@noy-db/hub 0.1.0-pre.9 → 0.2.0-pre.2

package/dist/{index-CywCC1qZ.d.cts → ulid-BmBgooGm.d.ts}

@@ -1,4 +1,4 @@
-import { aS as PublicEnvelope, b0 as BundleRecipient, aY as Vault } from './types-Bnb82f5R.cjs';
+import { ba as PublicEnvelope, bb as SealingKeyProvider, bc as BundleRecipient, bd as RecipientSealer, be as RecipientHint, bf as Vault } from './types-BoFFiskX.js';
 
 /**
  * `.noydb` container format — byte layout, header schema, validators.
@@ -123,6 +123,38 @@ interface NoydbBundleHeader {
      * other unknown header key still rejects at parse time.
      */
     readonly publicEnvelope?: PublicEnvelope;
+    /**
+     * Auto-unlock material indicator (#197). When present, the bundle
+     * body wraps the dump JSON in a structure carrying per-user
+     * passphrases — either plaintext (`'unsealed'`, public-by-design)
+     * or sealed under a `SealingKeyProvider` (`'sealed'`, requires
+     * matching provider on the recipient side).
+     *
+     * Visible pre-decompression so cloud listing UIs can warn before
+     * download: "this bundle opens itself for anyone holding the file"
+     * (unsealed) or "this bundle is sealed for a specific provider"
+     * (sealed).
+     *
+     * Absent → the body is a raw `vault.dump()` JSON string (the
+     * pre-#197 shape; back-compatible).
+     */
+    readonly autoUnlock?: 'unsealed' | 'sealed';
+    /**
+     * Bundle's role in the source → destination lifecycle (#203).
+     *   - omitted / 'snapshot' (default): backup/copy of an existing vault.
+     *   - 'extracted-partition': re-keyed projection awaiting adoption.
+     */
+    readonly bundleKind?: 'snapshot' | 'extracted-partition';
+    /**
+     * Transfer-seal INDICATOR (#206) — metadata only, no payload (the
+     * sealed DEKs live in the body). Present iff
+     * bundleKind === 'extracted-partition'.
+     */
+    readonly transferSeal?: {
+        readonly v: 1;
+        readonly alg: 'aes-256-gcm-pre-shared';
+        readonly sealId: string;
+    };
 }
 /**
  * Validate a parsed bundle header. Throws on any deviation from
@@ -188,6 +220,26 @@ declare function hasNoydbBundleMagic(bytes: Uint8Array): boolean;
  * archive utilities that don't care about decryption.
  */
 
+/**
+ * The credential kinds that can be bundled for auto-unlock.
+ * WebAuthn is intentionally excluded — it is hardware-bound and
+ * cannot be embedded as a portable credential.
+ */
+type AutoCredentialKind = 'passphrase' | 'password' | 'pin';
+/**
+ * A typed credential for auto-unlock. Carries the credential `kind`
+ * alongside the plaintext `value`, so consumers can dispatch the
+ * correct login/prefill path rather than treating all credentials
+ * as passphrases.
+ *
+ * `bundle.ts` is a pure format layer — it carries the credential
+ * without interpreting it. The consumer is responsible for
+ * dispatching on `kind`.
+ */
+interface AutoCredential {
+    readonly kind: AutoCredentialKind;
+    readonly value: string;
+}
 /**
  * Options accepted by `writeNoydbBundle`.
  *
@@ -258,6 +310,109 @@ interface WriteNoydbBundleOptions {
      * suited to personal backup-and-restore).
      */
     readonly recipients?: readonly BundleRecipient[];
+    /**
+     * Auto-unlock — unsealed per-user credentials (#215).
+     *
+     * Generalises `autoPassphrases` to support any bundleable credential
+     * kind (`passphrase` | `password` | `pin`).
+     *
+     * Public-by-design: anyone holding the bundle bytes can read these
+     * plaintext credentials. Use for demo data, sample vaults,
+     * prospect onboarding.
+     *
+     * The `policy: 'public-by-design'` discriminant is mandatory. A
+     * bare `{ perUser }` without it is rejected at write time — the
+     * safety net against a careless call against a production vault.
+     *
+     * Mutually exclusive with `sealedCredentials`, `autoPassphrases`,
+     * and `sealedPassphrases`.
