@noy-db/hub 0.1.0-pre.3

package/dist/util/index.js

@@ -0,0 +1,190 @@
+import {
+  FilenameSanitizationError
+} from "../chunk-ACLDOTNQ.js";
+
+// src/util/sanitize-filename.ts
+var REPLACEMENT = "_";
+var BIDI_OVERRIDES = /[‪-‮⁦-⁩]/g;
+var WINDOWS_RESERVED_CHARS = /[<>:"/\\|?*]/g;
+var WINDOWS_RESERVED_NAMES = /* @__PURE__ */ new Set([
+  "CON",
+  "PRN",
+  "AUX",
+  "NUL",
+  "COM1",
+  "COM2",
+  "COM3",
+  "COM4",
+  "COM5",
+  "COM6",
+  "COM7",
+  "COM8",
+  "COM9",
+  "LPT1",
+  "LPT2",
+  "LPT3",
+  "LPT4",
+  "LPT5",
+  "LPT6",
+  "LPT7",
+  "LPT8",
+  "LPT9"
+]);
+var MAC_HIDDEN_NOISE = /^(?:\.DS_Store|\.localized|\.fseventsd|\._.+)$/i;
+var URL_UNRESERVED = /[A-Za-z0-9\-._~]/;
+var utf8 = new TextEncoder();
+function isControlCode(cp) {
+  return cp >= 0 && cp <= 31 || cp === 127;
+}
+function stripControlChars(s) {
+  let out = "";
+  for (let i = 0; i < s.length; i++) {
+    out += isControlCode(s.charCodeAt(i)) ? REPLACEMENT : s[i];
+  }
+  return out;
+}
+function trimWhitespaceAndControls(s) {
+  let start = 0;
+  let end = s.length;
+  while (start < end) {
+    const ch = s[start];
+    if (!isControlCode(s.charCodeAt(start)) && ch.trim() !== "") break;
+    start++;
+  }
+  while (end > start) {
+    const ch = s[end - 1];
+    if (!isControlCode(s.charCodeAt(end - 1)) && ch.trim() !== "") break;
+    end--;
+  }
+  return s.slice(start, end);
+}
+function sanitizeFilename(name, opts) {
+  if (typeof name !== "string") {
+    throw new FilenameSanitizationError("input must be a string");
+  }
+  if (name.includes("\0")) {
+    throw new FilenameSanitizationError("NUL byte in filename");
+  }
+  let s = name.normalize("NFC").replace(BIDI_OVERRIDES, "");
+  if (opts.profile === "opaque") {
+    return applyOpaque(s, opts);
+  }
+  s = trimWhitespaceAndControls(s);
+  switch (opts.profile) {
+    case "posix":
+      return cap(applyPosix(s), opts.maxBytes ?? 255, "utf8");
+    case "windows":
+      return cap(applyWindows(s), opts.maxBytes ?? 255, "utf16");
+    case "macos-smb":
+      return cap(applyMacosSmb(s), opts.maxBytes ?? 240, "utf8");
+    case "zip":
+      return cap(applyZip(s), opts.maxBytes ?? 255, "utf8");
+    case "url-path":
+      return cap(applyUrlPath(s), opts.maxBytes ?? 1024, "bytes-pre-encode");
+    case "s3-key":
+      return cap(applyS3Key(s), opts.maxBytes ?? 1024, "utf8");
+  }
+}
+function applyPosix(s) {
+  const cleaned = s.replace(/\//g, REPLACEMENT);
+  return rejectDotSegments(cleaned);
+}
+function applyWindows(s) {
+  let cleaned = s.replace(WINDOWS_RESERVED_CHARS, REPLACEMENT);
+  cleaned = stripControlChars(cleaned);
+  cleaned = cleaned.replace(/[. ]+$/g, "");
+  cleaned = rejectDotSegments(cleaned);
+  return avoidWindowsReservedName(cleaned);
+}
+function applyMacosSmb(s) {
+  let cleaned = applyWindows(s);
+  if (MAC_HIDDEN_NOISE.test(cleaned)) {
+    cleaned = REPLACEMENT + cleaned;
+  }
+  return cleaned;
+}
+function applyZip(s) {
+  let cleaned = s.replace(/^\/+/, "");
+  cleaned = rejectDotSegments(cleaned);
+  return stripControlChars(cleaned);
+}
+function applyUrlPath(s) {
+  let out = "";
