@noy-db/hub 0.1.0-pre.9 → 0.2.0-pre.1

package/dist/i18n/index.d.cts

@@ -1,10 +1,10 @@
-import { I as I18nStrategy } from '../types-Bnb82f5R.cjs';
-export { D as DICT_COLLECTION_PREFIX, a as DictEntry, b as DictKeyDescriptor, c as DictionaryHandle, d as DictionaryOptions, e as I18nTextDescriptor, f as I18nTextOptions, g as applyI18nLocale, h as dictCollectionName, i as dictKey, j as i18nText, k as isDictCollectionName, l as isDictKeyDescriptor, m as isI18nTextDescriptor, r as resolveI18nText, v as validateI18nTextValue } from '../types-Bnb82f5R.cjs';
-import '../lazy-builder-CZVLKh0Z.cjs';
-import '../predicate-SBHmi6D0.cjs';
-import '../strategy-D-SrOLCl.cjs';
+import { I as I18nStrategy } from '../types-C4lwMKKF.cjs';
+export { D as DICT_COLLECTION_PREFIX, a as DictEntry, b as DictKeyDescriptor, c as DictionaryHandle, d as DictionaryOptions, e as I18nTextDescriptor, f as I18nTextOptions, g as applyI18nLocale, h as dictCollectionName, i as dictKey, j as i18nText, k as isDictCollectionName, l as isDictKeyDescriptor, m as isI18nTextDescriptor, r as resolveI18nText, v as validateI18nTextValue } from '../types-C4lwMKKF.cjs';
+export { D as DictKeyInUseError, a as DictKeyMissingError, L as LocaleNotSpecifiedError, M as MissingTranslationError, R as ReservedCollectionNameError, T as TranslatorNotConfiguredError } from '../index-CmVgTkqk.cjs';
+import '../lazy-builder-C-rPfWG0.cjs';
+import '../predicate-Dnu81tsS.cjs';
+import '../strategy-DSTrsZ8t.cjs';
 import '../strategy-BSxFXGzb.cjs';
-import '../index-6xNpPsxR.cjs';
 
 /**
  * Active i18n strategy — `withI18n()` returns the real implementation

package/dist/i18n/index.d.ts

@@ -1,10 +1,10 @@
-import { I as I18nStrategy } from '../types-Bo7NSXJr.js';
-export { D as DICT_COLLECTION_PREFIX, a as DictEntry, b as DictKeyDescriptor, c as DictionaryHandle, d as DictionaryOptions, e as I18nTextDescriptor, f as I18nTextOptions, g as applyI18nLocale, h as dictCollectionName, i as dictKey, j as i18nText, k as isDictCollectionName, l as isDictKeyDescriptor, m as isI18nTextDescriptor, r as resolveI18nText, v as validateI18nTextValue } from '../types-Bo7NSXJr.js';
-import '../lazy-builder-BwEoBQZ9.js';
-import '../predicate-SBHmi6D0.js';
-import '../strategy-D-SrOLCl.js';
+import { I as I18nStrategy } from '../types-DW9RGSSs.js';
+export { D as DICT_COLLECTION_PREFIX, a as DictEntry, b as DictKeyDescriptor, c as DictionaryHandle, d as DictionaryOptions, e as I18nTextDescriptor, f as I18nTextOptions, g as applyI18nLocale, h as dictCollectionName, i as dictKey, j as i18nText, k as isDictCollectionName, l as isDictKeyDescriptor, m as isI18nTextDescriptor, r as resolveI18nText, v as validateI18nTextValue } from '../types-DW9RGSSs.js';
+export { D as DictKeyInUseError, a as DictKeyMissingError, L as LocaleNotSpecifiedError, M as MissingTranslationError, R as ReservedCollectionNameError, T as TranslatorNotConfiguredError } from '../index-CNwA-B6-.js';
+import '../lazy-builder-Rpd-V3jP.js';
+import '../predicate-Dnu81tsS.js';
+import '../strategy-DSTrsZ8t.js';
 import '../strategy-BSxFXGzb.js';
-import '../index-DJTf9yxn.js';
 
