@noy-db/hub 0.1.0-pre.3

package/dist/blobs/index.d.cts

@@ -0,0 +1,45 @@
+import { B as BlobStrategy } from '../types-Bfs0qr5F.cjs';
+export { p as BLOB_CHUNKS_COLLECTION, q as BLOB_COLLECTION, s as BLOB_EVICTION_AUDIT_COLLECTION, t as BLOB_INDEX_COLLECTION, u as BLOB_SLOTS_PREFIX, w as BLOB_VERSIONS_PREFIX, x as BlobEvictionEntry, y as BlobFieldPolicy, z as BlobFieldsConfig, A as BlobObject, C as BlobPutOptions, E as BlobResponseOptions, F as BlobSet, G as BlobStrategyOpenArgs, H as CompactRunOptions, J as CompactionContext, K as CompactionResult, L as DEFAULT_CHUNK_SIZE, M as EXPORT_AUDIT_COLLECTION, N as ExportBlobsAbortedError, O as ExportBlobsAuditEntry, Q as ExportBlobsHandle, R as ExportBlobsOptions, T as ExportedBlob, U as SlotInfo, V as SlotRecord, W as VersionRecord, X as createExportBlobsHandle, Y as runCompaction } from '../types-Bfs0qr5F.cjs';
+export { d as detectMagic, a as detectMimeType, i as isPreCompressed } from '../mime-magic-CBBSOkjm.cjs';
+import '../lazy-builder-CZVLKh0Z.cjs';
+import '../predicate-SBHmi6D0.cjs';
+import '../strategy-D-SrOLCl.cjs';
+import '../strategy-BSxFXGzb.cjs';
+import '../index-DN-J-5wT.cjs';
+
+/**
+ * Active blob strategy factory. Calling `blobs()` returns a
+ * `BlobStrategy` whose `openSlot` constructs a real `BlobSet` bound
+ * to the caller's record. The returned strategy is passed into
+ * `createNoydb({ blobStrategy: blobs() })` to light up the
+ * `collection.blob(id)` path.
+ *
+ * This module is only reachable through the `@noy-db/hub/blobs`
+ * subpath — a consumer that never imports the subpath ships none of
+ * this (ESM tree-shaking + hub's `"sideEffects": false`).
+ */
+
+/**
+ * Build a default `BlobStrategy` ready to pass into `createNoydb`.
+ *
+ * Named `withBlobs` (plugin-pattern canonical) rather than `blobs` to
+ * avoid shadowing the very common local idiom
+ * `const blobs = invoices.blob(id)` in user code.
+ *
+ * @example
+ * ```ts
+ * import { createNoydb } from '@noy-db/hub'
+ * import { withBlobs } from '@noy-db/hub/blobs'
+ *
+ * const db = await createNoydb({
+ *   store, user, secret,
+ *   blobStrategy: withBlobs(),
+ * })
+ *
+ * // Now live — delegates to BlobSet.
+ * await db.vault('acme').collection('invoices').blob('inv-1').put('receipt.pdf', bytes)
+ * ```
+ */
+declare function withBlobs(): BlobStrategy;
+
+export { BlobStrategy, withBlobs };

package/dist/blobs/index.d.ts

@@ -0,0 +1,45 @@
+import { B as BlobStrategy } from '../types-BZpCZB8N.js';
+export { p as BLOB_CHUNKS_COLLECTION, q as BLOB_COLLECTION, s as BLOB_EVICTION_AUDIT_COLLECTION, t as BLOB_INDEX_COLLECTION, u as BLOB_SLOTS_PREFIX, w as BLOB_VERSIONS_PREFIX, x as BlobEvictionEntry, y as BlobFieldPolicy, z as BlobFieldsConfig, A as BlobObject, C as BlobPutOptions, E as BlobResponseOptions, F as BlobSet, G as BlobStrategyOpenArgs, H as CompactRunOptions, J as CompactionContext, K as CompactionResult, L as DEFAULT_CHUNK_SIZE, M as EXPORT_AUDIT_COLLECTION, N as ExportBlobsAbortedError, O as ExportBlobsAuditEntry, Q as ExportBlobsHandle, R as ExportBlobsOptions, T as ExportedBlob, U as SlotInfo, V as SlotRecord, W as VersionRecord, X as createExportBlobsHandle, Y as runCompaction } from '../types-BZpCZB8N.js';
+export { d as detectMagic, a as detectMimeType, i as isPreCompressed } from '../mime-magic-CBBSOkjm.js';
+import '../lazy-builder-BwEoBQZ9.js';
+import '../predicate-SBHmi6D0.js';
+import '../strategy-D-SrOLCl.js';
+import '../strategy-BSxFXGzb.js';
+import '../index-BRHBCmLt.js';
+
+/**
+ * Active blob strategy factory. Calling `blobs()` returns a
+ * `BlobStrategy` whose `openSlot` constructs a real `BlobSet` bound
+ * to the caller's record. The returned strategy is passed into
+ * `createNoydb({ blobStrategy: blobs() })` to light up the
+ * `collection.blob(id)` path.
