@noy-db/hub 0.1.0-pre.10

package/dist/chunk-NBYQNDXA.js

@@ -0,0 +1,557 @@
+// src/errors.ts
+var NoydbError = class extends Error {
+  /** Machine-readable error code. Stable across library versions. */
+  code;
+  constructor(code, message) {
+    super(message);
+    this.name = "NoydbError";
+    this.code = code;
+  }
+};
+var DecryptionError = class extends NoydbError {
+  constructor(message = "Decryption failed") {
+    super("DECRYPTION_FAILED", message);
+    this.name = "DecryptionError";
+  }
+};
+var TamperedError = class extends NoydbError {
+  constructor(message = "Data integrity check failed \u2014 record may have been tampered with") {
+    super("TAMPERED", message);
+    this.name = "TamperedError";
+  }
+};
+var InvalidKeyError = class extends NoydbError {
+  constructor(message = "Invalid key \u2014 wrong passphrase or corrupted keyring") {
+    super("INVALID_KEY", message);
+    this.name = "InvalidKeyError";
+  }
+};
+var KeyringCorruptError = class extends NoydbError {
+  failedCollections;
+  intactCount;
+  constructor(opts) {
+    super(
+      "KEYRING_CORRUPT",
+      opts.message ?? `Keyring has ${opts.failedCollections.length} corrupted wrapped DEK(s) (${opts.failedCollections.join(", ")}); ${opts.intactCount} other DEK(s) unwrapped successfully \u2014 the passphrase is correct, the entries are damaged. Do NOT use onInvalidKey: 'reset' here \u2014 that would destroy the intact DEKs.`
+    );
+    this.name = "KeyringCorruptError";
+    this.failedCollections = opts.failedCollections;
+    this.intactCount = opts.intactCount;
+  }
+};
+var NoAccessError = class extends NoydbError {
+  constructor(message = "No access \u2014 user does not have a key for this collection") {
+    super("NO_ACCESS", message);
+    this.name = "NoAccessError";
+  }
+};
+var ReadOnlyError = class extends NoydbError {
+  constructor(message = "Read-only \u2014 user has ro permission on this collection") {
+    super("READ_ONLY", message);
+    this.name = "ReadOnlyError";
+  }
+};
+var ReadOnlyAtInstantError = class extends NoydbError {
+  constructor(operation, timestamp) {
+    super(
+      "READ_ONLY_AT_INSTANT",
+      `Cannot ${operation}() on a vault view anchored at ${timestamp} \u2014 time-machine views are read-only`
+    );
+    this.name = "ReadOnlyAtInstantError";
+  }
+};
+var ReadOnlyFrameError = class extends NoydbError {
+  constructor(operation) {
+    super(
+      "READ_ONLY_FRAME",
+      `Cannot ${operation}() on a vault frame \u2014 frames are read-only presentations of the current vault`
+    );
+    this.name = "ReadOnlyFrameError";
+  }
+};
+var PermissionDeniedError = class extends NoydbError {
+  constructor(message = "Permission denied \u2014 insufficient role for this operation") {
+    super("PERMISSION_DENIED", message);
+    this.name = "PermissionDeniedError";
+  }
+};
+var ExportCapabilityError = class extends NoydbError {
+  tier;
+  format;
+  userId;
+  constructor(opts) {
+    const msg = opts.message ?? (opts.tier === "plaintext" ? `Export capability denied \u2014 keyring "${opts.userId}" is not granted plaintext-export capability for format "${opts.format ?? "<unknown>"}". Ask a vault owner or admin to grant it via vault.grant({ exportCapability: { plaintext: ['${opts.format ?? "<format>"}'] } }).` : `Export capability denied \u2014 keyring "${opts.userId}" is not granted encrypted-bundle export capability. Ask a vault owner or admin to grant it via vault.grant({ exportCapability: { bundle: true } }).`);
+    super("EXPORT_CAPABILITY", msg);
+    this.name = "ExportCapabilityError";
+    this.tier = opts.tier;
+    this.userId = opts.userId;
+    if (opts.format !== void 0) this.format = opts.format;
+  }
+};
+var KeyringExpiredError = class extends NoydbError {
+  userId;
+  expiresAt;
+  constructor(opts) {
+    super(