+     */
+    readonly autoCredentials?: {
+        readonly policy: 'public-by-design';
+        readonly perUser: Record<string, AutoCredential>;
+    };
+    /**
+     * Auto-unlock — per-user credentials sealed under a
+     * {@link SealingKeyProvider} (#215).
+     *
+     * Generalises `sealedPassphrases` to support any bundleable
+     * credential kind (`passphrase` | `password` | `pin`).
+     *
+     * The hub seals each user's plaintext credential under `provider`
+     * and embeds the resulting sealed envelopes in the bundle. The
+     * recipient must hold a provider with a matching `pid` (i.e.,
+     * `provider.id`) to auto-unseal on import.
+     *
+     * `mode: 'self-target'` — sender and recipient share the same
+     * provider identity (same iCloud Keychain entry, same
+     * MDM-provisioned bundle id, same KMS account, etc.).
+     *
+     * `mode: 'recipient-target'` — asymmetric sealing via a
+     * {@link RecipientSealer}. Each user entry carries a
+     * `credential` and a `hint` (the recipient's public material).
+     * The bundle can only be unsealed by the holder of the matching
+     * private key.
+     *
+     * Mutually exclusive with `autoCredentials`, `autoPassphrases`,
+     * and `sealedPassphrases`.
+     */
+    readonly sealedCredentials?: {
+        readonly mode: 'self-target';
+        readonly provider: SealingKeyProvider;
+        readonly perUser: Record<string, AutoCredential>;
+    } | {
+        readonly mode: 'recipient-target';
+        readonly provider: RecipientSealer;
+        readonly perUser: Record<string, {
+            readonly credential: AutoCredential;
+            readonly hint: RecipientHint;
+        }>;
+    };
+    /**
+     * @deprecated Use `autoCredentials` instead (#215).
+     *
+     * Auto-unlock — unsealed per-user passphrases (#197 slice 1).
+     *
+     * Public-by-design: anyone holding the bundle bytes can read these
+     * plaintext credentials. Use for demo data, sample vaults,
+     * prospect onboarding.
+     *
+     * The `policy: 'public-by-design'` discriminant is mandatory. A
+     * bare `{ perUser }` without it is rejected at write time — the
+     * safety net against a careless call against a production vault.
+     *
+     * Mutually exclusive with `autoCredentials`, `sealedCredentials`,
+     * and `sealedPassphrases`.
+     */
+    readonly autoPassphrases?: {
+        readonly policy: 'public-by-design';
+        readonly perUser: Record<string, string>;
+    };
+    /**
+     * @deprecated Use `sealedCredentials` instead (#215).
+     *
+     * Auto-unlock — per-user passphrases sealed under a
+     * {@link SealingKeyProvider} (#197 slice 1, self-target only).
+     *
+     * The hub seals each user's plaintext passphrase under `provider`
+     * and embeds the resulting sealed envelopes in the bundle. The
+     * recipient must hold a provider with a matching `pid` (i.e.,
+     * `provider.id`) to auto-unseal on import.
+     *
+     * `mode: 'self-target'` is the only mode for `sealedPassphrases` — sender
+     * and recipient share the same provider identity (same iCloud Keychain
+     * entry, same MDM-provisioned bundle id, same KMS account, etc.).
+     * For recipient-target sealing via the `RecipientSealer` interface,
+     * use `sealedCredentials` with `mode: 'recipient-target'` (§11.4).
+     *
+     * Mutually exclusive with `autoCredentials`, `sealedCredentials`,
+     * and `autoPassphrases`.
+     */
+    readonly sealedPassphrases?: {
+        readonly mode: 'self-target';
+        readonly provider: SealingKeyProvider;
+        readonly perUser: Record<string, string>;
+    };
 }
 /**
  * Result returned by `readNoydbBundle`. The caller is expected to
@@ -268,32 +423,66 @@ interface WriteNoydbBundleOptions {
 interface NoydbBundleReadResult {
     readonly header: NoydbBundleHeader;
     readonly dumpJson: string;
+    /**
+     * Auto-unlock material (#197, widened in #215). Present only when
+     * the header's `autoUnlock` flag is set AND the body's wrapped
+     * structure survived parsing. Values are typed credentials — either
+     * delivered plain (`kind: 'unsealed'`) or unsealed at read time
+     * using one of the supplied `sealingProviders` (`kind: 'sealed'`).