+ *
+ * This module is only reachable through the `@noy-db/hub/blobs`
+ * subpath — a consumer that never imports the subpath ships none of
+ * this (ESM tree-shaking + hub's `"sideEffects": false`).
+ */
+
+/**
+ * Build a default `BlobStrategy` ready to pass into `createNoydb`.
+ *
+ * Named `withBlobs` (plugin-pattern canonical) rather than `blobs` to
+ * avoid shadowing the very common local idiom
+ * `const blobs = invoices.blob(id)` in user code.
+ *
+ * @example
+ * ```ts
+ * import { createNoydb } from '@noy-db/hub'
+ * import { withBlobs } from '@noy-db/hub/blobs'
+ *
+ * const db = await createNoydb({
+ *   store, user, secret,
+ *   blobStrategy: withBlobs(),
+ * })
+ *
+ * // Now live — delegates to BlobSet.
+ * await db.vault('acme').collection('invoices').blob('inv-1').put('receipt.pdf', bytes)
+ * ```
+ */
+declare function withBlobs(): BlobStrategy;
+
+export { BlobStrategy, withBlobs };

package/dist/blobs/index.js

@@ -0,0 +1,48 @@
+import {
+  BLOB_CHUNKS_COLLECTION,
+  BLOB_COLLECTION,
+  BLOB_EVICTION_AUDIT_COLLECTION,
+  BLOB_INDEX_COLLECTION,
+  BLOB_SLOTS_PREFIX,
+  BLOB_VERSIONS_PREFIX,
+  BlobSet,
+  DEFAULT_CHUNK_SIZE,
+  EXPORT_AUDIT_COLLECTION,
+  ExportBlobsAbortedError,
+  createExportBlobsHandle,
+  detectMagic,
+  detectMimeType,
+  isPreCompressed,
+  runCompaction
+} from "../chunk-UQFSPSWG.js";
+import "../chunk-ZRG4V3F5.js";
+import "../chunk-MR4424N3.js";
+import "../chunk-ACLDOTNQ.js";
+
+// src/blobs/active.ts
+function withBlobs() {
+  return {
+    openSlot(args) {
+      return new BlobSet(args);
+    }
+  };
+}
+export {
+  BLOB_CHUNKS_COLLECTION,
+  BLOB_COLLECTION,
+  BLOB_EVICTION_AUDIT_COLLECTION,
+  BLOB_INDEX_COLLECTION,
+  BLOB_SLOTS_PREFIX,
+  BLOB_VERSIONS_PREFIX,
+  BlobSet,
+  DEFAULT_CHUNK_SIZE,
+  EXPORT_AUDIT_COLLECTION,
+  ExportBlobsAbortedError,
+  createExportBlobsHandle,
+  detectMagic,
+  detectMimeType,
+  isPreCompressed,
+  runCompaction,
+  withBlobs
+};
+//# sourceMappingURL=index.js.map

package/dist/blobs/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/blobs/active.ts"],"sourcesContent":["/**\n * Active blob strategy factory. Calling `blobs()` returns a\n * `BlobStrategy` whose `openSlot` constructs a real `BlobSet` bound\n * to the caller's record. The returned strategy is passed into\n * `createNoydb({ blobStrategy: blobs() })` to light up the\n * `collection.blob(id)` path.\n *\n * This module is only reachable through the `@noy-db/hub/blobs`\n * subpath — a consumer that never imports the subpath ships none of\n * this (ESM tree-shaking + hub's `\"sideEffects\": false`).\n */\n\nimport { BlobSet } from './blob-set.js'\nimport type { BlobStrategy } from './strategy.js'\n\n/**\n * Build a default `BlobStrategy` ready to pass into `createNoydb`.\n *\n * Named `withBlobs` (plugin-pattern canonical) rather than `blobs` to\n * avoid shadowing the very common local idiom\n * `const blobs = invoices.blob(id)` in user code.\n *\n * @example\n * ```ts\n * import { createNoydb } from '@noy-db/hub'\n * import { withBlobs } from '@noy-db/hub/blobs'\n *\n * const db = await createNoydb({\n *   store, user, secret,\n *   blobStrategy: withBlobs(),\n * })\n *\n * // Now live — delegates to BlobSet.\n * await db.vault('acme').collection('invoices').blob('inv-1').put('receipt.pdf', bytes)\n * ```\n */\nexport function withBlobs(): BlobStrategy {\n  return {\n    openSlot(args) {\n      return new BlobSet(args)\n    },\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAoCO,SAAS,YAA0B;AACxC,SAAO;AAAA,IACL,SAAS,MAAM;AACb,aAAO,IAAI,QAAQ,IAAI;AAAA,IACzB;AAAA,EACF;AACF;","names":[]}

