@noy-db/hub 0.1.0-pre.9 → 0.2.0-pre.10

package/dist/chunk-5IXJGFF2.js

@@ -0,0 +1,83 @@
+import {
+  ATTESTATIONS_COLLECTION,
+  REVOKED_RECORD_ID,
+  loadOrCreateSigner
+} from "./chunk-HHOO7HGH.js";
+import {
+  NOYDB_FORMAT_VERSION
+} from "./chunk-WIRRPTFH.js";
+import {
+  decrypt,
+  encrypt
+} from "./chunk-R233SLY3.js";
+import {
+  AttestationError,
+  ConflictError
+} from "./chunk-O6EJ6WTI.js";
+
+// src/attestation/revoke.ts
+import { signRevocationList } from "@noy-db/attestation";
+function requireOwner(ctx, op) {
+  if (ctx.role !== "owner") {
+    throw new AttestationError(`${op} requires the 'owner' role; caller is '${ctx.role}'. Revocation is the firm's identity operation.`);
+  }
+}
+async function readSet(store, vault, dek) {
+  const env = await store.get(vault, ATTESTATIONS_COLLECTION, REVOKED_RECORD_ID);
+  if (!env) return { docIds: /* @__PURE__ */ new Set(), version: void 0 };
+  const set = JSON.parse(await decrypt(env._iv, env._data, dek));
+  return { docIds: new Set(set.docIds), version: env._v };
+}
+async function mutateSet(ctx, mutate) {
+  const dek = await ctx.getDEK();
+  for (let attempt = 0; attempt < 2; attempt++) {
+    const { docIds, version } = await readSet(ctx.store, ctx.vault, dek);
+    mutate(docIds);
+    const payload = { docIds: [...docIds].sort(), updatedAt: (/* @__PURE__ */ new Date()).toISOString() };
+    const { iv, data } = await encrypt(JSON.stringify(payload), dek);
+    const expectedVersion = version ?? 0;
+    const env = {
+      _noydb: NOYDB_FORMAT_VERSION,
+      _v: expectedVersion + 1,
+      _ts: payload.updatedAt,
+      _iv: iv,
+      _data: data
+    };
+    try {
+      await ctx.store.put(ctx.vault, ATTESTATIONS_COLLECTION, REVOKED_RECORD_ID, env, expectedVersion);
+      return;
+    } catch (e) {
+      if (e instanceof ConflictError && attempt === 0) continue;
+      throw e;
+    }
+  }
+}
+async function revokeDocCore(ctx, docId) {
+  requireOwner(ctx, "revokeAttestation");
+  const issued = await ctx.store.get(ctx.vault, ATTESTATIONS_COLLECTION, docId);
+  if (!issued) throw new AttestationError(`revokeAttestation: attestation '${docId}' not found (was it issued by this vault?).`);
+  await mutateSet(ctx, (ids) => ids.add(docId));
+}
+async function unrevokeDocCore(ctx, docId) {
+  requireOwner(ctx, "unrevokeAttestation");
+  await mutateSet(ctx, (ids) => ids.delete(docId));
+}
+async function getRevokedDocIdsCore(ctx) {
+  const dek = await ctx.getDEK();
+  const { docIds } = await readSet(ctx.store, ctx.vault, dek);
+  return [...docIds].sort();
+}
+async function publishRevocationListCore(ctx) {
+  requireOwner(ctx, "publishRevocationList");
+  const docIds = await getRevokedDocIdsCore(ctx);
+  const signer = await loadOrCreateSigner(ctx.store, ctx.vault, () => ctx.getDEK());
+  return signRevocationList(docIds, (/* @__PURE__ */ new Date()).toISOString(), signer.keyId, signer.privateKeyPkcs8B64);
+}
+
+export {
+  revokeDocCore,
+  unrevokeDocCore,
+  getRevokedDocIdsCore,
+  publishRevocationListCore
+};
+//# sourceMappingURL=chunk-5IXJGFF2.js.map

package/dist/chunk-5IXJGFF2.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/attestation/revoke.ts"],"sourcesContent":["import type { NoydbStore, EncryptedEnvelope } from '../types.js'\nimport { NOYDB_FORMAT_VERSION } from '../types.js'\nimport { encrypt, decrypt } from '../crypto.js'\nimport { AttestationError, ConflictError } from '../errors.js'\nimport { loadOrCreateSigner, ATTESTATIONS_COLLECTION, REVOKED_RECORD_ID } from './signer.js'\nimport { signRevocationList, type RevocationList } from '@noy-db/attestation'\n\n/** Everything the revoke core needs from the Vault, injected for testability. */\nexport interface RevokeContext {\n  readonly store: NoydbStore\n  readonly vault: string\n  readonly role: string\n  /** The _attestations collection DEK. */\n  getDEK(): Promise<CryptoKey>\n}\n\ninterface RevokedSet {\n  docIds: string[]\n  updatedAt: string\n}\n\nfunction requireOwner(ctx: RevokeContext, op: string): void {\n  if (ctx.role !