@noy-db/hub 0.2.0-pre.23 → 0.2.0-pre.24

package/dist/index.d.ts

@@ -1,25 +1,27 @@
-import { aW as NoydbStore, bs as UserEnvelope, bc as PublicEnvelope, bt as GateName, bu as GatePolicy, bv as VaultPolicy, bw as ActiveTier, bx as FactorProof, aY as EncryptedEnvelope, by as SchemaUpdateStrategy, bz as TransformFn, bA as PersistedSchemaEnvelope, bB as UpdateDecision, bC as DirectoryConfig, bD as UserVisibility, aU as UnlockedKeyring, bh as Vault, b1 as DiffEntry } from './types-DONgts0n.js';
-export { bE as AccessibleVault, bF as AffectedDocument, a_ as AppendInput, bG as ApproveWithdrawalOptions, bH as ArchivePolicy, bI as ArchiveResult, bJ as ArchiveRunOptions, bK as ArchiveStrategy, aE as ArrayOutputSpec, o as BLOB_CHUNKS_COLLECTION, p as BLOB_COLLECTION, r as BLOB_INDEX_COLLECTION, t as BLOB_SLOTS_PREFIX, u as BLOB_VERSIONS_PREFIX, bL as BUNDLE_STORE_POLICY, z as BlobObject, A as BlobPutOptions, C as BlobResponseOptions, E as BlobSet, bM as BuiltInGateName, be as BundleRecipient, a4 as CONSENT_AUDIT_COLLECTION, bN as CacheOptions, bO as CacheStats, bP as CapturedBlueprint, bQ as ChangeEvent, a$ as ChangeType, ad as ClosePeriodOptions, aN as Collection, bR as CollectionChangeEvent, bS as CollectionConflictResolver, bT as CollectionDescriptor, au as CollectionFrame, b0 as CollectionInstant, bU as CollectionStats, bV as ComputedFieldError, bW as ComputedFields, bX as ComputedFn, bY as Conflict, bZ as ConflictPolicy, b_ as ConflictStrategy, a5 as ConsentAuditEntry, a6 as ConsentAuditFilter, a7 as ConsentContext, a8 as ConsentOp, b$ as CrossTierAccessEvent, c0 as CrossVaultAggregation, c1 as CrossVaultDerivationContext, c2 as CrossVaultDerivationSpec, c3 as CrossVaultGroupedAggregation, c4 as CrossVaultGroupedRow, c5 as CrossVaultLiveAggregation, c6 as CrossVaultLiveQuery, K as DEFAULT_CHUNK_SIZE, c7 as DEFAULT_PUBLIC_ENVELOPE_SCHEMA, c8 as DELEGATIONS_COLLECTION, D as DICT_COLLECTION_PREFIX, c9 as DeepPartial, ca as DeepPartialOrNull, cb as DeferredNumberingConfig, cc as DelegationToken, cd as DeleteManyResult, ce as DeploymentEvent, cf as DerivationDescriptor, aC as DerivationStrategy, aG as DerivationStrategyHandle, aH as DerivedFromMeta, a as DictEntry, b as DictKeyDescriptor, c as DictionaryHandle, d as DictionaryOptions, cg as DirtyEntry, ch as DryRunResult, ci as DumpSchemaOptions, cj as ELEVATION_AUDIT_COLLECTION, ck as ElevatedHandle, cl as EnrollAuthenticatorOptions, cm as EnrollAuthenticatorWrappingDEKsOptions, cn as EnrollAuthenticatorWrappingKEKOptions, co as EnrollRecoveryResult, cp as ExportAccessibleOptions, cq as ExportCapability, cr as ExportChunk, cs as ExportFormat, ct as ExportStreamOptions, cu as FactorKind, cv as FactorProofBundle, cw as FactorRequirement, cx as FanoutQueryOptions, cy as FanoutResult, cz as FenceDoc, cA as FenceState, cB as FieldChange, cC as FieldDescriptor, cD as FieldSource, cE as FleetMigrationResult, cF as FormattedSequenceHandle, cG as FrozenSnapshotRef, cH as GhostRecord, cI as GrantOptions, ao as GuardChange, ap as GuardContext, an as GuardStrategy, ar as GuardStrategyHandle, cJ as GuardViolation, cK as HistoryConfig, cL as HistoryEntry, aX as HistoryOptions, cM as INDEXED_STORE_POLICY, cN as ImportCapability, cO as InferOutput, cP as InternalCollectionStats, cQ as IssueDelegationOptions, cR as IssueMagicLinkGrantOptions, b2 as JsonPatch, b3 as JsonPatchOp, cS as KeyringAuthenticator, cT as KeyringAuthenticatorWrappingDEKs, cU as KeyringAuthenticatorWrappingKEK, cV as KeyringFile, b4 as LedgerStore, cW as LinkEndpointError, cX as LinkIntegrityError, cY as LinkOnDelete, cZ as LinkRow, c_ as LinkSetHandle, c$ as LinkSpec, d0 as ListAccessibleVaultsOptions, d1 as ListPageResult, d2 as ListUsersOptions, d3 as LiveQueryOptions, d4 as LiveUserEnvelope, d5 as LocaleReadOptions, d6 as Lru, d7 as LruOptions, d8 as LruStats, d9 as MAGIC_LINK_CONTENT_INFO_PREFIX, da as MAGIC_LINK_GRANTS_COLLECTION, db as MAGIC_LINK_KEK_INFO_PREFIX, dc as MagicLinkGrantPayload, dd as MagicLinkGrantRecord, bo as MaterializedFromMeta, de as MaterializedViewDescriptor, bp as MaterializedViewOutput, aK as MaterializedViewStrategy, aL as MaterializedViewStrategyHandle, df as MemoryRecipientSealer, dg as MemorySealingKeyProvider, dh as MigrationStatusRow, di as NOYDB_BACKUP_VERSION, dj as NOYDB_FORMAT_VERSION, dk as NOYDB_KEYRING_VERSION, dl as NOYDB_SYNC_VERSION, dm as NextOptions, dn as Noydb, aw as NoydbBundleStore, dp as NoydbEventMap, dq as NoydbOptions, dr as NumberingAssignment, T as ObjectListEntry, U as ObjectMeta, V as ObjectProjection, W as ObjectUrlOptions, ae as OpenPeriodOptions, aI as OutputSpec, aO as OverlayFieldMergeMode, aP as OverlayFieldMergeRule, ds as OverlayViewDescriptor, aM as OverlayedViewStrategy, aR as OverlayedViewStrategyHandle, af as PERIODS_COLLECTION, dt as PUBLIC_ENVELOPE_FIELDS, du as PaperRecoveryDoc, dv as PaperRecoveryEntry, dw as PassphrasePolicy, dx as PassphraseValidationResult, ag as PeriodRecord, dy as Permission, dz as Permissions, dA as PersistedSchemaKind, dB as PlaintextTranslatorContext, dC as PlaintextTranslatorFn, P as PolicyEnforcer, dD as PresenceHandle, dE as PresencePeer, aZ as PruneOptions, dF as PublicEnvelopeField, dG as PublicEnvelopeSchema, dH as PublicEnvelopeText, dI as PullMode, dJ as PullOptions, dK as PullPolicy, dL as PullResult, dM as PushMode, dN as PushOptions, dO as PushPolicy, dP as PushResult, dQ as PutManyItemOptions, dR as PutManyOptions, dS as PutManyResult, X as PutObjectOptions, Y as PutUrlOptions, dT as QueryAcrossOptions, dU as QueryAcrossResult, dV as QuickUnlockState, dW as QuickUnlockStore, dX as ReAuthOperation, bg as RecipientHint, bf as RecipientSealer, aJ as RecordOutputSpec, dY as RecoverPassphraseInput, dZ as RecoverPassphraseResult, d_ as RecoverUserOptions, d$ as RecoveryProof, e0 as RefreshInsightsResult, e1 as RejectWithdrawalOptions, e2 as