@noy-db/hub 0.1.0-pre.9 → 0.2.0-pre.1

package/dist/derivations/index.d.ts

@@ -0,0 +1,71 @@
+export { w as withDerivation } from '../with-derivation-g-pGoMzL.js';
+import { aw as DerivationStrategy, ax as DerivationContext } from '../types-DW9RGSSs.js';
+export { ay as ArrayOutputSpec, az as DerivationRegistry, aA as DerivationStrategyHandle, aB as DerivedFromMeta, aC as OutputSpec, aD as RecordOutputSpec } from '../types-DW9RGSSs.js';
+export { e as DerivationCapExceededError, f as DerivationCycleError, g as DerivationDepthError, h as DerivationOutputShapeError, i as DerivationOutputUnknownError } from '../index-CNwA-B6-.js';
+import '../lazy-builder-Rpd-V3jP.js';
+import '../predicate-Dnu81tsS.js';
+import '../strategy-DSTrsZ8t.js';
+import '../strategy-BSxFXGzb.js';
+
+interface RunResult {
+    outputs: Record<string, OutputResult>;
+    failed: boolean;
+}
+/**
+ * Per-output result of a strategy invocation. Discriminated by
+ * `kind`:
+ *
+ * - `record` — the existing v1 shape: one value (or a "skipped"
+ *   marker if the output was optional and `derive` returned null).
+ * - `array` — the #200 shape: a list of `(key, value)` entries.
+ *   The caller diffs these against the previously-emitted key set
+ *   (loaded from the fanout sidecar) to compute deletes + upserts.
+ */
+type OutputResult = RecordOutputResult | ArrayOutputResult | FailedOutputResult;
+interface RecordOutputResult {
+    kind: 'record';
+    value: Record<string, unknown>;
+    ok: true;
+    /**
+     * `true` when an optional output (#144) returned `null` /
+     * `undefined`. The caller deletes any previously-emitted output at
+     * the same id (mirrors "tombstone for derived data"); a never-emitted
+     * output is a silent no-op. `ok: true` because skipping is a
+     * successful outcome, not a failure.
+     */
+    skipped?: boolean;
+}
+interface ArrayOutputResult {
+    kind: 'array';
+    ok: true;
+    /** One `(key, value)` per derived row. Empty array means "all prior outputs for this source go." */
+    entries: ReadonlyArray<{
+        readonly key: string;
+        readonly value: Record<string, unknown>;
+    }>;
+}
+interface FailedOutputResult {
+    kind: 'failed';
+    ok: false;
+    error: Error;
+    /** Always empty on failure; present so consumers don't have to narrow. */
+    value: Record<string, unknown>;
+}
+/**
+ * Stateless functions that execute a derivation strategy. Persistence
+ * (encrypt + store.put) is the caller's job — typically
+ * `DerivationRegistry.onSourceWrite` which iterates run() results and
+ * writes each output via `Collection.put`.
+ */
+declare const DerivationExecutor: {
+    /**
+     * Run `derive` once, validate output shape against the spec, stamp
+     * `_derivedFrom` onto every output. Returns per-output success or
+     * failure; throws only for shape mismatches (a contract violation).
+     */
+    run<TSource extends Record<string, unknown>, TOutputs extends Record<string, Record<string, unknown>>>(strategy: DerivationStrategy<TSource, TOutputs>, source: TSource & {
+        id: string;
+    }, sourceVersion: number, strategyHash: string, ctx: DerivationContext): Promise<RunResult>;
+};
+
+export { DerivationExecutor, DerivationStrategy };

package/dist/derivations/index.js

@@ -0,0 +1,27 @@
+import {
+  withDerivation
+} from "../chunk-EGQYGYIU.js";
+import {
+  DerivationRegistry
+} from "../chunk-FCXOFQAJ.js";
+import {
+  DerivationExecutor
+} from "../chunk-HB3Z2GCR.js";
+import {
+  DerivationCapExceededError,
+  DerivationCycleError,
+  DerivationDepthError,
+  DerivationOutputShapeError,
+  DerivationOutputUnknownError
+} from "../chunk-ADQ5MQ54.js";
+export {
+  DerivationCapExceededError,
+  DerivationCycleError,
+  DerivationDepthError,
+  DerivationExecutor,
+  DerivationOutputShapeError,
+  DerivationOutputUnknownError,
+  DerivationRegistry,
+  withDerivation
+};
+//# sourceMappingURL=index.js.map

package/dist/{dev-unlock-BdPp68qn.d.ts → dev-unlock-D9s-loPr.d.ts}

@@ -1,4 +1,4 @@
-import { aq as Role, ar as UnlockedKeyring } from './types-Bo7NSXJr.js';
+import { aL as Role, aM as UnlockedKeyring } from './types-DW9RGSSs.js';
 
