@noy-db/hub 0.1.0-pre.3

package/dist/consent/index.js

@@ -0,0 +1,23 @@
+import {
+  CONSENT_AUDIT_COLLECTION,
+  loadConsentEntries,
+  writeConsentEntry
+} from "../chunk-M62XNWRA.js";
+import "../chunk-FZU343FL.js";
+import "../chunk-MR4424N3.js";
+import "../chunk-ACLDOTNQ.js";
+
+// src/consent/active.ts
+function withConsent() {
+  return {
+    write: writeConsentEntry,
+    read: loadConsentEntries
+  };
+}
+export {
+  CONSENT_AUDIT_COLLECTION,
+  loadConsentEntries,
+  withConsent,
+  writeConsentEntry
+};
+//# sourceMappingURL=index.js.map

package/dist/consent/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/consent/active.ts"],"sourcesContent":["/**\n * Active consent strategy. Calling `withConsent()` returns a\n * `ConsentStrategy` that delegates to the real\n * `writeConsentEntry` / `loadConsentEntries` functions. Only\n * reachable through the `@noy-db/hub/consent` subpath.\n */\n\nimport { writeConsentEntry, loadConsentEntries } from './consent.js'\nimport type { ConsentStrategy } from './strategy.js'\n\n/**\n * Build the default consent strategy. Pass into\n * `createNoydb({ consentStrategy: withConsent() })` to enable\n * per-operation audit writes into the reserved `_consent_audit`\n * collection.\n */\nexport function withConsent(): ConsentStrategy {\n  return {\n    write: writeConsentEntry,\n    read: loadConsentEntries,\n  }\n}\n"],"mappings":";;;;;;;;;;AAgBO,SAAS,cAA+B;AAC7C,SAAO;AAAA,IACL,OAAO;AAAA,IACP,MAAM;AAAA,EACR;AACF;","names":[]}

package/dist/crdt/index.cjs

@@ -0,0 +1,152 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/crdt/index.ts
+var crdt_exports = {};
+__export(crdt_exports, {
+  buildLwwMapState: () => buildLwwMapState,
+  buildRgaState: () => buildRgaState,
+  mergeCrdtStates: () => mergeCrdtStates,
+  resolveCrdtSnapshot: () => resolveCrdtSnapshot,
+  withCrdt: () => withCrdt
+});
+module.exports = __toCommonJS(crdt_exports);
+
+// src/crdt/crdt.ts
+function resolveCrdtSnapshot(state) {
+  switch (state._crdt) {
+    case "lww-map": {
+      const result = {};
+      for (const [field, reg] of Object.entries(state.fields)) {
+        result[field] = reg.v;
+      }
+      return result;
+    }
+    case "rga": {
+      const dead = new Set(state.tombstones);
+      return state.items.filter((i) => !dead.has(i.nid)).map((i) => i.v);
+    }
+    case "yjs":
+      return state.update;
+  }
+}
+function mergeCrdtStates(a, b) {
+  if (a._crdt !== b._crdt) return a;
+  switch (a._crdt) {
+    case "lww-map":
+      return mergeLwwMap(a, b);
+    case "rga":
+      return mergeRga(a, b);
+    case "yjs":
+      return a;
+  }
+}
+function mergeLwwMap(a, b) {
+  const merged = {};
+  const allFields = /* @__PURE__ */ new Set([...Object.keys(a.fields), ...Object.keys(b.fields)]);
+  for (const field of allFields) {
+    const fa = a.fields[field];
+    const fb = b.fields[field];
+    if (!fa) {
+      merged[field] = fb;
+    } else if (!fb) {
+      merged[field] = fa;
+    } else {
+      merged[field] = fa.ts >= fb.ts ? fa : fb;
+    }
+  }
+  return { _crdt: "lww-map", fields: merged };
+}
+function mergeRga(a, b) {
+  const allTombstones = /* @__PURE__ */ new Set([...a.tombstones, ...b.tombstones]);
+  const seenNids = new Set(a.items.map((i) => i.nid));
+  const merged = [
+    ...a.items,
+    ...b.items.filter((i) => !seenNids.has(i.nid))
+  ];
+  return { _crdt: "rga", items: merged, tombstones: [...allTombstones] };
+}
+function buildLwwMapState(record, existing, now) {
+  const fields = {};
+  for (const [field, value] of Object.entries(record)) {
+    fields[field] = { v: value, ts: now };
+  }
+  if (existing) {
+    for (const [field, reg] of Object.entries(existing.fields)) {
+      if (!(field in fields)) {
+        fields[field] = reg;
+      }
+    }
+  }
+  return { _crdt: "lww-map", fields };
+}
+function buildRgaState(arr, existing, generateNid) {
+  const existingByValue = /* @__PURE__ */ new Map();
+  if (existing) {
+    for (const item of existing.items) {
+      const key = JSON.stringify(item.v);
+      if (!existingByValue.has(key)) existingByValue.set(key, item);
+    }
+  }
+  const usedNids = /* @__PURE__ */ new Set();
+  const newItems = [];
+  for (const el of arr) {
+    const key = JSON.stringify(el);
+    const match = existingByValue.get(key);
+    if (match && !usedNids.has(match.nid)) {
+      newItems.push(match);
+      usedNids.add(match.nid);
+    } else {
+      const nid = generateNid();
+      newItems.push({ nid, v: el });
+      usedNids.add(nid);
+    }
+  }
+  const tombstones = existing ? [...existing.tombstones] : [];
+  const extraItems = [];
+  if (existing) {
+    for (const item of existing.items) {
+      if (!usedNids.has(item.nid)) {
+        if (!tombstones.includes(item.nid)) tombstones.push(item.nid);
+        extraItems.push(item);
+      }
+    }
+  }
+  const items = [...newItems, ...extraItems];
+  return { _crdt: "rga", items, tombstones };
+}
+
+// src/crdt/active.ts
+function withCrdt() {
+  return {
+    buildLwwMapState,
+    buildRgaState,
+    mergeCrdtStates,
+    resolveCrdtSnapshot
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  buildLwwMapState,
+  buildRgaState,
+  mergeCrdtStates,
+  resolveCrdtSnapshot,
+  withCrdt
+});
+//# sourceMappingURL=index.cjs.map