RequestWithdrawalOptions, e3 as RequestWithdrawalResult, e4 as ResolvedPublicEnvelopeSchema, ax as RetentionPolicy, e5 as RevokeOptions, aT as Role, e6 as RotatePassphraseInput, e7 as RotateRecoveryOptions, e8 as RotateRecoveryResult, e9 as SEALED_PASSPHRASE_RECORD_ID, ea as SchemaDelta, eb as SchemaIntrospection, ec as SchemaManifestRow, S as ScriptWarning, ed as SealedEnvelope, ee as SealedPassphrase, bd as SealingKeyProvider, ef as SearchEntry, eg as SearchOptions, eh as SearchResult, ei as SequenceHandle, ej as SequenceOptions, ek as SequenceStore, el as SessionPolicy, em as SetPublicEnvelopeInput, en as ShamirRecoveryDoc, eo as ShamirRecoveryEntry, bj as ShamirRecoveryProvider, ep as ShardedCollection, eq as ShardedGroupedQuery, er as ShardedQuery, es as ShardingConfig, et as SkippedVault, Z as SlotInfo, _ as SlotRecord, eu as SlotRewrapCeremony, ev as SlotRewrapContext, aA as SnapshotMeta, ew as StandardSchemaV1, ex as StandardSchemaV1Issue, ey as StandardSchemaV1SyncResult, ez as StateManagementVault, e as StaticDictDescriptor, eA as StoreAuth, eB as StoreAuthKind, eC as StoreCapabilities, eD as StoreTime, eE as SyncEngine, eF as SyncMetadata, eG as SyncPolicy, eH as SyncScheduler, eI as SyncSchedulerStatus, eJ as SyncStatus, eK as SyncTarget, eL as SyncTargetRole, eM as SyncTransaction, eN as SyncTransactionResult, eO as TabChannel, eP as TabCoordinationOptions, eQ as TabLockManager, eR as TabPresence, eS as TabRole, eT as TierMode, eU as TransactionInvariant, eV as TranslatorAuditEntry, eW as TxCollection, bk as TxContext, eX as TxOp, eY as TxVault, eZ as USER_ENVELOPE_COLLECTION, e_ as USER_ENVELOPE_MAX_BYTES, bq as UnionArmJoin, br as UnionSource, e$ as Unsubscribe, f0 as UpdateAuthenticatorOptions, f1 as UpdateContext, f2 as UpdateUserOptions, f3 as UserApi, f4 as UserEnvelopeCheckGate, f5 as UserEnvelopeOversizedError, f6 as UserEnvelopePresented, f7 as UserInfo, f8 as VaultBackup, b5 as VaultEngine, av as VaultFrame, f9 as VaultGroup, fa as VaultGroupOptions, b6 as VaultInstant, fb as VaultPolicyOnDisk, fc as VaultRegistryRow, fd as VaultSchemaSnapshot, fe as VaultSnapshot, ff as VaultTemplate, b7 as VerifyResult, $ as VersionRecord, fg as WarningRules, fh as WeakPassphraseError, fi as WeakPassphraseReason, fj as WithArchiveOptions, fk as WithdrawAccessibleOptions, fl as WithdrawResult, fm as WithdrawalRequest, fn as WithdrawalRequestError, fo as WithdrawalRequestStatus, fp as WrappedDeksBlob, fq as WriteConflict, fr as WriteEvent, fs as WriteHook, ft as WriteQueue, fu as aesGcmOpen, b8 as applyPatch, fv as approveWithdrawal, fw as assertStrongPassphrase, fx as buildRecipientKeyringFile, fy as burnPaperRecoveryEntry, fz as compileSequenceFormat, b9 as computePatch, n as createEnforcer, fA as createNoydb, fB as createStore, fC as deriveMagicLinkContentKey, f as dictCollectionName, g as dictKey, ba as diff, h as enforceScript, fD as enrollAuthenticator, fE as estimateEntropy, fF as evalComputedFields, fG as evaluateExportCapability, fH as evaluateImportCapability, fI as exportAccessibleData, fJ as findAuthenticator, bb as formatDiff, fK as hasExportCapability, fL as hasImportCapability, fM as hasRecoveryEnrolled, i as inferScripts, j as isDictCollectionName, k as isDictKeyDescriptor, fN as isLinkCollectionName, fO as isMagicLinkGrantExpired, fP as isPublicEnvelope, l as isStaticDictDescriptor, fQ as issueDelegation, fR as keyringRecoverPassphrase, fS as keyringRotatePassphrase, fT as listMagicLinkGrants, fU as listUsers, fV as listUsersWithEnvelopes, fW as listWithdrawalRequests, fX as loadActiveDelegations, fY as loadPaperRecoveryEntries, fZ as loadSealedPassphrase, f_ as loadShamirRecoveryEntries, f$ as magicLinkGrantRecordId, a1 as memoryObjectProjection, g0 as mintPaperRecoveryEntry, g1 as mintShamirRecoveryEntry, g2 as mintWrappedDeksBlob, g3 as parseRsaOaepTlv, g4 as parseSealedEnvelope, g5 as readMagicLinkGrantRecord, g6 as recoverUser, g7 as rejectWithdrawal, g8 as removeAuthenticator, g9 as requestWithdrawal, ga as resolvePublicEnvelopeSchema, gb as resolveSequenceKey, gc as revokeDelegation, gd as revokeMagicLinkGrant, ge as runTransaction, gf as savePaperRecoveryEntries, gg as saveSealedPassphrase, gh as saveShamirRecoveryEntries, gi as sealRsaOaepTlv, s as staticDict, gj as unwrapDeksFromBlob, gk as unwrapDeksFromPaperEntry, gl as unwrapDeksFromShamirEntry, gm as unwrapMagicLinkGrant, gn as validatePassphrase, go as validatePublicEnvelopeInput, gp as validateSchemaInput, gq as validateSchemaOutput, v as validateSessionPolicy, gr as withArchive, gs as withDeferredNumbering, gt as withdrawAccessibleData, gu as writeMagicLinkGrant } from './types-DONgts0n.js';
-export { I as ImportExternalOptions, a as ImportExternalResult, b as ImportableCollection, d as detectMagic, c as detectMimeType, i as importExternalObjects, e as isPreCompressed } from './mime-magic-Dejetix_.js';
+import { aW as NoydbStore, bs as UserEnvelope, bg as PublicEnvelope, bt as GateName, bu as GatePolicy, bv as VaultPolicy, bw as ActiveTier, bx as FactorProof, aY as EncryptedEnvelope, by as SchemaUpdateStrategy, bz as TransformFn, bA as PersistedSchemaEnvelope, bB as UpdateDecision, bd as SealingKeyProvider, aU as UnlockedKeyring, bC as DirectoryConfig, bD as UserVisibility, bc as Vault, b1 as DiffEntry } from './types-BGRX6sPT.js';
