@noy-db/hub 0.2.0-pre.1 → 0.2.0-pre.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (253) hide show
  1. package/dist/aggregate/index.cjs.map +1 -1
  2. package/dist/aggregate/index.js +2 -2
  3. package/dist/attestation/index.cjs +305 -0
  4. package/dist/attestation/index.cjs.map +1 -0
  5. package/dist/attestation/index.d.cts +52 -0
  6. package/dist/attestation/index.d.ts +52 -0
  7. package/dist/attestation/index.js +36 -0
  8. package/dist/attestation/index.js.map +1 -0
  9. package/dist/blobs/index.cjs.map +1 -1
  10. package/dist/blobs/index.d.cts +4 -3
  11. package/dist/blobs/index.d.ts +4 -3
  12. package/dist/blobs/index.js +10 -8
  13. package/dist/blobs/index.js.map +1 -1
  14. package/dist/bundle/index.cjs +17940 -129
  15. package/dist/bundle/index.cjs.map +1 -1
  16. package/dist/bundle/index.d.cts +172 -3
  17. package/dist/bundle/index.d.ts +172 -3
  18. package/dist/bundle/index.js +533 -5
  19. package/dist/bundle/index.js.map +1 -1
  20. package/dist/{chunk-CBAHB2BF.js → chunk-2EYC3WDT.js} +7 -70
  21. package/dist/chunk-2EYC3WDT.js.map +1 -0
  22. package/dist/{chunk-P7EQ2S5O.js → chunk-2XLVPKXG.js} +2 -2
  23. package/dist/chunk-4OQWR46B.js +79 -0
  24. package/dist/chunk-4OQWR46B.js.map +1 -0
  25. package/dist/{chunk-23TTQXVO.js → chunk-4UBOTYP5.js} +2 -2
  26. package/dist/chunk-4X2S7PBF.js +251 -0
  27. package/dist/chunk-4X2S7PBF.js.map +1 -0
  28. package/dist/{chunk-MKSA2V7A.js → chunk-5YHWBPOT.js} +2 -2
  29. package/dist/{chunk-DYBQG5PQ.js → chunk-6S3LLAQ5.js} +2 -2
  30. package/dist/{chunk-UA4RI7OT.js → chunk-74JEQFMT.js} +5 -5
  31. package/dist/chunk-75QDHSE4.js +59 -0
  32. package/dist/chunk-75QDHSE4.js.map +1 -0
  33. package/dist/chunk-A6SWRXUQ.js +118 -0
  34. package/dist/chunk-A6SWRXUQ.js.map +1 -0
  35. package/dist/{chunk-UZXLQCHP.js → chunk-BFI3RS42.js} +2 -2
  36. package/dist/{chunk-EGQYGYIU.js → chunk-EMEX37ZN.js} +2 -2
  37. package/dist/{chunk-PEULZC6M.js → chunk-EPK6A3WJ.js} +8 -1
  38. package/dist/chunk-EPK6A3WJ.js.map +1 -0
  39. package/dist/{chunk-VMIO4IXG.js → chunk-FBMXWVGP.js} +6 -229
  40. package/dist/chunk-FBMXWVGP.js.map +1 -0
  41. package/dist/{chunk-ZNOEIM6Y.js → chunk-FCDO7UAO.js} +2 -2
  42. package/dist/{chunk-5SCJ5UEF.js → chunk-FS7A4XNF.js} +3 -3
  43. package/dist/{chunk-YS3POABP.js → chunk-FXQYZNOW.js} +1 -1
  44. package/dist/chunk-FXQYZNOW.js.map +1 -0
  45. package/dist/{chunk-SIZWEV2Y.js → chunk-G7PAZ3TD.js} +4 -4
  46. package/dist/{chunk-SIZWEV2Y.js.map → chunk-G7PAZ3TD.js.map} +1 -1
  47. package/dist/{chunk-537VFZTR.js → chunk-GAUBWHAF.js} +4 -4
  48. package/dist/{chunk-FCXOFQAJ.js → chunk-GD3BGKAR.js} +2 -2
  49. package/dist/{chunk-DPMFBCV6.js → chunk-GDTCGIPX.js} +2 -2
  50. package/dist/{chunk-DPMFBCV6.js.map → chunk-GDTCGIPX.js.map} +1 -1
  51. package/dist/{chunk-6HPZY4ON.js → chunk-GVXBHCZ2.js} +8 -3
  52. package/dist/chunk-GVXBHCZ2.js.map +1 -0
  53. package/dist/{chunk-HB3Z2GCR.js → chunk-HGZ7DC5H.js} +2 -2
  54. package/dist/{chunk-MIQHZESA.js → chunk-IS5HWQO7.js} +5 -5
  55. package/dist/{chunk-MIQHZESA.js.map → chunk-IS5HWQO7.js.map} +1 -1
  56. package/dist/{chunk-5DWL3JBF.js → chunk-K5PVGKE4.js} +2 -2
  57. package/dist/{chunk-NIOHFJPJ.js → chunk-KMI2NBBF.js} +7 -119
  58. package/dist/chunk-KMI2NBBF.js.map +1 -0
  59. package/dist/{chunk-XGSOTWYX.js → chunk-KYKMKLJ6.js} +2 -2
  60. package/dist/chunk-LOL725S4.js +233 -0
  61. package/dist/chunk-LOL725S4.js.map +1 -0
  62. package/dist/{chunk-4TFSM22V.js → chunk-LS3JLEIB.js} +4 -4
  63. package/dist/{chunk-2AXFIYHT.js → chunk-NCO2JGKK.js} +1 -1
  64. package/dist/chunk-NCO2JGKK.js.map +1 -0
  65. package/dist/{chunk-Z72JH4KG.js → chunk-NGSPBLLE.js} +4 -34
  66. package/dist/chunk-NGSPBLLE.js.map +1 -0
  67. package/dist/{chunk-OMLIZL2P.js → chunk-NSLTPGEN.js} +2 -2
  68. package/dist/{chunk-7H6DOO3E.js → chunk-P6256WTJ.js} +211 -36
  69. package/dist/chunk-P6256WTJ.js.map +1 -0
  70. package/dist/{chunk-KESP7GOK.js → chunk-QAU5HM6Q.js} +3 -3
  71. package/dist/{chunk-34YSDCDP.js → chunk-SAVQ6E2O.js} +2 -2
  72. package/dist/chunk-T6HQMVML.js +9960 -0
  73. package/dist/chunk-T6HQMVML.js.map +1 -0
  74. package/dist/{chunk-PA6R5ZCI.js → chunk-TLFUDXVV.js} +4 -4
  75. package/dist/{chunk-WCA2NROQ.js → chunk-UOF74WQY.js} +2 -2
  76. package/dist/chunk-UVPGJXVO.js +83 -0
  77. package/dist/chunk-UVPGJXVO.js.map +1 -0
  78. package/dist/{chunk-DYECX3IX.js → chunk-WRLHNG6H.js} +2 -2
  79. package/dist/{chunk-ADQ5MQ54.js → chunk-YDLAFP36.js} +71 -1
  80. package/dist/chunk-YDLAFP36.js.map +1 -0
  81. package/dist/{chunk-I6MX32UC.js → chunk-YK72A4IT.js} +4 -4
  82. package/dist/chunk-YL2DR3HY.js +36 -0
  83. package/dist/chunk-YL2DR3HY.js.map +1 -0
  84. package/dist/{chunk-RD5LYKD6.js → chunk-ZC2AAE6J.js} +2 -2
  85. package/dist/chunk-ZUMGGHRB.js +57 -0
  86. package/dist/chunk-ZUMGGHRB.js.map +1 -0
  87. package/dist/consent/index.cjs.map +1 -1
  88. package/dist/consent/index.d.cts +4 -3
  89. package/dist/consent/index.d.ts +4 -3
  90. package/dist/consent/index.js +3 -3
  91. package/dist/{crypto-A7FRXYHC.js → crypto-H2Y3DDFW.js} +3 -3
  92. package/dist/{delegation-YBA4X4JN.js → delegation-QSC7G5QC.js} +5 -5
  93. package/dist/derivations/index.cjs.map +1 -1
  94. package/dist/derivations/index.d.cts +5 -4
  95. package/dist/derivations/index.d.ts +5 -4
  96. package/dist/derivations/index.js +4 -4
  97. package/dist/{dev-unlock-D9s-loPr.d.ts → dev-unlock-Cf2B7Kih.d.ts} +1 -1
  98. package/dist/{dev-unlock-DRwVSy2S.d.cts → dev-unlock-De3mjQWv.d.cts} +1 -1
  99. package/dist/executor-BZKFZVRC.js +8 -0
  100. package/dist/executor-GFZFDQXV.js +8 -0
  101. package/dist/executor-KT2IOZVP.js +11 -0
  102. package/dist/{fanout-sidecar-VJ52RIEY.js → fanout-sidecar-NRBWSLRK.js} +2 -2
  103. package/dist/guards/index.cjs +7 -0
  104. package/dist/guards/index.cjs.map +1 -1
  105. package/dist/guards/index.d.cts +5 -4
  106. package/dist/guards/index.d.ts +5 -4
  107. package/dist/guards/index.js +4 -4
  108. package/dist/{hash-DXXXusyk.d.ts → hash-gVn_uKhp.d.ts} +1 -1
  109. package/dist/{hash-DtRih9MQ.d.cts → hash-vBCB0-Ps.d.cts} +1 -1
  110. package/dist/history/index.cjs +2 -2
  111. package/dist/history/index.cjs.map +1 -1
  112. package/dist/history/index.d.cts +5 -4
  113. package/dist/history/index.d.ts +5 -4
  114. package/dist/history/index.js +6 -6
  115. package/dist/i18n/index.cjs.map +1 -1
  116. package/dist/i18n/index.d.cts +4 -3
  117. package/dist/i18n/index.d.ts +4 -3
  118. package/dist/i18n/index.js +14 -12
  119. package/dist/i18n/index.js.map +1 -1
  120. package/dist/{index-CNwA-B6-.d.ts → index-BF1B2HB9.d.ts} +53 -1
  121. package/dist/{index-CmVgTkqk.d.cts → index-DVkvrgpm.d.cts} +53 -1
  122. package/dist/index.cjs +1780 -64
  123. package/dist/index.cjs.map +1 -1
  124. package/dist/index.d.cts +34 -12
  125. package/dist/index.d.ts +34 -12
  126. package/dist/index.js +160 -8804
  127. package/dist/index.js.map +1 -1
  128. package/dist/indexing/index.cjs.map +1 -1
  129. package/dist/indexing/index.js +2 -2
  130. package/dist/issue-BAJ7ZB4S.js +12 -0
  131. package/dist/{ledger-3TXNP47J.js → ledger-WOEJUYTP.js} +6 -6
  132. package/dist/materialized-views/index.cjs.map +1 -1
  133. package/dist/materialized-views/index.d.cts +6 -5
  134. package/dist/materialized-views/index.d.ts +6 -5
  135. package/dist/materialized-views/index.js +6 -6
  136. package/dist/noydb-XNQSKXGO.js +34 -0
  137. package/dist/overlay-views/index.cjs.map +1 -1
  138. package/dist/overlay-views/index.d.cts +5 -4
  139. package/dist/overlay-views/index.d.ts +5 -4
  140. package/dist/overlay-views/index.js +6 -4
  141. package/dist/periods/index.cjs.map +1 -1
  142. package/dist/periods/index.d.cts +4 -3
  143. package/dist/periods/index.d.ts +4 -3
  144. package/dist/periods/index.js +6 -6
  145. package/dist/{public-envelope-PY6NKFLI.js → public-envelope-OHQ5UZFM.js} +4 -4
  146. package/dist/query/index.cjs.map +1 -1
  147. package/dist/query/index.d.cts +1 -1
  148. package/dist/query/index.d.ts +1 -1
  149. package/dist/query/index.js +3 -3
  150. package/dist/registry-2IEARCGT.js +7 -0
  151. package/dist/{registry-3L3N3PTG.js → registry-CDHASH73.js} +3 -3
  152. package/dist/registry-EMGLZGR6.js +8 -0
  153. package/dist/registry-NQALYR77.js +8 -0
  154. package/dist/registry-NQALYR77.js.map +1 -0
  155. package/dist/revoke-7JOVLZFD.js +17 -0
  156. package/dist/revoke-7JOVLZFD.js.map +1 -0
  157. package/dist/session/index.cjs.map +1 -1
  158. package/dist/session/index.d.cts +5 -4
  159. package/dist/session/index.d.ts +5 -4
  160. package/dist/session/index.js +3 -3
  161. package/dist/shadow/index.cjs.map +1 -1
  162. package/dist/shadow/index.d.cts +4 -3
  163. package/dist/shadow/index.d.ts +4 -3
  164. package/dist/shadow/index.js +2 -2
  165. package/dist/signer-M4K5HBLD.js +18 -0
  166. package/dist/signer-M4K5HBLD.js.map +1 -0
  167. package/dist/{stale-HSC5YO2O.js → stale-PAGCS4K5.js} +2 -2
  168. package/dist/stale-PAGCS4K5.js.map +1 -0
  169. package/dist/store/index.cjs.map +1 -1
  170. package/dist/store/index.d.cts +4 -3
  171. package/dist/store/index.d.ts +4 -3
  172. package/dist/store/index.js +2 -2
  173. package/dist/sync/index.cjs.map +1 -1
  174. package/dist/sync/index.d.cts +3 -2
  175. package/dist/sync/index.d.ts +3 -2
  176. package/dist/sync/index.js +4 -4
  177. package/dist/team/index.cjs.map +1 -1
  178. package/dist/team/index.d.cts +4 -3
  179. package/dist/team/index.d.ts +4 -3
  180. package/dist/team/index.js +13 -11
  181. package/dist/tx/index.cjs +81 -1