package/dist/crdt/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/crdt/index.ts","../../src/crdt/crdt.ts","../../src/crdt/active.ts"],"sourcesContent":["/**\n * @noy-db/hub/crdt — opt-in CRDT (conflict-free replicated data type)\n * subsystem.\n *\n * @category capability\n *\n * Collaborative-editing primitives: LWW-Map, RGA (sequence CRDT), and\n * a Yjs bridge state shape. Enabled per-collection via\n * `collection(name, { crdt: 'lww-map' | 'rga' | 'yjs' })`. Apps that\n * stick to plain record-level last-write-wins can omit this subpath\n * and save ~221 LOC of state / merge / snapshot helpers.\n */\n\nexport { withCrdt } from './active.js'\nexport type { CrdtStrategy } from './strategy.js'\n\nexport {\n  resolveCrdtSnapshot,\n  mergeCrdtStates,\n  buildLwwMapState,\n  buildRgaState,\n} from './crdt.js'\nexport type {\n  CrdtMode,\n  CrdtState,\n  LwwMapState,\n  RgaState,\n  YjsState,\n} from './crdt.js'\n","/**\n * CRDT state types, merge logic, and build helpers.\n * per-collection CRDT mode: 'lww-map' | 'rga' | 'yjs'\n *\n * The encrypted envelope wraps the CRDT state (not the resolved snapshot).\n * Adapters only ever see ciphertext. `collection.get(id)` returns the\n * resolved snapshot; `collection.getRaw(id)` returns the full CRDT state.\n */\n\n// ─── Mode ─────────────────────────────────────────────────────────────\n\n/** Per-collection CRDT mode. */\nexport type CrdtMode = 'lww-map' | 'rga' | 'yjs'\n\n// ─── State shapes ─────────────────────────────────────────────────────\n\n/**\n * Per-field last-write-wins registers.\n * Each field carries its latest value and the ISO timestamp of the last write.\n * Merge: for each field, keep the entry with the lexicographically higher `ts`.\n */\nexport interface LwwMapState {\n  readonly _crdt: 'lww-map'\n  readonly fields: Record<string, { readonly v: unknown; readonly ts: string }>\n}\n\n/**\n * Simplified Replicated Growable Array.\n * Items are assigned stable NID (noy-db id) strings on first insertion.\n * Deleted items are tracked as tombstones so concurrent removals commute.\n *\n * The resolved snapshot is the ordered list of non-tombstoned `v` values.\n */\nexport interface RgaState {\n  readonly _crdt: 'rga'\n  readonly items: ReadonlyArray<{ readonly nid: string; readonly v: unknown }>\n  readonly tombstones: readonly string[]\n}\n\n/**\n * Yjs binary state marker. `update` is base64(Y.encodeStateAsUpdate()).\n * Core stores and retrieves the blob opaquely. `@noy-db/yjs` is responsible\n * for encoding, decoding, and merging via `Y.mergeUpdates`.\n * Core falls back to last-write-wins (higher `_v`) for conflict resolution.\n */\nexport interface YjsState {\n  readonly _crdt: 'yjs'\n  /** base64-encoded Y.encodeStateAsUpdate() bytes. */\n  readonly update: string\n}\n\nexport type CrdtState = LwwMapState | RgaState | YjsState\n\n// ─── Snapshot resolution ──────────────────────────────────────────────\n\n/**\n * Resolve a CRDT state into the end-user record snapshot.\n *\n * - `lww-map` → `Record<string, unknown>` (field values extracted from registers)\n * - `rga`     → `unknown[]` (non-tombstoned items in insertion order)\n * - `yjs`     → `string` (base64 update blob; use @noy-db/yjs for a Y.Doc)\n */\nexport function resolveCrdtSnapshot(state: CrdtState): unknown {\n  switch (state._crdt) {\n    case 'lww-map': {\n      const result: Record<string, unknown> = {}\n      for (const [field, reg] of Object.entries(state.fields)) {\n        result[field] = reg.v\n      }\n      return result\n    }\n    case 'rga': {\n      const dead = new Set(state.tombstones)\n      return state.items.filter(i => !dead.has(i.nid)).map(i => i.v)\n    }\n    case 'yjs':\n      return state.update\n  }\n}\n\n// ─── CRDT merge ───────────────────────────────────────────────────────\n\n/**\n * Merge two CRDT states produced by concurrent writes.\n * Called by the collection-level conflict resolver registered with SyncEngine.\n *\n * For `yjs`: core cannot merge Yjs without importing the `yjs` package.\n * The caller must handle that case by falling back to the higher-`_v` envelope.\n */\nexport function mergeCrdtStates(a: CrdtState, b: CrdtState): CrdtState {\n  // Mismatched modes shouldn't happen in practice — same collection, same schema.