@noy-db/hub 0.1.0-pre.3

package/dist/team/index.cjs

@@ -0,0 +1,1233 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/team/index.ts
+var team_exports = {};
+__export(team_exports, {
+  PresenceHandle: () => PresenceHandle,
+  SYNC_CREDENTIALS_COLLECTION: () => SYNC_CREDENTIALS_COLLECTION,
+  SyncEngine: () => SyncEngine,
+  SyncTransaction: () => SyncTransaction,
+  credentialStatus: () => credentialStatus,
+  deleteCredential: () => deleteCredential,
+  evaluateExportCapability: () => evaluateExportCapability,
+  evaluateImportCapability: () => evaluateImportCapability,
+  getCredential: () => getCredential,
+  hasExportCapability: () => hasExportCapability,
+  hasImportCapability: () => hasImportCapability,
+  listCredentials: () => listCredentials,
+  putCredential: () => putCredential
+});
+module.exports = __toCommonJS(team_exports);
+
+// src/types.ts
+var NOYDB_FORMAT_VERSION = 1;
+var NOYDB_KEYRING_VERSION = 1;
+var NOYDB_SYNC_VERSION = 1;
+
+// src/errors.ts
+var NoydbError = class extends Error {
+  /** Machine-readable error code. Stable across library versions. */
+  code;
+  constructor(code, message) {
+    super(message);
+    this.name = "NoydbError";
+    this.code = code;
+  }
+};
+var DecryptionError = class extends NoydbError {
+  constructor(message = "Decryption failed") {
+    super("DECRYPTION_FAILED", message);
+    this.name = "DecryptionError";
+  }
+};
+var TamperedError = class extends NoydbError {
+  constructor(message = "Data integrity check failed \u2014 record may have been tampered with") {
+    super("TAMPERED", message);
+    this.name = "TamperedError";
+  }
+};
+var PermissionDeniedError = class extends NoydbError {
+  constructor(message = "Permission denied \u2014 insufficient role for this operation") {
+    super("PERMISSION_DENIED", message);
+    this.name = "PermissionDeniedError";
+  }
+};
+var ConflictError = class extends NoydbError {
+  /** The actual stored version at the time of conflict. */
+  version;
+  constructor(version, message = "Version conflict") {
+    super("CONFLICT", message);
+    this.name = "ConflictError";
+    this.version = version;
+  }
+};
+
+// src/crypto.ts
+var IV_BYTES = 12;
+var KEY_BITS = 256;
+var subtle = globalThis.crypto.subtle;
+async function generateDEK() {
+  return subtle.generateKey(
+    { name: "AES-GCM", length: KEY_BITS },
+    true,
+    // extractable — needed for AES-KW wrapping
+    ["encrypt", "decrypt"]
+  );
+}
+async function wrapKey(dek, kek) {
+  const wrapped = await subtle.wrapKey("raw", dek, kek, "AES-KW");
+  return bufferToBase64(wrapped);
+}
+async function encrypt(plaintext, dek) {
+  const iv = generateIV();
+  const encoded = new TextEncoder().encode(plaintext);
+  const ciphertext = await subtle.encrypt(
+    { name: "AES-GCM", iv },
+    dek,
+    encoded
+  );
+  return {
+    iv: bufferToBase64(iv),
+    data: bufferToBase64(ciphertext)
+  };
+}
+async function decrypt(ivBase64, dataBase64, dek) {
+  const iv = base64ToBuffer(ivBase64);
+  const ciphertext = base64ToBuffer(dataBase64);
+  try {
+    const plaintext = await subtle.decrypt(
+      { name: "AES-GCM", iv },
+      dek,
+      ciphertext
+    );
+    return new TextDecoder().decode(plaintext);
+  } catch (err) {
+    if (err instanceof Error && err.name === "OperationError") {
+      throw new TamperedError();
+    }
+    throw new DecryptionError(
+      err instanceof Error ? err.message : "Decryption failed"
+    );
+  }
+}
+async function derivePresenceKey(dek, collectionName) {
+  const rawDek = await subtle.exportKey("raw", dek);
+  const hkdfKey = await subtle.importKey(
+    "raw",
+    rawDek,
+    "HKDF",
+    false,
+    ["deriveBits"]
+  );
+  const salt = new TextEncoder().encode("noydb-presence");
+  const info = new TextEncoder().encode(collectionName);
+  const bits = await subtle.deriveBits(
+    { name: "HKDF", hash: "SHA-256", salt, info },
+    hkdfKey,
+    KEY_BITS
+  );
+  return subtle.importKey(
+    "raw",
+    bits,
+    { name: "AES-GCM", length: KEY_BITS },
+    false,
+    ["encrypt", "decrypt"]
+  );
+}
+function generateIV() {
+  return globalThis.crypto.getRandomValues(new Uint8Array(IV_BYTES));
+}
+function bufferToBase64(buffer) {
+  const bytes = buffer instanceof Uint8Array ? buffer : new Uint8Array(buffer);
+  let binary = "";
+  for (let i = 0; i < bytes.length; i++) {
+    binary += String.fromCharCode(bytes[i]);
+  }
+  return btoa(binary);
+}
+function base64ToBuffer(base64) {
+  const binary = atob(base64);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return bytes;
+}
+
+// src/team/keyring.ts
+async function ensureCollectionDEK(adapter, vault, keyring) {
+  const inFlight = /* @__PURE__ */ new Map();
+  return async (collectionName) => {
+    const existing = keyring.deks.get(collectionName);
+    if (existing) return existing;
+    const pending = inFlight.get(collectionName);
+    if (pending) return pending;
+    const promise = (async () => {
+      const dek = await generateDEK();
+      keyring.deks.set(collectionName, dek);
+      await persistKeyring(adapter, vault, keyring);
+      return dek;
+    })();
+    inFlight.set(collectionName, promise);
+    try {
+      return await promise;
+    } finally {
+      inFlight.delete(collectionName);
+    }
+  };
+}
+async function persistKeyring(adapter, vault, keyring) {
+  const wrappedDeks = {};
+  for (const [collName, dek] of keyring.deks) {