== 'owner') {\n    throw new AttestationError(`${op} requires the 'owner' role; caller is '${ctx.role}'. Revocation is the firm's identity operation.`)\n  }\n}\n\nasync function readSet(store: NoydbStore, vault: string, dek: CryptoKey): Promise<{ docIds: Set<string>; version: number | undefined }> {\n  const env = await store.get(vault, ATTESTATIONS_COLLECTION, REVOKED_RECORD_ID)\n  if (!env) return { docIds: new Set<string>(), version: undefined }\n  const set = JSON.parse(await decrypt(env._iv, env._data, dek)) as RevokedSet\n  return { docIds: new Set(set.docIds), version: env._v }\n}\n\n/** Read-modify-write the _revoked set with optimistic concurrency + one retry. */\nasync function mutateSet(ctx: RevokeContext, mutate: (ids: Set<string>) => void): Promise<void> {\n  const dek = await ctx.getDEK()\n  for (let attempt = 0; attempt < 2; attempt++) {\n    const { docIds, version } = await readSet(ctx.store, ctx.vault, dek)\n    mutate(docIds)\n    const payload: RevokedSet = { docIds: [...docIds].sort(), updatedAt: new Date().toISOString() }\n    const { iv, data } = await encrypt(JSON.stringify(payload), dek)\n    const expectedVersion = version ?? 0\n    const env: EncryptedEnvelope = {\n      _noydb: NOYDB_FORMAT_VERSION, _v: expectedVersion + 1, _ts: payload.updatedAt, _iv: iv, _data: data,\n    }\n    try {\n      await ctx.store.put(ctx.vault, ATTESTATIONS_COLLECTION, REVOKED_RECORD_ID, env, expectedVersion)\n      return\n    } catch (e) {\n      if (e instanceof ConflictError && attempt === 0) continue\n      throw e\n    }\n  }\n}\n\nexport async function revokeDocCore(ctx: RevokeContext, docId: string): Promise<void> {\n  requireOwner(ctx, 'revokeAttestation')\n  const issued = await ctx.store.get(ctx.vault, ATTESTATIONS_COLLECTION, docId)\n  if (!issued) throw new AttestationError(`revokeAttestation: attestation '${docId}' not found (was it issued by this vault?).`)\n  await mutateSet(ctx, (ids) => ids.add(docId))\n}\n\nexport async function unrevokeDocCore(ctx: RevokeContext, docId: string): Promise<void> {\n  requireOwner(ctx, 'unrevokeAttestation')\n  await mutateSet(ctx, (ids) => ids.delete(docId))\n}\n\nexport async function getRevokedDocIdsCore(ctx: RevokeContext): Promise<string[]> {\n  const dek = await ctx.getDEK()\n  const { docIds } = await readSet(ctx.store, ctx.vault, dek)\n  return [...docIds].sort()\n}\n\nexport async function publishRevocationListCore(ctx: RevokeContext): Promise<RevocationList> {\n  requireOwner(ctx, 'publishRevocationList')\n  const docIds = await getRevokedDocIdsCore(ctx)\n  const signer = await loadOrCreateSigner(ctx.store, ctx.vault, () => ctx.getDEK())\n  return signRevocationList(docIds, new Date().toISOString(), signer.keyId, signer.privateKeyPkcs8B64)\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAKA,SAAS,0BAA+C;AAgBxD,SAAS,aAAa,KAAoB,IAAkB;AAC1D,MAAI,IAAI,SAAS,SAAS;AACxB,UAAM,IAAI,iBAAiB,GAAG,EAAE,0CAA0C,IAAI,IAAI,iDAAiD;AAAA,EACrI;AACF;AAEA,eAAe,QAAQ,OAAmB,OAAe,KAA+E;AACtI,QAAM,MAAM,MAAM,MAAM,IAAI,OAAO,yBAAyB,iBAAiB;AAC7E,MAAI,CAAC,IAAK,QAAO,EAAE,QAAQ,oBAAI,IAAY,GAAG,SAAS,OAAU;AACjE,QAAM,MAAM,KAAK,MAAM,MAAM,QAAQ,IAAI,KAAK,IAAI,OAAO,GAAG,CAAC;AAC7D,SAAO,EAAE,QAAQ,IAAI,IAAI,IAAI,MAAM,GAAG,SAAS,IAAI,GAAG;AACxD;AAGA,eAAe,UAAU,KAAoB,QAAmD;AAC9F,QAAM,MAAM,MAAM,IAAI,OAAO;AAC7B,WAAS,UAAU,GAAG,UAAU,GAAG,WAAW;AAC5C,UAAM,EAAE,QAAQ,QAAQ,IAAI,MAAM,QAAQ,IAAI,OAAO,IAAI,OAAO,GAAG;AACnE,WAAO,MAAM;AACb,UAAM,UAAsB,EAAE,QAAQ,CAAC,GAAG,MAAM,EAAE,KAAK,GAAG,YAAW,oBAAI,KAAK,GAAE,YAAY,EAAE;AAC9F,UAAM,EAAE,IAAI,KAAK,IAAI,MAAM,QAAQ,KAAK,UAAU,OAAO,GAAG,GAAG;AAC/D,UAAM,kBAAkB,WAAW;AACnC,UAAM,MAAyB;AAAA,MAC7B,QAAQ;AAAA,MAAsB,IAAI,kBAAkB;AAAA,MAAG,KAAK,QAAQ;AAAA,MAAW,KAAK;AAAA,MAAI,OAAO;AAAA,IACjG;AACA,QAAI;AACF,YAAM,IAAI,MAAM,IAAI,IAAI,OAAO,yBAAyB,mBAAmB,KAAK,eAAe;AAC/F;AAAA,IACF,SAAS,GAAG;AACV,UAAI,aAAa,iBAAiB,YAAY,EAAG;AACjD,YAAM;AAAA,IACR;AAAA,EACF;AACF;AAEA,eAAsB,cAAc,KAAoB,OAA8B;AACpF,eAAa,KAAK,mBAAmB;AACrC,QAAM,SAAS,MAAM,IAAI,MAAM,IAAI,IAAI,OAAO,yBAAyB,KAAK;AAC5E,MAAI,CAAC,OAAQ,OAAM,IAAI,iBAAiB,mCAAmC,KAAK,6CAA6C;AAC7H,QAAM,UAAU,KAAK,CAAC,QAAQ,IAAI,IAAI,KAAK,CAAC;AAC9C;AAEA,eAAsB,gBAAgB,KAAoB,OAA8B;AACtF,eAAa,KAAK,qBAAqB;AACvC,QAAM,UAAU,KAAK,CAAC,QAAQ,IAAI,OAAO,KAAK,CAAC;AACjD;AAEA,eAAsB,qBAAqB,KAAuC;AAChF,QAAM,MAAM,MAAM,IAAI,OAAO;AAC7B,QAAM,EAAE,OAAO,IAAI,MAAM,QAAQ,IAAI,OAAO,IAAI,OAAO,GAAG;AAC1D,SAAO,CAAC,GAAG,MAAM,EAAE,KAAK;AAC1B;AAEA,eAAsB,0BAA0B,KAA6C;AAC3F,eAAa,KAAK,uBAAuB;AACzC,QAAM,SAAS,MAAM,qBAAqB,GAAG;AAC7C,QAAM,SAAS,MAAM,mBAAmB,IAAI,OAAO,IAAI,OAAO,MAAM,IAAI,OAAO,CAAC;AAChF,SAAO,mBAAmB,SAAQ,oBAAI,KAAK,GAAE,YAAY,GAAG,OAAO,OAAO,OAAO,kBAAkB;AACrG;","names":[]}