+  for (const ch of s) {
+    if (URL_UNRESERVED.test(ch)) {
+      out += ch;
+      continue;
+    }
+    const bytes = utf8.encode(ch);
+    for (const b of bytes) {
+      out += "%" + b.toString(16).toUpperCase().padStart(2, "0");
+    }
+  }
+  return out;
+}
+function applyS3Key(s) {
+  return applyUrlPath(s.replace(/^\/+/, ""));
+}
+function applyOpaque(s, opts) {
+  if (!opts.opaqueId) {
+    throw new FilenameSanitizationError("opaque profile requires opaqueId");
+  }
+  const dot = s.lastIndexOf(".");
+  if (dot > 0 && dot < s.length - 1) {
+    const ext = s.slice(dot + 1);
+    if (/^[A-Za-z0-9]{1,16}$/.test(ext)) {
+      return `${opts.opaqueId}.${ext.toLowerCase()}`;
+    }
+  }
+  return opts.opaqueId;
+}
+function rejectDotSegments(s) {
+  if (s === "." || s === ".." || s.split(/[/\\]/).some((seg) => seg === "..")) {
+    throw new FilenameSanitizationError("path traversal segment in filename");
+  }
+  if (s.length === 0) {
+    throw new FilenameSanitizationError("empty filename after sanitization");
+  }
+  return s;
+}
+function avoidWindowsReservedName(s) {
+  const dot = s.indexOf(".");
+  const base = dot === -1 ? s : s.slice(0, dot);
+  if (WINDOWS_RESERVED_NAMES.has(base.toUpperCase())) {
+    return REPLACEMENT + s;
+  }
+  return s;
+}
+function cap(s, max, unit) {
+  if (max <= 0) {
+    throw new FilenameSanitizationError("maxBytes must be positive");
+  }
+  if (unit === "utf16") {
+    if (s.length <= max) return s;
+    return s.slice(0, max);
+  }
+  if (unit === "bytes-pre-encode") {
+    if (utf8.encode(s).byteLength <= max) return s;
+    return truncateToByteCap(s, max);
+  }
+  if (utf8.encode(s).byteLength <= max) return s;
+  return truncateToByteCap(s, max);
+}
+function truncateToByteCap(s, max) {
+  let out = "";
+  let used = 0;
+  for (const cp of s) {
+    const n = utf8.encode(cp).byteLength;
+    if (used + n > max) break;
+    out += cp;
+    used += n;
+  }
+  if (out.length === 0) {
+    throw new FilenameSanitizationError("maxBytes too small for a single code point");
+  }
+  return out;
+}
+export {
+  sanitizeFilename
+};
+//# sourceMappingURL=index.js.map

package/dist/util/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/util/sanitize-filename.ts"],"sourcesContent":["/**\n * Target-profile aware filename sanitizer.\n *\n * Pure string in / string out. No filesystem access, no I/O. Use this\n * at the boundary where a user-supplied filename meets a storage\n * destination — local FS, ZIP archive, S3 key, URL path, SMB share —\n * to defuse the canonical 14-class footgun before it reaches that\n * destination.\n *\n * ## Threat model\n *\n *   1. Path injection — `..`, NUL bytes, `\\` on POSIX, absolute paths.\n *   2. Windows reserved names — `CON`, `PRN`, `AUX`, `NUL`,\n *      `COM1-9`, `LPT1-9`, with or without an extension.\n *   3. Windows reserved chars — `< > : \" / \\ | ? *` plus ASCII 0-31.\n *   4. Trailing `.` and ` ` on Windows / SMB.\n *   5. Unicode normalization drift — same display, different bytes →\n *      \"two files with the same name\" sync ghosts.