\n  if (a._crdt !== b._crdt) return a\n\n  switch (a._crdt) {\n    case 'lww-map':\n      return mergeLwwMap(a, b as LwwMapState)\n    case 'rga':\n      return mergeRga(a, b as RgaState)\n    case 'yjs':\n      // Signal to caller that Yjs merge is needed externally\n      return a\n  }\n}\n\nfunction mergeLwwMap(a: LwwMapState, b: LwwMapState): LwwMapState {\n  const merged: Record<string, { v: unknown; ts: string }> = {}\n  const allFields = new Set([...Object.keys(a.fields), ...Object.keys(b.fields)])\n  for (const field of allFields) {\n    const fa = a.fields[field]\n    const fb = b.fields[field]\n    if (!fa) { merged[field] = fb! }\n    else if (!fb) { merged[field] = fa }\n    else { merged[field] = fa.ts >= fb.ts ? fa : fb }\n  }\n  return { _crdt: 'lww-map', fields: merged }\n}\n\nfunction mergeRga(a: RgaState, b: RgaState): RgaState {\n  // Union tombstones from both sides\n  const allTombstones = new Set([...a.tombstones, ...b.tombstones])\n  // Union items by nid: start with a's ordering, append b-only items\n  const seenNids = new Set(a.items.map(i => i.nid))\n  const merged: Array<{ nid: string; v: unknown }> = [\n    ...a.items,\n    ...b.items.filter(i => !seenNids.has(i.nid)),\n  ]\n  return { _crdt: 'rga', items: merged, tombstones: [...allTombstones] }\n}\n\n// ─── Build helpers ────────────────────────────────────────────────────\n\n/**\n * Build (or update) an lww-map state from a new record.\n *\n * All fields in the new record win at timestamp `now`.\n * Fields present in the existing state but absent from the new record\n * are preserved (they were written by another device).\n */\nexport function buildLwwMapState(\n  record: Record<string, unknown>,\n  existing: LwwMapState | undefined,\n  now: string,\n): LwwMapState {\n  const fields: Record<string, { v: unknown; ts: string }> = {}\n\n  // New record fields all get the current timestamp — this device wins for these\n  for (const [field, value] of Object.entries(record)) {\n    fields[field] = { v: value, ts: now }\n  }\n\n  // Preserve fields from the existing state that aren't in the new record\n  if (existing) {\n    for (const [field, reg] of Object.entries(existing.fields)) {\n      if (!(field in fields)) {\n        fields[field] = reg\n      }\n    }\n  }\n\n  return { _crdt: 'lww-map', fields }\n}\n\n/**\n * Build (or update) an RGA state from a new array.\n *\n * Existing items are matched to new elements by deep-equality of their `v`.\n * Unmatched existing items are tombstoned. New elements that have no existing\n * match get a fresh NID via `generateNid()`.\n */\nexport function buildRgaState(\n  arr: unknown[],\n  existing: RgaState | undefined,\n  generateNid: () => string,\n): RgaState {\n  // Build an index from JSON(v) → existing item so we can match by value\n  const existingByValue = new Map<string, { nid: string; v: unknown }>()\n  if (existing) {\n    for (const item of existing.items) {\n      // Only add first occurrence per value to avoid double-matching\n      const key = JSON.stringify(item.v)\n      if (!existingByValue.has(key)) existingByValue.set(key, item)\n    }\n  }\n\n  const usedNids = new Set<string>()\n  const newItems: Array<{ nid: string; v: unknown }> = []\n\n  for (const el of arr) {\n    const key = JSON.stringify(el)\n    const match = existingByValue.get(key)\n    if (match && !usedNids.has(match.nid)) {\n      // Reuse existing NID to preserve cross-device identity\n      newItems.push(match)\n      usedNids.add(match.nid)\n    } else {\n      // New element — assign a fresh NID\n      const nid = generateNid()\n      newItems.push({ nid, v: el })\n      usedNids.add(nid)\n    }\n  }\n\n  // Elements in the existing state that aren't in the new array → tombstone.\n  // Tombstoned items are kept in the items array to preserve ordering for\n  // cross-device merge — the resolved snapshot filters them out.