+export { bE as AccessibleVault, bF as AffectedDocument, a_ as AppendInput, bG as ApproveWithdrawalOptions, bH as ArchivePolicy, bI as ArchiveResult, bJ as ArchiveRunOptions, bK as ArchiveStrategy, aE as ArrayOutputSpec, o as BLOB_CHUNKS_COLLECTION, p as BLOB_COLLECTION, r as BLOB_INDEX_COLLECTION, t as BLOB_SLOTS_PREFIX, u as BLOB_VERSIONS_PREFIX, bL as BUNDLE_STORE_POLICY, z as BlobObject, A as BlobPutOptions, C as BlobResponseOptions, E as BlobSet, bM as BuiltInGateName, bh as BundleRecipient, a4 as CONSENT_AUDIT_COLLECTION, bN as CacheOptions, bO as CacheStats, bP as ChangeEvent, a$ as ChangeType, ad as ClosePeriodOptions, aN as Collection, bQ as CollectionChangeEvent, bR as CollectionConflictResolver, bS as CollectionDescriptor, au as CollectionFrame, b0 as CollectionInstant, bT as CollectionStats, bU as ComputedFieldError, bV as ComputedFields, bW as ComputedFn, bX as Conflict, bY as ConflictPolicy, bZ as ConflictStrategy, a5 as ConsentAuditEntry, a6 as ConsentAuditFilter, a7 as ConsentContext, a8 as ConsentOp, b_ as CrossTierAccessEvent, b$ as CustodyApi, K as DEFAULT_CHUNK_SIZE, c0 as DEFAULT_PUBLIC_ENVELOPE_SCHEMA, c1 as DELEGATIONS_COLLECTION, D as DICT_COLLECTION_PREFIX, c2 as DeepPartial, c3 as DeepPartialOrNull, c4 as DeferredNumberingConfig, c5 as DelegationToken, c6 as DeleteManyResult, c7 as DerivationDescriptor, aC as DerivationStrategy, aG as DerivationStrategyHandle, aH as DerivedFromMeta, a as DictEntry, b as DictKeyDescriptor, c as DictionaryHandle, d as DictionaryOptions, c8 as DirtyEntry, c9 as DryRunResult, ca as DumpSchemaOptions, cb as ELEVATION_AUDIT_COLLECTION, cc as ElevatedHandle, cd as EnrollAuthenticatorOptions, ce as EnrollAuthenticatorWrappingDEKsOptions, cf as EnrollAuthenticatorWrappingKEKOptions, cg as EnrollRecoveryResult, ch as ExportAccessibleOptions, ci as ExportCapability, cj as ExportChunk, ck as ExportFormat, cl as ExportStreamOptions, cm as FactorKind, cn as FactorProofBundle, co as FactorRequirement, cp as FenceDoc, cq as FenceState, cr as FieldChange, cs as FieldDescriptor, ct as FieldSource, cu as FormattedSequenceHandle, cv as FrozenSnapshotRef, cw as GhostRecord, cx as GrantCustodianOptions, cy as GrantOptions, ao as GuardChange, ap as GuardContext, an as GuardStrategy, ar as GuardStrategyHandle, cz as GuardViolation, cA as HistoryConfig, cB as HistoryEntry, aX as HistoryOptions, cC as INDEXED_STORE_POLICY, cD as ImportCapability, cE as InferOutput, cF as InternalCollectionStats, cG as IssueDelegationOptions, cH as IssueMagicLinkGrantOptions, b2 as JsonPatch, b3 as JsonPatchOp, cI as KeyringAuthenticator, cJ as KeyringAuthenticatorWrappingDEKs, cK as KeyringAuthenticatorWrappingKEK, cL as KeyringFile, b4 as LedgerStore, cM as LiberateOptions, cN as LiberateResult, cO as LinkEndpointError, cP as LinkIntegrityError, cQ as LinkOnDelete, cR as LinkRow, cS as LinkSetHandle, cT as LinkSpec, cU as ListAccessibleVaultsOptions, cV as ListPageResult, cW as ListUsersOptions, cX as LiveUserEnvelope, cY as LocaleReadOptions, cZ as Lru, c_ as LruOptions, c$ as LruStats, d0 as MAGIC_LINK_CONTENT_INFO_PREFIX, d1 as MAGIC_LINK_GRANTS_COLLECTION, d2 as MAGIC_LINK_KEK_INFO_PREFIX, d3 as MagicLinkGrantPayload, d4 as MagicLinkGrantRecord, bo as MaterializedFromMeta, d5 as MaterializedViewDescriptor, bp as MaterializedViewOutput, aK as MaterializedViewStrategy, aL as MaterializedViewStrategyHandle, d6 as MemoryRecipientSealer, d7 as MemorySealingKeyProvider, d8 as NOYDB_BACKUP_VERSION, d9 as NOYDB_FORMAT_VERSION, da as NOYDB_KEYRING_VERSION, db as NOYDB_SYNC_VERSION, dc as NextOptions, dd as Noydb, aw as NoydbBundleStore, de as NoydbEventMap, df as NoydbOptions, dg as NumberingAssignment, T as ObjectListEntry, U as ObjectMeta, V as ObjectProjection, W as ObjectUrlOptions, ae as OpenPeriodOptions, aI as OutputSpec, aO as OverlayFieldMergeMode, aP as OverlayFieldMergeRule, dh as OverlayViewDescriptor, aM as OverlayedViewStrategy, aR as OverlayedViewStrategyHandle, af as PERIODS_COLLECTION, di as PUBLIC_ENVELOPE_FIELDS, dj as PaperRecoveryDoc, dk as PaperRecoveryEntry, dl as PassphrasePolicy, dm as PassphraseValidationResult, ag as PeriodRecord, dn as Permission, dp as Permissions, dq as PersistedSchemaKind, dr as PlaintextTranslatorContext, ds as PlaintextTranslatorFn, P as PolicyEnforcer, dt as PresenceHandle, du as PresencePeer, aZ as PruneOptions, dv as PublicEnvelopeField, dw as PublicEnvelopeSchema, dx as PublicEnvelopeText, dy as PullMode, dz as PullOptions, dA as PullPolicy, dB as PullResult, dC as PushMode, dD as PushOptions, dE as PushPolicy, dF as PushResult, dG as PutManyItemOptions, dH as PutManyOptions, dI as PutManyResult, X as PutObjectOptions, Y as PutUrlOptions, dJ as QueryAcrossOptions, dK as QueryAcrossResult, dL as QuickUnlockState, dM as QuickUnlockStore, dN as ReAuthOperation, bj as RecipientHint, bi as RecipientSealer, aJ as RecordOutputSpec, dO as RecoverPassphraseInput, dP as RecoverPassphraseResult, dQ as RecoverUserOptions, dR as RecoveryProof, dS as RejectWithdrawalOptions, dT as RequestWithdrawalOptions, dU as RequestWithdrawalResult, dV as ResolvedPublicEnvelopeSchema, ax as RetentionPolicy, dW as RevokeOptions, aT as Role, dX as RotatePassphraseInput, dY as RotateRecoveryOptions, dZ as RotateRecoveryResult, d_ as SEALED_PASSPHRASE_RECORD_ID, d$ as SchemaDelta, e0 as SchemaIntrospection, S as ScriptWarning, e1 as SealedEnvelope, e2 as SealedPassphrase, e3 as SearchEntry, e4 as SearchOptions, e5 as SearchResult, e6 as SequenceHandle, e7 as SequenceOptions, e8 as SequenceStore, e9 as SessionPolicy, ea as SetPublicEnvelopeInput, eb as ShamirRecoveryDoc, ec as ShamirRecoveryEntry, bf as ShamirRecoveryProvider, Z as SlotInfo, _ as SlotRecord, ed as SlotRewrapCeremony, ee as SlotRewrapContext, aA as SnapshotMeta, ef as StandardSchemaV1, eg as StandardSchemaV1Issue, eh as StandardSchemaV1SyncResult, e as StaticDictDescriptor, ei as StoreAuth, ej as StoreAuthKind, ek as StoreCapabilities, el as StoreTime, em as SyncEngine, en as SyncMetadata, eo as SyncPolicy, ep as SyncScheduler, eq as SyncSchedulerStatus, er as SyncStatus, es as SyncTarget, et as SyncTargetRole, eu as SyncTransaction, ev as SyncTransactionResult, ew as TabChannel, ex as TabCoordinationOptions, ey as TabLockManager, ez as TabPresence, eA as TabRole, eB as TierMode, eC as TransactionInvariant, eD as TranslatorAuditEntry, eE as TxCollection, bk as