@lunora/server 1.0.0-alpha.1 → 1.0.0-alpha.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -1
- package/__assets__/package-og.svg +1 -1
- package/dist/data-model.d.mts +104 -16
- package/dist/data-model.d.ts +104 -16
- package/dist/index.d.mts +342 -28
- package/dist/index.d.ts +342 -28
- package/dist/index.mjs +17 -12
- package/dist/packem_shared/{LunoraError-DhggBJZF.mjs → LunoraError-DN7Zhhvu.mjs} +4 -1
- package/dist/packem_shared/{definePresence-D5LtwGl0.mjs → PRESENCE_DEFAULT_TTL_MS-D8viLY1S.mjs} +4 -4
- package/dist/packem_shared/{bindTableFacade-DCuyr46L.mjs → bindOrm-Ce57S3N9.mjs} +58 -1
- package/dist/packem_shared/buildRlsReadRegistry-1jexWrb3.mjs +107 -0
- package/dist/packem_shared/createSecrets-TsIP9lOa.mjs +55 -0
- package/dist/packem_shared/{defineAggregateIndex-DzqxtAyV.mjs → defineAggregateIndex-ZdyU78gh.mjs} +58 -3
- package/dist/packem_shared/defineIdentity-B_9YD46A.mjs +34 -0
- package/dist/packem_shared/defineMutator-EIXAWhs9.mjs +11 -0
- package/dist/packem_shared/defineShape-CJ27Wx7o.mjs +17 -0
- package/dist/packem_shared/functions-Di9FUNkf.mjs +5 -0
- package/dist/packem_shared/{httpAction-B7FYUEgr.mjs → httpAction-FLwfsePg.mjs} +1 -1
- package/dist/packem_shared/{initLunora-CATvPsVt.mjs → initLunora-lxwHTEV3.mjs} +17 -3
- package/dist/packem_shared/{mask-CkZJHHMM.mjs → mask-BV_jNzsN.mjs} +2 -2
- package/dist/packem_shared/policy-tag-DvpVH2tv.mjs +13 -0
- package/dist/packem_shared/{rls-Zhf5wEeJ.mjs → rls-2Jhd0uev.mjs} +22 -4
- package/dist/packem_shared/{storageRules-4a30FSpI.mjs → storageRules-Cje6Woea.mjs} +1 -1
- package/dist/packem_shared/{types.d-DmvyEMD6.d.mts → types.d-BB3pjV0m.d.mts} +10 -4
- package/dist/packem_shared/{types.d-BDY0FYHK.d.ts → types.d-Cxl6ndhm.d.ts} +10 -4
- package/dist/rls/testing.d.mts +1 -1
- package/dist/rls/testing.d.ts +1 -1
- package/dist/rls/testing.mjs +1 -1
- package/dist/types.d.mts +130 -2
- package/dist/types.d.ts +130 -2
- package/package.json +5 -5
- /package/dist/packem_shared/{defineEnv-DjFkpkSP.mjs → LunoraEnvError-DjFkpkSP.mjs} +0 -0
- /package/dist/packem_shared/{defineSchemaExtension-Ck5_TUO8.mjs → composePluginMiddleware-Ck5_TUO8.mjs} +0 -0
- /package/dist/packem_shared/{definePolicy-De67zPDS.mjs → createPolicyDsl-De67zPDS.mjs} +0 -0
package/dist/index.d.ts
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
|
-
import { Validator, Infer, v } from '@lunora/values';
|
|
1
|
+
import { Validator, Infer, ValidatorMap, InferValidatorMap, v } from '@lunora/values';
|
|
2
2
|
export { type ColumnValidator, type Id, type Infer, ValidationError, type Validator, type ValidatorKind, v } from '@lunora/values';
|
|
3
|
-
import { ArgsValidator, InferArgs, RegisteredAction, ActionCtx, MutationCtx, RegisteredMutation, QueryCtx, RegisteredQuery, RegisteredStream, FunctionKind, LifecycleEvent, RegisteredLifecycleHook, TableDefinition, RegisteredFunction, VectorIndexDefinition, Schema, AggregateOp, RelationDefinition, GlobalBackend, OnDeleteAction, TriggerBuilder, TriggerDefinition, VectorEmbedder, VectorMetric, AggregateIndexDefinition, RankIndexDefinition } from "./types.js";
|
|
3
|
+
import { ArgsValidator, InferArgs, RegisteredAction, ActionCtx, MutationCtx, RegisteredMutation, QueryCtx, RegisteredQuery, RegisteredStream, FunctionKind, Secrets, LifecycleEvent, RegisteredLifecycleHook, TableDefinition, RegisteredFunction, VectorIndexDefinition, Schema, AggregateOp, DurableObjectJurisdiction, RelationDefinition, GlobalBackend, OnDeleteAction, ExternalSourceDefinition, TriggerBuilder, TriggerDefinition, VectorEmbedder, VectorMetric, AggregateIndexDefinition, RankIndexDefinition } from "./types.js";
|
|
4
4
|
export { type AnyApi, type AuthState, type DatabaseReader, type DatabaseWriter, type FunctionVisibility, type IndexDefinition, type IndexRangeBuilder, type LifecycleEventKind, type LunoraLogger, type PaginationOptions, type PaginationResult, type RankSortKey, type ReadOnlyStorage, type ScheduledFunctionDoc, type ScheduledJob, type Scheduler, type SearchFilterBuilder, type SearchIndexDefinition, type ShardMode, type Storage, type StorageMetadata, type SystemDatabaseReader, type SystemDoc, type SystemQuery, type SystemTableName, type TableReader, type TableVectorIndex, type TriggerAggregateOptions, type TriggerCtx, type TriggerDatabase, type TriggerDeleteEvent, type TriggerEvent, type TriggerGroupByEntry, type TriggerGroupByOptions, type TriggerHandler, type TriggerInsertEvent, type TriggerOp, type TriggerQueryArgs, type TriggerQueryPage, type TriggerRankOptions, type TriggerRankPageOptions, type TriggerRankResult, type TriggerRow, type TriggerTiming, type TriggerUpdateEvent, type VectorMatch, type VectorMatches, type VectorQueryInput, type VectorRecord, type VectorSearch, type VectorSearchReader, type VectorUpsertInput, type WorkflowCreateOptions, type WorkflowHandle, type WorkflowInstance, type WorkflowInstanceStatus, type WorkflowStatusResult, type Workflows, anyApi } from "./types.js";
|
|
5
5
|
import { Context, Hono } from 'hono';
|
|
6
|
-
import { b as Permission, R as Role, T as TypedDefinePolicyInput, a as Policy, D as DefinePolicyInput, W as WhereInput, c as RlsOptions } from "./packem_shared/types.d-
|
|
7
|
-
export type { d as PolicyContext, e as PolicyDecision, f as PolicyDecisionOf, P as PolicyOperation } from "./packem_shared/types.d-
|
|
6
|
+
import { b as Permission, R as Role, T as TypedDefinePolicyInput, a as Policy, D as DefinePolicyInput, W as WhereInput, c as RlsOptions } from "./packem_shared/types.d-Cxl6ndhm.js";
|
|
7
|
+
export type { d as PolicyContext, e as PolicyDecision, f as PolicyDecisionOf, P as PolicyOperation } from "./packem_shared/types.d-Cxl6ndhm.js";
|
|
8
8
|
export { type CronJob, type CronJobsBuilder, type CronScheduleKind, type DailySchedule, type IntervalSchedule, type MonthlySchedule, type WeeklySchedule, cronJobs } from '@lunora/scheduler';
|
|
9
9
|
import "./data-model.js";
|
|
10
10
|
/**
|
|
@@ -187,6 +187,13 @@ declare const initLunora: {
|
|
|
187
187
|
dataModel: <DataModel>() => DataModelInit<DataModel>;
|
|
188
188
|
};
|
|
189
189
|
/**
|
|
190
|
+
* Build the `ctx.secrets` reader from the worker `env`. `get(name)` resolves
|
|
191
|
+
* `env[name].get()` — the `secrets_store_secrets[]` binding of that name. An
|
|
192
|
+
* absent or non-Secrets-Store binding throws a directed error pointing at the
|
|
193
|
+
* wrangler config; the lookup is lazy, so an unused secret never resolves.