\n  const tombstones: string[] = existing ? [...existing.tombstones] : []\n  const extraItems: Array<{ nid: string; v: unknown }> = []\n  if (existing) {\n    for (const item of existing.items) {\n      if (!usedNids.has(item.nid)) {\n        if (!tombstones.includes(item.nid)) tombstones.push(item.nid)\n        extraItems.push(item) // retain in items for ordering\n      }\n    }\n  }\n\n  // Final items: live items in new order, then tombstoned extras at the end\n  const items = [...newItems, ...extraItems]\n\n  return { _crdt: 'rga', items, tombstones }\n}\n","/**\n * Active CRDT strategy factory. Calling `withCrdt()` returns a\n * `CrdtStrategy` whose methods delegate to the real LWW-Map / RGA /\n * merge / snapshot helpers in `./crdt.ts`. Only reachable through\n * the `@noy-db/hub/crdt` subpath.\n */\n\nimport {\n  buildLwwMapState,\n  buildRgaState,\n  mergeCrdtStates,\n  resolveCrdtSnapshot,\n} from './crdt.js'\nimport type { CrdtStrategy } from './strategy.js'\n\n/**\n * Build the default CRDT strategy. Pass into\n * `createNoydb({ crdtStrategy: withCrdt() })` to enable collections\n * declared with `crdt: 'lww-map' | 'rga' | 'yjs'`.\n *\n * @example\n * ```ts\n * import { createNoydb } from '@noy-db/hub'\n * import { withCrdt } from '@noy-db/hub/crdt'\n *\n * const db = await createNoydb({\n *   store, user, secret,\n *   crdtStrategy: withCrdt(),\n * })\n * const notes = vault.collection('notes', { crdt: 'lww-map' })\n * ```\n */\nexport function withCrdt(): CrdtStrategy {\n  return {\n    buildLwwMapState,\n    buildRgaState,\n    mergeCrdtStates,\n    resolveCrdtSnapshot,\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;AC8DO,SAAS,oBAAoB,OAA2B;AAC7D,UAAQ,MAAM,OAAO;AAAA,IACnB,KAAK,WAAW;AACd,YAAM,SAAkC,CAAC;AACzC,iBAAW,CAAC,OAAO,GAAG,KAAK,OAAO,QAAQ,MAAM,MAAM,GAAG;AACvD,eAAO,KAAK,IAAI,IAAI;AAAA,MACtB;AACA,aAAO;AAAA,IACT;AAAA,IACA,KAAK,OAAO;AACV,YAAM,OAAO,IAAI,IAAI,MAAM,UAAU;AACrC,aAAO,MAAM,MAAM,OAAO,OAAK,CAAC,KAAK,IAAI,EAAE,GAAG,CAAC,EAAE,IAAI,OAAK,EAAE,CAAC;AAAA,IAC/D;AAAA,IACA,KAAK;AACH,aAAO,MAAM;AAAA,EACjB;AACF;AAWO,SAAS,gBAAgB,GAAc,GAAyB;AAErE,MAAI,EAAE,UAAU,EAAE,MAAO,QAAO;AAEhC,UAAQ,EAAE,OAAO;AAAA,IACf,KAAK;AACH,aAAO,YAAY,GAAG,CAAgB;AAAA,IACxC,KAAK;AACH,aAAO,SAAS,GAAG,CAAa;AAAA,IAClC,KAAK;AAEH,aAAO;AAAA,EACX;AACF;AAEA,SAAS,YAAY,GAAgB,GAA6B;AAChE,QAAM,SAAqD,CAAC;AAC5D,QAAM,YAAY,oBAAI,IAAI,CAAC,GAAG,OAAO,KAAK,EAAE,MAAM,GAAG,GAAG,OAAO,KAAK,EAAE,MAAM,CAAC,CAAC;AAC9E,aAAW,SAAS,WAAW;AAC7B,UAAM,KAAK,EAAE,OAAO,KAAK;AACzB,UAAM,KAAK,EAAE,OAAO,KAAK;AACzB,QAAI,CAAC,IAAI;AAAE,aAAO,KAAK,IAAI;AAAA,IAAI,WACtB,CAAC,IAAI;AAAE,aAAO,KAAK,IAAI;AAAA,IAAG,OAC9B;AAAE,aAAO,KAAK,IAAI,GAAG,MAAM,GAAG,KAAK,KAAK;AAAA,IAAG;AAAA,EAClD;AACA,SAAO,EAAE,OAAO,WAAW,QAAQ,OAAO;AAC5C;AAEA,SAAS,SAAS,GAAa,GAAuB;AAEpD,QAAM,gBAAgB,oBAAI,IAAI,CAAC,GAAG,EAAE,YAAY,GAAG,EAAE,UAAU,CAAC;AAEhE,QAAM,WAAW,IAAI,IAAI,EAAE,MAAM,IAAI,OAAK,EAAE,GAAG,CAAC;AAChD,QAAM,SAA6C;AAAA,IACjD,GAAG,EAAE;AAAA,IACL,GAAG,EAAE,MAAM,OAAO,OAAK,CAAC,SAAS,IAAI,EAAE,GAAG,CAAC;AAAA,EAC7C;AACA,SAAO,EAAE,OAAO,OAAO,OAAO,QAAQ,YAAY,CAAC,GAAG,aAAa,EAAE;AACvE;AAWO,SAAS,iBACd,QACA,UACA,KACa;AACb,QAAM,SAAqD,CAAC;AAG5D,aAAW,CAAC,OAAO,KAAK,KAAK,OAAO,QAAQ,MAAM,GAAG;AACnD,WAAO,KAAK,IAAI,EAAE,GAAG,OAAO,IAAI,IAAI;AAAA,EACtC;AAGA,MAAI,UAAU;AACZ,eAAW,CAAC,OAAO,GAAG,KAAK,OAAO,QAAQ,SAAS,MAAM,GAAG;AAC1D,UAAI,EAAE,SAAS,SAAS;AACtB,eAAO,KAAK,IAAI;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAEA,SAAO,EAAE,OAAO,WAAW,OAAO;AACpC;AASO,SAAS,cACd,KACA,UACA,aACU;AAEV,QAAM,kBAAkB,oBAAI,IAAyC;AACrE,MAAI,UAAU;AACZ,eAAW,QAAQ,SAAS,OAAO;AAEjC,YAAM,MAAM,KAAK,UAAU,KAAK,CAAC;AACjC,UAAI,CAAC,gBAAgB,IAAI,GAAG,EAAG,iBAAgB,IAAI,KAAK,IAAI;AAAA,IAC9D;AAAA,EACF;AAEA,QAAM,WAAW,oBAAI,IAAY;AACjC,QAAM,WAA+C,CAAC;AAEtD,aAAW,MAAM,KAAK;AACpB,UAAM,MAAM,KAAK,UAAU,EAAE;AAC7B,UAAM,QAAQ,gBAAgB,IAAI,GAAG;AACrC,QAAI,SAAS,CAAC,SAAS,IAAI,MAAM,GAAG,GAAG;AAErC,eAAS,KAAK,KAAK;AACnB,eAAS,IAAI,MAAM,GAAG;AAAA,IACxB,OAAO;AAEL,YAAM,MAAM,YAAY;AACxB,eAAS,KAAK,EAAE,KAAK,GAAG,GAAG,CAAC;AAC5B,eAAS,IAAI,GAAG;AAAA,IAClB;AAAA,EACF;AAKA,QAAM,aAAuB,WAAW,CAAC,GAAG,SAAS,UAAU,IAAI,CAAC;AACpE,QAAM,aAAiD,CAAC;AACxD,MAAI,UAAU;AACZ,eAAW,QAAQ,SAAS,OAAO;AACjC,UAAI,CAAC,SAAS,IAAI,KAAK,GAAG,GAAG;AAC3B,YAAI,CAAC,WAAW,SAAS,KAAK,GAAG,EAAG,YAAW,KAAK,KAAK,GAAG;AAC5D,mBAAW,KAAK,IAAI;AAAA,MACtB;AAAA,IACF;AAAA,EACF;AAGA,QAAM,QAAQ,CAAC,GAAG,UAAU,GAAG,UAAU;AAEzC,SAAO,EAAE,OAAO,OAAO,OAAO,WAAW;AAC3C;;;AC5LO,SAAS,WAAyB;AACvC,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;","names":[]}

