@noy-db/hub 0.2.0-pre.1 → 0.2.0-pre.11

package/dist/index.d.cts

@@ -1,21 +1,23 @@
-import { aO as NoydbStore, bg as UserEnvelope, bh as PublicEnvelope, bi as GateName, bj as GatePolicy, bk as VaultPolicy, bl as ActiveTier, bm as FactorProof, bn as PersistedSchemaEnvelope, bo as DirectoryConfig, bp as UserVisibility, aM as UnlockedKeyring, bq as Vault, aV as DiffEntry } from './types-C4lwMKKF.cjs';
-export { br as AccessibleVault, aS as AppendInput, ay as ArrayOutputSpec, p as BLOB_CHUNKS_COLLECTION, q as BLOB_COLLECTION, t as BLOB_INDEX_COLLECTION, u as BLOB_SLOTS_PREFIX, w as BLOB_VERSIONS_PREFIX, bs as BUNDLE_STORE_POLICY, A as BlobObject, C as BlobPutOptions, E as BlobResponseOptions, F as BlobSet, bt as BuiltInGateName, bu as BundleRecipient, _ as CONSENT_AUDIT_COLLECTION, bv as CacheOptions, bw as CacheStats, bx as ChangeEvent, aT as ChangeType, a7 as ClosePeriodOptions, aH as Collection, by as CollectionChangeEvent, bz as CollectionConflictResolver, bA as CollectionDescriptor, ao as CollectionFrame, aU as CollectionInstant, bB as CollectionStats, bC as Conflict, bD as ConflictPolicy, bE as ConflictStrategy, $ as ConsentAuditEntry, a0 as ConsentAuditFilter, a1 as ConsentContext, a2 as ConsentOp, bF as CrossTierAccessEvent, L as DEFAULT_CHUNK_SIZE, bG as DEFAULT_PUBLIC_ENVELOPE_SCHEMA, bH as DELEGATIONS_COLLECTION, D as DICT_COLLECTION_PREFIX, bI as DeepPartial, bJ as DeepPartialOrNull, bK as DelegationToken, bL as DeleteManyResult, bM as DerivationDescriptor, aw as DerivationStrategy, aA as DerivationStrategyHandle, aB as DerivedFromMeta, a as DictEntry, b as DictKeyDescriptor, c as DictionaryHandle, d as DictionaryOptions, bN as DirtyEntry, bO as DumpSchemaOptions, bP as ELEVATION_AUDIT_COLLECTION, bQ as ElevatedHandle, aQ as EncryptedEnvelope, bR as EnrollAuthenticatorOptions, bS as EnrollAuthenticatorWrappingDEKsOptions, bT as EnrollAuthenticatorWrappingKEKOptions, bU as EnrollRecoveryResult, bV as ExportCapability, bW as ExportChunk, bX as ExportFormat, bY as ExportStreamOptions, bZ as FactorKind, b_ as FactorProofBundle, b$ as FactorRequirement, c0 as FieldDescriptor, c1 as FieldSource, c2 as GhostRecord, c3 as GrantOptions, ai as GuardChange, aj as GuardContext, ah as GuardStrategy, al as GuardStrategyHandle, c4 as HistoryConfig, c5 as HistoryEntry, aP as HistoryOptions, e as I18nTextDescriptor, f as I18nTextOptions, c6 as INDEXED_STORE_POLICY, c7 as ImportCapability, c8 as InferOutput, c9 as InternalCollectionStats, ca as IssueDelegationOptions, cb as IssueMagicLinkGrantOptions, aW as JsonPatch, aX as JsonPatchOp, cc as KeyringAuthenticator, cd as KeyringAuthenticatorWrappingDEKs, ce as KeyringAuthenticatorWrappingKEK, cf as KeyringFile, aY as LedgerEntry, aZ as LedgerStore, cg as ListAccessibleVaultsOptions, ch as ListPageResult, ci as ListUsersOptions, cj as LiveUserEnvelope, ck as LocaleReadOptions, cl as Lru, cm as LruOptions, cn as LruStats, co as MAGIC_LINK_CONTENT_INFO_PREFIX, cp as MAGIC_LINK_GRANTS_COLLECTION, cq as MAGIC_LINK_KEK_INFO_PREFIX, cr as MagicLinkGrantPayload, cs as MagicLinkGrantRecord, bd as MaterializedFromMeta, ct as MaterializedViewDescriptor, be as MaterializedViewOutput, aE as MaterializedViewStrategy, aF as MaterializedViewStrategyHandle, cu as MemorySealingKeyProvider, cv as NOYDB_BACKUP_VERSION, cw as NOYDB_FORMAT_VERSION, cx as NOYDB_KEYRING_VERSION, cy as NOYDB_SYNC_VERSION, cz as Noydb, cA as NoydbBundleStore, cB as NoydbEventMap, cC as NoydbOptions, a8 as OpenPeriodOptions, aC as OutputSpec, cD as OverlayViewDescriptor, aG as OverlayedViewStrategy, aJ as OverlayedViewStrategyHandle, a9 as PERIODS_COLLECTION, cE as PUBLIC_ENVELOPE_FIELDS, cF as PaperRecoveryDoc, cG as PaperRecoveryEntry, cH as PassphrasePolicy, cI as PassphraseValidationResult, aa as PeriodRecord, cJ as Permission, cK as Permissions, cL as PersistedSchemaKind, cM as PlaintextTranslatorContext, cN as PlaintextTranslatorFn, P as PolicyEnforcer, cO as PresenceHandle, cP as PresencePeer, aR as PruneOptions, cQ as PublicEnvelopeField, cR as PublicEnvelopeSchema, cS as PublicEnvelopeText, cT as PullMode, cU as PullOptions, cV as PullPolicy, cW as PullResult, cX as PushMode, cY as PushOptions, cZ as PushPolicy, c_ as PushResult, c$ as PutManyItemOptions, d0 as PutManyOptions, d1 as PutManyResult, d2 as QueryAcrossOptions, d3 as QueryAcrossResult, d4 as QuickUnlockState, d5 as QuickUnlockStore, d6 as ReAuthOperation, aD as RecordOutputSpec, d7 as RecoverPassphraseInput, d8 as RecoverPassphraseResult, d9 as RecoverUserOptions, da as RecoveryProof, db as ResolvedPublicEnvelopeSchema, dc as RevokeOptions, aL as Role, dd as RotatePassphraseInput, de as RotateRecoveryOptions, df as RotateRecoveryResult, dg as SEALED_PASSPHRASE_RECORD_ID, dh as SealedEnvelope, di as SealedPassphrase, dj as SealingKeyProvider, dk as SessionPolicy, dl as SetPublicEnvelopeInput, dm as ShamirRecoveryDoc, dn as ShamirRecoveryEntry, dp as ShamirRecoveryProvider, U as SlotInfo, V as SlotRecord, dq as SlotRewrapCeremony, dr as SlotRewrapContext, ds as StandardSchemaV1, dt as StandardSchemaV1Issue, du as StandardSchemaV1SyncResult, dv as StoreAuth, dw as StoreAuthKind, dx as StoreCapabilities, dy as SyncEngine, dz as SyncMetadata, dA as SyncPolicy, dB as SyncScheduler, dC as SyncSchedulerStatus, dD as SyncStatus, dE as SyncTarget, dF as SyncTargetRole, dG as SyncTransaction, dH as SyncTransactionResult, dI as TierMode, dJ as TranslatorAuditEntry, as as TxCollection, at as TxContext, dK as TxOp, au as TxVault, dL as USER_ENVELOPE_COLLECTION, dM as USER_ENVELOPE_MAX_BYTES, bf as UnionSource, dN as Unsubscribe, dO as UpdateAuthenticatorOptions, dP as UpdateUserOptions, dQ as UserApi, dR as UserEnvelopeCheckGate, dS as UserEnvelopeOversizedError, dT as UserEnvelopePresented, dU as UserInfo, dV as VaultBackup, a_ as VaultEngine, ap as VaultFrame, a$ as VaultInstant, dW as VaultPolicyOnDisk, dX as VaultSchemaSnapshot, dY as VaultSnapshot, b0 as VerifyResult, W as VersionRecord, dZ as WarningRules, d_ as WeakPassphraseError, d$ as WeakPassphraseReason, e0 as WrappedDeksBlob, g as applyI18nLocale, b1 as applyPatch, e1 as assertStrongPassphrase, e2 as buildRecipientKeyringFile, e3 as burnPaperRecoveryEntry, b2 as canonicalJson, b3 as computePatch, n as createEnforcer, e4 as createNoydb, e5 as createStore, e6 as deriveMagicLinkContentKey, h as dictCollectionName, i as dictKey, b4 as diff, e7 as enrollAuthenticator, e8 as estimateEntropy, e9 as evaluateExportCapability, ea as evaluateImportCapability, eb as findAuthenticator, b5 as formatDiff, ec as hasExportCapability, ed as hasImportCapability, ee as hasRecoveryEnrolled, b6 as hashEntry, j as i18nText, k as isDictCollectionName, l as isDictKeyDescriptor, m as isI18nTextDescriptor, ef as isMagicLinkGrantExpired, eg as isPublicEnvelope, eh as issueDelegation, ei as keyringRecoverPassphrase, ej as keyringRotatePassphrase, ek as listMagicLinkGrants, el as listUsers, em as listUsersWithEnvelopes, en as loadActiveDelegations, eo as loadPaperRecoveryEntries, ep as loadSealedPassphrase, eq as loadShamirRecoveryEntries, er as magicLinkGrantRecordId, es as mintPaperRecoveryEntry, et as mintShamirRecoveryEntry, eu as mintWrappedDeksBlob, b7 as paddedIndex, b8 as parseIndex, ev as parseSealedEnvelope, ew as readMagicLinkGrantRecord, ex as recoverUser, ey as removeAuthenticator, r as resolveI18nText, ez as resolvePublicEnvelopeSchema, eA as revokeDelegation, eB as revokeMagicLinkGrant, av as runTransaction, eC as savePaperRecoveryEntries, eD as saveSealedPassphrase, eE as saveShamirRecoveryEntries, b9 as sha256Hex, eF as unwrapDeksFromBlob, eG as unwrapDeksFromPaperEntry, eH as unwrapDeksFromShamirEntry, eI as unwrapMagicLinkGrant, v as validateI18nTextValue, eJ as validatePassphrase, eK as validatePublicEnvelopeInput, eL as validateSchemaInput, eM as validateSchemaOutput, o as validateSessionPolicy, eN as writeMagicLinkGrant } from './types-C4lwMKKF.cjs';
+import { b3 as NoydbStore, bF as UserEnvelope, br as PublicEnvelope, bG as GateName, bH as GatePolicy, bI as VaultPolicy, bJ as ActiveTier, bK as FactorProof, bL as SchemaUpdateStrategy, bM as TransformFn, bN as PersistedSchemaEnvelope, bO as UpdateDecision, bP as DirectoryConfig, bQ as UserVisibility, b1 as UnlockedKeyring, bw as Vault, ba as DiffEntry } from './types-DiSXn3a4.cjs';