+    wrappedDeks[collName] = await wrapKey(dek, keyring.kek);
+  }
+  const keyringFile = {
+    _noydb_keyring: NOYDB_KEYRING_VERSION,
+    user_id: keyring.userId,
+    display_name: keyring.displayName,
+    role: keyring.role,
+    permissions: keyring.permissions,
+    deks: wrappedDeks,
+    salt: bufferToBase64(keyring.salt),
+    created_at: (/* @__PURE__ */ new Date()).toISOString(),
+    granted_by: keyring.userId,
+    ...keyring.exportCapability !== void 0 && { export_capability: keyring.exportCapability },
+    ...keyring.importCapability !== void 0 && { import_capability: keyring.importCapability }
+  };
+  await writeKeyringFile(adapter, vault, keyring.userId, keyringFile);
+}
+function defaultBundleCapability(role) {
+  return role === "owner" || role === "admin";
+}
+function hasExportCapability(keyring, tier, format) {
+  const cap = keyring.exportCapability;
+  if (tier === "plaintext") {
+    const allowed = cap?.plaintext ?? [];
+    return allowed.includes("*") || format !== void 0 && allowed.includes(format);
+  }
+  return cap?.bundle ?? defaultBundleCapability(keyring.role);
+}
+function evaluateExportCapability(capability, role, tier, format) {
+  if (tier === "plaintext") {
+    const allowed = capability?.plaintext ?? [];
+    return allowed.includes("*") || format !== void 0 && allowed.includes(format);
+  }
+  return capability?.bundle ?? defaultBundleCapability(role);
+}
+function hasImportCapability(keyring, tier, format) {
+  const cap = keyring.importCapability;
+  if (tier === "plaintext") {
+    const allowed = cap?.plaintext ?? [];
+    return allowed.includes("*") || format !== void 0 && allowed.includes(format);
+  }
+  return cap?.bundle === true;
+}
+function evaluateImportCapability(capability, _role, tier, format) {
+  if (tier === "plaintext") {
+    const allowed = capability?.plaintext ?? [];
+    return allowed.includes("*") || format !== void 0 && allowed.includes(format);
+  }
+  return capability?.bundle === true;
+}
+async function writeKeyringFile(adapter, vault, userId, keyringFile) {
+  const envelope = {
+    _noydb: 1,
+    _v: 1,
+    _ts: (/* @__PURE__ */ new Date()).toISOString(),
+    _iv: "",
+    _data: JSON.stringify(keyringFile)
+  };
+  await adapter.put(vault, "_keyring", userId, envelope);
+}
+
+// src/store/sync-policy.ts
+var SyncScheduler = class {
+  policy;
+  callbacks;
+  _state = "idle";
+  _lastPushAt = null;
+  _lastPullAt = null;
+  _lastError = null;
+  _lastPushTime = 0;
+  // monotonic ms for minIntervalMs enforcement
+  // Timers
+  debounceTimer = null;
+  pushIntervalTimer = null;
+  pullIntervalTimer = null;
+  // Bound handlers for cleanup
+  boundOnVisibilityChange = null;
+  boundOnBeforeExit = null;
+  boundOnPageHide = null;
+  started = false;
+  constructor(policy, callbacks) {
+    this.policy = policy;
+    this.callbacks = callbacks;
+    if (this.shouldRegisterUnload()) {
+      this.boundOnVisibilityChange = this.handleVisibilityChange.bind(this);
+      this.boundOnPageHide = this.handlePageHide.bind(this);
+      this.boundOnBeforeExit = this.handleBeforeExit.bind(this);
+    }
+  }
+  /** Current scheduler status snapshot. */
+  get status() {
+    return {
+      state: this._state,
+      lastPushAt: this._lastPushAt,
+      lastPullAt: this._lastPullAt,
+      lastError: this._lastError,
+      pendingWrites: this.callbacks.getDirtyCount()
+    };
+  }
+  /** Start the scheduler — registers timers, event listeners. */
+  start() {
+    if (this.started) return;
+    this.started = true;
+    if (this.policy.push.mode === "interval" && this.policy.push.intervalMs) {
+      this.pushIntervalTimer = setInterval(() => {
+        void this.executePush();
+      }, this.policy.push.intervalMs);
+    }
+    if (this.policy.pull.mode === "interval" && this.policy.pull.intervalMs) {
+      this.pullIntervalTimer = setInterval(() => {
+        void this.executePull();
+      }, this.policy.pull.intervalMs);
+    }
+    if (this.policy.pull.mode === "on-focus" && typeof document !== "undefined") {
+      document.addEventListener("visibilitychange", this.handleFocusPull);
+    }
+    if (this.shouldRegisterUnload()) {
+      if (typeof document !== "undefined" && this.boundOnVisibilityChange) {
+        document.addEventListener("visibilitychange", this.boundOnVisibilityChange);
+      }
+      if (typeof globalThis.addEventListener === "function" && this.boundOnPageHide) {
+        globalThis.addEventListener("pagehide", this.boundOnPageHide);
+      }
+      if (typeof process !== "undefined" && this.boundOnBeforeExit) {
+        process.on("beforeExit", this.boundOnBeforeExit);
+      }
+    }
+  }
+  /** Stop the scheduler — clears timers, removes event listeners. */
+  stop() {
+    if (!this.started) return;
+    this.started = false;
+    if (this.debounceTimer) {
+      clearTimeout(this.debounceTimer);
+      this.debounceTimer = null;
+    }
+    if (this.pushIntervalTimer) {
+      clearInterval(this.pushIntervalTimer);
+      this.pushIntervalTimer = null;
+    }
+    if (this.pullIntervalTimer) {
+      clearInterval(this.pullIntervalTimer);
+      this.pullIntervalTimer = null;
+    }
+    if (this.policy.pull.mode === "on-focus" && typeof document !== "undefined") {
+      document.removeEventListener("visibilitychange", this.handleFocusPull);
+    }
+    if (typeof document !== "undefined" && this.boundOnVisibilityChange) {