+     *
+     * Consumers dispatch on `cred.kind` to choose the correct login /
+     * prefill path. Pre-0.2 bundles (bare string entries) are coerced
+     * to `{ kind: 'passphrase', value }` on read for back-compat.
+     *
+     * For `kind: 'sealed'` bundles read without `sealingProviders`, the
+     * `value` field is the raw base64 sealed bytes — opaque to the
+     * consumer until unsealed elsewhere.
+     */
+    readonly autoUnlock?: {
+        readonly kind: 'unsealed' | 'sealed';
+        readonly perUser: Record<string, AutoCredential>;
+    };
 }
-/** Test-only: reset the brotli detection cache between tests. */
-declare function resetBrotliSupportCache(): void;
 /**
- * Write a `.noydb` bundle for the given vault.
- *
- * Pipeline:
- *   1. Resolve or create the compartment's stable bundle handle
- *      via `vault.getBundleHandle()` — same handle on
- *      every export from the same vault instance, so cloud
- *      adapters can use it as a primary key.
- *   2. `vault.dump()` → JSON string with encrypted records
- *      inside.
- *   3. UTF-8 encode the dump string.
- *   4. Compress (brotli if available, gzip fallback by default).
- *   5. Compute SHA-256 of the compressed body for integrity.
- *   6. Build the minimum-disclosure header from format version,
- *      handle, body length, body sha.
- *   7. Serialize: magic (4) + flags (1) + algo (1) + headerLen (4)
- *      + header JSON (N) + compressed body (M).
- *
- * The output is a single `Uint8Array`. Consumers writing to disk
- * pass it to `fs.writeFile`; consumers uploading to cloud storage
- * pass it as the request body. The `@noy-db/file` adapter wraps
- * this with a `saveBundle(path, vault)` helper.
+ * Options accepted by {@link readNoydbBundle} for the #197
+ * auto-unlock paths. Without these the reader behaves exactly as
+ * pre-#197 (header parsed; body returned as `dumpJson`).
  */
+interface ReadNoydbBundleOptions {
+    /**
+     * Recipient-side sealing providers used to unseal entries from
+     * `sealedPassphrases`. The reader picks the one whose `.id`
+     * matches each entry's `pid`. Multiple providers may be supplied
+     * (different users may seal under different identities).
+     *
+     * When unset and the bundle carries sealed envelopes, the
+     * `autoUnlock.perUser` map remains the SEALED entries unmodified
+     * — callers can inspect them or unseal elsewhere.
+     */
+    readonly sealingProviders?: readonly SealingKeyProvider[];
+    /**
+     * Opt-in trial mode for unsealing — when an entry's `pid` doesn't
+     * match a registered provider, try each provider whose alg
+     * matches. Default `false` (strict-pid dispatch per foundation
+     * §11.9.2). Surfaces extra credential prompts; use deliberately.
+     */
+    readonly attemptUnsealAcrossProviders?: boolean;
+}
+/**
+ * Transfer-seal payload (#206). The destination DEKs, exported to raw
+ * bytes and AES-256-GCM-sealed *as a set* under the one-time transfer
+ * key. `adoptPartition` (#207) unseals this; `createOwnerOnAdoptedPartition`
+ * (#208) re-wraps the raw DEKs under the recipient's KEK.
+ */
+interface TransferSealPayload {
+    readonly v: 1;
+    readonly alg: 'aes-256-gcm-pre-shared';
+    readonly sealId: string;
+    /** base64(AES-256-GCM(transferKey, JSON of { collection: base64(rawDEK) })) — iv ‖ ct ‖ tag. */
+    readonly payload: string;
+}
+/** Test-only: reset the brotli detection cache between tests. */
+declare function resetBrotliSupportCache(): void;
 declare function writeNoydbBundle(vault: Vault, opts?: WriteNoydbBundleOptions): Promise<Uint8Array>;
 /**
  * Read just the bundle header — no body decompression, no
@@ -344,7 +533,7 @@ declare function readNoydbBundlePublicEnvelope(bytes: Uint8Array, opts?: {
  * free of crypto concerns and lets the same code feed format
  * inspectors that never decrypt anything.