+export { bR as AccessibleVault, bS as AffectedDocument, b7 as AppendInput, aP as ArrayOutputSpec, z as BLOB_CHUNKS_COLLECTION, A as BLOB_COLLECTION, E as BLOB_INDEX_COLLECTION, F as BLOB_SLOTS_PREFIX, G as BLOB_VERSIONS_PREFIX, bT as BUNDLE_STORE_POLICY, M as BlobObject, N as BlobPutOptions, Q as BlobResponseOptions, T as BlobSet, bU as BuiltInGateName, bt as BundleRecipient, a9 as CONSENT_AUDIT_COLLECTION, bV as CacheOptions, bW as CacheStats, bX as ChangeEvent, b8 as ChangeType, ai as ClosePeriodOptions, aY as Collection, bY as CollectionChangeEvent, bZ as CollectionConflictResolver, b_ as CollectionDescriptor, az as CollectionFrame, b9 as CollectionInstant, b$ as CollectionStats, c0 as Conflict, c1 as ConflictPolicy, c2 as ConflictStrategy, aa as ConsentAuditEntry, ab as ConsentAuditFilter, ac as ConsentContext, ad as ConsentOp, c3 as CrossTierAccessEvent, Y as DEFAULT_CHUNK_SIZE, c4 as DEFAULT_PUBLIC_ENVELOPE_SCHEMA, c5 as DELEGATIONS_COLLECTION, D as DICT_COLLECTION_PREFIX, c6 as DeepPartial, c7 as DeepPartialOrNull, c8 as DelegationToken, c9 as DeleteManyResult, ca as DerivationDescriptor, aN as DerivationStrategy, aR as DerivationStrategyHandle, aS as DerivedFromMeta, a as DictEntry, b as DictKeyDescriptor, c as DictionaryHandle, d as DictionaryOptions, cb as DirtyEntry, cc as DryRunResult, cd as DumpSchemaOptions, ce as ELEVATION_AUDIT_COLLECTION, cf as ElevatedHandle, b5 as EncryptedEnvelope, cg as EnrollAuthenticatorOptions, ch as EnrollAuthenticatorWrappingDEKsOptions, ci as EnrollAuthenticatorWrappingKEKOptions, cj as EnrollRecoveryResult, ck as ExportCapability, cl as ExportChunk, cm as ExportFormat, cn as ExportStreamOptions, co as FactorKind, cp as FactorProofBundle, cq as FactorRequirement, cr as FenceDoc, cs as FenceState, ct as FieldChange, cu as FieldDescriptor, cv as FieldSource, cw as GhostRecord, cx as GrantOptions, at as GuardChange, au as GuardContext, as as GuardStrategy, aw as GuardStrategyHandle, cy as GuardViolation, cz as HistoryConfig, cA as HistoryEntry, b4 as HistoryOptions, e as I18nMap, f as I18nTextDescriptor, g as I18nTextOptions, cB as INDEXED_STORE_POLICY, cC as ImportCapability, cD as InferOutput, cE as InternalCollectionStats, cF as IssueDelegationOptions, cG as IssueMagicLinkGrantOptions, bb as JsonPatch, bc as JsonPatchOp, cH as KeyringAuthenticator, cI as KeyringAuthenticatorWrappingDEKs, cJ as KeyringAuthenticatorWrappingKEK, cK as KeyringFile, L as Layer, bd as LedgerEntry, be as LedgerStore, cL as ListAccessibleVaultsOptions, cM as ListPageResult, cN as ListUsersOptions, cO as LiveUserEnvelope, cP as LocaleReadOptions, cQ as Lru, cR as LruOptions, cS as LruStats, cT as MAGIC_LINK_CONTENT_INFO_PREFIX, cU as MAGIC_LINK_GRANTS_COLLECTION, cV as MAGIC_LINK_KEK_INFO_PREFIX, cW as MagicLinkGrantPayload, cX as MagicLinkGrantRecord, bC as MaterializedFromMeta, cY as MaterializedViewDescriptor, bD as MaterializedViewOutput, aV as MaterializedViewStrategy, aW as MaterializedViewStrategyHandle, cZ as MemoryRecipientSealer, c_ as MemorySealingKeyProvider, c$ as NOYDB_BACKUP_VERSION, d0 as NOYDB_FORMAT_VERSION, d1 as NOYDB_KEYRING_VERSION, d2 as NOYDB_SYNC_VERSION, d3 as Noydb, aB as NoydbBundleStore, d4 as NoydbEventMap, d5 as NoydbOptions, O as OnMissing, h as OnMissingPolicy, aj as OpenPeriodOptions, aT as OutputSpec, d6 as OverlayViewDescriptor, aX as OverlayedViewStrategy, a_ as OverlayedViewStrategyHandle, ak as PERIODS_COLLECTION, d7 as PUBLIC_ENVELOPE_FIELDS, d8 as PaperRecoveryDoc, d9 as PaperRecoveryEntry, da as PassphrasePolicy, db as PassphraseValidationResult, al as PeriodRecord, dc as Permission, dd as Permissions, de as PersistedSchemaKind, df as PlaintextTranslatorContext, dg as PlaintextTranslatorFn, P as PolicyEnforcer, dh as PresenceHandle, di as PresencePeer, b6 as PruneOptions, dj as PublicEnvelopeField, dk as PublicEnvelopeSchema, dl as PublicEnvelopeText, dm as PullMode, dn as PullOptions, dp as PullPolicy, dq as PullResult, dr as PushMode, ds as PushOptions, dt as PushPolicy, du as PushResult, dv as PutManyItemOptions, dw as PutManyOptions, dx as PutManyResult, dy as QueryAcrossOptions, dz as QueryAcrossResult, dA as QuickUnlockState, dB as QuickUnlockStore, dC as ReAuthOperation, bv as RecipientHint, bu as RecipientSealer, aU as RecordOutputSpec, dD as RecoverPassphraseInput, dE as RecoverPassphraseResult, dF as RecoverUserOptions, dG as RecoveryProof, R as ResolveI18nOptions, dH as ResolvedPublicEnvelopeSchema, aC as RetentionPolicy, dI as RevokeOptions, b0 as Role, dJ as RotatePassphraseInput, dK as RotateRecoveryOptions, dL as RotateRecoveryResult, dM as SEALED_PASSPHRASE_RECORD_ID, dN as SchemaDelta, dO as SchemaIntrospection, S as ScriptWarning, dP as SealedEnvelope, dQ as SealedPassphrase, bs as SealingKeyProvider, dR as SessionPolicy, dS as SetPublicEnvelopeInput, dT as ShamirRecoveryDoc, dU as ShamirRecoveryEntry, by as ShamirRecoveryProvider, a3 as SlotInfo, a4 as SlotRecord, dV as SlotRewrapCeremony, dW as SlotRewrapContext, aF as SnapshotMeta, dX as StandardSchemaV1, dY as StandardSchemaV1Issue, dZ as StandardSchemaV1SyncResult, d_ as StoreAuth, d$ as StoreAuthKind, e0 as StoreCapabilities, e1 as SyncEngine, e2 as SyncMetadata, e3 as SyncPolicy, e4 as SyncScheduler, e5 as SyncSchedulerStatus, e6 as SyncStatus, e7 as SyncTarget, e8 as SyncTargetRole, e9 as SyncTransaction, ea as SyncTransactionResult, eb as TabChannel, ec as TabCoordinationOptions, ed as TabLockManager, ee as TabPresence, ef as TabRole, eg as TierMode, eh as TranslatorAuditEntry, aJ as TxCollection, aK as TxContext, ei as TxOp, aL as TxVault, ej as USER_ENVELOPE_COLLECTION, ek as USER_ENVELOPE_MAX_BYTES, bE as UnionSource, el as Unsubscribe, em as UpdateAuthenticatorOptions, en as UpdateContext, eo as UpdateUserOptions, ep as UserApi, eq as UserEnvelopeCheckGate, er as UserEnvelopeOversizedError, es as UserEnvelopePresented, et as UserInfo, eu as VaultBackup, bf as VaultEngine, aA as VaultFrame, bg as VaultInstant, ev as VaultPolicyOnDisk, ew as VaultSchemaSnapshot, ex as VaultSnapshot, bh as VerifyResult, a5 as VersionRecord, ey as WarningRules, ez as WeakPassphraseError, eA as WeakPassphraseReason, eB as WrappedDeksBlob, eC as WriteConflict, eD as WriteEvent, eE as WriteHook, eF as WriteQueue, i as applyI18nLocale, bi as applyPatch, eG as assertStrongPassphrase, eH as buildRecipientKeyringFile, eI as burnPaperRecoveryEntry, bj as canonicalJson, bk as computePatch, x as createEnforcer, eJ as createNoydb, eK as createStore, eL as deriveMagicLinkContentKey, j as dictCollectionName, k as dictKey, bl as diff, l as enforceScript, eM as enrollAuthenticator, eN as estimateEntropy, eO as evaluateExportCapability, eP as evaluateImportCapability, eQ as findAuthenticator, bm as formatDiff, eR as hasExportCapability, eS as hasImportCapability, eT as hasRecoveryEnrolled, bn as hashEntry, n as i18nText, o as inferScripts, p as isDictCollectionName, q as isDictKeyDescriptor, r as isI18nTextDescriptor, eU as isMagicLinkGrantExpired, eV as isPublicEnvelope, eW as issueDelegation, eX as keyringRecoverPassphrase, eY as keyringRotatePassphrase, eZ as listMagicLinkGrants, e_ as listUsers, e$ as listUsersWithEnvelopes, f0 as loadActiveDelegations, f1 as loadPaperRecoveryEntries, f2 as loadSealedPassphrase, f3 as loadShamirRecoveryEntries, f4 as magicLinkGrantRecordId, f5 as mintPaperRecoveryEntry, f6 as mintShamirRecoveryEntry, f7 as mintWrappedDeksBlob, bo as paddedIndex, bp as parseIndex, f8 as parseSealedEnvelope, f9 as readMagicLinkGrantRecord, fa as recoverUser, fb as removeAuthenticator, s as resolveI18nText, t as resolvePolicy, fc as resolvePublicEnvelopeSchema, fd as revokeDelegation, fe as revokeMagicLinkGrant, aM as runTransaction, ff as savePaperRecoveryEntries, fg as saveSealedPassphrase, fh as saveShamirRecoveryEntries, bq as sha256Hex, fi as unwrapDeksFromBlob, fj as unwrapDeksFromPaperEntry, fk as unwrapDeksFromShamirEntry, fl as unwrapMagicLinkGrant, v as validateI18nTextValue, fm as validatePassphrase, fn as validatePublicEnvelopeInput, fo as validateSchemaInput, fp as validateSchemaOutput, y as validateSessionPolicy, fq as writeMagicLinkGrant } from './types-DiSXn3a4.cjs';
 export { d as detectMagic, a as detectMimeType, i as isPreCompressed } from './mime-magic-CBBSOkjm.cjs';
 export { AgeRoute, BlobLifecyclePolicy, BlobStoreRoute, CircuitBreakerOptions, HealthCheckOptions, LogLevel, LoggingOptions, MetricsOptions, OverrideOptions, OverrideTarget, RetryOptions, RouteStatus, RouteStoreOptions, RoutedNoydbStore, StoreCacheOptions, StoreMiddleware, StoreOperation, SuspendOptions, WrapBundleStoreOptions, WrappedBundleNoydbStore, createBundleStore, routeStore, withCache, withCircuitBreaker, withHealthCheck, withLogging, withMetrics, withRetry, wrapBundleStore, wrapStore } from './store/index.cjs';
-import { N as NoydbError } from './index-CmVgTkqk.cjs';