 /**
  * Session tokens —

package/dist/{dev-unlock-Da1B0TIK.d.cts → dev-unlock-DRwVSy2S.d.cts}

@@ -1,4 +1,4 @@
-import { aq as Role, ar as UnlockedKeyring } from './types-Bnb82f5R.cjs';
+import { aL as Role, aM as UnlockedKeyring } from './types-C4lwMKKF.cjs';
 
 /**
  * Session tokens —

package/dist/executor-7E3VFGW7.js

@@ -0,0 +1,11 @@
+import {
+  MaterializedViewExecutor
+} from "./chunk-SIZWEV2Y.js";
+import "./chunk-DPMFBCV6.js";
+import "./chunk-XGSOTWYX.js";
+import "./chunk-MRIBLZL3.js";
+import "./chunk-ADQ5MQ54.js";
+export {
+  MaterializedViewExecutor
+};
+//# sourceMappingURL=executor-7E3VFGW7.js.map

package/dist/executor-CEWX2FQI.js

@@ -0,0 +1,8 @@
+import {
+  GuardExecutor
+} from "./chunk-34YSDCDP.js";
+import "./chunk-ADQ5MQ54.js";
+export {
+  GuardExecutor
+};
+//# sourceMappingURL=executor-CEWX2FQI.js.map

package/dist/executor-CEWX2FQI.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/executor-X4SQ3ZLC.js

@@ -0,0 +1,8 @@
+import {
+  DerivationExecutor
+} from "./chunk-HB3Z2GCR.js";
+import "./chunk-ADQ5MQ54.js";
+export {
+  DerivationExecutor
+};
+//# sourceMappingURL=executor-X4SQ3ZLC.js.map

package/dist/executor-X4SQ3ZLC.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/fanout-sidecar-VJ52RIEY.js

@@ -0,0 +1,51 @@
+import {
+  NOYDB_FORMAT_VERSION
+} from "./chunk-YS3POABP.js";
+
+// src/derivations/fanout-sidecar.ts
+function recordId(source, sourceId, outputKey) {
+  return `derivations-fanout/${source}/${sourceId}/${outputKey}`;
+}
+async function loadFanoutSidecar(store, vault, source, sourceId, outputKey) {
+  const envelope = await store.get(vault, "_meta", recordId(source, sourceId, outputKey));
+  if (!envelope) return void 0;
+  try {
+    const parsed = JSON.parse(envelope._data);
+    if (parsed._noydb_fanout !== 1) return void 0;
+    if (!Array.isArray(parsed.keys)) return void 0;
+    return parsed;
+  } catch {
+    return void 0;
+  }
+}
+async function saveFanoutSidecar(store, vault, payload) {
+  const doc = {
+    _noydb_fanout: 1,
+    source: payload.source,
+    sourceId: payload.sourceId,
+    outputKey: payload.outputKey,
+    outputCollection: payload.outputCollection,
+    keys: payload.keys,
+    emittedAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  const id = recordId(payload.source, payload.sourceId, payload.outputKey);
+  const prior = await store.get(vault, "_meta", id);
+  const envelope = {
+    _noydb: NOYDB_FORMAT_VERSION,
+    _v: (prior?._v ?? 0) + 1,
+    _ts: (/* @__PURE__ */ new Date()).toISOString(),
+    // AES-GCM bypassed — sidecar is system metadata, no user data inside.
+    _iv: "",
+    _data: JSON.stringify(doc)
+  };
+  await store.put(vault, "_meta", id, envelope);
+}
+async function deleteFanoutSidecar(store, vault, source, sourceId, outputKey) {
+  await store.delete(vault, "_meta", recordId(source, sourceId, outputKey));
+}
+export {
+  deleteFanoutSidecar,
+  loadFanoutSidecar,
+  saveFanoutSidecar
+};
+//# sourceMappingURL=fanout-sidecar-VJ52RIEY.js.map