\n *   6. Bidi override spoofing — U+202E reversing `harmless.exe.txt`\n *      into `harmless.txt.exe`.\n *   7. URL `+` ambiguity in S3 presigned URLs.\n *   8. ZIP general-purpose-flag bit 11 (UTF-8 filename) optional in\n *      pre-2006 readers.\n *   9-14. Length caps, leading/trailing whitespace + controls,\n *      `.DS_Store`-style hidden noise, etc.\n *\n * ## Always-on transforms (every profile)\n *\n *   - NFC normalize (`String.prototype.normalize('NFC')`).\n *   - Reject NUL — hard fail, not strip. Silent strip enables a\n *     classic truncation bypass (`safe.txt\\0.exe` → `safe.txt`).\n *   - Strip bidi overrides (`U+202A..U+202E`, `U+2066..U+2069`).\n *   - Trim leading/trailing whitespace and ASCII control chars.\n *\n * ## Non-goals (i18n boundary policy, )\n *\n *   - No transliteration.\n *   - No locale-aware slugging.\n *   - No script-specific segmentation.\n *\n * @module\n */\n\nimport { FilenameSanitizationError } from '../errors.js'\n\n/**\n * One of seven storage destinations the sanitizer knows how to defang\n * for. Pick the most restrictive that covers your write site:\n * `'macos-smb'` is the safe default for \"I don't know where these\n * files end up but they're going to a real filesystem somewhere.\"\n */\nexport type FilenameProfile =\n  | 'posix'\n  | 'windows'\n  | 'macos-smb'\n  | 'zip'\n  | 'url-path'\n  | 's3-key'\n  | 'opaque'\n\nexport interface SanitizeFilenameOptions {\n  /** Target-destination profile. */\n  readonly profile: FilenameProfile\n  /**\n   * Override the per-profile length cap. Useful when leaving headroom\n   * for a collision suffix — e.g. `maxBytes: 240` on a `posix` write\n   * site that wants 15 bytes of slack for `-1`, `-2`, …\n   */\n  readonly maxBytes?: number\n  /**\n   * Required when `profile === 'opaque'`. The opaque profile replaces\n   * the entire input with `${opaqueId}.${ext}` (extension preserved\n   * from the input when present).\n   */\n  readonly opaqueId?: string\n}\n\nconst REPLACEMENT = '_'\n\n// Bidi overrides: U+202A LRE, U+202B RLE, U+202C PDF, U+202D LRO,\n// U+202E RLO, U+2066 LRI, U+2067 RLI, U+2068 FSI, U+2069 PDI.\nconst BIDI_OVERRIDES = /[‪-‮⁦-⁩]/g\n\n// Reserved by Windows / NTFS / FAT / SMB.\nconst WINDOWS_RESERVED_CHARS = /[<>:\"/\\\\|?*]/g\n\nconst WINDOWS_RESERVED_NAMES = new Set([\n  'CON', 'PRN', 'AUX', 'NUL',\n  'COM1', 'COM2', 'COM3', 'COM4', 'COM5', 'COM6', 'COM7', 'COM8', 'COM9',\n  'LPT1', 'LPT2', 'LPT3', 'LPT4', 'LPT5', 'LPT6', 'LPT7', 'LPT8', 'LPT9',\n])\n\n// macOS legacy hidden-noise files. Match the full name.\nconst MAC_HIDDEN_NOISE = /^(?:\\.DS_Store|\\.localized|\\.fseventsd|\\._.+)$/i\n\n// RFC 3986 unreserved set.\nconst URL_UNRESERVED = /[A-Za-z0-9\\-._~]/\n\nconst utf8 = new TextEncoder()\n\nfunction isControlCode(cp: number): boolean {\n  return (cp >= 0 && cp <= 0x1f) || cp === 0x7f\n}\n\nfunction stripControlChars(s: string): string {\n  let out = ''\n  for (let i = 0; i < s.length; i++) {\n    out += isControlCode(s.charCodeAt(i)) ? REPLACEMENT : s[i]\n  }\n  return out\n}\n\nfunction trimWhitespaceAndControls(s: string): string {\n  let start = 0\n  let end = s.length\n  while (start < end) {\n    const ch = s[start]!