 /**
  * Active i18n strategy — `withI18n()` returns the real implementation

package/dist/i18n/index.js

@@ -10,12 +10,19 @@ import {
   isI18nTextDescriptor,
   resolveI18nText,
   validateI18nTextValue
-} from "../chunk-MDDTIZUO.js";
-import "../chunk-WDM5XGGS.js";
-import "../chunk-CIMZBAZB.js";
-import "../chunk-RKJ6OL7K.js";
-import "../chunk-MR4424N3.js";
-import "../chunk-ACLDOTNQ.js";
+} from "../chunk-NIOHFJPJ.js";
+import "../chunk-PA6R5ZCI.js";
+import "../chunk-2AXFIYHT.js";
+import "../chunk-YS3POABP.js";
+import "../chunk-WCA2NROQ.js";
+import {
+  DictKeyInUseError,
+  DictKeyMissingError,
+  LocaleNotSpecifiedError,
+  MissingTranslationError,
+  ReservedCollectionNameError,
+  TranslatorNotConfiguredError
+} from "../chunk-ADQ5MQ54.js";
 
 // src/i18n/active.ts
 function withI18n() {
@@ -40,7 +47,13 @@ function withI18n() {
 }
 export {
   DICT_COLLECTION_PREFIX,
+  DictKeyInUseError,
+  DictKeyMissingError,
   DictionaryHandle,
+  LocaleNotSpecifiedError,
+  MissingTranslationError,
+  ReservedCollectionNameError,
+  TranslatorNotConfiguredError,
   applyI18nLocale,
   dictCollectionName,
   dictKey,

package/dist/i18n/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/i18n/active.ts"],"sourcesContent":["/**\n * Active i18n strategy — `withI18n()` returns the real implementation\n * that wires multi-locale resolution, i18nText validation, and the\n * `DictionaryHandle` for `dictKey` fields into the core read/write\n * paths.\n *\n * Consumers opt in by:\n *\n * ```ts\n * import { createNoydb } from '@noy-db/hub'\n * import { withI18n } from '@noy-db/hub/i18n'\n *\n * const db = await createNoydb({\n *   store: ...,\n *   user: ...,\n *   i18nStrategy: withI18n(),\n * })\n * ```\n *\n * The factory delegates to the existing `core.ts` and `dictionary.ts`\n * modules. Splitting the import chain through this file is what lets\n * tsup tree-shake the `~854 LOC` of dictionary + locale resolution\n * out of the default bundle when no `withI18n()` import is present.\n *\n * @public\n */\n\nimport type { I18nStrategy, BuildDictionaryHandleOptions } from './strategy.js'\nimport { applyI18nLocale, validateI18nTextValue } from './core.js'\nimport { DictionaryHandle } from './dictionary.js'\n\nexport function withI18n(): I18nStrategy {\n  return {\n    applyI18nLocale,\n    validateI18nTextValue,\n    buildDictionaryHandle<Keys extends string = string>(\n      opts: BuildDictionaryHandleOptions<Keys>,\n    ): DictionaryHandle<Keys> {\n      return new DictionaryHandle<Keys>(\n        opts.adapter,\n        opts.compartmentName,\n        opts.dictionaryName,\n        opts.keyring,\n        opts.getDEK,\n        opts.encrypted,\n        opts.ledger,\n        opts.options,\n        opts.findAndUpdateReferences,\n        opts.emitter,\n      )\n    },\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AA+BO,SAAS,WAAyB;AACvC,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,sBACE,MACwB;AACxB,aAAO,IAAI;AAAA,QACT,KAAK;AAAA,QACL,KAAK;AAAA,QACL,KAAK;AAAA,QACL,KAAK;AAAA,QACL,KAAK;AAAA,QACL,KAAK;AAAA,QACL,KAAK;AAAA,QACL,KAAK;AAAA,QACL,KAAK;AAAA,QACL,KAAK;AAAA,MACP;AAAA,IACF;AAAA,EACF;AACF;","names":[]}
+{"version":3,"sources":["../../src/i18n/active.ts"],"sourcesContent":["/**\n * Active i18n strategy — `withI18n()` returns the real implementation\n * that wires multi-locale resolution, i18nText validation, and the\n * `DictionaryHandle` for `dictKey` fields into the core read/write\n * paths.\n *\n * Consumers opt in by:\n *\n * ```ts\n * import { createNoydb } from '@noy-db/hub'\n * import { withI18n } from '@noy-db/hub/i18n'\n *\n * const db = await createNoydb({\n *   store: ...,\n *   user: ...,\n *   i18nStrategy: withI18n(),\n * })\n * ```\n *\n * The factory delegates to the existing `core.ts` and `dictionary.ts`\n * modules. Splitting the import chain through this file is what lets\n * tsup tree-shake the `~854 LOC` of dictionary + locale resolution\n * out of the default bundle when no `withI18n()` import is present.\n *\n * @public\n */\n\nimport type { I18nStrategy, BuildDictionaryHandleOptions } from './strategy.js'\nimport { applyI18nLocale, validateI18nTextValue } from './core.js'\nimport { DictionaryHandle } from './dictionary.js'\n\nexport function withI18n(): I18nStrategy {\n  return {\n    applyI18nLocale,\n    validateI18nTextValue,\n    buildDictionaryHandle<Keys extends string = string>(\n      opts: BuildDictionaryHandleOptions<Keys>,\n    ): DictionaryHandle<Keys> {\n      return new DictionaryHandle<Keys>(\n        opts.adapter,\n        opts.compartmentName,\n        opts.dictionaryName,\n        opts.keyring,\n        opts.getDEK,\n        opts.encrypted,\n        opts.ledger,\n        opts.options,\n        opts.findAndUpdateReferences,\n        opts.emitter,\n      )\n    },\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AA+BO,SAAS,WAAyB;AACvC,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,sBACE,MACwB;AACxB,aAAO,IAAI;AAAA,QACT,KAAK;AAAA,QACL,KAAK;AAAA,QACL,KAAK;AAAA,QACL,KAAK;AAAA,QACL,KAAK;AAAA,QACL,KAAK;AAAA,QACL,KAAK;AAAA,QACL,KAAK;AAAA,QACL,KAAK;AAAA,QACL,KAAK;AAAA,MACP;AAAA,IACF;AAAA,EACF;AACF;","names":[]}