package/dist/chunk-5OEJ6GOT.js

@@ -0,0 +1,124 @@
+import {
+  DerivationCapExceededError,
+  DerivationOutputShapeError
+} from "./chunk-O6EJ6WTI.js";
+
+// src/derivations/executor.ts
+var DerivationExecutor = {
+  /**
+   * Run `derive` once, validate output shape against the spec, stamp
+   * `_derivedFrom` onto every output. Returns per-output success or
+   * failure; throws only for shape mismatches (a contract violation).
+   */
+  async run(strategy, source, sourceVersion, strategyHash, ctx) {
+    const outputs = {};
+    let derived;
+    try {
+      derived = await Promise.resolve(strategy.derive(source, ctx));
+    } catch (err) {
+      for (const key of Object.keys(strategy.outputs)) {
+        outputs[key] = {
+          kind: "failed",
+          value: {},
+          ok: false,
+          error: err instanceof Error ? err : new Error(String(err))
+        };
+      }
+      return { outputs, failed: true };
+    }
+    const meta = {
+      source: strategy.source,
+      sourceId: source.id,
+      sourceVersion,
+      derivedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      strategyHash
+    };
+    for (const key of Object.keys(strategy.outputs)) {
+      const outSpec = strategy.outputs[key];
+      if (!outSpec) continue;
+      const value = derived[key];
+      if (outSpec.shape === "array") {
+        if (value === void 0 || value === null) {
+          outputs[key] = { kind: "array", ok: true, entries: [] };
+          continue;
+        }
+        if (!Array.isArray(value)) {
+          throw new DerivationOutputShapeError(
+            key,
+            `shape 'array' expects an array, got ${typeof value}`
+          );
+        }
+        const maxFanout = outSpec.maxFanout ?? 64;
+        if (value.length > maxFanout) {
+          throw new DerivationCapExceededError(key, value.length, maxFanout);
+        }
+        const entries = [];
+        const seenKeys = /* @__PURE__ */ new Set();
+        for (let i = 0; i < value.length; i++) {
+          const row = value[i];
+          if (row === null || typeof row !== "object") {
+            throw new DerivationOutputShapeError(
+              key,
+              `array member at index ${i} must be a non-null object (got ${row === null ? "null" : typeof row})`
+            );
+          }
+          let derivedKey;
+          try {
+            derivedKey = outSpec.key(row);
+          } catch (err) {
+            throw new DerivationOutputShapeError(
+              key,
+              `key extractor threw on array member at index ${i}: ` + (err instanceof Error ? err.message : String(err))
+            );
+          }
+          if (typeof derivedKey !== "string" || derivedKey.length === 0) {
+            throw new DerivationOutputShapeError(
+              key,
+              `key extractor returned ${typeof derivedKey === "string" ? "empty string" : typeof derivedKey} at index ${i}; expected non-empty string`
+            );
+          }
+          if (seenKeys.has(derivedKey)) {
+            throw new DerivationOutputShapeError(
+              key,
+              `duplicate key "${derivedKey}" in array output (index ${i}); each derived row must have a unique key within a single derive() invocation`
+            );
+          }
+          seenKeys.add(derivedKey);
+          entries.push({
+            key: derivedKey,
+            value: { ...row, _derivedFrom: meta }
+          });
+        }
+        outputs[key] = { kind: "array", ok: true, entries };