  */
-declare function readNoydbBundle(bytes: Uint8Array): Promise<NoydbBundleReadResult>;
+declare function readNoydbBundle(bytes: Uint8Array, opts?: ReadNoydbBundleOptions): Promise<NoydbBundleReadResult>;
 
 /**
  * Minimal ULID generator — zero dependencies, Web Crypto API only.
@@ -411,4 +600,4 @@ declare function generateULID(): string;
  */
 declare function isULID(value: string): boolean;
 
-export { type CompressionAlgo as C, FLAG_COMPRESSED as F, NOYDB_BUNDLE_FORMAT_VERSION as N, type WriteNoydbBundleOptions as W, NOYDB_BUNDLE_MAGIC as a, NOYDB_BUNDLE_PREFIX_BYTES as b, type NoydbBundleHeader as c, type NoydbBundleReadResult as d, readNoydbBundleHeader as e, readNoydbBundlePublicEnvelope as f, generateULID as g, hasNoydbBundleMagic as h, isULID as i, resetBrotliSupportCache as j, COMPRESSION_BROTLI as k, COMPRESSION_GZIP as l, COMPRESSION_NONE as m, FLAG_HAS_INTEGRITY_HASH as n, encodeBundleHeader as o, readNoydbBundle as r, validateBundleHeader as v, writeNoydbBundle as w };
+export { type AutoCredential as A, COMPRESSION_BROTLI as C, FLAG_COMPRESSED as F, NOYDB_BUNDLE_FORMAT_VERSION as N, type ReadNoydbBundleOptions as R, type TransferSealPayload as T, type WriteNoydbBundleOptions as W, COMPRESSION_GZIP as a, COMPRESSION_NONE as b, type CompressionAlgo as c, FLAG_HAS_INTEGRITY_HASH as d, NOYDB_BUNDLE_MAGIC as e, NOYDB_BUNDLE_PREFIX_BYTES as f, type NoydbBundleHeader as g, type NoydbBundleReadResult as h, encodeBundleHeader as i, generateULID as j, isULID as k, readNoydbBundleHeader as l, resetBrotliSupportCache as m, type AutoCredentialKind as n, hasNoydbBundleMagic as o, readNoydbBundlePublicEnvelope as p, readNoydbBundle as r, validateBundleHeader as v, writeNoydbBundle as w };

package/dist/{index-8QDuznDr.d.ts → ulid-C7ms9oli.d.cts}

@@ -1,4 +1,4 @@
-import { aS as PublicEnvelope, b0 as BundleRecipient, aY as Vault } from './types-Bo7NSXJr.js';
+import { ba as PublicEnvelope, bb as SealingKeyProvider, bc as BundleRecipient, bd as RecipientSealer, be as RecipientHint, bf as Vault } from './types-DJG8HG6F.cjs';
 
 /**
  * `.noydb` container format — byte layout, header schema, validators.
@@ -123,6 +123,38 @@ interface NoydbBundleHeader {
      * other unknown header key still rejects at parse time.
      */
     readonly publicEnvelope?: PublicEnvelope;
+    /**
+     * Auto-unlock material indicator (#197). When present, the bundle
+     * body wraps the dump JSON in a structure carrying per-user
+     * passphrases — either plaintext (`'unsealed'`, public-by-design)
+     * or sealed under a `SealingKeyProvider` (`'sealed'`, requires
+     * matching provider on the recipient side).
+     *
+     * Visible pre-decompression so cloud listing UIs can warn before
+     * download: "this bundle opens itself for anyone holding the file"
+     * (unsealed) or "this bundle is sealed for a specific provider"
+     * (sealed).
+     *
+     * Absent → the body is a raw `vault.dump()` JSON string (the
+     * pre-#197 shape; back-compatible).
+     */
+    readonly autoUnlock?: 'unsealed' | 'sealed';
+    /**
+     * Bundle's role in the source → destination lifecycle (#203).
+     *   - omitted / 'snapshot' (default): backup/copy of an existing vault.
+     *   - 'extracted-partition': re-keyed projection awaiting adoption.
+     */
+    readonly bundleKind?: 'snapshot' | 'extracted-partition';
+    /**
+     * Transfer-seal INDICATOR (#206) — metadata only, no payload (the
+     * sealed DEKs live in the body). Present iff
+     * bundleKind === 'extracted-partition'.