package/dist/crdt/index.d.cts

@@ -0,0 +1,30 @@
+import { C as CrdtStrategy } from '../strategy-BSxFXGzb.cjs';
+export { a as CrdtMode, b as CrdtState, L as LwwMapState, R as RgaState, Y as YjsState, c as buildLwwMapState, d as buildRgaState, m as mergeCrdtStates, r as resolveCrdtSnapshot } from '../strategy-BSxFXGzb.cjs';
+
+/**
+ * Active CRDT strategy factory. Calling `withCrdt()` returns a
+ * `CrdtStrategy` whose methods delegate to the real LWW-Map / RGA /
+ * merge / snapshot helpers in `./crdt.ts`. Only reachable through
+ * the `@noy-db/hub/crdt` subpath.
+ */
+
+/**
+ * Build the default CRDT strategy. Pass into
+ * `createNoydb({ crdtStrategy: withCrdt() })` to enable collections
+ * declared with `crdt: 'lww-map' | 'rga' | 'yjs'`.
+ *
+ * @example
+ * ```ts
+ * import { createNoydb } from '@noy-db/hub'
+ * import { withCrdt } from '@noy-db/hub/crdt'
+ *
+ * const db = await createNoydb({
+ *   store, user, secret,
+ *   crdtStrategy: withCrdt(),
+ * })
+ * const notes = vault.collection('notes', { crdt: 'lww-map' })
+ * ```
+ */
+declare function withCrdt(): CrdtStrategy;
+
+export { CrdtStrategy, withCrdt };

package/dist/crdt/index.d.ts

@@ -0,0 +1,30 @@
+import { C as CrdtStrategy } from '../strategy-BSxFXGzb.js';
+export { a as CrdtMode, b as CrdtState, L as LwwMapState, R as RgaState, Y as YjsState, c as buildLwwMapState, d as buildRgaState, m as mergeCrdtStates, r as resolveCrdtSnapshot } from '../strategy-BSxFXGzb.js';
+
+/**
+ * Active CRDT strategy factory. Calling `withCrdt()` returns a
+ * `CrdtStrategy` whose methods delegate to the real LWW-Map / RGA /
+ * merge / snapshot helpers in `./crdt.ts`. Only reachable through
+ * the `@noy-db/hub/crdt` subpath.
+ */
+
+/**
+ * Build the default CRDT strategy. Pass into
+ * `createNoydb({ crdtStrategy: withCrdt() })` to enable collections
+ * declared with `crdt: 'lww-map' | 'rga' | 'yjs'`.
+ *
+ * @example
+ * ```ts
+ * import { createNoydb } from '@noy-db/hub'
+ * import { withCrdt } from '@noy-db/hub/crdt'
+ *
+ * const db = await createNoydb({
+ *   store, user, secret,
+ *   crdtStrategy: withCrdt(),
+ * })
+ * const notes = vault.collection('notes', { crdt: 'lww-map' })
+ * ```
+ */
+declare function withCrdt(): CrdtStrategy;
+
+export { CrdtStrategy, withCrdt };