+        continue;
+      }
+      if (value === void 0 || value === null) {
+        if (outSpec.optional === true) {
+          outputs[key] = { kind: "record", value: {}, ok: true, skipped: true };
+          continue;
+        }
+        throw new DerivationOutputShapeError(
+          key,
+          `expected object, got ${value === void 0 ? "undefined" : "null"}`
+        );
+      }
+      if (typeof value !== "object") {
+        throw new DerivationOutputShapeError(
+          key,
+          `expected object, got ${typeof value}`
+        );
+      }
+      outputs[key] = {
+        kind: "record",
+        value: { ...value, _derivedFrom: meta },
+        ok: true
+      };
+    }
+    return { outputs, failed: false };
+  }
+};
+
+export {
+  DerivationExecutor
+};
+//# sourceMappingURL=chunk-5OEJ6GOT.js.map

package/dist/chunk-5OEJ6GOT.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/derivations/executor.ts"],"sourcesContent":["import { DerivationCapExceededError, DerivationOutputShapeError } from '../errors.js'\nimport type { DerivationContext, DerivationStrategy, DerivedFromMeta } from './types.js'\n\nexport interface RunResult {\n  outputs: Record<string, OutputResult>\n  failed: boolean\n}\n\n/**\n * Per-output result of a strategy invocation. Discriminated by\n * `kind`:\n *\n * - `record` — the existing v1 shape: one value (or a \"skipped\"\n *   marker if the output was optional and `derive` returned null).\n * - `array` — a list of `(key, value)` entries.\n *   The caller diffs these against the previously-emitted key set\n *   (loaded from the fanout sidecar) to compute deletes + upserts.\n */\nexport type OutputResult =\n  | RecordOutputResult\n  | ArrayOutputResult\n  | FailedOutputResult\n\nexport interface RecordOutputResult {\n  kind: 'record'\n  value: Record<string, unknown>\n  ok: true\n  /**\n   * `true` when an optional output returned `null` /\n   * `undefined`. The caller deletes any previously-emitted output at\n   * the same id (mirrors \"tombstone for derived data\"); a never-emitted\n   * output is a silent no-op. `ok: true` because skipping is a\n   * successful outcome, not a failure.\n   */\n  skipped?: boolean\n}\n\nexport interface ArrayOutputResult {\n  kind: 'array'\n  ok: true\n  /** One `(key, value)` per derived row. Empty array means \"all prior outputs for this source go.\" */\n  entries: ReadonlyArray<{ readonly key: string; readonly value: Record<string, unknown> }>\n}\n\nexport interface FailedOutputResult {\n  kind: 'failed'\n  ok: false\n  error: Error\n  /** Always empty on failure; present so consumers don't have to narrow. */\n  value: Record<string, unknown>\n}\n\n/**\n * Stateless functions that execute a derivation strategy. Persistence\n * (encrypt + store.put) is the caller's job — typically\n * `DerivationRegistry.onSourceWrite` which iterates run() results and\n * writes each output via `Collection.put`.\n */\nexport const DerivationExecutor = {\n  /**\n   * Run `derive` once, validate output shape against the spec, stamp\n   * `_derivedFrom` onto every output. Returns per-output success or\n   * failure; throws only for shape mismatches (a contract violation).\n   */\n  async run<\n    TSource extends Record<string, unknown>,\n    TOutputs extends Record<string, Record<string, unknown>>,\n  >(\n    strategy: DerivationStrategy<TSource, TOutputs>,\n    source: TSource & { id: string },\n    sourceVersion: number,\n    strategyHash: string,\n    ctx: DerivationContext,\n  ): Promise<RunResult> {\n    const outputs: Record<string, OutputResult> = {}\n    let derived: Partial<TOutputs>\n\n    try {\n      derived = await Promise.resolve(strategy.derive(source as TSource, ctx))\n    } catch (err) {\n      for (const key of Object.keys(strategy.outputs)) {\n        outputs[key] = {\n          kind: 'failed',\n          value: {},\n          ok: false,\n          error: err instanceof Error ? err : new Error(String(err)),\n        }\n      }\n      return { outputs, failed: true }\n    }\n\n    