TxContext, eF as TxOp, eG as TxVault, eH as USER_ENVELOPE_COLLECTION, eI as USER_ENVELOPE_MAX_BYTES, bq as UnionArmJoin, br as UnionSource, eJ as Unsubscribe, eK as UpdateAuthenticatorOptions, eL as UpdateContext, eM as UpdateUserOptions, eN as UserApi, eO as UserEnvelopeCheckGate, eP as UserEnvelopeOversizedError, eQ as UserEnvelopePresented, eR as UserInfo, eS as VaultBackup, b5 as VaultEngine, av as VaultFrame, b6 as VaultInstant, eT as VaultPolicyOnDisk, eU as VaultSchemaSnapshot, eV as VaultSnapshot, b7 as VerifyResult, $ as VersionRecord, eW as WarningRules, eX as WeakPassphraseError, eY as WeakPassphraseReason, eZ as WithArchiveOptions, e_ as WithdrawAccessibleOptions, e$ as WithdrawResult, f0 as WithdrawalRequest, f1 as WithdrawalRequestError, f2 as WithdrawalRequestStatus, f3 as WrappedDeksBlob, f4 as WriteConflict, f5 as WriteEvent, f6 as WriteHook, f7 as WriteQueue, f8 as aesGcmOpen, b8 as applyPatch, f9 as approveWithdrawal, fa as assertStrongPassphrase, fb as buildRecipientKeyringFile, fc as burnPaperRecoveryEntry, fd as compileSequenceFormat, b9 as computePatch, n as createEnforcer, fe as createNoydb, ff as createStore, fg as deriveMagicLinkContentKey, f as dictCollectionName, g as dictKey, ba as diff, h as enforceScript, fh as enrollAuthenticator, fi as estimateEntropy, fj as evalComputedFields, fk as evaluateExportCapability, fl as evaluateImportCapability, fm as exportAccessibleData, fn as findAuthenticator, bb as formatDiff, fo as hasExportCapability, fp as hasImportCapability, fq as hasRecoveryEnrolled, i as inferScripts, j as isDictCollectionName, k as isDictKeyDescriptor, fr as isLinkCollectionName, fs as isMagicLinkGrantExpired, ft as isPublicEnvelope, l as isStaticDictDescriptor, fu as issueDelegation, fv as keyringRecoverPassphrase, fw as keyringRotatePassphrase, fx as liberateVault, fy as listMagicLinkGrants, fz as listUsers, fA as listUsersWithEnvelopes, fB as listWithdrawalRequests, fC as loadActiveDelegations, fD as loadPaperRecoveryEntries, fE as loadSealedPassphrase, fF as loadShamirRecoveryEntries, fG as magicLinkGrantRecordId, a1 as memoryObjectProjection, fH as mintPaperRecoveryEntry, fI as mintShamirRecoveryEntry, fJ as mintWrappedDeksBlob, fK as parseRsaOaepTlv, fL as parseSealedEnvelope, fM as readMagicLinkGrantRecord, fN as recoverUser, fO as rejectWithdrawal, fP as removeAuthenticator, fQ as requestWithdrawal, fR as resolvePublicEnvelopeSchema, fS as resolveSequenceKey, fT as revokeDelegation, fU as revokeMagicLinkGrant, fV as runTransaction, fW as savePaperRecoveryEntries, fX as saveSealedPassphrase, fY as saveShamirRecoveryEntries, fZ as sealRsaOaepTlv, s as staticDict, f_ as unwrapDeksFromBlob, f$ as unwrapDeksFromPaperEntry, g0 as unwrapDeksFromShamirEntry, g1 as unwrapMagicLinkGrant, g2 as validatePassphrase, g3 as validatePublicEnvelopeInput, g4 as validateSchemaInput, g5 as validateSchemaOutput, v as validateSessionPolicy, g6 as withArchive, g7 as withDeferredNumbering, g8 as withdrawAccessibleData, g9 as writeMagicLinkGrant } from './types-BGRX6sPT.js';
+export { I as ImportExternalOptions, a as ImportExternalResult, b as ImportableCollection, d as detectMagic, c as detectMimeType, i as importExternalObjects, e as isPreCompressed } from './mime-magic-BswIvWkR.js';
 export { AgeRoute, BlobLifecyclePolicy, BlobStoreRoute, CircuitBreakerOptions, HealthCheckOptions, LogLevel, LoggingOptions, MetricsOptions, OverrideOptions, OverrideTarget, RetryOptions, RouteStatus, RouteStoreOptions, RoutedNoydbStore, StoreCacheOptions, StoreMiddleware, StoreOperation, SuspendOptions, WrapBundleStoreOptions, WrappedBundleNoydbStore, createBundleStore, routeStore, withCache, withCircuitBreaker, withHealthCheck, withLogging, withMetrics, withRetry, wrapBundleStore, wrapStore } from './store/index.js';
-import { N as NoydbError } from './errors-Dkc_fi-S.js';
-export { H as AlreadyElevatedError, A as AmendmentForbiddenError, s as AttestationError, B as BackupCorruptedError, u as BackupLedgerError, v as BundleIntegrityError, w as BundleSealMismatchError, x as BundleVersionConflictError, J as ConflictError, K as CrossJoinSourceUnknownError, Q as CrossJoinTooLargeError, V as DanglingReferenceError, W as DataResidencyError, X as DebugPlaintextError, Y as DebugReservedFieldError, Z as DecryptionError, _ as DelegationTargetMissingError, i as DerivationCapExceededError, j as DerivationCycleError, k as DerivationDepthError, l as DerivationOutputShapeError, m as DerivationOutputUnknownError, D as DictKeyInUseError, a as DictKeyMissingError, $ as DirectoryDisabledError, a0 as ElevationExpiredError, a1 as ExportCapabilityError, F as FieldFrozenError, a2 as FilenameSanitizationError, a3 as ForgetStrategyNotConfiguredError, a4 as GroupCardinalityError, I as IllegalTransitionError, a5 as ImportCapabilityError, a6 as IndexRequiredError, a7 as IndexWriteFailureError, a8 as InvalidKeyError, f as InvariantError, a9 as JoinTooLargeError, aa as KeyringCorruptError, ab as KeyringExpiredError, ac as LedgerContentionError, L as LocaleNotSpecifiedError, z as MaterializedViewConfigError, C as MaterializedViewCycleError, E as MaterializedViewSourceUnknownError, G as MaterializedViewTooLargeError, ad as MigrationRequiredError, M as MissingTranslationError, ae as NetworkError, af as NoAccessError, ag as NonAdditiveSchemaChangeError, ah as NotFoundError, ai as NumberingUncertaintyError, O as OverlayBaseIsVirtualError, n as OverlayCollectionUnavailableError, o as OverlayIdMismatchError, p as OverlayNameCollisionError, aj as PathEscapeError, ak as PeriodClosedError, al as PermissionDeniedError, am as PrivilegeEscalationError, an as QuiesceTimeoutError, ao as ReadOnlyAtInstantError, ap as ReadOnlyError, aq as ReadOnlyFrameError, ar as RecordCekNotFoundError, g as RecordLockedError, R as ReservedCollectionNameError, as as ReservedVaultNameError, at as SchemaFenceError, au as SchemaLockedError, av as SchemaUpdateError, aw as SchemaValidationError, S as ScriptViolationError, q as SealedRecordExpiredError, r as SealedRecordMismatchError, ax as SequenceContentionError, ay as SequenceOfflineError, c as SessionExpiredError, d as SessionNotFoundError, e as SessionPolicyError, az as ShardProvisioningError, h as SnapshotNotFoundError, b as StaticDictReadonlyError, aA as StoreCapabilityError, aB as TamperedError, aC as TierDemoteDeniedError, aD as TierNotGrantedError, T as TranslatorNotConfiguredError, aE as UniqueConstraintError, U as UnknownDictCodeError, aF as UnknownShardError, aG as UnsupportedIndexOptionError, aH as ValidationError, aI as VaultTemplateNotFoundError } from './errors-Dkc_fi-S.js';