\n    if (!isControlCode(s.charCodeAt(start)) && ch.trim() !== '') break\n    start++\n  }\n  while (end > start) {\n    const ch = s[end - 1]!\n    if (!isControlCode(s.charCodeAt(end - 1)) && ch.trim() !== '') break\n    end--\n  }\n  return s.slice(start, end)\n}\n\n/**\n * Sanitize a filename for a target-destination profile. Pure: same\n * input + options always returns the same output, no I/O.\n *\n * Returns the sanitized name. Throws {@link FilenameSanitizationError}\n * when the input cannot be made safe at all (NUL byte, empty after\n * normalization, missing `opaqueId` for the opaque profile,\n * `..` segment that would fall out of any reasonable target).\n */\nexport function sanitizeFilename(name: string, opts: SanitizeFilenameOptions): string {\n  if (typeof name !== 'string') {\n    throw new FilenameSanitizationError('input must be a string')\n  }\n  if (name.includes('\\0')) {\n    throw new FilenameSanitizationError('NUL byte in filename')\n  }\n\n  let s = name.normalize('NFC').replace(BIDI_OVERRIDES, '')\n\n  if (opts.profile === 'opaque') {\n    return applyOpaque(s, opts)\n  }\n\n  s = trimWhitespaceAndControls(s)\n\n  switch (opts.profile) {\n    case 'posix':     return cap(applyPosix(s),     opts.maxBytes ?? 255,  'utf8')\n    case 'windows':   return cap(applyWindows(s),   opts.maxBytes ?? 255,  'utf16')\n    case 'macos-smb': return cap(applyMacosSmb(s),  opts.maxBytes ?? 240,  'utf8')\n    case 'zip':       return cap(applyZip(s),       opts.maxBytes ?? 255,  'utf8')\n    case 'url-path':  return cap(applyUrlPath(s),   opts.maxBytes ?? 1024, 'bytes-pre-encode')\n    case 's3-key':    return cap(applyS3Key(s),     opts.maxBytes ?? 1024, 'utf8')\n  }\n}\n\n// ─── Profile implementations ────────────────────────────────────────────\n\nfunction applyPosix(s: string): string {\n  // POSIX is permissive; only `/` and NUL are off-limits.\n  const cleaned = s.replace(/\\//g, REPLACEMENT)\n  return rejectDotSegments(cleaned)\n}\n\nfunction applyWindows(s: string): string {\n  let cleaned = s.replace(WINDOWS_RESERVED_CHARS, REPLACEMENT)\n  cleaned = stripControlChars(cleaned)\n  // Trailing space/dot are stripped by Win32 path resolution.\n  cleaned = cleaned.replace(/[. ]+$/g, '')\n  cleaned = rejectDotSegments(cleaned)\n  return avoidWindowsReservedName(cleaned)\n}\n\nfunction applyMacosSmb(s: string): string {\n  let cleaned = applyWindows(s)\n  if (MAC_HIDDEN_NOISE.test(cleaned)) {\n    cleaned = REPLACEMENT + cleaned\n  }\n  return cleaned\n}\n\nfunction applyZip(s: string): string {\n  let cleaned = s.replace(/^\\/+/, '')\n  cleaned = rejectDotSegments(cleaned)\n  return stripControlChars(cleaned)\n}\n\nfunction applyUrlPath(s: string): string {\n  // RFC 3986 percent-encoding for path segment. Keep `unreserved`,\n  // encode everything else. `+` is encoded as `%2B` because S3 and\n  // legacy servers treat raw `+` as space ambiguously.