package/dist/fanout-sidecar-VJ52RIEY.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/derivations/fanout-sidecar.ts"],"sourcesContent":["/**\n * Per-source-row fanout sidecar for `shape: 'array'` derivations (#200).\n *\n * Each `(sourceCollection, sourceId, outputKey)` triple gets its own\n * envelope at:\n *\n *     _meta/derivations-fanout/<sourceCollection>/<sourceId>/<outputKey>\n *\n * The envelope records the last-emitted derived row ids so the\n * dispatcher can compute the diff on every source-row update in O(1):\n * read prior keys, compute `toDelete = prev \\ new`, write new, persist\n * back.\n *\n * Stored as plain JSON with AES-GCM bypassed (same pattern as\n * `_meta/policy`, `_meta/recovery-paper`, `_meta/sealed-passphrase`,\n * etc.): the sidecar is system metadata, not user data, and the\n * derived outputs themselves carry their own encryption envelopes.\n *\n * @module\n */\nimport type { NoydbStore, EncryptedEnvelope } from '../types.js'\nimport { NOYDB_FORMAT_VERSION } from '../types.js'\n\n/** Magic-prefixed JSON payload at `_meta/<recordId>`. */\nexport interface FanoutSidecar {\n  readonly _noydb_fanout: 1\n  /** Source collection name. */\n  readonly source: string\n  /** Source record id. */\n  readonly sourceId: string\n  /** Strategy output key (the key in `strategy.outputs`). */\n  readonly outputKey: string\n  /** Output collection name (audit / forensics). */\n  readonly outputCollection: string\n  /** Derived-row ids last emitted for this (source, output) pair. */\n  readonly keys: ReadonlyArray<string>\n  /** ISO timestamp of last dispatch. */\n  readonly emittedAt: string\n}\n\n/**\n * Build the canonical `_meta` record id for a fanout sidecar.\n *\n * The full path inside the store is `_meta/<this-string>`. We pack the\n * full triple into the id so a single `_meta` collection holds all\n * sidecars (collection-per-source would proliferate names; the\n * existing `_meta` flat namespace is cheaper).\n */\nfunction recordId(source: string, sourceId: string, outputKey: string): string {\n  // Use `/` as a separator. None of the components is supposed to\n  // contain it (collection names + output keys are bare identifiers;\n  // source ids are typically ULIDs / UUIDs / app-chosen strings\n  // without slashes). If a future source carries `/` in its id, we'd\n  // need an escape; deferred until that's a real case.\n  return `derivations-fanout/${source}/${sourceId}/${outputKey}`\n}\n\n/** Read the sidecar; returns empty if absent. */\nexport async function loadFanoutSidecar(\n  store: NoydbStore,\n  vault: string,\n  source: string,\n  sourceId: string,\n  outputKey: string,\n): Promise<FanoutSidecar | undefined> {\n  const envelope = await store.get(vault, '_meta', recordId(source, sourceId, outputKey))\n  if (!envelope) return undefined\n  try {\n    const parsed = JSON.parse(envelope._data) as FanoutSidecar\n    if (parsed._noydb_fanout !