  182. package/dist/tx/index.cjs.map +1 -1
  183. package/dist/tx/index.d.cts +5 -4
  184. package/dist/tx/index.d.ts +5 -4
  185. package/dist/tx/index.js +56 -3
  186. package/dist/tx/index.js.map +1 -1
  187. package/dist/{types-C4lwMKKF.d.cts → types-CSLcfytP.d.cts} +644 -5
  188. package/dist/{types-DW9RGSSs.d.ts → types-D9eB0Rvh.d.ts} +644 -5
  189. package/dist/{index-4agOpzqd.d.ts → ulid-CG2YvAbg.d.cts} +51 -33
  190. package/dist/{index-hdFvZkBP.d.cts → ulid-CiM2OAeM.d.ts} +51 -33
  191. package/dist/util/index.cjs.map +1 -1
  192. package/dist/util/index.js +1 -1
  193. package/dist/{with-derivation-g-pGoMzL.d.ts → with-derivation-Bzpj6UTv.d.ts} +1 -1
  194. package/dist/{with-derivation-C8LDlV7t.d.cts → with-derivation-DWajFh4K.d.cts} +1 -1
  195. package/dist/{with-guard-jI1x9Z3k.d.cts → with-guard-DF_Ul3DT.d.cts} +1 -1
  196. package/dist/{with-guard-DWOCK4Ca.d.ts → with-guard-DR7U-l4v.d.ts} +1 -1
  197. package/dist/{with-materialized-view-DcTx4H3j.d.cts → with-materialized-view-_piodoIz.d.cts} +1 -1
  198. package/dist/{with-materialized-view-DaKR-N6J.d.ts → with-materialized-view-qtoJ3xKJ.d.ts} +1 -1
  199. package/dist/{with-overlayed-view-N7jYuNOS.d.ts → with-overlayed-view-DFaRfgMr.d.ts} +1 -1
  200. package/dist/{with-overlayed-view-D-6oWAgM.d.cts → with-overlayed-view-DwzCKxn2.d.cts} +1 -1
  201. package/package.json +15 -3
  202. package/dist/chunk-2AXFIYHT.js.map +0 -1
  203. package/dist/chunk-6HPZY4ON.js.map +0 -1
  204. package/dist/chunk-7H6DOO3E.js.map +0 -1
  205. package/dist/chunk-ADQ5MQ54.js.map +0 -1
  206. package/dist/chunk-CBAHB2BF.js.map +0 -1
  207. package/dist/chunk-NIOHFJPJ.js.map +0 -1
  208. package/dist/chunk-PEULZC6M.js.map +0 -1
  209. package/dist/chunk-VMIO4IXG.js.map +0 -1
  210. package/dist/chunk-YS3POABP.js.map +0 -1
  211. package/dist/chunk-Z72JH4KG.js.map +0 -1
  212. package/dist/executor-7E3VFGW7.js +0 -11
  213. package/dist/executor-CEWX2FQI.js +0 -8
  214. package/dist/executor-X4SQ3ZLC.js +0 -8
  215. package/dist/registry-O47PUPSY.js +0 -8
  216. package/dist/registry-RFGGMVNJ.js +0 -7
  217. package/dist/registry-WLLMODKN.js +0 -8
  218. /package/dist/{chunk-P7EQ2S5O.js.map → chunk-2XLVPKXG.js.map} +0 -0
  219. /package/dist/{chunk-23TTQXVO.js.map → chunk-4UBOTYP5.js.map} +0 -0
  220. /package/dist/{chunk-MKSA2V7A.js.map → chunk-5YHWBPOT.js.map} +0 -0
  221. /package/dist/{chunk-DYBQG5PQ.js.map → chunk-6S3LLAQ5.js.map} +0 -0
  222. /package/dist/{chunk-UA4RI7OT.js.map → chunk-74JEQFMT.js.map} +0 -0
  223. /package/dist/{chunk-UZXLQCHP.js.map → chunk-BFI3RS42.js.map} +0 -0
  224. /package/dist/{chunk-EGQYGYIU.js.map → chunk-EMEX37ZN.js.map} +0 -0
  225. /package/dist/{chunk-ZNOEIM6Y.js.map → chunk-FCDO7UAO.js.map} +0 -0
  226. /package/dist/{chunk-5SCJ5UEF.js.map → chunk-FS7A4XNF.js.map} +0 -0
  227. /package/dist/{chunk-537VFZTR.js.map → chunk-GAUBWHAF.js.map} +0 -0
  228. /package/dist/{chunk-FCXOFQAJ.js.map → chunk-GD3BGKAR.js.map} +0 -0
  229. /package/dist/{chunk-HB3Z2GCR.js.map → chunk-HGZ7DC5H.js.map} +0 -0
  230. /package/dist/{chunk-5DWL3JBF.js.map → chunk-K5PVGKE4.js.map} +0 -0
  231. /package/dist/{chunk-XGSOTWYX.js.map → chunk-KYKMKLJ6.js.map} +0 -0
  232. /package/dist/{chunk-4TFSM22V.js.map → chunk-LS3JLEIB.js.map} +0 -0
  233. /package/dist/{chunk-OMLIZL2P.js.map → chunk-NSLTPGEN.js.map} +0 -0
  234. /package/dist/{chunk-KESP7GOK.js.map → chunk-QAU5HM6Q.js.map} +0 -0
  235. /package/dist/{chunk-34YSDCDP.js.map → chunk-SAVQ6E2O.js.map} +0 -0
  236. /package/dist/{chunk-PA6R5ZCI.js.map → chunk-TLFUDXVV.js.map} +0 -0
  237. /package/dist/{chunk-WCA2NROQ.js.map → chunk-UOF74WQY.js.map} +0 -0
  238. /package/dist/{chunk-DYECX3IX.js.map → chunk-WRLHNG6H.js.map} +0 -0
  239. /package/dist/{chunk-I6MX32UC.js.map → chunk-YK72A4IT.js.map} +0 -0
  240. /package/dist/{chunk-RD5LYKD6.js.map → chunk-ZC2AAE6J.js.map} +0 -0
  241. /package/dist/{crypto-A7FRXYHC.js.map → crypto-H2Y3DDFW.js.map} +0 -0
  242. /package/dist/{delegation-YBA4X4JN.js.map → delegation-QSC7G5QC.js.map} +0 -0
  243. /package/dist/{executor-7E3VFGW7.js.map → executor-BZKFZVRC.js.map} +0 -0
  244. /package/dist/{executor-CEWX2FQI.js.map → executor-GFZFDQXV.js.map} +0 -0
  245. /package/dist/{executor-X4SQ3ZLC.js.map → executor-KT2IOZVP.js.map} +0 -0
  246. /package/dist/{fanout-sidecar-VJ52RIEY.js.map → fanout-sidecar-NRBWSLRK.js.map} +0 -0
  247. /package/dist/{ledger-3TXNP47J.js.map → issue-BAJ7ZB4S.js.map} +0 -0
  248. /package/dist/{public-envelope-PY6NKFLI.js.map → ledger-WOEJUYTP.js.map} +0 -0
  249. /package/dist/{registry-3L3N3PTG.js.map → noydb-XNQSKXGO.js.map} +0 -0
  250. /package/dist/{registry-O47PUPSY.js.map → public-envelope-OHQ5UZFM.js.map} +0 -0
  251. /package/dist/{registry-RFGGMVNJ.js.map → registry-2IEARCGT.js.map} +0 -0
  252. /package/dist/{registry-WLLMODKN.js.map → registry-CDHASH73.js.map} +0 -0
  253. /package/dist/{stale-HSC5YO2O.js.map → registry-EMGLZGR6.js.map} +0 -0
package/dist/index.d.cts CHANGED
@@ -1,21 +1,22 @@
1
- import { aO as NoydbStore, bg as UserEnvelope, bh as PublicEnvelope, bi as GateName, bj as GatePolicy, bk as VaultPolicy, bl as ActiveTier, bm as FactorProof, bn as PersistedSchemaEnvelope, bo as DirectoryConfig, bp as UserVisibility, aM as UnlockedKeyring, bq as Vault, aV as DiffEntry } from './types-C4lwMKKF.cjs';
2
- export { br as AccessibleVault, aS as AppendInput, ay as ArrayOutputSpec, p as BLOB_CHUNKS_COLLECTION, q as BLOB_COLLECTION, t as BLOB_INDEX_COLLECTION, u as BLOB_SLOTS_PREFIX, w as BLOB_VERSIONS_PREFIX, bs as BUNDLE_STORE_POLICY, A as BlobObject, C as BlobPutOptions, E as BlobResponseOptions, F as BlobSet, bt as BuiltInGateName, bu as BundleRecipient, _ as CONSENT_AUDIT_COLLECTION, bv as CacheOptions, bw as CacheStats, bx as ChangeEvent, aT as ChangeType, a7 as ClosePeriodOptions, aH as Collection, by as CollectionChangeEvent, bz as CollectionConflictResolver, bA as CollectionDescriptor, ao as CollectionFrame, aU as CollectionInstant, bB as CollectionStats, bC as Conflict, bD as ConflictPolicy, bE as ConflictStrategy, $ as ConsentAuditEntry, a0 as ConsentAuditFilter, a1 as ConsentContext, a2 as ConsentOp, bF as CrossTierAccessEvent, L as DEFAULT_CHUNK_SIZE, bG as DEFAULT_PUBLIC_ENVELOPE_SCHEMA, bH as DELEGATIONS_COLLECTION, D as DICT_COLLECTION_PREFIX, bI as DeepPartial, bJ as DeepPartialOrNull, bK as DelegationToken, bL as DeleteManyResult, bM as DerivationDescriptor, aw as DerivationStrategy, aA as DerivationStrategyHandle, aB as DerivedFromMeta, a as DictEntry, b as DictKeyDescriptor, c as DictionaryHandle, d as DictionaryOptions, bN as DirtyEntry, bO as DumpSchemaOptions, bP as ELEVATION_AUDIT_COLLECTION, bQ as ElevatedHandle, aQ as EncryptedEnvelope, bR as EnrollAuthenticatorOptions, bS as EnrollAuthenticatorWrappingDEKsOptions, bT as EnrollAuthenticatorWrappingKEKOptions, bU as EnrollRecoveryResult, bV as ExportCapability, bW as ExportChunk, bX as ExportFormat, bY as ExportStreamOptions, bZ as FactorKind, b_ as FactorProofBundle, b$ as FactorRequirement, c0 as FieldDescriptor, c1 as FieldSource, c2 as GhostRecord, c3 as GrantOptions, ai as GuardChange, aj as GuardContext, ah as GuardStrategy, al as GuardStrategyHandle, c4 as HistoryConfig, c5 as HistoryEntry, aP as HistoryOptions, e as I18nTextDescriptor, f as I18nTextOptions, c6 as INDEXED_STORE_POLICY, c7 as ImportCapability, c8 as InferOutput, c9 as InternalCollectionStats, ca as IssueDelegationOptions, cb as IssueMagicLinkGrantOptions, aW as JsonPatch, aX as JsonPatchOp, cc as KeyringAuthenticator, cd as KeyringAuthenticatorWrappingDEKs, ce as KeyringAuthenticatorWrappingKEK, cf as KeyringFile, aY as LedgerEntry, aZ as LedgerStore, cg as ListAccessibleVaultsOptions, ch as ListPageResult, ci as ListUsersOptions, cj as LiveUserEnvelope, ck as LocaleReadOptions, cl as Lru, cm as LruOptions, cn as LruStats, co as MAGIC_LINK_CONTENT_INFO_PREFIX, cp as MAGIC_LINK_GRANTS_COLLECTION, cq as MAGIC_LINK_KEK_INFO_PREFIX, cr as MagicLinkGrantPayload, cs as MagicLinkGrantRecord, bd as MaterializedFromMeta, ct as MaterializedViewDescriptor, be as MaterializedViewOutput, aE as MaterializedViewStrategy, aF as MaterializedViewStrategyHandle, cu as MemorySealingKeyProvider, cv as NOYDB_BACKUP_VERSION, cw as NOYDB_FORMAT_VERSION, cx as NOYDB_KEYRING_VERSION, cy as NOYDB_SYNC_VERSION, cz as Noydb, cA as NoydbBundleStore, cB as NoydbEventMap, cC as NoydbOptions, a8 as OpenPeriodOptions, aC as OutputSpec, cD as OverlayViewDescriptor, aG as OverlayedViewStrategy, aJ as OverlayedViewStrategyHandle, a9 as PERIODS_COLLECTION, cE as PUBLIC_ENVELOPE_FIELDS, cF as PaperRecoveryDoc, cG as PaperRecoveryEntry, cH as PassphrasePolicy, cI as PassphraseValidationResult, aa as PeriodRecord, cJ as Permission, cK as Permissions, cL as PersistedSchemaKind, cM as PlaintextTranslatorContext, cN as PlaintextTranslatorFn, P as PolicyEnforcer, cO as PresenceHandle, cP as PresencePeer, aR as PruneOptions, cQ as PublicEnvelopeField, cR as PublicEnvelopeSchema, cS as PublicEnvelopeText, cT as PullMode, cU as PullOptions, cV as PullPolicy, cW as PullResult, cX as PushMode, cY as PushOptions, cZ as PushPolicy, c_ as PushResult, c$ as PutManyItemOptions, d0 as PutManyOptions, d1 as PutManyResult, d2 as QueryAcrossOptions, d3 as QueryAcrossResult, d4 as QuickUnlockState, d5 as QuickUnlockStore, d6 as ReAuthOperation, aD as RecordOutputSpec, d7 as RecoverPassphraseInput, d8 as RecoverPassphraseResult, d9 as RecoverUserOptions, da as RecoveryProof, db as ResolvedPublicEnvelopeSchema, dc as RevokeOptions, aL