@noy-db/hub 0.2.0-pre.23 → 0.2.0-pre.25
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/aggregate/index.cjs.map +1 -1
- package/dist/aggregate/index.d.cts +3 -3
- package/dist/aggregate/index.d.ts +3 -3
- package/dist/aggregate/index.js +5 -5
- package/dist/attestation/index.cjs.map +1 -1
- package/dist/attestation/index.d.cts +4 -4
- package/dist/attestation/index.d.ts +4 -4
- package/dist/attestation/index.js +6 -6
- package/dist/blobs/index.cjs.map +1 -1
- package/dist/blobs/index.d.cts +6 -6
- package/dist/blobs/index.d.ts +6 -6
- package/dist/blobs/index.js +6 -6
- package/dist/bundle/index.cjs +421 -1209
- package/dist/bundle/index.cjs.map +1 -1
- package/dist/bundle/index.d.cts +15 -6
- package/dist/bundle/index.d.ts +15 -6
- package/dist/bundle/index.js +42 -193
- package/dist/bundle/index.js.map +1 -1
- package/dist/{chunk-SQOK5UM6.js → chunk-2KA3PDUR.js} +2 -2
- package/dist/{chunk-HYJMAV53.js → chunk-2RHBFCWQ.js} +93 -93
- package/dist/chunk-2RHBFCWQ.js.map +1 -0
- package/dist/{chunk-U2XSUCDF.js → chunk-3BANVNDH.js} +2 -2
- package/dist/{chunk-P65YMN5V.js → chunk-56ENKU46.js} +397 -165
- package/dist/chunk-56ENKU46.js.map +1 -0
- package/dist/{chunk-37VGJM3T.js → chunk-7JSP3E67.js} +2 -2
- package/dist/{chunk-F5ILTHMU.js → chunk-ANLOD6IS.js} +5 -5
- package/dist/{chunk-JYNH4FIM.js → chunk-C7UIT5XY.js} +4 -4
- package/dist/{chunk-OTWT6BAJ.js → chunk-DDOYOMAD.js} +2 -2
- package/dist/chunk-DDOYOMAD.js.map +1 -0
- package/dist/{chunk-TGIJTNM3.js → chunk-E5TJAQS7.js} +2 -2
- package/dist/{chunk-IY24WS2P.js → chunk-EJJTUDNI.js} +4 -4
- package/dist/{chunk-IY24WS2P.js.map → chunk-EJJTUDNI.js.map} +1 -1
- package/dist/{chunk-GJTKMME7.js → chunk-EW3H5Y7N.js} +2 -2
- package/dist/{chunk-JDCPRJVS.js → chunk-EYZJULEN.js} +4 -4
- package/dist/{chunk-I3IYTUUI.js → chunk-FCIZXX56.js} +3 -3
- package/dist/{chunk-C2RJVZZL.js → chunk-FJ3C3ELF.js} +2 -2
- package/dist/{chunk-ZONKSLF2.js → chunk-FO5WEDKF.js} +2 -2
- package/dist/{chunk-SQKAECUL.js → chunk-FUDVHE2U.js} +2 -2
- package/dist/{chunk-IVZWHIEK.js → chunk-GHXOVGTX.js} +5 -5
- package/dist/{chunk-UU6M64HI.js → chunk-GPZHHTJU.js} +4 -4
- package/dist/{chunk-3HNKR65T.js → chunk-H4XFA2LM.js} +3 -3
- package/dist/{chunk-JOK73NDT.js → chunk-HUXDQIVU.js} +3 -3
- package/dist/{chunk-F5GWNSE2.js → chunk-J73KU4AE.js} +3 -3
- package/dist/{chunk-F5GWNSE2.js.map → chunk-J73KU4AE.js.map} +1 -1
- package/dist/{chunk-O5XKZCUD.js → chunk-JJKXJAH2.js} +5 -5
- package/dist/{chunk-TNH5SLCD.js → chunk-KD253AI5.js} +2 -2
- package/dist/{chunk-WWVJXBOT.js → chunk-KJ37E3R5.js} +5 -5
- package/dist/{chunk-S45MDEEF.js → chunk-KNJ7MK4B.js} +2 -2
- package/dist/{chunk-TA6HPKWQ.js → chunk-LR7CODVN.js} +1 -1
- package/dist/chunk-LR7CODVN.js.map +1 -0
- package/dist/{chunk-J6RGRZOY.js → chunk-LX4CPLU6.js} +2 -2
- package/dist/{chunk-WE2BUQD2.js → chunk-N4EXCKWP.js} +3 -3
- package/dist/{chunk-EYK72OTL.js → chunk-OCRDV3NU.js} +5 -5
- package/dist/chunk-OCRDV3NU.js.map +1 -0
- package/dist/{chunk-JBBWALNI.js → chunk-OMBPGXCL.js} +2 -2
- package/dist/{chunk-NV4IHBZS.js → chunk-PS6PSEZL.js} +5 -5
- package/dist/{chunk-6QE4DUYC.js → chunk-Q7P4WHTL.js} +2 -2
- package/dist/{chunk-TAMRU7A2.js → chunk-QYQRAOEF.js} +4 -4
- package/dist/{chunk-6QAZ5O6X.js → chunk-RHVYFAVQ.js} +2 -2
- package/dist/chunk-RZOGD7IF.js +232 -0
- package/dist/chunk-RZOGD7IF.js.map +1 -0
- package/dist/{chunk-YPIOFSN3.js → chunk-SKYBEGHB.js} +2 -2
- package/dist/{chunk-7MRT7EPB.js → chunk-TESFHBOW.js} +3 -3
- package/dist/{chunk-CQYEDODS.js → chunk-TSUICI5N.js} +3 -3
- package/dist/{chunk-FRRJIUSI.js → chunk-UNBX2HMA.js} +17 -9
- package/dist/chunk-UNBX2HMA.js.map +1 -0
- package/dist/{chunk-TYMDCIQM.js → chunk-VGAN5RLD.js} +4 -4
- package/dist/{chunk-5YTXYPES.js → chunk-VJNV2GRF.js} +5 -5
- package/dist/{chunk-NSXNXLYM.js → chunk-VUUQYWF5.js} +2 -2
- package/dist/{chunk-IW4L4X65.js → chunk-WVYL6HM7.js} +2 -2
- package/dist/{chunk-BZW5IL43.js → chunk-Y5CTT6K5.js} +4 -4
- package/dist/{chunk-C6W5KVDV.js → chunk-YP2AYE5W.js} +35 -35
- package/dist/chunk-YP2AYE5W.js.map +1 -0
- package/dist/{chunk-KOAJ3TZM.js → chunk-YRQPI67X.js} +2 -2
- package/dist/{chunk-MBXKRHSS.js → chunk-YYTM4U4J.js} +2 -2
- package/dist/{chunk-2XA2ZML4.js → chunk-ZCBJIDT4.js} +3 -3
- package/dist/{chunk-AI4USDRI.js → chunk-ZW2YSN6G.js} +4 -4
- package/dist/consent/index.cjs.map +1 -1
- package/dist/consent/index.d.cts +5 -5
- package/dist/consent/index.d.ts +5 -5
- package/dist/consent/index.js +3 -3
- package/dist/{crypto-456N7UVX.js → crypto-YBKBNPVM.js} +3 -3
- package/dist/{ulid-Dwt3JEcy.d.ts → decrypt-partition-C71vhnND.d.cts} +19 -64
