, e: number, f: number) => [number, number, number, number];
819
+ readonly encrypted_toBytes: (a: number) => [number, number];
820
+ readonly __wbg_invocation_free: (a: number, b: number) => void;
821
+ readonly __wbg_signedinvocation_free: (a: number, b: number) => void;
822
+ readonly __wbg_cannotparseidentifier_free: (a: number, b: number) => void;
823
+ readonly __wbg_identifier_free: (a: number, b: number) => void;
824
+ readonly identifier_new: (a: number, b: number) => [number, number, number];
825
+ readonly identifier_publicId: () => number;
826
+ readonly identifier_toBytes: (a: number) => [number, number];
827
+ readonly __wbg_allagentevents_free: (a: number, b: number) => void;
828
+ readonly __wbg_changeid_free: (a: number, b: number) => void;
829
+ readonly __wbg_ciphertextstore_free: (a: number, b: number) => void;
830
+ readonly __wbg_decryptedkeyed_free: (a: number, b: number) => void;
831
+ readonly __wbg_doccontentrefs_free: (a: number, b: number) => void;
832
+ readonly __wbg_individualid_free: (a: number, b: number) => void;
833
+ readonly __wbg_revocation_free: (a: number, b: number) => void;
834
+ readonly allagentevents_agentCgkaSources: (a: number) => any;
835
+ readonly allagentevents_agentMembershipSources: (a: number) => any;
836
+ readonly allagentevents_agentPrekeySources: (a: number) => any;
837
+ readonly allagentevents_cgkaSources: (a: number) => any;
838
+ readonly allagentevents_events: (a: number) => any;
839
+ readonly allagentevents_membershipSources: (a: number) => any;
840
+ readonly allagentevents_prekeySources: (a: number) => any;
841
+ readonly changeid___wasm_refgen_toJsChangeId: (a: number) => number;
842
+ readonly changeid_bytes: (a: number) => [number, number];
843
+ readonly changeid_new: (a: number, b: number) => number;
844
+ readonly ciphertextstore_newFromWebStorage: (a: any) => number;
845
+ readonly ciphertextstore_newInMemory: () => number;
846
+ readonly decryptedkeyed_applicationSecret: (a: number) => [number, number];
847
+ readonly decryptedkeyed_plaintext: (a: number) => [number, number];
848
+ readonly doccontentrefs_addChangeId: (a: number, b: number) => any;
849
+ readonly doccontentrefs_change_hashes: (a: number) => any;
850
+ readonly doccontentrefs_docId: (a: number) => number;
851
+ readonly doccontentrefs_new: (a: number, b: number, c: number) => [number, number, number];
852
+ readonly individualid_bytes: (a: number) => [number, number];
853
+ readonly revocation_after: (a: number) => number;
854
+ readonly revocation_proof: (a: number) => number;
855
+ readonly revocation_revoked: (a: number) => number;
856
+ readonly revocation_subject_id: (a: number) => number;
857
+ readonly wasm_bindgen__convert__closures_____invoke__h264249ebd10d2c4e: (a: number, b: number, c: any) => [number, number];
858
+ readonly wasm_bindgen__convert__closures_____invoke__h3240482818b7fa6b: (a: number, b: number, c: any, d: any) => void;
791
859
  readonly __wbindgen_malloc: (a: number, b: number) => number;
792
860
  readonly __wbindgen_realloc: (a: number, b: number, c: number, d: number) => number;
793
861
  readonly __wbindgen_exn_store: (a: number) => void;
@@ -17,6 +17,108 @@ export class Access {
17
17
  const ptr = this.__destroy_into_raw();
18
18
  wasm.__wbg_access_free(ptr, 0);
19
19
  }
20
+ /**
21
+ * The ability to revoke any members of a group, not just those that they have causal senority over.
22
+ * @returns {Access}
23
+ */
24
+ static admin() {
25
+ const ret = wasm.access_admin();
26
+ return Access.__wrap(ret);
27
+ }
28
+ /**
29
+ * True if this level is at least as permissive as `other`.
30
+ * @param {Access} other
31
+ * @returns {boolean}
32
+ */
33
+ atLeast(other) {
34
+ _assertClass(other, Access);
35
+ const ret = wasm.access_atLeast(this.__wbg_ptr, other.__wbg_ptr);
36
+ return ret !== 0;
37
+ }
38
+ /**
39
+ * Standard comparator result: -1 if less permissive than `other`,
40
+ * 0 if equal, 1 if more permissive.