+     */
+    readonly transferSeal?: {
+        readonly v: 1;
+        readonly alg: 'aes-256-gcm-pre-shared';
+        readonly sealId: string;
+    };
 }
 /**
  * Validate a parsed bundle header. Throws on any deviation from
@@ -188,6 +220,26 @@ declare function hasNoydbBundleMagic(bytes: Uint8Array): boolean;
  * archive utilities that don't care about decryption.
  */
 
+/**
+ * The credential kinds that can be bundled for auto-unlock.
+ * WebAuthn is intentionally excluded — it is hardware-bound and
+ * cannot be embedded as a portable credential.
+ */
+type AutoCredentialKind = 'passphrase' | 'password' | 'pin';
+/**
+ * A typed credential for auto-unlock. Carries the credential `kind`
+ * alongside the plaintext `value`, so consumers can dispatch the
+ * correct login/prefill path rather than treating all credentials
+ * as passphrases.
+ *
+ * `bundle.ts` is a pure format layer — it carries the credential
+ * without interpreting it. The consumer is responsible for
+ * dispatching on `kind`.
+ */
+interface AutoCredential {
+    readonly kind: AutoCredentialKind;
+    readonly value: string;
+}
 /**
  * Options accepted by `writeNoydbBundle`.
  *
@@ -258,6 +310,109 @@ interface WriteNoydbBundleOptions {
      * suited to personal backup-and-restore).
      */
     readonly recipients?: readonly BundleRecipient[];
+    /**
+     * Auto-unlock — unsealed per-user credentials (#215).
+     *
+     * Generalises `autoPassphrases` to support any bundleable credential
+     * kind (`passphrase` | `password` | `pin`).
+     *
+     * Public-by-design: anyone holding the bundle bytes can read these
+     * plaintext credentials. Use for demo data, sample vaults,
+     * prospect onboarding.
+     *
+     * The `policy: 'public-by-design'` discriminant is mandatory. A
+     * bare `{ perUser }` without it is rejected at write time — the
+     * safety net against a careless call against a production vault.
+     *
+     * Mutually exclusive with `sealedCredentials`, `autoPassphrases`,
+     * and `sealedPassphrases`.
+     */
+    readonly autoCredentials?: {
+        readonly policy: 'public-by-design';
+        readonly perUser: Record<string, AutoCredential>;
+    };
+    /**
+     * Auto-unlock — per-user credentials sealed under a
+     * {@link SealingKeyProvider} (#215).
+     *
+     * Generalises `sealedPassphrases` to support any bundleable
+     * credential kind (`passphrase` | `password` | `pin`).
+     *
+     * The hub seals each user's plaintext credential under `provider`
+     * and embeds the resulting sealed envelopes in the bundle. The
+     * recipient must hold a provider with a matching `pid` (i.e.,
+     * `provider.id`) to auto-unseal on import.
+     *
+     * `mode: 'self-target'` — sender and recipient share the same
+     * provider identity (same iCloud Keychain entry, same
+     * MDM-provisioned bundle id, same KMS account, etc.).
+     *
+     * `mode: 'recipient-target'` — asymmetric sealing via a
+     * {@link RecipientSealer}. Each user entry carries a
+     * `credential` and a `hint` (the recipient's public material).
+     * The bundle can only be unsealed by the holder of the matching
+     * private key.
+     *
+     * Mutually exclusive with `autoCredentials`, `autoPassphrases`,
+     * and `sealedPassphrases`.
+     */
+    readonly sealedCredentials?: {
+        readonly mode: 'self-target';
+        readonly provider: SealingKeyProvider;
+        readonly perUser: Record<string, AutoCredential>;
+    } | {
+        readonly mode: 'recipient-target';
+        readonly provider: RecipientSealer;
+        readonly perUser: Record<string, {
+            readonly credential: AutoCredential;
+            readonly hint: RecipientHint;
+        }>;
+    };
+    /**
+     * @deprecated Use `autoCredentials` instead (#215).
+     *
+     * Auto-unlock — unsealed per-user passphrases (#197 slice 1).
+     *
+     * Public-by-design: anyone holding the bundle bytes can read these
+     * plaintext credentials. Use for demo data, sample vaults,
+     * prospect onboarding.
+     *
+     * The `policy: 'public-by-design'` discriminant is mandatory. A
+     * bare `{ perUser }` without it is rejected at write time — the
+     * safety net against a careless call against a production vault.