as Role, dd as RotatePassphraseInput, de as RotateRecoveryOptions, df as RotateRecoveryResult, dg as SEALED_PASSPHRASE_RECORD_ID, dh as SealedEnvelope, di as SealedPassphrase, dj as SealingKeyProvider, dk as SessionPolicy, dl as SetPublicEnvelopeInput, dm as ShamirRecoveryDoc, dn as ShamirRecoveryEntry, dp as ShamirRecoveryProvider, U as SlotInfo, V as SlotRecord, dq as SlotRewrapCeremony, dr as SlotRewrapContext, ds as StandardSchemaV1, dt as StandardSchemaV1Issue, du as StandardSchemaV1SyncResult, dv as StoreAuth, dw as StoreAuthKind, dx as StoreCapabilities, dy as SyncEngine, dz as SyncMetadata, dA as SyncPolicy, dB as SyncScheduler, dC as SyncSchedulerStatus, dD as SyncStatus, dE as SyncTarget, dF as SyncTargetRole, dG as SyncTransaction, dH as SyncTransactionResult, dI as TierMode, dJ as TranslatorAuditEntry, as as TxCollection, at as TxContext, dK as TxOp, au as TxVault, dL as USER_ENVELOPE_COLLECTION, dM as USER_ENVELOPE_MAX_BYTES, bf as UnionSource, dN as Unsubscribe, dO as UpdateAuthenticatorOptions, dP as UpdateUserOptions, dQ as UserApi, dR as UserEnvelopeCheckGate, dS as UserEnvelopeOversizedError, dT as UserEnvelopePresented, dU as UserInfo, dV as VaultBackup, a_ as VaultEngine, ap as VaultFrame, a$ as VaultInstant, dW as VaultPolicyOnDisk, dX as VaultSchemaSnapshot, dY as VaultSnapshot, b0 as VerifyResult, W as VersionRecord, dZ as WarningRules, d_ as WeakPassphraseError, d$ as WeakPassphraseReason, e0 as WrappedDeksBlob, g as applyI18nLocale, b1 as applyPatch, e1 as assertStrongPassphrase, e2 as buildRecipientKeyringFile, e3 as burnPaperRecoveryEntry, b2 as canonicalJson, b3 as computePatch, n as createEnforcer, e4 as createNoydb, e5 as createStore, e6 as deriveMagicLinkContentKey, h as dictCollectionName, i as dictKey, b4 as diff, e7 as enrollAuthenticator, e8 as estimateEntropy, e9 as evaluateExportCapability, ea as evaluateImportCapability, eb as findAuthenticator, b5 as formatDiff, ec as hasExportCapability, ed as hasImportCapability, ee as hasRecoveryEnrolled, b6 as hashEntry, j as i18nText, k as isDictCollectionName, l as isDictKeyDescriptor, m as isI18nTextDescriptor, ef as isMagicLinkGrantExpired, eg as isPublicEnvelope, eh as issueDelegation, ei as keyringRecoverPassphrase, ej as keyringRotatePassphrase, ek as listMagicLinkGrants, el as listUsers, em as listUsersWithEnvelopes, en as loadActiveDelegations, eo as loadPaperRecoveryEntries, ep as loadSealedPassphrase, eq as loadShamirRecoveryEntries, er as magicLinkGrantRecordId, es as mintPaperRecoveryEntry, et as mintShamirRecoveryEntry, eu as mintWrappedDeksBlob, b7 as paddedIndex, b8 as parseIndex, ev as parseSealedEnvelope, ew as readMagicLinkGrantRecord, ex as recoverUser, ey as removeAuthenticator, r as resolveI18nText, ez as resolvePublicEnvelopeSchema, eA as revokeDelegation, eB as revokeMagicLinkGrant, av as runTransaction, eC as savePaperRecoveryEntries, eD as saveSealedPassphrase, eE as saveShamirRecoveryEntries, b9 as sha256Hex, eF as unwrapDeksFromBlob, eG as unwrapDeksFromPaperEntry, eH as unwrapDeksFromShamirEntry, eI as unwrapMagicLinkGrant, v as validateI18nTextValue, eJ as validatePassphrase, eK as validatePublicEnvelopeInput, eL as validateSchemaInput, eM as validateSchemaOutput, o as validateSessionPolicy, eN as writeMagicLinkGrant } from './types-C4lwMKKF.cjs';
1
+ import { aO as NoydbStore, bo as UserEnvelope, ba as PublicEnvelope, bp as GateName, bq as GatePolicy, br as VaultPolicy, bs as ActiveTier, bt as FactorProof, bu as SchemaUpdateStrategy, bv as TransformFn, bw as PersistedSchemaEnvelope, bx as UpdateDecision, by as DirectoryConfig, bz as UserVisibility, aM as UnlockedKeyring, bf as Vault, aV as DiffEntry } from './types-CSLcfytP.cjs';
2
+ export { bA as AccessibleVault, bB as AffectedDocument, aS as AppendInput, ay as ArrayOutputSpec, p as BLOB_CHUNKS_COLLECTION, q as BLOB_COLLECTION, t as BLOB_INDEX_COLLECTION, u as BLOB_SLOTS_PREFIX, w as BLOB_VERSIONS_PREFIX, bC as BUNDLE_STORE_POLICY, A as BlobObject, C as BlobPutOptions, E as BlobResponseOptions, F as BlobSet, bD as BuiltInGateName, bc as BundleRecipient, _ as CONSENT_AUDIT_COLLECTION, bE as CacheOptions, bF as CacheStats, bG as ChangeEvent, aT as ChangeType, a7 as ClosePeriodOptions, aH as Collection, bH as CollectionChangeEvent, bI as CollectionConflictResolver, bJ as CollectionDescriptor, ao as CollectionFrame, aU as CollectionInstant, bK as CollectionStats, bL as Conflict, bM as ConflictPolicy, bN as ConflictStrategy, $ as ConsentAuditEntry, a0 as ConsentAuditFilter, a1 as ConsentContext, a2 as ConsentOp, bO as CrossTierAccessEvent, L as DEFAULT_CHUNK_SIZE, bP as DEFAULT_PUBLIC_ENVELOPE_SCHEMA, bQ as DELEGATIONS_COLLECTION, D as DICT_COLLECTION_PREFIX, bR as DeepPartial, bS as DeepPartialOrNull, bT as DelegationToken, bU as DeleteManyResult, bV as DerivationDescriptor, aw as DerivationStrategy, aA as DerivationStrategyHandle, aB as DerivedFromMeta, a as DictEntry, b as DictKeyDescriptor, c as DictionaryHandle, d as DictionaryOptions, bW as DirtyEntry, bX as DryRunResult, bY as DumpSchemaOptions, bZ as ELEVATION_AUDIT_COLLECTION, b_ as ElevatedHandle, aQ as EncryptedEnvelope, b$ as EnrollAuthenticatorOptions, c0 as EnrollAuthenticatorWrappingDEKsOptions, c1 as EnrollAuthenticatorWrappingKEKOptions, c2 as EnrollRecoveryResult, c3 as ExportCapability, c4 as ExportChunk, c5 as ExportFormat, c6 as ExportStreamOptions, c7 as FactorKind, c8 as FactorProofBundle, c9 as FactorRequirement, ca as FenceDoc, cb as FenceState, cc as FieldChange, cd as FieldDescriptor, ce as FieldSource, cf as GhostRecord, cg as GrantOptions, ai as GuardChange, aj as GuardContext, ah as GuardStrategy, al as GuardStrategyHandle, ch as GuardViolation, ci as HistoryConfig, cj as HistoryEntry, aP as HistoryOptions, e as I18nTextDescriptor, f as I18nTextOptions, ck as INDEXED_STORE_POLICY, cl as ImportCapability, cm as InferOutput, cn as InternalCollectionStats, co as IssueDelegationOptions, cp as IssueMagicLinkGrantOptions, aW as JsonPatch, aX as JsonPatchOp, cq as KeyringAuthenticator, cr as KeyringAuthenticatorWrappingDEKs, cs as KeyringAuthenticatorWrappingKEK, ct as KeyringFile, aY as LedgerEntry, aZ as LedgerStore, cu as ListAccessibleVaultsOptions, cv as ListPageResult, cw as ListUsersOptions, cx as LiveUserEnvelope, cy as LocaleReadOptions, cz as Lru, cA as LruOptions, cB as LruStats, cC as MAGIC_LINK_CONTENT_INFO_PREFIX, cD as MAGIC_LINK_GRANTS_COLLECTION, cE as MAGIC_LINK_KEK_INFO_PREFIX, cF as MagicLinkGrantPayload, cG as MagicLinkGrantRecord, bl as MaterializedFromMeta, cH as MaterializedViewDescriptor, bm as MaterializedViewOutput, aE as MaterializedViewStrategy, aF as MaterializedViewStrategyHandle, cI as MemoryRecipientSealer, cJ as MemorySealingKeyProvider, cK as NOYDB_BACKUP_VERSION, cL as NOYDB_FORMAT_VERSION, cM as NOYDB_KEYRING_VERSION, cN as NOYDB_SYNC_VERSION, cO as Noydb, cP as NoydbBundleStore, cQ as NoydbEventMap, cR as NoydbOptions, a8 as OpenPeriodOptions, aC as OutputSpec, cS as OverlayViewDescriptor, aG as OverlayedViewStrategy, aJ as OverlayedViewStrategyHandle, a9 as PERIODS_COLLECTION, cT as PUBLIC_ENVELOPE_FIELDS, cU as PaperRecoveryDoc, cV as PaperRecoveryEntry, cW as PassphrasePolicy, cX as PassphraseValidationResult, aa as PeriodRecord, cY as Permission, cZ as Permissions, c_ as PersistedSchemaKind, c$ as PlaintextTranslatorContext, d0 as PlaintextTranslatorFn, P as PolicyEnforcer, d1 as PresenceHandle, d2 as PresencePeer, aR as PruneOptions, d3 as PublicEnvelopeField, d4 as PublicEnvelopeSchema, d5 as PublicEnvelopeText, d6 as PullMode, d7 as PullOptions, d8 as PullPolicy, d9 as PullResult, da as PushMode, db as PushOptions, dc as PushPolicy, dd as PushResult, de as PutManyItemOptions, df as PutManyOptions, dg as PutManyResult, dh as QueryAcrossOptions, di as QueryAcrossResult, dj as QuickUnlockState, dk as QuickUnlockStore, dl as ReAuthOperation, be as RecipientHint, bd as RecipientSealer, aD as RecordOutputSpec, dm as RecoverPassphraseInput, dn as RecoverPassphraseResult, dp as RecoverUserOptions, dq as RecoveryProof, dr as ResolvedPublicEnvelopeSchema, ds as RevokeOptions, aL as Role, dt as RotatePassphraseInput, du as RotateRecoveryOptions, dv as RotateRecoveryResult, dw as SEALED_PASSPHRASE_RECORD_ID, dx as SchemaDelta, dy as SchemaIntrospection, dz as SealedEnvelope, dA as SealedPassphrase, bb as SealingKeyProvider, dB as SessionPolicy, dC as SetPublicEnvelopeInput, dD as ShamirRecoveryDoc, dE as ShamirRecoveryEntry, bh as ShamirRecoveryProvider, U as SlotInfo, V as SlotRecord, dF as SlotRewrapCeremony, dG as SlotRewrapContext, dH as StandardSchemaV1, dI as StandardSchemaV1Issue, dJ as StandardSchemaV1SyncResult, dK as StoreAuth, dL as StoreAuthKind, dM as StoreCapabilities, dN as SyncEngine, dO as SyncMetadata, dP as SyncPolicy, dQ as SyncScheduler, dR as SyncSchedulerStatus, dS as SyncStatus, dT as SyncTarget, dU as SyncTargetRole, dV as SyncTransaction, dW as SyncTransactionResult, dX as TabChannel, dY as TabCoordinationOptions, dZ as TabLockManager, d_ as TabPresence, d$ as TabRole, e0 as TierMode, e1 as TranslatorAuditEntry, as as TxCollection, at as TxContext, e2 as TxOp, au as TxVault, e3 as USER_ENVELOPE_COLLECTION, e4 as USER_ENVELOPE_MAX_BYTES, bn as UnionSource, e5 as Unsubscribe, e6 as UpdateAuthenticatorOptions, e7 as UpdateContext, e8 as UpdateUserOptions, e9 as UserApi, ea as UserEnvelopeCheckGate, eb as UserEnvelopeOversizedError, ec as UserEnvelopePresented, ed as UserInfo, ee as VaultBackup, a_ as VaultEngine, ap as VaultFrame, a$ as VaultInstant, ef