|
|
194
|
+
*/
|
|
195
|
+
declare const createSecrets: (env: Record<string, unknown>) => Secrets;
|
|
196
|
+
/**
|
|
190
197
|
* Redact secrets from a free-form message. Masks, in order: any quoted value
|
|
191
198
|
* whose contents look like a credential (so a value surfaced as `received string
|
|
192
199
|
* "sk_live_…"` is masked even though the surrounding text is not a token); a
|
|
@@ -276,7 +283,10 @@ declare const defineEnv: <S extends EnvShape>(shape: S) => EnvAccessor<S>;
|
|
|
276
283
|
* The runtime's structural error mapper keys off `name === "LunoraError"` plus
|
|
277
284
|
* the numeric `status`, so throwing one of these from a handler or middleware
|
|
278
285
|
* yields the right RPC/HTTP status without any further wiring. `code` carries
|
|
279
|
-
* the machine-readable reason for clients
|
|
286
|
+
* the machine-readable reason for clients; the optional `data` carries a
|
|
287
|
+
* structured, JSON+wire-encodable payload propagated verbatim to the client
|
|
288
|
+
* (e.g. `{ retryAfterMs }`). Only an explicit `LunoraError`'s `data` crosses the
|
|
289
|
+
* wire — an unhandled throw is still redacted to a generic message server-side.
|
|
280
290
|
*/
|
|
281
291
|
declare const CODE_STATUS: {
|
|
282
292
|
readonly BAD_REQUEST: 400;
|
|
@@ -322,24 +332,11 @@ declare class LunoraError extends Error {
|
|
|
322
332
|
override readonly name = "LunoraError";
|
|
323
333
|
readonly code: LunoraErrorCode;
|
|
324
334
|
readonly status: number;
|
|
325
|
-
|
|
335
|
+
/** Structured, JSON+wire-encodable payload surfaced to the client alongside `code`. */
|
|
336
|
+
readonly data?: unknown;
|
|
337
|
+
constructor(code: LunoraErrorCode, message?: string, data?: unknown);
|
|
326
338
|
}
|
|
327
339
|
/**
|
|
328
|
-
* The per-table `ctx.db` accessor (the `ctx.db.messages.findMany(...)` form) and
|
|
329
|
-
* the kitcn-style `ctx.orm` namespace, as plain runtime helpers. This is the ONE
|
|
330
|
-
* source of truth for the facade shape, shared by two callers so they can never
|
|
331
|
-
* drift (a drift here is security-relevant — a facade accessor the RLS
|
|
332
|
-
* middleware forgot to re-bind would read around policy). `@lunora/codegen`
|
|
333
|
-
* emits `ctx.db`/`ctx.orm` by calling these over the raw shard writer (and the
|
|
334
|
-
* D1 `globalDb` writer for `.global()` tables); the RLS middleware re-binds the
|
|
335
|
-
* policy tables by calling them over the policy-enforcing wrapped writer.
|
|
336
|
-
*
|
|
337
|
-
* `bindTableFacade(writer, table)` pins `tableName` on the structural writer so
|
|
338
|
-
* callers address rows by id (`get`/`delete`/`patch`/`replace`) or by the bound
|
|
339
|
-
* table (everything else). The binding is identical regardless of which writer
|
|
340
|
-
* is passed — that's the whole point.
|
|
341
|
-
*/
|
|
342
|
-
/**
|
|
343
340
|
* Minimal structural writer the facade binds over. Declared with **method**
|
|
344
341
|
* syntax (not arrow properties) so a more-specifically-typed writer — both
|
|
345
342
|
* `@lunora/do`'s `DatabaseWriterLike` and the RLS middleware's wrapped writer —
|
|
@@ -349,7 +346,9 @@ declare class LunoraError extends Error {
|
|
|
349
346
|
interface FacadeWriterLike {
|
|
350
347
|
aggregate(tableName: string, options: unknown): Promise<unknown>;
|
|
351
348
|
count(tableName: string, where?: unknown): Promise<number>;
|
|
352
|
-
delete(id: string, expectedTable?: string
|
|
349
|
+
delete(id: string, expectedTable?: string, options?: {
|
|
350
|
+
hard?: boolean;
|
|
351
|
+
}): Promise<void>;
|
|
353
352
|
deleteMany?(ids: ReadonlyArray<string>, options?: {
|
|
354
353
|
limit?: number;
|
|
355
354
|
}, expectedTable?: string): Promise<{
|
|
@@ -377,6 +376,7 @@ interface FacadeWriterLike {
|
|
|
377
376
|
rank(tableName: string, indexName: string, options: unknown): Promise<unknown>;
|
|
378
377
|
rankPage(tableName: string, indexName: string, options?: unknown): Promise<unknown>;
|
|
379
378
|
replace(id: string, document: Record<string, unknown>, expectedTable?: string): Promise<void>;
|
|
379
|
+
restore?(id: string, expectedTable?: string): Promise<void>;
|
|
380
380
|
}
|
|
381
381
|
/** The per-table accessor object returned for the `ctx.db` table form. */
|
|
382
382
|
interface FacadeEntry {
|
|
@@ -388,12 +388,16 @@ interface FacadeEntry {
|
|
|
388
388
|
}) => Promise<{
|
|
389
389
|
deleted: number;
|
|
390
390
|
}>;
|
|
391
|
+
/** `true` when at least one row matches `where` (or any row exists when omitted). Honors RLS like `findFirst`. */
|
|
392
|
+
exists: (where?: unknown) => Promise<boolean>;
|
|
391
393
|
findFirst: (args?: unknown) => Promise<unknown>;
|
|
392
394
|
findFirstOrThrow: (args?: unknown) => Promise<unknown>;
|
|
393
395
|
findMany: (args?: unknown) => Promise<unknown>;
|
|
394
396
|
get: (id: string) => Promise<unknown>;
|
|
395
397
|
groupBy: (options: unknown) => Promise<unknown>;
|
|
396
|
-
|
|
398
|
+
/** Physically remove a row (and physically cascade), bypassing `.softDelete()`. */
|
|
399
|
+
hardDelete: (id: string) => Promise<void>;
|
|
400
|
+
insert: (document: Record<string, unknown>, options?: FacadeInsertOptions) => Promise<null | string>;
|
|
397
401
|
insertMany: (documents: ReadonlyArray<Record<string, unknown>>, options?: {
|
|
398
402
|
limit?: number;
|
|
399
403
|
}) => Promise<string[]>;
|
|
@@ -407,8 +411,47 @@ interface FacadeEntry {
|
|
|
407
411
|
rank: (indexName: string, options: unknown) => Promise<unknown>;
|
|
408
412
|
rankPage: (indexName: string, options?: unknown) => Promise<unknown>;
|
|
409
413
|
replace: (id: string, document: Record<string, unknown>) => Promise<void>;
|
|
414
|
+
/** Un-soft-delete a row: clears the `.softDelete()` marker (by-id, so it reaches a row list reads hide). */
|
|
415
|
+
restore: (id: string) => Promise<void>;
|
|
416
|
+
/** Insert when no row matches `target`, else patch the match. Composes `findFirst` + `insert`/`patch`, so RLS applies to each step. */
|
|
417
|
+
upsert: (args: UpsertArgs) => Promise<UpsertResult>;
|
|
418
|
+
/** Sequential `upsert` over many rows sharing one `target`; returns one result per input row in order. */
|
|
419
|
+
upsertMany: (args: UpsertManyArgs) => Promise<UpsertResult[]>;
|
|
410
420
|
withSearchIndex: (indexName: string, search: (q: unknown) => unknown) => unknown;
|
|
411
421
|
}
|
|
422
|
+
/** Options accepted by the per-table `insert` accessor. */
|
|
423
|
+
interface FacadeInsertOptions {
|
|
424
|
+
/**
|
|
425
|
+
* When `true`, a UNIQUE-constraint breach is swallowed: the insert becomes a
|
|
426
|
+
* silent no-op and resolves to `null` instead of throwing a `CONFLICT`. Any
|
|
427
|
+
* other error still propagates. Mirrors better-drizzle's `create({ skipDuplicates })`.