package/dist/bundle/index.cjs

@@ -0,0 +1,436 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/bundle/index.ts
+var bundle_exports = {};
+__export(bundle_exports, {
+  COMPRESSION_BROTLI: () => COMPRESSION_BROTLI,
+  COMPRESSION_GZIP: () => COMPRESSION_GZIP,
+  COMPRESSION_NONE: () => COMPRESSION_NONE,
+  FLAG_COMPRESSED: () => FLAG_COMPRESSED,
+  FLAG_HAS_INTEGRITY_HASH: () => FLAG_HAS_INTEGRITY_HASH,
+  NOYDB_BUNDLE_FORMAT_VERSION: () => NOYDB_BUNDLE_FORMAT_VERSION,
+  NOYDB_BUNDLE_MAGIC: () => NOYDB_BUNDLE_MAGIC,
+  NOYDB_BUNDLE_PREFIX_BYTES: () => NOYDB_BUNDLE_PREFIX_BYTES,
+  encodeBundleHeader: () => encodeBundleHeader,
+  generateULID: () => generateULID,
+  isULID: () => isULID,
+  readNoydbBundle: () => readNoydbBundle,
+  readNoydbBundleHeader: () => readNoydbBundleHeader,
+  resetBrotliSupportCache: () => resetBrotliSupportCache,
+  validateBundleHeader: () => validateBundleHeader,
+  writeNoydbBundle: () => writeNoydbBundle
+});
+module.exports = __toCommonJS(bundle_exports);
+
+// src/bundle/format.ts
+var NOYDB_BUNDLE_MAGIC = new Uint8Array([78, 68, 66, 49]);
+var NOYDB_BUNDLE_PREFIX_BYTES = 10;
+var NOYDB_BUNDLE_FORMAT_VERSION = 1;
+var FLAG_COMPRESSED = 1;
+var FLAG_HAS_INTEGRITY_HASH = 2;
+var COMPRESSION_NONE = 0;
+var COMPRESSION_GZIP = 1;
+var COMPRESSION_BROTLI = 2;
+var ALLOWED_HEADER_KEYS = /* @__PURE__ */ new Set([
+  "formatVersion",
+  "handle",
+  "bodyBytes",
+  "bodySha256"
+]);
+function validateBundleHeader(parsed) {
+  if (parsed === null || typeof parsed !== "object") {
+    throw new Error(
+      `.noydb bundle header must be a JSON object, got ${parsed === null ? "null" : typeof parsed}`
+    );
+  }
+  for (const key of Object.keys(parsed)) {
+    if (!ALLOWED_HEADER_KEYS.has(key)) {
+      throw new Error(
+        `.noydb bundle header contains forbidden key "${key}". Only minimum-disclosure fields are allowed: ${[...ALLOWED_HEADER_KEYS].join(", ")}.`
+      );
+    }
+  }
+  const h = parsed;
+  if (typeof h["formatVersion"] !== "number" || h["formatVersion"] !== NOYDB_BUNDLE_FORMAT_VERSION) {
+    throw new Error(
+      `.noydb bundle header.formatVersion must be ${NOYDB_BUNDLE_FORMAT_VERSION}, got ${String(h["formatVersion"])}. The reader does not support forward-compat versions; upgrade the reader to handle newer bundles.`
+    );
+  }
+  if (typeof h["handle"] !== "string" || !/^[0-9A-HJKMNP-TV-Z]{26}$/.test(h["handle"])) {
+    throw new Error(
+      `.noydb bundle header.handle must be a 26-character Crockford base32 ULID, got ${typeof h["handle"] === "string" ? `"${h["handle"]}"` : String(h["handle"])}.`
+    );
+  }
+  if (typeof h["bodyBytes"] !== "number" || !Number.isInteger(h["bodyBytes"]) || h["bodyBytes"] < 0) {