as VaultPolicyOnDisk, eg as VaultSchemaSnapshot, eh as VaultSnapshot, b0 as VerifyResult, W as VersionRecord, ei as WarningRules, ej as WeakPassphraseError, ek as WeakPassphraseReason, el as WrappedDeksBlob, em as WriteConflict, en as WriteEvent, eo as WriteHook, ep as WriteQueue, g as applyI18nLocale, b1 as applyPatch, eq as assertStrongPassphrase, er as buildRecipientKeyringFile, es as burnPaperRecoveryEntry, b2 as canonicalJson, b3 as computePatch, n as createEnforcer, et as createNoydb, eu as createStore, ev as deriveMagicLinkContentKey, h as dictCollectionName, i as dictKey, b4 as diff, ew as enrollAuthenticator, ex as estimateEntropy, ey as evaluateExportCapability, ez as evaluateImportCapability, eA as findAuthenticator, b5 as formatDiff, eB as hasExportCapability, eC as hasImportCapability, eD as hasRecoveryEnrolled, b6 as hashEntry, j as i18nText, k as isDictCollectionName, l as isDictKeyDescriptor, m as isI18nTextDescriptor, eE as isMagicLinkGrantExpired, eF as isPublicEnvelope, eG as issueDelegation, eH as keyringRecoverPassphrase, eI as keyringRotatePassphrase, eJ as listMagicLinkGrants, eK as listUsers, eL as listUsersWithEnvelopes, eM as loadActiveDelegations, eN as loadPaperRecoveryEntries, eO as loadSealedPassphrase, eP as loadShamirRecoveryEntries, eQ as magicLinkGrantRecordId, eR as mintPaperRecoveryEntry, eS as mintShamirRecoveryEntry, eT as mintWrappedDeksBlob, b7 as paddedIndex, b8 as parseIndex, eU as parseSealedEnvelope, eV as readMagicLinkGrantRecord, eW as recoverUser, eX as removeAuthenticator, r as resolveI18nText, eY as resolvePublicEnvelopeSchema, eZ as revokeDelegation, e_ as revokeMagicLinkGrant, av as runTransaction, e$ as savePaperRecoveryEntries, f0 as saveSealedPassphrase, f1 as saveShamirRecoveryEntries, b9 as sha256Hex, f2 as unwrapDeksFromBlob, f3 as unwrapDeksFromPaperEntry, f4 as unwrapDeksFromShamirEntry, f5 as unwrapMagicLinkGrant, v as validateI18nTextValue, f6 as validatePassphrase, f7 as validatePublicEnvelopeInput, f8 as validateSchemaInput, f9 as validateSchemaOutput, o as validateSessionPolicy, fa as writeMagicLinkGrant } from './types-CSLcfytP.cjs';
3
3
  export { d as detectMagic, a as detectMimeType, i as isPreCompressed } from './mime-magic-CBBSOkjm.cjs';
4
4
  export { AgeRoute, BlobLifecyclePolicy, BlobStoreRoute, CircuitBreakerOptions, HealthCheckOptions, LogLevel, LoggingOptions, MetricsOptions, OverrideOptions, OverrideTarget, RetryOptions, RouteStatus, RouteStoreOptions, RoutedNoydbStore, StoreCacheOptions, StoreMiddleware, StoreOperation, SuspendOptions, WrapBundleStoreOptions, WrappedBundleNoydbStore, createBundleStore, routeStore, withCache, withCircuitBreaker, withHealthCheck, withLogging, withMetrics, withRetry, wrapBundleStore, wrapStore } from './store/index.cjs';
5
- import { N as NoydbError } from './index-CmVgTkqk.cjs';
6
- export { q as AlreadyElevatedError, A as AmendmentForbiddenError, B as BackupCorruptedError, r as BackupLedgerError, s as BundleIntegrityError, t as BundleSealMismatchError, u as BundleVersionConflictError, C as ConflictError, v as DEFAULT_JOIN_MAX_ROWS, w as DanglingReferenceError, x as DecryptionError, y as DelegationTargetMissingError, e as DerivationCapExceededError, f as DerivationCycleError, g as DerivationDepthError, h as DerivationOutputShapeError, i as DerivationOutputUnknownError, D as DictKeyInUseError, a as DictKeyMissingError, z as DirectoryDisabledError, E as ElevationExpiredError, G as ExportCapabilityError, F as FieldFrozenError, H as FilenameSanitizationError, J as GroupCardinalityError, K as ImportCapabilityError, P as IndexRequiredError, U as IndexWriteFailureError, V as InvalidKeyError, I as InvariantError, W as JoinContext, X as JoinLeg, Y as JoinStrategy, Z as JoinTooLargeError, _ as JoinableSource, $ as KeyringCorruptError, a0 as KeyringExpiredError, a1 as LedgerContentionError, a2 as LiveQuery, a3 as LiveUpstream, L as LocaleNotSpecifiedError, m as MaterializedViewConfigError, n as MaterializedViewCycleError, o as MaterializedViewSourceUnknownError, p as MaterializedViewTooLargeError, M as MissingTranslationError, a4 as NetworkError, a5 as NoAccessError, a6 as NotFoundError, a7 as OrderBy, O as OverlayBaseIsVirtualError, j as OverlayCollectionUnavailableError, k as OverlayIdMismatchError, l as OverlayNameCollisionError, a8 as PathEscapeError, a9 as PeriodClosedError, aa as PermissionDeniedError, ab as PrivilegeEscalationError, Q as Query, ac as QueryPlan, ad as QuerySource, ae as ReadOnlyAtInstantError, af as ReadOnlyError, ag as ReadOnlyFrameError, d as RecordLockedError, ah as RefDescriptor, ai as RefIntegrityError, aj as RefMode, ak as RefRegistry, al as RefScopeError, am as RefViolation, R as ReservedCollectionNameError, an as ScanBuilder, ao as ScanPageProvider, ap as SchemaValidationError, S as SessionExpiredError, b as SessionNotFoundError, c as SessionPolicyError, aq as StoreCapabilityError, ar as TamperedError, as as TierDemoteDeniedError, at as TierNotGrantedError, T as TranslatorNotConfiguredError, au as ValidationError, av as applyJoins, aw as buildLiveQuery, ax as executePlan, ay as ref, az as resetJoinWarnings } from './index-CmVgTkqk.cjs';
7
- export { A as AutoCredential, a as AutoCredentialKind, C as CompressionAlgo, N as NOYDB_BUNDLE_FORMAT_VERSION, b as NOYDB_BUNDLE_MAGIC, c as NOYDB_BUNDLE_PREFIX_BYTES, d as NoydbBundleHeader, e as NoydbBundleReadResult, R as ReadNoydbBundleOptions, W as WriteNoydbBundleOptions, g as generateULID, h as hasNoydbBundleMagic, i as isULID, r as readNoydbBundle, f as readNoydbBundleHeader, j as readNoydbBundlePublicEnvelope, k as resetBrotliSupportCache, w as writeNoydbBundle } from './index-hdFvZkBP.cjs';
5
+ import { N as NoydbError } from './index-DVkvrgpm.cjs';
6
+ export { x as AlreadyElevatedError, A as AmendmentForbiddenError, m as AttestationError, B as BackupCorruptedError, o as BackupLedgerError, p as BundleIntegrityError, q as BundleSealMismatchError, r as BundleVersionConflictError, C as ConflictError, y as DEFAULT_JOIN_MAX_ROWS, z as DanglingReferenceError, E as DecryptionError, G as DelegationTargetMissingError, e as DerivationCapExceededError, f as DerivationCycleError, g as DerivationDepthError, h as DerivationOutputShapeError, i as DerivationOutputUnknownError, D as DictKeyInUseError, a as DictKeyMissingError, H as DirectoryDisabledError, J as ElevationExpiredError, K as ExportCapabilityError, F as FieldFrozenError, U as FilenameSanitizationError, V as GroupCardinalityError, W as ImportCapabilityError, X as IndexRequiredError, Y as IndexWriteFailureError, Z as InvalidKeyError, I as InvariantError, _ as JoinContext, $ as JoinLeg, a0 as JoinStrategy, a1 as JoinTooLargeError, a2 as JoinableSource, a3 as KeyringCorruptError, a4 as KeyringExpiredError, a5 as LedgerContentionError, a6 as LiveQuery, a7 as LiveUpstream, L as LocaleNotSpecifiedError, t as MaterializedViewConfigError, u as MaterializedViewCycleError, v as MaterializedViewSourceUnknownError, w as MaterializedViewTooLargeError, a8 as MigrationRequiredError, M as MissingTranslationError, a9 as NetworkError, aa as NoAccessError, ab as NonAdditiveSchemaChangeError, ac as NotFoundError, ad as OrderBy, O as OverlayBaseIsVirtualError, j as OverlayCollectionUnavailableError, k as OverlayIdMismatchError, l as OverlayNameCollisionError, ae as PathEscapeError, af as PeriodClosedError, ag as PermissionDeniedError, ah as PrivilegeEscalationError, Q as Query, ai as QueryPlan, aj as QuerySource, ak as QuiesceTimeoutError, al as ReadOnlyAtInstantError, am as ReadOnlyError, an as ReadOnlyFrameError, d as RecordLockedError, ao as RefDescriptor, ap as RefIntegrityError, aq as RefMode, ar as RefRegistry, as as RefScopeError, at as RefViolation, R as ReservedCollectionNameError, au as ScanBuilder, av as ScanPageProvider, aw as SchemaFenceError, ax as SchemaLockedError, ay as SchemaUpdateError, az as SchemaValidationError, S as SessionExpiredError, b as SessionNotFoundError, c as SessionPolicyError, aA as StoreCapabilityError, aB as TamperedError, aC as TierDemoteDeniedError, aD as TierNotGrantedError, T as TranslatorNotConfiguredError, aE as ValidationError, aF as applyJoins, aG as buildLiveQuery, aH as executePlan, aI as ref, aJ as resetJoinWarnings } from './index-DVkvrgpm.cjs';
7
+ export { A as AutoCredential, n as AutoCredentialKind, c as CompressionAlgo, N as NOYDB_BUNDLE_FORMAT_VERSION, e as NOYDB_BUNDLE_MAGIC, f as NOYDB_BUNDLE_PREFIX_BYTES, g as NoydbBundleHeader, h as NoydbBundleReadResult, R as ReadNoydbBundleOptions, W as WriteNoydbBundleOptions, j as generateULID, o as hasNoydbBundleMagic, k as isULID, r as readNoydbBundle, l as readNoydbBundleHeader, p as readNoydbBundlePublicEnvelope, m as resetBrotliSupportCache, w as writeNoydbBundle } from './ulid-CG2YvAbg.cjs';
8
8
  export { a as CrdtMode, b as CrdtState, L as LwwMapState, R as RgaState, Y as YjsState, m as mergeCrdtStates, r as resolveCrdtSnapshot } from './strategy-BSxFXGzb.cjs';
9
- export { w as withGuard } from './with-guard-jI1x9Z3k.cjs';
10
- export { w as withDerivation } from './with-derivation-C8LDlV7t.cjs';
11
- export { w as withMaterializedView } from './with-materialized-view-DcTx4H3j.cjs';
9
+ export { w as withGuard } from './with-guard-DF_Ul3DT.cjs';
10
+ export { w as withDerivation } from './with-derivation-DWajFh4K.cjs';
11
+ export { w as withMaterializedView } from './with-materialized-view-_piodoIz.cjs';
12
12