|
|
428
|
+
*/
|
|
429
|
+
skipDuplicates?: boolean;
|
|
430
|
+
}
|
|
431
|
+
/** The conflict target for `upsert`/`upsertMany`: one field name or a tuple of them. */
|
|
432
|
+
type UpsertTarget = ReadonlyArray<string> | string;
|
|
433
|
+
/** Argument to the per-table `upsert` accessor. */
|
|
434
|
+
interface UpsertArgs {
|
|
435
|
+
/** Document inserted when no existing row matches the `target`. */
|
|
436
|
+
create: Record<string, unknown>;
|
|
437
|
+
/** Field(s) — typically a `.unique()` column or unique index — used to look up an existing row. */
|
|
438
|
+
target: UpsertTarget;
|
|
439
|
+
/** Patch applied when an existing row matches the `target`. Defaults to `create`. */
|
|
440
|
+
update?: Record<string, unknown>;
|
|
441
|
+
}
|
|
442
|
+
/** Result of an `upsert`: the row's id and whether it was freshly inserted (`true`) or updated (`false`). */
|
|
443
|
+
interface UpsertResult {
|
|
444
|
+
created: boolean;
|
|
445
|
+
id: string;
|
|
446
|
+
}
|
|
447
|
+
/** Argument to the per-table `upsertMany` accessor — a shared `target` plus per-row create/update payloads. */
|
|
448
|
+
interface UpsertManyArgs {
|
|
449
|
+
rows: ReadonlyArray<{
|
|
450
|
+
create: Record<string, unknown>;
|
|
451
|
+
update?: Record<string, unknown>;
|
|
452
|
+
}>;
|
|
453
|
+
target: UpsertTarget;
|
|
454
|
+
}
|
|
412
455
|
/**
|
|
413
456
|
* Bind a structural writer to one table, producing its `ctx.db` table accessor.
|
|
414
457
|
*
|
|
@@ -426,7 +469,7 @@ declare const bindTableFacade: (writer: FacadeWriterLike, tableName: string) =>
|
|
|
426
469
|
interface OrmLike {
|
|
427
470
|
delete: (table: string, id: string) => Promise<void>;
|
|
428
471
|
insert: (table: string) => {
|
|
429
|
-
values: (document: Record<string, unknown>) => Promise<string>;
|
|
472
|
+
values: (document: Record<string, unknown>) => Promise<null | string>;
|
|
430
473
|
};
|
|
431
474
|
query: Record<string, FacadeEntry>;
|
|
432
475
|
replace: (table: string, id: string) => {
|
|
@@ -631,6 +674,76 @@ interface ContextWithStorage {
|
|
|
631
674
|
* client then ranges against R2/CDN directly with no Worker hop.
|
|
632
675
|
*/
|
|
633
676
|
declare const serveStorageObject: (context: ContextWithStorage, key: string, request: Request) => Promise<Response>;
|
|
677
|
+
/**
|
|
678
|
+
* What the worker does with a resolver's identity when it fails contract
|
|
679
|
+
* validation (a forged / malformed claim set arriving from an untrusted token).
|
|
680
|
+
* `"anonymous"` (default, safe) treats the request as anonymous, so the bad
|
|
681
|
+
* identity never reaches a policy as a valid identity (`ctx.auth.userId`
|
|
682
|
+
* becomes `undefined`). `"reject"` fails the request closed (a `401`) — use
|
|
683
|
+
* when a malformed credential should be a hard error, not a silent downgrade.
|
|
684
|
+
*/
|
|
685
|
+
type IdentityRejectMode = "anonymous" | "reject";
|
|
686
|
+
/** Options for {@link defineIdentity}. */
|
|
687
|
+
interface DefineIdentityOptions {
|
|
688
|
+
/**
|
|
689
|
+
* How to handle a resolver identity that violates the contract at the trust
|
|
690
|
+
* boundary. Defaults to `"anonymous"` (a forged claim set is downgraded to
|
|
691
|
+
* anonymous rather than flowing in as an unchecked cast).
|
|
692
|
+
*/
|
|
693
|
+
readonly onInvalid?: IdentityRejectMode;
|
|
694
|
+
}
|
|
695
|
+
/** Result of validating a candidate identity against the contract. */
|
|
696
|
+
type IdentityValidation = {
|
|
697
|
+
ok: true;
|
|
698
|
+
} | {
|
|
699
|
+
error: string;
|
|
700
|
+
ok: false;
|
|
701
|
+
};
|
|
702
|
+
/**
|
|
703
|
+
* A declared identity claim contract. Carries the codegen discovery brand, the
|
|
704
|
+
* declared claim validators, the reject policy, and a runtime `validate`. The
|
|
705
|
+
* `TClaims` type parameter is the inferred claim shape (always extending
|
|
706
|
+
* `{ userId: string }`); it is phantom (no runtime field) and exists so
|
|
707
|
+
* `@lunora/codegen` and {@link InferIdentity} can recover the type.
|
|
708
|
+
*/
|
|
709
|
+
interface IdentityContract<TClaims extends {
|
|
710
|
+
userId: string;
|
|
711
|
+
} = {
|
|
712
|
+
userId: string;
|
|
713
|
+
}> {
|
|
714
|
+
/**
|
|
715
|
+
* Phantom carrier for the inferred claim type. Never populated at runtime
|
|
716
|
+
* (`undefined`); present only so the type flows to codegen / {@link InferIdentity}.
|
|
717
|
+
*/
|
|
718
|
+
readonly __claimType?: TClaims;
|
|
719
|
+
readonly __lunoraIdentity: true;
|
|
720
|
+
/** The declared claim validators (a `@lunora/values` validator map). */
|
|
721
|
+
readonly claims: ValidatorMap;
|
|
722
|
+
/** Reject policy applied at the trust boundary. See {@link IdentityRejectMode}. */
|
|
723
|
+
readonly onInvalid: IdentityRejectMode;
|
|
724
|
+
/**
|
|
725
|
+
* Validate a resolver's returned identity against the declared claims. On
|
|
726
|
+
* success the caller keeps the original identity untouched (so undeclared
|
|
727
|
+
* claims are forwarded verbatim, preserving today's behaviour); on failure
|
|
728
|
+
* the worker applies the `onInvalid` policy.