package/dist/crdt/index.js

@@ -0,0 +1,24 @@
+import {
+  buildLwwMapState,
+  buildRgaState,
+  mergeCrdtStates,
+  resolveCrdtSnapshot
+} from "../chunk-J66GRPNH.js";
+
+// src/crdt/active.ts
+function withCrdt() {
+  return {
+    buildLwwMapState,
+    buildRgaState,
+    mergeCrdtStates,
+    resolveCrdtSnapshot
+  };
+}
+export {
+  buildLwwMapState,
+  buildRgaState,
+  mergeCrdtStates,
+  resolveCrdtSnapshot,
+  withCrdt
+};
+//# sourceMappingURL=index.js.map

package/dist/crdt/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/crdt/active.ts"],"sourcesContent":["/**\n * Active CRDT strategy factory. Calling `withCrdt()` returns a\n * `CrdtStrategy` whose methods delegate to the real LWW-Map / RGA /\n * merge / snapshot helpers in `./crdt.ts`. Only reachable through\n * the `@noy-db/hub/crdt` subpath.\n */\n\nimport {\n  buildLwwMapState,\n  buildRgaState,\n  mergeCrdtStates,\n  resolveCrdtSnapshot,\n} from './crdt.js'\nimport type { CrdtStrategy } from './strategy.js'\n\n/**\n * Build the default CRDT strategy. Pass into\n * `createNoydb({ crdtStrategy: withCrdt() })` to enable collections\n * declared with `crdt: 'lww-map' | 'rga' | 'yjs'`.\n *\n * @example\n * ```ts\n * import { createNoydb } from '@noy-db/hub'\n * import { withCrdt } from '@noy-db/hub/crdt'\n *\n * const db = await createNoydb({\n *   store, user, secret,\n *   crdtStrategy: withCrdt(),\n * })\n * const notes = vault.collection('notes', { crdt: 'lww-map' })\n * ```\n */\nexport function withCrdt(): CrdtStrategy {\n  return {\n    buildLwwMapState,\n    buildRgaState,\n    mergeCrdtStates,\n    resolveCrdtSnapshot,\n  }\n}\n"],"mappings":";;;;;;;;AAgCO,SAAS,WAAyB;AACvC,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;","names":[]}

package/dist/crypto-IVKU7YTT.js

@@ -0,0 +1,44 @@
+import {
+  base64ToBuffer,
+  bufferToBase64,
+  decrypt,
+  decryptBytes,
+  decryptBytesWithAAD,
+  decryptDeterministic,
+  deriveKey,
+  derivePresenceKey,
+  encrypt,
+  encryptBytes,
+  encryptBytesWithAAD,
+  encryptDeterministic,
+  generateDEK,
+  generateIV,
+  generateSalt,
+  hmacSha256Hex,
+  sha256Hex,
+  unwrapKey,
+  wrapKey
+} from "./chunk-MR4424N3.js";
+import "./chunk-ACLDOTNQ.js";
+export {
+  base64ToBuffer,
+  bufferToBase64,
+  decrypt,
+  decryptBytes,
+  decryptBytesWithAAD,
+  decryptDeterministic,
+  deriveKey,
+  derivePresenceKey,
+  encrypt,
+  encryptBytes,
+  encryptBytesWithAAD,
+  encryptDeterministic,
+  generateDEK,
+  generateIV,
+  generateSalt,
+  hmacSha256Hex,
+  sha256Hex,
+  unwrapKey,
+  wrapKey
+};
+//# sourceMappingURL=crypto-IVKU7YTT.js.map

package/dist/crypto-IVKU7YTT.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/delegation-XDJCBTI2.js

@@ -0,0 +1,16 @@
+import {
+  DELEGATIONS_COLLECTION,
+  issueDelegation,
+  loadActiveDelegations,
+  revokeDelegation
+} from "./chunk-XCL3WP6J.js";
+import "./chunk-FZU343FL.js";
+import "./chunk-MR4424N3.js";
+import "./chunk-ACLDOTNQ.js";
+export {
+  DELEGATIONS_COLLECTION,
+  issueDelegation,
+  loadActiveDelegations,
+  revokeDelegation
+};
+//# sourceMappingURL=delegation-XDJCBTI2.js.map

package/dist/delegation-XDJCBTI2.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/dev-unlock-CeXic1xC.d.cts