+      document.removeEventListener("visibilitychange", this.boundOnVisibilityChange);
+    }
+    if (typeof globalThis.removeEventListener === "function" && this.boundOnPageHide) {
+      globalThis.removeEventListener("pagehide", this.boundOnPageHide);
+    }
+    if (typeof process !== "undefined" && this.boundOnBeforeExit) {
+      process.removeListener("beforeExit", this.boundOnBeforeExit);
+    }
+  }
+  /**
+   * Notify the scheduler that a local write occurred.
+   * For `on-change` mode: triggers immediate push (respecting minIntervalMs).
+   * For `debounce` mode: resets the debounce timer.
+   * For `manual` / `interval`: no-op.
+   */
+  notifyChange() {
+    if (!this.started) return;
+    if (this.policy.push.mode === "on-change") {
+      void this.executePush();
+    } else if (this.policy.push.mode === "debounce") {
+      this.resetDebounce();
+    }
+  }
+  /** Force an immediate push, bypassing the scheduler. */
+  async forcePush() {
+    await this.executePush();
+  }
+  /** Force an immediate pull, bypassing the scheduler. */
+  async forcePull() {
+    await this.executePull();
+  }
+  // ─── Internal ─────────────────────────────────────────────────────
+  async executePush() {
+    if (this._state === "pushing") return;
+    const minInterval = this.policy.push.minIntervalMs ?? 0;
+    if (minInterval > 0) {
+      const elapsed = Date.now() - this._lastPushTime;
+      if (elapsed < minInterval) {
+        if (this.policy.push.mode === "debounce") {
+          this.scheduleDebounce(minInterval - elapsed);
+        }
+        return;
+      }
+    }
+    if (this.callbacks.getDirtyCount() === 0) {
+      this._state = "idle";
+      return;
+    }
+    this._state = "pushing";
+    try {
+      await this.callbacks.push();
+      this._lastPushAt = (/* @__PURE__ */ new Date()).toISOString();
+      this._lastPushTime = Date.now();
+      this._lastError = null;
+      this._state = this.callbacks.getDirtyCount() > 0 ? "pending" : "idle";
+    } catch (err) {
+      this._lastError = err instanceof Error ? err : new Error(String(err));
+      this._state = "error";
+    }
+  }
+  async executePull() {
+    if (this._state === "pulling") return;
+    const previousState = this._state;
+    this._state = "pulling";
+    try {
+      await this.callbacks.pull();
+      this._lastPullAt = (/* @__PURE__ */ new Date()).toISOString();
+      this._lastError = null;
+      this._state = previousState === "pending" ? "pending" : "idle";
+    } catch (err) {
+      this._lastError = err instanceof Error ? err : new Error(String(err));
+      this._state = "error";
+    }
+  }
+  resetDebounce() {
+    if (this.debounceTimer) clearTimeout(this.debounceTimer);
+    const ms = this.policy.push.debounceMs ?? 3e4;
+    this._state = "pending";
+    this.scheduleDebounce(ms);
+  }
+  scheduleDebounce(ms) {
+    if (this.debounceTimer) clearTimeout(this.debounceTimer);
+    this.debounceTimer = setTimeout(() => {
+      this.debounceTimer = null;
+      void this.executePush();
+    }, ms);
+  }
+  shouldRegisterUnload() {
+    const onUnload = this.policy.push.onUnload;
+    if (onUnload !== void 0) return onUnload;
+    return this.policy.push.mode !== "manual";
+  }
+  // ─── Event handlers ───────────────────────────────────────────────
+  handleVisibilityChange() {
+    if (typeof document !== "undefined" && document.visibilityState === "hidden") {
+      this.fireUnloadPush();
+    }
+  }
+  handlePageHide() {
+    this.fireUnloadPush();
+  }
+  handleBeforeExit() {
+    this.fireUnloadPush();
+  }
+  handleFocusPull = () => {
+    if (typeof document !== "undefined" && document.visibilityState === "visible") {
+      void this.executePull();
+    }
+  };
+  fireUnloadPush() {
+    if (this.callbacks.getDirtyCount() === 0) return;
+    void this.callbacks.push().catch(() => {
+    });
+  }
+};
+
+// src/team/sync.ts
+var SyncEngine = class {
+  local;
+  remote;
+  strategy;
+  emitter;
+  vault;
+  role;
+  label;
+  dirty = [];
+  lastPush = null;
+  lastPull = null;
+  loaded = false;
+  autoSyncInterval = null;
+  isOnline = true;
+  /** Sync scheduler. Manages push/pull timing. */
+  scheduler;
+  /** Per-collection conflict resolvers registered by Collection instances. */
+  conflictResolvers = /* @__PURE__ */ new Map();
+  constructor(opts) {
+    this.local = opts.local;
+    this.remote = opts.remote;
+    this.vault = opts.vault;
+    this.strategy = opts.strategy;
+    this.emitter = opts.emitter;
+    this.role = opts.role ?? "sync-peer";
+    this.label = opts.label;
+    const policy = opts.syncPolicy;
+    if (policy && policy.push.mode !== "manual") {
+      this.scheduler = new SyncScheduler(policy, {
+        push: () => this.push().then(() => {
+        }),
+        pull: () => this.pull().then(() => {
+        }),
+        getDirtyCount: () => this.dirty.length
+      });
+    } else {
+      this.scheduler = null;
+    }
+  }
+  /** Start the sync scheduler. Called after vault is fully opened. */
+  startScheduler() {
+    this.scheduler?.start();
+  }
+  /** Stop the sync scheduler. Called on close. */
+  stopScheduler() {
+    this.scheduler?.stop();
+  }
+  /**
+   * Register a per-collection conflict resolver.
+   * Called by Collection when `conflictPolicy` is set.
+   */
+  registerConflictResolver(collection, resolver) {
+    this.conflictResolvers.set(collection, resolver);
+  }
+  /** Record a local change for later push. */