  export { a as Clause, C as CollectionIndexes, F as FieldClause, b as FilterClause, G as GroupClause, H as HashIndex, I as IndexDef, O as Operator, e as evaluateClause, c as evaluateFieldClause, r as readPath } from './predicate-Dnu81tsS.cjs';
13
- export { w as withOverlayedView } from './with-overlayed-view-D-6oWAgM.cjs';
13
+ export { w as withOverlayedView } from './with-overlayed-view-DwzCKxn2.cjs';
14
14
  export { SYNC_CREDENTIALS_COLLECTION, SyncCredential, credentialStatus, deleteCredential, getCredential, listCredentials, putCredential } from './team/index.cjs';
15
- export { C as CreateSessionOptions, a as CreateSessionResult, D as DevUnlockOptions, S as SessionToken, b as activeSessionCount, c as clearDevUnlock, d as createSession, e as enableDevUnlock, i as isDevUnlockActive, f as isSessionAlive, l as loadDevUnlock, r as resolveSession, g as revokeAllSessions, h as revokeSession } from './dev-unlock-DRwVSy2S.cjs';
15
+ export { C as CreateSessionOptions, a as CreateSessionResult, D as DevUnlockOptions, S as SessionToken, b as activeSessionCount, c as clearDevUnlock, d as createSession, e as enableDevUnlock, i as isDevUnlockActive, f as isSessionAlive, l as loadDevUnlock, r as resolveSession, g as revokeAllSessions, h as revokeSession } from './dev-unlock-De3mjQWv.cjs';
16
16
  export { a as AggregateResult, b as AggregateSpec, c as Aggregation, d as AggregationUpstream, G as GROUPBY_MAX_CARDINALITY, e as GROUPBY_WARN_CARDINALITY, f as GroupedAggregation, g as GroupedQuery, h as GroupedQueryN, i as GroupedRow, j as GroupedRowN, L as LiveAggregation, R as Reducer, k as ReducerOptions, l as avg, n as count, o as groupAndReduce, p as max, q as min, r as reduceRecords, t as sum } from './strategy-DSTrsZ8t.cjs';
17
- export { L as LEDGER_COLLECTION, a as LEDGER_DELTAS_COLLECTION, e as envelopePayloadHash } from './hash-DtRih9MQ.cjs';
17
+ export { L as LEDGER_COLLECTION, a as LEDGER_DELTAS_COLLECTION, e as envelopePayloadHash } from './hash-vBCB0-Ps.cjs';
18
18
  import './lazy-builder-C-rPfWG0.cjs';
19
+ import '@noy-db/attestation';
19
20
 
20
21
  /**
21
22
  * Persistence helpers for per-principal user envelopes stored at
@@ -338,6 +339,24 @@ declare function loadVaultPolicy(store: NoydbStore, vault: string): Promise<Vaul
338
339
  */
339
340
  declare function saveVaultPolicy(store: NoydbStore, vault: string, policy: VaultPolicy): Promise<void>;
340
341
 
342
+ /** Allow any schema change. Explicit blind / back-compat. */
343
+ declare function blindUpdate(): SchemaUpdateStrategy;
344
+ /** Allow additive changes; reject non-additive ones. The safety backstop. */
345
+ declare function additiveOnly(): SchemaUpdateStrategy;
346
+ /**
347
+ * Reject schema changes. With `fields`, reject only when one of those
348
+ * fields is added/removed/changed; otherwise reject any non-`none` delta.
349
+ */
350
+ declare function lockSchema(opts?: {
351
+ readonly fields?: readonly string[];
352
+ }): SchemaUpdateStrategy;
353
+
354
+ /** The coordinatedCutover update strategy (#232, single-step — no from/to). */
355
+
356
+ declare function coordinatedCutover(opts: {
357
+ readonly transform: TransformFn;
358
+ }): SchemaUpdateStrategy;
359
+
341
360
  /**
342
361
  * Derive a {@link PersistedSchemaEnvelope} from a Standard Schema v1
343
362
  * validator. v0 supports Zod via `zod-to-json-schema` (optional peer-dep);
@@ -412,6 +431,8 @@ interface PersistSchemaResult {
412
431
  readonly skipped: boolean;
413
432
  /** The envelope that was either written or matched. */
414
433
  readonly envelope: PersistedSchemaEnvelope;
434
+ /** The update-strategy decision, present when strategies ran (#245). */
435
+ readonly decision?: UpdateDecision;
415
436
  }
416
437
  declare function persistSchemaIfNeeded(opts: {
417
438
  readonly store: NoydbStore;
@@ -419,6 +440,7 @@ declare function persistSchemaIfNeeded(opts: {
419
440
  readonly collectionName: string;
420
441
  readonly validator: unknown;
421
442
  readonly dek: CryptoKey;
443
+ readonly strategies?: readonly SchemaUpdateStrategy[];
422
444
  }): Promise<PersistSchemaResult>;
423
445
 
424
446
  /**
@@ -753,4 +775,4 @@ type DiffCandidate<T = unknown> = Vault | Record<string, readonly T[]> | string;
753
775
  */
754
776
  declare function diffVault<T = unknown>(vault: Vault, candidate: DiffCandidate<T>, options?: DiffOptions): Promise<VaultDiff<T>>;
755
777
 
756
- export { ActiveTier, type CheckGateContext, DEFAULT_FRESHNESS_MS, DIRECTORY_RECORD_ID, type DiffCandidate, DiffEntry, type DiffOptions, DirectoryConfig, FactorProof, GateName, GatePolicy, META_COLLECTION, ManagedRecoveryNotEnrolledError, NoydbError, NoydbStore, PERSONAL_POLICY, POLICY_RECORD_ID, PUBLIC_ENVELOPE_RECORD_ID, type PersistSchemaResult, PersistedSchemaEnvelope, PolicyDeniedError, type PolicyDenyReason, PublicEnvelope, RecoveryNotEnrolledError, RecoveryProfileNotImplementedError, SCHEMAS_COLLECTION, STRICT_POLICY, UnlockedKeyring, UserEnvelope, UserVisibility, VISIBILITY_RECORD_PREFIX, Vault, type VaultDiff, type VaultDiffEntry, type VaultDiffModifiedEntry, VaultPolicy, assertTierAccess, base64ToBuffer, bufferToBase64, checkGate, decryptBytes, decryptDeterministic, dekKey, deleteUserEnvelope, deleteUserVisibility, derivePersistedSchema, derivePresenceKey, describeAllUsersAuth, describeAuthConfig, describeGate, describeUserAuth, diagramAuthConfig, diffVault, effectiveClearance, encryptBytes, encryptDeterministic, estimateRecordBytes, isZodSchema, listUserEnvelopeIds, loadPersistedSchema, loadPublicEnvelope, loadUserEnvelope, loadVaultPolicy, mergePolicy, parseBytes, persistDirectoryConfig, persistSchemaIfNeeded, persistUserVisibility, readDirectoryConfig, readPublicEnvelope, readUserVisibility, savePersistedSchema, savePublicEnvelope, saveUserEnvelope, saveVaultPolicy, visibilityRecordId };
778
+ export { ActiveTier, type CheckGateContext, DEFAULT_FRESHNESS_MS, DIRECTORY_RECORD_ID, type DiffCandidate, DiffEntry, type DiffOptions, DirectoryConfig, FactorProof, GateName, GatePolicy, META_COLLECTION, ManagedRecoveryNotEnrolledError, NoydbError, NoydbStore, PERSONAL_POLICY, POLICY_RECORD_ID, PUBLIC_ENVELOPE_RECORD_ID, type PersistSchemaResult, PersistedSchemaEnvelope, PolicyDeniedError, type PolicyDenyReason, PublicEnvelope, RecoveryNotEnrolledError, RecoveryProfileNotImplementedError, SCHEMAS_COLLECTION, STRICT_POLICY, SchemaUpdateStrategy, UnlockedKeyring, UpdateDecision, UserEnvelope, UserVisibility, VISIBILITY_RECORD_PREFIX, Vault, type VaultDiff, type VaultDiffEntry, type VaultDiffModifiedEntry, VaultPolicy, additiveOnly, assertTierAccess, base64ToBuffer, blindUpdate, bufferToBase64, checkGate, coordinatedCutover, decryptBytes, decryptDeterministic, dekKey, deleteUserEnvelope, deleteUserVisibility, derivePersistedSchema, derivePresenceKey, describeAllUsersAuth, describeAuthConfig, describeGate, describeUserAuth, diagramAuthConfig, diffVault, effectiveClearance, encryptBytes, encryptDeterministic, estimateRecordBytes, isZodSchema, listUserEnvelopeIds, loadPersistedSchema, loadPublicEnvelope, loadUserEnvelope, loadVaultPolicy, lockSchema, mergePolicy, parseBytes, persistDirectoryConfig, persistSchemaIfNeeded, persistUserVisibility, readDirectoryConfig, readPublicEnvelope, readUserVisibility, savePersistedSchema, savePublicEnvelope, saveUserEnvelope, saveVaultPolicy, visibilityRecordId };
package/dist/index.d.ts CHANGED
@@ -1,21 +1,22 @@
1
- import { aO as NoydbStore, bg as UserEnvelope, bh as PublicEnvelope, bi as GateName, bj as GatePolicy, bk as VaultPolicy, bl as ActiveTier, bm as FactorProof, bn as PersistedSchemaEnvelope, bo as DirectoryConfig, bp as UserVisibility, aM as UnlockedKeyring, bq as Vault, aV as DiffEntry } from './types-DW9RGSSs.js';
2
- export { br as AccessibleVault, aS as AppendInput, ay as ArrayOutputSpec, p as BLOB_CHUNKS_COLLECTION, q as BLOB_COLLECTION, t as BLOB_INDEX_COLLECTION, u as BLOB_SLOTS_PREFIX, w as BLOB_VERSIONS_PREFIX, bs as BUNDLE_STORE_POLICY, A as BlobObject, C as BlobPutOptions, E as BlobResponseOptions, F as BlobSet, bt as BuiltInGateName, bu as BundleRecipient, _ as CONSENT_AUDIT_COLLECTION, bv as CacheOptions, bw as CacheStats, bx as ChangeEvent, aT as ChangeType, a7 as ClosePeriodOptions, aH as Collection, by as CollectionChangeEvent, bz as CollectionConflictResolver, bA as CollectionDescriptor, ao as CollectionFrame, aU as CollectionInstant, bB as CollectionStats, bC as Conflict, bD as ConflictPolicy, bE as ConflictStrategy, $ as ConsentAuditEntry, a0 as ConsentAuditFilter, a1 as ConsentContext, a2 as ConsentOp, bF as CrossTierAccessEvent, L as DEFAULT_CHUNK_SIZE, bG as DEFAULT_PUBLIC_ENVELOPE_SCHEMA, bH as DELEGATIONS_COLLECTION, D as DICT_COLLECTION_PREFIX, bI as DeepPartial, bJ as DeepPartialOrNull, bK as DelegationToken, bL as DeleteManyResult, bM as DerivationDescriptor, aw as DerivationStrategy, aA as DerivationStrategyHandle, aB as DerivedFromMeta, a as DictEntry, b as DictKeyDescriptor, c as DictionaryHandle, d as DictionaryOptions, bN as DirtyEntry, bO as DumpSchemaOptions, bP as ELEVATION_AUDIT_COLLECTION, bQ as ElevatedHandle, aQ as EncryptedEnvelope, bR as EnrollAuthenticatorOptions, bS as EnrollAuthenticatorWrappingDEKsOptions, bT as EnrollAuthenticatorWrappingKEKOptions, bU as EnrollRecoveryResult, bV as ExportCapability, bW as ExportChunk, bX as ExportFormat, bY as ExportStreamOptions, bZ as FactorKind, b_ as FactorProofBundle, b$ as FactorRequirement, c0 as FieldDescriptor, c1 as FieldSource, c2 as GhostRecord, c3 as GrantOptions, ai as GuardChange, aj as GuardContext, ah as GuardStrategy, al as GuardStrategyHandle, c4 as HistoryConfig, c5 as HistoryEntry, aP