41
+ * @param {Access} other
42
+ * @returns {number}
43
+ */
44
+ compareTo(other) {
45
+ _assertClass(other, Access);
46
+ const ret = wasm.access_compareTo(this.__wbg_ptr, other.__wbg_ptr);
47
+ return ret;
48
+ }
49
+ /**
50
+ * The ability to edit (append ops to) the content of a document.
51
+ * @returns {Access}
52
+ */
53
+ static edit() {
54
+ const ret = wasm.access_edit();
55
+ return Access.__wrap(ret);
56
+ }
57
+ /**
58
+ * @param {Access} other
59
+ * @returns {boolean}
60
+ */
61
+ equals(other) {
62
+ _assertClass(other, Access);
63
+ const ret = wasm.access_equals(this.__wbg_ptr, other.__wbg_ptr);
64
+ return ret !== 0;
65
+ }
66
+ /**
67
+ * Parse an access level, throwing on invalid input.
68
+ * Accepts "relay", "read", "edit", or "admin" (case-insensitive).
69
+ * @param {string} s
70
+ * @returns {Access}
71
+ */
72
+ static fromString(s) {
73
+ const ptr0 = passStringToWasm0(s, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
74
+ const len0 = WASM_VECTOR_LEN;
75
+ const ret = wasm.access_fromString(ptr0, len0);
76
+ if (ret[2]) {
77
+ throw takeFromExternrefTable0(ret[1]);
78
+ }
79
+ return Access.__wrap(ret[0]);
80
+ }
81
+ /**
82
+ * True for Edit access or higher.
83
+ * @returns {boolean}
84
+ */
85
+ get isEditor() {
86
+ const ret = wasm.access_isEditor(this.__wbg_ptr);
87
+ return ret !== 0;
88
+ }
89
+ /**
90
+ * True for Read access or higher.
91
+ * @returns {boolean}
92
+ */
93
+ get isReader() {
94
+ const ret = wasm.access_isReader(this.__wbg_ptr);
95
+ return ret !== 0;
96
+ }
97
+ /**
98
+ * Numeric level for ordering: Relay = 0, Read = 1, Edit = 2, Admin = 3.
99
+ * Higher levels imply all lower levels.
100
+ * @returns {number}
101
+ */
102
+ get level() {
103
+ const ret = wasm.access_level(this.__wbg_ptr);
104
+ return ret;
105
+ }
106
+ /**
107
+ * The ability to read (decrypt) the content of a document.
108
+ * @returns {Access}
109
+ */
110
+ static read() {
111
+ const ret = wasm.access_read();
112
+ return Access.__wrap(ret);
113
+ }
114
+ /**
115
+ * The ability to retrieve bytes over the network.
116
+ * @returns {Access}
117
+ */
118
+ static relay() {
119
+ const ret = wasm.access_relay();
120
+ return Access.__wrap(ret);
121
+ }
20
122
  /**
21
123
  * @returns {string}
22
124
  */
@@ -33,6 +135,8 @@ export class Access {
33
135
  }
34
136
  }
35
137
  /**
138
+ * Parse an access level, returning undefined on invalid input.
139
+ * Prefer `fromString`, which throws a descriptive error instead.
36
140
  * @param {string} s
37
141
  * @returns {Access | undefined}
38
142
  */
@@ -1013,6 +1117,7 @@ export class EncryptedKeyed {
1013
1117
  }
1014
1118
  /**
1015
1119
  * The 32-byte application secret key used to encrypt this content.
1120
+ * Treat as secret: do not log or persist unencrypted.
1016
1121
  * @returns {Uint8Array}
1017
1122
  */
1018
1123
  get applicationSecret() {
@@ -1506,6 +1611,20 @@ export class Keyhive {
1506
1611
  const ret = wasm.keyhive_allAgentEvents(this.__wbg_ptr);
1507
1612
  return ret;
1508
1613
  }
1614
+ /**
1615
+ * The most permissive of `id`'s direct access and the document's
1616
+ * public access. Returns undefined if neither grants access (or the
1617
+ * document is unknown).