+  async trackChange(collection, id, action, version) {
+    await this.ensureLoaded();
+    const idx = this.dirty.findIndex((d) => d.collection === collection && d.id === id);
+    const entry = {
+      vault: this.vault,
+      collection,
+      id,
+      action,
+      version,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    if (idx >= 0) {
+      this.dirty[idx] = entry;
+    } else {
+      this.dirty.push(entry);
+    }
+    await this.persistMeta();
+    this.scheduler?.notifyChange();
+  }
+  /** Push dirty records to remote adapter. Accepts optional `PushOptions` for partial sync. */
+  async push(options) {
+    await this.ensureLoaded();
+    let pushed = 0;
+    const conflicts = [];
+    const errors = [];
+    const completed = [];
+    for (let i = 0; i < this.dirty.length; i++) {
+      const entry = this.dirty[i];
+      if (options?.collections && !options.collections.includes(entry.collection)) {
+        continue;
+      }
+      try {
+        if (entry.action === "delete") {
+          await this.remote.delete(this.vault, entry.collection, entry.id);
+          completed.push(i);
+          pushed++;
+        } else {
+          const envelope = await this.local.get(this.vault, entry.collection, entry.id);
+          if (!envelope) {
+            completed.push(i);
+            continue;
+          }
+          try {
+            await this.remote.put(
+              this.vault,
+              entry.collection,
+              entry.id,
+              envelope,
+              entry.version - 1
+            );
+            completed.push(i);
+            pushed++;
+          } catch (err) {
+            if (err instanceof ConflictError) {
+              const remoteEnvelope = await this.remote.get(this.vault, entry.collection, entry.id);
+              if (remoteEnvelope) {
+                const { handled, conflict } = await this.handleConflict(
+                  entry.collection,
+                  entry.id,
+                  envelope,
+                  remoteEnvelope,
+                  "push"
+                );
+                conflicts.push(conflict);
+                if (handled === "local") {
+                  await this.remote.put(this.vault, entry.collection, entry.id, conflict.local);
+                  completed.push(i);
+                  pushed++;
+                } else if (handled === "remote") {
+                  await this.local.put(this.vault, entry.collection, entry.id, conflict.remote);
+                  completed.push(i);
+                } else if (handled === "merged" && conflict.local !== envelope) {
+                  const merged = conflict.local;
+                  await this.remote.put(this.vault, entry.collection, entry.id, merged);
+                  await this.local.put(this.vault, entry.collection, entry.id, merged);
+                  completed.push(i);
+                  pushed++;
+                }
+              }
+            } else {
+              throw err;
+            }
+          }
+        }
+      } catch (err) {
+        errors.push(err instanceof Error ? err : new Error(String(err)));
+      }
+    }
+    for (const i of completed.sort((a, b) => b - a)) {
+      this.dirty.splice(i, 1);
+    }
+    this.lastPush = (/* @__PURE__ */ new Date()).toISOString();
+    await this.persistMeta();
+    const result = { pushed, conflicts, errors };
+    this.emitter.emit("sync:push", result);
+    return result;
+  }
+  /** Pull remote records to local adapter. Accepts optional `PullOptions` for partial sync. */
+  async pull(options) {
+    await this.ensureLoaded();
+    let pulled = 0;
+    const conflicts = [];
+    const errors = [];
+    try {
+      const remoteSnapshot = await this.remote.loadAll(this.vault);
+      for (const [collName, records] of Object.entries(remoteSnapshot)) {
+        if (options?.collections && !options.collections.includes(collName)) {
+          continue;
+        }
+        for (const [id, remoteEnvelope] of Object.entries(records)) {
+          if (options?.modifiedSince && remoteEnvelope._ts <= options.modifiedSince) {
+            continue;
+          }
+          try {
+            const localEnvelope = await this.local.get(this.vault, collName, id);
+            if (!localEnvelope) {
+              await this.local.put(this.vault, collName, id, remoteEnvelope);
+              pulled++;
+            } else if (remoteEnvelope._v > localEnvelope._v) {
+              const isDirty = this.dirty.some((d) => d.collection === collName && d.id === id);
+              if (isDirty) {
+                const { handled, conflict } = await this.handleConflict(
+                  collName,
+                  id,
+                  localEnvelope,
+                  remoteEnvelope,
+                  "pull"
+                );
+                conflicts.push(conflict);
+                if (handled === "remote") {
+                  await this.local.put(this.vault, collName, id, conflict.remote);
+                  this.dirty = this.dirty.filter((d) => !(d.collection === collName && d.id === id));
+                  pulled++;
+                } else if (handled === "merged" && conflict.local !== localEnvelope) {
+                  const merged = conflict.local;
+                  await this.local.put(this.vault, collName, id, merged);
+                  this.dirty = this.dirty.filter((d) => !(d.collection === collName && d.id === id));
+                  pulled++;