+      "KEYRING_EXPIRED",
+      `Keyring "${opts.userId}" expired at ${opts.expiresAt}. The slot refuses to unlock past its expiry timestamp.`
+    );
+    this.name = "KeyringExpiredError";
+    this.userId = opts.userId;
+    this.expiresAt = opts.expiresAt;
+  }
+};
+var ImportCapabilityError = class extends NoydbError {
+  tier;
+  format;
+  userId;
+  constructor(opts) {
+    const msg = opts.message ?? (opts.tier === "plaintext" ? `Import capability denied \u2014 keyring "${opts.userId}" is not granted plaintext-import capability for format "${opts.format ?? "<unknown>"}". Ask a vault owner or admin to grant it via vault.grant({ importCapability: { plaintext: ['${opts.format ?? "<format>"}'] } }).` : `Import capability denied \u2014 keyring "${opts.userId}" is not granted encrypted-bundle import capability. Ask a vault owner or admin to grant it via vault.grant({ importCapability: { bundle: true } }).`);
+    super("IMPORT_CAPABILITY", msg);
+    this.name = "ImportCapabilityError";
+    this.tier = opts.tier;
+    this.userId = opts.userId;
+    if (opts.format !== void 0) this.format = opts.format;
+  }
+};
+var StoreCapabilityError = class extends NoydbError {
+  /** The store method/capability that was missing. */
+  capability;
+  constructor(capability, callerApi, storeName) {
+    super(
+      "STORE_CAPABILITY",
+      `${callerApi} requires the optional store capability "${capability}" but the active store${storeName ? ` (${storeName})` : ""} does not implement it. Use a store that supports "${capability}" (store-memory, store-file) or pass an explicit vault list to bypass enumeration.`
+    );
+    this.name = "StoreCapabilityError";
+    this.capability = capability;
+  }
+};
+var PrivilegeEscalationError = class extends NoydbError {
+  offendingCollection;
+  constructor(offendingCollection, message) {
+    super(
+      "PRIVILEGE_ESCALATION",
+      message ?? `Privilege escalation: grantor has no DEK for collection "${offendingCollection}" and cannot grant access to it.`
+    );
+    this.name = "PrivilegeEscalationError";
+    this.offendingCollection = offendingCollection;
+  }
+};
+var PeriodClosedError = class extends NoydbError {
+  periodName;
+  endDate;
+  recordTs;
+  constructor(periodName, endDate, recordTs) {
+    super(
+      "PERIOD_CLOSED",
+      `Cannot modify record (last written ${recordTs}) \u2014 sealed by closed period "${periodName}" (endDate: ${endDate}). Post a compensating entry in a new period instead.`
+    );
+    this.name = "PeriodClosedError";
+    this.periodName = periodName;
+    this.endDate = endDate;
+    this.recordTs = recordTs;
+  }
+};
+var TierNotGrantedError = class extends NoydbError {
+  tier;
+  collection;
+  constructor(collection, tier) {
+    super(
+      "TIER_NOT_GRANTED",
+      `User has no DEK for tier ${tier} in collection "${collection}"`
+    );
+    this.name = "TierNotGrantedError";
+    this.collection = collection;
+    this.tier = tier;
+  }
+};
+var ElevationExpiredError = class extends NoydbError {
+  tier;
+  expiresAt;
+  constructor(opts) {
+    super(
+      "ELEVATION_EXPIRED",
+      `Elevation to tier ${opts.tier} expired at ${new Date(opts.expiresAt).toISOString()}`
+    );
+    this.name = "ElevationExpiredError";
+    this.tier = opts.tier;
+    this.expiresAt = opts.expiresAt;
+  }
+};
+var AlreadyElevatedError = class extends NoydbError {
+  activeTier;
+  constructor(activeTier) {
+    super(
+      "ALREADY_ELEVATED",
+      `Vault is already elevated to tier ${activeTier}; release the existing handle first`
+    );
+    this.name = "AlreadyElevatedError";
+    this.activeTier = activeTier;
+  }
+};
+var TierDemoteDeniedError = class extends NoydbError {
+  constructor(id, tier) {
+    super(
+      "TIER_DEMOTE_DENIED",
+      `Only the original elevator or an owner can demote record "${id}" from tier ${tier}`