@@ -0,0 +1,263 @@
+import { aq as Role, ar as UnlockedKeyring } from './types-Bfs0qr5F.cjs';
+
+/**
+ * Session tokens —
+ *
+ * After a vault is unlocked (via passphrase, WebAuthn, OIDC, or magic-
+ * link), the caller can call `createSession()` to get a session token that
+ * allows re-establishing the KEK for the session lifetime without re-running
+ * PBKDF2 or any interactive auth challenge.
+ *
+ * Security model
+ * ──────────────
+ * A session consists of two pieces that must both be present to recover the
+ * KEK:
+ *
+ *   1. The **session key** — a non-extractable AES-256-GCM CryptoKey that
+ *      exists only in memory. "Non-extractable" is enforced by the WebCrypto
+ *      API: the key object cannot be serialized, exported, or sent over
+ *      postMessage. When the JS context is GC'd (tab close, navigation away,
+ *      worker termination) the key becomes unrecoverable.
+ *
+ *   2. The **session token** — a JSON object that carries the KEK wrapped
+ *      with the session key (AES-256-GCM, fresh IV per session), plus
+ *      unencrypted session metadata (sessionId, userId, vault, role,
+ *      expiresAt). The token can be serialized to JSON and stored in
+ *      sessionStorage or passed across callsites within the same tab, but
+ *      it is useless without the session key.
+ *
+ * The session key is kept in a module-level Map indexed by sessionId. Callers
+ * that need to re-use a session must hold on to the sessionId returned from
+ * `createSession()`; the key is looked up automatically by `resolveSession()`.
+ *
+ * Revocation: `revokeSession()` removes the entry from the Map. Because the
+ * key is non-extractable, removal is sufficient — no one holds a serializable
+ * copy of the key.
+ *
+ * Tab-scoped lifetime: the module-level Map lives only as long as the JS
+ * module. Tab close → module unloaded → Map GC'd → all session keys gone.
+ * This is the zero-effort logout: closing the tab is always a secure logout.
+ *
+ * Expiry: `createSession()` accepts a `ttlMs` option. `resolveSession()`
+ * checks `expiresAt` and throws `SessionExpiredError` if the token is stale,
+ * even if the session key is still in the Map.
+ */
+
+/** The serializable part of a session token. Safe to store in sessionStorage. */
+interface SessionToken {
+    readonly _noydb_session: 1;
+    /** Unique session identifier (ULID). Use this as the handle for resolve/revoke. */
+    readonly sessionId: string;
+    readonly userId: string;
+    readonly vault: string;
+    readonly role: Role;
+    /** ISO timestamp — resolveSession() rejects this token after this time. */
+    readonly expiresAt: string;
+    /** KEK wrapped with the session key (AES-256-GCM). Base64. */
+    readonly wrappedKek: string;
+    /** IV used for the wrapping operation. Base64. */
+    readonly kekIv: string;
+}
+/** Result returned from `createSession()`. */
+interface CreateSessionResult {
+    /** Serializable token — store in sessionStorage or pass to `resolveSession()`. */
+    token: SessionToken;
+    /** The sessionId — use this handle for `resolveSession()` and `revokeSession()`. */
+    sessionId: string;
+}
+/** Options for `createSession()`. */
+interface CreateSessionOptions {
+    /**
+     * Session lifetime in milliseconds. Defaults to 60 minutes.
+     * After this duration, `resolveSession()` throws `SessionExpiredError`.
+     */
+    ttlMs?: number;
+}
+/**
+ * Create a session for an already-unlocked keyring.
+ *
+ * Call this after any successful unlock (passphrase, WebAuthn, OIDC,
+ * magic-link). The returned `sessionId` is the handle for later
+ * `resolveSession()` and `revokeSession()` calls.
+ *
+ * The session key is generated fresh (non-extractable) and stored in the
+ * module-level Map. The KEK from `keyring.kek` is exported (it must be
+ * extractable — it was derived by `deriveKey()` which sets extractable: false,
+ * but it's unwrapped from the keyring which sets extractable: true) and then
+ * re-wrapped with the session key.
+ *
+ * @param keyring - An already-unlocked keyring whose `kek` is available.
+ * @param vault - The vault name this session is scoped to.
+ * @param options - Optional session configuration.
+ */
+declare function createSession(keyring: UnlockedKeyring, vault: string, options?: CreateSessionOptions): Promise<CreateSessionResult>;
+/**
+ * Resolve a session token back into an UnlockedKeyring.
+ *
+ * Looks up the session key by `sessionId`, checks the token is not expired,
+ * then decrypts the payload to reconstruct the keyring's DEK set.
+ *
+ * Throws `SessionExpiredError` if the token's `expiresAt` is in the past.
+ * Throws `SessionNotFoundError` if the session key is not in the store
+ * (tab was reloaded, session was revoked, or the sessionId is wrong).
+ *
+ * @param token - The SessionToken from `createSession()`.
+ */
+declare function resolveSession(token: SessionToken): Promise<UnlockedKeyring>;
+/**
+ * Revoke a session by removing its key from the store.
+ *
+ * After revocation, `resolveSession()` will throw `SessionNotFoundError`
+ * for this sessionId. The session token (if held by the caller) becomes
+ * permanently useless. This is the explicit logout path.
+ *
+ * No-op if the session was already expired or does not exist.
+ */
+declare function revokeSession(sessionId: string): void;
+/**
+ * Check if a session is still alive (key in store + not expired).
+ * Does not decrypt anything — purely a metadata check.
+ */
+declare function isSessionAlive(token: SessionToken): boolean;
+/**
+ * Revoke all active sessions. Used by `Noydb.close()` to ensure that
+ * closing the instance destroys all session state, not just the keyring
+ * cache.
+ */