+                }
+              } else {
+                await this.local.put(this.vault, collName, id, remoteEnvelope);
+                pulled++;
+              }
+            }
+          } catch (err) {
+            errors.push(err instanceof Error ? err : new Error(String(err)));
+          }
+        }
+      }
+    } catch (err) {
+      errors.push(err instanceof Error ? err : new Error(String(err)));
+    }
+    this.lastPull = (/* @__PURE__ */ new Date()).toISOString();
+    await this.persistMeta();
+    const result = { pulled, conflicts, errors };
+    this.emitter.emit("sync:pull", result);
+    return result;
+  }
+  /** Bidirectional sync: pull then push. */
+  async sync(options) {
+    const pullResult = await this.pull(options?.pull);
+    const pushResult = await this.push(options?.push);
+    return { pull: pullResult, push: pushResult };
+  }
+  /**
+   * Push a specific subset of dirty entries (for sync transactions, ).
+   * Entries are matched by collection+id from the dirty log; matched entries
+   * are removed from the dirty log on success.
+   */
+  async pushFiltered(predicate) {
+    await this.ensureLoaded();
+    let pushed = 0;
+    const conflicts = [];
+    const errors = [];
+    const completed = [];
+    for (let i = 0; i < this.dirty.length; i++) {
+      const entry = this.dirty[i];
+      if (!predicate(entry)) continue;
+      try {
+        if (entry.action === "delete") {
+          await this.remote.delete(this.vault, entry.collection, entry.id);
+          completed.push(i);
+          pushed++;
+        } else {
+          const envelope = await this.local.get(this.vault, entry.collection, entry.id);
+          if (!envelope) {
+            completed.push(i);
+            continue;
+          }
+          try {
+            await this.remote.put(
+              this.vault,
+              entry.collection,
+              entry.id,
+              envelope,
+              entry.version - 1
+            );
+            completed.push(i);
+            pushed++;
+          } catch (err) {
+            if (err instanceof ConflictError) {
+              const remoteEnvelope = await this.remote.get(this.vault, entry.collection, entry.id);
+              if (remoteEnvelope) {
+                const { handled, conflict } = await this.handleConflict(
+                  entry.collection,
+                  entry.id,
+                  envelope,
+                  remoteEnvelope,
+                  "push"
+                );
+                conflicts.push(conflict);
+                if (handled === "local") {
+                  await this.remote.put(this.vault, entry.collection, entry.id, conflict.local);
+                  completed.push(i);
+                  pushed++;
+                } else if (handled === "remote") {
+                  await this.local.put(this.vault, entry.collection, entry.id, conflict.remote);
+                  completed.push(i);
+                } else if (handled === "merged" && conflict.local !== envelope) {
+                  const merged = conflict.local;
+                  await this.remote.put(this.vault, entry.collection, entry.id, merged);
+                  await this.local.put(this.vault, entry.collection, entry.id, merged);
+                  completed.push(i);
+                  pushed++;
+                }
+              }
+            } else {
+              throw err;
+            }
+          }
+        }
+      } catch (err) {
+        errors.push(err instanceof Error ? err : new Error(String(err)));
+      }
+    }
+    for (const i of completed.sort((a, b) => b - a)) {
+      this.dirty.splice(i, 1);
+    }
+    this.lastPush = (/* @__PURE__ */ new Date()).toISOString();
+    await this.persistMeta();
+    const result = { pushed, conflicts, errors };
+    this.emitter.emit("sync:push", result);
+    return result;
+  }
+  /** Get current sync status. */
+  status() {
+    return {
+      dirty: this.dirty.length,
+      lastPush: this.lastPush,
+      lastPull: this.lastPull,
+      online: this.isOnline
+    };
+  }
+  // ─── Auto-Sync ───────────────────────────────────────────────────
+  /** Start auto-sync: listen for online/offline events, optional periodic sync. */
+  startAutoSync(intervalMs) {
+    if (typeof globalThis.addEventListener === "function") {
+      globalThis.addEventListener("online", this.handleOnline);
+      globalThis.addEventListener("offline", this.handleOffline);
+    }
+    if (intervalMs && intervalMs > 0) {
+      this.autoSyncInterval = setInterval(() => {
+        if (this.isOnline) {
+          void this.sync();
+        }
+      }, intervalMs);
+    }
+  }
+  /** Stop auto-sync and scheduler. */
+  stopAutoSync() {
+    this.stopScheduler();
+    if (typeof globalThis.removeEventListener === "function") {
+      globalThis.removeEventListener("online", this.handleOnline);
+      globalThis.removeEventListener("offline", this.handleOffline);
+    }
+    if (this.autoSyncInterval) {
+      clearInterval(this.autoSyncInterval);
+      this.autoSyncInterval = null;
+    }
+  }
+  handleOnline = () => {
+    this.isOnline = true;
+    this.emitter.emit("sync:online", void 0);
+    void this.sync();
+  };
+  handleOffline = () => {
+    this.isOnline = false;
+    this.emitter.emit("sync:offline", void 0);
+  };
+  /**
+   * Resolve a conflict, checking per-collection resolvers first,
+   * then falling back to the db-level `ConflictStrategy`.