+    throw new Error(
+      `.noydb bundle header.bodyBytes must be a non-negative integer, got ${String(h["bodyBytes"])}.`
+    );
+  }
+  if (typeof h["bodySha256"] !== "string" || !/^[0-9a-f]{64}$/.test(h["bodySha256"])) {
+    throw new Error(
+      `.noydb bundle header.bodySha256 must be a 64-character lowercase hex string, got ${typeof h["bodySha256"] === "string" ? `"${h["bodySha256"]}"` : String(h["bodySha256"])}.`
+    );
+  }
+}
+function encodeBundleHeader(header) {
+  validateBundleHeader(header);
+  const json = JSON.stringify({
+    formatVersion: header.formatVersion,
+    handle: header.handle,
+    bodyBytes: header.bodyBytes,
+    bodySha256: header.bodySha256
+  });
+  return new TextEncoder().encode(json);
+}
+function decodeBundleHeader(bytes) {
+  const json = new TextDecoder("utf-8", { fatal: true }).decode(bytes);
+  let parsed;
+  try {
+    parsed = JSON.parse(json);
+  } catch (err) {
+    throw new Error(
+      `.noydb bundle header is not valid JSON: ${err.message}`
+    );
+  }
+  validateBundleHeader(parsed);
+  return parsed;
+}
+function readUint32BE(bytes, offset) {
+  return (bytes[offset] << 24 >>> 0) + (bytes[offset + 1] << 16) + (bytes[offset + 2] << 8) + bytes[offset + 3];
+}
+function writeUint32BE(bytes, offset, value) {
+  bytes[offset] = value >>> 24 & 255;
+  bytes[offset + 1] = value >>> 16 & 255;
+  bytes[offset + 2] = value >>> 8 & 255;
+  bytes[offset + 3] = value & 255;
+}
+function hasNoydbBundleMagic(bytes) {
+  if (bytes.length < NOYDB_BUNDLE_MAGIC.length) return false;
+  for (let i = 0; i < NOYDB_BUNDLE_MAGIC.length; i++) {
+    if (bytes[i] !== NOYDB_BUNDLE_MAGIC[i]) return false;
+  }
+  return true;
+}
+
+// src/errors.ts
+var NoydbError = class extends Error {
+  /** Machine-readable error code. Stable across library versions. */
+  code;
+  constructor(code, message) {
+    super(message);
+    this.name = "NoydbError";
+    this.code = code;
+  }
+};
+var BundleIntegrityError = class extends NoydbError {
+  constructor(message) {
+    super("BUNDLE_INTEGRITY", `.noydb bundle integrity check failed: ${message}`);
+    this.name = "BundleIntegrityError";
+  }
+};
+
+// src/bundle/bundle.ts
+var cachedBrotliSupport = null;
+function supportsBrotliCompression() {
+  if (cachedBrotliSupport !== null) return cachedBrotliSupport;
+  try {
+    new CompressionStream("br");
+    cachedBrotliSupport = true;
+  } catch {
+    cachedBrotliSupport = false;
+  }
+  return cachedBrotliSupport;
+}
+function resetBrotliSupportCache() {
+  cachedBrotliSupport = null;
+}
+function selectCompression(option) {
+  const choice = option ?? "auto";
+  if (choice === "none") return { format: COMPRESSION_NONE, streamFormat: null };
+  if (choice === "gzip") return { format: COMPRESSION_GZIP, streamFormat: "gzip" };
+  if (choice === "brotli") {
+    if (!supportsBrotliCompression()) {
+      throw new Error(
+        `writeNoydbBundle({ compression: 'brotli' }) is not supported on this runtime. Brotli requires Node 22+, Chrome 124+, or Firefox 122+. Use { compression: 'auto' } to fall back to gzip silently, or { compression: 'gzip' } to be explicit.`
+      );
+    }