-export { D as DEFAULT_CROSS_JOIN_MAX_ROWS, a as DEFAULT_JOIN_MAX_ROWS, J as JoinContext, b as JoinLeg, c as JoinStrategy, d as JoinableSource, L as LiveQuery, e as LiveUpstream, O as OrderBy, Q as Query, f as QueryPlan, g as QuerySource, R as RefDescriptor, h as RefIntegrityError, i as RefMode, j as RefRegistry, k as RefScopeError, l as RefViolation, S as ScanBuilder, m as ScanPageProvider, n as applyJoins, o as buildLiveQuery, p as executePlan, q as isRefArray, r as ref, s as refArray, t as resetJoinWarnings } from './index-Bm9hIY7t.js';
-export { A as AutoCredential, n as AutoCredentialKind, c as CompressionAlgo, N as NOYDB_BUNDLE_FORMAT_VERSION, e as NOYDB_BUNDLE_MAGIC, f as NOYDB_BUNDLE_PREFIX_BYTES, g as NoydbBundleHeader, h as NoydbBundleReadResult, R as ReadNoydbBundleOptions, W as WriteNoydbBundleOptions, j as generateULID, o as hasNoydbBundleMagic, k as isULID, r as readNoydbBundle, l as readNoydbBundleHeader, p as readNoydbBundlePublicEnvelope, m as resetBrotliSupportCache, w as writeNoydbBundle } from './ulid-Dwt3JEcy.js';
+import { N as NoydbError } from './errors-B2tUcRPg.js';
+export { H as AlreadyElevatedError, A as AmendmentForbiddenError, s as AttestationError, B as BackupCorruptedError, u as BackupLedgerError, v as BundleIntegrityError, w as BundleSealMismatchError, x as BundleVersionConflictError, J as ConflictError, K as CrossJoinSourceUnknownError, Q as CrossJoinTooLargeError, V as DanglingReferenceError, W as DataResidencyError, X as DebugPlaintextError, Y as DebugReservedFieldError, Z as DecryptionError, _ as DelegationTargetMissingError, i as DerivationCapExceededError, j as DerivationCycleError, k as DerivationDepthError, l as DerivationOutputShapeError, m as DerivationOutputUnknownError, D as DictKeyInUseError, a as DictKeyMissingError, $ as DirectoryDisabledError, a0 as ElevationExpiredError, a1 as ExportCapabilityError, a2 as FederationMovedError, F as FieldFrozenError, a3 as FilenameSanitizationError, a4 as ForgetStrategyNotConfiguredError, a5 as GroupCardinalityError, I as IllegalTransitionError, a6 as ImportCapabilityError, a7 as IndexRequiredError, a8 as IndexWriteFailureError, a9 as InvalidKeyError, f as InvariantError, aa as JoinTooLargeError, ab as KeyringCorruptError, ac as KeyringExpiredError, ad as LedgerContentionError, L as LocaleNotSpecifiedError, z as MaterializedViewConfigError, C as MaterializedViewCycleError, E as MaterializedViewSourceUnknownError, G as MaterializedViewTooLargeError, ae as MigrationRequiredError, M as MissingTranslationError, af as NetworkError, ag as NoAccessError, ah as NonAdditiveSchemaChangeError, ai as NotFoundError, aj as NumberingUncertaintyError, O as OverlayBaseIsVirtualError, n as OverlayCollectionUnavailableError, o as OverlayIdMismatchError, p as OverlayNameCollisionError, ak as PathEscapeError, al as PeriodClosedError, am as PermissionDeniedError, an as PrivilegeEscalationError, ao as QuiesceTimeoutError, ap as ReadOnlyAtInstantError, aq as ReadOnlyError, ar as ReadOnlyFrameError, as as RecordCekNotFoundError, g as RecordLockedError, R as ReservedCollectionNameError, at as ReservedVaultNameError, au as SchemaFenceError, av as SchemaLockedError, aw as SchemaUpdateError, ax as SchemaValidationError, S as ScriptViolationError, q as SealedRecordExpiredError, r as SealedRecordMismatchError, ay as SequenceContentionError, az as SequenceOfflineError, c as SessionExpiredError, d as SessionNotFoundError, e as SessionPolicyError, aA as ShardProvisioningError, h as SnapshotNotFoundError, b as StaticDictReadonlyError, aB as StoreCapabilityError, aC as TamperedError, aD as TierDemoteDeniedError, aE as TierNotGrantedError, T as TranslatorNotConfiguredError, aF as UniqueConstraintError, U as UnknownDictCodeError, aG as UnknownShardError, aH as UnsupportedIndexOptionError, aI as ValidationError, aJ as VaultTemplateNotFoundError } from './errors-B2tUcRPg.js';
+export { A as AutoCredential, z as AutoCredentialKind, c as CompartmentManifest, d as CompressionAlgo, D as DecryptedRecord, M as MultiBundleManifest, f as MultiVaultCompartmentInput, N as NOYDB_BUNDLE_FORMAT_VERSION, g as NOYDB_BUNDLE_MAGIC, h as NOYDB_BUNDLE_PREFIX_BYTES, l as NoydbBundleHeader, m as NoydbBundleReadResult, R as ReadNoydbBundleOptions, W as WriteNoydbBundleOptions, o as decryptExtractedPartition, B as hasNoydbBundleMagic, r as readMultiVaultBundleCompartment, s as readNoydbBundle, t as readNoydbBundleHeader, u as readNoydbBundleManifest, E as readNoydbBundlePublicEnvelope, v as resetBrotliSupportCache, x as writeMultiVaultBundle, y as writeNoydbBundle } from './multi-bundle-6s5nKAZX.js';
+export { g as generateULID, i as isULID } from './ulid-DRH25k3y.js';
+export { D as DEFAULT_CROSS_JOIN_MAX_ROWS, a as DEFAULT_JOIN_MAX_ROWS, J as JoinContext, b as JoinLeg, c as JoinStrategy, d as JoinableSource, L as LiveQuery, e as LiveUpstream, O as OrderBy, Q as Query, f as QueryPlan, g as QuerySource, R as RefDescriptor, h as RefIntegrityError, i as RefMode, j as RefRegistry, k as RefScopeError, l as RefViolation, S as ScanBuilder, m as ScanPageProvider, n as applyJoins, o as buildLiveQuery, p as executePlan, q as isRefArray, r as ref, s as refArray, t as resetJoinWarnings } from './index-BLff_E35.js';