|
|
729
|
+
*/
|
|
730
|
+
validate: (identity: Record<string, unknown>) => IdentityValidation;
|
|
731
|
+
}
|
|
732
|
+
/** Recover the declared claim type from a {@link defineIdentity} contract. */
|
|
733
|
+
type InferIdentity<T> = T extends IdentityContract<infer TClaims> ? TClaims : never;
|
|
734
|
+
/**
|
|
735
|
+
* Declare the identity claim contract. `claims` is a `@lunora/values` validator
|
|
736
|
+
* map whose inferred type must extend `{ userId: string }` — if it does not
|
|
737
|
+
* (e.g. `userId` is missing or not a required string), the argument type
|
|
738
|
+
* collapses to `never` and the call fails to typecheck.
|
|
739
|
+
* @example
|
|
740
|
+
* export const identity = defineIdentity({ userId: v.string(), tenantId: v.optional(v.string()), scopes: v.optional(v.array(v.string())) });
|
|
741
|
+
*/
|
|
742
|
+
declare const defineIdentity: <A extends ValidatorMap>(claims: InferValidatorMap<A> extends {
|
|
743
|
+
userId: string;
|
|
744
|
+
} ? A : never, options?: DefineIdentityOptions) => IdentityContract<InferValidatorMap<A> & {
|
|
745
|
+
userId: string;
|
|
746
|
+
}>;
|
|
634
747
|
/** Handler for a connection-lifecycle hook. */
|
|
635
748
|
type LifecycleHandler = (context: MutationCtx, event: LifecycleEvent) => Promise<void> | void;
|
|
636
749
|
/** Register a hook that fires once when a client's WebSocket connects. */
|
|
@@ -858,6 +971,55 @@ interface RegisteredMigration extends MigrationDefinition {
|
|
|
858
971
|
/** Declare an online data migration. See the module docs for runtime semantics. */
|
|
859
972
|
declare const defineMigration: (definition: MigrationDefinition) => RegisteredMigration;
|
|
860
973
|
/**
|
|
974
|
+
* A mutator declaration. `server` is authoritative; `client` is the optimistic
|
|
975
|
+
* twin (optional — omit it to let the optimistic write fall through to the
|
|
976
|
+
* server round-trip with no local preview). Both receive the same validated
|
|
977
|
+
* `args`.
|
|
978
|
+
*/
|
|
979
|
+
interface MutatorDefinition<Args extends ValidatorMap = ValidatorMap, ServerContext = MutationCtx, ClientTx = unknown, R = unknown> {
|
|
980
|
+
/**
|
|
981
|
+
* Validator for the mutator's arguments. Validated on the DO before `server`
|
|
982
|
+
* runs and (when present) on the client before `client` runs, so both impls
|
|
983
|
+
* see the same parsed shape. Omit for a parameterless mutator.
|
|
984
|
+
*/
|
|
985
|
+
readonly args?: Args;
|
|
986
|
+
/**
|
|
987
|
+
* Optimistic client implementation. Runs in a TanStack DB transaction
|
|
988
|
+
* against the local collections; its writes are applied immediately and
|
|
989
|
+
* automatically rolled back / rebased as the authoritative result syncs
|
|
990
|
+
* back. Pure and side-effect-free beyond the local store. Omit to skip the
|
|
991
|
+
* local preview.
|
|
992
|
+
*/
|
|
993
|
+
readonly client?: (tx: ClientTx, args: InferValidatorMap<Args>) => Promise<void> | void;
|
|
994
|
+
/**
|
|
995
|
+
* Authoritative server implementation. Runs inside the shard DO with a full
|
|
996
|
+
* {@link MutationContext} (`ctx.db` writer); its writes append to `__cdc_log`
|
|
997
|
+
* and poke back to subscribers. This is the source of truth — the client
|
|
998
|
+
* impl is only a prediction of it.
|
|
999
|
+
*/
|
|
1000
|
+
readonly server: (context: ServerContext, args: InferValidatorMap<Args>) => Promise<R> | R;
|
|
1001
|
+
}
|
|
1002
|
+
/**
|
|
1003
|
+
* A {@link MutatorDefinition} plus the codegen discovery marker and a
|
|
1004
|
+
* dispatch-shaped `handler` (validates `args`, then runs `server`) so the DO
|
|
1005
|
+
* invokes a mutator exactly like a registered procedure.
|
|
1006
|
+
*/
|
|
1007
|
+
interface RegisteredMutator<Args extends ValidatorMap = ValidatorMap, ServerContext = MutationCtx, ClientTx = unknown, R = unknown> extends MutatorDefinition<Args, ServerContext, ClientTx, R> {
|
|
1008
|
+
readonly __lunoraMutator: true;
|
|
1009
|
+
/** Validate `rawArgs`, then run the authoritative `server` impl. Used by the DO push path. */
|
|
1010
|
+
readonly handler: (context: ServerContext, rawArgs: Record<string, unknown>) => Promise<R>;
|
|
1011
|
+
/**
|
|
1012
|
+
* Marks the dispatch kind so codegen can register the mutator in the same
|
|
1013
|
+
* `LUNORA_FUNCTIONS` table queries/mutations use — the DO's `handleRpc`
|
|
1014
|
+
* reads `kind === "mutation"` to wrap the authoritative `server` impl in the
|
|
1015
|
+
* shard's BEGIN/COMMIT span (all-or-nothing writes), exactly like an
|
|
1016
|
+
* ordinary `mutation`.
|
|
1017
|
+
*/
|
|
1018
|
+
readonly kind: "mutation";
|
|
1019
|
+
}
|
|
1020
|
+
/** Declare a custom mutator. See the module docs for runtime semantics. */
|
|
1021
|
+
declare const defineMutator: <Args extends ValidatorMap = ValidatorMap, ServerContext = MutationCtx, ClientTx = unknown, R = unknown>(definition: MutatorDefinition<Args, ServerContext, ClientTx, R>) => RegisteredMutator<Args, ServerContext, ClientTx, R>;
|
|
1022
|
+
/**
|
|
861
1023
|
* The prefixed tables a single plugin `P` contributes, or an empty map when it
|
|
862
1024
|
* ships no schema extension. Mirrors {@link PrefixedTables} at the plugin level
|
|
863
1025
|
* so {@link InstalledTables} can fold a tuple of plugins.
|
|
@@ -1168,6 +1330,35 @@ interface TableBuilder<Shape extends Record<string, Validator> = Record<string,
|
|
|
1168
1330
|
}) => TableBuilder<Shape>;
|
|
1169
1331
|
/** Route storage by the named field — one DO per distinct value. */
|
|
1170
1332
|
shardBy: (field: keyof Shape & string) => TableBuilder<Shape>;
|
|
1333
|
+
/**
|
|
1334
|
+
* Turn on soft delete. Adds a nullable timestamp column (`options.field`,
|
|
1335
|
+
* default `deletedAt`) and changes `ctx.db.<table>.delete()` to **set** it
|
|
1336
|
+
* instead of removing the row; `onDelete: "cascade"` children are recursively
|
|
1337
|
+
* soft-deleted too. **List reads** (`findMany`/`findFirst`/`query()`/`count`/
|
|
1338
|
+
* `aggregate`/relation loads) then hide soft-deleted rows unless they pass
|
|
1339
|
+
* `includeDeleted: true`; by-id `get`/`patch`/`replace` and the new
|
|
1340
|
+
* `restore()` still address the row directly. `hardDelete()` physically
|
|
1341
|
+
* removes it (cascading as a real delete). Note: `includeDeleted` is a read
|
|
1342
|
+
* scope, not access control — anyone who can run the read can set it; a unique
|
|
1343
|
+
* index still rejects a new row that collides with a soft-deleted one (the row
|
|
1344
|
+
* physically persists).