package/dist/{index-8QDuznDr.d.ts → index-4agOpzqd.d.ts}

@@ -1,4 +1,5 @@
-import { aS as PublicEnvelope, b0 as BundleRecipient, aY as Vault } from './types-Bo7NSXJr.js';
+import { bh as PublicEnvelope, dj as SealingKeyProvider, bu as BundleRecipient, bq as Vault } from './types-DW9RGSSs.js';
+import './index-CNwA-B6-.js';
 
 /**
  * `.noydb` container format — byte layout, header schema, validators.
@@ -123,6 +124,22 @@ interface NoydbBundleHeader {
      * other unknown header key still rejects at parse time.
      */
     readonly publicEnvelope?: PublicEnvelope;
+    /**
+     * Auto-unlock material indicator (#197). When present, the bundle
+     * body wraps the dump JSON in a structure carrying per-user
+     * passphrases — either plaintext (`'unsealed'`, public-by-design)
+     * or sealed under a `SealingKeyProvider` (`'sealed'`, requires
+     * matching provider on the recipient side).
+     *
+     * Visible pre-decompression so cloud listing UIs can warn before
+     * download: "this bundle opens itself for anyone holding the file"
+     * (unsealed) or "this bundle is sealed for a specific provider"
+     * (sealed).
+     *
+     * Absent → the body is a raw `vault.dump()` JSON string (the
+     * pre-#197 shape; back-compatible).
+     */
+    readonly autoUnlock?: 'unsealed' | 'sealed';
 }
 /**
  * Validate a parsed bundle header. Throws on any deviation from
@@ -188,6 +205,26 @@ declare function hasNoydbBundleMagic(bytes: Uint8Array): boolean;
  * archive utilities that don't care about decryption.
  */
 