\n  let out = ''\n  for (const ch of s) {\n    if (URL_UNRESERVED.test(ch)) { out += ch; continue }\n    const bytes = utf8.encode(ch)\n    for (const b of bytes) {\n      out += '%' + b.toString(16).toUpperCase().padStart(2, '0')\n    }\n  }\n  return out\n}\n\nfunction applyS3Key(s: string): string {\n  // Strip leading slashes BEFORE percent-encoding — once `/` is\n  // encoded to `%2F` the leading-slash regex no longer matches.\n  return applyUrlPath(s.replace(/^\\/+/, ''))\n}\n\nfunction applyOpaque(s: string, opts: SanitizeFilenameOptions): string {\n  if (!opts.opaqueId) {\n    throw new FilenameSanitizationError('opaque profile requires opaqueId')\n  }\n  // Preserve a \"safe-looking\" extension only — alphanumeric, ≤16 bytes.\n  const dot = s.lastIndexOf('.')\n  if (dot > 0 && dot < s.length - 1) {\n    const ext = s.slice(dot + 1)\n    if (/^[A-Za-z0-9]{1,16}$/.test(ext)) {\n      return `${opts.opaqueId}.${ext.toLowerCase()}`\n    }\n  }\n  return opts.opaqueId\n}\n\n// ─── Helpers ────────────────────────────────────────────────────────────\n\nfunction rejectDotSegments(s: string): string {\n  if (s === '.' || s === '..' || s.split(/[/\\\\]/).some((seg) => seg === '..')) {\n    throw new FilenameSanitizationError('path traversal segment in filename')\n  }\n  if (s.length === 0) {\n    throw new FilenameSanitizationError('empty filename after sanitization')\n  }\n  return s\n}\n\nfunction avoidWindowsReservedName(s: string): string {\n  const dot = s.indexOf('.')\n  const base = dot === -1 ? s : s.slice(0, dot)\n  if (WINDOWS_RESERVED_NAMES.has(base.toUpperCase())) {\n    return REPLACEMENT + s\n  }\n  return s\n}\n\ntype LengthUnit = 'utf8' | 'utf16' | 'bytes-pre-encode'\n\nfunction cap(s: string, max: number, unit: LengthUnit): string {\n  if (max <= 0) {\n    throw new FilenameSanitizationError('maxBytes must be positive')\n  }\n  if (unit === 'utf16') {\n    if (s.length <= max) return s\n    return s.slice(0, max)\n  }\n  if (unit === 'bytes-pre-encode') {\n    if (utf8.encode(s).byteLength <= max) return s\n    return truncateToByteCap(s, max)\n  }\n  if (utf8.encode(s).byteLength <= max) return s\n  return truncateToByteCap(s, max)\n}\n\nfunction truncateToByteCap(s: string, max: number): string {\n  // Walk by code points so we never split a multi-byte sequence in\n  // the middle. Whole-grapheme handling (ZWJ-joined emoji) is a\n  // documented non-goal; we only protect against UTF-8 boundary\n  // splits here.\n  let out = ''\n  let used = 0\n  for (const cp of s) {\n    const n = utf8.encode(cp).byteLength\n    if (used + n > max) break\n    out += cp\n    used += n\n  }\n  if (out.length === 0) {\n    throw new FilenameSanitizationError('maxBytes too small for a single code point')\n  }\n  return out\n}\n"],"mappings":";;;;;AA6EA,IAAM,cAAc;AAIpB,IAAM,iBAAiB;AAGvB,IAAM,yBAAyB;AAE/B,IAAM,yBAAyB,oBAAI,IAAI;AAAA,EACrC;AAAA,EAAO;AAAA,EAAO;AAAA,EAAO;AAAA,EACrB;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAChE;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAClE,CAAC;AAGD,IAAM,mBAAmB;AAGzB,IAAM,iBAAiB;AAEvB,IAAM,OAAO,IAAI,YAAY;AAE7B,SAAS,cAAc,IAAqB;AAC1C,SAAQ,MAAM,KAAK,MAAM,MAAS,OAAO;AAC3C;AAEA,SAAS,kBAAkB,GAAmB;AAC5C,MAAI,MAAM;AACV,WAAS,IAAI,GAAG,IAAI,EAAE,QAAQ,KAAK;AACjC,WAAO,cAAc,EAAE,WAAW,CAAC,CAAC,IAAI,cAAc,EAAE,CAAC;AAAA,EAC3D;AACA,SAAO;AACT;AAEA,SAAS,0BAA0B,GAAmB;AACpD,MAAI,QAAQ;AACZ,MAAI,MAAM,EAAE;AACZ,SAAO,QAAQ,KAAK;AAClB,UAAM,KAAK,EAAE,KAAK;AAClB,QAAI,CAAC,cAAc,EAAE,WAAW,KAAK,CAAC,KAAK,GAAG,KAAK,MAAM,GAAI;AAC7D;AAAA,EACF;AACA,SAAO,MAAM,OAAO;AAClB,UAAM,KAAK,EAAE,MAAM,CAAC;AACpB,QAAI,CAAC,cAAc,EAAE,WAAW,MAAM,CAAC,CAAC,KAAK,GAAG,KAAK,MAAM,GAAI;AAC/D;AAAA,EACF;AACA,SAAO,EAAE,MAAM,OAAO,GAAG;AAC3B;AAWO,SAAS,iBAAiB,MAAc,MAAuC;AACpF,MAAI,OAAO,SAAS,UAAU;AAC5B,UAAM,IAAI,0BAA0B,wBAAwB;AAAA,EAC9D;AACA,MAAI,KAAK,SAAS,IAAI,GAAG;AACvB,UAAM,IAAI,0BAA0B,sBAAsB;AAAA,EAC5D;AAEA,MAAI,IAAI,KAAK,UAAU,KAAK,EAAE,QAAQ,gBAAgB,EAAE;AAExD,MAAI,KAAK,YAAY,UAAU;AAC7B,WAAO,YAAY,GAAG,IAAI;AAAA,EAC5B;AAEA,MAAI,0BAA0B,CAAC;AAE/B,UAAQ,KAAK,SAAS;AAAA,IACpB,KAAK;AAAa,aAAO,IAAI,WAAW,CAAC,GAAO,KAAK,YAAY,KAAM,MAAM;AAAA,IAC7E,KAAK;AAAa,aAAO,IAAI,aAAa,CAAC,GAAK,KAAK,YAAY,KAAM,OAAO;AAAA,IAC9E,KAAK;AAAa,aAAO,IAAI,cAAc,CAAC,GAAI,KAAK,YAAY,KAAM,MAAM;AAAA,IAC7E,KAAK;AAAa,aAAO,IAAI,SAAS,CAAC,GAAS,KAAK,YAAY,KAAM,MAAM;AAAA,IAC7E,KAAK;AAAa,aAAO,IAAI,aAAa,CAAC,GAAK,KAAK,YAAY,MAAM,kBAAkB;AAAA,IACzF,KAAK;AAAa,aAAO,IAAI,WAAW,CAAC,GAAO,KAAK,YAAY,MAAM,MAAM;AAAA,EAC/E;AACF;AAIA,SAAS,WAAW,GAAmB;AAErC,QAAM,UAAU,EAAE,QAAQ,OAAO,WAAW;AAC5C,SAAO,kBAAkB,OAAO;AAClC;AAEA,SAAS,aAAa,GAAmB;AACvC,MAAI,UAAU,EAAE,QAAQ,wBAAwB,WAAW;AAC3D,YAAU,kBAAkB,OAAO;AAEnC,YAAU,QAAQ,QAAQ,WAAW,EAAE;AACvC,YAAU,kBAAkB,OAAO;AACnC,SAAO,yBAAyB,OAAO;AACzC;AAEA,SAAS,cAAc,GAAmB;AACxC,MAAI,UAAU,aAAa,CAAC;AAC5B,MAAI,iBAAiB,KAAK,OAAO,GAAG;AAClC,cAAU,cAAc;AAAA,EAC1B;AACA,SAAO;AACT;AAEA,SAAS,SAAS,GAAmB;AACnC,MAAI,UAAU,EAAE,QAAQ,QAAQ,EAAE;AAClC,YAAU,kBAAkB,OAAO;AACnC,SAAO,kBAAkB,OAAO;AAClC;AAEA,SAAS,aAAa,GAAmB;AAIvC,MAAI,MAAM;AACV,aAAW,MAAM,GAAG;AAClB,QAAI,eAAe,KAAK,EAAE,GAAG;AAAE,aAAO;AAAI;AAAA,IAAS;AACnD,UAAM,QAAQ,KAAK,OAAO,EAAE;AAC5B,eAAW,KAAK,OAAO;AACrB,aAAO,MAAM,EAAE,SAAS,EAAE,EAAE,YAAY,EAAE,SAAS,GAAG,GAAG;AAAA,IAC3D;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,WAAW,GAAmB;AAGrC,SAAO,aAAa,EAAE,QAAQ,QAAQ,EAAE,CAAC;AAC3C;AAEA,SAAS,YAAY,GAAW,MAAuC;AACrE,MAAI,CAAC,KAAK,UAAU;AAClB,UAAM,IAAI,0BAA0B,kCAAkC;AAAA,EACxE;AAEA,QAAM,MAAM,EAAE,YAAY,GAAG;AAC7B,MAAI,MAAM,KAAK,MAAM,EAAE,SAAS,GAAG;AACjC,UAAM,MAAM,EAAE,MAAM,MAAM,CAAC;AAC3B,QAAI,sBAAsB,KAAK,GAAG,GAAG;AACnC,aAAO,GAAG,KAAK,QAAQ,IAAI,IAAI,YAAY,CAAC;AAAA,IAC9C;AAAA,EACF;AACA,SAAO,KAAK;AACd;AAIA,SAAS,kBAAkB,GAAmB;AAC5C,MAAI,MAAM,OAAO,MAAM,QAAQ,EAAE,MAAM,OAAO,EAAE,KAAK,CAAC,QAAQ,QAAQ,IAAI,GAAG;AAC3E,UAAM,IAAI,0BAA0B,oCAAoC;AAAA,EAC1E;AACA,MAAI,EAAE,WAAW,GAAG;AAClB,UAAM,IAAI,0BAA0B,mCAAmC;AAAA,EACzE;AACA,SAAO;AACT;AAEA,SAAS,yBAAyB,GAAmB;AACnD,QAAM,MAAM,EAAE,QAAQ,GAAG;AACzB,QAAM,OAAO,QAAQ,KAAK,IAAI,EAAE,MAAM,GAAG,GAAG;AAC5C,MAAI,uBAAuB,IAAI,KAAK,YAAY,CAAC,GAAG;AAClD,WAAO,cAAc;AAAA,EACvB;AACA,SAAO;AACT;AAIA,SAAS,IAAI,GAAW,KAAa,MAA0B;AAC7D,MAAI,OAAO,GAAG;AACZ,UAAM,IAAI,0BAA0B,2BAA2B;AAAA,EACjE;AACA,MAAI,SAAS,SAAS;AACpB,QAAI,EAAE,UAAU,IAAK,QAAO;AAC5B,WAAO,EAAE,MAAM,GAAG,GAAG;AAAA,EACvB;AACA,MAAI,SAAS,oBAAoB;AAC/B,QAAI,KAAK,OAAO,CAAC,EAAE,cAAc,IAAK,QAAO;AAC7C,WAAO,kBAAkB,GAAG,GAAG;AAAA,EACjC;AACA,MAAI,KAAK,OAAO,CAAC,EAAE,cAAc,IAAK,QAAO;AAC7C,SAAO,kBAAkB,GAAG,GAAG;AACjC;AAEA,SAAS,kBAAkB,GAAW,KAAqB;AAKzD,MAAI,MAAM;AACV,MAAI,OAAO;AACX,aAAW,MAAM,GAAG;AAClB,UAAM,IAAI,KAAK,OAAO,EAAE,EAAE;AAC1B,QAAI,OAAO,IAAI,IAAK;AACpB,WAAO;AACP,YAAQ;AAAA,EACV;AACA,MAAI,IAAI,WAAW,GAAG;AACpB,UAAM,IAAI,0BAA0B,4CAA4C;AAAA,EAClF;AACA,SAAO;AACT;","names":[]}