|
|
1345
|
+
*/
|
|
1346
|
+
softDelete: (options?: {
|
|
1347
|
+
field?: string;
|
|
1348
|
+
}) => TableBuilder<Shape>;
|
|
1349
|
+
/**
|
|
1350
|
+
* Materialize this table from an external Postgres/MySQL behind Cloudflare
|
|
1351
|
+
* Hyperdrive (plan 077). A system-driven poll loop reads the tenant slice
|
|
1352
|
+
* (`query`, with params bound from `tenantBy`) and lands it in the DO's SQLite,
|
|
1353
|
+
* after which `defineShape` carries it to clients unchanged. Implies
|
|
1354
|
+
* `.externallyManaged()` (rows come from the ingest loop, not user mutations).
|
|
1355
|
+
*
|
|
1356
|
+
* Orthogonal to `.shardBy()` — combine them for per-tenant DOs. **Under
|
|
1357
|
+
* `.shardBy()` `tenantBy` is mandatory** (the tenant-isolation boundary); the
|
|
1358
|
+
* `external_source_unscoped` advisor lint fails the build when it is absent, and
|
|
1359
|
+
* `external_source_on_global` rejects combining `.source()` with `.global()`.
|
|
1360
|
+
*/
|
|
1361
|
+
source: (definition: ExternalSourceDefinition) => TableBuilder<Shape>;
|
|
1171
1362
|
/** Declare named lifecycle triggers fired inline within the write path. */
|
|
1172
1363
|
triggers: (build: (t: TriggerBuilder<Shape>) => Record<string, TriggerDefinition>) => TableBuilder<Shape>;
|
|
1173
1364
|
/** Declare a vector index over a single text field on this table. */
|
|
@@ -1190,7 +1381,7 @@ interface VectorIndexOptions {
|
|
|
1190
1381
|
* Build a table definition. Returned object is both the table definition (for
|
|
1191
1382
|
* `defineSchema`) and a fluent builder for indexes + sharding metadata.
|
|
1192
1383
|
*/
|
|
1193
|
-
declare const defineTable: <Shape extends Record<string, Validator>>(
|
|
1384
|
+
declare const defineTable: <Shape extends Record<string, Validator>>(inputShape: Shape) => TableBuilder<Shape>;
|
|
1194
1385
|
/**
|
|
1195
1386
|
* Declare a standalone vector index (DSL Shape B). Pass the returned value in
|
|
1196
1387
|
* the `vectorIndexes` map of {@link defineSchema} when the source is derived
|
|
@@ -1262,6 +1453,28 @@ type ExtendableSchema<T extends Record<string, TableDefinition>> = {
|
|
|
1262
1453
|
readonly key: Key;
|
|
1263
1454
|
}) => ExtendableSchema<PrefixedTables<X, Key> & T>;
|
|
1264
1455
|
/**
|
|
1456
|
+
* Pin every Durable Object the app reaches — shards, fan-out, subscriptions,
|
|
1457
|
+
* the scheduler, and `ctx.containers` — to a Cloudflare data-residency
|
|
1458
|
+
* jurisdiction (`"eu"`, `"us"`, `"fedramp"`). Codegen reads this off the
|
|
1459
|
+
* schema and emits it into the generated worker's `createWorker({ jurisdiction })`
|
|
1460
|
+
* (and `ctx.scheduler` / `ctx.containers`). Non-mutating: returns a fresh
|
|
1461
|
+
* `ExtendableSchema`, so it composes with `.rls(...)` / `.extend(...)` in any order.
|
|
1462
|
+
*
|
|
1463
|
+
* ⚠️ **Set this once, before your first deploy — changing or removing it
|
|
1464
|
+
* strands data.** A Durable Object name maps to a *different* ID in each
|
|
1465
|
+
* jurisdiction, so toggling this on an existing app makes every shard, scheduler
|
|
1466
|
+
* job, and session DO resolve to a NEW, empty DO; the previous data stays in the
|
|
1467
|
+
* old jurisdiction's DOs and is no longer reachable. There is no in-place
|
|
1468
|
+
* migration — you would have to export from the old jurisdiction and import
|
|
1469
|
+
* into the new one.
|
|
1470
|
+
*
|
|
1471
|
+
* Note: this pins **DO-backed** state only. D1-backed state — `.global()`
|
|
1472
|
+
* tables and `@lunora/auth` sessions alike — is governed by D1's own location
|
|
1473
|
+
* settings, not this option.
|
|
1474
|
+
* @see https://developers.cloudflare.com/durable-objects/reference/data-location/
|
|
1475
|
+
*/
|
|
1476
|
+
jurisdiction: (jurisdiction: DurableObjectJurisdiction) => ExtendableSchema<T>;
|
|
1477
|
+
/**
|
|
1265
1478
|
* Turn on secure-by-default RLS for the whole schema. Every table is then
|
|
1266
1479
|
* protected — the DO/D1 write path denies raw, non-RLS `ctx.db` access, so a
|
|
1267
1480
|
* procedure that forgets `.use(rls(...))` fails closed. Opt a table out with
|
|
@@ -1433,7 +1646,7 @@ declare const definePolicy: <Context = unknown>(input: DefinePolicyInput<Context
|
|
|
1433
1646
|
* the compile-time surface narrows, so a policy authored either way is
|
|
1434
1647
|
* discovered identically by the `rls()` chain.
|
|
1435
1648
|
*/
|
|
1436
|
-
declare const createPolicyDsl: <DM, REL extends Record<keyof DM, object>>() => <T extends keyof DM, Context = unknown>(input: TypedDefinePolicyInput<DM, REL, T, Context>) => Policy<Context>;
|
|
1649
|
+
declare const createPolicyDsl: <DM, REL extends Record<keyof DM, object>, Identity = Record<string, unknown>>() => <T extends keyof DM, Context = unknown>(input: TypedDefinePolicyInput<DM, REL, T, Context, Identity>) => Policy<Context>;
|
|
1437
1650
|
/**
|
|
1438
1651
|
* Declare a named permission a policy can check with `ctx.auth.can(...)`. Grant
|
|
1439
1652
|
* it to a role through `defineRole`'s `permissions`, register those roles with
|
|
@@ -1562,7 +1775,9 @@ interface DatabaseWriterLike {
|
|
|
1562
1775
|
*/
|
|
1563
1776
|
aggregate: (tableName: string, options: AggregateArgs) => Promise<null | number>;
|
|
1564
1777
|
count: (tableName: string, whereOrArgs?: CountArgs | WhereInput) => Promise<number>;
|
|
1565
|
-
delete: (id: string, expectedTable?: string
|
|
1778
|
+
delete: (id: string, expectedTable?: string, options?: {
|
|
1779
|
+
hard?: boolean;
|
|
1780
|
+
}) => Promise<void>;
|
|
1566
1781
|
deleteMany: (ids: ReadonlyArray<string>, options?: {
|
|
1567
1782
|
limit?: number;
|
|
1568
1783
|
}, expectedTable?: string) => Promise<{
|
|
@@ -1633,6 +1848,7 @@ interface DatabaseWriterLike {
|
|
|
1633
1848
|
*/
|
|
1634
1849
|
rankPage: (tableName: string, indexName: string, options?: RankPageArgs) => Promise<QueryPage>;
|
|
1635
1850
|
replace: (id: string, document: Record<string, unknown>, expectedTable?: string) => Promise<void>;
|
|
1851
|
+
restore?: (id: string, expectedTable?: string) => Promise<void>;
|
|
1636
1852
|
}
|
|
1637
1853
|
/**
|
|
1638
1854
|
* What a procedure's `ctx.db` must structurally satisfy for the middleware
|
|
@@ -1656,6 +1872,104 @@ interface RlsContextIn {
|
|
|
1656
1872
|
}
|
|
1657
1873
|
declare const rls: <Context extends RlsContextIn = RlsContextIn>(policies: ReadonlyArray<Policy<Context>>, options?: RlsOptions) => Middleware<Context, Context>;
|
|
1658
1874
|
/**
|
|
1875
|
+
* One `rls()` tag's read policies for a table, paired with the role→permission
|
|
1876
|
+
* grants of that SAME middleware. Keeping the role map per-group is what lets a
|
|
1877
|
+
* policy's `auth.can(...)` resolve against its own middleware's roles — never a
|
|
1878
|
+
* permission registered on a different `rls()` step.