+/**
+ * The credential kinds that can be bundled for auto-unlock.
+ * WebAuthn is intentionally excluded — it is hardware-bound and
+ * cannot be embedded as a portable credential.
+ */
+type AutoCredentialKind = 'passphrase' | 'password' | 'pin';
+/**
+ * A typed credential for auto-unlock. Carries the credential `kind`
+ * alongside the plaintext `value`, so consumers can dispatch the
+ * correct login/prefill path rather than treating all credentials
+ * as passphrases.
+ *
+ * `bundle.ts` is a pure format layer — it carries the credential
+ * without interpreting it. The consumer is responsible for
+ * dispatching on `kind`.
+ */
+interface AutoCredential {
+    readonly kind: AutoCredentialKind;
+    readonly value: string;
+}
 /**
  * Options accepted by `writeNoydbBundle`.
  *
@@ -258,6 +295,96 @@ interface WriteNoydbBundleOptions {
      * suited to personal backup-and-restore).
      */
     readonly recipients?: readonly BundleRecipient[];
+    /**
+     * Auto-unlock — unsealed per-user credentials (#215).
+     *
+     * Generalises `autoPassphrases` to support any bundleable credential
+     * kind (`passphrase` | `password` | `pin`).
+     *
+     * Public-by-design: anyone holding the bundle bytes can read these
+     * plaintext credentials. Use for demo data, sample vaults,
+     * prospect onboarding.
+     *
+     * The `policy: 'public-by-design'` discriminant is mandatory. A
+     * bare `{ perUser }` without it is rejected at write time — the
+     * safety net against a careless call against a production vault.
+     *
+     * Mutually exclusive with `sealedCredentials`, `autoPassphrases`,
+     * and `sealedPassphrases`.
+     */
+    readonly autoCredentials?: {
+        readonly policy: 'public-by-design';
+        readonly perUser: Record<string, AutoCredential>;
+    };
+    /**
+     * Auto-unlock — per-user credentials sealed under a
+     * {@link SealingKeyProvider} (#215).
+     *
+     * Generalises `sealedPassphrases` to support any bundleable
+     * credential kind (`passphrase` | `password` | `pin`).
+     *
+     * The hub seals each user's plaintext credential under `provider`
+     * and embeds the resulting sealed envelopes in the bundle. The
+     * recipient must hold a provider with a matching `pid` (i.e.,
+     * `provider.id`) to auto-unseal on import.
+     *
+     * `mode: 'self-target'` is the only supported mode — sender and
+     * recipient share the same provider identity (same iCloud Keychain
+     * entry, same MDM-provisioned bundle id, same KMS account, etc.).
+     *
+     * Mutually exclusive with `autoCredentials`, `autoPassphrases`,
+     * and `sealedPassphrases`.
+     */
+    readonly sealedCredentials?: {
+        readonly mode: 'self-target';
+        readonly provider: SealingKeyProvider;
+        readonly perUser: Record<string, AutoCredential>;
+    };
+    /**
+     * @deprecated Use `autoCredentials` instead (#215).
+     *
+     * Auto-unlock — unsealed per-user passphrases (#197 slice 1).
+     *
+     * Public-by-design: anyone holding the bundle bytes can read these
+     * plaintext credentials. Use for demo data, sample vaults,
+     * prospect onboarding.
+     *
+     * The `policy: 'public-by-design'` discriminant is mandatory. A
+     * bare `{ perUser }` without it is rejected at write time — the
+     * safety net against a careless call against a production vault.
+     *
+     * Mutually exclusive with `autoCredentials`, `sealedCredentials`,
+     * and `sealedPassphrases`.
+     */
+    readonly autoPassphrases?: {
+        readonly policy: 'public-by-design';
+        readonly perUser: Record<string, string>;
+    };
+    /**
+     * @deprecated Use `sealedCredentials` instead (#215).
+     *
+     * Auto-unlock — per-user passphrases sealed under a
+     * {@link SealingKeyProvider} (#197 slice 1, self-target only).
+     *
+     * The hub seals each user's plaintext passphrase under `provider`
+     * and embeds the resulting sealed envelopes in the bundle. The
+     * recipient must hold a provider with a matching `pid` (i.e.,
+     * `provider.id`) to auto-unseal on import.
+     *
+     * `mode: 'self-target'` is the only mode in slice 1 — sender and
+     * recipient share the same provider identity (same iCloud Keychain
+     * entry, same MDM-provisioned bundle id, same KMS account, etc.).
+     * Recipient-target sealing via the `RecipientSealer` interface
+     * (foundation §11.4) is deferred to a follow-up slice.
+     *
+     * Mutually exclusive with `autoCredentials`, `sealedCredentials`,
+     * and `autoPassphrases`.
+     */
+    readonly sealedPassphrases?: {
+        readonly mode: 'self-target';
+        readonly provider: SealingKeyProvider;
+        readonly perUser: Record<string, string>;
+    };
 }
 /**
  * Result returned by `readNoydbBundle`. The caller is expected to
@@ -268,6 +395,50 @@ interface WriteNoydbBundleOptions {
 interface NoydbBundleReadResult {
     readonly header: NoydbBundleHeader;
     readonly dumpJson: string;
+    /**
+     * Auto-unlock material (#197, widened in #215). Present only when
+     * the header's `autoUnlock` flag is set AND the body's wrapped
+     * structure survived parsing. Values are typed credentials — either
+     * delivered plain (`kind: 'unsealed'`) or unsealed at read time
+     * using one of the supplied `sealingProviders` (`kind: 'sealed'`).
+     *
+     * Consumers dispatch on `cred.kind` to choose the correct login /
+     * prefill path. Pre-0.2 bundles (bare string entries) are coerced
+     * to `{ kind: 'passphrase', value }` on read for back-compat.
+     *
+     * For `kind: 'sealed'` bundles read without `sealingProviders`, the
+     * `value` field is the raw base64 sealed bytes — opaque to the
+     * consumer until unsealed elsewhere.
+     */
+    readonly autoUnlock?: {
+        readonly kind: 'unsealed' | 'sealed';
+        readonly perUser: Record<string, AutoCredential>;
+    };
+}
+/**
+ * Options accepted by {@link readNoydbBundle} for the #197
+ * auto-unlock paths. Without these the reader behaves exactly as
+ * pre-#197 (header parsed; body returned as `dumpJson`).
+ */
+interface ReadNoydbBundleOptions {
+    /**
+     * Recipient-side sealing providers used to unseal entries from
+     * `sealedPassphrases`. The reader picks the one whose `.id`
+     * matches each entry's `pid`. Multiple providers may be supplied
+     * (different users may seal under different identities).
+     *
+     * When unset and the bundle carries sealed envelopes, the
+     * `autoUnlock.perUser` map remains the SEALED entries unmodified
+     * — callers can inspect them or unseal elsewhere.
+     */
+    readonly sealingProviders?: readonly SealingKeyProvider[];
+    /**
+     * Opt-in trial mode for unsealing — when an entry's `pid` doesn't
+     * match a registered provider, try each provider whose alg
+     * matches. Default `false` (strict-pid dispatch per foundation
+     * §11.9.2). Surfaces extra credential prompts; use deliberately.
+     */
+    readonly attemptUnsealAcrossProviders?: boolean;
 }
 /** Test-only: reset the brotli detection cache between tests. */
 declare function resetBrotliSupportCache(): void;
@@ -344,7 +515,7 @@ declare function readNoydbBundlePublicEnvelope(bytes: Uint8Array, opts?: {
  * free of crypto concerns and lets the same code feed format
  * inspectors that never decrypt anything.
  */
-declare function readNoydbBundle(bytes: Uint8Array): Promise<NoydbBundleReadResult>;
+declare function readNoydbBundle(bytes: Uint8Array, opts?: ReadNoydbBundleOptions): Promise<NoydbBundleReadResult>;
 