+    return { format: COMPRESSION_BROTLI, streamFormat: "br" };
+  }
+  if (supportsBrotliCompression()) {
+    return { format: COMPRESSION_BROTLI, streamFormat: "br" };
+  }
+  return { format: COMPRESSION_GZIP, streamFormat: "gzip" };
+}
+async function pumpThroughStream(input, stream) {
+  const readable = new Blob([input]).stream().pipeThrough(stream);
+  const reader = readable.getReader();
+  const chunks = [];
+  let total = 0;
+  for (; ; ) {
+    const { value, done } = await reader.read();
+    if (done) break;
+    if (value) {
+      chunks.push(value);
+      total += value.length;
+    }
+  }
+  const out = new Uint8Array(total);
+  let offset = 0;
+  for (const chunk of chunks) {
+    out.set(chunk, offset);
+    offset += chunk.length;
+  }
+  return out;
+}
+async function sha256Hex(bytes) {
+  const copy = new Uint8Array(bytes.length);
+  copy.set(bytes);
+  const digest = await crypto.subtle.digest("SHA-256", copy);
+  const view = new Uint8Array(digest);
+  let hex = "";
+  for (let i = 0; i < view.length; i++) {
+    hex += view[i].toString(16).padStart(2, "0");
+  }
+  return hex;
+}
+function concatBytes(parts) {
+  let total = 0;
+  for (const p of parts) total += p.length;
+  const out = new Uint8Array(total);
+  let offset = 0;
+  for (const p of parts) {
+    out.set(p, offset);
+    offset += p.length;
+  }
+  return out;
+}
+async function applyRecipientRewrap(vault, dumpJson, opts) {
+  if (opts.exportPassphrase === void 0 && opts.recipients === void 0) {
+    return dumpJson;
+  }
+  const recipients = opts.recipients ?? [
+    {
+      id: vault.userId,
+      passphrase: opts.exportPassphrase,
+      role: vault.role
+    }
+  ];
+  const recipientKeyrings = await vault.buildBundleRecipientKeyrings(recipients);
+  const backup = JSON.parse(dumpJson);
+  backup.keyrings = recipientKeyrings;
+  return JSON.stringify(backup);
+}
+function applySliceFilters(dumpJson, opts) {
+  const collectionsFilter = opts.collections ? new Set(opts.collections) : null;
+  const sinceMs = opts.since !== void 0 ? new Date(opts.since).getTime() : null;
+  if (collectionsFilter === null && sinceMs === null) return dumpJson;
+  const backup = JSON.parse(dumpJson);
+  if (backup.collections && typeof backup.collections === "object") {
+    const next = {};
+    for (const [name, records] of Object.entries(backup.collections)) {
+      if (collectionsFilter && !collectionsFilter.has(name)) continue;
+      if (sinceMs === null) {
+        next[name] = records;
+        continue;
+      }
+      const kept = {};
+      for (const [id, env] of Object.entries(records)) {
+        const envTs = env._ts ? new Date(env._ts).getTime() : NaN;
+        if (Number.isFinite(envTs) && envTs >= sinceMs) {
+          kept[id] = env;
+        }
+      }
+      next[name] = kept;
+    }
+    backup.collections = next;
+  }
+  return JSON.stringify(backup);
+}
+async function applyPlaintextFilters(vault, dumpJson, opts) {
+  if (opts.where === void 0 && opts.tierAtMost === void 0) {
+    return dumpJson;
+  }
+  const backup = JSON.parse(dumpJson);
+  if (!backup.collections || typeof backup.collections !== "object") {