- package/dist/{ulid-Bg-IBJyA.d.cts → decrypt-partition-CyyJUWLR.d.ts} +19 -64
- package/dist/{delegation-DP4COTXB.js → delegation-4JSMM6BB.js} +5 -5
- package/dist/derivations/index.cjs.map +1 -1
- package/dist/derivations/index.d.cts +6 -6
- package/dist/derivations/index.d.ts +6 -6
- package/dist/derivations/index.js +4 -4
- package/dist/{dev-unlock-Bw7iBD1D.d.cts → dev-unlock-BdrE0kbS.d.cts} +1 -1
- package/dist/{dev-unlock-DzDzLTdZ.d.ts → dev-unlock-ByBkl99-.d.ts} +1 -1
- package/dist/{errors-Dkc_fi-S.d.cts → errors-Dwk2k1xY.d.cts} +14 -5
- package/dist/{errors-Dkc_fi-S.d.ts → errors-Dwk2k1xY.d.ts} +14 -5
- package/dist/executor-3SVNESQ3.js +8 -0
- package/dist/executor-BIW4FT5R.js +12 -0
- package/dist/executor-VEZUBJNQ.js +8 -0
- package/dist/{fanout-sidecar-YXNAEZ33.js → fanout-sidecar-ZQT4Y7PF.js} +2 -2
- package/dist/forget/index.js +4 -4
- package/dist/guards/index.cjs.map +1 -1
- package/dist/guards/index.d.cts +6 -6
- package/dist/guards/index.d.ts +6 -6
- package/dist/guards/index.js +6 -6
- package/dist/{hash-C52X_-m5.d.cts → hash-BUkDp_8Q.d.cts} +1 -1
- package/dist/{hash-DepR-xVc.d.ts → hash-CZxVv8RH.d.ts} +1 -1
- package/dist/history/index.cjs.map +1 -1
- package/dist/history/index.d.cts +6 -6
- package/dist/history/index.d.ts +6 -6
- package/dist/history/index.js +5 -5
- package/dist/i18n/index.cjs.map +1 -1
- package/dist/i18n/index.d.cts +5 -5
- package/dist/i18n/index.d.ts +5 -5
- package/dist/i18n/index.js +6 -6
- package/dist/index-CBUhOmrM.d.cts +70 -0
- package/dist/index-DFhKV-6A.d.ts +70 -0
- package/dist/{index-tZqVB9g5.d.cts → index-DoxKSsMj.d.cts} +2 -2
- package/dist/{index-Bm9hIY7t.d.ts → index-LaexBi3v.d.ts} +2 -2
- package/dist/index.cjs +25660 -25495
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +135 -80
- package/dist/index.d.ts +135 -80
- package/dist/index.js +70 -51
- package/dist/index.js.map +1 -1
- package/dist/indexing/index.cjs.map +1 -1
- package/dist/indexing/index.js +4 -4
- package/dist/issue-LEBPVF3Y.js +12 -0
- package/dist/kernel/index.cjs +657 -0
- package/dist/kernel/index.cjs.map +1 -0
- package/dist/kernel/index.d.cts +11 -0
- package/dist/kernel/index.d.ts +11 -0
- package/dist/kernel/index.js +40 -0
- package/dist/{ledger-I7JUYP4L.js → ledger-FLRTSOYH.js} +5 -5
- package/dist/materialized-views/index.cjs.map +1 -1
- package/dist/materialized-views/index.d.cts +6 -6
- package/dist/materialized-views/index.d.ts +6 -6
- package/dist/materialized-views/index.js +8 -8
- package/dist/{mime-magic-Cxf9B_Dm.d.cts → mime-magic-BAhLjkHw.d.cts} +1 -1
- package/dist/{mime-magic-Dejetix_.d.ts → mime-magic-C1UbcBxP.d.ts} +1 -1
- package/dist/noydb-6FA46A4M.js +38 -0
- package/dist/overlay-views/index.cjs.map +1 -1
- package/dist/overlay-views/index.d.cts +6 -6
- package/dist/overlay-views/index.d.ts +6 -6
- package/dist/overlay-views/index.js +4 -4
- package/dist/periods/index.cjs.map +1 -1
- package/dist/periods/index.d.cts +5 -5
- package/dist/periods/index.d.ts +5 -5
- package/dist/periods/index.js +5 -5
- package/dist/{public-envelope-5XRTUNKF.js → public-envelope-DBKJEBBF.js} +4 -4
- package/dist/query/index.cjs.map +1 -1
- package/dist/query/index.d.cts +3 -3
- package/dist/query/index.d.ts +3 -3
- package/dist/query/index.js +7 -7
- package/dist/registry-CMEVTOCN.js +8 -0
- package/dist/{registry-NWHOLD5M.js → registry-OUZ3VBZA.js} +3 -3
- package/dist/registry-XUBRO5JJ.js +8 -0
- package/dist/{revoke-5IEK22KT.js → revoke-P5D3UTRX.js} +6 -6
- package/dist/sealed-record/index.cjs.map +1 -1
- package/dist/sealed-record/index.d.cts +1 -1
- package/dist/sealed-record/index.d.ts +1 -1
- package/dist/sealed-record/index.js +2 -2
- package/dist/session/index.cjs.map +1 -1
- package/dist/session/index.d.cts +6 -6
- package/dist/session/index.d.ts +6 -6
- package/dist/session/index.js +3 -3
- package/dist/shadow/index.cjs.map +1 -1
- package/dist/shadow/index.d.cts +5 -5
- package/dist/shadow/index.d.ts +5 -5
- package/dist/shadow/index.js +2 -2
- package/dist/{signer-I6YARZQA.js → signer-NEQPCHMW.js} +5 -5
- package/dist/snapshots/index.cjs.map +1 -1
- package/dist/snapshots/index.d.cts +5 -5
- package/dist/snapshots/index.d.ts +5 -5
- package/dist/snapshots/index.js +4 -4
- package/dist/{stale-CPESGAPL.js → stale-KKCHF2VB.js} +2 -2
- package/dist/store/index.cjs.map +1 -1
- package/dist/store/index.d.cts +5 -5
- package/dist/store/index.d.ts +5 -5
- package/dist/store/index.js +2 -2
- package/dist/{strategy-WtB-jXYv.d.cts → strategy-D1zjEV3n.d.cts} +1 -1
- package/dist/{strategy-54eIwox5.d.ts → strategy-YQ1qJWyq.d.ts} +1 -1
- package/dist/sync/index.cjs.map +1 -1