 export { L as LedgerEntry, c as canonicalJson, h as hashEntry, p as paddedIndex, a as parseIndex, s as sha256Hex } from './index-BMmajblo.js';
 export { a as CrdtMode, b as CrdtState, L as LwwMapState, R as RgaState, Y as YjsState, m as mergeCrdtStates, r as resolveCrdtSnapshot } from './strategy-BSxFXGzb.js';
+export { b as base64ToBuffer, a as bufferToBase64, d as decryptBytes, c as decryptDeterministic, e as derivePresenceKey, f as encryptBytes, g as encryptDeterministic } from './index-B8MoIS7B.js';
 export { TransactionStrategyOptions } from './tx/index.js';
-export { I as ImmutableGuardConfig, T as TransitionGuardConfig, i as immutableGuard, t as transitionGuard, w as withGuard } from './transition-guard-Ctxapq1b.js';
-import { K as RoundingMode } from './strategy-54eIwox5.js';
-export { h as AggregateResult, j as AggregateSpec, k as Aggregation, l as AggregationUpstream, G as GROUPBY_MAX_CARDINALITY, m as GROUPBY_WARN_CARDINALITY, n as GroupedAggregation, o as GroupedQuery, p as GroupedQueryN, q as GroupedRow, t as GroupedRowN, I as I18nMap, a as I18nTextDescriptor, b as I18nTextOptions, L as Layer, u as LiveAggregation, M as MoneyCurrencyError, N as MoneyDescriptor, P as MoneyOptions, Q as MoneyOptionsFixed, S as MoneyOptionsMulti, T as MoneyPrecisionError, U as MoneyUnsupportedError, O as OnMissing, c as OnMissingPolicy, w as Reducer, x as ReducerOptions, R as ResolveI18nOptions, d as applyI18nLocale, y as avg, B as count, C as groupAndReduce, i as i18nText, e as isI18nTextDescriptor, V as isMoneyDescriptor, D as max, E as min, W as money, F as reduceRecords, r as resolveI18nText, f as resolvePolicy, J as sum, v as validateI18nTextValue } from './strategy-54eIwox5.js';
-export { w as withDerivation, a as withRollup } from './with-rollup-CO8ibRcK.js';
-export { w as withMaterializedView } from './with-materialized-view-CyVLOr09.js';
+export { I as ImmutableGuardConfig, T as TransitionGuardConfig, i as immutableGuard, t as transitionGuard, w as withGuard } from './transition-guard-CQH5263l.js';
+import { K as RoundingMode } from './strategy-D47TC5X6.js';
+export { h as AggregateResult, j as AggregateSpec, k as Aggregation, l as AggregationUpstream, G as GROUPBY_MAX_CARDINALITY, m as GROUPBY_WARN_CARDINALITY, n as GroupedAggregation, o as GroupedQuery, p as GroupedQueryN, q as GroupedRow, t as GroupedRowN, I as I18nMap, a as I18nTextDescriptor, b as I18nTextOptions, L as Layer, u as LiveAggregation, M as MoneyCurrencyError, N as MoneyDescriptor, P as MoneyOptions, Q as MoneyOptionsFixed, S as MoneyOptionsMulti, T as MoneyPrecisionError, U as MoneyUnsupportedError, O as OnMissing, c as OnMissingPolicy, w as Reducer, x as ReducerOptions, R as ResolveI18nOptions, d as applyI18nLocale, y as avg, B as count, C as groupAndReduce, i as i18nText, e as isI18nTextDescriptor, V as isMoneyDescriptor, D as max, E as min, W as money, F as reduceRecords, r as resolveI18nText, f as resolvePolicy, J as sum, v as validateI18nTextValue } from './strategy-D47TC5X6.js';
+export { w as withDerivation, a as withRollup } from './with-rollup-B1_ZjG02.js';
+export { w as withMaterializedView } from './with-materialized-view-Cj-6fuav.js';
 export { a as Clause, C as CollectionIndexes, F as FieldClause, b as FilterClause, G as GroupClause, H as HashIndex, I as IndexDef, O as Operator, e as evaluateClause, c as evaluateFieldClause, r as readPath } from './predicate-BmhBSPCH.js';
-export { w as withOverlayedView } from './with-overlayed-view-BhLRxqwI.js';
+export { w as withOverlayedView } from './with-overlayed-view-COp_7EEy.js';
 export { SYNC_CREDENTIALS_COLLECTION, SyncCredential, credentialStatus, deleteCredential, getCredential, listCredentials, putCredential } from './team/index.js';
-export { C as CreateSessionOptions, a as CreateSessionResult, D as DevUnlockOptions, S as SessionToken, b as activeSessionCount, c as clearDevUnlock, d as createSession, e as enableDevUnlock, i as isDevUnlockActive, f as isSessionAlive, l as loadDevUnlock, r as resolveSession, g as revokeAllSessions, h as revokeSession } from './dev-unlock-DzDzLTdZ.js';
+export { C as CreateSessionOptions, a as CreateSessionResult, D as DevUnlockOptions, S as SessionToken, b as activeSessionCount, c as clearDevUnlock, d as createSession, e as enableDevUnlock, i as isDevUnlockActive, f as isSessionAlive, l as loadDevUnlock, r as resolveSession, g as revokeAllSessions, h as revokeSession } from './dev-unlock-BlhRHr6p.js';
 export { i as isDiscriminant } from './discriminant-BN9REW3o.js';
-export { L as LEDGER_COLLECTION, a as LEDGER_DELTAS_COLLECTION, e as envelopePayloadHash } from './hash-DepR-xVc.js';
+export { L as LEDGER_COLLECTION, a as LEDGER_DELTAS_COLLECTION, e as envelopePayloadHash } from './hash-cF4iWaBV.js';
 import './lazy-builder-ChSqcF5t.js';
 import '@noy-db/attestation';
 
@@ -123,15 +125,6 @@ declare function parseBytes(input: number | string): number;
  */
 declare function estimateRecordBytes(record: unknown): number;
 
-/**
- * @category capability
- * Zero-dependency federation constants. Kept import-free so the core
- * graph can reference reserved names without pulling the (dynamically
- * imported) federation chunk. See the StateManagement Vault design spec.
- */
-/** Reserved fleet-wide control-plane vault name. */
-declare const STATE_VAULT_NAME = "__noydb_state__";
-
 /**
  * Persistence helpers for `_meta/public-envelope`. Mirrors the
  * bypass-AES pattern used by `_meta/handle` and `_meta/policy` —
@@ -408,6 +401,13 @@ declare function coordinatedCutover(opts: {
     readonly transform: TransformFn;
 }): SchemaUpdateStrategy;
 
+/**
+ * Hub-core constants that must be referenceable without pulling any
+ * subsystem chunk. Kept import-free.