== 1) return undefined\n    if (!Array.isArray(parsed.keys)) return undefined\n    return parsed\n  } catch {\n    return undefined\n  }\n}\n\n/** Persist (insert/replace) the sidecar with a fresh key set. */\nexport async function saveFanoutSidecar(\n  store: NoydbStore,\n  vault: string,\n  payload: {\n    readonly source: string\n    readonly sourceId: string\n    readonly outputKey: string\n    readonly outputCollection: string\n    readonly keys: ReadonlyArray<string>\n  },\n): Promise<void> {\n  const doc: FanoutSidecar = {\n    _noydb_fanout: 1,\n    source: payload.source,\n    sourceId: payload.sourceId,\n    outputKey: payload.outputKey,\n    outputCollection: payload.outputCollection,\n    keys: payload.keys,\n    emittedAt: new Date().toISOString(),\n  }\n  const id = recordId(payload.source, payload.sourceId, payload.outputKey)\n  const prior = await store.get(vault, '_meta', id)\n  const envelope: EncryptedEnvelope = {\n    _noydb: NOYDB_FORMAT_VERSION,\n    _v: (prior?._v ?? 0) + 1,\n    _ts: new Date().toISOString(),\n    // AES-GCM bypassed — sidecar is system metadata, no user data inside.\n    _iv: '',\n    _data: JSON.stringify(doc),\n  }\n  await store.put(vault, '_meta', id, envelope)\n}\n\n/** Delete the sidecar (used on source-row delete cascade). */\nexport async function deleteFanoutSidecar(\n  store: NoydbStore,\n  vault: string,\n  source: string,\n  sourceId: string,\n  outputKey: string,\n): Promise<void> {\n  await store.delete(vault, '_meta', recordId(source, sourceId, outputKey))\n}\n"],"mappings":";;;;;AAgDA,SAAS,SAAS,QAAgB,UAAkB,WAA2B;AAM7E,SAAO,sBAAsB,MAAM,IAAI,QAAQ,IAAI,SAAS;AAC9D;AAGA,eAAsB,kBACpB,OACA,OACA,QACA,UACA,WACoC;AACpC,QAAM,WAAW,MAAM,MAAM,IAAI,OAAO,SAAS,SAAS,QAAQ,UAAU,SAAS,CAAC;AACtF,MAAI,CAAC,SAAU,QAAO;AACtB,MAAI;AACF,UAAM,SAAS,KAAK,MAAM,SAAS,KAAK;AACxC,QAAI,OAAO,kBAAkB,EAAG,QAAO;AACvC,QAAI,CAAC,MAAM,QAAQ,OAAO,IAAI,EAAG,QAAO;AACxC,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAGA,eAAsB,kBACpB,OACA,OACA,SAOe;AACf,QAAM,MAAqB;AAAA,IACzB,eAAe;AAAA,IACf,QAAQ,QAAQ;AAAA,IAChB,UAAU,QAAQ;AAAA,IAClB,WAAW,QAAQ;AAAA,IACnB,kBAAkB,QAAQ;AAAA,IAC1B,MAAM,QAAQ;AAAA,IACd,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,EACpC;AACA,QAAM,KAAK,SAAS,QAAQ,QAAQ,QAAQ,UAAU,QAAQ,SAAS;AACvE,QAAM,QAAQ,MAAM,MAAM,IAAI,OAAO,SAAS,EAAE;AAChD,QAAM,WAA8B;AAAA,IAClC,QAAQ;AAAA,IACR,KAAK,OAAO,MAAM,KAAK;AAAA,IACvB,MAAK,oBAAI,KAAK,GAAE,YAAY;AAAA;AAAA,IAE5B,KAAK;AAAA,IACL,OAAO,KAAK,UAAU,GAAG;AAAA,EAC3B;AACA,QAAM,MAAM,IAAI,OAAO,SAAS,IAAI,QAAQ;AAC9C;AAGA,eAAsB,oBACpB,OACA,OACA,QACA,UACA,WACe;AACf,QAAM,MAAM,OAAO,OAAO,SAAS,SAAS,QAAQ,UAAU,SAAS,CAAC;AAC1E;","names":[]}