- package/dist/sync/index.d.cts +4 -4
- package/dist/sync/index.d.ts +4 -4
- package/dist/sync/index.js +4 -4
- package/dist/team/index.cjs +10 -3
- package/dist/team/index.cjs.map +1 -1
- package/dist/team/index.d.cts +5 -5
- package/dist/team/index.d.ts +5 -5
- package/dist/team/index.js +8 -8
- package/dist/{transition-guard-Ctxapq1b.d.ts → transition-guard-BSLdikC_.d.ts} +1 -1
- package/dist/{transition-guard-BcLyTGYq.d.cts → transition-guard-DPs6al8h.d.cts} +1 -1
- package/dist/tx/index.cjs +1 -1
- package/dist/tx/index.cjs.map +1 -1
- package/dist/tx/index.d.cts +5 -5
- package/dist/tx/index.d.ts +5 -5
- package/dist/tx/index.js +3 -3
- package/dist/{types-Bhs2i_Ll.d.cts → types-BCYvhKzr.d.cts} +282 -578
- package/dist/{types-DONgts0n.d.ts → types-CCq0WHh9.d.ts} +282 -578
- package/dist/ulid-DRH25k3y.d.cts +66 -0
- package/dist/ulid-DRH25k3y.d.ts +66 -0
- package/dist/util/index.cjs.map +1 -1
- package/dist/util/index.js +1 -1
- package/dist/{with-materialized-view-BYb3p9wT.d.cts → with-materialized-view-CTHe6uh9.d.cts} +1 -1
- package/dist/{with-materialized-view-CyVLOr09.d.ts → with-materialized-view-DiD41wQp.d.ts} +1 -1
- package/dist/{with-overlayed-view-BhLRxqwI.d.ts → with-overlayed-view-DlbsJMhF.d.ts} +1 -1
- package/dist/{with-overlayed-view-LGrQ984e.d.cts → with-overlayed-view-Dlz5hcM8.d.cts} +1 -1
- package/dist/{with-rollup-Bj8c7ttB.d.cts → with-rollup-BBWdrCvu.d.cts} +1 -1
- package/dist/{with-rollup-CO8ibRcK.d.ts → with-rollup-mT4_CWaU.d.ts} +1 -1
- package/package.json +13 -3
- package/dist/chunk-C6W5KVDV.js.map +0 -1
- package/dist/chunk-EYK72OTL.js.map +0 -1
- package/dist/chunk-FRRJIUSI.js.map +0 -1
- package/dist/chunk-HYJMAV53.js.map +0 -1
- package/dist/chunk-JTI57WRT.js +0 -164
- package/dist/chunk-JTI57WRT.js.map +0 -1
- package/dist/chunk-OTWT6BAJ.js.map +0 -1
- package/dist/chunk-P65YMN5V.js.map +0 -1
- package/dist/chunk-TA6HPKWQ.js.map +0 -1
- package/dist/chunk-ZC7J6ZYV.js +0 -7
- package/dist/chunk-ZC7J6ZYV.js.map +0 -1
- package/dist/executor-4IEW4KG5.js +0 -8
- package/dist/executor-KYJCJCIN.js +0 -12
- package/dist/executor-W7VIBOBZ.js +0 -8
- package/dist/issue-JXC6T2QR.js +0 -12
- package/dist/noydb-VGR2HLDB.js +0 -39
- package/dist/registry-ATRHOG5B.js +0 -8
- package/dist/registry-LEHB26TY.js +0 -8
- package/dist/state-vault-JR3CFGNP.js +0 -14
- package/dist/vault-group-BB246VIM.js +0 -804
- package/dist/vault-group-BB246VIM.js.map +0 -1
- /package/dist/{chunk-SQOK5UM6.js.map → chunk-2KA3PDUR.js.map} +0 -0
- /package/dist/{chunk-U2XSUCDF.js.map → chunk-3BANVNDH.js.map} +0 -0
- /package/dist/{chunk-37VGJM3T.js.map → chunk-7JSP3E67.js.map} +0 -0
- /package/dist/{chunk-F5ILTHMU.js.map → chunk-ANLOD6IS.js.map} +0 -0
- /package/dist/{chunk-JYNH4FIM.js.map → chunk-C7UIT5XY.js.map} +0 -0
- /package/dist/{chunk-TGIJTNM3.js.map → chunk-E5TJAQS7.js.map} +0 -0
- /package/dist/{chunk-GJTKMME7.js.map → chunk-EW3H5Y7N.js.map} +0 -0
- /package/dist/{chunk-JDCPRJVS.js.map → chunk-EYZJULEN.js.map} +0 -0
- /package/dist/{chunk-I3IYTUUI.js.map → chunk-FCIZXX56.js.map} +0 -0
- /package/dist/{chunk-C2RJVZZL.js.map → chunk-FJ3C3ELF.js.map} +0 -0
- /package/dist/{chunk-ZONKSLF2.js.map → chunk-FO5WEDKF.js.map} +0 -0
- /package/dist/{chunk-SQKAECUL.js.map → chunk-FUDVHE2U.js.map} +0 -0
- /package/dist/{chunk-IVZWHIEK.js.map → chunk-GHXOVGTX.js.map} +0 -0
- /package/dist/{chunk-UU6M64HI.js.map → chunk-GPZHHTJU.js.map} +0 -0
- /package/dist/{chunk-3HNKR65T.js.map → chunk-H4XFA2LM.js.map} +0 -0
- /package/dist/{chunk-JOK73NDT.js.map → chunk-HUXDQIVU.js.map} +0 -0
- /package/dist/{chunk-O5XKZCUD.js.map → chunk-JJKXJAH2.js.map} +0 -0
- /package/dist/{chunk-TNH5SLCD.js.map → chunk-KD253AI5.js.map} +0 -0
- /package/dist/{chunk-WWVJXBOT.js.map → chunk-KJ37E3R5.js.map} +0 -0
- /package/dist/{chunk-S45MDEEF.js.map → chunk-KNJ7MK4B.js.map} +0 -0
- /package/dist/{chunk-J6RGRZOY.js.map → chunk-LX4CPLU6.js.map} +0 -0
- /package/dist/{chunk-WE2BUQD2.js.map → chunk-N4EXCKWP.js.map} +0 -0
- /package/dist/{chunk-JBBWALNI.js.map → chunk-OMBPGXCL.js.map} +0 -0
- /package/dist/{chunk-NV4IHBZS.js.map → chunk-PS6PSEZL.js.map} +0 -0
- /package/dist/{chunk-6QE4DUYC.js.map → chunk-Q7P4WHTL.js.map} +0 -0
- /package/dist/{chunk-TAMRU7A2.js.map → chunk-QYQRAOEF.js.map} +0 -0
- /package/dist/{chunk-6QAZ5O6X.js.map → chunk-RHVYFAVQ.js.map} +0 -0
- /package/dist/{chunk-YPIOFSN3.js.map → chunk-SKYBEGHB.js.map} +0 -0
- /package/dist/{chunk-7MRT7EPB.js.map → chunk-TESFHBOW.js.map} +0 -0
- /package/dist/{chunk-CQYEDODS.js.map → chunk-TSUICI5N.js.map} +0 -0
- /package/dist/{chunk-TYMDCIQM.js.map → chunk-VGAN5RLD.js.map} +0 -0