const meta: DerivedFromMeta = {\n      source: strategy.source,\n      sourceId: source.id,\n      sourceVersion,\n      derivedAt: new Date().toISOString(),\n      strategyHash,\n    }\n\n    for (const key of Object.keys(strategy.outputs)) {\n      const outSpec = strategy.outputs[key]\n      if (!outSpec) continue\n      const value = (derived as Record<string, unknown>)[key]\n\n      // ── Array-shape branch ─────────────────────────────────────\n      if (outSpec.shape === 'array') {\n        if (value === undefined || value === null) {\n          // Treat null/undefined as \"empty array\" — clears all prior\n          // outputs for this (source, output) pair. The caller's\n          // diff turns that into deletes.\n          outputs[key] = { kind: 'array', ok: true, entries: [] }\n          continue\n        }\n        if (!Array.isArray(value)) {\n          throw new DerivationOutputShapeError(\n            key,\n            `shape 'array' expects an array, got ${typeof value}`,\n          )\n        }\n        const maxFanout = outSpec.maxFanout ?? 64\n        if (value.length > maxFanout) {\n          throw new DerivationCapExceededError(key, value.length, maxFanout)\n        }\n        const entries: Array<{ key: string; value: Record<string, unknown> }> = []\n        const seenKeys = new Set<string>()\n        for (let i = 0; i < value.length; i++) {\n          const row = value[i] as unknown\n          if (row === null || typeof row !== 'object') {\n            throw new DerivationOutputShapeError(\n              key,\n              `array member at index ${i} must be a non-null object (got ${row === null ? 'null' : typeof row})`,\n            )\n          }\n          let derivedKey: string\n          try {\n            derivedKey = outSpec.key(row as Record<string, unknown>)\n          } catch (err) {\n            throw new DerivationOutputShapeError(\n              key,\n              `key extractor threw on array member at index ${i}: `\n              + (err instanceof Error ? err.message : String(err)),\n            )\n          }\n          if (typeof derivedKey !== 'string' || derivedKey.length === 0) {\n            throw new DerivationOutputShapeError(\n              key,\n              `key extractor returned ${typeof derivedKey === 'string' ? 'empty string' : typeof derivedKey} at index ${i}; expected non-empty string`,\n            )\n          }\n          if (seenKeys.has(derivedKey)) {\n            throw new DerivationOutputShapeError(\n              key,\n              `duplicate key \"${derivedKey}\" in array output (index ${i}); each derived row must have a unique key within a single derive() invocation`,\n            )\n          }\n          seenKeys.add(derivedKey)\n          entries.push({\n            key: derivedKey,\n            value: { ...(row as Record<string, unknown>), _derivedFrom: meta },\n          })\n        }\n        outputs[key] = { kind: 'array', ok: true, entries }\n        continue\n      }\n\n      // ── Record-shape branch (existing v1 behavior) ─────────────\n      if (value === undefined || value === null) {\n        if (outSpec.optional === true) {\n          // Optional output explicitly skipped. Mark for caller\n          // so any prior-emitted output at this id can be deleted.\n          outputs[key] = { kind: 'record', value: {}, ok: true, skipped: true }\n          continue\n        }\n        throw new DerivationOutputShapeError(\n          key,\n          `expected object, got ${value === undefined ? 'undefined' : 'null'}`,\n        )\n      }\n      if (typeof value !== 'object') {\n        throw new DerivationOutputShapeError(\n          key,\n          `expected object, got ${typeof value}`,\n        )\n      }\n      outputs[key] = {\n        kind: 'record',\n        value: { ...