+    return dumpJson;
+  }
+  const tierCeiling = opts.tierAtMost;
+  const where = opts.where;
+  const next = {};
+  for (const [collName, records] of Object.entries(backup.collections)) {
+    const kept = {};
+    for (const [id, env] of Object.entries(records)) {
+      if (tierCeiling !== void 0) {
+        const tier = env._tier ?? 0;
+        if (tier > tierCeiling) continue;
+      }
+      if (where !== void 0) {
+        const record = await vault._decryptEnvelopeForBundleFilter(
+          env,
+          collName
+        );
+        const ok = await where(record, { collection: collName, id });
+        if (!ok) continue;
+      }
+      kept[id] = env;
+    }
+    next[collName] = kept;
+  }
+  backup.collections = next;
+  return JSON.stringify(backup);
+}
+async function writeNoydbBundle(vault, opts = {}) {
+  if (opts.exportPassphrase !== void 0 && opts.recipients !== void 0) {
+    throw new Error(
+      "writeNoydbBundle: pass either exportPassphrase or recipients, not both"
+    );
+  }
+  const handle = await vault.getBundleHandle();
+  const dumpJson = await vault.dump();
+  const rekeyed = await applyRecipientRewrap(vault, dumpJson, opts);
+  const plainFiltered = await applyPlaintextFilters(vault, rekeyed, opts);
+  const filtered = applySliceFilters(plainFiltered, opts);
+  const dumpBytes = new TextEncoder().encode(filtered);
+  const { format, streamFormat } = selectCompression(opts.compression);
+  const body = streamFormat === null ? dumpBytes : await pumpThroughStream(dumpBytes, new CompressionStream(streamFormat));
+  const bodySha256 = await sha256Hex(body);
+  const header = {
+    formatVersion: NOYDB_BUNDLE_FORMAT_VERSION,
+    handle,
+    bodyBytes: body.length,
+    bodySha256
+  };
+  const headerBytes = encodeBundleHeader(header);
+  const prefix = new Uint8Array(NOYDB_BUNDLE_PREFIX_BYTES);
+  prefix.set(NOYDB_BUNDLE_MAGIC, 0);
+  prefix[4] = (streamFormat === null ? 0 : FLAG_COMPRESSED) | FLAG_HAS_INTEGRITY_HASH;
+  prefix[5] = format;
+  writeUint32BE(prefix, 6, headerBytes.length);
+  return concatBytes([prefix, headerBytes, body]);
+}
+function parsePrefixAndHeader(bytes) {
+  if (!hasNoydbBundleMagic(bytes)) {
+    throw new Error(
+      `Not a .noydb bundle: missing 'NDB1' magic prefix. The first 4 bytes are ${[...bytes.slice(0, 4)].map((b) => b.toString(16).padStart(2, "0")).join(" ")}.`
+    );
+  }
+  if (bytes.length < NOYDB_BUNDLE_PREFIX_BYTES) {
+    throw new Error(
+      `Truncated .noydb bundle: file is only ${bytes.length} bytes, which is less than the ${NOYDB_BUNDLE_PREFIX_BYTES}-byte fixed prefix.`
+    );
+  }
+  const flags = bytes[4];
+  const algo = bytes[5];
+  if (algo !== COMPRESSION_NONE && algo !== COMPRESSION_GZIP && algo !== COMPRESSION_BROTLI) {
+    throw new Error(
+      `.noydb bundle declares unknown compression algorithm ${algo}. Known values: 0 (none), 1 (gzip), 2 (brotli).`
+    );
+  }
+  const headerLength = readUint32BE(bytes, 6);
+  const bodyOffset = NOYDB_BUNDLE_PREFIX_BYTES + headerLength;
+  if (bodyOffset > bytes.length) {
+    throw new Error(
+      `Truncated .noydb bundle: declared header length ${headerLength} would extend past end of file (${bytes.length} bytes).`