|
|
1879
|
+
*/
|
|
1880
|
+
interface ScopedReadPolicies {
|
|
1881
|
+
readonly policies: ReadonlyArray<Policy>;
|
|
1882
|
+
readonly rolePermissions: ReadonlyMap<string, ReadonlySet<string>>;
|
|
1883
|
+
}
|
|
1884
|
+
/** Table-indexed read-policy groups, each scoped to the roles of the rls() middleware that declared it. */
|
|
1885
|
+
interface RlsReadRegistry {
|
|
1886
|
+
readonly byTable: ReadonlyMap<string, ReadonlyArray<ScopedReadPolicies>>;
|
|
1887
|
+
}
|
|
1888
|
+
/** The trusted, server-resolved facts a shape's RLS evaluation runs under. */
|
|
1889
|
+
interface ShapeReadWhereRequest {
|
|
1890
|
+
/** The shape ctx (the procedure context a policy `when` reads as `ctx`). */
|
|
1891
|
+
readonly ctx: unknown;
|
|
1892
|
+
/** Resolved identity claims (the socket's verified identity), or `null` when anonymous. */
|
|
1893
|
+
readonly identity: Record<string, unknown> | null;
|
|
1894
|
+
/** `true` when the schema is `.rls("required")` — gates the fail-closed branch. */
|
|
1895
|
+
readonly rlsRequired: boolean;
|
|
1896
|
+
/** Role labels the request carries (drives `auth.can(...)`). */
|
|
1897
|
+
readonly roles: ReadonlyArray<string>;
|
|
1898
|
+
/** The shape's own predicate (`where(ctx, args)`). */
|
|
1899
|
+
readonly shapeWhere: WhereInput;
|
|
1900
|
+
/** Logical table the shape replicates. */
|
|
1901
|
+
readonly table: string;
|
|
1902
|
+
/** `true` when the table is `.public()` (exempt from `.rls("required")` denial). */
|
|
1903
|
+
readonly tablePublic: boolean;
|
|
1904
|
+
/** Verified user id, or `null` when anonymous. */
|
|
1905
|
+
readonly userId: null | string;
|
|
1906
|
+
}
|
|
1907
|
+
/**
|
|
1908
|
+
* Build the read-policy registry from the registered functions (pass
|
|
1909
|
+
* `Object.values(LUNORA_FUNCTIONS)`). Only `on: "read"` policies are collected,
|
|
1910
|
+
* grouped per `rls()` middleware so each group keeps its own role→permission map
|
|
1911
|
+
* (a `(table, when)` pair is de-duplicated within a tag). A tag reused across
|
|
1912
|
+
* several procedures (a shared `const guard = rls(...)`) is folded once. This
|
|
1913
|
+
* mirrors the request-time `rls()` path exactly: a policy's `auth.can(...)`
|
|
1914
|
+
* resolves against the roles of the middleware that declared it, never a union.
|
|
1915
|
+
*/
|
|
1916
|
+
declare const buildRlsReadRegistry: (functions: Iterable<unknown>) => RlsReadRegistry;
|
|
1917
|
+
/**
|
|
1918
|
+
* Compute the effective `where` a shape replicates: the table's RLS read
|
|
1919
|
+
* base-where AND the shape's own predicate. Returns the shape predicate
|
|
1920
|
+
* unchanged for a table with no read policy (a `.public()` or non-RLS table),
|
|
1921
|
+
* and the FALSE sentinel (replicate nothing) when a `.rls("required")` schema
|
|
1922
|
+
* exposes a protected, policy-less table.
|
|
1923
|
+
*/
|
|
1924
|
+
declare const composeShapeReadWhere: (registry: RlsReadRegistry, request: ShapeReadWhereRequest) => WhereInput;
|
|
1925
|
+
/**
|
|
1926
|
+
* A shape declaration. `where` receives the trusted procedure context and the
|
|
1927
|
+
* validated client args and returns the same {@link WhereInput} shape the RLS
|
|
1928
|
+
* DSL uses, so the DO can AND-merge it with the table's read base-where via the
|
|
1929
|
+
* existing where-compiler (zero second predicate implementation).
|
|
1930
|
+
*/
|
|
1931
|
+
interface ShapeDefinition<Args extends ValidatorMap = ValidatorMap, Context = QueryCtx> {
|
|
1932
|
+
/**
|
|
1933
|
+
* Validator for the client-supplied shape parameters. Validated on the DO
|
|
1934
|
+
* before `where` runs, so a malformed `args` envelope is rejected at the
|
|
1935
|
+
* subscription boundary rather than silently widening the partition. Omit
|
|
1936
|
+
* for a parameterless shape.
|
|
1937
|
+
*/
|
|
1938
|
+
readonly args?: Args;
|
|
1939
|
+
/**
|
|
1940
|
+
* Project the replicated rows to these columns (the system columns `_id` and
|
|
1941
|
+
* `_creationTime` are always included). Omit to replicate every column. An
|
|
1942
|
+
* empty array is rejected — it would replicate no data, which is never the
|
|
1943
|
+
* intent.
|
|
1944
|
+
*/
|
|
1945
|
+
readonly columns?: ReadonlyArray<string>;
|
|
1946
|
+
/** Logical table this shape replicates a partition of. */
|
|
1947
|
+
readonly table: string;
|
|
1948
|
+
/**
|
|
1949
|
+
* Predicate selecting the rows this shape replicates. AND-composed with the
|
|
1950
|
+
* table's RLS read base-where on the DO. Runs server-side with a trusted
|
|
1951
|
+
* `ctx` (identity/auth the client can't forge) and the validated client
|
|
1952
|
+
* `args`; returns a {@link WhereInput} using the same operator set as the
|
|
1953
|
+
* SQL compiler (`eq`/`in`/`lt`/… + `AND`/`OR`/`NOT`).