+ */
+/** Reserved fleet-wide control-plane vault name. Hub reserves it; @klum-db/lobby's StateManagementVault uses it. */
+declare const STATE_VAULT_NAME = "__noydb_state__";
+
 /**
  * Derive a {@link PersistedSchemaEnvelope} from a Standard Schema v1
  * validator. v0 supports Zod via `zod-to-json-schema` (optional peer-dep);
@@ -494,6 +494,90 @@ declare function persistSchemaIfNeeded(opts: {
     readonly strategies?: readonly SchemaUpdateStrategy[];
 }): Promise<PersistSchemaResult>;
 
+/**
+ * FR-6 — Deed: sealed / hidden-owner provisioning.
+ *
+ * A **Deed** is a vault owned by a *latent* principal who never
+ * authenticates. The owner credential (the random passphrase that
+ * derives `KEK_owner`) is minted machine-side and sealed under a
+ * **non-firm** {@link SealingKeyProvider} — that sealing boundary is
+ * the cryptographic *inalienability anchor*: whoever holds the
+ * provider (the client / their KMS) is the only party that can ever
+ * re-derive `KEK_owner`. A firm-side custodian operates the vault
+ * fully but can never reach the owner key — there is deliberately NO
+ * firm-controlled fallback.
+ *
+ * Provisioning reuses the managed-mode seam:
+ *   - {@link resolveManagedSecret} mints + seals + persists the random
+ *     passphrase at `_meta/sealed-passphrase` (and unseals it on every
+ *     subsequent open through the same provider).
+ *   - {@link createOwnerKeyring} derives `KEK_owner` from that
+ *     passphrase and writes the `_keyring/<ownerUserId>` file.
+ *
+ * On top of that, a Deed writes a `_meta/deed` **marker**. The marker
+ * is PLAINTEXT metadata — it records WHO the latent owner is and WHICH
+ * sealing boundary protects them, so it must be readable without
+ * unlocking the vault (a custodian or auditor inspecting the vault must
+ * be able to see "this is a Deed vault, owner = X, sealed under Y"
+ * without any key). The marker itself is therefore never sealed; only
+ * the owner *credential* is.
+ *
+ * @module
+ */
+
+/** Reserved id for the Deed marker under `_meta`. */
+declare const DEED_RECORD_ID: "deed";
+/**
+ * Plaintext metadata recording a vault's latent-owner Deed. Persisted
+ * at `_meta/deed`. Readable without unlocking the vault by design — it
+ * carries no secret material, only the identity of the latent owner
+ * and the sealing boundary that anchors inalienability.
+ */
+interface DeedMarker {
+    /** The latent owner principal — the user id of the `_keyring/<id>` owner file. */
+    readonly ownerUserId: string;
+    /**
+     * The `SealingKeyProvider.id` the owner credential is sealed under.
+     * The inalienability anchor: only the holder of this (non-firm)
+     * provider can re-derive `KEK_owner`. Audit metadata — never secret.
+     */
+    readonly sealedUnder: string;
+    /** Always `true` for a Deed — the owner never authenticates interactively. */
+    readonly latent: true;
+    /** ISO-8601 timestamp the Deed was issued. */
+    readonly issuedAt: string;
+    /**
+     * ISO-8601 timestamp the vault was liberated (a new owner claimed it
+     * via the audited Liberate ceremony), if any. Absent until liberation.
+     */
+    readonly liberatedAt?: string;
+}
+/**
+ * Provision a Deed: a latent owner whose credential is sealed under
+ * `sealing` (a NON-firm provider). Mints + seals the owner passphrase
+ * via {@link resolveManagedSecret}, derives the owner keyring via
+ * {@link createOwnerKeyring}, then writes the plaintext `_meta/deed`
+ * marker. Returns the unlocked owner keyring.
+ *
+ * The returned keyring is the only in-memory window onto `KEK_owner`
+ * for this call; the persistent re-entry point is the sealing provider
+ * (re-run {@link resolveManagedSecret} with the same provider to
+ * re-resolve the passphrase, then {@link createOwnerKeyring}/load to
+ * unlock — no interactive passphrase is ever required).
+ *
+ * There is deliberately no firm-controlled fallback: the marker's
+ * `sealedUnder` is the single cryptographic anchor of ownership.
+ */
+declare function createDeedOwner(store: NoydbStore, vault: string, ownerUserId: string, sealing: SealingKeyProvider): Promise<UnlockedKeyring>;
+/**
+ * Read the {@link DeedMarker} from `_meta/deed`, or `null` if the vault
+ * has no Deed marker (i.e. it is not a Deed vault). Plaintext read — no
+ * unlocking required.
+ */
+declare function loadDeedMarker(store: NoydbStore, vault: string): Promise<DeedMarker | null>;
+/** Whether `vault` carries a Deed marker (a sealed/latent owner). */
+declare function isDeedVault(store: NoydbStore, vault: string): Promise<boolean>;
+
 /**
  * Authentication introspection.
  *
@@ -617,61 +701,6 @@ declare function persistUserVisibility(store: NoydbStore, vault: string, keyring
  */
 declare function deleteUserVisibility(store: NoydbStore, vault: string, keyringId: string): Promise<void>;
 
-interface EncryptResult {
-    iv: string;
-    data: string;
-}
-/**
- * Encrypt raw bytes with AES-256-GCM using a fresh random IV.
- * Used by the attachment store so binary blobs avoid double base64 encoding
- * (the existing `encrypt()` function calls `TextEncoder` on a string — here
- * we pass the `Uint8Array` directly to `subtle.encrypt`).
- */
-declare function encryptBytes(data: Uint8Array, dek: CryptoKey): Promise<EncryptResult>;
-/**
- * Decrypt AES-256-GCM ciphertext back to raw bytes.
- * Counterpart to `encryptBytes`. Throws `TamperedError` on auth-tag failure.
- */
-declare function decryptBytes(ivBase64: string, dataBase64: string, dek: CryptoKey): Promise<Uint8Array>;
-/**
- * Derive an AES-256-GCM presence key from a collection DEK using HKDF-SHA256.
- *
- * The presence key is domain-separated from the data DEK by the fixed salt
- * `'noydb-presence'` and the `info` = collection name. This means:
- *  - The adapter never sees the presence key.
- *  - Presence payloads rotate automatically when the collection DEK is rotated.
- *  - Revoked users cannot derive the new presence key after a DEK rotation.
- *
- * @param dek            The collection's AES-256-GCM DEK (extractable).
- * @param collectionName Used as the HKDF `info` parameter for domain separation.
- * @returns A non-extractable AES-256-GCM key suitable for presence payload encryption.
- */
-declare function derivePresenceKey(dek: CryptoKey, collectionName: string): Promise<CryptoKey>;
-/**
- * Encrypt a plaintext string with AES-256-GCM and a deterministic,
- * HKDF-derived IV.
- *
- * The same `{ dek, context, plaintext }` triple always produces the
- * same `{ iv, data }` — call this twice and you can string-compare the
- * ciphertexts to check equality of the inputs without decrypting them.
- *
- * @param context  Domain-separation string — by convention
- *                 `'<collection>/<field>'`. Different contexts encrypt
- *                 the same plaintext to different ciphertexts, so
- *                 `email` in collection `users` does not collide with
- *                 `email` in collection `customers`.