package/dist/guards/index.cjs

@@ -0,0 +1,315 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/guards/index.ts
+var guards_exports = {};
+__export(guards_exports, {
+  AmendmentForbiddenError: () => AmendmentForbiddenError,
+  FieldFrozenError: () => FieldFrozenError,
+  GuardExecutor: () => GuardExecutor,
+  GuardRegistry: () => GuardRegistry,
+  InvariantError: () => InvariantError,
+  ReadOnlyVaultFacade: () => ReadOnlyVaultFacade,
+  RecordLockedError: () => RecordLockedError,
+  withGuard: () => withGuard
+});
+module.exports = __toCommonJS(guards_exports);
+
+// src/errors.ts
+var NoydbError = class extends Error {
+  /** Machine-readable error code. Stable across library versions. */
+  code;
+  constructor(code, message) {
+    super(message);
+    this.name = "NoydbError";
+    this.code = code;
+  }
+};
+var RecordLockedError = class extends NoydbError {
+  collection;
+  id;
+  reason;
+  constructor(collection, id, reason) {
+    super(
+      "RECORD_LOCKED",
+      `Cannot modify ${collection}/${id} \u2014 locked by guard: ${reason}. Use withTransactions({ amendment: true, reason }) with admin/owner role to override.`
+    );
+    this.name = "RecordLockedError";
+    this.collection = collection;
+    this.id = id;
+    this.reason = reason;
+  }
+};
+var FieldFrozenError = class extends NoydbError {
+  collection;
+  id;
+  fields;
+  constructor(collection, id, fields) {
+    super(
+      "FIELD_FROZEN",
+      `Cannot change frozen field(s) on ${collection}/${id}: ${fields.join(", ")}. Use withTransactions({ amendment: true, reason }) with admin/owner role to override.`
+    );
+    this.name = "FieldFrozenError";
+    this.collection = collection;
+    this.id = id;
+    this.fields = fields;
+  }
+};
+var InvariantError = class extends NoydbError {
+  constructor(message) {
+    super("INVARIANT_VIOLATED", message);
+    this.name = "InvariantError";
+  }
+};
+var AmendmentForbiddenError = class extends NoydbError {
+  userId;
+  role;
+  constructor(userId, role) {
+    super(
+      "AMENDMENT_FORBIDDEN",
+      `User "${userId}" with role "${role}" cannot open an amendment transaction. Amendments require admin or owner role.`
+    );
+    this.name = "AmendmentForbiddenError";
+    this.userId = userId;
+    this.role = role;
+  }
+};
+var ValidationError = class extends NoydbError {
+  constructor(message = "Validation error") {
+    super("VALIDATION_ERROR", message);
+    this.name = "ValidationError";
+  }
+};
+
+// src/guards/with-guard.ts
+function withGuard(strategy) {
+  if (!strategy.collection || strategy.collection.length === 0) {
+    throw new ValidationError("withGuard: collection name is required");
+  }
+  return {
+    __noydb_strategy: "guard",
+    spec: strategy
+  };
+}
+
+// src/guards/registry.ts
+var GuardRegistry = class {
+  _byCollection = /* @__PURE__ */ new Map();
+  _amendmentChanges = null;
+  _amendmentMeta = null;
+  /** Register a guard. Multiple guards per collection are allowed. */
+  register(spec) {
+    const existing = this._byCollection.get(spec.collection);
+    if (existing) existing.push(spec);
+    else this._byCollection.set(spec.collection, [spec]);
+  }
+  /** All guards registered against `collection` in registration order. */
+  guardsFor(collection) {
+    return this._byCollection.get(collection) ?? [];
+  }
+  /**
+   * Run every guard's `check` for this collection. First throw wins —
+   * remaining guards are not invoked. Guards without a `check` skip.
+   */
+  async runChecks(collection, incoming, ctx) {
+    const guards = this._byCollection.get(collection);
+    if (!guards) return;
+    for (const g of guards) {
+      if (g.check) {
+        await g.check(
+          incoming,
+          ctx
+        );
+      }
+    }
+  }
+  /**
+   * Run every guard's `onDelete` for this collection. First throw wins —
+   * remaining guards are not invoked. Guards without an `onDelete` skip.
+   * Mirrors {@link runChecks} but for the delete path.
+   */
+  async runOnDelete(collection, existing, ctx) {
+    const guards = this._byCollection.get(collection);
+    if (!guards) return;
+    for (const g of guards) {
+      if (g.onDelete) {
+        await g.onDelete(
+          existing,
+          ctx
+        );
+      }
+    }
+  }
+  /** True if any guard for `collection` declares an `amendment` block. */
+  hasAmendment(collection) {
+    const guards = this._byCollection.get(collection);
+    if (!guards) return false;
+    return guards.some((g) => g.amendment !== void 0);
+  }
+  /** Open a new amendment change-collection window. */
+  beginAmendment() {
+    this._amendmentChanges = /* @__PURE__ */ new Map();
+    this._amendmentMeta = /* @__PURE__ */ new Map();
+  }