- /package/dist/{chunk-5YTXYPES.js.map → chunk-VJNV2GRF.js.map} +0 -0
- /package/dist/{chunk-NSXNXLYM.js.map → chunk-VUUQYWF5.js.map} +0 -0
- /package/dist/{chunk-IW4L4X65.js.map → chunk-WVYL6HM7.js.map} +0 -0
- /package/dist/{chunk-BZW5IL43.js.map → chunk-Y5CTT6K5.js.map} +0 -0
- /package/dist/{chunk-KOAJ3TZM.js.map → chunk-YRQPI67X.js.map} +0 -0
- /package/dist/{chunk-MBXKRHSS.js.map → chunk-YYTM4U4J.js.map} +0 -0
- /package/dist/{chunk-2XA2ZML4.js.map → chunk-ZCBJIDT4.js.map} +0 -0
- /package/dist/{chunk-AI4USDRI.js.map → chunk-ZW2YSN6G.js.map} +0 -0
- /package/dist/{crypto-456N7UVX.js.map → crypto-YBKBNPVM.js.map} +0 -0
- /package/dist/{delegation-DP4COTXB.js.map → delegation-4JSMM6BB.js.map} +0 -0
- /package/dist/{executor-4IEW4KG5.js.map → executor-3SVNESQ3.js.map} +0 -0
- /package/dist/{executor-KYJCJCIN.js.map → executor-BIW4FT5R.js.map} +0 -0
- /package/dist/{executor-W7VIBOBZ.js.map → executor-VEZUBJNQ.js.map} +0 -0
- /package/dist/{fanout-sidecar-YXNAEZ33.js.map → fanout-sidecar-ZQT4Y7PF.js.map} +0 -0
- /package/dist/{issue-JXC6T2QR.js.map → issue-LEBPVF3Y.js.map} +0 -0
- /package/dist/{ledger-I7JUYP4L.js.map → kernel/index.js.map} +0 -0
- /package/dist/{noydb-VGR2HLDB.js.map → ledger-FLRTSOYH.js.map} +0 -0
- /package/dist/{public-envelope-5XRTUNKF.js.map → noydb-6FA46A4M.js.map} +0 -0
- /package/dist/{registry-ATRHOG5B.js.map → public-envelope-DBKJEBBF.js.map} +0 -0
- /package/dist/{registry-LEHB26TY.js.map → registry-CMEVTOCN.js.map} +0 -0
- /package/dist/{registry-NWHOLD5M.js.map → registry-OUZ3VBZA.js.map} +0 -0
- /package/dist/{revoke-5IEK22KT.js.map → registry-XUBRO5JJ.js.map} +0 -0
- /package/dist/{signer-I6YARZQA.js.map → revoke-P5D3UTRX.js.map} +0 -0
- /package/dist/{stale-CPESGAPL.js.map → signer-NEQPCHMW.js.map} +0 -0
- /package/dist/{state-vault-JR3CFGNP.js.map → stale-KKCHF2VB.js.map} +0 -0
package/dist/bundle/index.d.cts
CHANGED
|
@@ -1,13 +1,14 @@
|
|
|
1
|
-
import { T as TransferSealPayload } from '../
|
|
2
|
-
export { C as COMPRESSION_BROTLI, a as COMPRESSION_GZIP, b as COMPRESSION_NONE, c as CompressionAlgo, F as FLAG_COMPRESSED, d as FLAG_HAS_INTEGRITY_HASH, N as NOYDB_BUNDLE_FORMAT_VERSION, e as NOYDB_BUNDLE_MAGIC, f as NOYDB_BUNDLE_PREFIX_BYTES, g as NoydbBundleHeader, h as NoydbBundleReadResult, R as ReadNoydbBundleOptions, W as WriteNoydbBundleOptions, i as
|
|
3
|
-
|
|
4
|
-
|
|
1
|
+
import { T as TransferSealPayload } from '../decrypt-partition-C71vhnND.cjs';
|
|
2
|
+
export { C as COMPRESSION_BROTLI, a as COMPRESSION_GZIP, b as COMPRESSION_NONE, c as CompressionAlgo, D as DecryptedRecord, F as FLAG_COMPRESSED, d as FLAG_HAS_INTEGRITY_HASH, N as NOYDB_BUNDLE_FORMAT_VERSION, e as NOYDB_BUNDLE_MAGIC, f as NOYDB_BUNDLE_PREFIX_BYTES, g as NoydbBundleHeader, h as NoydbBundleReadResult, R as ReadNoydbBundleOptions, W as WriteNoydbBundleOptions, i as decryptExtractedPartition, j as encodeBundleHeader, r as readNoydbBundle, k as readNoydbBundleHeader, l as resetBrotliSupportCache, v as validateBundleHeader, w as writeNoydbBundle } from '../decrypt-partition-C71vhnND.cjs';
|
|
3
|
+
export { g as generateULID, i as isULID } from '../ulid-DRH25k3y.cjs';
|
|
4
|
+
import { bh as Vault, aW as NoydbStore, bd as SealingKeyProvider, bi as RecoveryEnrollmentInput, bj as ShamirRecoveryProvider } from '../types-BCYvhKzr.cjs';
|
|
5
|
+
export { t as AdoptionStateError, B as BackupCorruptedError, u as BackupLedgerError, v as BundleIntegrityError, w as BundleSealMismatchError, x as BundleVersionConflictError, P as PartitionExtractionError, y as TransferSealError } from '../errors-Dwk2k1xY.cjs';
|
|
5
6
|
import '../lazy-builder-eYZzLEL1.cjs';
|
|
6
7
|
import '../predicate-BmhBSPCH.cjs';
|
|
7
|
-
import '../strategy-
|
|
8
|
+
import '../strategy-D1zjEV3n.cjs';
|
|
8
9
|
import '../strategy-BSxFXGzb.cjs';
|
|
9
10
|
import '../index-BMmajblo.cjs';
|
|
10
|
-
import '../index-
|
|
11
|
+
import '../index-DoxKSsMj.cjs';
|
|
11
12
|
import '@noy-db/attestation';
|
|
12
13
|
|
|
13
14
|
/**
|
|
@@ -106,6 +107,14 @@ declare function extractPartition(vault: Vault, opts: WalkClosureOptions & {
|
|
|
106
107
|
readonly compression?: 'auto' | 'brotli' | 'gzip' | 'none';
|
|
107
108
|
readonly carrySchemas?: boolean;
|
|
108
109
|
readonly carryLedger?: boolean;
|
|
110
|
+
/**
|
|
111
|
+
* FR-7 structural field projection: per-collection allow-list of fields
|
|
112
|
+
* to keep. Non-listed fields are dropped from each record BEFORE
|
|
113
|
+
* re-encryption (so they never travel in the bundle); `id` is always
|
|
114
|
+
* preserved. A projected collection's persisted schema is NOT carried.