-export { q as AlreadyElevatedError, A as AmendmentForbiddenError, B as BackupCorruptedError, r as BackupLedgerError, s as BundleIntegrityError, t as BundleSealMismatchError, u as BundleVersionConflictError, C as ConflictError, v as DEFAULT_JOIN_MAX_ROWS, w as DanglingReferenceError, x as DecryptionError, y as DelegationTargetMissingError, e as DerivationCapExceededError, f as DerivationCycleError, g as DerivationDepthError, h as DerivationOutputShapeError, i as DerivationOutputUnknownError, D as DictKeyInUseError, a as DictKeyMissingError, z as DirectoryDisabledError, E as ElevationExpiredError, G as ExportCapabilityError, F as FieldFrozenError, H as FilenameSanitizationError, J as GroupCardinalityError, K as ImportCapabilityError, P as IndexRequiredError, U as IndexWriteFailureError, V as InvalidKeyError, I as InvariantError, W as JoinContext, X as JoinLeg, Y as JoinStrategy, Z as JoinTooLargeError, _ as JoinableSource, $ as KeyringCorruptError, a0 as KeyringExpiredError, a1 as LedgerContentionError, a2 as LiveQuery, a3 as LiveUpstream, L as LocaleNotSpecifiedError, m as MaterializedViewConfigError, n as MaterializedViewCycleError, o as MaterializedViewSourceUnknownError, p as MaterializedViewTooLargeError, M as MissingTranslationError, a4 as NetworkError, a5 as NoAccessError, a6 as NotFoundError, a7 as OrderBy, O as OverlayBaseIsVirtualError, j as OverlayCollectionUnavailableError, k as OverlayIdMismatchError, l as OverlayNameCollisionError, a8 as PathEscapeError, a9 as PeriodClosedError, aa as PermissionDeniedError, ab as PrivilegeEscalationError, Q as Query, ac as QueryPlan, ad as QuerySource, ae as ReadOnlyAtInstantError, af as ReadOnlyError, ag as ReadOnlyFrameError, d as RecordLockedError, ah as RefDescriptor, ai as RefIntegrityError, aj as RefMode, ak as RefRegistry, al as RefScopeError, am as RefViolation, R as ReservedCollectionNameError, an as ScanBuilder, ao as ScanPageProvider, ap as SchemaValidationError, S as SessionExpiredError, b as SessionNotFoundError, c as SessionPolicyError, aq as StoreCapabilityError, ar as TamperedError, as as TierDemoteDeniedError, at as TierNotGrantedError, T as TranslatorNotConfiguredError, au as ValidationError, av as applyJoins, aw as buildLiveQuery, ax as executePlan, ay as ref, az as resetJoinWarnings } from './index-CmVgTkqk.cjs';
-export { A as AutoCredential, a as AutoCredentialKind, C as CompressionAlgo, N as NOYDB_BUNDLE_FORMAT_VERSION, b as NOYDB_BUNDLE_MAGIC, c as NOYDB_BUNDLE_PREFIX_BYTES, d as NoydbBundleHeader, e as NoydbBundleReadResult, R as ReadNoydbBundleOptions, W as WriteNoydbBundleOptions, g as generateULID, h as hasNoydbBundleMagic, i as isULID, r as readNoydbBundle, f as readNoydbBundleHeader, j as readNoydbBundlePublicEnvelope, k as resetBrotliSupportCache, w as writeNoydbBundle } from './index-hdFvZkBP.cjs';
+import { N as NoydbError } from './index-B8bjExET.cjs';
+export { z as AlreadyElevatedError, A as AmendmentForbiddenError, o as AttestationError, B as BackupCorruptedError, q as BackupLedgerError, r as BundleIntegrityError, s as BundleSealMismatchError, t as BundleVersionConflictError, C as ConflictError, E as CrossJoinSourceUnknownError, G as CrossJoinTooLargeError, H as DEFAULT_CROSS_JOIN_MAX_ROWS, J as DEFAULT_JOIN_MAX_ROWS, K as DanglingReferenceError, U as DecryptionError, V as DelegationTargetMissingError, g as DerivationCapExceededError, h as DerivationCycleError, i as DerivationDepthError, j as DerivationOutputShapeError, k as DerivationOutputUnknownError, D as DictKeyInUseError, a as DictKeyMissingError, W as DirectoryDisabledError, X as ElevationExpiredError, Y as ExportCapabilityError, F as FieldFrozenError, Z as FilenameSanitizationError, _ as GroupCardinalityError, $ as ImportCapabilityError, a0 as IndexRequiredError, a1 as IndexWriteFailureError, a2 as InvalidKeyError, I as InvariantError, a3 as JoinContext, a4 as JoinLeg, a5 as JoinStrategy, a6 as JoinTooLargeError, a7 as JoinableSource, a8 as KeyringCorruptError, a9 as KeyringExpiredError, aa as LedgerContentionError, ab as LiveQuery, ac as LiveUpstream, L as LocaleNotSpecifiedError, v as MaterializedViewConfigError, w as MaterializedViewCycleError, x as MaterializedViewSourceUnknownError, y as MaterializedViewTooLargeError, ad as MigrationRequiredError, M as MissingTranslationError, ae as NetworkError, af as NoAccessError, ag as NonAdditiveSchemaChangeError, ah as NotFoundError, ai as OrderBy, O as OverlayBaseIsVirtualError, l as OverlayCollectionUnavailableError, m as OverlayIdMismatchError, n as OverlayNameCollisionError, aj as PathEscapeError, ak as PeriodClosedError, al as PermissionDeniedError, am as PrivilegeEscalationError, Q as Query, an as QueryPlan, ao as QuerySource, ap as QuiesceTimeoutError, aq as ReadOnlyAtInstantError, ar as ReadOnlyError, as as ReadOnlyFrameError, e as RecordLockedError, at as RefDescriptor, au as RefIntegrityError, av as RefMode, aw as RefRegistry, ax as RefScopeError, ay as RefViolation, R as ReservedCollectionNameError, az as ScanBuilder, aA as ScanPageProvider, aB as SchemaFenceError, aC as SchemaLockedError, aD as SchemaUpdateError, aE as SchemaValidationError, S as ScriptViolationError, b as SessionExpiredError, c as SessionNotFoundError, d as SessionPolicyError, f as SnapshotNotFoundError, aF as StoreCapabilityError, aG as TamperedError, aH as TierDemoteDeniedError, aI as TierNotGrantedError, T as TranslatorNotConfiguredError, aJ as UniqueConstraintError, aK as UnsupportedIndexOptionError, aL as ValidationError, aM as applyJoins, aN as buildLiveQuery, aO as executePlan, aP as ref, aQ as resetJoinWarnings } from './index-B8bjExET.cjs';
+export { A as AutoCredential, n as AutoCredentialKind, c as CompressionAlgo, N as NOYDB_BUNDLE_FORMAT_VERSION, e as NOYDB_BUNDLE_MAGIC, f as NOYDB_BUNDLE_PREFIX_BYTES, g as NoydbBundleHeader, h as NoydbBundleReadResult, R as ReadNoydbBundleOptions, W as WriteNoydbBundleOptions, j as generateULID, o as hasNoydbBundleMagic, k as isULID, r as readNoydbBundle, l as readNoydbBundleHeader, p as readNoydbBundlePublicEnvelope, m as resetBrotliSupportCache, w as writeNoydbBundle } from './ulid-DQ1hcJvZ.cjs';
 export { a as CrdtMode, b as CrdtState, L as LwwMapState, R as RgaState, Y as YjsState, m as mergeCrdtStates, r as resolveCrdtSnapshot } from './strategy-BSxFXGzb.cjs';
-export { w as withGuard } from './with-guard-jI1x9Z3k.cjs';
-export { w as withDerivation } from './with-derivation-C8LDlV7t.cjs';
-export { w as withMaterializedView } from './with-materialized-view-DcTx4H3j.cjs';
-export { a as Clause, C as CollectionIndexes, F as FieldClause, b as FilterClause, G as GroupClause, H as HashIndex, I as IndexDef, O as Operator, e as evaluateClause, c as evaluateFieldClause, r as readPath } from './predicate-Dnu81tsS.cjs';
-export { w as withOverlayedView } from './with-overlayed-view-D-6oWAgM.cjs';
+export { w as withGuard } from './with-guard-Dx2zZnTA.cjs';
+export { w as withDerivation } from './with-derivation-CVT7-dUt.cjs';
+export { w as withMaterializedView } from './with-materialized-view-BTTU3BNK.cjs';
+export { a as Clause, C as CollectionIndexes, F as FieldClause, b as FilterClause, G as GroupClause, H as HashIndex, I as IndexDef, O as Operator, e as evaluateClause, c as evaluateFieldClause, r as readPath } from './predicate-Bt5ft-9c.cjs';
+export { w as withOverlayedView } from './with-overlayed-view-DcacRRsS.cjs';
 export { SYNC_CREDENTIALS_COLLECTION, SyncCredential, credentialStatus, deleteCredential, getCredential, listCredentials, putCredential } from './team/index.cjs';
-export { C as CreateSessionOptions, a as CreateSessionResult, D as DevUnlockOptions, S as SessionToken, b as activeSessionCount, c as clearDevUnlock, d as createSession, e as enableDevUnlock, i as isDevUnlockActive, f as isSessionAlive, l as loadDevUnlock, r as resolveSession, g as revokeAllSessions, h as revokeSession } from './dev-unlock-DRwVSy2S.cjs';
-export { a as AggregateResult, b as AggregateSpec, c as Aggregation, d as AggregationUpstream, G as GROUPBY_MAX_CARDINALITY, e as GROUPBY_WARN_CARDINALITY, f as GroupedAggregation, g as GroupedQuery, h as GroupedQueryN, i as GroupedRow, j as GroupedRowN, L as LiveAggregation, R as Reducer, k as ReducerOptions, l as avg, n as count, o as groupAndReduce, p as max, q as min, r as reduceRecords, t as sum } from './strategy-DSTrsZ8t.cjs';
-export { L as LEDGER_COLLECTION, a as LEDGER_DELTAS_COLLECTION, e as envelopePayloadHash } from './hash-DtRih9MQ.cjs';
-import './lazy-builder-C-rPfWG0.cjs';