+    );
+    this.name = "TierDemoteDeniedError";
+  }
+};
+var DelegationTargetMissingError = class extends NoydbError {
+  toUser;
+  constructor(toUser) {
+    super(
+      "DELEGATION_TARGET_MISSING",
+      `Delegation target user "${toUser}" has no keyring in this vault`
+    );
+    this.name = "DelegationTargetMissingError";
+    this.toUser = toUser;
+  }
+};
+var ConflictError = class extends NoydbError {
+  /** The actual stored version at the time of conflict. */
+  version;
+  constructor(version, message = "Version conflict") {
+    super("CONFLICT", message);
+    this.name = "ConflictError";
+    this.version = version;
+  }
+};
+var LedgerContentionError = class extends NoydbError {
+  attempts;
+  constructor(attempts) {
+    super(
+      "LEDGER_CONTENTION",
+      `LedgerStore.append: failed to claim a chain slot after ${attempts} optimistic-CAS retries`
+    );
+    this.name = "LedgerContentionError";
+    this.attempts = attempts;
+  }
+};
+var BundleVersionConflictError = class extends NoydbError {
+  /** The bundle handle of the newer remote version that rejected the push. */
+  remoteVersion;
+  constructor(remoteVersion, message = "Bundle version conflict \u2014 remote has been updated") {
+    super("BUNDLE_VERSION_CONFLICT", message);
+    this.name = "BundleVersionConflictError";
+    this.remoteVersion = remoteVersion;
+  }
+};
+var NetworkError = class extends NoydbError {
+  constructor(message = "Network error") {
+    super("NETWORK_ERROR", message);
+    this.name = "NetworkError";
+  }
+};
+var NotFoundError = class extends NoydbError {
+  constructor(message = "Record not found") {
+    super("NOT_FOUND", message);
+    this.name = "NotFoundError";
+  }
+};
+var ValidationError = class extends NoydbError {
+  constructor(message = "Validation error") {
+    super("VALIDATION_ERROR", message);
+    this.name = "ValidationError";
+  }
+};
+var SchemaValidationError = class extends NoydbError {
+  issues;
+  direction;
+  constructor(message, issues, direction) {
+    super("SCHEMA_VALIDATION_FAILED", message);
+    this.name = "SchemaValidationError";
+    this.issues = issues;
+    this.direction = direction;
+  }
+};
+var GroupCardinalityError = class extends NoydbError {
+  /** The field being grouped on. */
+  field;
+  /** Observed number of distinct groups at the moment the cap tripped. */
+  cardinality;
+  /** The cap that was exceeded. */
+  maxGroups;
+  constructor(field, cardinality, maxGroups) {
+    super(
+      "GROUP_CARDINALITY",
+      `.groupBy("${field}") produced ${cardinality} distinct groups, exceeding the ${maxGroups}-group ceiling. This is almost always a query mistake \u2014 grouping on a high-uniqueness field like "id" or "createdAt" produces one bucket per record. Narrow the query with .where() before grouping, or group on a lower-cardinality field (status, category, clientId). If you genuinely need high-cardinality grouping, file an issue with your use case.`
+    );
+    this.name = "GroupCardinalityError";
+    this.field = field;
+    this.cardinality = cardinality;
+    this.maxGroups = maxGroups;
+  }
+};
+var IndexRequiredError = class extends NoydbError {
+  collection;
+  touchedFields;
+  missingFields;
+  constructor(args) {
+    super(
+      "INDEX_REQUIRED",
+      `Collection "${args.collection}": query references unindexed fields in lazy mode (missing: ${args.missingFields.join(", ")}). Declare an index on each field, or use collection.scan() for non-indexed iteration.`
+    );
+    this.name = "IndexRequiredError";
+    this.collection = args.collection;
+    this.touchedFields = [...args.touchedFields];
+    this.missingFields = [...args.missingFields];
+  }
+};
+var IndexWriteFailureError = class extends NoydbError {
+  recordId;
+  field;
+  op;
+  cause;