|
|
1954
|
+
*/
|
|
1955
|
+
readonly where: (context: Context, args: InferValidatorMap<Args>) => WhereInput;
|
|
1956
|
+
}
|
|
1957
|
+
/** A {@link ShapeDefinition} plus the codegen discovery marker and a dispatch-shaped `compileWhere`. */
|
|
1958
|
+
interface RegisteredShape<Args extends ValidatorMap = ValidatorMap, Context = QueryCtx> extends ShapeDefinition<Args, Context> {
|
|
1959
|
+
readonly __lunoraShape: true;
|
|
1960
|
+
/**
|
|
1961
|
+
* Validate `rawArgs`, then evaluate `where` under the trusted `ctx` and
|
|
1962
|
+
* return its {@link WhereInput}. Used by the generated DO's `resolveShape`
|
|
1963
|
+
* override: `ctx` is erased to `unknown` at this dispatch boundary (the DO
|
|
1964
|
+
* builds it from the socket's verified identity and hands it back as the
|
|
1965
|
+
* concrete {@link QueryContext} the predicate expects), exactly like
|
|
1966
|
+
* `RegisteredLunoraFunction.handler` erases its context.
|
|
1967
|
+
*/
|
|
1968
|
+
readonly compileWhere: (context: unknown, rawArgs: Record<string, unknown>) => WhereInput;
|
|
1969
|
+
}
|
|
1970
|
+
/** Declare a replication shape. See the module docs for runtime semantics. */
|
|
1971
|
+
declare const defineShape: <Args extends ValidatorMap = ValidatorMap, Context = QueryCtx>(definition: ShapeDefinition<Args, Context>) => RegisteredShape<Args, Context>;
|
|
1972
|
+
/**
|
|
1659
1973
|
* Operations a storage rule can gate. `read` covers `download` / `getMetadata`
|
|
1660
1974
|
* / `getSignedUrl` / `getUrl`; `write` covers `store` / `generateUploadUrl`;
|
|
1661
1975
|
* `delete` is `delete`; `list` is a prefix listing (governed via the file
|
|
@@ -1738,4 +2052,4 @@ interface StorageContextIn {
|
|
|
1738
2052
|
}
|
|
1739
2053
|
declare const storageRules: <Context extends StorageContextIn = StorageContextIn>(rules: ReadonlyArray<StorageRule<Context>>, options?: StorageRulesOptions) => Middleware<Context, Context>;
|
|
1740
2054
|
declare const VERSION = "0.0.0";
|
|
1741
|
-
export { type ActionBuilder, type ActionCtx, type AggregateIndexDefinition, type AggregateIndexOptions, type AggregateOp, type ArgsValidator, type Component, type ComponentFunctions, type CreateOptions, type DataModelInit, type DefineComponentOptions, type DefinePluginOptions, type DefinePolicyInput, type DefinePresenceOptions, type DefineStorageRuleInput, type EmptyArgs, type EnvAccessor, type EnvKeyFailure, type EnvShape, type ExtendableSchema, type FacadeEntry, type FacadeWriterLike, type FunctionKind, type HttpActionCtx, type HttpActionHandler, type HttpMethod, type HttpRoute, type HttpRouteBuilder, type HttpRouteFactory, type HttpRouteHandlerOptions, type HttpStreamHandlerOptions, type InferArgs, type InferEnv, type InlineAggregateIndexOptions, type InlineRankIndexOptions, type InternalActionBuilder, type InternalMutationBuilder, type InternalQueryBuilder, type LifecycleEvent, type LifecycleHandler, type LunoraBuilders, LunoraEnvError, LunoraError, type LunoraErrorCode, type LunoraHttpApp, type LunoraHttpEnv, type LunoraRouteHandler, type ManyRelation, type MaskColumns, type MaskContext, type MaskFn, type MaskOptions, type MaskPolicies, type MaskStrategy, type Middleware, type MiddlewareNext, type MigrationDefinition, type MigrationDocument, type MigrationTransform, type MutationBuilder, type MutationCtx, type OnDeleteAction, type OneRelation, type OrmLike, DEFAULT_TTL_MS as PRESENCE_DEFAULT_TTL_MS, PRESENCE_TABLE, type Permission, type Plugin, type Policy, type PrefixedTables, type PresenceComponent, type PresenceFunctions, type PresenceMember, type ProtectPublicOptions, type QueryBuilder, type QueryCtx, type RankIndexDefinition, type RankIndexOptions, type RegisteredAction, type RegisteredFunction, type RegisteredLifecycleHook, type RegisteredMigration, type RegisteredMutation, type RegisteredQuery, type RegisteredStream, type RelationBuilder, type RelationDefinition, type RlsOptions, type Role, type Schema, type SchemaExtension, type StorageOperation, type StorageRule, type StorageRuleContext, type StorageRuleDecision, type StorageRulesOptions, type TableBuilder, type TableDefinition, type TerminalKind, type TriggerBuilder, type TriggerDefinition, type TypedDefinePolicyInput, VERSION, type VectorEmbedder, type VectorIndexDefinition, type VectorIndexOptions, type VectorMetric, type VectorizeOptions, type WhereInput, asBucketStorage, bindOrm, bindTableFacade, composePluginMiddleware, createPolicyDsl, defineAggregateIndex, defineComponent, defineEnv, defineMigration, definePermission, definePlugin, definePolicies, definePolicy, definePresence, defineRankIndex, defineRole, defineSchema, defineSchemaExtension, defineStorageRule, defineStorageRules, defineTable, defineVectorIndex, httpAction, httpRoute, httpRouter, initLunora, installPlugins, mask, mergeSchemaExtension, onConnect, onDisconnect, presenceExtension, protectPublic, redactSecrets, rls, serveStorageObject, storageRules };
|
|
2055
|
+
export { type ActionBuilder, type ActionCtx, type AggregateIndexDefinition, type AggregateIndexOptions, type AggregateOp, type ArgsValidator, type Component, type ComponentFunctions, type CreateOptions, type DataModelInit, type DefineComponentOptions, type DefineIdentityOptions, type DefinePluginOptions, type DefinePolicyInput, type DefinePresenceOptions, type DefineStorageRuleInput, type DurableObjectJurisdiction, type EmptyArgs, type EnvAccessor, type EnvKeyFailure, type EnvShape, type ExtendableSchema, type FacadeEntry, type FacadeWriterLike, type FunctionKind, type HttpActionCtx, type HttpActionHandler, type HttpMethod, type HttpRoute, type HttpRouteBuilder, type HttpRouteFactory, type HttpRouteHandlerOptions, type HttpStreamHandlerOptions, type IdentityContract, type IdentityRejectMode, type IdentityValidation, type InferArgs, type InferEnv, type InferIdentity, type InlineAggregateIndexOptions, type InlineRankIndexOptions, type InternalActionBuilder, type InternalMutationBuilder, type InternalQueryBuilder, type LifecycleEvent, type LifecycleHandler, type LunoraBuilders, LunoraEnvError, LunoraError, type LunoraErrorCode, type LunoraHttpApp, type LunoraHttpEnv, type LunoraRouteHandler, type ManyRelation, type MaskColumns, type MaskContext, type MaskFn, type MaskOptions, type MaskPolicies, type MaskStrategy, type Middleware, type MiddlewareNext, type MigrationDefinition, type MigrationDocument, type MigrationTransform, type MutationBuilder, type