+export { C as CreateSessionOptions, a as CreateSessionResult, D as DevUnlockOptions, S as SessionToken, b as activeSessionCount, c as clearDevUnlock, d as createSession, e as enableDevUnlock, i as isDevUnlockActive, f as isSessionAlive, l as loadDevUnlock, r as resolveSession, g as revokeAllSessions, h as revokeSession } from './dev-unlock-H1Xwxc3U.cjs';
+export { i as isDiscriminant } from './discriminant-BN9REW3o.cjs';
+export { a as AggregateResult, b as AggregateSpec, c as Aggregation, d as AggregationUpstream, G as GROUPBY_MAX_CARDINALITY, e as GROUPBY_WARN_CARDINALITY, f as GroupedAggregation, g as GroupedQuery, h as GroupedQueryN, i as GroupedRow, j as GroupedRowN, L as LiveAggregation, R as Reducer, k as ReducerOptions, l as avg, n as count, o as groupAndReduce, p as max, q as min, r as reduceRecords, t as sum } from './strategy-CT2LCKAX.cjs';
+export { L as LEDGER_COLLECTION, a as LEDGER_DELTAS_COLLECTION, e as envelopePayloadHash } from './hash-_sDFvtmX.cjs';
+import './lazy-builder-Ci5_YG73.cjs';
+import '@noy-db/attestation';
 
 /**
  * Persistence helpers for per-principal user envelopes stored at
@@ -161,15 +163,14 @@ declare class PolicyDeniedError extends NoydbError {
  * MUST have at least one recovery path enrolled before being
  * production-ready (paper, shamir, multi-channel, or admin-mediated).
  *
- * The error references issue #10 in its message so a developer hitting
- * it gets a one-line pointer to the design.
+ * The error message carries a pointer to the recovery design docs.
  */
 declare class RecoveryNotEnrolledError extends NoydbError {
     constructor(message?: string);
 }
 /**
  * Raised by `openVault` when a managed-passphrase-mode vault has no
- * STRONG recovery profile enrolled (#195).
+ * STRONG recovery profile enrolled.
  *
  * Managed mode means the user never types a passphrase — the unlock
  * material lives in a `SealingKeyProvider` (`at-*` package). If that
@@ -195,9 +196,8 @@ declare class ManagedRecoveryNotEnrolledError extends NoydbError {
  * `db.rotateRecovery` when the developer requests a recovery profile
  * not yet wired in this hub release.
  *
- * Implemented: `paper` (#10, pre.5) and `shamir` (#196 slice 1, pre.16).
- * Pending: `multi-channel` and `admin-mediated` (tracked under #196
- * follow-up slices).
+ * Implemented: `paper` and `shamir`.
+ * Pending: `multi-channel` and `admin-mediated` (follow-up slices).
  *
  * The carried `profile` and `tracking` fields let consumers steer the
  * UI ("multi-channel recovery is not yet wired up — open issue #N to follow").
@@ -338,6 +338,24 @@ declare function loadVaultPolicy(store: NoydbStore, vault: string): Promise<Vaul
  */
 declare function saveVaultPolicy(store: NoydbStore, vault: string, policy: VaultPolicy): Promise<void>;
 
+/** Allow any schema change. Explicit blind / back-compat. */
+declare function blindUpdate(): SchemaUpdateStrategy;
+/** Allow additive changes; reject non-additive ones. The safety backstop. */
+declare function additiveOnly(): SchemaUpdateStrategy;
+/**
+ * Reject schema changes. With `fields`, reject only when one of those
+ * fields is added/removed/changed; otherwise reject any non-`none` delta.
+ */
+declare function lockSchema(opts?: {
+    readonly fields?: readonly string[];
+}): SchemaUpdateStrategy;
+
+/** The coordinatedCutover update strategy (single-step — no from/to). */
+
+declare function coordinatedCutover(opts: {
+    readonly transform: TransformFn;
+}): SchemaUpdateStrategy;
+
 /**
  * Derive a {@link PersistedSchemaEnvelope} from a Standard Schema v1
  * validator. v0 supports Zod via `zod-to-json-schema` (optional peer-dep);
@@ -412,6 +430,8 @@ interface PersistSchemaResult {
     readonly skipped: boolean;
     /** The envelope that was either written or matched. */
     readonly envelope: PersistedSchemaEnvelope;
+    /** The update-strategy decision, present when strategies ran. */
+    readonly decision?: UpdateDecision;
 }
 declare function persistSchemaIfNeeded(opts: {
     readonly store: NoydbStore;
@@ -419,10 +439,11 @@ declare function persistSchemaIfNeeded(opts: {
     readonly collectionName: string;
     readonly validator: unknown;
     readonly dek: CryptoKey;
+    readonly strategies?: readonly SchemaUpdateStrategy[];
 }): Promise<PersistSchemaResult>;
 
 /**
- * Authentication introspection — issue #13.
+ * Authentication introspection.
  *
  * Three surfaces over the configured tier model and the actual
  * per-user enrollment state:
@@ -753,4 +774,4 @@ type DiffCandidate<T = unknown> = Vault | Record<string, readonly T[]> | string;
  */
 declare function diffVault<T = unknown>(vault: Vault, candidate: DiffCandidate<T>, options?: DiffOptions): Promise<VaultDiff<T>>;
 
-export { ActiveTier, type CheckGateContext, DEFAULT_FRESHNESS_MS, DIRECTORY_RECORD_ID, type DiffCandidate, DiffEntry, type DiffOptions, DirectoryConfig, FactorProof, GateName, GatePolicy, META_COLLECTION, ManagedRecoveryNotEnrolledError, NoydbError, NoydbStore, PERSONAL_POLICY, POLICY_RECORD_ID, PUBLIC_ENVELOPE_RECORD_ID, type PersistSchemaResult, PersistedSchemaEnvelope, PolicyDeniedError, type PolicyDenyReason, PublicEnvelope, RecoveryNotEnrolledError, RecoveryProfileNotImplementedError, SCHEMAS_COLLECTION, STRICT_POLICY, UnlockedKeyring, UserEnvelope, UserVisibility, VISIBILITY_RECORD_PREFIX, Vault, type VaultDiff, type VaultDiffEntry, type VaultDiffModifiedEntry, VaultPolicy, assertTierAccess, base64ToBuffer, bufferToBase64, checkGate, decryptBytes, decryptDeterministic, dekKey, deleteUserEnvelope, deleteUserVisibility, derivePersistedSchema, derivePresenceKey, describeAllUsersAuth, describeAuthConfig, describeGate, describeUserAuth, diagramAuthConfig, diffVault, effectiveClearance, encryptBytes, encryptDeterministic, estimateRecordBytes, isZodSchema, listUserEnvelopeIds, loadPersistedSchema, loadPublicEnvelope, loadUserEnvelope, loadVaultPolicy, mergePolicy, parseBytes, persistDirectoryConfig, persistSchemaIfNeeded, persistUserVisibility, readDirectoryConfig, readPublicEnvelope, readUserVisibility, savePersistedSchema, savePublicEnvelope, saveUserEnvelope, saveVaultPolicy, visibilityRecordId };
+export { ActiveTier, type CheckGateContext, DEFAULT_FRESHNESS_MS, DIRECTORY_RECORD_ID, type DiffCandidate, DiffEntry, type DiffOptions, DirectoryConfig, FactorProof, GateName, GatePolicy, META_COLLECTION, ManagedRecoveryNotEnrolledError, NoydbError, NoydbStore, PERSONAL_POLICY, POLICY_RECORD_ID, PUBLIC_ENVELOPE_RECORD_ID, type PersistSchemaResult, PersistedSchemaEnvelope, PolicyDeniedError, type PolicyDenyReason, PublicEnvelope, RecoveryNotEnrolledError, RecoveryProfileNotImplementedError, SCHEMAS_COLLECTION, STRICT_POLICY, SchemaUpdateStrategy, UnlockedKeyring, UpdateDecision, UserEnvelope, UserVisibility, VISIBILITY_RECORD_PREFIX, Vault, type VaultDiff, type VaultDiffEntry, type VaultDiffModifiedEntry, VaultPolicy, additiveOnly, assertTierAccess, base64ToBuffer, blindUpdate, bufferToBase64, checkGate, coordinatedCutover, decryptBytes, decryptDeterministic, dekKey, deleteUserEnvelope, deleteUserVisibility, derivePersistedSchema, derivePresenceKey, describeAllUsersAuth, describeAuthConfig, describeGate, describeUserAuth, diagramAuthConfig, diffVault, effectiveClearance, encryptBytes, encryptDeterministic, estimateRecordBytes, isZodSchema, listUserEnvelopeIds, loadPersistedSchema, loadPublicEnvelope, loadUserEnvelope, loadVaultPolicy, lockSchema, mergePolicy, parseBytes, persistDirectoryConfig, persistSchemaIfNeeded, persistUserVisibility, readDirectoryConfig, readPublicEnvelope, readUserVisibility, savePersistedSchema, savePublicEnvelope, saveUserEnvelope, saveVaultPolicy, visibilityRecordId };

package/dist/index.d.ts

@@ -1,21 +1,23 @@
-import { aO as NoydbStore, bg as UserEnvelope, bh as PublicEnvelope, bi as GateName, bj as GatePolicy, bk as VaultPolicy, bl as ActiveTier, bm as FactorProof, bn as PersistedSchemaEnvelope, bo as DirectoryConfig, bp as UserVisibility, aM as UnlockedKeyring, bq as Vault, aV as DiffEntry } from './types-DW9RGSSs.js';