 /**
  * Minimal ULID generator — zero dependencies, Web Crypto API only.
@@ -411,4 +582,4 @@ declare function generateULID(): string;
  */
 declare function isULID(value: string): boolean;
 
-export { type CompressionAlgo as C, FLAG_COMPRESSED as F, NOYDB_BUNDLE_FORMAT_VERSION as N, type WriteNoydbBundleOptions as W, NOYDB_BUNDLE_MAGIC as a, NOYDB_BUNDLE_PREFIX_BYTES as b, type NoydbBundleHeader as c, type NoydbBundleReadResult as d, readNoydbBundleHeader as e, readNoydbBundlePublicEnvelope as f, generateULID as g, hasNoydbBundleMagic as h, isULID as i, resetBrotliSupportCache as j, COMPRESSION_BROTLI as k, COMPRESSION_GZIP as l, COMPRESSION_NONE as m, FLAG_HAS_INTEGRITY_HASH as n, encodeBundleHeader as o, readNoydbBundle as r, validateBundleHeader as v, writeNoydbBundle as w };
+export { type AutoCredential as A, type CompressionAlgo as C, FLAG_COMPRESSED as F, NOYDB_BUNDLE_FORMAT_VERSION as N, type ReadNoydbBundleOptions as R, type WriteNoydbBundleOptions as W, type AutoCredentialKind as a, NOYDB_BUNDLE_MAGIC as b, NOYDB_BUNDLE_PREFIX_BYTES as c, type NoydbBundleHeader as d, type NoydbBundleReadResult as e, readNoydbBundleHeader as f, generateULID as g, hasNoydbBundleMagic as h, isULID as i, readNoydbBundlePublicEnvelope as j, resetBrotliSupportCache as k, COMPRESSION_BROTLI as l, COMPRESSION_GZIP as m, COMPRESSION_NONE as n, FLAG_HAS_INTEGRITY_HASH as o, encodeBundleHeader as p, readNoydbBundle as r, validateBundleHeader as v, writeNoydbBundle as w };