+     *
+     * Mutually exclusive with `autoCredentials`, `sealedCredentials`,
+     * and `sealedPassphrases`.
+     */
+    readonly autoPassphrases?: {
+        readonly policy: 'public-by-design';
+        readonly perUser: Record<string, string>;
+    };
+    /**
+     * @deprecated Use `sealedCredentials` instead (#215).
+     *
+     * Auto-unlock — per-user passphrases sealed under a
+     * {@link SealingKeyProvider} (#197 slice 1, self-target only).
+     *
+     * The hub seals each user's plaintext passphrase under `provider`
+     * and embeds the resulting sealed envelopes in the bundle. The
+     * recipient must hold a provider with a matching `pid` (i.e.,
+     * `provider.id`) to auto-unseal on import.
+     *
+     * `mode: 'self-target'` is the only mode for `sealedPassphrases` — sender
+     * and recipient share the same provider identity (same iCloud Keychain
+     * entry, same MDM-provisioned bundle id, same KMS account, etc.).
+     * For recipient-target sealing via the `RecipientSealer` interface,
+     * use `sealedCredentials` with `mode: 'recipient-target'` (§11.4).
+     *
+     * Mutually exclusive with `autoCredentials`, `sealedCredentials`,
+     * and `autoPassphrases`.
+     */
+    readonly sealedPassphrases?: {
+        readonly mode: 'self-target';
+        readonly provider: SealingKeyProvider;
+        readonly perUser: Record<string, string>;
+    };
 }
 /**
  * Result returned by `readNoydbBundle`. The caller is expected to
@@ -268,32 +423,66 @@ interface WriteNoydbBundleOptions {
 interface NoydbBundleReadResult {
     readonly header: NoydbBundleHeader;
     readonly dumpJson: string;
+    /**
+     * Auto-unlock material (#197, widened in #215). Present only when
+     * the header's `autoUnlock` flag is set AND the body's wrapped
+     * structure survived parsing. Values are typed credentials — either
+     * delivered plain (`kind: 'unsealed'`) or unsealed at read time
+     * using one of the supplied `sealingProviders` (`kind: 'sealed'`).
+     *
+     * Consumers dispatch on `cred.kind` to choose the correct login /
+     * prefill path. Pre-0.2 bundles (bare string entries) are coerced
+     * to `{ kind: 'passphrase', value }` on read for back-compat.
+     *
+     * For `kind: 'sealed'` bundles read without `sealingProviders`, the
+     * `value` field is the raw base64 sealed bytes — opaque to the
+     * consumer until unsealed elsewhere.
+     */
+    readonly autoUnlock?: {
+        readonly kind: 'unsealed' | 'sealed';
+        readonly perUser: Record<string, AutoCredential>;
+    };
 }
-/** Test-only: reset the brotli detection cache between tests. */
-declare function resetBrotliSupportCache(): void;
 /**
- * Write a `.noydb` bundle for the given vault.
- *
- * Pipeline:
- *   1. Resolve or create the compartment's stable bundle handle
- *      via `vault.getBundleHandle()` — same handle on
- *      every export from the same vault instance, so cloud
- *      adapters can use it as a primary key.
- *   2. `vault.dump()` → JSON string with encrypted records
- *      inside.
- *   3. UTF-8 encode the dump string.
- *   4. Compress (brotli if available, gzip fallback by default).
- *   5. Compute SHA-256 of the compressed body for integrity.
- *   6. Build the minimum-disclosure header from format version,
- *      handle, body length, body sha.
- *   7. Serialize: magic (4) + flags (1) + algo (1) + headerLen (4)
- *      + header JSON (N) + compressed body (M).
- *
- * The output is a single `Uint8Array`. Consumers writing to disk
- * pass it to `fs.writeFile`; consumers uploading to cloud storage
- * pass it as the request body. The `@noy-db/file` adapter wraps
- * this with a `saveBundle(path, vault)` helper.
+ * Options accepted by {@link readNoydbBundle} for the #197
+ * auto-unlock paths. Without these the reader behaves exactly as
+ * pre-#197 (header parsed; body returned as `dumpJson`).
  */
+interface ReadNoydbBundleOptions {
+    /**
+     * Recipient-side sealing providers used to unseal entries from
+     * `sealedPassphrases`. The reader picks the one whose `.id`
+     * matches each entry's `pid`. Multiple providers may be supplied
+     * (different users may seal under different identities).