as HistoryOptions, e as I18nTextDescriptor, f as I18nTextOptions, c6 as INDEXED_STORE_POLICY, c7 as ImportCapability, c8 as InferOutput, c9 as InternalCollectionStats, ca as IssueDelegationOptions, cb as IssueMagicLinkGrantOptions, aW as JsonPatch, aX as JsonPatchOp, cc as KeyringAuthenticator, cd as KeyringAuthenticatorWrappingDEKs, ce as KeyringAuthenticatorWrappingKEK, cf as KeyringFile, aY as LedgerEntry, aZ as LedgerStore, cg as ListAccessibleVaultsOptions, ch as ListPageResult, ci as ListUsersOptions, cj as LiveUserEnvelope, ck as LocaleReadOptions, cl as Lru, cm as LruOptions, cn as LruStats, co as MAGIC_LINK_CONTENT_INFO_PREFIX, cp as MAGIC_LINK_GRANTS_COLLECTION, cq as MAGIC_LINK_KEK_INFO_PREFIX, cr as MagicLinkGrantPayload, cs as MagicLinkGrantRecord, bd as MaterializedFromMeta, ct as MaterializedViewDescriptor, be as MaterializedViewOutput, aE as MaterializedViewStrategy, aF as MaterializedViewStrategyHandle, cu as MemorySealingKeyProvider, cv as NOYDB_BACKUP_VERSION, cw as NOYDB_FORMAT_VERSION, cx as NOYDB_KEYRING_VERSION, cy as NOYDB_SYNC_VERSION, cz as Noydb, cA as NoydbBundleStore, cB as NoydbEventMap, cC as NoydbOptions, a8 as OpenPeriodOptions, aC as OutputSpec, cD as OverlayViewDescriptor, aG as OverlayedViewStrategy, aJ as OverlayedViewStrategyHandle, a9 as PERIODS_COLLECTION, cE as PUBLIC_ENVELOPE_FIELDS, cF as PaperRecoveryDoc, cG as PaperRecoveryEntry, cH as PassphrasePolicy, cI as PassphraseValidationResult, aa as PeriodRecord, cJ as Permission, cK as Permissions, cL as PersistedSchemaKind, cM as PlaintextTranslatorContext, cN as PlaintextTranslatorFn, P as PolicyEnforcer, cO as PresenceHandle, cP as PresencePeer, aR as PruneOptions, cQ as PublicEnvelopeField, cR as PublicEnvelopeSchema, cS as PublicEnvelopeText, cT as PullMode, cU as PullOptions, cV as PullPolicy, cW as PullResult, cX as PushMode, cY as PushOptions, cZ as PushPolicy, c_ as PushResult, c$ as PutManyItemOptions, d0 as PutManyOptions, d1 as PutManyResult, d2 as QueryAcrossOptions, d3 as QueryAcrossResult, d4 as QuickUnlockState, d5 as QuickUnlockStore, d6 as ReAuthOperation, aD as RecordOutputSpec, d7 as RecoverPassphraseInput, d8 as RecoverPassphraseResult, d9 as RecoverUserOptions, da as RecoveryProof, db as ResolvedPublicEnvelopeSchema, dc as RevokeOptions, aL as Role, dd as RotatePassphraseInput, de as RotateRecoveryOptions, df as RotateRecoveryResult, dg as SEALED_PASSPHRASE_RECORD_ID, dh as SealedEnvelope, di as SealedPassphrase, dj as SealingKeyProvider, dk as SessionPolicy, dl as SetPublicEnvelopeInput, dm as ShamirRecoveryDoc, dn as ShamirRecoveryEntry, dp as ShamirRecoveryProvider, U as SlotInfo, V as SlotRecord, dq as SlotRewrapCeremony, dr as SlotRewrapContext, ds as StandardSchemaV1, dt as StandardSchemaV1Issue, du as StandardSchemaV1SyncResult, dv as StoreAuth, dw as StoreAuthKind, dx as StoreCapabilities, dy as SyncEngine, dz as SyncMetadata, dA as SyncPolicy, dB as SyncScheduler, dC as SyncSchedulerStatus, dD as SyncStatus, dE as SyncTarget, dF as SyncTargetRole, dG as SyncTransaction, dH as SyncTransactionResult, dI as TierMode, dJ as TranslatorAuditEntry, as as TxCollection, at as TxContext, dK as TxOp, au as TxVault, dL as USER_ENVELOPE_COLLECTION, dM as USER_ENVELOPE_MAX_BYTES, bf as UnionSource, dN as Unsubscribe, dO as UpdateAuthenticatorOptions, dP as UpdateUserOptions, dQ as UserApi, dR as UserEnvelopeCheckGate, dS as UserEnvelopeOversizedError, dT as UserEnvelopePresented, dU as UserInfo, dV as VaultBackup, a_ as VaultEngine, ap as VaultFrame, a$ as VaultInstant, dW as VaultPolicyOnDisk, dX as VaultSchemaSnapshot, dY as VaultSnapshot, b0 as VerifyResult, W as VersionRecord, dZ as WarningRules, d_ as WeakPassphraseError, d$ as WeakPassphraseReason, e0 as WrappedDeksBlob, g as applyI18nLocale, b1 as applyPatch, e1 as assertStrongPassphrase, e2 as buildRecipientKeyringFile, e3 as burnPaperRecoveryEntry, b2 as canonicalJson, b3 as computePatch, n as createEnforcer, e4 as createNoydb, e5 as createStore, e6 as deriveMagicLinkContentKey, h as dictCollectionName, i as dictKey, b4 as diff, e7 as enrollAuthenticator, e8 as estimateEntropy, e9 as evaluateExportCapability, ea as evaluateImportCapability, eb as findAuthenticator, b5 as formatDiff, ec as hasExportCapability, ed as hasImportCapability, ee as hasRecoveryEnrolled, b6 as hashEntry, j as i18nText, k as isDictCollectionName, l as isDictKeyDescriptor, m as isI18nTextDescriptor, ef as isMagicLinkGrantExpired, eg as isPublicEnvelope, eh as issueDelegation, ei as keyringRecoverPassphrase, ej as keyringRotatePassphrase, ek as listMagicLinkGrants, el as listUsers, em as listUsersWithEnvelopes, en as loadActiveDelegations, eo as loadPaperRecoveryEntries, ep as loadSealedPassphrase, eq as loadShamirRecoveryEntries, er as magicLinkGrantRecordId, es as mintPaperRecoveryEntry, et as mintShamirRecoveryEntry, eu as mintWrappedDeksBlob, b7 as paddedIndex, b8 as parseIndex, ev as parseSealedEnvelope, ew as readMagicLinkGrantRecord, ex as recoverUser, ey as removeAuthenticator, r as resolveI18nText, ez as resolvePublicEnvelopeSchema, eA as revokeDelegation, eB as revokeMagicLinkGrant, av as runTransaction, eC as savePaperRecoveryEntries, eD as saveSealedPassphrase, eE as saveShamirRecoveryEntries, b9 as sha256Hex, eF as unwrapDeksFromBlob, eG as unwrapDeksFromPaperEntry, eH as unwrapDeksFromShamirEntry, eI as unwrapMagicLinkGrant, v as validateI18nTextValue, eJ as validatePassphrase, eK as validatePublicEnvelopeInput, eL as validateSchemaInput, eM as validateSchemaOutput, o as validateSessionPolicy, eN as writeMagicLinkGrant } from './types-DW9RGSSs.js';
1
+ import { aO as NoydbStore, bo as UserEnvelope, ba as PublicEnvelope, bp as GateName, bq as GatePolicy, br as VaultPolicy, bs as ActiveTier, bt as FactorProof, bu as SchemaUpdateStrategy, bv as TransformFn, bw as PersistedSchemaEnvelope, bx as UpdateDecision, by as DirectoryConfig, bz as UserVisibility, aM as UnlockedKeyring, bf as Vault, aV as DiffEntry } from './types-D9eB0Rvh.js';
2
+ export { bA as AccessibleVault, bB as AffectedDocument, aS as AppendInput, ay as ArrayOutputSpec, p as BLOB_CHUNKS_COLLECTION, q as BLOB_COLLECTION, t as BLOB_INDEX_COLLECTION, u as BLOB_SLOTS_PREFIX, w as BLOB_VERSIONS_PREFIX, bC as BUNDLE_STORE_POLICY, A as BlobObject, C as BlobPutOptions, E as BlobResponseOptions, F as BlobSet, bD as BuiltInGateName, bc as BundleRecipient, _ as CONSENT_AUDIT_COLLECTION, bE as CacheOptions, bF as CacheStats, bG as ChangeEvent, aT as ChangeType, a7 as ClosePeriodOptions, aH as Collection, bH as CollectionChangeEvent, bI as CollectionConflictResolver, bJ as CollectionDescriptor, ao as CollectionFrame, aU as CollectionInstant, bK as CollectionStats, bL as Conflict, bM as ConflictPolicy, bN as ConflictStrategy, $ as ConsentAuditEntry, a0 as ConsentAuditFilter, a1 as ConsentContext, a2 as ConsentOp, bO as CrossTierAccessEvent, L as DEFAULT_CHUNK_SIZE, bP as DEFAULT_PUBLIC_ENVELOPE_SCHEMA, bQ as DELEGATIONS_COLLECTION, D as DICT_COLLECTION_PREFIX, bR as DeepPartial, bS as DeepPartialOrNull, bT as DelegationToken, bU as DeleteManyResult, bV as DerivationDescriptor, aw as DerivationStrategy, aA as DerivationStrategyHandle, aB as DerivedFromMeta, a as DictEntry, b as DictKeyDescriptor, c as DictionaryHandle, d as DictionaryOptions, bW as DirtyEntry, bX as DryRunResult, bY as DumpSchemaOptions, bZ as ELEVATION_AUDIT_COLLECTION, b_ as ElevatedHandle, aQ as EncryptedEnvelope, b$ as EnrollAuthenticatorOptions, c0 as EnrollAuthenticatorWrappingDEKsOptions, c1 as EnrollAuthenticatorWrappingKEKOptions, c2 as EnrollRecoveryResult, c3 as ExportCapability, c4 as ExportChunk, c5 as ExportFormat, c6 as ExportStreamOptions, c7 as FactorKind, c8 as FactorProofBundle, c9 as FactorRequirement, ca as FenceDoc, cb as FenceState, cc as FieldChange, cd as FieldDescriptor, ce as FieldSource, cf as GhostRecord, cg as GrantOptions, ai as GuardChange, aj as GuardContext, ah as GuardStrategy, al as GuardStrategyHandle, ch as GuardViolation, ci as HistoryConfig, cj as HistoryEntry, aP as HistoryOptions, e as I18nTextDescriptor, f as I18nTextOptions, ck as INDEXED_STORE_POLICY, cl as ImportCapability, cm as InferOutput, cn as InternalCollectionStats, co as IssueDelegationOptions, cp as IssueMagicLinkGrantOptions, aW as JsonPatch, aX as JsonPatchOp, cq as KeyringAuthenticator, cr as KeyringAuthenticatorWrappingDEKs, cs as KeyringAuthenticatorWrappingKEK, ct as KeyringFile, aY as LedgerEntry, aZ as LedgerStore, cu as ListAccessibleVaultsOptions, cv as ListPageResult, cw as ListUsersOptions, cx as LiveUserEnvelope, cy as LocaleReadOptions, cz as Lru, cA as LruOptions, cB as LruStats, cC as MAGIC_LINK_CONTENT_INFO_PREFIX, cD as MAGIC_LINK_GRANTS_COLLECTION, cE as MAGIC_LINK_KEK_INFO_PREFIX, cF as MagicLinkGrantPayload, cG as MagicLinkGrantRecord, bl as MaterializedFromMeta, cH as MaterializedViewDescriptor, bm as MaterializedViewOutput, aE as MaterializedViewStrategy, aF as MaterializedViewStrategyHandle, cI as MemoryRecipientSealer, cJ as MemorySealingKeyProvider, cK as NOYDB_BACKUP_VERSION, cL as NOYDB_FORMAT_VERSION, cM as NOYDB_KEYRING_VERSION, cN as NOYDB_SYNC_VERSION, cO as Noydb, cP as NoydbBundleStore, cQ as NoydbEventMap, cR as NoydbOptions, a8 as OpenPeriodOptions, aC as OutputSpec, cS as OverlayViewDescriptor, aG as OverlayedViewStrategy, aJ as OverlayedViewStrategyHandle, a9 as PERIODS_COLLECTION, cT as PUBLIC_ENVELOPE_FIELDS, cU as PaperRecoveryDoc, cV as PaperRecoveryEntry, cW as PassphrasePolicy, cX as PassphraseValidationResult, aa