|
|
115
|
+
* Absent/empty → un-projected behavior (byte-identical to today).
|
|
116
|
+
*/
|
|
117
|
+
readonly fieldProjection?: Record<string, readonly string[]>;
|
|
109
118
|
}): Promise<ExtractPartitionResult>;
|
|
110
119
|
|
|
111
120
|
/**
|
package/dist/bundle/index.d.ts
CHANGED
|
@@ -1,13 +1,14 @@
|
|
|
1
|
-
import { T as TransferSealPayload } from '../
|
|
2
|
-
export { C as COMPRESSION_BROTLI, a as COMPRESSION_GZIP, b as COMPRESSION_NONE, c as CompressionAlgo, F as FLAG_COMPRESSED, d as FLAG_HAS_INTEGRITY_HASH, N as NOYDB_BUNDLE_FORMAT_VERSION, e as NOYDB_BUNDLE_MAGIC, f as NOYDB_BUNDLE_PREFIX_BYTES, g as NoydbBundleHeader, h as NoydbBundleReadResult, R as ReadNoydbBundleOptions, W as WriteNoydbBundleOptions, i as
|
|
3
|
-
|
|
4
|
-
|
|
1
|
+
import { T as TransferSealPayload } from '../decrypt-partition-CyyJUWLR.js';
|
|
2
|
+
export { C as COMPRESSION_BROTLI, a as COMPRESSION_GZIP, b as COMPRESSION_NONE, c as CompressionAlgo, D as DecryptedRecord, F as FLAG_COMPRESSED, d as FLAG_HAS_INTEGRITY_HASH, N as NOYDB_BUNDLE_FORMAT_VERSION, e as NOYDB_BUNDLE_MAGIC, f as NOYDB_BUNDLE_PREFIX_BYTES, g as NoydbBundleHeader, h as NoydbBundleReadResult, R as ReadNoydbBundleOptions, W as WriteNoydbBundleOptions, i as decryptExtractedPartition, j as encodeBundleHeader, r as readNoydbBundle, k as readNoydbBundleHeader, l as resetBrotliSupportCache, v as validateBundleHeader, w as writeNoydbBundle } from '../decrypt-partition-CyyJUWLR.js';
|
|
3
|
+
export { g as generateULID, i as isULID } from '../ulid-DRH25k3y.js';
|
|
4
|
+
import { bh as Vault, aW as NoydbStore, bd as SealingKeyProvider, bi as RecoveryEnrollmentInput, bj as ShamirRecoveryProvider } from '../types-CCq0WHh9.js';
|
|
5
|
+
export { t as AdoptionStateError, B as BackupCorruptedError, u as BackupLedgerError, v as BundleIntegrityError, w as BundleSealMismatchError, x as BundleVersionConflictError, P as PartitionExtractionError, y as TransferSealError } from '../errors-Dwk2k1xY.js';
|
|
5
6
|
import '../lazy-builder-ChSqcF5t.js';
|
|
6
7
|
import '../predicate-BmhBSPCH.js';
|
|
7
|
-
import '../strategy-
|
|
8
|
+
import '../strategy-YQ1qJWyq.js';
|
|
8
9
|
import '../strategy-BSxFXGzb.js';
|
|
9
10
|
import '../index-BMmajblo.js';
|
|
10
|
-
import '../index-
|
|
11
|
+
import '../index-LaexBi3v.js';
|
|
11
12
|
import '@noy-db/attestation';
|
|
12
13
|
|
|
13
14
|
/**
|
|
@@ -106,6 +107,14 @@ declare function extractPartition(vault: Vault, opts: WalkClosureOptions & {
|
|
|
106
107
|
readonly compression?: 'auto' | 'brotli' | 'gzip' | 'none';
|
|
107
108
|
readonly carrySchemas?: boolean;
|
|
108
109
|
readonly carryLedger?: boolean;
|
|
110
|
+
/**
|
|
111
|
+
* FR-7 structural field projection: per-collection allow-list of fields
|
|
112
|
+
* to keep. Non-listed fields are dropped from each record BEFORE
|
|
113
|
+
* re-encryption (so they never travel in the bundle); `id` is always
|
|
114
|
+
* preserved. A projected collection's persisted schema is NOT carried.
|
|
115
|
+
* Absent/empty → un-projected behavior (byte-identical to today).
|
|
116
|
+
*/
|
|
117
|
+
readonly fieldProjection?: Record<string, readonly string[]>;
|
|
109
118
|
}): Promise<ExtractPartitionResult>;
|
|
110
119
|
|
|
111
120
|
/**
|
package/dist/bundle/index.js
CHANGED
|
@@ -1,7 +1,12 @@
|
|
|
1
1
|
import {
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
2
|
+
adoptPartition,
|
|
3
|
+
createOwnerOnAdoptedPartition,
|
|
4
|
+
decryptExtractedPartition,
|
|
5
|
+
unsealDeks
|
|
6
|
+
} from "../chunk-RZOGD7IF.js";
|
|
7
|
+
import {
|
|
8
|
+
SCHEMAS_COLLECTION
|
|
9
|
+
} from "../chunk-YP2AYE5W.js";
|
|
5
10
|
import {
|
|
6
11
|
COMPRESSION_BROTLI,
|
|
7
12
|
COMPRESSION_GZIP,
|
|
@@ -14,26 +19,22 @@ import {
|
|
|
14
19
|
assembleBundleContainer,
|
|
15
20
|
buildExtractedPartitionWrapper,
|
|
16
21
|
encodeBundleHeader,
|
|
17
|
-
parseExtractedPartitionBody,
|
|
18
22
|
readNoydbBundle,
|
|
19
23
|
readNoydbBundleHeader,
|
|
20
24
|
resetBrotliSupportCache,
|
|
21
25
|
validateBundleHeader,
|
|
22
26
|
writeNoydbBundle
|
|
23
|
-
} from "../chunk-
|
|
24
|
-
import "../chunk-
|
|
25
|
-
import "../chunk-
|
|
26
|
-
import
|
|
27
|
-
createOwnerKeyring
|
|
28
|
-
} from "../chunk-FRRJIUSI.js";
|
|
27
|
+
} from "../chunk-N4EXCKWP.js";
|
|
28
|
+
import "../chunk-HUXDQIVU.js";
|
|
29
|
+
import "../chunk-Y5CTT6K5.js";
|
|
30
|
+
import "../chunk-UNBX2HMA.js";
|
|
29
31
|
import {
|
|
30
32
|
generateULID,
|
|
31
33
|
isULID
|
|
32
34
|