+  constructor(args) {
+    super(
+      "INDEX_WRITE_FAILURE",
+      `Index side-car ${args.op} failed for field "${args.field}" on record "${args.recordId}"`
+    );
+    this.name = "IndexWriteFailureError";
+    this.recordId = args.recordId;
+    this.field = args.field;
+    this.op = args.op;
+    this.cause = args.cause;
+  }
+};
+var BundleIntegrityError = class extends NoydbError {
+  constructor(message) {
+    super("BUNDLE_INTEGRITY", `.noydb bundle integrity check failed: ${message}`);
+    this.name = "BundleIntegrityError";
+  }
+};
+var ReservedCollectionNameError = class extends NoydbError {
+  /** The rejected collection name. */
+  collectionName;
+  constructor(collectionName) {
+    super(
+      "RESERVED_COLLECTION_NAME",
+      `"${collectionName}" is a reserved collection name. Use vault.dictionary("${collectionName.replace(/^_dict_/, "")}") to access dictionary collections.`
+    );
+    this.name = "ReservedCollectionNameError";
+    this.collectionName = collectionName;
+  }
+};
+var DictKeyMissingError = class extends NoydbError {
+  /** The dictionary name. */
+  dictionaryName;
+  /** The key that was not found. */
+  key;
+  constructor(dictionaryName, key) {
+    super(
+      "DICT_KEY_MISSING",
+      `Dictionary "${dictionaryName}" has no entry for key "${key}".`
+    );
+    this.name = "DictKeyMissingError";
+    this.dictionaryName = dictionaryName;
+    this.key = key;
+  }
+};
+var DictKeyInUseError = class extends NoydbError {
+  /** The dictionary name. */
+  dictionaryName;
+  /** The key that is still referenced. */
+  key;
+  /** Name of the first collection found to reference this key. */
+  usedBy;
+  /** Number of records in `usedBy` that reference this key. */
+  count;
+  constructor(dictionaryName, key, usedBy, count) {
+    super(
+      "DICT_KEY_IN_USE",
+      `Cannot delete key "${key}" from dictionary "${dictionaryName}": ${count} record(s) in "${usedBy}" still reference it. Use dictionary.rename("${key}", newKey) to rewrite references first.`
+    );
+    this.name = "DictKeyInUseError";
+    this.dictionaryName = dictionaryName;
+    this.key = key;
+    this.usedBy = usedBy;
+    this.count = count;
+  }
+};
+var MissingTranslationError = class extends NoydbError {
+  /** The field name whose translation(s) are missing. */
+  field;
+  /** Locale codes that were required but absent. */
+  missing;
+  constructor(field, missing, message) {
+    super(
+      "MISSING_TRANSLATION",
+      message ?? `Field "${field}": missing required translation(s): ${missing.join(", ")}.`
+    );
+    this.name = "MissingTranslationError";
+    this.field = field;
+    this.missing = missing;
+  }
+};
+var LocaleNotSpecifiedError = class extends NoydbError {
+  /** The field name that required a locale. */
+  field;
+  constructor(field, message) {
+    super(
+      "LOCALE_NOT_SPECIFIED",
+      message ?? `Cannot read i18nText field "${field}" without a locale. Pass { locale } to get()/list()/query() or set a default via openVault(name, { locale }).`
+    );
+    this.name = "LocaleNotSpecifiedError";
+    this.field = field;
+  }
+};
+var TranslatorNotConfiguredError = class extends NoydbError {
+  /** The field that requested auto-translation. */
+  field;
+  /** The collection the put was targeting. */
+  collection;
+  constructor(field, collection) {
+    super(
+      "TRANSLATOR_NOT_CONFIGURED",
+      `Field "${field}" in collection "${collection}" has autoTranslate: true, but no plaintextTranslator was configured on createNoydb(). Either configure a plaintextTranslator or remove autoTranslate from the schema.`
+    );
+    this.name = "TranslatorNotConfiguredError";
+    this.field = field;
+    this.collection = collection;
+  }
+};
+var BackupLedgerError = class extends NoydbError {
+  /** First-broken-entry index, if known. */