+declare function revokeAllSessions(): void;
+/**
+ * Return the number of active sessions currently in the store.
+ * Useful for diagnostics and tests.
+ */
+declare function activeSessionCount(): number;
+
+/**
+ * Dev-mode persistent unlock —
+ *
+ * Solves the developer inner-loop friction: hot-reload destroys the session
+ * (page navigation semantics), forcing a passphrase re-entry every refresh.
+ *
+ * This module provides an opt-in, deliberately-named escape hatch that lets
+ * developers store the keyring payload in sessionStorage or localStorage so
+ * the vault auto-unlocks on every page load — without a passphrase,
+ * without a biometric prompt, without any OIDC flow.
+ *
+ * ⚠️ WARNING — this is a loaded footgun ⚠️
+ * ─────────────────────────────────────────
+ * The keyring payload stored by this module contains the DEKs. Whoever has
+ * access to sessionStorage/localStorage has access to the DEKs. On a shared
+ * development machine, a compromised browser extension, or a mis-configured
+ * origin, this is a complete key exposure.
+ *
+ * This module is ONLY safe for local development. It must NEVER be active
+ * in production builds.
+ *
+ * Guardrails (all enforced by the module, not by the caller)
+ * ──────────────────────────────────────────────────────────
+ * 1. **Production guard:** `enableDevUnlock()` throws immediately if
+ *    `process.env.NODE_ENV === 'production'` or if `import.meta.env?.PROD === true`
+ *    (Vite convention). Also throws if the hostname is NOT localhost or 127.0.0.1.
+ *
+ * 2. **Explicit acknowledgement string:** the caller must pass
+ *    `acknowledge: 'I-UNDERSTAND-THIS-DISABLES-UNLOCK-SECURITY'` or the call
+ *    throws. This string appears in every grep for `devUnlock` in the codebase,
+ *    making it impossible to enable this feature accidentally.
+ *
+ * 3. **Scope is vault + userId:** the storage key includes both the
+ *    vault name and the userId, so dev-unlock for vault-A does
+ *    NOT auto-unlock vault-B.
+ *
+ * 4. **Storage scope:** default is `sessionStorage` (cleared on tab close).
+ *    `localStorage` is opt-in and requires an additional
+ *    `persistAcrossTabs: true` flag in the options.
+ *
+ * 5. **Clear method:** `clearDevUnlock()` removes the stored payload. Wire
+ *    this to a dev toolbar button or `Ctrl+Shift+L` so clearing is one action.
+ *
+ * 6. **Console banner:** on first enable, a highly visible console warning
+ *    fires. Cannot be suppressed.
+ *
+ * Usage
+ * ─────
+ * ```ts
+ * // In your dev entry point only (guarded by import.meta.env.DEV):
+ * if (import.meta.env.DEV) {
+ *   const { enableDevUnlock, loadDevUnlock } = await import('@noy-db/hub')
+ *   enableDevUnlock('my-compartment', 'alice', keyring, {
+ *     acknowledge: 'I-UNDERSTAND-THIS-DISABLES-UNLOCK-SECURITY',
+ *   })
+ * }
+ *
+ * // On page load:
+ * if (import.meta.env.DEV) {
+ *   const keyring = await loadDevUnlock('my-compartment', 'alice')
+ *   if (keyring) {
+ *     // Skip unlock prompt, use keyring directly
+ *   }
+ * }
+ * ```
+ */
+
+interface DevUnlockOptions {
+    /**
+     * Required: the exact string 'I-UNDERSTAND-THIS-DISABLES-UNLOCK-SECURITY'.
+     * Any other value causes `enableDevUnlock()` to throw.
+     */
+    acknowledge: string;
+    /**
+     * If `true`, stores in localStorage (persists across tabs and browser restarts).
+     * If `false` (default), stores in sessionStorage (cleared on tab close).
+     */
+    persistAcrossTabs?: boolean;
+}
+/**
+ * Serialize and store a keyring to browser storage for dev-mode auto-unlock.
+ *
+ * Throws immediately if:
+ *   - The acknowledge string is wrong.
+ *   - Running in a production environment (NODE_ENV=production).
+ *   - Running on a non-localhost hostname.
+ *
+ * Emits a highly visible console warning that cannot be suppressed.
+ *
+ * @param vault - The vault name.
+ * @param userId - The user ID.
+ * @param keyring - The unlocked keyring to persist.
+ * @param options - Options including the required acknowledge string.
+ */
+declare function enableDevUnlock(vault: string, userId: string, keyring: UnlockedKeyring, options: DevUnlockOptions): Promise<void>;
+/**
+ * Load a dev-mode keyring from browser storage.
+ *
+ * Returns `null` if no dev-unlock state is stored for this vault + user,
+ * or if the stored payload is malformed.
+ *
+ * Does NOT perform the production environment check — it's safe to CALL
+ * `loadDevUnlock` in production (it will simply return `null` because no
+ * dev-unlock state was ever written). The guard only fires on `enableDevUnlock`.
+ *
+ * @param vault - The vault name.
+ * @param userId - The user ID.
+ * @param options - Optional storage override.
+ */
+declare function loadDevUnlock(vault: string, userId: string, options?: {
+    persistAcrossTabs?: boolean;
+}): Promise<UnlockedKeyring | null>;
+/**
+ * Remove dev-unlock state from browser storage.
+ *
+ * Safe to call in production (no-op if no dev state exists).
+ */
+declare function clearDevUnlock(vault: string, userId: string, options?: {
+    persistAcrossTabs?: boolean;
+}): void;
+/**
+ * Check if dev-unlock state exists for this vault + user.
+ *
+ * Safe to call in production (returns false if nothing is stored).
+ */
+declare function isDevUnlockActive(vault: string, userId: string, options?: {
+    persistAcrossTabs?: boolean;
+}): boolean;
+
+export { type CreateSessionOptions as C, type DevUnlockOptions as D, type SessionToken as S, type CreateSessionResult as a, activeSessionCount as b, clearDevUnlock as c, createSession as d, enableDevUnlock as e, isSessionAlive as f, revokeAllSessions as g, revokeSession as h, isDevUnlockActive as i, loadDevUnlock as l, resolveSession as r };