} from "../chunk-FZU343FL.js";
|
|
33
35
|
import {
|
|
34
|
-
LEDGER_COLLECTION
|
|
35
|
-
|
|
36
|
-
} from "../chunk-JDCPRJVS.js";
|
|
36
|
+
LEDGER_COLLECTION
|
|
37
|
+
} from "../chunk-EYZJULEN.js";
|
|
37
38
|
import {
|
|
38
39
|
canonicalJson,
|
|
39
40
|
envelopePayloadHash,
|
|
@@ -42,17 +43,15 @@ import {
|
|
|
42
43
|
import {
|
|
43
44
|
NOYDB_BACKUP_VERSION,
|
|
44
45
|
NOYDB_FORMAT_VERSION
|
|
45
|
-
} from "../chunk-
|
|
46
|
+
} from "../chunk-LR7CODVN.js";
|
|
46
47
|
import {
|
|
47
|
-
base64ToBuffer,
|
|
48
48
|
bufferToBase64,
|
|
49
49
|
decrypt,
|
|
50
50
|
encrypt,
|
|
51
51
|
generateDEK,
|
|
52
52
|
unwrapCek,
|
|
53
|
-
wrapCek
|
|
54
|
-
|
|
55
|
-
} from "../chunk-37VGJM3T.js";
|
|
53
|
+
wrapCek
|
|
54
|
+
} from "../chunk-7JSP3E67.js";
|
|
56
55
|
import {
|
|
57
56
|
AdoptionStateError,
|
|
58
57
|
BackupCorruptedError,
|
|
@@ -61,9 +60,8 @@ import {
|
|
|
61
60
|
BundleSealMismatchError,
|
|
62
61
|
BundleVersionConflictError,
|
|
63
62
|
PartitionExtractionError,
|
|
64
|
-
TransferSealError
|
|
65
|
-
|
|
66
|
-
} from "../chunk-OTWT6BAJ.js";
|
|
63
|
+
TransferSealError
|
|
64
|
+
} from "../chunk-DDOYOMAD.js";
|
|
67
65
|
|
|
68
66
|
// src/bundle/walk-closure.ts
|
|
69
67
|
async function walkClosure(vault, opts) {
|
|
@@ -208,7 +206,7 @@ async function describeExtraction(vault, opts) {
|
|
|
208
206
|
}
|
|
209
207
|
|
|
210
208
|
// src/bundle/extract-partition.ts
|
|
211
|
-
async function reKeyClosure(vault, closure) {
|
|
209
|
+
async function reKeyClosure(vault, closure, fieldProjection) {
|
|
212
210
|
const { name: vaultName, adapter, getDEK } = vault._introspectState();
|
|
213
211
|
const collections = {};
|
|
214
212
|
const deks = /* @__PURE__ */ new Map();
|
|
@@ -217,29 +215,40 @@ async function reKeyClosure(vault, closure) {
|
|
|
217
215
|
const destDek = await generateDEK();
|
|
218
216
|
deks.set(collectionName, destDek);
|
|
219
217
|
const out = {};
|
|
218
|
+
const projList = fieldProjection?.[collectionName];
|
|
219
|
+
const proj = projList ? new Set(projList) : void 0;
|
|
220
|
+
const project = (plaintext) => {
|
|
221
|
+
if (!proj) return plaintext;
|
|
222
|
+
const rec = JSON.parse(plaintext);
|
|
223
|
+
const kept = {};
|
|
224
|
+
if ("id" in rec) kept["id"] = rec["id"];
|
|
225
|
+
for (const f of proj) if (f in rec) kept[f] = rec[f];
|
|
226
|
+
return JSON.stringify(kept);
|
|
227
|
+
};
|
|
220
228
|
for (const id of ids) {
|
|
221
229
|
const env = await adapter.get(vaultName, collectionName, id);
|
|
222
230
|
if (!env) continue;
|
|
223
231
|
if (env._cek !== void 0) {
|
|
224
232
|
const cek = await unwrapCek(env._cek, srcDek);
|
|
225
233
|
const plaintext2 = await decrypt(env._iv, env._data, cek);
|
|
226
|
-
const { iv: iv2, data: data2 } = await encrypt(plaintext2, cek);
|
|
234
|
+
const { iv: iv2, data: data2 } = await encrypt(project(plaintext2), cek);
|
|
227
235
|
const wrapped = await wrapCek(cek, destDek);
|
|
228
236
|
out[id] = { ...env, _iv: iv2, _data: data2, _cek: wrapped };
|
|
229
237
|
continue;
|
|
230
238
|
}
|
|
231
239
|
const plaintext = await decrypt(env._iv, env._data, srcDek);
|
|
232
|
-
const { iv, data } = await encrypt(plaintext, destDek);
|
|
240
|
+
const { iv, data } = await encrypt(project(plaintext), destDek);
|
|
233
241
|
out[id] = { ...env, _iv: iv, _data: data };
|
|
234
242
|
}
|
|
235
243
|
collections[collectionName] = out;
|
|
236
244
|
}
|
|
237
245
|
return { collections, deks };
|
|
238
246
|
}
|
|
239
|
-
async function reKeySchemas(vault, closure, destDeks) {
|
|
247
|
+
async function reKeySchemas(vault, closure, destDeks, fieldProjection) {
|
|
240
248
|
const { name: vaultName, adapter, getDEK } = vault._introspectState();
|
|
241
249
|
const out = {};
|
|
242
250
|
for (const collectionName of closure.keys()) {
|
|
251
|
+
if (fieldProjection?.[collectionName]) continue;
|
|
243
252
|
const env = await adapter.get(vaultName, SCHEMAS_COLLECTION, collectionName);
|
|
244
253
|
if (!env) continue;
|
|
245
254
|
const destDek = destDeks.get(collectionName);
|
|
@@ -331,6 +340,11 @@ async function sealDeks(deks) {
|
|
|
331
340
|
};
|
|
332
341
|
}
|
|
333
342
|
async function extractPartition(vault, opts) {
|
|
343
|
+
if (vault.role === "custodian") {
|
|
344
|
+
throw new PartitionExtractionError(
|
|
345
|
+
"extractPartition is owner-only; a custodian cannot extract-and-sever (FR-6: producing a re-keyed standalone partition is an ownership operation; use the Deed owner)."