+   *
+   * Returns the resolved `Conflict` object (possibly with `resolve` set for
+   * manual mode) and a `handled` discriminant:
+   * - `'local'` — keep the local envelope; push it to remote.
+   * - `'remote'` — keep the remote envelope; update local.
+   * - `'merged'` — a custom merge fn produced a new envelope stored as `conflict.local`.
+   * - `'deferred'` — manual mode, resolve was not called synchronously.
+   */
+  async handleConflict(collection, id, local, remote, _phase) {
+    const resolver = this.conflictResolvers.get(collection);
+    if (resolver) {
+      const winner = await resolver(id, local, remote);
+      const base = {
+        vault: this.vault,
+        collection,
+        id,
+        local,
+        remote,
+        localVersion: local._v,
+        remoteVersion: remote._v
+      };
+      if (winner === null) return { handled: "deferred", conflict: base };
+      if (winner === local) return { handled: "local", conflict: base };
+      if (winner === remote) return { handled: "remote", conflict: base };
+      return {
+        handled: "merged",
+        conflict: { ...base, local: winner, localVersion: winner._v }
+      };
+    }
+    const baseConflict = {
+      vault: this.vault,
+      collection,
+      id,
+      local,
+      remote,
+      localVersion: local._v,
+      remoteVersion: remote._v
+    };
+    this.emitter.emit("sync:conflict", baseConflict);
+    const side = this.legacyResolve(baseConflict);
+    return { handled: side, conflict: baseConflict };
+  }
+  /** DB-level ConflictStrategy resolution (legacy, kept for backward compat). */
+  legacyResolve(conflict) {
+    if (typeof this.strategy === "function") {
+      return this.strategy(conflict);
+    }
+    switch (this.strategy) {
+      case "local-wins":
+        return "local";
+      case "remote-wins":
+        return "remote";
+      case "version":
+      default:
+        return conflict.localVersion >= conflict.remoteVersion ? "local" : "remote";
+    }
+  }
+  // ─── Persistence ─────────────────────────────────────────────────
+  async ensureLoaded() {
+    if (this.loaded) return;
+    const envelope = await this.local.get(this.vault, "_sync", "meta");
+    if (envelope) {
+      const meta = JSON.parse(envelope._data);
+      this.dirty = [...meta.dirty];
+      this.lastPush = meta.last_push;
+      this.lastPull = meta.last_pull;
+    }
+    this.loaded = true;
+  }
+  async persistMeta() {
+    const meta = {
+      _noydb_sync: NOYDB_SYNC_VERSION,
+      last_push: this.lastPush,
+      last_pull: this.lastPull,
+      dirty: this.dirty
+    };
+    const envelope = {
+      _noydb: 1,
+      _v: 1,
+      _ts: (/* @__PURE__ */ new Date()).toISOString(),
+      _iv: "",
+      _data: JSON.stringify(meta)
+    };
+    await this.local.put(this.vault, "_sync", "meta", envelope);
+  }
+};
+
+// src/team/sync-transaction.ts
+var SyncTransaction = class {
+  comp;
+  engine;
+  ops = [];
+  /** @internal — constructed by `Noydb.transaction()` */
+  constructor(comp, engine) {
+    this.comp = comp;
+    this.engine = engine;
+  }
+  /** Stage a record write. Does not write to any adapter until `commit()`. */
+  put(collection, id, record) {
+    this.ops.push({ type: "put", collection, id, record });
+    return this;
+  }
+  /** Stage a record delete. Does not write to any adapter until `commit()`. */
+  delete(collection, id) {
+    this.ops.push({ type: "delete", collection, id });
+    return this;
+  }
+  /**
+   * Commit the transaction.
+   *
+   * Phase 1 — writes all staged operations to the local adapter via the
+   * collection layer (encryption + dirty-log tracking).
+   *
+   * Phase 2 — pushes only the records that were written in this
+   * transaction to the remote adapter. Existing dirty entries from
+   * outside this transaction are not affected.
+   *
+   * If any record conflicts during the push, `status` is `'conflict'`
+   * and `conflicts` lists the affected records. No automatic rollback is
+   * performed.