-export { br as AccessibleVault, aS as AppendInput, ay as ArrayOutputSpec, p as BLOB_CHUNKS_COLLECTION, q as BLOB_COLLECTION, t as BLOB_INDEX_COLLECTION, u as BLOB_SLOTS_PREFIX, w as BLOB_VERSIONS_PREFIX, bs as BUNDLE_STORE_POLICY, A as BlobObject, C as BlobPutOptions, E as BlobResponseOptions, F as BlobSet, bt as BuiltInGateName, bu as BundleRecipient, _ as CONSENT_AUDIT_COLLECTION, bv as CacheOptions, bw as CacheStats, bx as ChangeEvent, aT as ChangeType, a7 as ClosePeriodOptions, aH as Collection, by as CollectionChangeEvent, bz as CollectionConflictResolver, bA as CollectionDescriptor, ao as CollectionFrame, aU as CollectionInstant, bB as CollectionStats, bC as Conflict, bD as ConflictPolicy, bE as ConflictStrategy, $ as ConsentAuditEntry, a0 as ConsentAuditFilter, a1 as ConsentContext, a2 as ConsentOp, bF as CrossTierAccessEvent, L as DEFAULT_CHUNK_SIZE, bG as DEFAULT_PUBLIC_ENVELOPE_SCHEMA, bH as DELEGATIONS_COLLECTION, D as DICT_COLLECTION_PREFIX, bI as DeepPartial, bJ as DeepPartialOrNull, bK as DelegationToken, bL as DeleteManyResult, bM as DerivationDescriptor, aw as DerivationStrategy, aA as DerivationStrategyHandle, aB as DerivedFromMeta, a as DictEntry, b as DictKeyDescriptor, c as DictionaryHandle, d as DictionaryOptions, bN as DirtyEntry, bO as DumpSchemaOptions, bP as ELEVATION_AUDIT_COLLECTION, bQ as ElevatedHandle, aQ as EncryptedEnvelope, bR as EnrollAuthenticatorOptions, bS as EnrollAuthenticatorWrappingDEKsOptions, bT as EnrollAuthenticatorWrappingKEKOptions, bU as EnrollRecoveryResult, bV as ExportCapability, bW as ExportChunk, bX as ExportFormat, bY as ExportStreamOptions, bZ as FactorKind, b_ as FactorProofBundle, b$ as FactorRequirement, c0 as FieldDescriptor, c1 as FieldSource, c2 as GhostRecord, c3 as GrantOptions, ai as GuardChange, aj as GuardContext, ah as GuardStrategy, al as GuardStrategyHandle, c4 as HistoryConfig, c5 as HistoryEntry, aP as HistoryOptions, e as I18nTextDescriptor, f as I18nTextOptions, c6 as INDEXED_STORE_POLICY, c7 as ImportCapability, c8 as InferOutput, c9 as InternalCollectionStats, ca as IssueDelegationOptions, cb as IssueMagicLinkGrantOptions, aW as JsonPatch, aX as JsonPatchOp, cc as KeyringAuthenticator, cd as KeyringAuthenticatorWrappingDEKs, ce as KeyringAuthenticatorWrappingKEK, cf as KeyringFile, aY as LedgerEntry, aZ as LedgerStore, cg as ListAccessibleVaultsOptions, ch as ListPageResult, ci as ListUsersOptions, cj as LiveUserEnvelope, ck as LocaleReadOptions, cl as Lru, cm as LruOptions, cn as LruStats, co as MAGIC_LINK_CONTENT_INFO_PREFIX, cp as MAGIC_LINK_GRANTS_COLLECTION, cq as MAGIC_LINK_KEK_INFO_PREFIX, cr as MagicLinkGrantPayload, cs as MagicLinkGrantRecord, bd as MaterializedFromMeta, ct as MaterializedViewDescriptor, be as MaterializedViewOutput, aE as MaterializedViewStrategy, aF as MaterializedViewStrategyHandle, cu as MemorySealingKeyProvider, cv as NOYDB_BACKUP_VERSION, cw as NOYDB_FORMAT_VERSION, cx as NOYDB_KEYRING_VERSION, cy as NOYDB_SYNC_VERSION, cz as Noydb, cA as NoydbBundleStore, cB as NoydbEventMap, cC as NoydbOptions, a8 as OpenPeriodOptions, aC as OutputSpec, cD as OverlayViewDescriptor, aG as OverlayedViewStrategy, aJ as OverlayedViewStrategyHandle, a9 as PERIODS_COLLECTION, cE as PUBLIC_ENVELOPE_FIELDS, cF as PaperRecoveryDoc, cG as PaperRecoveryEntry, cH as PassphrasePolicy, cI as PassphraseValidationResult, aa as PeriodRecord, cJ as Permission, cK as Permissions, cL as PersistedSchemaKind, cM as PlaintextTranslatorContext, cN as PlaintextTranslatorFn, P as PolicyEnforcer, cO as PresenceHandle, cP as PresencePeer, aR as PruneOptions, cQ as PublicEnvelopeField, cR as PublicEnvelopeSchema, cS as PublicEnvelopeText, cT as PullMode, cU as PullOptions, cV as PullPolicy, cW as PullResult, cX as PushMode, cY as PushOptions, cZ as PushPolicy, c_ as PushResult, c$ as PutManyItemOptions, d0 as PutManyOptions, d1 as PutManyResult, d2 as QueryAcrossOptions, d3 as QueryAcrossResult, d4 as QuickUnlockState, d5 as QuickUnlockStore, d6 as ReAuthOperation, aD as RecordOutputSpec, d7 as RecoverPassphraseInput, d8 as RecoverPassphraseResult, d9 as RecoverUserOptions, da as RecoveryProof, db as ResolvedPublicEnvelopeSchema, dc as RevokeOptions, aL as Role, dd as RotatePassphraseInput, de as RotateRecoveryOptions, df as RotateRecoveryResult, dg as SEALED_PASSPHRASE_RECORD_ID, dh as SealedEnvelope, di as SealedPassphrase, dj as SealingKeyProvider, dk as SessionPolicy, dl as SetPublicEnvelopeInput, dm as ShamirRecoveryDoc, dn as ShamirRecoveryEntry, dp as ShamirRecoveryProvider, U as SlotInfo, V as SlotRecord, dq as SlotRewrapCeremony, dr as SlotRewrapContext, ds as StandardSchemaV1, dt as StandardSchemaV1Issue, du as StandardSchemaV1SyncResult, dv as StoreAuth, dw as StoreAuthKind, dx as StoreCapabilities, dy as SyncEngine, dz as SyncMetadata, dA as SyncPolicy, dB as SyncScheduler, dC as SyncSchedulerStatus, dD as SyncStatus, dE as SyncTarget, dF as SyncTargetRole, dG as SyncTransaction, dH as SyncTransactionResult, dI as TierMode, dJ as TranslatorAuditEntry, as as TxCollection, at as TxContext, dK as TxOp, au as TxVault, dL as USER_ENVELOPE_COLLECTION, dM as USER_ENVELOPE_MAX_BYTES, bf as UnionSource, dN as Unsubscribe, dO as UpdateAuthenticatorOptions, dP as UpdateUserOptions, dQ as UserApi, dR as UserEnvelopeCheckGate, dS as UserEnvelopeOversizedError, dT as UserEnvelopePresented, dU as UserInfo, dV as VaultBackup, a_ as VaultEngine, ap as VaultFrame, a$ as VaultInstant, dW as VaultPolicyOnDisk, dX as VaultSchemaSnapshot, dY as VaultSnapshot, b0 as VerifyResult, W as VersionRecord, dZ as WarningRules, d_ as WeakPassphraseError, d$ as WeakPassphraseReason, e0 as WrappedDeksBlob, g as applyI18nLocale, b1 as applyPatch, e1 as assertStrongPassphrase, e2 as buildRecipientKeyringFile, e3 as burnPaperRecoveryEntry, b2 as canonicalJson, b3 as computePatch, n as createEnforcer, e4 as createNoydb, e5 as createStore, e6 as deriveMagicLinkContentKey, h as dictCollectionName, i as dictKey, b4 as diff, e7 as enrollAuthenticator, e8 as estimateEntropy, e9 as evaluateExportCapability, ea as evaluateImportCapability, eb as findAuthenticator, b5 as formatDiff, ec as hasExportCapability, ed as hasImportCapability, ee as hasRecoveryEnrolled, b6 as hashEntry, j as i18nText, k as isDictCollectionName, l as isDictKeyDescriptor, m as isI18nTextDescriptor, ef as isMagicLinkGrantExpired, eg as isPublicEnvelope, eh as issueDelegation, ei as keyringRecoverPassphrase, ej as keyringRotatePassphrase, ek as listMagicLinkGrants, el as listUsers, em as listUsersWithEnvelopes, en as loadActiveDelegations, eo as loadPaperRecoveryEntries, ep as loadSealedPassphrase, eq as loadShamirRecoveryEntries, er as magicLinkGrantRecordId, es as mintPaperRecoveryEntry, et as mintShamirRecoveryEntry, eu as mintWrappedDeksBlob, b7 as paddedIndex, b8 as parseIndex, ev as parseSealedEnvelope, ew as readMagicLinkGrantRecord, ex as recoverUser, ey as removeAuthenticator, r as resolveI18nText, ez as resolvePublicEnvelopeSchema, eA as revokeDelegation, eB as revokeMagicLinkGrant, av as runTransaction, eC as savePaperRecoveryEntries, eD as saveSealedPassphrase, eE as saveShamirRecoveryEntries, b9 as sha256Hex, eF as unwrapDeksFromBlob, eG as unwrapDeksFromPaperEntry, eH as unwrapDeksFromShamirEntry, eI as unwrapMagicLinkGrant, v as validateI18nTextValue, eJ as validatePassphrase, eK as validatePublicEnvelopeInput, eL as validateSchemaInput, eM as validateSchemaOutput, o as validateSessionPolicy, eN as writeMagicLinkGrant } from './types-DW9RGSSs.js';
+import { b3 as NoydbStore, bF as UserEnvelope, br as PublicEnvelope, bG as GateName, bH as GatePolicy, bI as VaultPolicy, bJ as ActiveTier, bK as FactorProof, bL as SchemaUpdateStrategy, bM as TransformFn, bN as PersistedSchemaEnvelope, bO as UpdateDecision, bP as DirectoryConfig, bQ as UserVisibility, b1 as UnlockedKeyring, bw as Vault, ba as DiffEntry } from './types-CD8mc8zR.js';
+export { bR as AccessibleVault, bS as AffectedDocument, b7 as AppendInput, aP as ArrayOutputSpec, z as BLOB_CHUNKS_COLLECTION, A as BLOB_COLLECTION, E as BLOB_INDEX_COLLECTION, F as BLOB_SLOTS_PREFIX, G as BLOB_VERSIONS_PREFIX, bT as BUNDLE_STORE_POLICY, M as BlobObject, N as BlobPutOptions, Q as BlobResponseOptions, T as BlobSet, bU as BuiltInGateName, bt as BundleRecipient, a9 as CONSENT_AUDIT_COLLECTION, bV as CacheOptions, bW as CacheStats, bX as ChangeEvent, b8 as ChangeType, ai as ClosePeriodOptions, aY as Collection, bY as CollectionChangeEvent, bZ as CollectionConflictResolver, b_ as CollectionDescriptor, az as CollectionFrame, b9 as CollectionInstant, b$ as CollectionStats, c0 as Conflict, c1 as ConflictPolicy, c2 as ConflictStrategy, aa as ConsentAuditEntry, ab as ConsentAuditFilter, ac as ConsentContext, ad as ConsentOp, c3 as CrossTierAccessEvent, Y as DEFAULT_CHUNK_SIZE, c4 as DEFAULT_PUBLIC_ENVELOPE_SCHEMA, c5 as DELEGATIONS_COLLECTION, D as DICT_COLLECTION_PREFIX, c6 as DeepPartial, c7 as DeepPartialOrNull, c8 as DelegationToken, c9 as DeleteManyResult, ca as DerivationDescriptor, aN as DerivationStrategy, aR as DerivationStrategyHandle, aS as DerivedFromMeta, a as DictEntry, b as DictKeyDescriptor, c as DictionaryHandle, d as DictionaryOptions, cb as DirtyEntry, cc as DryRunResult, cd as DumpSchemaOptions, ce as ELEVATION_AUDIT_COLLECTION, cf as ElevatedHandle, b5 as EncryptedEnvelope, cg as