|
|
346
|
+
);
|
|
347
|
+
}
|
|
334
348
|
if (vault.role !== "owner") {
|
|
335
349
|
throw new PartitionExtractionError(
|
|
336
350
|
`extractPartition requires the 'owner' role on the source vault; caller is '${vault.role}'. Producing a re-keyed standalone partition is an ownership operation.`
|
|
@@ -338,7 +352,7 @@ async function extractPartition(vault, opts) {
|
|
|
338
352
|
}
|
|
339
353
|
if (opts.carrySchemas) await vault._drainPendingSchemaWrites();
|
|
340
354
|
const { closure } = await walkClosure(vault, opts);
|
|
341
|
-
const { collections, deks } = await reKeyClosure(vault, closure);
|
|
355
|
+
const { collections, deks } = await reKeyClosure(vault, closure, opts.fieldProjection);
|
|
342
356
|
let ledgerHead;
|
|
343
357
|
let ledgerEntries;
|
|
344
358
|
if (opts.carryLedger && vault._getLedgerOrNull() !== null) {
|
|
@@ -350,7 +364,7 @@ async function extractPartition(vault, opts) {
|
|
|
350
364
|
deks.set(LEDGER_COLLECTION, ledgerDek);
|
|
351
365
|
}
|
|
352
366
|
}
|
|
353
|
-
const internalSchemas = opts.carrySchemas ? await reKeySchemas(vault, closure, deks) : {};
|
|
367
|
+
const internalSchemas = opts.carrySchemas ? await reKeySchemas(vault, closure, deks, opts.fieldProjection) : {};
|
|
354
368
|
const internal = {};
|
|
355
369
|
if (Object.keys(internalSchemas).length > 0) internal[SCHEMAS_COLLECTION] = internalSchemas;
|
|
356
370
|
if (ledgerEntries) internal[LEDGER_COLLECTION] = ledgerEntries;
|
|
@@ -391,172 +405,6 @@ async function extractPartition(vault, opts) {
|
|
|
391
405
|
});
|
|
392
406
|
return { bundleBytes, transferKey, sealId: seal.sealId };
|
|
393
407
|
}
|
|
394
|
-
|
|
395
|
-
// src/bundle/adopt-partition.ts
|
|
396
|
-
async function unsealDeks(seal, transferKey) {
|
|
397
|
-
if (transferKey.byteLength !== 32) {
|
|
398
|
-
throw new TransferSealError(
|
|
399
|
-
`transfer key must be 32 bytes, got ${transferKey.byteLength}.`
|
|
400
|
-
);
|
|
401
|
-
}
|
|
402
|
-
const key = await crypto.subtle.importKey("raw", transferKey, "AES-GCM", false, ["decrypt"]);
|
|
403
|
-
const raw = base64ToBuffer(seal.payload);
|
|
404
|
-
let plaintext;
|
|
405
|
-
try {
|
|
406
|
-
plaintext = await crypto.subtle.decrypt(
|
|
407
|
-
{ name: "AES-GCM", iv: raw.slice(0, 12) },
|
|
408
|
-
key,
|
|
409
|
-
raw.slice(12)
|
|
410
|
-
);
|
|
411
|
-
} catch {
|
|
412
|
-
throw new TransferSealError(
|
|
413
|
-
"transfer seal could not be opened \u2014 wrong transfer key (AES-GCM authentication failed)."
|
|
414
|
-
);
|
|
415
|
-
}
|
|
416
|
-
let dekMap;
|
|
417
|
-
try {
|
|
418
|
-
dekMap = JSON.parse(new TextDecoder().decode(plaintext));
|
|
419
|
-
} catch {
|
|
420
|
-
throw new TransferSealError("transfer seal payload is not valid JSON after decryption.");
|
|
421
|
-
}
|
|
422
|
-
const deks = /* @__PURE__ */ new Map();
|
|
423
|
-
for (const [collection, b64] of Object.entries(dekMap)) {
|
|
424
|
-
const dek = await crypto.subtle.importKey("raw", base64ToBuffer(b64), "AES-GCM", true, ["encrypt", "decrypt"]);
|
|
425
|
-
deks.set(collection, dek);
|
|
426
|
-
}
|
|
427
|
-
return deks;
|
|
428
|
-
}
|
|
429
|
-
async function adoptPartition(bundleBytes, opts) {
|
|
430
|
-
const { transferKey, destinationStore, vaultName } = opts;
|
|
431
|
-
const header = readNoydbBundleHeader(bundleBytes);
|
|
432
|
-
if (header.bundleKind !== "extracted-partition" || header.transferSeal === void 0) {
|
|
433
|
-
throw new ValidationError(
|
|
434
|
-
"adoptPartition requires an extracted-partition bundle with a transfer seal. For ordinary backups use readNoydbBundle + vault.load."
|
|
435
|
-
);
|
|
436
|
-
}
|
|
437
|
-
const { dumpJson } = await readNoydbBundle(bundleBytes);
|
|
438
|
-
const { dump, seal } = parseExtractedPartitionBody(dumpJson);
|
|
439
|
-
await unsealDeks(seal, transferKey);
|
|
440
|
-
const existing = await destinationStore.get(vaultName, "_meta", "adoption");
|
|
441
|
-
if (existing) {
|
|
442
|
-
const prior = JSON.parse(existing._data);
|
|
443
|
-
if (prior.sealId === seal.sealId) {
|
|
444
|
-
throw new AdoptionStateError(
|
|
445
|
-
`partition (sealId ${seal.sealId}) is already adopted into vault "${vaultName}".`
|
|
446
|
-
);
|
|
447
|
-
}
|
|
448
|
-
throw new AdoptionStateError(
|
|
449
|
-
`vault "${vaultName}" already holds an adopted partition (sealId ${prior.sealId}); adopting a different partition (sealId ${seal.sealId}) here would overwrite it. Adopt into a fresh vaultName instead.`
|
|
450
|
-
);
|
|
451
|
-
}
|
|
452
|
-
const existingKeyring = await destinationStore.list(vaultName, "_keyring");
|
|
453
|
-
if (existingKeyring.length > 0) {
|
|
454
|
-
throw new AdoptionStateError(
|
|
455
|
-
`vault "${vaultName}" already holds a keyring (an unrelated owner exists at this slot); adoptPartition requires a fresh vaultName to avoid destructive saveAll on SQL adapters.`
|
|
456
|
-
);
|
|
457
|
-
}
|
|
458
|
-
const backup = JSON.parse(dump);
|
|
459
|
-
await destinationStore.saveAll(vaultName, backup.collections);
|
|
460
|
-
if (backup._internal) {
|
|
461
|
-
for (const [collection, records] of Object.entries(backup._internal)) {
|
|
462
|
-
for (const [id, envelope] of Object.entries(records)) {
|
|
463
|
-
await destinationStore.put(vaultName, collection, id, envelope);
|
|
464
|
-
}
|
|
465
|
-
}
|
|
466
|
-
}
|
|
467
|
-
const adoptedAt = (/* @__PURE__ */ new Date()).toISOString();
|
|
468
|
-
const adoption = { sealId: seal.sealId, adoptedAt, needsOwner: true, transferSeal: seal };
|
|
469
|
-
await destinationStore.put(vaultName, "_meta", "adoption", {
|
|
470
|
-
_noydb: 1,
|
|
471
|
-
_v: 1,
|
|
472
|
-
_ts: adoptedAt,
|
|
473
|
-
_iv: "",
|
|
474
|
-
_data: JSON.stringify(adoption)
|
|
475
|
-
});
|
|
476
|
-
return { vaultName, needsOwner: true, sealId: seal.sealId };
|
|
477
|
-
}
|
|
478
|
-
function isManaged(o) {
|
|
479
|
-
return "passphraseMode" in o && o.passphraseMode === "managed";
|
|
480
|
-
}
|
|
481
|
-
async function createOwnerOnAdoptedPartition(store, vaultName, opts) {
|
|
482
|
-
const { userId, transferKey } = opts;
|
|
483
|
-
if (isManaged(opts) && !opts.recovery.some((r) => r.profile === "shamir")) {
|
|
484
|
-
throw new AdoptionStateError(
|
|
485
|
-
"managed-mode adoption requires at least one strong (shamir) recovery profile in `recovery` \u2014 paper alone is not strong when there is no user passphrase to fall back on."