+   */
+  async commit() {
+    for (const op of this.ops) {
+      if (op.type === "put") {
+        await this.comp.collection(op.collection).put(op.id, op.record);
+      } else {
+        await this.comp.collection(op.collection).delete(op.id);
+      }
+    }
+    const opSet = /* @__PURE__ */ new Set();
+    for (const op of this.ops) {
+      opSet.add(`${op.collection}::${op.id}`);
+    }
+    const pushResult = await this.engine.pushFiltered(
+      (entry) => opSet.has(`${entry.collection}::${entry.id}`)
+    );
+    return {
+      status: pushResult.conflicts.length > 0 ? "conflict" : "committed",
+      pushed: pushResult.pushed,
+      conflicts: pushResult.conflicts
+    };
+  }
+};
+
+// src/team/presence.ts
+var PresenceHandle = class {
+  adapter;
+  syncAdapter;
+  vault;
+  collectionName;
+  userId;
+  encrypted;
+  getDEK;
+  staleMs;
+  pollIntervalMs;
+  channel;
+  storageCollection;
+  presenceKey = null;
+  subscribers = [];
+  unsubscribePubSub = null;
+  pollTimer = null;
+  stopped = false;
+  constructor(opts) {
+    this.adapter = opts.adapter;
+    this.syncAdapter = opts.syncAdapter;
+    this.vault = opts.vault;
+    this.collectionName = opts.collectionName;
+    this.userId = opts.userId;
+    this.encrypted = opts.encrypted;
+    this.getDEK = opts.getDEK;
+    this.staleMs = opts.staleMs ?? 3e4;
+    this.pollIntervalMs = opts.pollIntervalMs ?? 5e3;
+    this.channel = `${opts.vault}:${opts.collectionName}:presence`;
+    this.storageCollection = `_presence_${opts.collectionName}`;
+  }
+  /**
+   * Announce yourself (or update your cursor/status).
+   * Encrypts `payload` with the presence key and publishes it.
+   */
+  async update(payload) {
+    if (this.stopped) return;
+    const key = await this.getPresenceKey();
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const plaintext = JSON.stringify({ userId: this.userId, lastSeen: now, payload });
+    let encryptedPayload;
+    if (this.encrypted && key) {
+      const iv = generateIV();
+      const ivB64 = bufferToBase64(iv);
+      const { data } = await encrypt(plaintext, key);
+      encryptedPayload = JSON.stringify({ iv: ivB64, data });
+    } else {
+      encryptedPayload = plaintext;
+    }
+    const pubAdapter = this.getPubSubAdapter();
+    if (pubAdapter?.presencePublish) {
+      await pubAdapter.presencePublish(this.channel, encryptedPayload);
+    }
+    await this.writeStorageRecord(payload, now);
+  }
+  /**
+   * Subscribe to presence updates. The callback receives a filtered, decrypted
+   * list of all currently-active peers (excluding yourself, excluding stale).
+   *
+   * Returns an unsubscribe function. Also call `stop()` to release all resources.
+   */
+  subscribe(cb) {
+    if (this.stopped) return () => {
+    };
+    this.subscribers.push(cb);
+    if (this.subscribers.length === 1) {
+      this.startListening();
+    }
+    return () => {
+      this.subscribers = this.subscribers.filter((s) => s !== cb);
+      if (this.subscribers.length === 0) this.stopListening();
+    };
+  }
+  /** Stop all listening and clear resources. */
+  stop() {
+    this.stopped = true;
+    this.stopListening();
+    this.subscribers = [];
+  }
+  // ─── Private ────────────────────────────────────────────────────────
+  async getPresenceKey() {
+    if (!this.encrypted) return null;
+    if (!this.presenceKey) {
+      try {
+        const dek = await this.getDEK(this.collectionName);
+        this.presenceKey = await derivePresenceKey(dek, this.collectionName);
+      } catch {
+      }
+    }
+    return this.presenceKey;
+  }
+  getPubSubAdapter() {
+    if (this.syncAdapter?.presencePublish) return this.syncAdapter;
+    if (this.adapter.presencePublish) return this.adapter;
+    return void 0;
+  }
+  startListening() {
+    const pubAdapter = this.getPubSubAdapter();
+    if (pubAdapter?.presenceSubscribe) {
+      this.unsubscribePubSub = pubAdapter.presenceSubscribe(
+        this.channel,
+        (encryptedPayload) => {
+          void this.handlePubSubMessage(encryptedPayload);
+        }
+      );
+    } else {
+      this.pollTimer = setInterval(
+        () => {
+          void this.pollStoragePresence();
+        },
+        this.pollIntervalMs
+      );
+      void this.pollStoragePresence();
+    }
+  }
+  stopListening() {
+    if (this.unsubscribePubSub) {
+      this.unsubscribePubSub();
+      this.unsubscribePubSub = null;
+    }
+    if (this.pollTimer) {
+      clearInterval(this.pollTimer);
+      this.pollTimer = null;
+    }
+  }
+  async handlePubSubMessage(encryptedPayload) {
+    try {
+      const peer = await this.decryptPresencePayload(encryptedPayload);
+      if (!peer || peer.userId === this.userId) return;
+      const cutoff = new Date(Date.now() - this.staleMs).toISOString();
+      if (peer.lastSeen < cutoff) return;
+      await this.pollStoragePresence();
+    } catch {
+    }
+  }
+  async decryptPresencePayload(encryptedPayload) {