package/package.json

@@ -0,0 +1,244 @@
+{
+  "name": "@noy-db/hub",
+  "version": "0.1.0-pre.3",
+  "description": "Zero-knowledge, offline-first, encrypted document store — core library with AES-256-GCM, PBKDF2, multi-user keyring, and sync engine",
+  "license": "MIT",
+  "author": "vLannaAi <vicio@lanna.ai>",
+  "homepage": "https://github.com/vLannaAi/noy-db/tree/main/packages/hub#readme",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/vLannaAi/noy-db.git",
+    "directory": "packages/hub"
+  },
+  "bugs": {
+    "url": "https://github.com/vLannaAi/noy-db/issues"
+  },
+  "type": "module",
+  "sideEffects": false,
+  "exports": {
+    ".": {
+      "import": {
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.js"
+      },
+      "require": {
+        "types": "./dist/index.d.cts",
+        "default": "./dist/index.cjs"
+      }
+    },
+    "./i18n": {
+      "import": {
+        "types": "./dist/i18n/index.d.ts",
+        "default": "./dist/i18n/index.js"
+      },
+      "require": {
+        "types": "./dist/i18n/index.d.cts",
+        "default": "./dist/i18n/index.cjs"
+      }
+    },
+    "./store": {
+      "import": {
+        "types": "./dist/store/index.d.ts",
+        "default": "./dist/store/index.js"
+      },
+      "require": {
+        "types": "./dist/store/index.d.cts",
+        "default": "./dist/store/index.cjs"
+      }
+    },
+    "./team": {
+      "import": {
+        "types": "./dist/team/index.d.ts",
+        "default": "./dist/team/index.js"
+      },
+      "require": {
+        "types": "./dist/team/index.d.cts",
+        "default": "./dist/team/index.cjs"
+      }
+    },
+    "./session": {
+      "import": {
+        "types": "./dist/session/index.d.ts",
+        "default": "./dist/session/index.js"
+      },
+      "require": {
+        "types": "./dist/session/index.d.cts",
+        "default": "./dist/session/index.cjs"
+      }
+    },
+    "./history": {
+      "import": {
+        "types": "./dist/history/index.d.ts",
+        "default": "./dist/history/index.js"
+      },
+      "require": {
+        "types": "./dist/history/index.d.cts",
+        "default": "./dist/history/index.cjs"
+      }
+    },
+    "./query": {
+      "import": {
+        "types": "./dist/query/index.d.ts",
+        "default": "./dist/query/index.js"
+      },
+      "require": {
+        "types": "./dist/query/index.d.cts",
+        "default": "./dist/query/index.cjs"
+      }
+    },
+    "./blobs": {
+      "import": {
+        "types": "./dist/blobs/index.d.ts",
+        "default": "./dist/blobs/index.js"
+      },
+      "require": {
+        "types": "./dist/blobs/index.d.cts",
+        "default": "./dist/blobs/index.cjs"
+      }
+    },
+    "./indexing": {
+      "import": {
+        "types": "./dist/indexing/index.d.ts",
+        "default": "./dist/indexing/index.js"
+      },
+      "require": {
+        "types": "./dist/indexing/index.d.cts",