(value as Record<string, unknown>), _derivedFrom: meta },\n        ok: true,\n      }\n    }\n    return { outputs, failed: false }\n  },\n}\n"],"mappings":";;;;;;AA0DO,IAAM,qBAAqB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMhC,MAAM,IAIJ,UACA,QACA,eACA,cACA,KACoB;AACpB,UAAM,UAAwC,CAAC;AAC/C,QAAI;AAEJ,QAAI;AACF,gBAAU,MAAM,QAAQ,QAAQ,SAAS,OAAO,QAAmB,GAAG,CAAC;AAAA,IACzE,SAAS,KAAK;AACZ,iBAAW,OAAO,OAAO,KAAK,SAAS,OAAO,GAAG;AAC/C,gBAAQ,GAAG,IAAI;AAAA,UACb,MAAM;AAAA,UACN,OAAO,CAAC;AAAA,UACR,IAAI;AAAA,UACJ,OAAO,eAAe,QAAQ,MAAM,IAAI,MAAM,OAAO,GAAG,CAAC;AAAA,QAC3D;AAAA,MACF;AACA,aAAO,EAAE,SAAS,QAAQ,KAAK;AAAA,IACjC;AAEA,UAAM,OAAwB;AAAA,MAC5B,QAAQ,SAAS;AAAA,MACjB,UAAU,OAAO;AAAA,MACjB;AAAA,MACA,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,MAClC;AAAA,IACF;AAEA,eAAW,OAAO,OAAO,KAAK,SAAS,OAAO,GAAG;AAC/C,YAAM,UAAU,SAAS,QAAQ,GAAG;AACpC,UAAI,CAAC,QAAS;AACd,YAAM,QAAS,QAAoC,GAAG;AAGtD,UAAI,QAAQ,UAAU,SAAS;AAC7B,YAAI,UAAU,UAAa,UAAU,MAAM;AAIzC,kBAAQ,GAAG,IAAI,EAAE,MAAM,SAAS,IAAI,MAAM,SAAS,CAAC,EAAE;AACtD;AAAA,QACF;AACA,YAAI,CAAC,MAAM,QAAQ,KAAK,GAAG;AACzB,gBAAM,IAAI;AAAA,YACR;AAAA,YACA,uCAAuC,OAAO,KAAK;AAAA,UACrD;AAAA,QACF;AACA,cAAM,YAAY,QAAQ,aAAa;AACvC,YAAI,MAAM,SAAS,WAAW;AAC5B,gBAAM,IAAI,2BAA2B,KAAK,MAAM,QAAQ,SAAS;AAAA,QACnE;AACA,cAAM,UAAkE,CAAC;AACzE,cAAM,WAAW,oBAAI,IAAY;AACjC,iBAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACrC,gBAAM,MAAM,MAAM,CAAC;AACnB,cAAI,QAAQ,QAAQ,OAAO,QAAQ,UAAU;AAC3C,kBAAM,IAAI;AAAA,cACR;AAAA,cACA,yBAAyB,CAAC,mCAAmC,QAAQ,OAAO,SAAS,OAAO,GAAG;AAAA,YACjG;AAAA,UACF;AACA,cAAI;AACJ,cAAI;AACF,yBAAa,QAAQ,IAAI,GAA8B;AAAA,UACzD,SAAS,KAAK;AACZ,kBAAM,IAAI;AAAA,cACR;AAAA,cACA,gDAAgD,CAAC,QAC9C,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAAA,YACpD;AAAA,UACF;AACA,cAAI,OAAO,eAAe,YAAY,WAAW,WAAW,GAAG;AAC7D,kBAAM,IAAI;AAAA,cACR;AAAA,cACA,0BAA0B,OAAO,eAAe,WAAW,iBAAiB,OAAO,UAAU,aAAa,CAAC;AAAA,YAC7G;AAAA,UACF;AACA,cAAI,SAAS,IAAI,UAAU,GAAG;AAC5B,kBAAM,IAAI;AAAA,cACR;AAAA,cACA,kBAAkB,UAAU,4BAA4B,CAAC;AAAA,YAC3D;AAAA,UACF;AACA,mBAAS,IAAI,UAAU;AACvB,kBAAQ,KAAK;AAAA,YACX,KAAK;AAAA,YACL,OAAO,EAAE,GAAI,KAAiC,cAAc,KAAK;AAAA,UACnE,CAAC;AAAA,QACH;AACA,gBAAQ,GAAG,IAAI,EAAE,MAAM,SAAS,IAAI,MAAM,QAAQ;AAClD;AAAA,MACF;AAGA,UAAI,UAAU,UAAa,UAAU,MAAM;AACzC,YAAI,QAAQ,aAAa,MAAM;AAG7B,kBAAQ,GAAG,IAAI,EAAE,MAAM,UAAU,OAAO,CAAC,GAAG,IAAI,MAAM,SAAS,KAAK;AACpE;AAAA,QACF;AACA,cAAM,IAAI;AAAA,UACR;AAAA,UACA,wBAAwB,UAAU,SAAY,cAAc,MAAM;AAAA,QACpE;AAAA,MACF;AACA,UAAI,OAAO,UAAU,UAAU;AAC7B,cAAM,IAAI;AAAA,UACR;AAAA,UACA,wBAAwB,OAAO,KAAK;AAAA,QACtC;AAAA,MACF;AACA,cAAQ,GAAG,IAAI;AAAA,QACb,MAAM;AAAA,QACN,OAAO,EAAE,GAAI,OAAmC,cAAc,KAAK;AAAA,QACnE,IAAI;AAAA,MACN;AAAA,IACF;AACA,WAAO,EAAE,SAAS,QAAQ,MAAM;AAAA,EAClC;AACF;","names":[]}

package/dist/{chunk-4PWAI7Q4.js → chunk-5OX6XVNS.js}

@@ -1,16 +1,16 @@
 import {
   ensureCollectionDEK
-} from "./chunk-WDM5XGGS.js";
+} from "./chunk-HQSQC2XL.js";
 import {
   NOYDB_FORMAT_VERSION
-} from "./chunk-RKJ6OL7K.js";
+} from "./chunk-WIRRPTFH.js";
 import {
   decrypt,
   encrypt
-} from "./chunk-MR4424N3.js";
+} from "./chunk-R233SLY3.js";
 import {
   PermissionDeniedError
-} from "./chunk-ACLDOTNQ.js";
+} from "./chunk-O6EJ6WTI.js";
 
 // src/team/sync-credentials.ts
 var SYNC_CREDENTIALS_COLLECTION = "_sync_credentials";
@@ -76,4 +76,4 @@ export {
   listCredentials,
   credentialStatus
 };
-//# sourceMappingURL=chunk-4PWAI7Q4.js.map
+//# sourceMappingURL=chunk-5OX6XVNS.js.map

package/dist/{chunk-2CSJGFCB.js → chunk-6EOXTJS2.js}

@@ -1,6 +1,6 @@
 import {
   NOYDB_FORMAT_VERSION
-} from "./chunk-RKJ6OL7K.js";
+} from "./chunk-WIRRPTFH.js";
 import {
   base64ToBuffer,
   bufferToBase64,
@@ -10,11 +10,11 @@ import {
   encryptBytesWithAAD,
   hmacSha256Hex,
   sha256Hex
-} from "./chunk-MR4424N3.js";
+} from "./chunk-R233SLY3.js";
 import {
   ConflictError,
   NotFoundError
-} from "./chunk-ACLDOTNQ.js";
+} from "./chunk-O6EJ6WTI.js";
 
 // src/blobs/mime-magic.ts
 function hex(s) {
@@ -820,7 +820,7 @@ var BlobSet = class {
       return this.buildResponse(slot, result.blob, { inline: true });
     }
     const aad = chunkAAD(slot.eTag, 0, result.blob.chunkCount);
-    const { decryptBytesWithAAD: decryptAAD } = await import("./crypto-IVKU7YTT.js");
+    const { decryptBytesWithAAD: decryptAAD } = await import("./crypto-2CRLG4F4.js");
     const decrypted = await decryptAAD(envelope._iv, envelope._data, blobDEK, aad);