as PeriodRecord, cY as Permission, cZ as Permissions, c_ as PersistedSchemaKind, c$ as PlaintextTranslatorContext, d0 as PlaintextTranslatorFn, P as PolicyEnforcer, d1 as PresenceHandle, d2 as PresencePeer, aR as PruneOptions, d3 as PublicEnvelopeField, d4 as PublicEnvelopeSchema, d5 as PublicEnvelopeText, d6 as PullMode, d7 as PullOptions, d8 as PullPolicy, d9 as PullResult, da as PushMode, db as PushOptions, dc as PushPolicy, dd as PushResult, de as PutManyItemOptions, df as PutManyOptions, dg as PutManyResult, dh as QueryAcrossOptions, di as QueryAcrossResult, dj as QuickUnlockState, dk as QuickUnlockStore, dl as ReAuthOperation, be as RecipientHint, bd as RecipientSealer, aD as RecordOutputSpec, dm as RecoverPassphraseInput, dn as RecoverPassphraseResult, dp as RecoverUserOptions, dq as RecoveryProof, dr as ResolvedPublicEnvelopeSchema, ds as RevokeOptions, aL as Role, dt as RotatePassphraseInput, du as RotateRecoveryOptions, dv as RotateRecoveryResult, dw as SEALED_PASSPHRASE_RECORD_ID, dx as SchemaDelta, dy as SchemaIntrospection, dz as SealedEnvelope, dA as SealedPassphrase, bb as SealingKeyProvider, dB as SessionPolicy, dC as SetPublicEnvelopeInput, dD as ShamirRecoveryDoc, dE as ShamirRecoveryEntry, bh as ShamirRecoveryProvider, U as SlotInfo, V as SlotRecord, dF as SlotRewrapCeremony, dG as SlotRewrapContext, dH as StandardSchemaV1, dI as StandardSchemaV1Issue, dJ as StandardSchemaV1SyncResult, dK as StoreAuth, dL as StoreAuthKind, dM as StoreCapabilities, dN as SyncEngine, dO as SyncMetadata, dP as SyncPolicy, dQ as SyncScheduler, dR as SyncSchedulerStatus, dS as SyncStatus, dT as SyncTarget, dU as SyncTargetRole, dV as SyncTransaction, dW as SyncTransactionResult, dX as TabChannel, dY as TabCoordinationOptions, dZ as TabLockManager, d_ as TabPresence, d$ as TabRole, e0 as TierMode, e1 as TranslatorAuditEntry, as as TxCollection, at as TxContext, e2 as TxOp, au as TxVault, e3 as USER_ENVELOPE_COLLECTION, e4 as USER_ENVELOPE_MAX_BYTES, bn as UnionSource, e5 as Unsubscribe, e6 as UpdateAuthenticatorOptions, e7 as UpdateContext, e8 as UpdateUserOptions, e9 as UserApi, ea as UserEnvelopeCheckGate, eb as UserEnvelopeOversizedError, ec as UserEnvelopePresented, ed as UserInfo, ee as VaultBackup, a_ as VaultEngine, ap as VaultFrame, a$ as VaultInstant, ef as VaultPolicyOnDisk, eg as VaultSchemaSnapshot, eh as VaultSnapshot, b0 as VerifyResult, W as VersionRecord, ei as WarningRules, ej as WeakPassphraseError, ek as WeakPassphraseReason, el as WrappedDeksBlob, em as WriteConflict, en as WriteEvent, eo as WriteHook, ep as WriteQueue, g as applyI18nLocale, b1 as applyPatch, eq as assertStrongPassphrase, er as buildRecipientKeyringFile, es as burnPaperRecoveryEntry, b2 as canonicalJson, b3 as computePatch, n as createEnforcer, et as createNoydb, eu as createStore, ev as deriveMagicLinkContentKey, h as dictCollectionName, i as dictKey, b4 as diff, ew as enrollAuthenticator, ex as estimateEntropy, ey as evaluateExportCapability, ez as evaluateImportCapability, eA as findAuthenticator, b5 as formatDiff, eB as hasExportCapability, eC as hasImportCapability, eD as hasRecoveryEnrolled, b6 as hashEntry, j as i18nText, k as isDictCollectionName, l as isDictKeyDescriptor, m as isI18nTextDescriptor, eE as isMagicLinkGrantExpired, eF as isPublicEnvelope, eG as issueDelegation, eH as keyringRecoverPassphrase, eI as keyringRotatePassphrase, eJ as listMagicLinkGrants, eK as listUsers, eL as listUsersWithEnvelopes, eM as loadActiveDelegations, eN as loadPaperRecoveryEntries, eO as loadSealedPassphrase, eP as loadShamirRecoveryEntries, eQ as magicLinkGrantRecordId, eR as mintPaperRecoveryEntry, eS as mintShamirRecoveryEntry, eT as mintWrappedDeksBlob, b7 as paddedIndex, b8 as parseIndex, eU as parseSealedEnvelope, eV as readMagicLinkGrantRecord, eW as recoverUser, eX as removeAuthenticator, r as resolveI18nText, eY as resolvePublicEnvelopeSchema, eZ as revokeDelegation, e_ as revokeMagicLinkGrant, av as runTransaction, e$ as savePaperRecoveryEntries, f0 as saveSealedPassphrase, f1 as saveShamirRecoveryEntries, b9 as sha256Hex, f2 as unwrapDeksFromBlob, f3 as unwrapDeksFromPaperEntry, f4 as unwrapDeksFromShamirEntry, f5 as unwrapMagicLinkGrant, v as validateI18nTextValue, f6 as validatePassphrase, f7 as validatePublicEnvelopeInput, f8 as validateSchemaInput, f9 as validateSchemaOutput, o as validateSessionPolicy, fa as writeMagicLinkGrant } from './types-D9eB0Rvh.js';
3
3
  export { d as detectMagic, a as detectMimeType, i as isPreCompressed } from './mime-magic-CBBSOkjm.js';
4
4
  export { AgeRoute, BlobLifecyclePolicy, BlobStoreRoute, CircuitBreakerOptions, HealthCheckOptions, LogLevel, LoggingOptions, MetricsOptions, OverrideOptions, OverrideTarget, RetryOptions, RouteStatus, RouteStoreOptions, RoutedNoydbStore, StoreCacheOptions, StoreMiddleware, StoreOperation, SuspendOptions, WrapBundleStoreOptions, WrappedBundleNoydbStore, createBundleStore, routeStore, withCache, withCircuitBreaker, withHealthCheck, withLogging, withMetrics, withRetry, wrapBundleStore, wrapStore } from './store/index.js';
5
- import { N as NoydbError } from './index-CNwA-B6-.js';
6
- export { q as AlreadyElevatedError, A as AmendmentForbiddenError, B as BackupCorruptedError, r as BackupLedgerError, s as BundleIntegrityError, t as BundleSealMismatchError, u as BundleVersionConflictError, C as ConflictError, v as DEFAULT_JOIN_MAX_ROWS, w as DanglingReferenceError, x as DecryptionError, y as DelegationTargetMissingError, e as DerivationCapExceededError, f as DerivationCycleError, g as DerivationDepthError, h as DerivationOutputShapeError, i as DerivationOutputUnknownError, D as DictKeyInUseError, a as DictKeyMissingError, z as DirectoryDisabledError, E as ElevationExpiredError, G as ExportCapabilityError, F as FieldFrozenError, H as FilenameSanitizationError, J as GroupCardinalityError, K as ImportCapabilityError, P as IndexRequiredError, U as IndexWriteFailureError, V as InvalidKeyError, I as InvariantError, W as JoinContext, X as JoinLeg, Y as JoinStrategy, Z as JoinTooLargeError, _ as JoinableSource, $ as KeyringCorruptError, a0 as KeyringExpiredError, a1 as LedgerContentionError, a2 as LiveQuery, a3 as LiveUpstream, L as LocaleNotSpecifiedError, m as MaterializedViewConfigError, n as MaterializedViewCycleError, o as MaterializedViewSourceUnknownError, p as MaterializedViewTooLargeError, M as MissingTranslationError, a4 as NetworkError, a5 as NoAccessError, a6 as NotFoundError, a7 as OrderBy, O as OverlayBaseIsVirtualError, j as OverlayCollectionUnavailableError, k as OverlayIdMismatchError, l as OverlayNameCollisionError, a8 as PathEscapeError, a9 as PeriodClosedError, aa as PermissionDeniedError, ab as PrivilegeEscalationError, Q as Query, ac as QueryPlan, ad as QuerySource, ae as ReadOnlyAtInstantError, af as ReadOnlyError, ag as ReadOnlyFrameError, d as RecordLockedError, ah as RefDescriptor, ai as RefIntegrityError, aj as RefMode, ak as RefRegistry, al as RefScopeError, am as RefViolation, R as ReservedCollectionNameError, an as ScanBuilder, ao as ScanPageProvider, ap as SchemaValidationError, S as SessionExpiredError, b as SessionNotFoundError, c as SessionPolicyError, aq as StoreCapabilityError, ar as TamperedError, as as TierDemoteDeniedError, at as TierNotGrantedError, T as TranslatorNotConfiguredError, au as ValidationError, av as applyJoins, aw as buildLiveQuery, ax as executePlan, ay as ref, az as resetJoinWarnings } from './index-CNwA-B6-.js';
7
- export { A as AutoCredential, a as AutoCredentialKind, C as CompressionAlgo, N as NOYDB_BUNDLE_FORMAT_VERSION, b as NOYDB_BUNDLE_MAGIC, c as NOYDB_BUNDLE_PREFIX_BYTES, d as NoydbBundleHeader, e as NoydbBundleReadResult, R as ReadNoydbBundleOptions, W as WriteNoydbBundleOptions, g as generateULID, h as hasNoydbBundleMagic, i as isULID, r as readNoydbBundle, f as readNoydbBundleHeader, j as readNoydbBundlePublicEnvelope, k as resetBrotliSupportCache, w as writeNoydbBundle } from './index-4agOpzqd.js';
5
+ import { N as NoydbError } from './index-BF1B2HB9.js';
6
+ export { x as AlreadyElevatedError, A as AmendmentForbiddenError, m as AttestationError, B as BackupCorruptedError, o as BackupLedgerError, p as BundleIntegrityError, q as BundleSealMismatchError, r as BundleVersionConflictError, C as ConflictError, y as DEFAULT_JOIN_MAX_ROWS, z as DanglingReferenceError, E as DecryptionError, G as DelegationTargetMissingError, e as DerivationCapExceededError, f as DerivationCycleError, g as DerivationDepthError, h as DerivationOutputShapeError, i as DerivationOutputUnknownError, D as DictKeyInUseError, a as DictKeyMissingError, H as DirectoryDisabledError, J as ElevationExpiredError, K as ExportCapabilityError, F as FieldFrozenError, U as FilenameSanitizationError, V as GroupCardinalityError, W as ImportCapabilityError, X as IndexRequiredError, Y as IndexWriteFailureError, Z as InvalidKeyError, I as InvariantError, _ as JoinContext, $ as JoinLeg, a0 as JoinStrategy, a1 as JoinTooLargeError, a2 as JoinableSource, a3 as KeyringCorruptError, a4 as KeyringExpiredError, a5 as LedgerContentionError, a6 as LiveQuery, a7 as LiveUpstream, L as LocaleNotSpecifiedError, t as MaterializedViewConfigError, u as MaterializedViewCycleError, v as MaterializedViewSourceUnknownError, w as MaterializedViewTooLargeError, a8 as MigrationRequiredError, M as MissingTranslationError, a9 as NetworkError, aa as NoAccessError, ab as NonAdditiveSchemaChangeError, ac as NotFoundError, ad as OrderBy, O as OverlayBaseIsVirtualError, j as OverlayCollectionUnavailableError, k as OverlayIdMismatchError, l as OverlayNameCollisionError, ae as PathEscapeError, af as PeriodClosedError, ag as PermissionDeniedError, ah as PrivilegeEscalationError, Q as Query, ai as QueryPlan, aj as QuerySource, ak as QuiesceTimeoutError, al as ReadOnlyAtInstantError, am as ReadOnlyError, an as ReadOnlyFrameError, d as RecordLockedError, ao as RefDescriptor, ap as RefIntegrityError, aq as RefMode, ar as RefRegistry, as as RefScopeError, at as RefViolation, R as ReservedCollectionNameError, au as ScanBuilder, av as ScanPageProvider, aw as SchemaFenceError, ax as SchemaLockedError, ay as SchemaUpdateError, az as SchemaValidationError, S as SessionExpiredError, b as SessionNotFoundError, c as SessionPolicyError, aA as StoreCapabilityError, aB as TamperedError, aC as TierDemoteDeniedError, aD as TierNotGrantedError, T as TranslatorNotConfiguredError, aE as ValidationError, aF as applyJoins, aG as buildLiveQuery, aH as executePlan, aI as ref, aJ as resetJoinWarnings } from './index-BF1B2HB9.js';