+  /** True iff we're currently inside an amendment transaction. */
+  isAmendmentActive() {
+    return this._amendmentChanges !== null;
+  }
+  /**
+   * Record a {before, after} pair for the active amendment. `vBefore`
+   * and `vAfter` are stored in a parallel meta structure so the public
+   * {@link GuardChange} shape handed to invariant callbacks stays
+   * `{ before, after }` only — the audit ledger reads version metadata
+   * via {@link consumeMeta}.
+   */
+  collectChange(collection, id, before, after, vBefore = 0, vAfter = 0) {
+    if (this._amendmentChanges === null || this._amendmentMeta === null) {
+      throw new Error("GuardRegistry.collectChange called outside an amendment");
+    }
+    const list = this._amendmentChanges.get(collection);
+    const entry = { before, after };
+    if (list) list.push(entry);
+    else this._amendmentChanges.set(collection, [entry]);
+    const metaList = this._amendmentMeta.get(collection);
+    const metaEntry = { id, vBefore, vAfter };
+    if (metaList) metaList.push(metaEntry);
+    else this._amendmentMeta.set(collection, [metaEntry]);
+  }
+  /**
+   * Drain the change-set and close the amendment window. The caller
+   * (transaction commit) feeds these to each affected guard's invariant.
+   */
+  consumeChanges() {
+    const out = this._amendmentChanges ?? /* @__PURE__ */ new Map();
+    this._amendmentChanges = null;
+    return out;
+  }
+  /**
+   * Drain the parallel id/version metadata captured during the
+   * amendment. Returned as a flat list with `collection` denormalised
+   * so the audit ledger can emit one `{ collection, id, vBefore,
+   * vAfter }` tuple per record. Must be called AFTER
+   * {@link consumeChanges} (or independently) — calling it closes the
+   * meta window in the same way.
+   */
+  consumeMeta() {
+    const out = [];
+    if (this._amendmentMeta) {
+      for (const [collection, list] of this._amendmentMeta) {
+        for (const m of list) {
+          out.push({ collection, id: m.id, vBefore: m.vBefore, vAfter: m.vAfter });
+        }
+      }
+    }
+    this._amendmentMeta = null;
+    return out;
+  }
+};
+
+// src/guards/executor.ts
+var GuardExecutor = {
+  /**
+   * Compare existing vs incoming for each `frozenFields.fields` entry
+   * when `frozenFields.when(existing)` is true. Throws
+   * `FieldFrozenError` listing every changed frozen field.
+   */
+  async checkFrozenFields(guard, id, existing, incoming) {
+    const ff = guard.frozenFields;
+    if (!ff) return;
+    if (existing === null) return;
+    if (!ff.when(existing)) return;
+    const changed = [];
+    for (const f of ff.fields) {
+      if (existing[f] !== incoming[f]) {
+        if (!deepEqual(existing[f], incoming[f])) changed.push(String(f));
+      }
+    }
+    if (changed.length > 0) {
+      throw new FieldFrozenError(guard.collection, id, changed);
+    }
+  },
+  /**
+   * Run a single guard's invariant over its slice of the change-set.
+   * Any throw is converted to `InvariantError` unless it already is one.
+   */
+  async runInvariant(guard, changes, ctx) {
+    const amendment = guard.amendment;
+    if (!amendment) return;
+    try {
+      await amendment.invariant(changes, ctx);
+    } catch (err) {
+      if (err instanceof InvariantError) throw err;
+      throw new InvariantError(
+        err instanceof Error ? err.message : `invariant violated: ${String(err)}`
+      );
+    }
+  }
+};
+function deepEqual(a, b) {
+  if (a === b) return true;
+  if (a === null || b === null) return a === b;
+  if (typeof a !== typeof b) return false;
+  if (typeof a !== "object") return a === b;
+  if (Array.isArray(a) !== Array.isArray(b)) return false;
+  if (Array.isArray(a)) {
+    const aa = a;
+    const bb = b;
+    if (aa.length !== bb.length) return false;
+    for (let i = 0; i < aa.length; i++) if (!deepEqual(aa[i], bb[i])) return false;
+    return true;
+  }
+  const ao = a;
+  const bo = b;
+  const ak = Object.keys(ao);
+  const bk = Object.keys(bo);
+  if (ak.length !== bk.length) return false;
+  for (const k of ak) {
+    if (!Object.prototype.hasOwnProperty.call(bo, k)) return false;
+    if (!deepEqual(ao[k], bo[k])) return false;
+  }
+  return true;
+}
+
+// src/guards/read-only-facade.ts
+var ReadOnlyVaultFacade = class {
+  _vault;
+  constructor(vault) {
+    this._vault = vault;
+  }
+  collection(name) {
+    const c = this._vault.collection(name);
+    return {
+      get: (id) => c.get(id),
+      list: () => c.list(),
+      query: () => c.query()
+    };
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AmendmentForbiddenError,
+  FieldFrozenError,
+  GuardExecutor,
+  GuardRegistry,
+  InvariantError,
+  ReadOnlyVaultFacade,
+  RecordLockedError,
+  withGuard
+});
+//# sourceMappingURL=index.cjs.map