+     *
+     * When unset and the bundle carries sealed envelopes, the
+     * `autoUnlock.perUser` map remains the SEALED entries unmodified
+     * — callers can inspect them or unseal elsewhere.
+     */
+    readonly sealingProviders?: readonly SealingKeyProvider[];
+    /**
+     * Opt-in trial mode for unsealing — when an entry's `pid` doesn't
+     * match a registered provider, try each provider whose alg
+     * matches. Default `false` (strict-pid dispatch per foundation
+     * §11.9.2). Surfaces extra credential prompts; use deliberately.
+     */
+    readonly attemptUnsealAcrossProviders?: boolean;
+}
+/**
+ * Transfer-seal payload (#206). The destination DEKs, exported to raw
+ * bytes and AES-256-GCM-sealed *as a set* under the one-time transfer
+ * key. `adoptPartition` (#207) unseals this; `createOwnerOnAdoptedPartition`
+ * (#208) re-wraps the raw DEKs under the recipient's KEK.
+ */
+interface TransferSealPayload {
+    readonly v: 1;
+    readonly alg: 'aes-256-gcm-pre-shared';
+    readonly sealId: string;
+    /** base64(AES-256-GCM(transferKey, JSON of { collection: base64(rawDEK) })) — iv ‖ ct ‖ tag. */
+    readonly payload: string;
+}
+/** Test-only: reset the brotli detection cache between tests. */
+declare function resetBrotliSupportCache(): void;
 declare function writeNoydbBundle(vault: Vault, opts?: WriteNoydbBundleOptions): Promise<Uint8Array>;
 /**
  * Read just the bundle header — no body decompression, no
@@ -344,7 +533,7 @@ declare function readNoydbBundlePublicEnvelope(bytes: Uint8Array, opts?: {
  * free of crypto concerns and lets the same code feed format
  * inspectors that never decrypt anything.
  */
-declare function readNoydbBundle(bytes: Uint8Array): Promise<NoydbBundleReadResult>;
+declare function readNoydbBundle(bytes: Uint8Array, opts?: ReadNoydbBundleOptions): Promise<NoydbBundleReadResult>;
 
 /**
  * Minimal ULID generator — zero dependencies, Web Crypto API only.
@@ -411,4 +600,4 @@ declare function generateULID(): string;
  */
 declare function isULID(value: string): boolean;
 
-export { type CompressionAlgo as C, FLAG_COMPRESSED as F, NOYDB_BUNDLE_FORMAT_VERSION as N, type WriteNoydbBundleOptions as W, NOYDB_BUNDLE_MAGIC as a, NOYDB_BUNDLE_PREFIX_BYTES as b, type NoydbBundleHeader as c, type NoydbBundleReadResult as d, readNoydbBundleHeader as e, readNoydbBundlePublicEnvelope as f, generateULID as g, hasNoydbBundleMagic as h, isULID as i, resetBrotliSupportCache as j, COMPRESSION_BROTLI as k, COMPRESSION_GZIP as l, COMPRESSION_NONE as m, FLAG_HAS_INTEGRITY_HASH as n, encodeBundleHeader as o, readNoydbBundle as r, validateBundleHeader as v, writeNoydbBundle as w };
+export { type AutoCredential as A, COMPRESSION_BROTLI as C, FLAG_COMPRESSED as F, NOYDB_BUNDLE_FORMAT_VERSION as N, type ReadNoydbBundleOptions as R, type TransferSealPayload as T, type WriteNoydbBundleOptions as W, COMPRESSION_GZIP as a, COMPRESSION_NONE as b, type CompressionAlgo as c, FLAG_HAS_INTEGRITY_HASH as d, NOYDB_BUNDLE_MAGIC as e, NOYDB_BUNDLE_PREFIX_BYTES as f, type NoydbBundleHeader as g, type NoydbBundleReadResult as h, encodeBundleHeader as i, generateULID as j, isULID as k, readNoydbBundleHeader as l, resetBrotliSupportCache as m, type AutoCredentialKind as n, hasNoydbBundleMagic as o, readNoydbBundlePublicEnvelope as p, readNoydbBundle as r, validateBundleHeader as v, writeNoydbBundle as w };