- */
-declare function encryptDeterministic(plaintext: string, dek: CryptoKey, context: string): Promise<EncryptResult>;
-/**
- * Counterpart to {@link encryptDeterministic}. The IV is stored
- * alongside the ciphertext (exactly like the randomized path), so
- * decrypt uses the stored IV and verifies the GCM auth tag — a tampered
- * ciphertext throws `TamperedError` just like randomized AES-GCM.
- */
-declare function decryptDeterministic(ivBase64: string, dataBase64: string, dek: CryptoKey): Promise<string>;
-declare function bufferToBase64(buffer: ArrayBuffer | Uint8Array): string;
-declare function base64ToBuffer(base64: string): Uint8Array<ArrayBuffer>;
-
 /**
  * Return the ISO-4217 minor-unit scale for a currency code, or `null`
  * when the code is not in the known set (caller must supply an explicit
@@ -922,6 +951,23 @@ interface VaultDiffEntry<T = unknown> {
     readonly collection: string;
     readonly id: string;
     readonly record: T;
+    /**
+     * Unencrypted envelope metadata for the RECEIVER-side record.
+     * Populated only when `diffVault` is called with `{includeMetadata: true}`.
+     * Default: `undefined` (zero extra reads, no behavior change).
+     *
+     * Populated for `modified` (the CURRENT receiver state, before the candidate
+     * is applied) and `deleted` (the receiver envelope of the record being
+     * removed). `added` entries have no receiver envelope at diff time, so their
+     * `metadata` is always absent.
+     */
+    readonly metadata?: {
+        readonly version: number;
+        readonly timestamp: string;
+        readonly by?: string;
+        readonly source?: string;
+        readonly sourceTs?: string;
+    };
 }
 /** Modified records carry both halves of the diff plus the field-level breakdown. */
 interface VaultDiffModifiedEntry<T = unknown> extends VaultDiffEntry<T> {
@@ -968,6 +1014,15 @@ interface DiffOptions {
     readonly compareFn?: (a: unknown, b: unknown) => boolean;
     /** If true, include unchanged records in the diff (off by default to save memory). */
     readonly includeUnchanged?: boolean;
+    /**
+     * When `true`, each entry in `added`, `modified`, and `deleted` will carry a
+     * `metadata` field with the RECEIVER-side envelope metadata
+     * (`version`, `timestamp`, `by?`, `source?`, `sourceTs?`).
+     *
+     * Off by default — no extra adapter reads, no behavior change for existing callers.
+     * (FR-5 read surface, #445)
+     */
+    readonly includeMetadata?: boolean;
 }
 /**
  * Candidate state to diff the vault against:
@@ -989,4 +1044,4 @@ type DiffCandidate<T = unknown> = Vault | Record<string, readonly T[]> | string;
  */
 declare function diffVault<T = unknown>(vault: Vault, candidate: DiffCandidate<T>, options?: DiffOptions): Promise<VaultDiff<T>>;
 
-export { ActiveTier, type AllocateOptions, type CheckGateContext, DEFAULT_FRESHNESS_MS, DIRECTORY_RECORD_ID, type DiffCandidate, DiffEntry, type DiffOptions, DirectoryConfig, EncryptedEnvelope, FactorProof, type FxRates, GateName, GatePolicy, META_COLLECTION, ManagedRecoveryNotEnrolledError, type MoneyString, type MulRateOptions, NoydbError, NoydbStore, PERSONAL_POLICY, POLICY_RECORD_ID, PUBLIC_ENVELOPE_RECORD_ID, type PersistSchemaResult, PersistedSchemaEnvelope, PolicyDeniedError, type PolicyDenyReason, PublicEnvelope, RecoveryNotEnrolledError, RecoveryProfileNotImplementedError, RoundingMode, SCHEMAS_COLLECTION, STATE_VAULT_NAME, STRICT_POLICY, SchemaUpdateStrategy, type Tokenizer, UnlockedKeyring, UpdateDecision, UserEnvelope, UserVisibility, VISIBILITY_RECORD_PREFIX, Vault, type VaultDiff, type VaultDiffEntry, type VaultDiffModifiedEntry, VaultPolicy, additiveOnly, allocate, asMoney, assertTierAccess, base64ToBuffer, blindUpdate, bufferToBase64, checkGate, coordinatedCutover, decryptBytes, decryptDeterministic, dekKey, deleteUserEnvelope, deleteUserVisibility, derivePersistedSchema, derivePresenceKey, describeAllUsersAuth, describeAuthConfig, describeGate, describeUserAuth, diagramAuthConfig, diffVault, effectiveClearance, encryptBytes, encryptDeterministic, estimateRecordBytes, isMoneyString, isZodSchema, listUserEnvelopeIds, loadPersistedSchema, loadPublicEnvelope, loadUserEnvelope, loadVaultPolicy, lockSchema, mergePolicy, moneyNumber, mulRate, parseBytes, persistDirectoryConfig, persistSchemaIfNeeded, persistUserVisibility, readDirectoryConfig, readPlaintextRecord, readPublicEnvelope, readUserVisibility, savePersistedSchema, savePublicEnvelope, saveUserEnvelope, saveVaultPolicy, scaleForCurrency, tokenize, visibilityRecordId };
+export { ActiveTier, type AllocateOptions, type CheckGateContext, DEED_RECORD_ID, DEFAULT_FRESHNESS_MS, DIRECTORY_RECORD_ID, type DeedMarker, type DiffCandidate, DiffEntry, type DiffOptions, DirectoryConfig, EncryptedEnvelope, FactorProof, type FxRates, GateName, GatePolicy, META_COLLECTION, ManagedRecoveryNotEnrolledError, type MoneyString, type MulRateOptions, NoydbError, NoydbStore, PERSONAL_POLICY, POLICY_RECORD_ID, PUBLIC_ENVELOPE_RECORD_ID, type PersistSchemaResult, PersistedSchemaEnvelope, PolicyDeniedError, type PolicyDenyReason, PublicEnvelope, RecoveryNotEnrolledError, RecoveryProfileNotImplementedError, RoundingMode, SCHEMAS_COLLECTION, STATE_VAULT_NAME, STRICT_POLICY, SchemaUpdateStrategy, SealingKeyProvider, type Tokenizer, UnlockedKeyring, UpdateDecision, UserEnvelope, UserVisibility, VISIBILITY_RECORD_PREFIX, Vault, type VaultDiff, type VaultDiffEntry, type VaultDiffModifiedEntry, VaultPolicy, additiveOnly, allocate, asMoney, assertTierAccess, blindUpdate, checkGate, coordinatedCutover, createDeedOwner, dekKey, deleteUserEnvelope, deleteUserVisibility, derivePersistedSchema, describeAllUsersAuth, describeAuthConfig, describeGate, describeUserAuth, diagramAuthConfig, diffVault, effectiveClearance, estimateRecordBytes, isDeedVault, isMoneyString, isZodSchema, listUserEnvelopeIds, loadDeedMarker, loadPersistedSchema, loadPublicEnvelope, loadUserEnvelope, loadVaultPolicy, lockSchema, mergePolicy, moneyNumber, mulRate, parseBytes, persistDirectoryConfig, persistSchemaIfNeeded, persistUserVisibility, readDirectoryConfig, readPlaintextRecord, readPublicEnvelope, readUserVisibility, savePersistedSchema, savePublicEnvelope, saveUserEnvelope, saveVaultPolicy, scaleForCurrency, tokenize, visibilityRecordId };