EnrollAuthenticatorOptions, ch as EnrollAuthenticatorWrappingDEKsOptions, ci as EnrollAuthenticatorWrappingKEKOptions, cj as EnrollRecoveryResult, ck as ExportCapability, cl as ExportChunk, cm as ExportFormat, cn as ExportStreamOptions, co as FactorKind, cp as FactorProofBundle, cq as FactorRequirement, cr as FenceDoc, cs as FenceState, ct as FieldChange, cu as FieldDescriptor, cv as FieldSource, cw as GhostRecord, cx as GrantOptions, at as GuardChange, au as GuardContext, as as GuardStrategy, aw as GuardStrategyHandle, cy as GuardViolation, cz as HistoryConfig, cA as HistoryEntry, b4 as HistoryOptions, e as I18nMap, f as I18nTextDescriptor, g as I18nTextOptions, cB as INDEXED_STORE_POLICY, cC as ImportCapability, cD as InferOutput, cE as InternalCollectionStats, cF as IssueDelegationOptions, cG as IssueMagicLinkGrantOptions, bb as JsonPatch, bc as JsonPatchOp, cH as KeyringAuthenticator, cI as KeyringAuthenticatorWrappingDEKs, cJ as KeyringAuthenticatorWrappingKEK, cK as KeyringFile, L as Layer, bd as LedgerEntry, be as LedgerStore, cL as ListAccessibleVaultsOptions, cM as ListPageResult, cN as ListUsersOptions, cO as LiveUserEnvelope, cP as LocaleReadOptions, cQ as Lru, cR as LruOptions, cS as LruStats, cT as MAGIC_LINK_CONTENT_INFO_PREFIX, cU as MAGIC_LINK_GRANTS_COLLECTION, cV as MAGIC_LINK_KEK_INFO_PREFIX, cW as MagicLinkGrantPayload, cX as MagicLinkGrantRecord, bC as MaterializedFromMeta, cY as MaterializedViewDescriptor, bD as MaterializedViewOutput, aV as MaterializedViewStrategy, aW as MaterializedViewStrategyHandle, cZ as MemoryRecipientSealer, c_ as MemorySealingKeyProvider, c$ as NOYDB_BACKUP_VERSION, d0 as NOYDB_FORMAT_VERSION, d1 as NOYDB_KEYRING_VERSION, d2 as NOYDB_SYNC_VERSION, d3 as Noydb, aB as NoydbBundleStore, d4 as NoydbEventMap, d5 as NoydbOptions, O as OnMissing, h as OnMissingPolicy, aj as OpenPeriodOptions, aT as OutputSpec, d6 as OverlayViewDescriptor, aX as OverlayedViewStrategy, a_ as OverlayedViewStrategyHandle, ak as PERIODS_COLLECTION, d7 as PUBLIC_ENVELOPE_FIELDS, d8 as PaperRecoveryDoc, d9 as PaperRecoveryEntry, da as PassphrasePolicy, db as PassphraseValidationResult, al as PeriodRecord, dc as Permission, dd as Permissions, de as PersistedSchemaKind, df as PlaintextTranslatorContext, dg as PlaintextTranslatorFn, P as PolicyEnforcer, dh as PresenceHandle, di as PresencePeer, b6 as PruneOptions, dj as PublicEnvelopeField, dk as PublicEnvelopeSchema, dl as PublicEnvelopeText, dm as PullMode, dn as PullOptions, dp as PullPolicy, dq as PullResult, dr as PushMode, ds as PushOptions, dt as PushPolicy, du as PushResult, dv as PutManyItemOptions, dw as PutManyOptions, dx as PutManyResult, dy as QueryAcrossOptions, dz as QueryAcrossResult, dA as QuickUnlockState, dB as QuickUnlockStore, dC as ReAuthOperation, bv as RecipientHint, bu as RecipientSealer, aU as RecordOutputSpec, dD as RecoverPassphraseInput, dE as RecoverPassphraseResult, dF as RecoverUserOptions, dG as RecoveryProof, R as ResolveI18nOptions, dH as ResolvedPublicEnvelopeSchema, aC as RetentionPolicy, dI as RevokeOptions, b0 as Role, dJ as RotatePassphraseInput, dK as RotateRecoveryOptions, dL as RotateRecoveryResult, dM as SEALED_PASSPHRASE_RECORD_ID, dN as SchemaDelta, dO as SchemaIntrospection, S as ScriptWarning, dP as SealedEnvelope, dQ as SealedPassphrase, bs as SealingKeyProvider, dR as SessionPolicy, dS as SetPublicEnvelopeInput, dT as ShamirRecoveryDoc, dU as ShamirRecoveryEntry, by as ShamirRecoveryProvider, a3 as SlotInfo, a4 as SlotRecord, dV as SlotRewrapCeremony, dW as SlotRewrapContext, aF as SnapshotMeta, dX as StandardSchemaV1, dY as StandardSchemaV1Issue, dZ as StandardSchemaV1SyncResult, d_ as StoreAuth, d$ as StoreAuthKind, e0 as StoreCapabilities, e1 as SyncEngine, e2 as SyncMetadata, e3 as SyncPolicy, e4 as SyncScheduler, e5 as SyncSchedulerStatus, e6 as SyncStatus, e7 as SyncTarget, e8 as SyncTargetRole, e9 as SyncTransaction, ea as SyncTransactionResult, eb as TabChannel, ec as TabCoordinationOptions, ed as TabLockManager, ee as TabPresence, ef as TabRole, eg as TierMode, eh as TranslatorAuditEntry, aJ as TxCollection, aK as TxContext, ei as TxOp, aL as TxVault, ej as USER_ENVELOPE_COLLECTION, ek as USER_ENVELOPE_MAX_BYTES, bE as UnionSource, el as Unsubscribe, em as UpdateAuthenticatorOptions, en as UpdateContext, eo as UpdateUserOptions, ep as UserApi, eq as UserEnvelopeCheckGate, er as UserEnvelopeOversizedError, es as UserEnvelopePresented, et as UserInfo, eu as VaultBackup, bf as VaultEngine, aA as VaultFrame, bg as VaultInstant, ev as VaultPolicyOnDisk, ew as VaultSchemaSnapshot, ex as VaultSnapshot, bh as VerifyResult, a5 as VersionRecord, ey as WarningRules, ez as WeakPassphraseError, eA as WeakPassphraseReason, eB as WrappedDeksBlob, eC as WriteConflict, eD as WriteEvent, eE as WriteHook, eF as WriteQueue, i as applyI18nLocale, bi as applyPatch, eG as assertStrongPassphrase, eH as buildRecipientKeyringFile, eI as burnPaperRecoveryEntry, bj as canonicalJson, bk as computePatch, x as createEnforcer, eJ as createNoydb, eK as createStore, eL as deriveMagicLinkContentKey, j as dictCollectionName, k as dictKey, bl as diff, l as enforceScript, eM as enrollAuthenticator, eN as estimateEntropy, eO as evaluateExportCapability, eP as evaluateImportCapability, eQ as findAuthenticator, bm as formatDiff, eR as hasExportCapability, eS as hasImportCapability, eT as hasRecoveryEnrolled, bn as hashEntry, n as i18nText, o as inferScripts, p as isDictCollectionName, q as isDictKeyDescriptor, r as isI18nTextDescriptor, eU as isMagicLinkGrantExpired, eV as isPublicEnvelope, eW as issueDelegation, eX as keyringRecoverPassphrase, eY as keyringRotatePassphrase, eZ as listMagicLinkGrants, e_ as listUsers, e$ as listUsersWithEnvelopes, f0 as loadActiveDelegations, f1 as loadPaperRecoveryEntries, f2 as loadSealedPassphrase, f3 as loadShamirRecoveryEntries, f4 as magicLinkGrantRecordId, f5 as mintPaperRecoveryEntry, f6 as mintShamirRecoveryEntry, f7 as mintWrappedDeksBlob, bo as paddedIndex, bp as parseIndex, f8 as parseSealedEnvelope, f9 as readMagicLinkGrantRecord, fa as recoverUser, fb as removeAuthenticator, s as resolveI18nText, t as resolvePolicy, fc as resolvePublicEnvelopeSchema, fd as revokeDelegation, fe as revokeMagicLinkGrant, aM as runTransaction, ff as savePaperRecoveryEntries, fg as saveSealedPassphrase, fh as saveShamirRecoveryEntries, bq as sha256Hex, fi as unwrapDeksFromBlob, fj as unwrapDeksFromPaperEntry, fk as unwrapDeksFromShamirEntry, fl as unwrapMagicLinkGrant, v as validateI18nTextValue, fm as validatePassphrase, fn as validatePublicEnvelopeInput, fo as validateSchemaInput, fp as validateSchemaOutput, y as validateSessionPolicy, fq as writeMagicLinkGrant } from './types-CD8mc8zR.js';
 export { d as detectMagic, a as detectMimeType, i as isPreCompressed } from './mime-magic-CBBSOkjm.js';
 export { AgeRoute, BlobLifecyclePolicy, BlobStoreRoute, CircuitBreakerOptions, HealthCheckOptions, LogLevel, LoggingOptions, MetricsOptions, OverrideOptions, OverrideTarget, RetryOptions, RouteStatus, RouteStoreOptions, RoutedNoydbStore, StoreCacheOptions, StoreMiddleware, StoreOperation, SuspendOptions, WrapBundleStoreOptions, WrappedBundleNoydbStore, createBundleStore, routeStore, withCache, withCircuitBreaker, withHealthCheck, withLogging, withMetrics, withRetry, wrapBundleStore, wrapStore } from './store/index.js';
-import { N as NoydbError } from './index-CNwA-B6-.js';
-export { q as AlreadyElevatedError, A as AmendmentForbiddenError, B as BackupCorruptedError, r as BackupLedgerError, s as BundleIntegrityError, t as BundleSealMismatchError, u as BundleVersionConflictError, C as ConflictError, v as DEFAULT_JOIN_MAX_ROWS, w as DanglingReferenceError, x as DecryptionError, y as DelegationTargetMissingError, e as DerivationCapExceededError, f as DerivationCycleError, g as DerivationDepthError, h as DerivationOutputShapeError, i as DerivationOutputUnknownError, D as DictKeyInUseError, a as DictKeyMissingError, z as DirectoryDisabledError, E as ElevationExpiredError, G as ExportCapabilityError, F as FieldFrozenError, H as FilenameSanitizationError, J as GroupCardinalityError, K as ImportCapabilityError, P as IndexRequiredError, U as IndexWriteFailureError, V as InvalidKeyError, I as InvariantError, W as JoinContext, X as JoinLeg, Y as JoinStrategy, Z as JoinTooLargeError, _ as JoinableSource, $ as KeyringCorruptError, a0 as KeyringExpiredError, a1 as LedgerContentionError, a2 as LiveQuery, a3 as LiveUpstream, L as LocaleNotSpecifiedError, m as MaterializedViewConfigError, n as MaterializedViewCycleError, o as MaterializedViewSourceUnknownError, p as MaterializedViewTooLargeError, M as MissingTranslationError, a4 as NetworkError, a5 as NoAccessError, a6 as NotFoundError, a7 as OrderBy, O as OverlayBaseIsVirtualError, j as OverlayCollectionUnavailableError, k as OverlayIdMismatchError, l as OverlayNameCollisionError, a8 as PathEscapeError, a9 as PeriodClosedError, aa as PermissionDeniedError, ab as PrivilegeEscalationError, Q as Query, ac as QueryPlan, ad as QuerySource, ae as ReadOnlyAtInstantError, af as ReadOnlyError, ag as ReadOnlyFrameError, d as RecordLockedError, ah as RefDescriptor, ai as RefIntegrityError, aj as RefMode, ak as RefRegistry, al as RefScopeError, am as RefViolation, R as ReservedCollectionNameError, an as ScanBuilder, ao as ScanPageProvider, ap as SchemaValidationError, S as SessionExpiredError, b as SessionNotFoundError, c as SessionPolicyError, aq as StoreCapabilityError, ar as TamperedError, as as TierDemoteDeniedError, at as TierNotGrantedError, T as TranslatorNotConfiguredError, au as ValidationError, av as applyJoins, aw as buildLiveQuery, ax as executePlan, ay as ref, az as resetJoinWarnings } from './index-CNwA-B6-.js';