MutationCtx, type MutatorDefinition, type OnDeleteAction, type OneRelation, type OrmLike, DEFAULT_TTL_MS as PRESENCE_DEFAULT_TTL_MS, PRESENCE_TABLE, type Permission, type Plugin, type Policy, type PrefixedTables, type PresenceComponent, type PresenceFunctions, type PresenceMember, type ProtectPublicOptions, type QueryBuilder, type QueryCtx, type RankIndexDefinition, type RankIndexOptions, type RegisteredAction, type RegisteredFunction, type RegisteredLifecycleHook, type RegisteredMigration, type RegisteredMutation, type RegisteredMutator, type RegisteredQuery, type RegisteredShape, type RegisteredStream, type RelationBuilder, type RelationDefinition, type RlsOptions, type RlsReadRegistry, type Role, type Schema, type SchemaExtension, type ShapeDefinition, type ShapeReadWhereRequest, type StorageOperation, type StorageRule, type StorageRuleContext, type StorageRuleDecision, type StorageRulesOptions, type TableBuilder, type TableDefinition, type TerminalKind, type TriggerBuilder, type TriggerDefinition, type TypedDefinePolicyInput, VERSION, type VectorEmbedder, type VectorIndexDefinition, type VectorIndexOptions, type VectorMetric, type VectorizeOptions, type WhereInput, asBucketStorage, bindOrm, bindTableFacade, buildRlsReadRegistry, composePluginMiddleware, composeShapeReadWhere, createPolicyDsl, createSecrets, defineAggregateIndex, defineComponent, defineEnv, defineIdentity, defineMigration, defineMutator, definePermission, definePlugin, definePolicies, definePolicy, definePresence, defineRankIndex, defineRole, defineSchema, defineSchemaExtension, defineShape, defineStorageRule, defineStorageRules, defineTable, defineVectorIndex, httpAction, httpRoute, httpRouter, initLunora, installPlugins, mask, mergeSchemaExtension, onConnect, onDisconnect, presenceExtension, protectPublic, redactSecrets, rls, serveStorageObject, storageRules };
|
package/dist/index.mjs
CHANGED
|
@@ -1,23 +1,28 @@
|
|
|
1
1
|
export { default as asBucketStorage } from './packem_shared/asBucketStorage-Cnxd9y2q.mjs';
|
|
2
|
-
export { initLunora } from './packem_shared/initLunora-
|
|
3
|
-
export {
|
|
4
|
-
export {
|
|
5
|
-
export {
|
|
6
|
-
export {
|
|
2
|
+
export { initLunora } from './packem_shared/initLunora-lxwHTEV3.mjs';
|
|
3
|
+
export { createSecrets } from './packem_shared/createSecrets-TsIP9lOa.mjs';
|
|
4
|
+
export { LunoraEnvError, defineEnv, redactSecrets } from './packem_shared/LunoraEnvError-DjFkpkSP.mjs';
|
|
5
|
+
export { LunoraError } from './packem_shared/LunoraError-DN7Zhhvu.mjs';
|
|
6
|
+
export { bindOrm, bindTableFacade } from './packem_shared/bindOrm-Ce57S3N9.mjs';
|
|
7
|
+
export { httpAction, httpRoute, httpRouter, serveStorageObject } from './packem_shared/httpAction-FLwfsePg.mjs';
|
|
8
|
+
export { defineIdentity } from './packem_shared/defineIdentity-B_9YD46A.mjs';
|
|
7
9
|
export { onConnect, onDisconnect } from './packem_shared/onConnect-CIPXKPyw.mjs';
|
|
8
10
|
export { defineMigration } from './packem_shared/defineMigration-CAJLr6fx.mjs';
|
|
9
|
-
export {
|
|
10
|
-
export {
|
|
11
|
+
export { defineMutator } from './packem_shared/defineMutator-EIXAWhs9.mjs';
|
|
12
|
+
export { composePluginMiddleware, defineComponent, definePlugin, defineSchemaExtension, installPlugins, mergeSchemaExtension } from './packem_shared/composePluginMiddleware-Ck5_TUO8.mjs';
|
|
13
|
+
export { PRESENCE_DEFAULT_TTL_MS, PRESENCE_TABLE, definePresence, presenceExtension } from './packem_shared/PRESENCE_DEFAULT_TTL_MS-D8viLY1S.mjs';
|
|
11
14
|
export { protectPublic } from './packem_shared/protectPublic-BjFkQ_Or.mjs';
|
|
12
|
-
export { defineAggregateIndex, defineRankIndex, defineSchema, defineTable, defineVectorIndex } from './packem_shared/defineAggregateIndex-
|
|
15
|
+
export { defineAggregateIndex, defineRankIndex, defineSchema, defineTable, defineVectorIndex } from './packem_shared/defineAggregateIndex-ZdyU78gh.mjs';
|
|
16
|
+
export { defineShape } from './packem_shared/defineShape-CJ27Wx7o.mjs';
|
|
13
17
|
export { anyApi } from './types.mjs';
|
|
14
18
|
export { cronJobs } from '@lunora/scheduler';
|
|
15
19
|
export { ValidationError, v } from '@lunora/values';
|
|
16
|
-
export {
|
|
20
|
+
export { buildRlsReadRegistry, composeShapeReadWhere } from './packem_shared/buildRlsReadRegistry-1jexWrb3.mjs';
|
|
21
|
+
export { createPolicyDsl, definePermission, definePolicies, definePolicy, defineRole } from './packem_shared/createPolicyDsl-De67zPDS.mjs';
|
|
17
22
|
export { defineStorageRule, defineStorageRules } from './packem_shared/defineStorageRule-qu0mpilX.mjs';
|
|
18
|
-
export { mask } from './packem_shared/mask-
|
|
19
|
-
export { rls } from './packem_shared/rls-
|
|
20
|
-
export { storageRules } from './packem_shared/storageRules-
|
|
23
|
+
export { mask } from './packem_shared/mask-BV_jNzsN.mjs';
|
|
24
|
+
export { rls } from './packem_shared/rls-2Jhd0uev.mjs';
|
|
25
|
+
export { storageRules } from './packem_shared/storageRules-Cje6Woea.mjs';
|
|
21
26
|
|
|
22
27
|
const VERSION = "0.0.0";
|
|
23
28
|
|
|
@@ -41,10 +41,13 @@ class LunoraError extends Error {
|
|
|
41
41
|
name = "LunoraError";
|
|
42
42
|
code;
|
|
43
43
|
status;
|
|
44
|
-
|
|
44
|
+
/** Structured, JSON+wire-encodable payload surfaced to the client alongside `code`. */
|
|
45
|
+
data;
|
|
46
|
+
constructor(code, message, data) {
|
|
45
47
|
super(message ?? code);
|
|
46
48
|
this.code = code;
|
|
47
49
|
this.status = CODE_STATUS[code];
|
|
50
|
+
this.data = data;
|
|
48
51
|
}
|
|
49
52
|
}
|
|
50
53
|
|
package/dist/packem_shared/{definePresence-D5LtwGl0.mjs → PRESENCE_DEFAULT_TTL_MS-D8viLY1S.mjs}
RENAMED
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
import { v } from '@lunora/values';
|
|
2
|
-
import { initLunora } from './initLunora-
|
|
3
|
-
import { LunoraError } from './LunoraError-
|
|
2
|
+
import { initLunora } from './initLunora-lxwHTEV3.mjs';
|
|
3
|
+
import { LunoraError } from './LunoraError-DN7Zhhvu.mjs';
|
|
4
4
|
import { onDisconnect } from './onConnect-CIPXKPyw.mjs';
|
|
5
|
-
import { defineSchemaExtension, defineComponent } from './
|
|
6
|
-
import { defineTable } from './defineAggregateIndex-
|
|
5
|
+
import { defineSchemaExtension, defineComponent } from './composePluginMiddleware-Ck5_TUO8.mjs';
|
|
6
|
+
import { defineTable } from './defineAggregateIndex-ZdyU78gh.mjs';
|
|
7
7
|
|
|
8
8
|
const DEFAULT_TTL_MS = 3e4;
|
|
9
9
|
const MAX_DATA_BYTES = 4096;
|