     const plaintext = result.blob.compression === "gzip" ? await decompressBytes(decrypted) : decrypted;
     const body = new ReadableStream({
@@ -871,224 +871,6 @@ async function plainSha256Hex(data) {
   return sha256Hex(data);
 }
 
-// src/blobs/export-blobs.ts
-var ExportBlobsAbortedError = class extends Error {
-  constructor(reason) {
-    super(`exportBlobs aborted: ${reason}`);
-    this.name = "ExportBlobsAbortedError";
-  }
-};
-var EXPORT_AUDIT_COLLECTION = "_export_audit";
-function createExportBlobsHandle(actor, listAccessibleCollections, getCollection, writeAudit, options) {
-  let aborted = false;
-  const abort = () => {
-    aborted = true;
-  };
-  if (options.signal) {
-    if (options.signal.aborted) aborted = true;
-    options.signal.addEventListener("abort", () => {
-      aborted = true;
-    });
-  }
-  function assertLive() {
-    if (aborted) throw new ExportBlobsAbortedError("aborted by caller");
-  }
-  const allowlist = options.collections ? new Set(options.collections) : null;
-  let auditPromise = null;
-  function writeAuditOnce() {
-    if (!auditPromise) {
-      auditPromise = writeAudit({
-        id: generateBatchId(),
-        mechanism: "exportBlobs",
-        actor,
-        startedAt: (/* @__PURE__ */ new Date()).toISOString(),
-        collections: options.collections ?? null,
-        predicate: Boolean(options.where),
-        afterBlobId: options.afterBlobId ?? null
-      });
-    }
-    return auditPromise;
-  }
-  async function* generate() {
-    await writeAuditOnce();
-    assertLive();
-    const allCollections = await listAccessibleCollections();
-    const targets = allCollections.filter((name) => {
-      if (name.startsWith("_")) return false;
-      if (allowlist && !allowlist.has(name)) return false;
-      return true;
-    });
-    let resumeCursorHit = options.afterBlobId === void 0;
-    for (const collectionName of targets) {
-      if (aborted) return;
-      const coll = getCollection(collectionName);
-      const records = await coll.list().catch(() => []);
-      for (const record of records) {
-        if (aborted) return;
-        assertLive();
-        const idField = record.id;
-        if (typeof idField !== "string") continue;
-        if (options.where && !options.where(record, { collection: collectionName, id: idField })) continue;
-        const blobSet = coll.blob(idField);
-        const slots = await blobSet.list().catch(() => []);
-        for (const slot of slots) {
-          if (aborted) return;
-          if (!resumeCursorHit) {
-            if (slot.eTag === options.afterBlobId) {
-              resumeCursorHit = true;
-            }
-            continue;
-          }
-          const bytes = await blobSet.get(slot.name);
-          if (!bytes) continue;
-          const item = {
-            blobId: slot.eTag,
-            recordRef: { collection: collectionName, id: idField, slot: slot.name },
-            bytes,
-            meta: {
-              size: slot.size,
-              filename: slot.filename,
-              ...slot.mimeType !== void 0 && { mimeType: slot.mimeType },
-              ...slot.uploadedAt !== void 0 && { createdAt: slot.uploadedAt }
-            }
-          };
-          yield item;
-        }
-      }
-    }
-  }
-  const handle = {
-    abort,
-    get aborted() {
-      return aborted;
-    },
-    [Symbol.asyncIterator]: () => generate()
-  };
-  return handle;
-}
-function generateBatchId() {
-  const raw = globalThis.crypto.getRandomValues(new Uint8Array(16));
-  let s = "";
-  for (const b of raw) s += b.toString(16).padStart(2, "0");
-  return `batch-${Date.now().toString(36)}-${s.slice(0, 12)}`;
-}
-
-// src/blobs/blob-compaction.ts
-var BLOB_EVICTION_AUDIT_COLLECTION = "_blob_eviction_audit";
-async function runCompaction(ctx, options = {}) {
-  const now = options.now ?? /* @__PURE__ */ new Date();
-  const maxEvictions = options.maxEvictions ?? Infinity;
-  const dryRun = options.dryRun === true;