|
|
486
|
-
);
|
|
487
|
-
}
|
|
488
|
-
const adoptionEnv = await store.get(vaultName, "_meta", "adoption");
|
|
489
|
-
if (!adoptionEnv) {
|
|
490
|
-
throw new AdoptionStateError(
|
|
491
|
-
`vault "${vaultName}" is not an adopted partition (no _meta/adoption). createOwnerOnAdoptedPartition only applies to vaults created via adoptPartition.`
|
|
492
|
-
);
|
|
493
|
-
}
|
|
494
|
-
const adoption = JSON.parse(adoptionEnv._data);
|
|
495
|
-
if (adoption.consumedAt !== void 0 || adoption.transferSeal === void 0) {
|
|
496
|
-
throw new AdoptionStateError(
|
|
497
|
-
`vault "${vaultName}" already has an owner (transfer seal consumed at ${adoption.consumedAt}).`
|
|
498
|
-
);
|
|
499
|
-
}
|
|
500
|
-
const partitionDeks = await unsealDeks(adoption.transferSeal, transferKey);
|
|
501
|
-
const existingKeyring = await store.get(vaultName, "_keyring", userId);
|
|
502
|
-
const otherOwners = (await store.list(vaultName, "_keyring")).filter((u) => u !== userId);
|
|
503
|
-
if (otherOwners.length > 0) {
|
|
504
|
-
throw new AdoptionStateError(
|
|
505
|
-
`vault "${vaultName}" already has a keyring for a different owner; cannot create owner "${userId}".`
|
|
506
|
-
);
|
|
507
|
-
}
|
|
508
|
-
const partitionCollections = [...partitionDeks.keys()];
|
|
509
|
-
const priorDeks = existingKeyring ? JSON.parse(existingKeyring._data).deks : {};
|
|
510
|
-
const ownerMinted = existingKeyring !== null && partitionCollections.every((c) => c in priorDeks);
|
|
511
|
-
if (!ownerMinted) {
|
|
512
|
-
const passphrase = isManaged(opts) ? await resolveManagedSecret(store, vaultName, opts.sealingKey) : opts.passphrase;
|
|
513
|
-
const unlocked = await createOwnerKeyring(store, vaultName, userId, passphrase);
|
|
514
|
-
const env = await store.get(vaultName, "_keyring", userId);
|
|
515
|
-
if (!env) throw new AdoptionStateError(`keyring write for "${userId}" did not persist`);
|
|
516
|
-
const keyringFile = JSON.parse(env._data);
|
|
517
|
-
const kek = unlocked.kek;
|
|
518
|
-
if (!kek) throw new AdoptionStateError(`owner keyring for "${userId}" has no KEK to wrap partition DEKs under`);
|
|
519
|
-
const mergedDeks = { ...keyringFile.deks };
|
|
520
|
-
for (const [collection, dek] of partitionDeks) {
|
|
521
|
-
mergedDeks[collection] = await wrapKey(dek, kek);
|
|
522
|
-
}
|
|
523
|
-
const mergedFile = { ...keyringFile, deks: mergedDeks };
|
|
524
|
-
await store.put(vaultName, "_keyring", userId, { ...env, _data: JSON.stringify(mergedFile) });
|
|
525
|
-
}
|
|
526
|
-
const ledgerDek = partitionDeks.get(LEDGER_COLLECTION);
|
|
527
|
-
if (ledgerDek) {
|
|
528
|
-
const ledger = new LedgerStore({
|
|
529
|
-
adapter: store,
|
|
530
|
-
vault: vaultName,
|
|
531
|
-
encrypted: true,
|
|
532
|
-
getDEK: async () => ledgerDek,
|
|
533
|
-
actor: userId
|
|
534
|
-
});
|
|
535
|
-
const creationReason = `creation-of-new-owner:${userId}`;
|
|
536
|
-
const consumedReason = `transfer-seal-consumed:${adoption.sealId}`;
|
|
537
|
-
const recordedReasons = new Set((await ledger.loadAllEntries()).map((e) => e.reason));
|
|
538
|
-
if (!recordedReasons.has(creationReason)) {
|
|
539
|
-
await ledger.append({ op: "lifecycle", collection: "", id: "", version: 0, actor: "", payloadHash: "", reason: creationReason });
|
|
540
|
-
}
|
|
541
|
-
if (!recordedReasons.has(consumedReason)) {
|
|
542
|
-
await ledger.append({ op: "lifecycle", collection: "", id: "", version: 0, actor: "", payloadHash: "", reason: consumedReason });
|
|
543
|
-
}
|
|
544
|
-
}
|
|
545
|
-
if (isManaged(opts)) {
|
|
546
|
-
const { createNoydb } = await import("../noydb-VGR2HLDB.js");
|
|
547
|
-
const db = await createNoydb({
|
|
548
|
-
store,
|
|
549
|
-
user: userId,
|
|
550
|
-
passphraseMode: "managed",
|
|
551
|
-
sealingKey: opts.sealingKey,
|
|
552
|
-
shamirRecovery: opts.shamirRecovery
|
|
553
|
-
});
|
|
554
|
-
await db.openVaultAndEnrollRecovery(vaultName, { recovery: opts.recovery });
|
|
555
|
-
}
|
|
556
|
-
const consumed = { sealId: adoption.sealId, adoptedAt: adoption.adoptedAt, consumedAt: (/* @__PURE__ */ new Date()).toISOString() };
|
|
557
|
-
await store.put(vaultName, "_meta", "adoption", { ...adoptionEnv, _data: JSON.stringify(consumed) });
|
|
558
|
-
return { vaultName, userId };
|
|
559
|
-
}
|
|
560
408
|
export {
|
|
561
409
|
AdoptionStateError,
|
|
562
410
|
BackupCorruptedError,
|
|
@@ -576,6 +424,7 @@ export {
|
|
|
576
424
|
TransferSealError,
|
|
577
425
|
adoptPartition,
|
|
578
426
|
createOwnerOnAdoptedPartition,
|
|
427
|
+
decryptExtractedPartition,
|
|
579
428
|
describeExtraction,
|
|
580
429
|
encodeBundleHeader,
|
|
581
430
|
extractPartition,
|