-export { A as AutoCredential, a as AutoCredentialKind, C as CompressionAlgo, N as NOYDB_BUNDLE_FORMAT_VERSION, b as NOYDB_BUNDLE_MAGIC, c as NOYDB_BUNDLE_PREFIX_BYTES, d as NoydbBundleHeader, e as NoydbBundleReadResult, R as ReadNoydbBundleOptions, W as WriteNoydbBundleOptions, g as generateULID, h as hasNoydbBundleMagic, i as isULID, r as readNoydbBundle, f as readNoydbBundleHeader, j as readNoydbBundlePublicEnvelope, k as resetBrotliSupportCache, w as writeNoydbBundle } from './index-4agOpzqd.js';
+import { N as NoydbError } from './index-DfUbNad8.js';
+export { z as AlreadyElevatedError, A as AmendmentForbiddenError, o as AttestationError, B as BackupCorruptedError, q as BackupLedgerError, r as BundleIntegrityError, s as BundleSealMismatchError, t as BundleVersionConflictError, C as ConflictError, E as CrossJoinSourceUnknownError, G as CrossJoinTooLargeError, H as DEFAULT_CROSS_JOIN_MAX_ROWS, J as DEFAULT_JOIN_MAX_ROWS, K as DanglingReferenceError, U as DecryptionError, V as DelegationTargetMissingError, g as DerivationCapExceededError, h as DerivationCycleError, i as DerivationDepthError, j as DerivationOutputShapeError, k as DerivationOutputUnknownError, D as DictKeyInUseError, a as DictKeyMissingError, W as DirectoryDisabledError, X as ElevationExpiredError, Y as ExportCapabilityError, F as FieldFrozenError, Z as FilenameSanitizationError, _ as GroupCardinalityError, $ as ImportCapabilityError, a0 as IndexRequiredError, a1 as IndexWriteFailureError, a2 as InvalidKeyError, I as InvariantError, a3 as JoinContext, a4 as JoinLeg, a5 as JoinStrategy, a6 as JoinTooLargeError, a7 as JoinableSource, a8 as KeyringCorruptError, a9 as KeyringExpiredError, aa as LedgerContentionError, ab as LiveQuery, ac as LiveUpstream, L as LocaleNotSpecifiedError, v as MaterializedViewConfigError, w as MaterializedViewCycleError, x as MaterializedViewSourceUnknownError, y as MaterializedViewTooLargeError, ad as MigrationRequiredError, M as MissingTranslationError, ae as NetworkError, af as NoAccessError, ag as NonAdditiveSchemaChangeError, ah as NotFoundError, ai as OrderBy, O as OverlayBaseIsVirtualError, l as OverlayCollectionUnavailableError, m as OverlayIdMismatchError, n as OverlayNameCollisionError, aj as PathEscapeError, ak as PeriodClosedError, al as PermissionDeniedError, am as PrivilegeEscalationError, Q as Query, an as QueryPlan, ao as QuerySource, ap as QuiesceTimeoutError, aq as ReadOnlyAtInstantError, ar as ReadOnlyError, as as ReadOnlyFrameError, e as RecordLockedError, at as RefDescriptor, au as RefIntegrityError, av as RefMode, aw as RefRegistry, ax as RefScopeError, ay as RefViolation, R as ReservedCollectionNameError, az as ScanBuilder, aA as ScanPageProvider, aB as SchemaFenceError, aC as SchemaLockedError, aD as SchemaUpdateError, aE as SchemaValidationError, S as ScriptViolationError, b as SessionExpiredError, c as SessionNotFoundError, d as SessionPolicyError, f as SnapshotNotFoundError, aF as StoreCapabilityError, aG as TamperedError, aH as TierDemoteDeniedError, aI as TierNotGrantedError, T as TranslatorNotConfiguredError, aJ as UniqueConstraintError, aK as UnsupportedIndexOptionError, aL as ValidationError, aM as applyJoins, aN as buildLiveQuery, aO as executePlan, aP as ref, aQ as resetJoinWarnings } from './index-DfUbNad8.js';
+export { A as AutoCredential, n as AutoCredentialKind, c as CompressionAlgo, N as NOYDB_BUNDLE_FORMAT_VERSION, e as NOYDB_BUNDLE_MAGIC, f as NOYDB_BUNDLE_PREFIX_BYTES, g as NoydbBundleHeader, h as NoydbBundleReadResult, R as ReadNoydbBundleOptions, W as WriteNoydbBundleOptions, j as generateULID, o as hasNoydbBundleMagic, k as isULID, r as readNoydbBundle, l as readNoydbBundleHeader, p as readNoydbBundlePublicEnvelope, m as resetBrotliSupportCache, w as writeNoydbBundle } from './ulid-8p83wbR4.js';
 export { a as CrdtMode, b as CrdtState, L as LwwMapState, R as RgaState, Y as YjsState, m as mergeCrdtStates, r as resolveCrdtSnapshot } from './strategy-BSxFXGzb.js';
-export { w as withGuard } from './with-guard-DWOCK4Ca.js';
-export { w as withDerivation } from './with-derivation-g-pGoMzL.js';
-export { w as withMaterializedView } from './with-materialized-view-DaKR-N6J.js';
-export { a as Clause, C as CollectionIndexes, F as FieldClause, b as FilterClause, G as GroupClause, H as HashIndex, I as IndexDef, O as Operator, e as evaluateClause, c as evaluateFieldClause, r as readPath } from './predicate-Dnu81tsS.js';
-export { w as withOverlayedView } from './with-overlayed-view-N7jYuNOS.js';
+export { w as withGuard } from './with-guard-BRvt53da.js';
+export { w as withDerivation } from './with-derivation-DWMTpgEH.js';
+export { w as withMaterializedView } from './with-materialized-view-X0CoL8-L.js';
+export { a as Clause, C as CollectionIndexes, F as FieldClause, b as FilterClause, G as GroupClause, H as HashIndex, I as IndexDef, O as Operator, e as evaluateClause, c as evaluateFieldClause, r as readPath } from './predicate-Bt5ft-9c.js';
+export { w as withOverlayedView } from './with-overlayed-view-DQjO_DSG.js';
 export { SYNC_CREDENTIALS_COLLECTION, SyncCredential, credentialStatus, deleteCredential, getCredential, listCredentials, putCredential } from './team/index.js';
-export { C as CreateSessionOptions, a as CreateSessionResult, D as DevUnlockOptions, S as SessionToken, b as activeSessionCount, c as clearDevUnlock, d as createSession, e as enableDevUnlock, i as isDevUnlockActive, f as isSessionAlive, l as loadDevUnlock, r as resolveSession, g as revokeAllSessions, h as revokeSession } from './dev-unlock-D9s-loPr.js';
-export { a as AggregateResult, b as AggregateSpec, c as Aggregation, d as AggregationUpstream, G as GROUPBY_MAX_CARDINALITY, e as GROUPBY_WARN_CARDINALITY, f as GroupedAggregation, g as GroupedQuery, h as GroupedQueryN, i as GroupedRow, j as GroupedRowN, L as LiveAggregation, R as Reducer, k as ReducerOptions, l as avg, n as count, o as groupAndReduce, p as max, q as min, r as reduceRecords, t as sum } from './strategy-DSTrsZ8t.js';
-export { L as LEDGER_COLLECTION, a as LEDGER_DELTAS_COLLECTION, e as envelopePayloadHash } from './hash-DXXXusyk.js';
-import './lazy-builder-Rpd-V3jP.js';
+export { C as CreateSessionOptions, a as CreateSessionResult, D as DevUnlockOptions, S as SessionToken, b as activeSessionCount, c as clearDevUnlock, d as createSession, e as enableDevUnlock, i as isDevUnlockActive, f as isSessionAlive, l as loadDevUnlock, r as resolveSession, g as revokeAllSessions, h as revokeSession } from './dev-unlock-BH6y3Hx0.js';
+export { i as isDiscriminant } from './discriminant-BN9REW3o.js';
+export { a as AggregateResult, b as AggregateSpec, c as Aggregation, d as AggregationUpstream, G as GROUPBY_MAX_CARDINALITY, e as GROUPBY_WARN_CARDINALITY, f as GroupedAggregation, g as GroupedQuery, h as GroupedQueryN, i as GroupedRow, j as GroupedRowN, L as LiveAggregation, R as Reducer, k as ReducerOptions, l as avg, n as count, o as groupAndReduce, p as max, q as min, r as reduceRecords, t as sum } from './strategy-CT2LCKAX.js';
+export { L as LEDGER_COLLECTION, a as LEDGER_DELTAS_COLLECTION, e as envelopePayloadHash } from './hash-D89JdDbj.js';
+import './lazy-builder-D5GU14TS.js';
+import '@noy-db/attestation';
 
 /**
  * Persistence helpers for per-principal user envelopes stored at
@@ -161,15 +163,14 @@ declare class PolicyDeniedError extends NoydbError {
  * MUST have at least one recovery path enrolled before being
  * production-ready (paper, shamir, multi-channel, or admin-mediated).