+        "default": "./dist/indexing/index.cjs"
+      }
+    },
+    "./aggregate": {
+      "import": {
+        "types": "./dist/aggregate/index.d.ts",
+        "default": "./dist/aggregate/index.js"
+      },
+      "require": {
+        "types": "./dist/aggregate/index.d.cts",
+        "default": "./dist/aggregate/index.cjs"
+      }
+    },
+    "./crdt": {
+      "import": {
+        "types": "./dist/crdt/index.d.ts",
+        "default": "./dist/crdt/index.js"
+      },
+      "require": {
+        "types": "./dist/crdt/index.d.cts",
+        "default": "./dist/crdt/index.cjs"
+      }
+    },
+    "./bundle": {
+      "import": {
+        "types": "./dist/bundle/index.d.ts",
+        "default": "./dist/bundle/index.js"
+      },
+      "require": {
+        "types": "./dist/bundle/index.d.cts",
+        "default": "./dist/bundle/index.cjs"
+      }
+    },
+    "./consent": {
+      "import": {
+        "types": "./dist/consent/index.d.ts",
+        "default": "./dist/consent/index.js"
+      },
+      "require": {
+        "types": "./dist/consent/index.d.cts",
+        "default": "./dist/consent/index.cjs"
+      }
+    },
+    "./periods": {
+      "import": {
+        "types": "./dist/periods/index.d.ts",
+        "default": "./dist/periods/index.js"
+      },
+      "require": {
+        "types": "./dist/periods/index.d.cts",
+        "default": "./dist/periods/index.cjs"
+      }
+    },
+    "./shadow": {
+      "import": {
+        "types": "./dist/shadow/index.d.ts",
+        "default": "./dist/shadow/index.js"
+      },
+      "require": {
+        "types": "./dist/shadow/index.d.cts",
+        "default": "./dist/shadow/index.cjs"
+      }
+    },
+    "./tx": {
+      "import": {
+        "types": "./dist/tx/index.d.ts",
+        "default": "./dist/tx/index.js"
+      },
+      "require": {
+        "types": "./dist/tx/index.d.cts",
+        "default": "./dist/tx/index.cjs"
+      }
+    },
+    "./sync": {
+      "import": {
+        "types": "./dist/sync/index.d.ts",
+        "default": "./dist/sync/index.js"
+      },
+      "require": {
+        "types": "./dist/sync/index.d.cts",
+        "default": "./dist/sync/index.cjs"
+      }
+    },
+    "./util": {
+      "import": {
+        "types": "./dist/util/index.d.ts",
+        "default": "./dist/util/index.js"
+      },
+      "require": {
+        "types": "./dist/util/index.d.cts",
+        "default": "./dist/util/index.cjs"
+      }
+    }
+  },
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "esbuild": "^0.25.0",
+    "zod": "^3.23.0"
+  },
+  "keywords": [
+    "noy-db",
+    "encryption",
+    "zero-knowledge",
+    "offline-first",
+    "document-store",
+    "database",
+    "aes-256-gcm",
+    "pbkdf2",
+    "web-crypto",
+    "crypto",
+    "e2ee",
+    "privacy",
+    "multi-user",
+    "sync",
+    "audit-log"
+  ],
+  "publishConfig": {
+    "access": "public",
+    "tag": "latest"
+  },
+  "scripts": {
+    "build": "tsup",
+    "test": "vitest run",
+    "lint": "eslint src/",
+    "typecheck": "tsc --noEmit",
+    "bundle-check": "node scripts/check-bundle.mjs"
+  }
+}