+    );
+  }
+  const headerBytes = bytes.slice(NOYDB_BUNDLE_PREFIX_BYTES, bodyOffset);
+  const header = decodeBundleHeader(headerBytes);
+  return { header, bodyOffset, algo, flags };
+}
+function readNoydbBundleHeader(bytes) {
+  return parsePrefixAndHeader(bytes).header;
+}
+async function readNoydbBundle(bytes) {
+  const { header, bodyOffset, algo } = parsePrefixAndHeader(bytes);
+  const body = bytes.slice(bodyOffset);
+  if (body.length !== header.bodyBytes) {
+    throw new BundleIntegrityError(
+      `body length ${body.length} does not match header.bodyBytes ${header.bodyBytes}. The bundle was truncated or padded between write and read.`
+    );
+  }
+  const actualSha = await sha256Hex(body);
+  if (actualSha !== header.bodySha256) {
+    throw new BundleIntegrityError(
+      `body sha256 ${actualSha} does not match header.bodySha256 ${header.bodySha256}. The bundle bytes were modified between write and read \u2014 refuse to decompress.`
+    );
+  }
+  let dumpBytes;
+  if (algo === COMPRESSION_NONE) {
+    dumpBytes = body;
+  } else {
+    const streamFormat = algo === COMPRESSION_BROTLI ? "br" : "gzip";
+    try {
+      dumpBytes = await pumpThroughStream(body, new DecompressionStream(streamFormat));
+    } catch (err) {
+      throw new BundleIntegrityError(
+        `decompression failed: ${err.message}. The bundle passed the integrity hash but the body is not valid ${streamFormat} data \u2014 likely a producer bug.`
+      );
+    }
+  }
+  const dumpJson = new TextDecoder("utf-8", { fatal: true }).decode(dumpBytes);
+  return { header, dumpJson };
+}
+
+// src/bundle/ulid.ts
+var CROCKFORD_ALPHABET = "0123456789ABCDEFGHJKMNPQRSTVWXYZ";
+function encodeBase32(value, length) {
+  let out = "";
+  let v = value;
+  for (let i = 0; i < length; i++) {
+    out = CROCKFORD_ALPHABET[v % 32] + out;
+    v = Math.floor(v / 32);
+  }
+  return out;
+}
+function generateULID() {
+  const now = Date.now();
+  const timestampHigh = Math.floor(now / 16777216);
+  const timestampLow = now & 16777215;
+  const tsPart = encodeBase32(timestampHigh, 5) + encodeBase32(timestampLow, 5);
+  const randBytes = new Uint8Array(10);
+  crypto.getRandomValues(randBytes);
+  const rand1 = randBytes[0] * 2 ** 32 + (randBytes[1] << 24 >>> 0) + (randBytes[2] << 16) + (randBytes[3] << 8) + randBytes[4];
+  const rand2 = randBytes[5] * 2 ** 32 + (randBytes[6] << 24 >>> 0) + (randBytes[7] << 16) + (randBytes[8] << 8) + randBytes[9];
+  const randPart = encodeBase32(rand1, 8) + encodeBase32(rand2, 8);
+  return tsPart + randPart;
+}
+function isULID(value) {
+  return /^[0-9A-HJKMNP-TV-Z]{26}$/.test(value);
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  COMPRESSION_BROTLI,
+  COMPRESSION_GZIP,
+  COMPRESSION_NONE,
+  FLAG_COMPRESSED,
+  FLAG_HAS_INTEGRITY_HASH,
+  NOYDB_BUNDLE_FORMAT_VERSION,
+  NOYDB_BUNDLE_MAGIC,
+  NOYDB_BUNDLE_PREFIX_BYTES,
+  encodeBundleHeader,
+  generateULID,
+  isULID,
+  readNoydbBundle,
+  readNoydbBundleHeader,
+  resetBrotliSupportCache,
+  validateBundleHeader,
+  writeNoydbBundle
+});
+//# sourceMappingURL=index.cjs.map