  *
- * The error references issue #10 in its message so a developer hitting
- * it gets a one-line pointer to the design.
+ * The error message carries a pointer to the recovery design docs.
  */
 declare class RecoveryNotEnrolledError extends NoydbError {
     constructor(message?: string);
 }
 /**
  * Raised by `openVault` when a managed-passphrase-mode vault has no
- * STRONG recovery profile enrolled (#195).
+ * STRONG recovery profile enrolled.
  *
  * Managed mode means the user never types a passphrase — the unlock
  * material lives in a `SealingKeyProvider` (`at-*` package). If that
@@ -195,9 +196,8 @@ declare class ManagedRecoveryNotEnrolledError extends NoydbError {
  * `db.rotateRecovery` when the developer requests a recovery profile
  * not yet wired in this hub release.
  *
- * Implemented: `paper` (#10, pre.5) and `shamir` (#196 slice 1, pre.16).
- * Pending: `multi-channel` and `admin-mediated` (tracked under #196
- * follow-up slices).
+ * Implemented: `paper` and `shamir`.
+ * Pending: `multi-channel` and `admin-mediated` (follow-up slices).
  *
  * The carried `profile` and `tracking` fields let consumers steer the
  * UI ("multi-channel recovery is not yet wired up — open issue #N to follow").
@@ -338,6 +338,24 @@ declare function loadVaultPolicy(store: NoydbStore, vault: string): Promise<Vaul
  */
 declare function saveVaultPolicy(store: NoydbStore, vault: string, policy: VaultPolicy): Promise<void>;
 
+/** Allow any schema change. Explicit blind / back-compat. */
+declare function blindUpdate(): SchemaUpdateStrategy;
+/** Allow additive changes; reject non-additive ones. The safety backstop. */
+declare function additiveOnly(): SchemaUpdateStrategy;
+/**
+ * Reject schema changes. With `fields`, reject only when one of those
+ * fields is added/removed/changed; otherwise reject any non-`none` delta.
+ */
+declare function lockSchema(opts?: {
+    readonly fields?: readonly string[];
+}): SchemaUpdateStrategy;
+
+/** The coordinatedCutover update strategy (single-step — no from/to). */
+
+declare function coordinatedCutover(opts: {
+    readonly transform: TransformFn;
+}): SchemaUpdateStrategy;
+
 /**
  * Derive a {@link PersistedSchemaEnvelope} from a Standard Schema v1
  * validator. v0 supports Zod via `zod-to-json-schema` (optional peer-dep);
@@ -412,6 +430,8 @@ interface PersistSchemaResult {
     readonly skipped: boolean;
     /** The envelope that was either written or matched. */
     readonly envelope: PersistedSchemaEnvelope;
+    /** The update-strategy decision, present when strategies ran. */
+    readonly decision?: UpdateDecision;
 }
 declare function persistSchemaIfNeeded(opts: {
     readonly store: NoydbStore;
@@ -419,10 +439,11 @@ declare function persistSchemaIfNeeded(opts: {
     readonly collectionName: string;
     readonly validator: unknown;
     readonly dek: CryptoKey;
+    readonly strategies?: readonly SchemaUpdateStrategy[];
 }): Promise<PersistSchemaResult>;
 
 /**
- * Authentication introspection — issue #13.
+ * Authentication introspection.
  *
  * Three surfaces over the configured tier model and the actual
  * per-user enrollment state:
@@ -753,4 +774,4 @@ type DiffCandidate<T = unknown> = Vault | Record<string, readonly T[]> | string;
  */
 declare function diffVault<T = unknown>(vault: Vault, candidate: DiffCandidate<T>, options?: DiffOptions): Promise<VaultDiff<T>>;
 
-export { ActiveTier, type CheckGateContext, DEFAULT_FRESHNESS_MS, DIRECTORY_RECORD_ID, type DiffCandidate, DiffEntry, type DiffOptions, DirectoryConfig, FactorProof, GateName, GatePolicy, META_COLLECTION, ManagedRecoveryNotEnrolledError, NoydbError, NoydbStore, PERSONAL_POLICY, POLICY_RECORD_ID, PUBLIC_ENVELOPE_RECORD_ID, type PersistSchemaResult, PersistedSchemaEnvelope, PolicyDeniedError, type PolicyDenyReason, PublicEnvelope, RecoveryNotEnrolledError, RecoveryProfileNotImplementedError, SCHEMAS_COLLECTION, STRICT_POLICY, UnlockedKeyring, UserEnvelope, UserVisibility, VISIBILITY_RECORD_PREFIX, Vault, type VaultDiff, type VaultDiffEntry, type VaultDiffModifiedEntry, VaultPolicy, assertTierAccess, base64ToBuffer, bufferToBase64, checkGate, decryptBytes, decryptDeterministic, dekKey, deleteUserEnvelope, deleteUserVisibility, derivePersistedSchema, derivePresenceKey, describeAllUsersAuth, describeAuthConfig, describeGate, describeUserAuth, diagramAuthConfig, diffVault, effectiveClearance, encryptBytes, encryptDeterministic, estimateRecordBytes, isZodSchema, listUserEnvelopeIds, loadPersistedSchema, loadPublicEnvelope, loadUserEnvelope, loadVaultPolicy, mergePolicy, parseBytes, persistDirectoryConfig, persistSchemaIfNeeded, persistUserVisibility, readDirectoryConfig, readPublicEnvelope, readUserVisibility, savePersistedSchema, savePublicEnvelope, saveUserEnvelope, saveVaultPolicy, visibilityRecordId };
+export { ActiveTier, type CheckGateContext, DEFAULT_FRESHNESS_MS, DIRECTORY_RECORD_ID, type DiffCandidate, DiffEntry, type DiffOptions, DirectoryConfig, FactorProof, GateName, GatePolicy, META_COLLECTION, ManagedRecoveryNotEnrolledError, NoydbError, NoydbStore, PERSONAL_POLICY, POLICY_RECORD_ID, PUBLIC_ENVELOPE_RECORD_ID, type PersistSchemaResult, PersistedSchemaEnvelope, PolicyDeniedError, type PolicyDenyReason, PublicEnvelope, RecoveryNotEnrolledError, RecoveryProfileNotImplementedError, SCHEMAS_COLLECTION, STRICT_POLICY, SchemaUpdateStrategy, UnlockedKeyring, UpdateDecision, UserEnvelope, UserVisibility, VISIBILITY_RECORD_PREFIX, Vault, type VaultDiff, type VaultDiffEntry, type VaultDiffModifiedEntry, VaultPolicy, additiveOnly, assertTierAccess, base64ToBuffer, blindUpdate, bufferToBase64, checkGate, coordinatedCutover, decryptBytes, decryptDeterministic, dekKey, deleteUserEnvelope, deleteUserVisibility, derivePersistedSchema, derivePresenceKey, describeAllUsersAuth, describeAuthConfig, describeGate, describeUserAuth, diagramAuthConfig, diffVault, effectiveClearance, encryptBytes, encryptDeterministic, estimateRecordBytes, isZodSchema, listUserEnvelopeIds, loadPersistedSchema, loadPublicEnvelope, loadUserEnvelope, loadVaultPolicy, lockSchema, mergePolicy, parseBytes, persistDirectoryConfig, persistSchemaIfNeeded, persistUserVisibility, readDirectoryConfig, readPublicEnvelope, readUserVisibility, savePersistedSchema, savePublicEnvelope, saveUserEnvelope, saveVaultPolicy, visibilityRecordId };