+    const key = await this.getPresenceKey();
+    if (!this.encrypted || !key) {
+      return JSON.parse(encryptedPayload);
+    }
+    const { iv: ivB64, data } = JSON.parse(encryptedPayload);
+    const plaintext = await decrypt(ivB64, data, key);
+    return JSON.parse(plaintext);
+  }
+  async writeStorageRecord(payload, now) {
+    const key = await this.getPresenceKey();
+    const plaintext = JSON.stringify(payload);
+    let iv = "";
+    let data;
+    if (this.encrypted && key) {
+      const ivBytes = generateIV();
+      iv = bufferToBase64(ivBytes);
+      const result = await encrypt(plaintext, key);
+      data = result.data;
+    } else {
+      data = plaintext;
+    }
+    const record = { userId: this.userId, lastSeen: now, iv, data };
+    const json = JSON.stringify(record);
+    const storeAdapter = this.syncAdapter ?? this.adapter;
+    const envelope = {
+      _noydb: 1,
+      _v: 1,
+      _ts: now,
+      _iv: "",
+      _data: json
+    };
+    try {
+      await storeAdapter.put(
+        this.vault,
+        this.storageCollection,
+        this.userId,
+        envelope
+      );
+    } catch {
+    }
+  }
+  async pollStoragePresence() {
+    if (this.stopped || this.subscribers.length === 0) return;
+    try {
+      const storeAdapter = this.syncAdapter ?? this.adapter;
+      const ids = await storeAdapter.list(this.vault, this.storageCollection);
+      const cutoff = new Date(Date.now() - this.staleMs).toISOString();
+      const peers = [];
+      for (const id of ids) {
+        if (id === this.userId) continue;
+        const envelope = await storeAdapter.get(this.vault, this.storageCollection, id);
+        if (!envelope) continue;
+        const record = JSON.parse(envelope._data);
+        if (record.lastSeen < cutoff) continue;
+        let peerPayload;
+        if (this.encrypted && this.presenceKey && record.iv) {
+          const plaintext = await decrypt(record.iv, record.data, this.presenceKey);
+          peerPayload = JSON.parse(plaintext);
+        } else {
+          peerPayload = JSON.parse(record.data);
+        }
+        peers.push({ userId: record.userId, payload: peerPayload, lastSeen: record.lastSeen });
+      }
+      for (const cb of this.subscribers) {
+        cb(peers);
+      }
+    } catch {
+    }
+  }
+};
+
+// src/team/sync-credentials.ts
+var SYNC_CREDENTIALS_COLLECTION = "_sync_credentials";
+function requireAdminAccess(keyring) {
+  if (keyring.role !== "owner" && keyring.role !== "admin") {
+    throw new PermissionDeniedError(
+      `Sync credentials require owner or admin role. Current role: "${keyring.role}"`
+    );
+  }
+}
+async function putCredential(adapter, vault, keyring, credential) {
+  requireAdminAccess(keyring);
+  const getDek = await ensureCollectionDEK(adapter, vault, keyring);
+  const dek = await getDek(SYNC_CREDENTIALS_COLLECTION);
+  const { iv, data } = await encrypt(JSON.stringify(credential), dek);
+  const existing = await adapter.get(vault, SYNC_CREDENTIALS_COLLECTION, credential.adapterId);
+  const version = existing ? existing._v + 1 : 1;
+  const envelope = {
+    _noydb: NOYDB_FORMAT_VERSION,
+    _v: version,
+    _ts: (/* @__PURE__ */ new Date()).toISOString(),
+    _iv: iv,
+    _data: data,
+    _by: keyring.userId
+  };
+  await adapter.put(
+    vault,
+    SYNC_CREDENTIALS_COLLECTION,
+    credential.adapterId,
+    envelope,
+    existing ? existing._v : void 0
+  );
+}
+async function getCredential(adapter, vault, keyring, adapterId) {
+  requireAdminAccess(keyring);
+  const getDek = await ensureCollectionDEK(adapter, vault, keyring);
+  const dek = await getDek(SYNC_CREDENTIALS_COLLECTION);
+  const envelope = await adapter.get(vault, SYNC_CREDENTIALS_COLLECTION, adapterId);
+  if (!envelope) return null;
+  const plaintext = await decrypt(envelope._iv, envelope._data, dek);
+  return JSON.parse(plaintext);
+}
+async function deleteCredential(adapter, vault, keyring, adapterId) {
+  requireAdminAccess(keyring);
+  await adapter.delete(vault, SYNC_CREDENTIALS_COLLECTION, adapterId);
+}
+async function listCredentials(adapter, vault, keyring) {
+  requireAdminAccess(keyring);
+  return adapter.list(vault, SYNC_CREDENTIALS_COLLECTION);
+}
+async function credentialStatus(adapter, vault, keyring, adapterId) {
+  const credential = await getCredential(adapter, vault, keyring, adapterId);
+  if (!credential) return { exists: false };
+  const expired = credential.expiresAt ? Date.now() > new Date(credential.expiresAt).getTime() : false;
+  return { exists: true, expired };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  PresenceHandle,
+  SYNC_CREDENTIALS_COLLECTION,
+  SyncEngine,
+  SyncTransaction,
+  credentialStatus,
+  deleteCredential,
+  evaluateExportCapability,
+  evaluateImportCapability,
+  getCredential,
+  hasExportCapability,
+  hasImportCapability,
+  listCredentials,
+  putCredential
+});
+//# sourceMappingURL=index.cjs.map