7
+ export { A as AutoCredential, n as AutoCredentialKind, c as CompressionAlgo, N as NOYDB_BUNDLE_FORMAT_VERSION, e as NOYDB_BUNDLE_MAGIC, f as NOYDB_BUNDLE_PREFIX_BYTES, g as NoydbBundleHeader, h as NoydbBundleReadResult, R as ReadNoydbBundleOptions, W as WriteNoydbBundleOptions, j as generateULID, o as hasNoydbBundleMagic, k as isULID, r as readNoydbBundle, l as readNoydbBundleHeader, p as readNoydbBundlePublicEnvelope, m as resetBrotliSupportCache, w as writeNoydbBundle } from './ulid-CiM2OAeM.js';
8
8
  export { a as CrdtMode, b as CrdtState, L as LwwMapState, R as RgaState, Y as YjsState, m as mergeCrdtStates, r as resolveCrdtSnapshot } from './strategy-BSxFXGzb.js';
9
- export { w as withGuard } from './with-guard-DWOCK4Ca.js';
10
- export { w as withDerivation } from './with-derivation-g-pGoMzL.js';
11
- export { w as withMaterializedView } from './with-materialized-view-DaKR-N6J.js';
9
+ export { w as withGuard } from './with-guard-DR7U-l4v.js';
10
+ export { w as withDerivation } from './with-derivation-Bzpj6UTv.js';
11
+ export { w as withMaterializedView } from './with-materialized-view-qtoJ3xKJ.js';
12
12
  export { a as Clause, C as CollectionIndexes, F as FieldClause, b as FilterClause, G as GroupClause, H as HashIndex, I as IndexDef, O as Operator, e as evaluateClause, c as evaluateFieldClause, r as readPath } from './predicate-Dnu81tsS.js';
13
- export { w as withOverlayedView } from './with-overlayed-view-N7jYuNOS.js';
13
+ export { w as withOverlayedView } from './with-overlayed-view-DFaRfgMr.js';
14
14
  export { SYNC_CREDENTIALS_COLLECTION, SyncCredential, credentialStatus, deleteCredential, getCredential, listCredentials, putCredential } from './team/index.js';
15
- export { C as CreateSessionOptions, a as CreateSessionResult, D as DevUnlockOptions, S as SessionToken, b as activeSessionCount, c as clearDevUnlock, d as createSession, e as enableDevUnlock, i as isDevUnlockActive, f as isSessionAlive, l as loadDevUnlock, r as resolveSession, g as revokeAllSessions, h as revokeSession } from './dev-unlock-D9s-loPr.js';
15
+ export { C as CreateSessionOptions, a as CreateSessionResult, D as DevUnlockOptions, S as SessionToken, b as activeSessionCount, c as clearDevUnlock, d as createSession, e as enableDevUnlock, i as isDevUnlockActive, f as isSessionAlive, l as loadDevUnlock, r as resolveSession, g as revokeAllSessions, h as revokeSession } from './dev-unlock-Cf2B7Kih.js';
16
16
  export { a as AggregateResult, b as AggregateSpec, c as Aggregation, d as AggregationUpstream, G as GROUPBY_MAX_CARDINALITY, e as GROUPBY_WARN_CARDINALITY, f as GroupedAggregation, g as GroupedQuery, h as GroupedQueryN, i as GroupedRow, j as GroupedRowN, L as LiveAggregation, R as Reducer, k as ReducerOptions, l as avg, n as count, o as groupAndReduce, p as max, q as min, r as reduceRecords, t as sum } from './strategy-DSTrsZ8t.js';
17
- export { L as LEDGER_COLLECTION, a as LEDGER_DELTAS_COLLECTION, e as envelopePayloadHash } from './hash-DXXXusyk.js';
17
+ export { L as LEDGER_COLLECTION, a as LEDGER_DELTAS_COLLECTION, e as envelopePayloadHash } from './hash-gVn_uKhp.js';
18
18
  import './lazy-builder-Rpd-V3jP.js';
19
+ import '@noy-db/attestation';
19
20
 
20
21
  /**
21
22
  * Persistence helpers for per-principal user envelopes stored at
@@ -338,6 +339,24 @@ declare function loadVaultPolicy(store: NoydbStore, vault: string): Promise<Vaul
338
339
  */
339
340
  declare function saveVaultPolicy(store: NoydbStore, vault: string, policy: VaultPolicy): Promise<void>;
340
341
 
342
+ /** Allow any schema change. Explicit blind / back-compat. */
343
+ declare function blindUpdate(): SchemaUpdateStrategy;
344
+ /** Allow additive changes; reject non-additive ones. The safety backstop. */
345
+ declare function additiveOnly(): SchemaUpdateStrategy;
346
+ /**
347
+ * Reject schema changes. With `fields`, reject only when one of those
348
+ * fields is added/removed/changed; otherwise reject any non-`none` delta.
349
+ */
350
+ declare function lockSchema(opts?: {
351
+ readonly fields?: readonly string[];
352
+ }): SchemaUpdateStrategy;
353
+
354
+ /** The coordinatedCutover update strategy (#232, single-step — no from/to). */
355
+
356
+ declare function coordinatedCutover(opts: {
357
+ readonly transform: TransformFn;
358
+ }): SchemaUpdateStrategy;
359
+
341
360
  /**
342
361
  * Derive a {@link PersistedSchemaEnvelope} from a Standard Schema v1
343
362
  * validator. v0 supports Zod via `zod-to-json-schema` (optional peer-dep);
@@ -412,6 +431,8 @@ interface PersistSchemaResult {
412
431
  readonly skipped: boolean;
413
432
  /** The envelope that was either written or matched. */
414
433
  readonly envelope: PersistedSchemaEnvelope;
434
+ /** The update-strategy decision, present when strategies ran (#245). */
435
+ readonly decision?: UpdateDecision;
415
436
  }
416
437
  declare function persistSchemaIfNeeded(opts: {
417
438
  readonly store: NoydbStore;
@@ -419,6 +440,7 @@ declare function persistSchemaIfNeeded(opts: {
419
440
  readonly collectionName: string;
420
441
  readonly validator: unknown;
421
442
  readonly dek: CryptoKey;
443
+ readonly strategies?: readonly SchemaUpdateStrategy[];
422
444
  }): Promise<PersistSchemaResult>;
423
445
 
424
446
  /**
@@ -753,4 +775,4 @@ type DiffCandidate<T = unknown> = Vault | Record<string, readonly T[]> | string;
753
775
  */
754
776
  declare function diffVault<T = unknown>(vault: Vault, candidate: DiffCandidate<T>, options?: DiffOptions): Promise<VaultDiff<T>>;
755
777
 
756
- export { ActiveTier, type CheckGateContext, DEFAULT_FRESHNESS_MS, DIRECTORY_RECORD_ID, type DiffCandidate, DiffEntry, type DiffOptions, DirectoryConfig, FactorProof, GateName, GatePolicy, META_COLLECTION, ManagedRecoveryNotEnrolledError, NoydbError, NoydbStore, PERSONAL_POLICY, POLICY_RECORD_ID, PUBLIC_ENVELOPE_RECORD_ID, type PersistSchemaResult, PersistedSchemaEnvelope, PolicyDeniedError, type PolicyDenyReason, PublicEnvelope, RecoveryNotEnrolledError, RecoveryProfileNotImplementedError, SCHEMAS_COLLECTION, STRICT_POLICY, UnlockedKeyring, UserEnvelope, UserVisibility, VISIBILITY_RECORD_PREFIX, Vault, type VaultDiff, type VaultDiffEntry, type VaultDiffModifiedEntry, VaultPolicy, assertTierAccess, base64ToBuffer, bufferToBase64, checkGate, decryptBytes, decryptDeterministic, dekKey, deleteUserEnvelope, deleteUserVisibility, derivePersistedSchema, derivePresenceKey, describeAllUsersAuth, describeAuthConfig, describeGate, describeUserAuth, diagramAuthConfig, diffVault, effectiveClearance, encryptBytes, encryptDeterministic, estimateRecordBytes, isZodSchema, listUserEnvelopeIds, loadPersistedSchema, loadPublicEnvelope, loadUserEnvelope, loadVaultPolicy, mergePolicy, parseBytes, persistDirectoryConfig, persistSchemaIfNeeded, persistUserVisibility, readDirectoryConfig, readPublicEnvelope, readUserVisibility, savePersistedSchema, savePublicEnvelope, saveUserEnvelope, saveVaultPolicy, visibilityRecordId };
778
+ export { ActiveTier, type CheckGateContext, DEFAULT_FRESHNESS_MS, DIRECTORY_RECORD_ID, type DiffCandidate, DiffEntry, type DiffOptions, DirectoryConfig, FactorProof, GateName, GatePolicy, META_COLLECTION, ManagedRecoveryNotEnrolledError, NoydbError, NoydbStore, PERSONAL_POLICY, POLICY_RECORD_ID, PUBLIC_ENVELOPE_RECORD_ID, type PersistSchemaResult, PersistedSchemaEnvelope, PolicyDeniedError, type PolicyDenyReason, PublicEnvelope, RecoveryNotEnrolledError, RecoveryProfileNotImplementedError, SCHEMAS_COLLECTION, STRICT_POLICY, SchemaUpdateStrategy, UnlockedKeyring, UpdateDecision, UserEnvelope, UserVisibility, VISIBILITY_RECORD_PREFIX, Vault, type VaultDiff, type VaultDiffEntry, type VaultDiffModifiedEntry, VaultPolicy, additiveOnly, assertTierAccess, base64ToBuffer, blindUpdate, bufferToBase64, checkGate, coordinatedCutover, decryptBytes, decryptDeterministic, dekKey, deleteUserEnvelope, deleteUserVisibility, derivePersistedSchema, derivePresenceKey, describeAllUsersAuth, describeAuthConfig, describeGate, describeUserAuth, diagramAuthConfig, diffVault, effectiveClearance, encryptBytes, encryptDeterministic, estimateRecordBytes, isZodSchema, listUserEnvelopeIds, loadPersistedSchema, loadPublicEnvelope, loadUserEnvelope, loadVaultPolicy, lockSchema, mergePolicy, parseBytes, persistDirectoryConfig, persistSchemaIfNeeded, persistUserVisibility, readDirectoryConfig, readPublicEnvelope, readUserVisibility, savePersistedSchema, savePublicEnvelope, saveUserEnvelope, saveVaultPolicy, visibilityRecordId };