-  const allCollections = await ctx.listCollections();
-  const byCollection = {};
-  let evicted = 0;
-  let records = 0;
-  let auditEntries = 0;
-  let collectionsWithPolicy = 0;
-  outer: for (const collectionName of allCollections) {
-    if (collectionName.startsWith("_")) continue;
-    const config = ctx.getBlobFields(collectionName);
-    if (!config) continue;
-    const configuredSlots = Object.keys(config);
-    if (configuredSlots.length === 0) continue;
-    collectionsWithPolicy += 1;
-    byCollection[collectionName] = { records: 0, evicted: 0 };
-    const ids = await ctx.listRecords(collectionName);
-    for (const recordId of ids) {
-      if (evicted >= maxEvictions) break outer;
-      const record = await ctx.getRecord(collectionName, recordId).catch(() => null);
-      if (record === null) continue;
-      records += 1;
-      byCollection[collectionName].records += 1;
-      const slots = await ctx.listSlots(collectionName, recordId).catch(() => []);
-      for (const slot of slots) {
-        if (evicted >= maxEvictions) break outer;
-        const policy = config[slot.name];
-        if (!policy) continue;
-        const reason = evaluatePolicy(policy, record, slot, now);
-        if (!reason) continue;
-        if (!dryRun) {
-          await ctx.deleteSlot(collectionName, recordId, slot.name);
-          await writeAuditEntry(ctx, {
-            id: generateEvictionId(collectionName, recordId, slot.name),
-            collection: collectionName,
-            recordId,
-            slotName: slot.name,
-            blobHash: slot.eTag,
-            reason,
-            evictedAt: now.toISOString(),
-            actor: ctx.actor
-          });
-          auditEntries += 1;
-        }
-        evicted += 1;
-        byCollection[collectionName].evicted += 1;
-      }
-    }
-  }
-  return {
-    evicted,
-    records,
-    collections: collectionsWithPolicy,
-    auditEntries,
-    byCollection
-  };
-}
-function evaluatePolicy(policy, record, slot, now) {
-  let ttlTriggered = false;
-  let predicateTriggered = false;
-  if (policy.retainDays !== void 0 && policy.retainDays > 0) {
-    const uploadedAt = Date.parse(slot.uploadedAt);
-    if (Number.isFinite(uploadedAt)) {
-      const ageMs = now.getTime() - uploadedAt;
-      const limitMs = policy.retainDays * 864e5;
-      if (ageMs > limitMs) ttlTriggered = true;
-    }
-  }
-  if (policy.evictWhen) {
-    try {
-      if (policy.evictWhen(record)) predicateTriggered = true;
-    } catch {
-    }
-  }
-  if (ttlTriggered && predicateTriggered) return "both";
-  if (ttlTriggered) return "ttl";
-  if (predicateTriggered) return "predicate";
-  return null;
-}
-function generateEvictionId(collection, recordId, slotName) {
-  const rand = globalThis.crypto.getRandomValues(new Uint8Array(8));
-  let suffix = "";
-  for (const b of rand) suffix += b.toString(16).padStart(2, "0");
-  return `${collection}__${recordId}__${slotName}__${suffix}`;
-}
-async function writeAuditEntry(ctx, entry) {
-  const json = JSON.stringify(entry);
-  let envelope;
-  if (ctx.encrypted) {
-    const dek = await ctx.getDEK(BLOB_EVICTION_AUDIT_COLLECTION);
-    const { iv, data } = await encrypt(json, dek);
-    envelope = {
-      _noydb: NOYDB_FORMAT_VERSION,
-      _v: 1,
-      _ts: entry.evictedAt,
-      _iv: iv,
-      _data: data,
-      _by: entry.actor
-    };
-  } else {
-    envelope = {
-      _noydb: NOYDB_FORMAT_VERSION,
-      _v: 1,
-      _ts: entry.evictedAt,
-      _iv: "",
-      _data: json,
-      _by: entry.actor
-    };
-  }
-  await ctx.adapter.put(ctx.vault, BLOB_EVICTION_AUDIT_COLLECTION, entry.id, envelope);
-}
-
 export {
   detectMimeType,
   detectMagic,
@@ -1099,11 +881,6 @@ export {
   BLOB_SLOTS_PREFIX,
   BLOB_VERSIONS_PREFIX,
   DEFAULT_CHUNK_SIZE,
-  BlobSet,
-  ExportBlobsAbortedError,
-  EXPORT_AUDIT_COLLECTION,
-  createExportBlobsHandle,
-  BLOB_EVICTION_AUDIT_COLLECTION,
-  runCompaction
+  BlobSet
 };
-//# sourceMappingURL=chunk-2CSJGFCB.js.map
+//# sourceMappingURL=chunk-6EOXTJS2.js.map