1618
+ * @param {Identifier} id
1619
+ * @param {DocumentId} doc_id
1620
+ * @returns {Promise<Access | undefined>}
1621
+ */
1622
+ bestAccessForDoc(id, doc_id) {
1623
+ _assertClass(id, Identifier);
1624
+ _assertClass(doc_id, DocumentId);
1625
+ const ret = wasm.keyhive_bestAccessForDoc(this.__wbg_ptr, id.__wbg_ptr, doc_id.__wbg_ptr);
1626
+ return ret;
1627
+ }
1509
1628
  /**
1510
1629
  * @returns {Promise<ContactCard>}
1511
1630
  */
@@ -1560,6 +1679,7 @@ export class Keyhive {
1560
1679
  * Force a PCS key rotation and return the new leaf secret, serialized as a
1561
1680
  * one-entry `BTreeMap<ShareKey, ShareSecretKey>` (the exact format
1562
1681
  * `importPrekeySecrets` accepts).
1682
+ * The returned bytes are secret key material: do not log or persist unencrypted.
1563
1683
  * @param {Document} doc
1564
1684
  * @returns {Promise<Uint8Array>}
1565
1685
  */
@@ -3029,7 +3149,7 @@ function __wbg_get_imports() {
3029
3149
  const a = state0.a;
3030
3150
  state0.a = 0;
3031
3151
  try {
3032
- return wasm_bindgen__convert__closures_____invoke__h58982df154245cbc(a, state0.b, arg0, arg1);
3152
+ return wasm_bindgen__convert__closures_____invoke__h3240482818b7fa6b(a, state0.b, arg0, arg1);
3033
3153
  } finally {
3034
3154
  state0.a = a;
3035
3155
  }
@@ -3182,8 +3302,8 @@ function __wbg_get_imports() {
3182
3302
  }
3183
3303
  },
3184
3304
  __wbindgen_cast_0000000000000001: function(arg0, arg1) {
3185
- // Cast intrinsic for `Closure(Closure { owned: true, function: Function { arguments: [Externref], shim_idx: 716, ret: Result(Unit), inner_ret: Some(Result(Unit)) }, mutable: true }) -> Externref`.
3186
- const ret = makeMutClosure(arg0, arg1, wasm_bindgen__convert__closures_____invoke__h9887d5ab72723f8a);
3305
+ // Cast intrinsic for `Closure(Closure { owned: true, function: Function { arguments: [Externref], shim_idx: 719, ret: Result(Unit), inner_ret: Some(Result(Unit)) }, mutable: true }) -> Externref`.
3306
+ const ret = makeMutClosure(arg0, arg1, wasm_bindgen__convert__closures_____invoke__h264249ebd10d2c4e);
3187
3307
  return ret;
3188
3308
  },
3189
3309
  __wbindgen_cast_0000000000000002: function(arg0, arg1) {
@@ -3268,15 +3388,15 @@ function __wbg_get_imports() {
3268
3388
  };
3269
3389
  }
3270
3390
 
3271
- function wasm_bindgen__convert__closures_____invoke__h9887d5ab72723f8a(arg0, arg1, arg2) {
3272
- const ret = wasm.wasm_bindgen__convert__closures_____invoke__h9887d5ab72723f8a(arg0, arg1, arg2);
3391
+ function wasm_bindgen__convert__closures_____invoke__h264249ebd10d2c4e(arg0, arg1, arg2) {
3392
+ const ret = wasm.wasm_bindgen__convert__closures_____invoke__h264249ebd10d2c4e(arg0, arg1, arg2);
3273
3393
  if (ret[1]) {
3274
3394
  throw takeFromExternrefTable0(ret[0]);
3275
3395
  }
3276
3396
  }
3277
3397
 
3278
- function wasm_bindgen__convert__closures_____invoke__h58982df154245cbc(arg0, arg1, arg2, arg3) {
3279
- wasm.wasm_bindgen__convert__closures_____invoke__h58982df154245cbc(arg0, arg1, arg2, arg3);
3398
+ function wasm_bindgen__convert__closures_____invoke__h3240482818b7fa6b(arg0, arg1, arg2, arg3) {
3399
+ wasm.wasm_bindgen__convert__closures_____invoke__h3240482818b7fa6b(arg0, arg1, arg2, arg3);
3280
3400
  }
3281
3401
 
3282
3402
  const AccessFinalization = (typeof FinalizationRegistry === 'undefined')
Binary file