+  divergedAt;
+  constructor(message, divergedAt) {
+    super("BACKUP_LEDGER", message);
+    this.name = "BackupLedgerError";
+    if (divergedAt !== void 0) this.divergedAt = divergedAt;
+  }
+};
+var BackupCorruptedError = class extends NoydbError {
+  /** The (collection, id) pair whose envelope failed the hash check. */
+  collection;
+  id;
+  constructor(collection, id, message) {
+    super("BACKUP_CORRUPTED", message);
+    this.name = "BackupCorruptedError";
+    this.collection = collection;
+    this.id = id;
+  }
+};
+var SessionExpiredError = class extends NoydbError {
+  sessionId;
+  constructor(sessionId) {
+    super("SESSION_EXPIRED", `Session "${sessionId}" has expired. Re-unlock to continue.`);
+    this.name = "SessionExpiredError";
+    this.sessionId = sessionId;
+  }
+};
+var SessionNotFoundError = class extends NoydbError {
+  sessionId;
+  constructor(sessionId) {
+    super("SESSION_NOT_FOUND", `Session key for "${sessionId}" not found. The session may have been revoked or the page reloaded.`);
+    this.name = "SessionNotFoundError";
+    this.sessionId = sessionId;
+  }
+};
+var SessionPolicyError = class extends NoydbError {
+  operation;
+  constructor(operation, message) {
+    super(
+      "SESSION_POLICY",
+      message ?? `Operation "${operation}" requires re-authentication per the active session policy.`
+    );
+    this.name = "SessionPolicyError";
+    this.operation = operation;
+  }
+};
+var JoinTooLargeError = class extends NoydbError {
+  leftRows;
+  rightRows;
+  maxRows;
+  side;
+  constructor(opts) {
+    super("JOIN_TOO_LARGE", opts.message);
+    this.name = "JoinTooLargeError";
+    this.leftRows = opts.leftRows;
+    this.rightRows = opts.rightRows;
+    this.maxRows = opts.maxRows;
+    this.side = opts.side;
+  }
+};
+var DanglingReferenceError = class extends NoydbError {
+  field;
+  target;
+  refId;
+  constructor(opts) {
+    super("DANGLING_REFERENCE", opts.message);
+    this.name = "DanglingReferenceError";
+    this.field = opts.field;
+    this.target = opts.target;
+    this.refId = opts.refId;
+  }
+};
+var FilenameSanitizationError = class extends NoydbError {
+  constructor(message) {
+    super("FILENAME_SANITIZATION", message);
+    this.name = "FilenameSanitizationError";
+  }
+};
+var PathEscapeError = class extends NoydbError {
+  attempted;
+  targetDir;
+  constructor(opts) {
+    super(
+      "PATH_ESCAPE",
+      `Sanitized filename "${opts.attempted}" resolves outside target dir "${opts.targetDir}"`
+    );
+    this.name = "PathEscapeError";
+    this.attempted = opts.attempted;
+    this.targetDir = opts.targetDir;
+  }
+};
+
+export {
+  NoydbError,
+  DecryptionError,
+  TamperedError,
+  InvalidKeyError,
+  KeyringCorruptError,
+  NoAccessError,
+  ReadOnlyError,
+  ReadOnlyAtInstantError,
+  ReadOnlyFrameError,
+  PermissionDeniedError,
+  ExportCapabilityError,
+  KeyringExpiredError,
+  ImportCapabilityError,
+  StoreCapabilityError,
+  PrivilegeEscalationError,
+  PeriodClosedError,
+  TierNotGrantedError,
+  ElevationExpiredError,
+  AlreadyElevatedError,
+  TierDemoteDeniedError,
+  DelegationTargetMissingError,
+  ConflictError,
+  LedgerContentionError,
+  BundleVersionConflictError,
+  NetworkError,
+  NotFoundError,
+  ValidationError,
+  SchemaValidationError,
+  GroupCardinalityError,
+  IndexRequiredError,
+  IndexWriteFailureError,
+  BundleIntegrityError,
+  ReservedCollectionNameError,
+  DictKeyMissingError,
+  DictKeyInUseError,
+  MissingTranslationError,
+  LocaleNotSpecifiedError,
+  TranslatorNotConfiguredError,
+  BackupLedgerError,
+  BackupCorruptedError,
+  SessionExpiredError,
+  SessionNotFoundError,
+  SessionPolicyError,
+  JoinTooLargeError,
+  DanglingReferenceError,
+  FilenameSanitizationError,
+  PathEscapeError
+};
+//# sourceMappingURL=chunk-NBYQNDXA.js.map